€•      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ*/translations/zh_CN/networking/tls-offload”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/zh_TW/networking/tls-offload”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/it_IT/networking/tls-offload”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/ja_JP/networking/tls-offload”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/ko_KR/networking/tls-offload”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ*/translations/sp_SP/networking/tls-offload”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ7SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)”h]”hŒ7SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause)”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1h¡hhhžhhŸŒD/var/lib/git/docbuild/linux/Documentation/networking/tls-offload.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒKernel TLS offload”h]”hŒKernel TLS offload”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒKernel TLS operation”h]”hŒKernel TLS operation”…””}”(hhÌhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hhÉhžhhŸh³h KubhŒ	paragraph”“”)”}”(hX_  Linux kernel provides TLS connection offload infrastructure. Once a TCP
connection is in ``ESTABLISHED`` state user space can enable the TLS Upper
Layer Protocol (ULP) and install the cryptographic connection state.
For details regarding the user-facing interface refer to the TLS
documentation in :ref:`Documentation/networking/tls.rst <kernel_tls>`.”h]”(hŒYLinux kernel provides TLS connection offload infrastructure. Once a TCP
connection is in ”…””}”(hhÜhžhhŸNh NubhŒliteral”“”)”}”(hŒ``ESTABLISHED``”h]”hŒESTABLISHED”…””}”(hhæhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähhÜubhŒÂ state user space can enable the TLS Upper
Layer Protocol (ULP) and install the cryptographic connection state.
For details regarding the user-facing interface refer to the TLS
documentation in ”…””}”(hhÜhžhhŸNh Nubh)”}”(hŒ4:ref:`Documentation/networking/tls.rst <kernel_tls>`”h]”hŒinline”“”)”}”(hhúh]”hŒ Documentation/networking/tls.rst”…””}”(hhþhžhhŸNh Nubah}”(h]”h ]”(Œxref”Œstd”Œstd-ref”eh"]”h$]”h&]”uh1hühhøubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”Œnetworking/tls-offload”Œ	refdomain”j	  Œreftype”Œref”Œrefexplicit”ˆŒrefwarn”ˆŒ	reftarget”Œ
kernel_tls”uh1hhŸh³h K
hhÜubhŒ.”…””}”(hhÜhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K
hhÉhžhubhÛ)”}”(hŒ$``ktls`` can operate in three modes:”h]”(hå)”}”(hŒ``ktls``”h]”hŒktls”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj'  ubhŒ can operate in three modes:”…””}”(hj'  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhhÉhžhubhŒblock_quote”“”)”}”(hX>  * Software crypto mode (``TLS_SW``) - CPU handles the cryptography.
  In most basic cases only crypto operations synchronous with the CPU
  can be used, but depending on calling context CPU may utilize
  asynchronous crypto accelerators. The use of accelerators introduces extra
  latency on socket reads (decryption only starts when a read syscall
  is made) and additional I/O load on the system.
* Packet-based NIC offload mode (``TLS_HW``) - the NIC handles crypto
  on a packet by packet basis, provided the packets arrive in order.
  This mode integrates best with the kernel stack and is described in detail
  in the remaining part of this document
  (``ethtool`` flags ``tls-hw-tx-offload`` and ``tls-hw-rx-offload``).
* Full TCP NIC offload mode (``TLS_HW_RECORD``) - mode of operation where
  NIC driver and firmware replace the kernel networking stack
  with its own TCP handling, it is not usable in production environments
  making use of the Linux networking stack for example any firewalling
  abilities or QoS and packet scheduling (``ethtool`` flag ``tls-hw-record``).
”h]”hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hX‚  Software crypto mode (``TLS_SW``) - CPU handles the cryptography.
In most basic cases only crypto operations synchronous with the CPU
can be used, but depending on calling context CPU may utilize
asynchronous crypto accelerators. The use of accelerators introduces extra
latency on socket reads (decryption only starts when a read syscall
is made) and additional I/O load on the system.”h]”hÛ)”}”(hX‚  Software crypto mode (``TLS_SW``) - CPU handles the cryptography.
In most basic cases only crypto operations synchronous with the CPU
can be used, but depending on calling context CPU may utilize
asynchronous crypto accelerators. The use of accelerators introduces extra
latency on socket reads (decryption only starts when a read syscall
is made) and additional I/O load on the system.”h]”(hŒSoftware crypto mode (”…””}”(hjT  hžhhŸNh Nubhå)”}”(hŒ
``TLS_SW``”h]”hŒTLS_SW”…””}”(hj\  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjT  ubhXb  ) - CPU handles the cryptography.
In most basic cases only crypto operations synchronous with the CPU
can be used, but depending on calling context CPU may utilize
asynchronous crypto accelerators. The use of accelerators introduces extra
latency on socket reads (decryption only starts when a read syscall
is made) and additional I/O load on the system.”…””}”(hjT  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhjP  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjK  ubjO  )”}”(hX=  Packet-based NIC offload mode (``TLS_HW``) - the NIC handles crypto
on a packet by packet basis, provided the packets arrive in order.
This mode integrates best with the kernel stack and is described in detail
in the remaining part of this document
(``ethtool`` flags ``tls-hw-tx-offload`` and ``tls-hw-rx-offload``).”h]”hÛ)”}”(hX=  Packet-based NIC offload mode (``TLS_HW``) - the NIC handles crypto
on a packet by packet basis, provided the packets arrive in order.
This mode integrates best with the kernel stack and is described in detail
in the remaining part of this document
(``ethtool`` flags ``tls-hw-tx-offload`` and ``tls-hw-rx-offload``).”h]”(hŒPacket-based NIC offload mode (”…””}”(hj~  hžhhŸNh Nubhå)”}”(hŒ
``TLS_HW``”h]”hŒTLS_HW”…””}”(hj†  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj~  ubhŒÑ) - the NIC handles crypto
on a packet by packet basis, provided the packets arrive in order.
This mode integrates best with the kernel stack and is described in detail
in the remaining part of this document
(”…””}”(hj~  hžhhŸNh Nubhå)”}”(hŒ``ethtool``”h]”hŒethtool”…””}”(hj˜  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj~  ubhŒ flags ”…””}”(hj~  hžhhŸNh Nubhå)”}”(hŒ``tls-hw-tx-offload``”h]”hŒtls-hw-tx-offload”…””}”(hjª  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj~  ubhŒ and ”…””}”(hj~  hžhhŸNh Nubhå)”}”(hŒ``tls-hw-rx-offload``”h]”hŒtls-hw-rx-offload”…””}”(hj¼  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj~  ubhŒ).”…””}”(hj~  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Khjz  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjK  ubjO  )”}”(hX]  Full TCP NIC offload mode (``TLS_HW_RECORD``) - mode of operation where
NIC driver and firmware replace the kernel networking stack
with its own TCP handling, it is not usable in production environments
making use of the Linux networking stack for example any firewalling
abilities or QoS and packet scheduling (``ethtool`` flag ``tls-hw-record``).
”h]”hÛ)”}”(hX\  Full TCP NIC offload mode (``TLS_HW_RECORD``) - mode of operation where
NIC driver and firmware replace the kernel networking stack
with its own TCP handling, it is not usable in production environments
making use of the Linux networking stack for example any firewalling
abilities or QoS and packet scheduling (``ethtool`` flag ``tls-hw-record``).”h]”(hŒFull TCP NIC offload mode (”…””}”(hjÞ  hžhhŸNh Nubhå)”}”(hŒ``TLS_HW_RECORD``”h]”hŒTLS_HW_RECORD”…””}”(hjæ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjÞ  ubhX  ) - mode of operation where
NIC driver and firmware replace the kernel networking stack
with its own TCP handling, it is not usable in production environments
making use of the Linux networking stack for example any firewalling
abilities or QoS and packet scheduling (”…””}”(hjÞ  hžhhŸNh Nubhå)”}”(hŒ``ethtool``”h]”hŒethtool”…””}”(hjø  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjÞ  ubhŒ flag ”…””}”(hjÞ  hžhhŸNh Nubhå)”}”(hŒ``tls-hw-record``”h]”hŒtls-hw-record”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjÞ  ubhŒ).”…””}”(hjÞ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KhjÚ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjK  ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1jI  hŸh³h KhjE  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  hŸh³h KhhÉhžhubhÛ)”}”(hŒ™The operation mode is selected automatically based on device configuration,
offload opt-in or opt-out on per-connection basis is not currently supported.”h]”hŒ™The operation mode is selected automatically based on device configuration,
offload opt-in or opt-out on per-connection basis is not currently supported.”…””}”(hj6  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K#hhÉhžhubhµ)”}”(hhh]”(hº)”}”(hŒTX”h]”hŒTX”…””}”(hjG  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjD  hžhhŸh³h K'ubhÛ)”}”(hX  At a high level user write requests are turned into a scatter list, the TLS ULP
intercepts them, inserts record framing, performs encryption (in ``TLS_SW``
mode) and then hands the modified scatter list to the TCP layer. From this
point on the TCP stack proceeds as normal.”h]”(hŒ‘At a high level user write requests are turned into a scatter list, the TLS ULP
intercepts them, inserts record framing, performs encryption (in ”…””}”(hjU  hžhhŸNh Nubhå)”}”(hŒ
``TLS_SW``”h]”hŒTLS_SW”…””}”(hj]  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjU  ubhŒv
mode) and then hands the modified scatter list to the TCP layer. From this
point on the TCP stack proceeds as normal.”…””}”(hjU  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K)hjD  hžhubhÛ)”}”(hX	  In ``TLS_HW`` mode the encryption is not performed in the TLS ULP.
Instead packets reach a device driver, the driver will mark the packets
for crypto offload based on the socket the packet is attached to,
and send them to the device for encryption and transmission.”h]”(hŒIn ”…””}”(hju  hžhhŸNh Nubhå)”}”(hŒ
``TLS_HW``”h]”hŒTLS_HW”…””}”(hj}  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähju  ubhŒü mode the encryption is not performed in the TLS ULP.
Instead packets reach a device driver, the driver will mark the packets
for crypto offload based on the socket the packet is attached to,
and send them to the device for encryption and transmission.”…””}”(hju  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K.hjD  hžhubeh}”(h]”Œtx”ah ]”h"]”h$]”Œtx”ah&]”uh1h´hhÉhžhhŸh³h K'Œ
referenced”Kubhµ)”}”(hhh]”(hº)”}”(hŒRX”h]”hŒRX”…””}”(hj¡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjž  hžhhŸh³h K4ubhÛ)”}”(hX:  On the receive side, if the device handled decryption and authentication
successfully, the driver will set the decrypted bit in the associated
:c:type:`struct sk_buff <sk_buff>`. The packets reach the TCP stack and
are handled normally. ``ktls`` is informed when data is queued to the socket
and the ``strparser`` mechanism is used to delineate the records. Upon read
request, records are retrieved from the socket and passed to decryption routine.
