€•ù©      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ"/translations/zh_CN/networking/tls”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/zh_TW/networking/tls”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/it_IT/networking/tls”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/ja_JP/networking/tls”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/ko_KR/networking/tls”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/sp_SP/networking/tls”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒtarget”“”)”}”(hŒ.. _kernel_tls:”h]”h}”(h]”h ]”h"]”h$]”h&]”Œrefid”Œ
kernel-tls”uh1h¡h KhhhžhhŸŒ</var/lib/git/docbuild/linux/Documentation/networking/tls.rst”ubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ
Kernel TLS”h]”hŒ
Kernel TLS”…””}”(hh·hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhh²hžhhŸh¯h Kubh±)”}”(hhh]”(h¶)”}”(hŒOverview”h]”hŒOverview”…””}”(hhÈhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhhÅhžhhŸh¯h KubhŒ	paragraph”“”)”}”(hŒŽTransport Layer Security (TLS) is a Upper Layer Protocol (ULP) that runs over
TCP. TLS provides end-to-end data integrity and confidentiality.”h]”hŒŽTransport Layer Security (TLS) is a Upper Layer Protocol (ULP) that runs over
TCP. TLS provides end-to-end data integrity and confidentiality.”…””}”(hhØhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h K
hhÅhžhubeh}”(h]”Œoverview”ah ]”h"]”Œoverview”ah$]”h&]”uh1h°hh²hžhhŸh¯h Kubh±)”}”(hhh]”(h¶)”}”(hŒUser interface”h]”hŒUser interface”…””}”(hhñhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhhîhžhhŸh¯h Kubh±)”}”(hhh]”(h¶)”}”(hŒCreating a TLS connection”h]”hŒCreating a TLS connection”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhhÿhžhhŸh¯h Kubh×)”}”(hŒUFirst create a new TCP socket and once the connection is established set the
TLS ULP.”h]”hŒUFirst create a new TCP socket and once the connection is established set the
TLS ULP.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h KhhÿhžhubhŒliteral_block”“”)”}”(hŒsock = socket(AF_INET, SOCK_STREAM, 0);
connect(sock, addr, addrlen);
setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));”h]”hŒsock = socket(AF_INET, SOCK_STREAM, 0);
connect(sock, addr, addrlen);
setsockopt(sock, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));”…””}”hj   sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”Œforce”‰Œlanguage”Œc”Œhighlight_args”}”uh1j  hŸh¯h Khhÿhžhubh×)”}”(hXH  Setting the TLS ULP allows us to set/get TLS socket options. Currently
only the symmetric encryption is handled in the kernel.  After the TLS
handshake is complete, we have all the parameters required to move the
data-path to the kernel. There is a separate socket option for moving
the transmit and the receive into the kernel.”h]”hXH  Setting the TLS ULP allows us to set/get TLS socket options. Currently
only the symmetric encryption is handled in the kernel.  After the TLS
handshake is complete, we have all the parameters required to move the
data-path to the kernel. There is a separate socket option for moving
the transmit and the receive into the kernel.”…””}”(hj5  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Khhÿhžhubj  )”}”(hXô  /* From linux/tls.h */
struct tls_crypto_info {
        unsigned short version;
        unsigned short cipher_type;
};

struct tls12_crypto_info_aes_gcm_128 {
        struct tls_crypto_info info;
        unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
        unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
        unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
        unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};


struct tls12_crypto_info_aes_gcm_128 crypto_info;

crypto_info.info.version = TLS_1_2_VERSION;
crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
memcpy(crypto_info.iv, iv_write, TLS_CIPHER_AES_GCM_128_IV_SIZE);
memcpy(crypto_info.rec_seq, seq_number_write,
                                      TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
memcpy(crypto_info.key, cipher_key_write, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memcpy(crypto_info.salt, implicit_iv_write, TLS_CIPHER_AES_GCM_128_SALT_SIZE);

setsockopt(sock, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info));”h]”hXô  /* From linux/tls.h */
struct tls_crypto_info {
        unsigned short version;
        unsigned short cipher_type;
};