If device decrypted all the segments of the record the decryption is skipped,
otherwise software path handles decryption.”h]”(hŒOn the receive side, if the device handled decryption and authentication
successfully, the driver will set the decrypted bit in the associated
”…””}”(hj¯  hžhhŸNh Nubh)”}”(hŒ":c:type:`struct sk_buff <sk_buff>`”h]”hå)”}”(hj¹  h]”hŒstruct sk_buff”…””}”(hj»  hžhhŸNh Nubah}”(h]”h ]”(j  Œc”Œc-type”eh"]”h$]”h&]”uh1hähj·  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j  Œsk_buff”uh1hhŸh³h K6hj¯  ubhŒ<. The packets reach the TCP stack and
are handled normally. ”…””}”(hj¯  hžhhŸNh Nubhå)”}”(hŒ``ktls``”h]”hŒktls”…””}”(hjÛ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj¯  ubhŒ7 is informed when data is queued to the socket
and the ”…””}”(hj¯  hžhhŸNh Nubhå)”}”(hŒ``strparser``”h]”hŒ	strparser”…””}”(hjí  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj¯  ubhX   mechanism is used to delineate the records. Upon read
request, records are retrieved from the socket and passed to decryption routine.
If device decrypted all the segments of the record the decryption is skipped,
otherwise software path handles decryption.”…””}”(hj¯  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K6hjž  hžhubŒkfigure”Œkernel_figure”“”)”}”(hhh]”hŒfigure”“”)”}”(hhh]”(hŒimage”“”)”}”(hŒ™.. kernel-figure::  tls-offload-layers.svg
   :alt:        TLS offload layers
   :align:      center
   :figwidth:   28em

   Layers of Kernel TLS stack
”h]”h}”(h]”h ]”h"]”h$]”h&]”Œalt”ŒTLS offload layers”Œuri”Œ!networking/tls-offload-layers.svg”Œ
candidates”}”j/  j  suh1j  hj  hŸh³h K ubhŒcaption”“”)”}”(hŒLayers of Kernel TLS stack”h]”hŒLayers of Kernel TLS stack”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hŸh³h KDhj  ubeh}”(h]”Œid9”ah ]”h"]”h$]”h&]”Œwidth”Œ28em”Œalign”Œcenter”uh1j  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjž  hžhhŸh³h Nubeh}”(h]”Œrx”ah ]”h"]”h$]”Œrx”ah&]”uh1h´hhÉhžhhŸh³h K4j  Kubeh}”(h]”Œkernel-tls-operation”ah ]”h"]”Œkernel tls operation”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒDevice configuration”h]”hŒDevice configuration”…””}”(hjV  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjS  hžhhŸh³h KGubhÛ)”}”(hŒýDuring driver initialization device sets the ``NETIF_F_HW_TLS_RX`` and
``NETIF_F_HW_TLS_TX`` features and installs its
:c:type:`struct tlsdev_ops <tlsdev_ops>`
pointer in the :c:member:`tlsdev_ops` member of the
:c:type:`struct net_device <net_device>`.”h]”(hŒ-During driver initialization device sets the ”…””}”(hjd  hžhhŸNh Nubhå)”}”(hŒ``NETIF_F_HW_TLS_RX``”h]”hŒNETIF_F_HW_TLS_RX”…””}”(hjl  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjd  ubhŒ and
”…””}”(hjd  hžhhŸNh Nubhå)”}”(hŒ``NETIF_F_HW_TLS_TX``”h]”hŒNETIF_F_HW_TLS_TX”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjd  ubhŒ features and installs its
”…””}”(hjd  hžhhŸNh Nubh)”}”(hŒ(:c:type:`struct tlsdev_ops <tlsdev_ops>`”h]”hå)”}”(hj’  h]”hŒstruct tlsdev_ops”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-type”eh"]”h$]”h&]”uh1hähj  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j  Œ
tlsdev_ops”uh1hhŸh³h KIhjd  ubhŒ
pointer in the ”…””}”(hjd  hžhhŸNh Nubh)”}”(hŒ:c:member:`tlsdev_ops`”h]”hå)”}”(hjµ  h]”hŒ
tlsdev_ops”…””}”(hj·  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-member”eh"]”h$]”h&]”uh1hähj³  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œmember”Œrefexplicit”‰Œrefwarn”‰j  Œ
tlsdev_ops”uh1hhŸh³h KIhjd  ubhŒ member of the
”…””}”(hjd  hžhhŸNh Nubh)”}”(hŒ(:c:type:`struct net_device <net_device>`”h]”hå)”}”(hjØ  h]”hŒstruct net_device”…””}”(hjÚ  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-type”eh"]”h$]”h&]”uh1hähjÖ  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j  Œ
net_device”uh1hhŸh³h KIhjd  ubhŒ.”…””}”(hjd  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KIhjS  hžhubhÛ)”}”(hX—  When TLS cryptographic connection state is installed on a ``ktls`` socket
(note that it is done twice, once for RX and once for TX direction,
and the two are completely independent), the kernel checks if the underlying
network device is offload-capable and attempts the offload. In case offload
fails the connection is handled entirely in software using the same mechanism
as if the offload was never tried.”h]”(hŒ:When TLS cryptographic connection state is installed on a ”…””}”(hjÿ  hžhhŸNh Nubhå)”}”(hŒ``ktls``”h]”hŒktls”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjÿ  ubhXU   socket
(note that it is done twice, once for RX and once for TX direction,
and the two are completely independent), the kernel checks if the underlying
network device is offload-capable and attempts the offload. In case offload
fails the connection is handled entirely in software using the same mechanism
as if the offload was never tried.”…””}”(hjÿ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KOhjS  hžhubhÛ)”}”(hŒrOffload request is performed via the :c:member:`tls_dev_add` callback of
:c:type:`struct tlsdev_ops <tlsdev_ops>`:”h]”(hŒ%Offload request is performed via the ”…””}”(hj  hžhhŸNh Nubh)”}”(hŒ:c:member:`tls_dev_add`”h]”hå)”}”(hj)  h]”hŒtls_dev_add”…””}”(hj+  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-member”eh"]”h$]”h&]”uh1hähj'  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œmember”Œrefexplicit”‰Œrefwarn”‰j  Œtls_dev_add”uh1hhŸh³h KVhj  ubhŒ callback of
”…””}”(hj  hžhhŸNh Nubh)”}”(hŒ(:c:type:`struct tlsdev_ops <tlsdev_ops>`”h]”hå)”}”(hjL  h]”hŒstruct tlsdev_ops”…””}”(hjN  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-type”eh"]”h$]”h&]”uh1hähjJ  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j  Œ
tlsdev_ops”uh1hhŸh³h KVhj  ubhŒ:”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KVhjS  hžhubhŒliteral_block”“”)”}”(hŒÛint (*tls_dev_add)(struct net_device *netdev, struct sock *sk,
                   enum tls_offload_ctx_dir direction,
                   struct tls_crypto_info *crypto_info,
                   u32 start_offload_tcp_sn);”h]”hŒÛint (*tls_dev_add)(struct net_device *netdev, struct sock *sk,
                   enum tls_offload_ctx_dir direction,
                   struct tls_crypto_info *crypto_info,
                   u32 start_offload_tcp_sn);”…””}”hju  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²Œforce”‰Œlanguage”jÅ  Œhighlight_args”}”uh1js  hŸh³h KYhjS  hžhubhÛ)”}”(hXˆ  ``direction`` indicates whether the cryptographic information is for
the received or transmitted packets. Driver uses the ``sk`` parameter
to retrieve the connection 5-tuple and socket family (IPv4 vs IPv6).
Cryptographic information in ``crypto_info`` includes the key, iv, salt
as well as TLS record sequence number. ``start_offload_tcp_sn`` indicates
which TCP sequence number corresponds to the beginning of the record with
sequence number from ``crypto_info``. The driver can add its state
at the end of kernel structures (see :c:member:`driver_state` members
in ``include/net/tls.h``) to avoid additional allocations and pointer
dereferences.”h]”(hå)”}”(hŒ``direction``”h]”hŒ	direction”…””}”(hj‹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj‡  ubhŒm indicates whether the cryptographic information is for
the received or transmitted packets. Driver uses the ”…””}”(hj‡  hžhhŸNh Nubhå)”}”(hŒ``sk``”h]”hŒsk”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj‡  ubhŒm parameter
to retrieve the connection 5-tuple and socket family (IPv4 vs IPv6).
Cryptographic information in ”…””}”(hj‡  hžhhŸNh Nubhå)”}”(hŒ``crypto_info``”h]”hŒcrypto_info”…””}”(hj¯  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj‡  ubhŒC includes the key, iv, salt
as well as TLS record sequence number. ”…””}”(hj‡  hžhhŸNh Nubhå)”}”(hŒ``start_offload_tcp_sn``”h]”hŒstart_offload_tcp_sn”…””}”(hjÁ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj‡  ubhŒj indicates
which TCP sequence number corresponds to the beginning of the record with
sequence number from ”…””}”(hj‡  hžhhŸNh Nubhå)”}”(hŒ``crypto_info``”h]”hŒcrypto_info”…””}”(hjÓ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj‡  ubhŒD. The driver can add its state
at the end of kernel structures (see ”…””}”(hj‡  hžhhŸNh Nubh)”}”(hŒ:c:member:`driver_state`”h]”hå)”}”(hjç  h]”hŒdriver_state”…””}”(hjé  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-member”eh"]”h$]”h&]”uh1hähjå  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œmember”Œrefexplicit”‰Œrefwarn”‰j  Œdriver_state”uh1hhŸh³h K`hj‡  ubhŒ members
in ”…””}”(hj‡  hžhhŸNh Nubhå)”}”(hŒ``include/net/tls.h``”h]”hŒinclude/net/tls.h”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj‡  ubhŒ;) to avoid additional allocations and pointer
dereferences.”…””}”(hj‡  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K`hjS  hžhubhµ)”}”(hhh]”(hº)”}”(hŒTX”h]”hŒTX”…””}”(hj#  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj   hžhhŸh³h KlubhÛ)”}”(hŒÄAfter TX state is installed, the stack guarantees that the first segment
of the stream will start exactly at the ``start_offload_tcp_sn`` sequence
number, simplifying TCP sequence number matching.”h]”(hŒqAfter TX state is installed, the stack guarantees that the first segment
of the stream will start exactly at the ”…””}”(hj1  hžhhŸNh Nubhå)”}”(hŒ``start_offload_tcp_sn``”h]”hŒstart_offload_tcp_sn”…””}”(hj9  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj1  ubhŒ; sequence
number, simplifying TCP sequence number matching.”…””}”(hj1  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Knhj   hžhubhÛ)”}”(hXZ  TX offload being fully initialized does not imply that all segments passing
through the driver and which belong to the offloaded socket will be after
the expected sequence number and will have kernel record information.
In particular, already encrypted data may have been queued to the socket
before installing the connection state in the kernel.”h]”hXZ  TX offload being fully initialized does not imply that all segments passing
through the driver and which belong to the offloaded socket will be after
the expected sequence number and will have kernel record information.
In particular, already encrypted data may have been queued to the socket
before installing the connection state in the kernel.”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Krhj   hžhubeh}”(h]”Œid1”ah ]”h"]”h$]”j›  ah&]”uh1h´hjS  hžhhŸh³h Klj  Kubhµ)”}”(hhh]”(hº)”}”(hŒRX”h]”hŒRX”…””}”(hji  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjf  hžhhŸh³h KyubhÛ)”}”(hŒ¥In the RX direction, the local networking stack has little control over
segmentation, so the initial records' TCP sequence number may be anywhere
inside the segment.”h]”hŒ§In the RX direction, the local networking stack has little control over
segmentation, so the initial recordsâ€™ TCP sequence number may be anywhere
inside the segment.”…””}”(hjw  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K{hjf  hžhubeh}”(h]”Œid2”ah ]”h"]”h$]”jI  ah&]”uh1h´hjS  hžhhŸh³h Kyj  Kubeh}”(h]”Œdevice-configuration”ah ]”h"]”Œdevice configuration”ah$]”h&]”uh1h´hh¶hžhhŸh³h KGubhµ)”}”(hhh]”(hº)”}”(hŒNormal operation”h]”hŒNormal operation”…””}”(hj—  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj”  hžhhŸh³h K€ubhÛ)”}”(hŒ_At the minimum the device maintains the following state for each connection, in
each direction:”h]”hŒ_At the minimum the device maintains the following state for each connection, in
each direction:”…””}”(hj¥  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K‚hj”  hžhubjD  )”}”(hŒÏ* crypto secrets (key, iv, salt)
* crypto processing state (partial blocks, partial authentication tag, etc.)
* record metadata (sequence number, processing offset and length)
* expected TCP sequence number
”h]”jJ  )”}”(hhh]”(jO  )”}”(hŒcrypto secrets (key, iv, salt)”h]”hÛ)”}”(hj¼  h]”hŒcrypto secrets (key, iv, salt)”…””}”(hj¾  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K…hjº  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj·  ubjO  )”}”(hŒJcrypto processing state (partial blocks, partial authentication tag, etc.)”h]”hÛ)”}”(hjÓ  h]”hŒJcrypto processing state (partial blocks, partial authentication tag, etc.)”…””}”(hjÕ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K†hjÑ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj·  ubjO  )”}”(hŒ?record metadata (sequence number, processing offset and length)”h]”hÛ)”}”(hjê  h]”hŒ?record metadata (sequence number, processing offset and length)”…””}”(hjì  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K‡hjè  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj·  ubjO  )”}”(hŒexpected TCP sequence number
”h]”hÛ)”}”(hŒexpected TCP sequence number”h]”hŒexpected TCP sequence number”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kˆhjÿ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj·  ubeh}”(h]”h ]”h"]”h$]”h&]”j.  j/  uh1jI  hŸh³h K…hj³  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  hŸh³h K…hj”  hžhubhÛ)”}”(hX   There are no guarantees on record length or record segmentation. In particular
segments may start at any point of a record and contain any number of records.
Assuming segments are received in order, the device should be able to perform
crypto operations and authentication regardless of segmentation. For this
to be possible, the device has to keep a small amount of segment-to-segment
state. This includes at least:”h]”hX   There are no guarantees on record length or record segmentation. In particular
segments may start at any point of a record and contain any number of records.
Assuming segments are received in order, the device should be able to perform
crypto operations and authentication regardless of segmentation. For this
to be possible, the device has to keep a small amount of segment-to-segment
state. This includes at least:”…””}”(hj#  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KŠhj”  hžhubjD  )”}”(hŒí* partial headers (if a segment carried only a part of the TLS header)
* partial data block
* partial authentication tag (all data had been seen but part of the
  authentication tag has to be written or read from the subsequent segment)
”h]”jJ  )”}”(hhh]”(jO  )”}”(hŒDpartial headers (if a segment carried only a part of the TLS header)”h]”hÛ)”}”(hj:  h]”hŒDpartial headers (if a segment carried only a part of the TLS header)”…””}”(hj<  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K‘hj8  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj5  ubjO  )”}”(hŒpartial data block”h]”hÛ)”}”(hjQ  h]”hŒpartial data block”…””}”(hjS  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K’hjO  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj5  ubjO  )”}”(hŒpartial authentication tag (all data had been seen but part of the
authentication tag has to be written or read from the subsequent segment)
”h]”hÛ)”}”(hŒŒpartial authentication tag (all data had been seen but part of the
authentication tag has to be written or read from the subsequent segment)”h]”hŒŒpartial authentication tag (all data had been seen but part of the
authentication tag has to be written or read from the subsequent segment)”…””}”(hjj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K“hjf  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj5  ubeh}”(h]”h ]”h"]”h$]”h&]”j.  j/  uh1jI  hŸh³h K‘hj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  hŸh³h K‘hj”  hžhubhÛ)”}”(hŒ¡Record reassembly is not necessary for TLS offload. If the packets arrive
in order the device should be able to handle them separately and make
forward progress.”h]”hŒ¡Record reassembly is not necessary for TLS offload. If the packets arrive
in order the device should be able to handle them separately and make
forward progress.”…””}”(hjŠ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K–hj”  hžhubhµ)”}”(hhh]”(hº)”}”(hŒTX”h]”hŒTX”…””}”(hj›  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj˜  hžhhŸh³h K›ubhÛ)”}”(hŒŠThe kernel stack performs record framing reserving space for the authentication
tag and populating all other TLS header and tailer fields.”h]”hŒŠThe kernel stack performs record framing reserving space for the authentication
tag and populating all other TLS header and tailer fields.”…””}”(hj©  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Khj˜  hžhubhÛ)”}”(hX­  Both the device and the driver maintain expected TCP sequence numbers
due to the possibility of retransmissions and the lack of software fallback
once the packet reaches the device.
For segments passed in order, the driver marks the packets with
a connection identifier (note that a 5-tuple lookup is insufficient to identify
packets requiring HW offload, see the :ref:`5tuple_problems` section)
and hands them to the device. The device identifies the packet as requiring
TLS handling and confirms the sequence number matches its expectation.
The device performs encryption and authentication of the record data.
It replaces the authentication tag and TCP checksum with correct values.”h]”(hXl  Both the device and the driver maintain expected TCP sequence numbers
due to the possibility of retransmissions and the lack of software fallback
once the packet reaches the device.
For segments passed in order, the driver marks the packets with
a connection identifier (note that a 5-tuple lookup is insufficient to identify
packets requiring HW offload, see the ”…””}”(hj·  hžhhŸNh Nubh)”}”(hŒ:ref:`5tuple_problems`”h]”hý)”}”(hjÁ  h]”hŒ5tuple_problems”…””}”(hjÃ  hžhhŸNh Nubah}”(h]”h ]”(j  Œstd”Œstd-ref”eh"]”h$]”h&]”uh1hühj¿  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÍ  Œreftype”Œref”Œrefexplicit”‰Œrefwarn”ˆj  Œ5tuple_problems”uh1hhŸh³h K hj·  ubhX+   section)
and hands them to the device. The device identifies the packet as requiring
TLS handling and confirms the sequence number matches its expectation.
The device performs encryption and authentication of the record data.
It replaces the authentication tag and TCP checksum with correct values.”…””}”(hj·  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K hj˜  hžhubeh}”(h]”Œid3”ah ]”h"]”h$]”Œtx”ah&]”uh1h´hj”  hžhhŸh³h K›j  Kubhµ)”}”(hhh]”(hº)”}”(hŒRX”h]”hŒRX”…””}”(hjô  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjñ  hžhhŸh³h K¬ubhÛ)”}”(hX  Before a packet is DMAed to the host (but after NIC's embedded switching
and packet transformation functions) the device validates the Layer 4
checksum and performs a 5-tuple lookup to find any TLS connection the packet
may belong to (technically a 4-tuple
lookup is sufficient - IP addresses and TCP port numbers, as the protocol
is always TCP). If the packet is matched to a connection, the device confirms
if the TCP sequence number is the expected one and proceeds to TLS handling
(record delineation, decryption, authentication for each record in the packet).
The device leaves the record framing unmodified, the stack takes care of record
decapsulation. Device indicates successful handling of TLS offload in the
per-packet context (descriptor) passed to the host.”h]”hX  Before a packet is DMAed to the host (but after NICâ€™s embedded switching
and packet transformation functions) the device validates the Layer 4
checksum and performs a 5-tuple lookup to find any TLS connection the packet
may belong to (technically a 4-tuple
lookup is sufficient - IP addresses and TCP port numbers, as the protocol
is always TCP). If the packet is matched to a connection, the device confirms
if the TCP sequence number is the expected one and proceeds to TLS handling
(record delineation, decryption, authentication for each record in the packet).
The device leaves the record framing unmodified, the stack takes care of record
decapsulation. Device indicates successful handling of TLS offload in the
per-packet context (descriptor) passed to the host.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h K®hjñ  hžhubhÛ)”}”(hX6  Upon reception of a TLS offloaded packet, the driver sets
the :c:member:`decrypted` mark in :c:type:`struct sk_buff <sk_buff>`
corresponding to the segment. Networking stack makes sure decrypted
and non-decrypted segments do not get coalesced (e.g. by GRO or socket layer)
and takes care of partial decryption.”h]”(hŒ>Upon reception of a TLS offloaded packet, the driver sets
the ”…””}”(hj  hžhhŸNh Nubh)”}”(hŒ:c:member:`decrypted`”h]”hå)”}”(hj  h]”hŒ	decrypted”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-member”eh"]”h$]”h&]”uh1hähj  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œmember”Œrefexplicit”‰Œrefwarn”‰j  Œ	decrypted”uh1hhŸh³h Kºhj  ubhŒ	 mark in ”…””}”(hj  hžhhŸNh Nubh)”}”(hŒ":c:type:`struct sk_buff <sk_buff>`”h]”hå)”}”(hj=  h]”hŒstruct sk_buff”…””}”(hj?  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-type”eh"]”h$]”h&]”uh1hähj;  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œtype”Œrefexplicit”ˆŒrefwarn”‰j  Œsk_buff”uh1hhŸh³h Kºhj  ubhŒ¸
corresponding to the segment. Networking stack makes sure decrypted
and non-decrypted segments do not get coalesced (e.g. by GRO or socket layer)
and takes care of partial decryption.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kºhjñ  hžhubeh}”(h]”Œid4”ah ]”h"]”h$]”Œrx”ah&]”uh1h´hj”  hžhhŸh³h K¬j  Kubeh}”(h]”Œnormal-operation”ah ]”h"]”Œnormal operation”ah$]”h&]”uh1h´hh¶hžhhŸh³h K€ubhµ)”}”(hhh]”(hº)”}”(hŒResync handling”h]”hŒResync handling”…””}”(hjw  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjt  hžhhŸh³h KÁubhÛ)”}”(hŒ¤In presence of packet drops or network packet reordering, the device may lose
synchronization with the TLS stream, and require a resync with the kernel's
TCP stack.”h]”hŒ¦In presence of packet drops or network packet reordering, the device may lose
synchronization with the TLS stream, and require a resync with the kernelâ€™s
TCP stack.”…””}”(hj…  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÃhjt  hžhubhÛ)”}”(hXO  Note that resync is only attempted for connections which were successfully
added to the device table and are in TLS_HW mode. For example,
if the table was full when cryptographic state was installed in the kernel,
such connection will never get offloaded. Therefore the resync request
does not carry any cryptographic connection state.”h]”hXO  Note that resync is only attempted for connections which were successfully
added to the device table and are in TLS_HW mode. For example,
if the table was full when cryptographic state was installed in the kernel,
such connection will never get offloaded. Therefore the resync request
does not carry any cryptographic connection state.”…””}”(hj“  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÇhjt  hžhubhµ)”}”(hhh]”(hº)”}”(hŒTX”h]”hŒTX”…””}”(hj¤  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj¡  hžhhŸh³h KÎubhÛ)”}”(hŒýSegments transmitted from an offloaded socket can get out of sync
in similar ways to the receive side-retransmissions - local drops
are possible, though network reorders are not. There are currently
two mechanisms for dealing with out of order segments.”h]”hŒýSegments transmitted from an offloaded socket can get out of sync
in similar ways to the receive side-retransmissions - local drops
are possible, though network reorders are not. There are currently
two mechanisms for dealing with out of order segments.”…””}”(hj²  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KÐhj¡  hžhubhµ)”}”(hhh]”(hº)”}”(hŒCrypto state rebuilding”h]”hŒCrypto state rebuilding”…””}”(hjÃ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjÀ  hžhhŸh³h KÖubhÛ)”}”(hX  Whenever an out of order segment is transmitted the driver provides
the device with enough information to perform cryptographic operations.