struct tls12_crypto_info_aes_gcm_128 {
        struct tls_crypto_info info;
        unsigned char iv[TLS_CIPHER_AES_GCM_128_IV_SIZE];
        unsigned char key[TLS_CIPHER_AES_GCM_128_KEY_SIZE];
        unsigned char salt[TLS_CIPHER_AES_GCM_128_SALT_SIZE];
        unsigned char rec_seq[TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE];
};


struct tls12_crypto_info_aes_gcm_128 crypto_info;

crypto_info.info.version = TLS_1_2_VERSION;
crypto_info.info.cipher_type = TLS_CIPHER_AES_GCM_128;
memcpy(crypto_info.iv, iv_write, TLS_CIPHER_AES_GCM_128_IV_SIZE);
memcpy(crypto_info.rec_seq, seq_number_write,
                                      TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE);
memcpy(crypto_info.key, cipher_key_write, TLS_CIPHER_AES_GCM_128_KEY_SIZE);
memcpy(crypto_info.salt, implicit_iv_write, TLS_CIPHER_AES_GCM_128_SALT_SIZE);

setsockopt(sock, SOL_TLS, TLS_TX, &crypto_info, sizeof(crypto_info));”…””}”hjC  sbah}”(h]”h ]”h"]”h$]”h&]”j.  j/  j0  ‰j1  j2  j3  }”uh1j  hŸh¯h K"hhÿhžhubh×)”}”(hŒbTransmit and receive are set separately, but the setup is the same, using either
TLS_TX or TLS_RX.”h]”hŒbTransmit and receive are set separately, but the setup is the same, using either
TLS_TX or TLS_RX.”…””}”(hjR  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h K?hhÿhžhubeh}”(h]”Œcreating-a-tls-connection”ah ]”h"]”Œcreating a tls connection”ah$]”h&]”uh1h°hhîhžhhŸh¯h Kubh±)”}”(hhh]”(h¶)”}”(hŒSending TLS application data”h]”hŒSending TLS application data”…””}”(hjk  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhjh  hžhhŸh¯h KCubh×)”}”(hŒßAfter setting the TLS_TX socket option all application data sent over this
socket is encrypted using TLS and the parameters provided in the socket option.
For example, we can send an encrypted hello world record as follows:”h]”hŒßAfter setting the TLS_TX socket option all application data sent over this
socket is encrypted using TLS and the parameters provided in the socket option.
For example, we can send an encrypted hello world record as follows:”…””}”(hjy  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h KEhjh  hžhubj  )”}”(hŒ@const char *msg = "hello world\n";
send(sock, msg, strlen(msg));”h]”hŒ@const char *msg = "hello world\n";
send(sock, msg, strlen(msg));”…””}”hj‡  sbah}”(h]”h ]”h"]”h$]”h&]”j.  j/  j0  ‰j1  j2  j3  }”uh1j  hŸh¯h KIhjh  hžhubh×)”}”(hŒusend() data is directly encrypted from the userspace buffer provided
to the encrypted kernel send buffer if possible.”h]”hŒusend() data is directly encrypted from the userspace buffer provided
to the encrypted kernel send buffer if possible.”…””}”(hj–  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h KNhjh  hžhubh×)”}”(hŒ]The sendfile system call will send the file's data over TLS records of maximum
length (2^14).”h]”hŒ_The sendfile system call will send the fileâ€™s data over TLS records of maximum
length (2^14).”…””}”(hj¤  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h KQhjh  hžhubj  )”}”(hŒafile = open(filename, O_RDONLY);
fstat(file, &stat);
sendfile(sock, file, &offset, stat.st_size);”h]”hŒafile = open(filename, O_RDONLY);
fstat(file, &stat);
sendfile(sock, file, &offset, stat.st_size);”…””}”hj²  sbah}”(h]”h ]”h"]”h$]”h&]”j.  j/  j0  ‰j1  j2  j3  }”uh1j  hŸh¯h KThjh  hžhubh×)”}”(hŒÂTLS records are created and sent after each send() call, unless
MSG_MORE is passed.  MSG_MORE will delay creation of a record until
MSG_MORE is not passed, or the maximum record size is reached.”h]”hŒÂTLS records are created and sent after each send() call, unless
MSG_MORE is passed.  MSG_MORE will delay creation of a record until
MSG_MORE is not passed, or the maximum record size is reached.”…””}”(hjÁ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h KZhjh  hžhubh×)”}”(hX–  The kernel will need to allocate a buffer for the encrypted data.
This buffer is allocated at the time send() is called, such that
either the entire send() call will return -ENOMEM (or block waiting
for memory), or the encryption will always succeed.  If send() returns
-ENOMEM and some data was left on the socket buffer from a previous
call using MSG_MORE, the MSG_MORE data is left on the socket buffer.”h]”hX–  The kernel will need to allocate a buffer for the encrypted data.
This buffer is allocated at the time send() is called, such that
either the entire send() call will return -ENOMEM (or block waiting
for memory), or the encryption will always succeed.  If send() returns
-ENOMEM and some data was left on the socket buffer from a previous
call using MSG_MORE, the MSG_MORE data is left on the socket buffer.”…””}”(hjÏ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h K^hjh  hžhubeh}”(h]”Œsending-tls-application-data”ah ]”h"]”Œsending tls application data”ah$]”h&]”uh1h°hhîhžhhŸh¯h KCubh±)”}”(hhh]”(h¶)”}”(hŒReceiving TLS application data”h]”hŒReceiving TLS application data”…””}”(hjè  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhjå  hžhhŸh¯h Kfubh×)”}”(hŒ³After setting the TLS_RX socket option, all recv family socket calls
are decrypted using TLS parameters provided.  A full TLS record must
be received before decryption can happen.”h]”hŒ³After setting the TLS_RX socket option, all recv family socket calls
are decrypted using TLS parameters provided.  A full TLS record must
be received before decryption can happen.”…””}”(hjö  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Khhjå  hžhubj  )”}”(hŒ.char buffer[16384];
recv(sock, buffer, 16384);”h]”hŒ.char buffer[16384];
recv(sock, buffer, 16384);”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”j.  j/  j0  ‰j1  j2  j3  }”uh1j  hŸh¯h Klhjå  hžhubh×)”}”(hŒÕReceived data is decrypted directly in to the user buffer if it is
large enough, and no additional allocations occur.  If the userspace
buffer is too small, data is decrypted in the kernel and copied to
userspace.”h]”hŒÕReceived data is decrypted directly in to the user buffer if it is
large enough, and no additional allocations occur.  If the userspace
buffer is too small, data is decrypted in the kernel and copied to
userspace.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Kqhjå  hžhubh×)”}”(hŒr``EINVAL`` is returned if the TLS version in the received message does not
match the version passed in setsockopt.”h]”(hŒliteral”“”)”}”(hŒ
``EINVAL``”h]”hŒEINVAL”…””}”(hj'  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj!  ubhŒh is returned if the TLS version in the received message does not
match the version passed in setsockopt.”…””}”(hj!  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Kvhjå  hžhubh×)”}”(hŒ<``EMSGSIZE`` is returned if the received message is too big.”h]”(j&  )”}”(hŒ``EMSGSIZE``”h]”hŒEMSGSIZE”…””}”(hjC  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj?  ubhŒ0 is returned if the received message is too big.”…””}”(hj?  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Kyhjå  hžhubh×)”}”(hŒB``EBADMSG`` is returned if decryption failed for any other reason.”h]”(j&  )”}”(hŒ``EBADMSG``”h]”hŒEBADMSG”…””}”(hj_  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj[  ubhŒ7 is returned if decryption failed for any other reason.”…””}”(hj[  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h K{hjå  hžhubeh}”(h]”Œreceiving-tls-application-data”ah ]”h"]”Œreceiving tls application data”ah$]”h&]”uh1h°hhîhžhhŸh¯h Kfubh±)”}”(hhh]”(h¶)”}”(hŒSend TLS control messages”h]”hŒSend TLS control messages”…””}”(hj‚  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhj  hžhhŸh¯h K~ubh×)”}”(hXH  Other than application data, TLS has control messages such as alert
messages (record type 21) and handshake messages (record type 22), etc.
These messages can be sent over the socket by providing the TLS record type
via a CMSG. For example the following function sends @data of @length bytes
using a record of type @record_type.”h]”hXH  Other than application data, TLS has control messages such as alert
messages (record type 21) and handshake messages (record type 22), etc.
These messages can be sent over the socket by providing the TLS record type
via a CMSG. For example the following function sends @data of @length bytes
using a record of type @record_type.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h K€hj  hžhubj  )”}”(hX^  /* send TLS control message using record_type */
static int klts_send_ctrl_message(int sock, unsigned char record_type,
                                  void *data, size_t length)
{
      struct msghdr msg = {0};
      int cmsg_len = sizeof(record_type);
      struct cmsghdr *cmsg;
      char buf[CMSG_SPACE(cmsg_len)];
      struct iovec msg_iov;   /* Vector of data to send/receive into.  */