This means most likely that the part of the record preceding the current
segment has to be passed to the device as part of the packet context,
together with its TCP sequence number and TLS record number. The device
can then initialize its crypto state, process and discard the preceding
data (to be able to insert the authentication tag) and move onto handling
the actual packet.”h]”hX  Whenever an out of order segment is transmitted the driver provides
the device with enough information to perform cryptographic operations.
This means most likely that the part of the record preceding the current
segment has to be passed to the device as part of the packet context,
together with its TCP sequence number and TLS record number. The device
can then initialize its crypto state, process and discard the preceding
data (to be able to insert the authentication tag) and move onto handling
the actual packet.”…””}”(hjÑ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KØhjÀ  hžhubhÛ)”}”(hXÏ  In this mode depending on the implementation the driver can either ask
for a continuation with the crypto state and the new sequence number
(next expected segment is the one after the out of order one), or continue
with the previous stream state - assuming that the out of order segment
was just a retransmission. The former is simpler, and does not require
retransmission detection therefore it is the recommended method until
such time it is proven inefficient.”h]”hXÏ  In this mode depending on the implementation the driver can either ask
for a continuation with the crypto state and the new sequence number
(next expected segment is the one after the out of order one), or continue
with the previous stream state - assuming that the out of order segment
was just a retransmission. The former is simpler, and does not require
retransmission detection therefore it is the recommended method until
such time it is proven inefficient.”…””}”(hjß  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h KáhjÀ  hžhubeh}”(h]”Œcrypto-state-rebuilding”ah ]”h"]”Œcrypto state rebuilding”ah$]”h&]”uh1h´hj¡  hžhhŸh³h KÖubhµ)”}”(hhh]”(hº)”}”(hŒNext record sync”h]”hŒNext record sync”…””}”(hjø  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjõ  hžhhŸh³h KêubhÛ)”}”(hXŽ  Whenever an out of order segment is detected the driver requests
that the ``ktls`` software fallback code encrypt it. If the segment's
sequence number is lower than expected the driver assumes retransmission
and doesn't change device state. If the segment is in the future, it
may imply a local drop, the driver asks the stack to sync the device
to the next record state and falls back to software.”h]”(hŒJWhenever an out of order segment is detected the driver requests
that the ”…””}”(hj  hžhhŸNh Nubhå)”}”(hŒ``ktls``”h]”hŒktls”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj  ubhX@   software fallback code encrypt it. If the segmentâ€™s
sequence number is lower than expected the driver assumes retransmission
and doesnâ€™t change device state. If the segment is in the future, it
may imply a local drop, the driver asks the stack to sync the device
to the next record state and falls back to software.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kìhjõ  hžhubhÛ)”}”(hŒ!Resync request is indicated with:”h]”hŒ!Resync request is indicated with:”…””}”(hj&  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kóhjõ  hžhubjt  )”}”(hŒMvoid tls_offload_tx_resync_request(struct sock *sk, u32 got_seq, u32 exp_seq)”h]”hŒMvoid tls_offload_tx_resync_request(struct sock *sk, u32 got_seq, u32 exp_seq)”…””}”hj4  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²jƒ  ‰j„  jÅ  j…  }”uh1js  hŸh³h Kõhjõ  hžhubhÛ)”}”(hŒÃUntil resync is complete driver should not access its expected TCP
sequence number (as it will be updated from a different context).
Following helper should be used to test if resync is complete:”h]”hŒÃUntil resync is complete driver should not access its expected TCP
sequence number (as it will be updated from a different context).
Following helper should be used to test if resync is complete:”…””}”(hjC  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Kùhjõ  hžhubjt  )”}”(hŒ3bool tls_offload_tx_resync_pending(struct sock *sk)”h]”hŒ3bool tls_offload_tx_resync_pending(struct sock *sk)”…””}”hjQ  sbah}”(h]”h ]”h"]”h$]”h&]”h±h²jƒ  ‰j„  jÅ  j…  }”uh1js  hŸh³h Kýhjõ  hžhubhÛ)”}”(hŒøNext time ``ktls`` pushes a record it will first send its TCP sequence number
and TLS record number to the driver. Stack will also make sure that
the new record will start on a segment boundary (like it does when
the connection is initially added).”h]”(hŒ
Next time ”…””}”(hj`  hžhhŸNh Nubhå)”}”(hŒ``ktls``”h]”hŒktls”…””}”(hjh  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj`  ubhŒæ pushes a record it will first send its TCP sequence number
and TLS record number to the driver. Stack will also make sure that
the new record will start on a segment boundary (like it does when
the connection is initially added).”…””}”(hj`  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhjõ  hžhubeh}”(h]”Œnext-record-sync”ah ]”h"]”Œnext record sync”ah$]”h&]”uh1h´hj¡  hžhhŸh³h Kêubeh}”(h]”Œid5”ah ]”h"]”h$]”Œtx”ah&]”uh1h´hjt  hžhhŸh³h KÎj  Kubhµ)”}”(hhh]”(hº)”}”(hŒRX”h]”hŒRX”…””}”(hj“  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj  hžhhŸh³h MubhÛ)”}”(hŒ­A small amount of RX reorder events may not require a full resynchronization.
In particular the device should not lose synchronization
when record boundary can be recovered:”h]”hŒ­A small amount of RX reorder events may not require a full resynchronization.
In particular the device should not lose synchronization
when record boundary can be recovered:”…””}”(hj¡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M	hj  hžhubj  )”}”(hhh]”j  )”}”(hhh]”(j  )”}”(hŒ˜.. kernel-figure::  tls-offload-reorder-good.svg
   :alt:        reorder of non-header segment
   :align:      center

   Reorder of non-header segment
”h]”h}”(h]”h ]”h"]”h$]”h&]”Œalt”Œreorder of non-header segment”Œuri”Œ'networking/tls-offload-reorder-good.svg”j   }”j/  jÂ  suh1j  hj²  hŸh³h K ubj#  )”}”(hŒReorder of non-header segment”h]”hŒReorder of non-header segment”…””}”(hjÄ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hŸh³h Mhj²  ubeh}”(h]”Œid10”ah ]”h"]”h$]”h&]”j;  Œcenter”uh1j  hj¯  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  hžhhŸh³h NubhÛ)”}”(hŒ{Green segments are successfully decrypted, blue ones are passed
as received on wire, red stripes mark start of new records.”h]”hŒ{Green segments are successfully decrypted, blue ones are passed
as received on wire, red stripes mark start of new records.”…””}”(hjà  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhj  hžhubhÛ)”}”(hX-  In above case segment 1 is received and decrypted successfully.
Segment 2 was dropped so 3 arrives out of order. The device knows
the next record starts inside 3, based on record length in segment 1.
Segment 3 is passed untouched, because due to lack of data from segment 2
the remainder of the previous record inside segment 3 cannot be handled.
The device can, however, collect the authentication algorithm's state
and partial block from the new record in segment 3 and when 4 and 5
arrive continue decryption. Finally when 2 arrives it's completely outside
of expected window of the device so it's passed as is without special
handling. ``ktls`` software fallback handles the decryption of record
spanning segments 1, 2 and 3. The device did not get out of sync,
even though two segments did not get decrypted.”h]”(hX†  In above case segment 1 is received and decrypted successfully.
Segment 2 was dropped so 3 arrives out of order. The device knows
the next record starts inside 3, based on record length in segment 1.
Segment 3 is passed untouched, because due to lack of data from segment 2
the remainder of the previous record inside segment 3 cannot be handled.
The device can, however, collect the authentication algorithmâ€™s state
and partial block from the new record in segment 3 and when 4 and 5
arrive continue decryption. Finally when 2 arrives itâ€™s completely outside
of expected window of the device so itâ€™s passed as is without special
handling. ”…””}”(hjî  hžhhŸNh Nubhå)”}”(hŒ``ktls``”h]”hŒktls”…””}”(hjö  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjî  ubhŒ¥ software fallback handles the decryption of record
spanning segments 1, 2 and 3. The device did not get out of sync,
even though two segments did not get decrypted.”…””}”(hjî  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhj  hžhubhÛ)”}”(hŒ’Kernel synchronization may be necessary if the lost segment contained
a record header and arrived after the next record header has already passed:”h]”hŒ’Kernel synchronization may be necessary if the lost segment contained
a record header and arrived after the next record header has already passed:”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M#hj  hžhubj  )”}”(hhh]”j  )”}”(hhh]”(j  )”}”(hŒš.. kernel-figure::  tls-offload-reorder-bad.svg
   :alt:        reorder of header segment
   :align:      center

   Reorder of segment with a TLS header
”h]”h}”(h]”h ]”h"]”h$]”h&]”Œalt”Œreorder of header segment”Œuri”Œ&networking/tls-offload-reorder-bad.svg”j   }”j/  j/	  suh1j  hj	  hŸh³h K ubj#  )”}”(hŒ$Reorder of segment with a TLS header”h]”hŒ$Reorder of segment with a TLS header”…””}”(hj1	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j"  hŸh³h M*hj	  ubeh}”(h]”Œid11”ah ]”h"]”h$]”h&]”j;  Œcenter”uh1j  hj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  hžhhŸh³h NubhÛ)”}”(hX
  In this example segment 2 gets dropped, and it contains a record header.