      msg.msg_control = buf;
      msg.msg_controllen = sizeof(buf);
      cmsg = CMSG_FIRSTHDR(&msg);
      cmsg->cmsg_level = SOL_TLS;
      cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
      cmsg->cmsg_len = CMSG_LEN(cmsg_len);
      *CMSG_DATA(cmsg) = record_type;
      msg.msg_controllen = cmsg->cmsg_len;

      msg_iov.iov_base = data;
      msg_iov.iov_len = length;
      msg.msg_iov = &msg_iov;
      msg.msg_iovlen = 1;

      return sendmsg(sock, &msg, 0);
}”h]”hX^  /* send TLS control message using record_type */
static int klts_send_ctrl_message(int sock, unsigned char record_type,
                                  void *data, size_t length)
{
      struct msghdr msg = {0};
      int cmsg_len = sizeof(record_type);
      struct cmsghdr *cmsg;
      char buf[CMSG_SPACE(cmsg_len)];
      struct iovec msg_iov;   /* Vector of data to send/receive into.  */

      msg.msg_control = buf;
      msg.msg_controllen = sizeof(buf);
      cmsg = CMSG_FIRSTHDR(&msg);
      cmsg->cmsg_level = SOL_TLS;
      cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
      cmsg->cmsg_len = CMSG_LEN(cmsg_len);
      *CMSG_DATA(cmsg) = record_type;
      msg.msg_controllen = cmsg->cmsg_len;

      msg_iov.iov_base = data;
      msg_iov.iov_len = length;
      msg.msg_iov = &msg_iov;
      msg.msg_iovlen = 1;

      return sendmsg(sock, &msg, 0);
}”…””}”hjž  sbah}”(h]”h ]”h"]”h$]”h&]”j.  j/  j0  ‰j1  j2  j3  }”uh1j  hŸh¯h K†hj  hžhubh×)”}”(hŒYControl message data should be provided unencrypted, and will be
encrypted by the kernel.”h]”hŒYControl message data should be provided unencrypted, and will be
encrypted by the kernel.”…””}”(hj­  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h K£hj  hžhubeh}”(h]”Œsend-tls-control-messages”ah ]”h"]”Œsend tls control messages”ah$]”h&]”uh1h°hhîhžhhŸh¯h K~ubh±)”}”(hhh]”(h¶)”}”(hŒReceiving TLS control messages”h]”hŒReceiving TLS control messages”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhjÃ  hžhhŸh¯h K§ubh×)”}”(hŒìTLS control messages are passed in the userspace buffer, with message
type passed via cmsg.  If no cmsg buffer is provided, an error is
returned if a control message is received.  Data messages may be
received without a cmsg buffer set.”h]”hŒìTLS control messages are passed in the userspace buffer, with message
type passed via cmsg.  If no cmsg buffer is provided, an error is
returned if a control message is received.  Data messages may be
received without a cmsg buffer set.”…””}”(hjÔ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h K©hjÃ  hžhubj  )”}”(hXÂ  char buffer[16384];
char cmsg[CMSG_SPACE(sizeof(unsigned char))];
struct msghdr msg = {0};
msg.msg_control = cmsg;
msg.msg_controllen = sizeof(cmsg);

struct iovec msg_iov;
msg_iov.iov_base = buffer;
msg_iov.iov_len = 16384;

msg.msg_iov = &msg_iov;
msg.msg_iovlen = 1;

int ret = recvmsg(sock, &msg, 0 /* flags */);

struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
if (cmsg->cmsg_level == SOL_TLS &&
    cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
    int record_type = *((unsigned char *)CMSG_DATA(cmsg));
    // Do something with record_type, and control message data in
    // buffer.
    //
    // Note that record_type may be == to application data (23).
} else {
    // Buffer contains application data.
}”h]”hXÂ  char buffer[16384];
char cmsg[CMSG_SPACE(sizeof(unsigned char))];
struct msghdr msg = {0};
msg.msg_control = cmsg;
msg.msg_controllen = sizeof(cmsg);

struct iovec msg_iov;
msg_iov.iov_base = buffer;
msg_iov.iov_len = 16384;

msg.msg_iov = &msg_iov;
msg.msg_iovlen = 1;

int ret = recvmsg(sock, &msg, 0 /* flags */);

struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
if (cmsg->cmsg_level == SOL_TLS &&
    cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
    int record_type = *((unsigned char *)CMSG_DATA(cmsg));
    // Do something with record_type, and control message data in
    // buffer.
    //
    // Note that record_type may be == to application data (23).
} else {
    // Buffer contains application data.
}”…””}”hjâ  sbah}”(h]”h ]”h"]”h$]”h&]”j.  j/  j0  ‰j1  j2  j3  }”uh1j  hŸh¯h K®hjÃ  hžhubh×)”}”(hŒ<recv will never return data from mixed types of TLS records.”h]”hŒ<recv will never return data from mixed types of TLS records.”…””}”(hjñ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h KËhjÃ  hžhubeh}”(h]”Œreceiving-tls-control-messages”ah ]”h"]”Œreceiving tls control messages”ah$]”h&]”uh1h°hhîhžhhŸh¯h K§ubh±)”}”(hhh]”(h¶)”}”(hŒTLS 1.3 Key Updates”h]”hŒTLS 1.3 Key Updates”…””}”(hj
  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhj  hžhhŸh¯h KÎubh×)”}”(hXG  In TLS 1.3, KeyUpdate handshake messages signal that the sender is
updating its TX key. Any message sent after a KeyUpdate will be
encrypted using the new key. The userspace library can pass the new
key to the kernel using the TLS_TX and TLS_RX socket options, as for
the initial keys. TLS version and cipher cannot be changed.”h]”hXG  In TLS 1.3, KeyUpdate handshake messages signal that the sender is
updating its TX key. Any message sent after a KeyUpdate will be
encrypted using the new key. The userspace library can pass the new
key to the kernel using the TLS_TX and TLS_RX socket options, as for
the initial keys. TLS version and cipher cannot be changed.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h KÐhj  hžhubh×)”}”(hXÌ  To prevent attempting to decrypt incoming records using the wrong key,
decryption will be paused when a KeyUpdate message is received by the
kernel, until the new key has been provided using the TLS_RX socket
option. Any read occurring after the KeyUpdate has been read and
before the new key is provided will fail with EKEYEXPIRED. poll() will
not report any read events from the socket until the new key is
provided. There is no pausing on the transmit side.”h]”hXÌ  To prevent attempting to decrypt incoming records using the wrong key,
decryption will be paused when a KeyUpdate message is received by the
kernel, until the new key has been provided using the TLS_RX socket
option. Any read occurring after the KeyUpdate has been read and
before the new key is provided will fail with EKEYEXPIRED. poll() will
not report any read events from the socket until the new key is
provided. There is no pausing on the transmit side.”…””}”(hj&  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h KÖhj  hžhubh×)”}”(hŒUserspace should make sure that the crypto_info provided has been set
properly. In particular, the kernel will not check for key/nonce
reuse.”h]”hŒUserspace should make sure that the crypto_info provided has been set
properly. In particular, the kernel will not check for key/nonce
reuse.”…””}”(hj4  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h KÞhj  hžhubh×)”}”(hŒüThe number of successful and failed key updates is tracked in the
``TlsTxRekeyOk``, ``TlsRxRekeyOk``, ``TlsTxRekeyError``,
``TlsRxRekeyError`` statistics. The ``TlsRxRekeyReceived`` statistic
counts KeyUpdate handshake messages that have been received.”h]”(hŒBThe number of successful and failed key updates is tracked in the