Device can only detect that segment 4 also contains a TLS header
if it knows the length of the previous record from segment 2. In this case
the device will lose synchronization with the stream.”h]”hX
  In this example segment 2 gets dropped, and it contains a record header.
Device can only detect that segment 4 also contains a TLS header
if it knows the length of the previous record from segment 2. In this case
the device will lose synchronization with the stream.”…””}”(hjM	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M,hj  hžhubhµ)”}”(hhh]”(hº)”}”(hŒStream scan resynchronization”h]”hŒStream scan resynchronization”…””}”(hj^	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj[	  hžhhŸh³h M2ubhÛ)”}”(hX+  When the device gets out of sync and the stream reaches TCP sequence
numbers more than a max size record past the expected TCP sequence number,
the device starts scanning for a known header pattern. For example
for TLS 1.2 and TLS 1.3 subsequent bytes of value ``0x03 0x03`` occur
in the SSL/TLS version field of the header. Once pattern is matched
the device continues attempting parsing headers at expected locations
(based on the length fields at guessed locations).
Whenever the expected location does not contain a valid header the scan
is restarted.”h]”(hX  When the device gets out of sync and the stream reaches TCP sequence
numbers more than a max size record past the expected TCP sequence number,
the device starts scanning for a known header pattern. For example
for TLS 1.2 and TLS 1.3 subsequent bytes of value ”…””}”(hjl	  hžhhŸNh Nubhå)”}”(hŒ``0x03 0x03``”h]”hŒ	0x03 0x03”…””}”(hjt	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjl	  ubhX   occur
in the SSL/TLS version field of the header. Once pattern is matched
the device continues attempting parsing headers at expected locations
(based on the length fields at guessed locations).
Whenever the expected location does not contain a valid header the scan
is restarted.”…””}”(hjl	  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M4hj[	  hžhubhÛ)”}”(hXL  When the header is matched the device sends a confirmation request
to the kernel, asking if the guessed location is correct (if a TLS record
really starts there), and which record sequence number the given header had.
The kernel confirms the guessed location was correct and tells the device
the record sequence number. Meanwhile, the device had been parsing
and counting all records since the just-confirmed one, it adds the number
of records it had seen to the record number provided by the kernel.
At this point the device is in sync and can resume decryption at next
segment boundary.”h]”hXL  When the header is matched the device sends a confirmation request
to the kernel, asking if the guessed location is correct (if a TLS record
really starts there), and which record sequence number the given header had.
The kernel confirms the guessed location was correct and tells the device
the record sequence number. Meanwhile, the device had been parsing
and counting all records since the just-confirmed one, it adds the number
of records it had seen to the record number provided by the kernel.
At this point the device is in sync and can resume decryption at next
segment boundary.”…””}”(hjŒ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M>hj[	  hžhubhÛ)”}”(hXF  In a pathological case the device may latch onto a sequence of matching
headers and never hear back from the kernel (there is no negative
confirmation from the kernel). The implementation may choose to periodically
restart scan. Given how unlikely falsely-matching stream is, however,
periodic restart is not deemed necessary.”h]”hXF  In a pathological case the device may latch onto a sequence of matching
headers and never hear back from the kernel (there is no negative
confirmation from the kernel). The implementation may choose to periodically
restart scan. Given how unlikely falsely-matching stream is, however,
periodic restart is not deemed necessary.”…””}”(hjš	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MHhj[	  hžhubhÛ)”}”(hŒ²Special care has to be taken if the confirmation request is passed
asynchronously to the packet stream and record may get processed
by the kernel before the confirmation request.”h]”hŒ²Special care has to be taken if the confirmation request is passed
asynchronously to the packet stream and record may get processed
by the kernel before the confirmation request.”…””}”(hj¨	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MNhj[	  hžhubeh}”(h]”Œstream-scan-resynchronization”ah ]”h"]”Œstream scan resynchronization”ah$]”h&]”uh1h´hj  hžhhŸh³h M2ubhµ)”}”(hhh]”(hº)”}”(hŒStack-driven resynchronization”h]”hŒStack-driven resynchronization”…””}”(hjÁ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj¾	  hžhhŸh³h MSubhÛ)”}”(hX  The driver may also request the stack to perform resynchronization
whenever it sees the records are no longer getting decrypted.
If the connection is configured in this mode the stack automatically
schedules resynchronization after it has received two completely encrypted
records.”h]”hX  The driver may also request the stack to perform resynchronization
whenever it sees the records are no longer getting decrypted.
If the connection is configured in this mode the stack automatically
schedules resynchronization after it has received two completely encrypted
records.”…””}”(hjÏ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MUhj¾	  hžhubhÛ)”}”(hXa  The stack waits for the socket to drain and informs the device about
the next expected record number and its TCP sequence number. If the
records continue to be received fully encrypted stack retries the
synchronization with an exponential back off (first after 2 encrypted
records, then after 4 records, after 8, after 16... up until every
128 records).”h]”hXa  The stack waits for the socket to drain and informs the device about
the next expected record number and its TCP sequence number. If the
records continue to be received fully encrypted stack retries the
synchronization with an exponential back off (first after 2 encrypted
records, then after 4 records, after 8, after 16... up until every
128 records).”…””}”(hjÝ	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M[hj¾	  hžhubeh}”(h]”Œstack-driven-resynchronization”ah ]”h"]”Œstack-driven resynchronization”ah$]”h&]”uh1h´hj  hžhhŸh³h MSubeh}”(h]”Œid6”ah ]”h"]”h$]”Œrx”ah&]”uh1h´hjt  hžhhŸh³h Mj  Kubeh}”(h]”Œresync-handling”ah ]”h"]”Œresync handling”ah$]”h&]”uh1h´hh¶hžhhŸh³h KÁubhµ)”}”(hhh]”(hº)”}”(hŒError handling”h]”hŒError handling”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj
  hžhhŸh³h Mcubhµ)”}”(hhh]”(hº)”}”(hŒTX”h]”hŒTX”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj
  hžhhŸh³h MfubhÛ)”}”(hX¯  Packets may be redirected or rerouted by the stack to a different
device than the selected TLS offload device. The stack will handle
such condition using the :c:func:`sk_validate_xmit_skb` helper
(TLS offload code installs :c:func:`tls_validate_xmit_skb` at this hook).
Offload maintains information about all records until the data is
fully acknowledged, so if skbs reach the wrong device they can be handled
by software fallback.”h]”(hŒžPackets may be redirected or rerouted by the stack to a different
device than the selected TLS offload device. The stack will handle
such condition using the ”…””}”(hj%
  hžhhŸNh Nubh)”}”(hŒ:c:func:`sk_validate_xmit_skb`”h]”hå)”}”(hj/
  h]”hŒsk_validate_xmit_skb()”…””}”(hj1
  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-func”eh"]”h$]”h&]”uh1hähj-
  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œfunc”Œrefexplicit”‰Œrefwarn”‰j  Œsk_validate_xmit_skb”uh1hhŸh³h Mhhj%
  ubhŒ# helper
(TLS offload code installs ”…””}”(hj%
  hžhhŸNh Nubh)”}”(hŒ:c:func:`tls_validate_xmit_skb`”h]”hå)”}”(hjR
  h]”hŒtls_validate_xmit_skb()”…””}”(hjT
  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-func”eh"]”h$]”h&]”uh1hähjP
  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œfunc”Œrefexplicit”‰Œrefwarn”‰j  Œtls_validate_xmit_skb”uh1hhŸh³h Mhhj%
  ubhŒ± at this hook).
Offload maintains information about all records until the data is
fully acknowledged, so if skbs reach the wrong device they can be handled
by software fallback.”…””}”(hj%
  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhhj
  hžhubhÛ)”}”(hX   Any device TLS offload handling error on the transmission side must result
in the packet being dropped. For example if a packet got out of order
due to a bug in the stack or the device, reached the device and can't
be encrypted such packet must be dropped.”h]”hX  Any device TLS offload handling error on the transmission side must result
in the packet being dropped. For example if a packet got out of order
due to a bug in the stack or the device, reached the device and canâ€™t
be encrypted such packet must be dropped.”…””}”(hjy
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mphj
  hžhubeh}”(h]”Œid7”ah ]”h"]”h$]”Œtx”ah&]”uh1h´hj
  hžhhŸh³h Mfj  Kubhµ)”}”(hhh]”(hº)”}”(hŒRX”h]”hŒRX”…””}”(hj’
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj
  hžhhŸh³h MvubhÛ)”}”(hŒ£If the device encounters any problems with TLS offload on the receive
side it should pass the packet to the host's networking stack as it was
received on the wire.”h]”hŒ¥If the device encounters any problems with TLS offload on the receive
side it should pass the packet to the hostâ€™s networking stack as it was
received on the wire.”…””}”(hj 
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mxhj
  hžhubhÛ)”}”(hX  For example authentication failure for any record in the segment should
result in passing the unmodified packet to the software fallback. This means
packets should not be modified "in place". Splitting segments to handle partial
decryption is not advised. In other words either all records in the packet
had been handled successfully and authenticated or the packet has to be passed
to the host's stack as it was on the wire (recovering original packet in the
driver if device provides precise error is sufficient).”h]”hX	  For example authentication failure for any record in the segment should
result in passing the unmodified packet to the software fallback. This means
packets should not be modified â€œin placeâ€. Splitting segments to handle partial
decryption is not advised. In other words either all records in the packet
had been handled successfully and authenticated or the packet has to be passed
to the hostâ€™s stack as it was on the wire (recovering original packet in the
driver if device provides precise error is sufficient).”…””}”(hj®
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M|hj
  hžhubhÛ)”}”(hŒ¼The Linux networking stack does not provide a way of reporting per-packet
decryption and authentication errors, packets with errors must simply not
have the :c:member:`decrypted` mark set.”h]”(hŒThe Linux networking stack does not provide a way of reporting per-packet