”…””}”(hjB  hžhhŸNh Nubj&  )”}”(hŒ``TlsTxRekeyOk``”h]”hŒTlsTxRekeyOk”…””}”(hjJ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjB  ubhŒ, ”…””}”(hjB  hžhhŸNh Nubj&  )”}”(hŒ``TlsRxRekeyOk``”h]”hŒTlsRxRekeyOk”…””}”(hj\  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjB  ubhŒ, ”…””}”hjB  sbj&  )”}”(hŒ``TlsTxRekeyError``”h]”hŒTlsTxRekeyError”…””}”(hjn  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjB  ubhŒ,
”…””}”(hjB  hžhhŸNh Nubj&  )”}”(hŒ``TlsRxRekeyError``”h]”hŒTlsRxRekeyError”…””}”(hj€  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjB  ubhŒ statistics. The ”…””}”(hjB  hžhhŸNh Nubj&  )”}”(hŒ``TlsRxRekeyReceived``”h]”hŒTlsRxRekeyReceived”…””}”(hj’  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjB  ubhŒG statistic
counts KeyUpdate handshake messages that have been received.”…””}”(hjB  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Kâhj  hžhubeh}”(h]”Œtls-1-3-key-updates”ah ]”h"]”Œtls 1.3 key updates”ah$]”h&]”uh1h°hhîhžhhŸh¯h KÎubh±)”}”(hhh]”(h¶)”}”(hŒ'Integrating in to userspace TLS library”h]”hŒ'Integrating in to userspace TLS library”…””}”(hjµ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhj²  hžhhŸh¯h Kèubh×)”}”(hŒeAt a high level, the kernel TLS ULP is a replacement for the record
layer of a userspace TLS library.”h]”hŒeAt a high level, the kernel TLS ULP is a replacement for the record
layer of a userspace TLS library.”…””}”(hjÃ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Kêhj²  hžhubh×)”}”(hŒwA patchset to OpenSSL to use ktls as the record layer is
`here <https://github.com/Mellanox/openssl/commits/tls_rx2>`_.”h]”(hŒ9A patchset to OpenSSL to use ktls as the record layer is
”…””}”(hjÑ  hžhhŸNh NubhŒ	reference”“”)”}”(hŒ=`here <https://github.com/Mellanox/openssl/commits/tls_rx2>`_”h]”hŒhere”…””}”(hjÛ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œhere”Œrefuri”Œ3https://github.com/Mellanox/openssl/commits/tls_rx2”uh1jÙ  hjÑ  ubh¢)”}”(hŒ6 <https://github.com/Mellanox/openssl/commits/tls_rx2>”h]”h}”(h]”Œhere”ah ]”h"]”Œhere”ah$]”h&]”Œrefuri”jì  uh1h¡Œ
referenced”KhjÑ  ubhŒ.”…””}”(hjÑ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Kíhj²  hžhubh×)”}”(hŒÌ`An example <https://github.com/ktls/af_ktls-tool/commits/RX>`_
of calling send directly after a handshake using gnutls.
Since it doesn't implement a full record layer, control
messages are not supported.”h]”(jÚ  )”}”(hŒ?`An example <https://github.com/ktls/af_ktls-tool/commits/RX>`_”h]”hŒ
An example”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œname”Œ
An example”jë  Œ/https://github.com/ktls/af_ktls-tool/commits/RX”uh1jÙ  hj  ubh¢)”}”(hŒ2 <https://github.com/ktls/af_ktls-tool/commits/RX>”h]”h}”(h]”Œ
an-example”ah ]”h"]”Œ
an example”ah$]”h&]”Œrefuri”j  uh1h¡jú  Khj  ubhŒ
of calling send directly after a handshake using gnutls.
Since it doesnâ€™t implement a full record layer, control
messages are not supported.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Kðhj²  hžhubeh}”(h]”Œ'integrating-in-to-userspace-tls-library”ah ]”h"]”Œ'integrating in to userspace tls library”ah$]”h&]”uh1h°hhîhžhhŸh¯h Kèubh±)”}”(hhh]”(h¶)”}”(hŒOptional optimizations”h]”hŒOptional optimizations”…””}”(hj<  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhj9  hžhhŸh¯h Köubh×)”}”(hXL  There are certain condition-specific optimizations the TLS ULP can make,
if requested. Those optimizations are either not universally beneficial
or may impact correctness, hence they require an opt-in.
All options are set per-socket using setsockopt(), and their
state can be checked using getsockopt() and via socket diag (``ss``).”h]”(hXD  There are certain condition-specific optimizations the TLS ULP can make,
if requested. Those optimizations are either not universally beneficial
or may impact correctness, hence they require an opt-in.
All options are set per-socket using setsockopt(), and their
state can be checked using getsockopt() and via socket diag (”…””}”(hjJ  hžhhŸNh Nubj&  )”}”(hŒ``ss``”h]”hŒss”…””}”(hjR  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjJ  ubhŒ).”…””}”(hjJ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Køhj9  hžhubh±)”}”(hhh]”(h¶)”}”(hŒTLS_TX_ZEROCOPY_RO”h]”hŒTLS_TX_ZEROCOPY_RO”…””}”(hjm  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhjj  hžhhŸh¯h Kÿubh×)”}”(hŒºFor device offload only. Allow sendfile() data to be transmitted directly
to the NIC without making an in-kernel copy. This allows true zero-copy
behavior when device offload is enabled.”h]”hŒºFor device offload only. Allow sendfile() data to be transmitted directly
to the NIC without making an in-kernel copy. This allows true zero-copy
behavior when device offload is enabled.”…””}”(hj{  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Mhjj  hžhubh×)”}”(hŒÔThe application must make sure that the data is not modified between being
submitted and transmission completing. In other words this is mostly
applicable if the data sent on a socket via sendfile() is read-only.”h]”hŒÔThe application must make sure that the data is not modified between being
submitted and transmission completing. In other words this is mostly
applicable if the data sent on a socket via sendfile() is read-only.”…””}”(hj‰  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Mhjj  hžhubh×)”}”(hŒÿModifying the data may result in different versions of the data being used
for the original TCP transmission and TCP retransmissions. To the receiver
this will look like TLS records had been tampered with and will result
in record authentication failures.”h]”hŒÿModifying the data may result in different versions of the data being used
for the original TCP transmission and TCP retransmissions. To the receiver
this will look like TLS records had been tampered with and will result
in record authentication failures.”…””}”(hj—  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M	hjj  hžhubeh}”(h]”Œtls-tx-zerocopy-ro”ah ]”h"]”Œtls_tx_zerocopy_ro”ah$]”h&]”uh1h°hj9  hžhhŸh¯h Kÿubh±)”}”(hhh]”(h¶)”}”(hŒTLS_RX_EXPECT_NO_PAD”h]”hŒTLS_RX_EXPECT_NO_PAD”…””}”(hj°  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhj­  hžhhŸh¯h Mubh×)”}”(hŒ‡TLS 1.3 only. Expect the sender to not pad records. This allows the data
to be decrypted directly into user space buffers with TLS 1.3.”h]”hŒ‡TLS 1.3 only. Expect the sender to not pad records. This allows the data
to be decrypted directly into user space buffers with TLS 1.3.”…””}”(hj¾  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Mhj­  hžhubh×)”}”(hŒŒThis optimization is safe to enable only if the remote end is trusted,
otherwise it is an attack vector to doubling the TLS processing cost.”h]”hŒŒThis optimization is safe to enable only if the remote end is trusted,
otherwise it is an attack vector to doubling the TLS processing cost.”…””}”(hjÌ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Mhj­  hžhubh×)”}”(hŒÍIf the record decrypted turns out to had been padded or is not a data
record it will be decrypted again into a kernel buffer without zero copy.
Such events are counted in the ``TlsDecryptRetry`` statistic.”h]”(hŒ¯If the record decrypted turns out to had been padded or is not a data
record it will be decrypted again into a kernel buffer without zero copy.
Such events are counted in the ”…””}”(hjÚ  hžhhŸNh Nubj&  )”}”(hŒ``TlsDecryptRetry``”h]”hŒTlsDecryptRetry”…””}”(hjâ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjÚ  ubhŒ statistic.”…””}”(hjÚ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Mhj­  hžhubeh}”(h]”Œtls-rx-expect-no-pad”ah ]”h"]”Œtls_rx_expect_no_pad”ah$]”h&]”uh1h°hj9  hžhhŸh¯h Mubh±)”}”(hhh]”(h¶)”}”(hŒTLS_TX_MAX_PAYLOAD_LEN”h]”hŒTLS_TX_MAX_PAYLOAD_LEN”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhj  hžhhŸh¯h Mubh×)”}”(hŒPSpecifies the maximum size of the plaintext payload for transmitted TLS records.”h]”hŒPSpecifies the maximum size of the plaintext payload for transmitted TLS records.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h Mhj  hžhubh×)”}”(hŒØWhen this option is set, the kernel enforces the specified limit on all outgoing