decryption and authentication errors, packets with errors must simply not
have the ”…””}”(hj¼
  hžhhŸNh Nubh)”}”(hŒ:c:member:`decrypted`”h]”hå)”}”(hjÆ
  h]”hŒ	decrypted”…””}”(hjÈ
  hžhhŸNh Nubah}”(h]”h ]”(j  jÅ  Œc-member”eh"]”h$]”h&]”uh1hähjÄ
  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”j  Œ	refdomain”jÅ  Œreftype”Œmember”Œrefexplicit”‰Œrefwarn”‰j  Œ	decrypted”uh1hhŸh³h M„hj¼
  ubhŒ
 mark set.”…””}”(hj¼
  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M„hj
  hžhubhÛ)”}”(hŒZA packet should also not be handled by the TLS offload if it contains
incorrect checksums.”h]”hŒZA packet should also not be handled by the TLS offload if it contains
incorrect checksums.”…””}”(hjí
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mˆhj
  hžhubeh}”(h]”Œid8”ah ]”h"]”h$]”Œrx”ah&]”uh1h´hj
  hžhhŸh³h Mvj  Kubeh}”(h]”Œerror-handling”ah ]”h"]”Œerror handling”ah$]”h&]”uh1h´hh¶hžhhŸh³h Mcubhµ)”}”(hhh]”(hº)”}”(hŒPerformance metrics”h]”hŒPerformance metrics”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj  hžhhŸh³h MŒubhÛ)”}”(hŒ@TLS offload can be characterized by the following basic metrics:”h]”hŒ@TLS offload can be characterized by the following basic metrics:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MŽhj  hžhubjD  )”}”(hŒz* max connection count
* connection installation rate
* connection installation latency
* total cryptographic performance
”h]”jJ  )”}”(hhh]”(jO  )”}”(hŒmax connection count”h]”hÛ)”}”(hj3  h]”hŒmax connection count”…””}”(hj5  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj.  ubjO  )”}”(hŒconnection installation rate”h]”hÛ)”}”(hjJ  h]”hŒconnection installation rate”…””}”(hjL  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M‘hjH  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj.  ubjO  )”}”(hŒconnection installation latency”h]”hÛ)”}”(hja  h]”hŒconnection installation latency”…””}”(hjc  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M’hj_  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj.  ubjO  )”}”(hŒ total cryptographic performance
”h]”hÛ)”}”(hŒtotal cryptographic performance”h]”hŒtotal cryptographic performance”…””}”(hjz  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M“hjv  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hj.  ubeh}”(h]”h ]”h"]”h$]”h&]”j.  j/  uh1jI  hŸh³h Mhj*  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  hŸh³h Mhj  hžhubhÛ)”}”(hŒŒNote that each TCP connection requires a TLS session in both directions,
the performance may be reported treating each direction separately.”h]”hŒŒNote that each TCP connection requires a TLS session in both directions,
the performance may be reported treating each direction separately.”…””}”(hjš  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M•hj  hžhubhµ)”}”(hhh]”(hº)”}”(hŒMax connection count”h]”hŒMax connection count”…””}”(hj«  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj¨  hžhhŸh³h M™ubhÛ)”}”(hŒYThe number of connections device can support can be exposed via
``devlink resource`` API.”h]”(hŒ@The number of connections device can support can be exposed via
”…””}”(hj¹  hžhhŸNh Nubhå)”}”(hŒ``devlink resource``”h]”hŒdevlink resource”…””}”(hjÁ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj¹  ubhŒ API.”…””}”(hj¹  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M›hj¨  hžhubeh}”(h]”Œmax-connection-count”ah ]”h"]”Œmax connection count”ah$]”h&]”uh1h´hj  hžhhŸh³h M™ubhµ)”}”(hhh]”(hº)”}”(hŒTotal cryptographic performance”h]”hŒTotal cryptographic performance”…””}”(hjä  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjá  hžhhŸh³h MŸubhÛ)”}”(hŒ:Offload performance may depend on segment and record size.”h]”hŒ:Offload performance may depend on segment and record size.”…””}”(hjò  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M¡hjá  hžhubhÛ)”}”(hŒ~Overload of the cryptographic subsystem of the device should not have
significant performance impact on non-offloaded streams.”h]”hŒ~Overload of the cryptographic subsystem of the device should not have
significant performance impact on non-offloaded streams.”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M£hjá  hžhubeh}”(h]”Œtotal-cryptographic-performance”ah ]”h"]”Œtotal cryptographic performance”ah$]”h&]”uh1h´hj  hžhhŸh³h MŸubeh}”(h]”Œperformance-metrics”ah ]”h"]”Œperformance metrics”ah$]”h&]”uh1h´hh¶hžhhŸh³h MŒubhµ)”}”(hhh]”(hº)”}”(hŒ
Statistics”h]”hŒ
Statistics”…””}”(hj!  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj  hžhhŸh³h M§ubhÛ)”}”(hŒQFollowing minimum set of TLS-related statistics should be reported
by the driver:”h]”hŒQFollowing minimum set of TLS-related statistics should be reported
by the driver:”…””}”(hj/  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M©hj  hžhubjD  )”}”(hX	  * ``rx_tls_decrypted_packets`` - number of successfully decrypted RX packets
  which were part of a TLS stream.
* ``rx_tls_decrypted_bytes`` - number of TLS payload bytes in RX packets
  which were successfully decrypted.
* ``rx_tls_ctx`` - number of TLS RX HW offload contexts added to device for
  decryption.
* ``rx_tls_del`` - number of TLS RX HW offload contexts deleted from device
  (connection has finished).
* ``rx_tls_resync_req_pkt`` - number of received TLS packets with a resync
   request.
* ``rx_tls_resync_req_start`` - number of times the TLS async resync request
   was started.
* ``rx_tls_resync_req_end`` - number of times the TLS async resync request
   properly ended with providing the HW tracked tcp-seq.
* ``rx_tls_resync_req_skip`` - number of times the TLS async resync request
   procedure was started but not properly ended.
* ``rx_tls_resync_res_ok`` - number of times the TLS resync response call to
   the driver was successfully handled.
* ``rx_tls_resync_res_skip`` - number of times the TLS resync response call to
   the driver was terminated unsuccessfully.
* ``rx_tls_err`` - number of RX packets which were part of a TLS stream
  but were not decrypted due to unexpected error in the state machine.
* ``tx_tls_encrypted_packets`` - number of TX packets passed to the device
  for encryption of their TLS payload.
* ``tx_tls_encrypted_bytes`` - number of TLS payload bytes in TX packets
  passed to the device for encryption.
* ``tx_tls_ctx`` - number of TLS TX HW offload contexts added to device for
  encryption.
* ``tx_tls_ooo`` - number of TX packets which were part of a TLS stream
  but did not arrive in the expected order.
* ``tx_tls_skip_no_sync_data`` - number of TX packets which were part of
  a TLS stream and arrived out-of-order, but skipped the HW offload routine
  and went to the regular transmit flow as they were retransmissions of the
  connection handshake.
* ``tx_tls_drop_no_sync_data`` - number of TX packets which were part of
  a TLS stream dropped, because they arrived out of order and associated
  record could not be found.
* ``tx_tls_drop_bypass_req`` - number of TX packets which were part of a TLS
  stream dropped, because they contain both data that has been encrypted by
  software and data that expects hardware crypto offload.
”h]”jJ  )”}”(hhh]”(jO  )”}”(hŒk``rx_tls_decrypted_packets`` - number of successfully decrypted RX packets
which were part of a TLS stream.”h]”hÛ)”}”(hŒk``rx_tls_decrypted_packets`` - number of successfully decrypted RX packets
which were part of a TLS stream.”h]”(hå)”}”(hŒ``rx_tls_decrypted_packets``”h]”hŒrx_tls_decrypted_packets”…””}”(hjL  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1häh•-l      jH  ubhŒO - number of successfully decrypted RX packets
which were part of a TLS stream.”…””}”(hjH  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M¬hjD  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒi``rx_tls_decrypted_bytes`` - number of TLS payload bytes in RX packets
which were successfully decrypted.”h]”hÛ)”}”(hŒi``rx_tls_decrypted_bytes`` - number of TLS payload bytes in RX packets
which were successfully decrypted.”h]”(hå)”}”(hŒ``rx_tls_decrypted_bytes``”h]”hŒrx_tls_decrypted_bytes”…””}”(hjr  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjn  ubhŒO - number of TLS payload bytes in RX packets
which were successfully decrypted.”…””}”(hjn  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M®hjj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒU``rx_tls_ctx`` - number of TLS RX HW offload contexts added to device for
decryption.”h]”hÛ)”}”(hŒU``rx_tls_ctx`` - number of TLS RX HW offload contexts added to device for
decryption.”h]”(hå)”}”(hŒ``rx_tls_ctx``”h]”hŒ
rx_tls_ctx”…””}”(hj˜  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj”  ubhŒG - number of TLS RX HW offload contexts added to device for
decryption.”…””}”(hj”  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M°hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒd``rx_tls_del`` - number of TLS RX HW offload contexts deleted from device
(connection has finished).”h]”hÛ)”}”(hŒd``rx_tls_del`` - number of TLS RX HW offload contexts deleted from device
(connection has finished).”h]”(hå)”}”(hŒ``rx_tls_del``”h]”hŒ
rx_tls_del”…””}”(hj¾  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjº  ubhŒV - number of TLS RX HW offload contexts deleted from device
(connection has finished).”…””}”(hjº  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M²hj¶  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒR``rx_tls_resync_req_pkt`` - number of received TLS packets with a resync
 request.”h]”hŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒQ``rx_tls_resync_req_pkt`` - number of received TLS packets with a resync
request.”h]”(hŒterm”“”)”}”(hŒH``rx_tls_resync_req_pkt`` - number of received TLS packets with a resync”h]”(hå)”}”(hŒ``rx_tls_resync_req_pkt``”h]”hŒrx_tls_resync_req_pkt”…””}”(hjñ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjí  ubhŒ/ - number of received TLS packets with a resync”…””}”(hjí  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jë  hŸh³h M´hjç  ubhŒ
definition”“”)”}”(hhh]”hÛ)”}”(hŒrequest.”h]”hŒrequest.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mµhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hjç  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jå  hŸh³h M´hjâ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jà  hjÜ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒX``rx_tls_resync_req_start`` - number of times the TLS async resync request
 was started.”h]”já  )”}”(hhh]”jæ  )”}”(hŒW``rx_tls_resync_req_start`` - number of times the TLS async resync request
was started.”h]”(jì  )”}”(hŒJ``rx_tls_resync_req_start`` - number of times the TLS async resync request”h]”(hå)”}”(hŒ``rx_tls_resync_req_start``”h]”hŒrx_tls_resync_req_start”…””}”(hjC  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj?  ubhŒ/ - number of times the TLS async resync request”…””}”(hj?  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jë  hŸh³h M¶hj;  ubj
  )”}”(hhh]”hÛ)”}”(hŒwas started.”h]”hŒwas started.”…””}”(hj^  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M·hj[  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hj;  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jå  hŸh³h M¶hj8  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jà  hj4  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒ``rx_tls_resync_req_end`` - number of times the TLS async resync request
 properly ended with providing the HW tracked tcp-seq.”h]”já  )”}”(hhh]”jæ  )”}”(hŒ~``rx_tls_resync_req_end`` - number of times the TLS async resync request
properly ended with providing the HW tracked tcp-seq.”h]”(jì  )”}”(hŒH``rx_tls_resync_req_end`` - number of times the TLS async resync request”h]”(hå)”}”(hŒ``rx_tls_resync_req_end``”h]”hŒrx_tls_resync_req_end”…””}”(hj“  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj  ubhŒ/ - number of times the TLS async resync request”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jë  hŸh³h M¸hj‹  ubj
  )”}”(hhh]”hÛ)”}”(hŒ5properly ended with providing the HW tracked tcp-seq.”h]”hŒ5properly ended with providing the HW tracked tcp-seq.”…””}”(hj®  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M¹hj«  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hj‹  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jå  hŸh³h M¸hjˆ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jà  hj„  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒx``rx_tls_resync_req_skip`` - number of times the TLS async resync request
 procedure was started but not properly ended.”h]”já  )”}”(hhh]”jæ  )”}”(hŒw``rx_tls_resync_req_skip`` - number of times the TLS async resync request
procedure was started but not properly ended.”h]”(jì  )”}”(hŒI``rx_tls_resync_req_skip`` - number of times the TLS async resync request”h]”(hå)”}”(hŒ``rx_tls_resync_req_skip``”h]”hŒrx_tls_resync_req_skip”…””}”(hjã  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjß  ubhŒ/ - number of times the TLS async resync request”…””}”(hjß  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jë  hŸh³h MºhjÛ  ubj
  )”}”(hhh]”hÛ)”}”(hŒ-procedure was started but not properly ended.”h]”hŒ-procedure was started but not properly ended.”…””}”(hjþ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M»hjû  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hjÛ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jå  hŸh³h MºhjØ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jà  hjÔ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒp``rx_tls_resync_res_ok`` - number of times the TLS resync response call to
 the driver was successfully handled.”h]”já  )”}”(hhh]”jæ  )”}”(hŒo``rx_tls_resync_res_ok`` - number of times the TLS resync response call to
the driver was successfully handled.”h]”(jì  )”}”(hŒJ``rx_tls_resync_res_ok`` - number of times the TLS resync response call to”h]”(hå)”}”(hŒ``rx_tls_resync_res_ok``”h]”hŒrx_tls_resync_res_ok”…””}”(hj3  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj/  ubhŒ2 - number of times the TLS resync response call to”…””}”(hj/  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jë  hŸh³h M¼hj+  ubj
  )”}”(hhh]”hÛ)”}”(hŒ$the driver was successfully handled.”h]”hŒ$the driver was successfully handled.”…””}”(hjN  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M½hjK  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hj+  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jå  hŸh³h M¼hj(  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jà  hj$  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒw``rx_tls_resync_res_skip`` - number of times the TLS resync response call to
 the driver was terminated unsuccessfully.”h]”já  )”}”(hhh]”jæ  )”}”(hŒv``rx_tls_resync_res_skip`` - number of times the TLS resync response call to
the driver was terminated unsuccessfully.”h]”(jì  )”}”(hŒL``rx_tls_resync_res_skip`` - number of times the TLS resync response call to”h]”(hå)”}”(hŒ``rx_tls_resync_res_skip``”h]”hŒrx_tls_resync_res_skip”…””}”(hjƒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj  ubhŒ2 - number of times the TLS resync response call to”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jë  hŸh³h M¾hj{  ubj
  )”}”(hhh]”hÛ)”}”(hŒ)the driver was terminated unsuccessfully.”h]”hŒ)the driver was terminated unsuccessfully.”…””}”(hjž  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h M¿hj›  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j	  hj{  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jå  hŸh³h M¾hjx  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jà  hjt  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒŠ``rx_tls_err`` - number of RX packets which were part of a TLS stream
but were not decrypted due to unexpected error in the state machine.”h]”hÛ)”}”(hŒŠ``rx_tls_err`` - number of RX packets which were part of a TLS stream
but were not decrypted due to unexpected error in the state machine.”h]”(hå)”}”(hŒ``rx_tls_err``”h]”hŒ
rx_tls_err”…””}”(hjÌ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjÈ  ubhŒ| - number of RX packets which were part of a TLS stream
but were not decrypted due to unexpected error in the state machine.”…””}”(hjÈ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MÀhjÄ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒm``tx_tls_encrypted_packets`` - number of TX packets passed to the device
for encryption of their TLS payload.”h]”hÛ)”}”(hŒm``tx_tls_encrypted_packets`` - number of TX packets passed to the device
for encryption of their TLS payload.”h]”(hå)”}”(hŒ``tx_tls_encrypted_packets``”h]”hŒtx_tls_encrypted_packets”…””}”(hjò  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjî  ubhŒQ - number of TX packets passed to the device
for encryption of their TLS payload.”…””}”(hjî  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MÂhjê  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒk``tx_tls_encrypted_bytes`` - number of TLS payload bytes in TX packets
passed to the device for encryption.”h]”hÛ)”}”(hŒk``tx_tls_encrypted_bytes`` - number of TLS payload bytes in TX packets
passed to the device for encryption.”h]”(hå)”}”(hŒ``tx_tls_encrypted_bytes``”h]”hŒtx_tls_encrypted_bytes”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj  ubhŒQ - number of TLS payload bytes in TX packets
passed to the device for encryption.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MÄhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒU``tx_tls_ctx`` - number of TLS TX HW offload contexts added to device for
encryption.”h]”hÛ)”}”(hŒU``tx_tls_ctx`` - number of TLS TX HW offload contexts added to device for
encryption.”h]”(hå)”}”(hŒ``tx_tls_ctx``”h]”hŒ
tx_tls_ctx”…””}”(hj>  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj:  ubhŒG - number of TLS TX HW offload contexts added to device for
encryption.”…””}”(hj:  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MÆhj6  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒo``tx_tls_ooo`` - number of TX packets which were part of a TLS stream
but did not arrive in the expected order.”h]”hÛ)”}”(hŒo``tx_tls_ooo`` - number of TX packets which were part of a TLS stream
but did not arrive in the expected order.”h]”(hå)”}”(hŒ``tx_tls_ooo``”h]”hŒ
tx_tls_ooo”…””}”(hjd  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj`  ubhŒa - number of TX packets which were part of a TLS stream
but did not arrive in the expected order.”…””}”(hj`  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MÈhj\  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒð``tx_tls_skip_no_sync_data`` - number of TX packets which were part of
a TLS stream and arrived out-of-order, but skipped the HW offload routine
and went to the regular transmit flow as they were retransmissions of the
connection handshake.”h]”hÛ)”}”(hŒð``tx_tls_skip_no_sync_data`` - number of TX packets which were part of
a TLS stream and arrived out-of-order, but skipped the HW offload routine
and went to the regular transmit flow as they were retransmissions of the
connection handshake.”h]”(hå)”}”(hŒ``tx_tls_skip_no_sync_data``”h]”hŒtx_tls_skip_no_sync_data”…””}”(hjŠ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj†  ubhŒÔ - number of TX packets which were part of
a TLS stream and arrived out-of-order, but skipped the HW offload routine
and went to the regular transmit flow as they were retransmissions of the
connection handshake.”…””}”(hj†  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MÊhj‚  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒ¨``tx_tls_drop_no_sync_data`` - number of TX packets which were part of
a TLS stream dropped, because they arrived out of order and associated
record could not be found.”h]”hÛ)”}”(hŒ¨``tx_tls_drop_no_sync_data`` - number of TX packets which were part of
a TLS stream dropped, because they arrived out of order and associated
record could not be found.”h]”(hå)”}”(hŒ``tx_tls_drop_no_sync_data``”h]”hŒtx_tls_drop_no_sync_data”…””}”(hj°  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj¬  ubhŒŒ - number of TX packets which were part of
a TLS stream dropped, because they arrived out of order and associated
record could not be found.”…””}”(hj¬  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MÎhj¨  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubjO  )”}”(hŒÍ``tx_tls_drop_bypass_req`` - number of TX packets which were part of a TLS
stream dropped, because they contain both data that has been encrypted by
software and data that expects hardware crypto offload.
”h]”hÛ)”}”(hŒÌ``tx_tls_drop_bypass_req`` - number of TX packets which were part of a TLS
stream dropped, because they contain both data that has been encrypted by
software and data that expects hardware crypto offload.”h]”(hå)”}”(hŒ``tx_tls_drop_bypass_req``”h]”hŒtx_tls_drop_bypass_req”…””}”(hjÖ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjÒ  ubhŒ² - number of TX packets which were part of a TLS
stream dropped, because they contain both data that has been encrypted by
software and data that expects hardware crypto offload.”…””}”(hjÒ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MÑhjÎ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jN  hjA  ubeh}”(h]”h ]”h"]”h$]”h&]”j.  j/  uh1jI  hŸh³h M¬hj=  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jC  hŸh³h M¬hj  hžhubeh}”(h]”Œ
statistics”ah ]”h"]”Œ
statistics”ah$]”h&]”uh1h´hh¶hžhhŸh³h M§ubhµ)”}”(hhh]”(hº)”}”(hŒ<Notable corner cases, exceptions and additional requirements”h]”hŒ<Notable corner cases, exceptions and additional requirements”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj  hžhhŸh³h MÖubhŒtarget”“”)”}”(hŒ.. _5tuple_problems:”h]”h}”(h]”h ]”h"]”h$]”h&]”Œrefid”Œtuple-problems”uh1j  h MØhj  hžhhŸh³ubhµ)”}”(hhh]”(hº)”}”(hŒ5-tuple matching limitations”h]”hŒ5-tuple matching limitations”…””}”(hj*  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj'  hžhhŸh³h MÛubhÛ)”}”(hXJ  The device can only recognize received packets based on the 5-tuple
of the socket. Current ``ktls`` implementation will not offload sockets
routed through software interfaces such as those used for tunneling
or virtual networking. However, many packet transformations performed
by the networking stack (most notably any BPF logic) do not require
any intermediate software device, therefore a 5-tuple match may
consistently miss at the device level. In such cases the device
should still be able to perform TX offload (encryption) and should
fallback cleanly to software decryption (RX).”h]”(hŒ[The device can only recognize received packets based on the 5-tuple
of the socket. Current ”…””}”(hj8  hžhhŸNh Nubhå)”}”(hŒ``ktls``”h]”hŒktls”…””}”(hj@  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähj8  ubhXç   implementation will not offload sockets
routed through software interfaces such as those used for tunneling
or virtual networking. However, many packet transformations performed
by the networking stack (most notably any BPF logic) do not require
any intermediate software device, therefore a 5-tuple match may
consistently miss at the device level. In such cases the device
should still be able to perform TX offload (encryption) and should
fallback cleanly to software decryption (RX).”…””}”(hj8  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MÝhj'  hžhubeh}”(h]”(Œtuple-matching-limitations”j&  eh ]”h"]”(Œ5-tuple matching limitations”Œ5tuple_problems”eh$]”h&]”uh1h´hj  hžhhŸh³h MÛŒexpect_referenced_by_name”}”j^  j  sŒexpect_referenced_by_id”}”j&  j  subhµ)”}”(hhh]”(hº)”}”(hŒOut of order”h]”hŒOut of order”…””}”(hjh  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hje  hžhhŸh³h MèubhÛ)”}”(hŒ½Introducing extra processing in NICs should not cause packets to be
transmitted or received out of order, for example pure ACK packets
should not be reordered with respect to data segments.”h]”hŒ½Introducing extra processing in NICs should not cause packets to be
transmitted or received out of order, for example pure ACK packets
should not be reordered with respect to data segments.”…””}”(hjv  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mêhje  hžhubeh}”(h]”Œout-of-order”ah ]”h"]”Œout of order”ah$]”h&]”uh1h´hj  hžhhŸh³h Mèubhµ)”}”(hhh]”(hº)”}”(hŒIngress reorder”h]”hŒIngress reorder”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjŒ  hžhhŸh³h MïubhÛ)”}”(hŒ¯A device is permitted to perform packet reordering for consecutive
TCP segments (i.e. placing packets in the correct order) but any form
of additional buffering is disallowed.”h]”hŒ¯A device is permitted to perform packet reordering for consecutive
TCP segments (i.e. placing packets in the correct order) but any form
of additional buffering is disallowed.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MñhjŒ  hžhubeh}”(h]”Œingress-reorder”ah ]”h"]”Œingress reorder”ah$]”h&]”uh1h´hj  hžhhŸh³h Mïubhµ)”}”(hhh]”(hº)”}”(hŒ5Coexistence with standard networking offload features”h]”hŒ5Coexistence with standard networking offload features”…””}”(hj¶  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj³  hžhhŸh³h MöubhÛ)”}”(hŒ°Offloaded ``ktls`` sockets should support standard TCP stack features
transparently. Enabling device TLS offload should not cause any difference
in packets as seen on the wire.”h]”(hŒ
Offloaded ”…””}”(hjÄ  hžhhŸNh Nubhå)”}”(hŒ``ktls``”h]”hŒktls”…””}”(hjÌ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjÄ  ubhŒž sockets should support standard TCP stack features
transparently. Enabling device TLS offload should not cause any difference
in packets as seen on the wire.”…””}”(hjÄ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Møhj³  hžhubeh}”(h]”Œ5coexistence-with-standard-networking-offload-features”ah ]”h"]”Œ5coexistence with standard networking offload features”ah$]”h&]”uh1h´hj  hžhhŸh³h Möubhµ)”}”(hhh]”(hº)”}”(hŒTransport layer transparency”h]”hŒTransport layer transparency”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjì  hžhhŸh³h MýubhÛ)”}”(hŒ\For the purpose of simplifying TLS offload, the device should not modify any
packet headers.”h]”hŒ\For the purpose of simplifying TLS offload, the device should not modify any
packet headers.”…””}”(hjý  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mÿhjì  hžhubhÛ)”}”(hŒeThe device should not depend on any packet headers beyond what is strictly
necessary for TLS offload.”h]”hŒeThe device should not depend on any packet headers beyond what is strictly
necessary for TLS offload.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhjì  hžhubeh}”(h]”Œtransport-layer-transparency”ah ]”h"]”Œtransport layer transparency”ah$]”h&]”uh1h´hj  hžhhŸh³h Mýubhµ)”}”(hhh]”(hº)”}”(hŒSegment drops”h]”hŒSegment drops”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj!  hžhhŸh³h MubhÛ)”}”(hX  Dropping packets is acceptable only in the event of catastrophic
system errors and should never be used as an error handling mechanism
in cases arising from normal operation. In other words, reliance
on TCP retransmissions to handle corner cases is not acceptable.”h]”hX  Dropping packets is acceptable only in the event of catastrophic
system errors and should never be used as an error handling mechanism
in cases arising from normal operation. In other words, reliance
on TCP retransmissions to handle corner cases is not acceptable.”…””}”(hj2  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h Mhj!  hžhubeh}”(h]”Œsegment-drops”ah ]”h"]”Œsegment drops”ah$]”h&]”uh1h´hj  hžhhŸh³h Mubhµ)”}”(hhh]”(hº)”}”(hŒTLS device features”h]”hŒTLS device features”…””}”(hjK  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjH  hžhhŸh³h MubhÛ)”}”(hX  Drivers should ignore the changes to the TLS device feature flags.
These flags will be acted upon accordingly by the core ``ktls`` code.
TLS device feature flags only control adding of new TLS connection
offloads, old connections will remain active after flags are cleared.”h]”(hŒzDrivers should ignore the changes to the TLS device feature flags.
These flags will be acted upon accordingly by the core ”…””}”(hjY  hžhhŸNh Nubhå)”}”(hŒ``ktls``”h]”hŒktls”…””}”(hja  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hähjY  ubhŒ code.
TLS device feature flags only control adding of new TLS connection
offloads, old connections will remain active after flags are cleared.”…””}”(hjY  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MhjH  hžhubhÛ)”}”(hXø  TLS encryption cannot be offloaded to devices without checksum calculation
offload. Hence, TLS TX device feature flag requires TX csum offload being set.
Disabling the latter implies clearing the former. Disabling TX checksum offload
should not affect old connections, and drivers should make sure checksum
calculation does not break for them.
Similarly, device-offloaded TLS decryption implies doing RXCSUM. If the user
does not want to enable RX csum offload, TLS RX device feature is disabled
as well.”h]”hXø  TLS encryption cannot be offloaded to devices without checksum calculation
offload. Hence, TLS TX device feature flag requires TX csum offload being set.
Disabling the latter implies clearing the former. Disabling TX checksum offload
should not affect old connections, and drivers should make sure checksum
calculation does not break for them.
Similarly, device-offloaded TLS decryption implies doing RXCSUM. If the user
does not want to enable RX csum offload, TLS RX device feature is disabled
as well.”…””}”(hjy  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhŸh³h MhjH  hžhubeh}”(h]”Œtls-device-features”ah ]”h"]”Œtls device features”ah$]”h&]”uh1h´hj  hžhhŸh³h Mubeh}”(h]”Œ;notable-corner-cases-exceptions-and-additional-requirements”ah ]”h"]”Œ<notable corner cases, exceptions and additional requirements”ah$]”h&]”uh1h´hh¶hžhhŸh³h MÖubeh}”(h]”Œkernel-tls-offload”ah ]”h"]”Œkernel tls offload”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jÂ  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”j&  ]”j  asŒnameids”}”(jœ  j™  jP  jM  Œtx”NŒrx”Nj‘  jŽ  jq  jn  j 
  jý	  jò  jï  j…  j‚  j»	  j¸	  jð	  jí	  j  j  j  j  jÞ  jÛ  j  j  j  j  j”  j‘  j^  j&  j]  jZ  j‰  j†  j°  j­  jé  jæ  j  j  jE  jB  jŒ  j‰  uŒ	nametypes”}”(jœ  ‰jP  ‰j  ‰j  ‰j‘  ‰jq  ‰j 
  ‰jò  ‰j…  ‰j»	  ‰jð	  ‰j  ‰j  ‰jÞ  ‰j  ‰j  ‰j”  ‰j^  ˆj]  ‰j‰  ‰j°  ‰jé  ‰j  ‰jE  ‰jŒ  ‰uh}”(j™  h¶jM  hÉj—  jD  jE  jž  jŽ  jS  ja  j   j‡  jf  jn  j”  jë  j˜  jf  jñ  jý	  jt  jŠ  j¡  jï  jÀ  j‚  jõ  jõ	  j  j¸	  j[	  jí	  j¾	  j  j
  j‰
  j
  jý
  j
  j  j  jÛ  j¨  j  já  j  j  j‘  j  j&  j'  jZ  j'  j†  je  j­  jŒ  jæ  j³  j  jì  jB  j!  j‰  jH  j4  j  jÔ  j²  jA	  j	  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”jÐ  Ks…”R”Œparse_messages”]”(hŒsystem_message”“”)”}”(hhh]”hÛ)”}”(hŒ%Duplicate implicit target name: "tx".”h]”hŒ)Duplicate implicit target name: â€œtxâ€.”…””}”(hj,  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhj)  ubah}”(h]”h ]”h"]”h$]”h&]”ja  aŒlevel”KŒtype”ŒINFO”Œsource”h³Œline”Kluh1j'  hj   hžhhŸh³h Klubj(  )”}”(hhh]”hÛ)”}”(hŒ%Duplicate implicit target name: "rx".”h]”hŒ)Duplicate implicit target name: â€œrxâ€.”…””}”(hjH  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhjE  ubah}”(h]”h ]”h"]”h$]”h&]”j‡  aŒlevel”KŒtype”jB  Œsource”h³Œline”Kyuh1j'  hjf  hžhhŸh³h Kyubj(  )”}”(hhh]”hÛ)”}”(hŒ%Duplicate implicit target name: "tx".”h]”hŒ)Duplicate implicit target name: â€œtxâ€.”…””}”(hjc  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhj`  ubah}”(h]”h ]”h"]”h$]”h&]”jë  aŒlevel”KŒtype”jB  Œsource”h³Œline”K›uh1j'  hj˜  hžhhŸh³h K›ubj(  )”}”(hhh]”hÛ)”}”(hŒ%Duplicate implicit target name: "rx".”h]”hŒ)Duplicate implicit target name: â€œrxâ€.”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhj{  ubah}”(h]”h ]”h"]”h$]”h&]”jf  aŒlevel”KŒtype”jB  Œsource”h³Œline”K¬uh1j'  hjñ  hžhhŸh³h K¬ubj(  )”}”(hhh]”hÛ)”}”(hŒ%Duplicate implicit target name: "tx".”h]”hŒ)Duplicate implicit target name: â€œtxâ€.”…””}”(hj™  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhj–  ubah}”(h]”h ]”h"]”h$]”h&]”jŠ  aŒlevel”KŒtype”jB  Œsource”h³Œline”KÎuh1j'  hj¡  hžhhŸh³h KÎubj(  )”}”(hhh]”hÛ)”}”(hŒ%Duplicate implicit target name: "rx".”h]”hŒ)Duplicate implicit target name: â€œrxâ€.”…””}”(hj´  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhj±  ubah}”(h]”h ]”h"]”h$]”h&]”jõ	  aŒlevel”KŒtype”jB  Œsource”h³Œline”Muh1j'  hj  hžhhŸh³h Mubj(  )”}”(hhh]”hÛ)”}”(hŒ%Duplicate implicit target name: "tx".”h]”hŒ)Duplicate implicit target name: â€œtxâ€.”…””}”(hjÏ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhjÌ  ubah}”(h]”h ]”h"]”h$]”h&]”j‰
  aŒlevel”KŒtype”jB  Œsource”h³Œline”Mfuh1j'  hj
  hžhhŸh³h Mfubj(  )”}”(hhh]”hÛ)”}”(hŒ%Duplicate implicit target name: "rx".”h]”hŒ)Duplicate implicit target name: â€œrxâ€.”…””}”(hjê  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhjç  ubah}”(h]”h ]”h"]”h$]”h&]”jý
  aŒlevel”KŒtype”jB  Œsource”h³Œline”Mvuh1j'  hj
  hžhhŸh³h MvubeŒtransform_messages”]”j(  )”}”(hhh]”hÛ)”}”(hhh]”hŒ4Hyperlink target "tuple-problems" is not referenced.”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”uh1hÚhj  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”jB  Œsource”h³Œline”MØuh1j'  ubaŒtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.