TLS records. No plaintext fragment will exceed this size. This option can be used
to implement the TLS Record Size Limit extension [1].”h]”hŒØWhen this option is set, the kernel enforces the specified limit on all outgoing
TLS records. No plaintext fragment will exceed this size. This option can be used
to implement the TLS Record Size Limit extension [1].”…””}”(hj!  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M hj  hžhubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒEFor TLS 1.2, the value corresponds directly to the record size limit.”h]”h×)”}”(hj8  h]”hŒEFor TLS 1.2, the value corresponds directly to the record size limit.”…””}”(hj:  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M$hj6  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj1  hžhhŸh¯h Nubj5  )”}”(hŒ“For TLS 1.3, the value should be set to record_size_limit - 1, since
the record size limit includes one additional byte for the ContentType
field.
”h]”h×)”}”(hŒ’For TLS 1.3, the value should be set to record_size_limit - 1, since
the record size limit includes one additional byte for the ContentType
field.”h]”hŒ’For TLS 1.3, the value should be set to record_size_limit - 1, since
the record size limit includes one additional byte for the ContentType
field.”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M%hjM  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hj1  hžhhŸh¯h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1j/  hŸh¯h M$hj  hžhubh×)”}”(hŒ½The valid range for this option is 64 to 16384 bytes for TLS 1.2, and 63 to
16384 bytes for TLS 1.3. The lower minimum for TLS 1.3 accounts for the
extra byte used by the ContentType field.”h]”hŒ½The valid range for this option is 64 to 16384 bytes for TLS 1.2, and 63 to
16384 bytes for TLS 1.3. The lower minimum for TLS 1.3 accounts for the
extra byte used by the ContentType field.”…””}”(hjm  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M)hj  hžhubh×)”}”(hŒ1[1] https://datatracker.ietf.org/doc/html/rfc8449”h]”(hŒ[1] ”…””}”(hj{  hžhhŸNh NubjÚ  )”}”(hŒ-https://datatracker.ietf.org/doc/html/rfc8449”h]”hŒ-https://datatracker.ietf.org/doc/html/rfc8449”…””}”(hjƒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j…  uh1jÙ  hj{  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M-hj  hžhubeh}”(h]”Œtls-tx-max-payload-len”ah ]”h"]”Œtls_tx_max_payload_len”ah$]”h&]”uh1h°hj9  hžhhŸh¯h Mubeh}”(h]”Œoptional-optimizations”ah ]”h"]”Œoptional optimizations”ah$]”h&]”uh1h°hhîhžhhŸh¯h Köubeh}”(h]”Œuser-interface”ah ]”h"]”Œuser interface”ah$]”h&]”uh1h°hh²hžhhŸh¯h Kubh±)”}”(hhh]”(h¶)”}”(hŒ
Statistics”h]”hŒ
Statistics”…””}”(hj³  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hµhj°  hžhhŸh¯h M0ubh×)”}”(hŒ[TLS implementation exposes the following per-namespace statistics
(``/proc/net/tls_stat``):”h]”(hŒCTLS implementation exposes the following per-namespace statistics
(”…””}”(hjÁ  hžhhŸNh Nubj&  )”}”(hŒ``/proc/net/tls_stat``”h]”hŒ/proc/net/tls_stat”…””}”(hjÉ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjÁ  ubhŒ):”…””}”(hjÁ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M2hj°  hžhubj0  )”}”(hhh]”(j5  )”}”(hŒt``TlsCurrTxSw``, ``TlsCurrRxSw`` -
number of TX and RX sessions currently installed where host handles
cryptography
”h]”h×)”}”(hŒs``TlsCurrTxSw``, ``TlsCurrRxSw`` -
number of TX and RX sessions currently installed where host handles
cryptography”h]”(j&  )”}”(hŒ``TlsCurrTxSw``”h]”hŒTlsCurrTxSw”…””}”(hjì  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjè  ubhŒ, ”…””}”(hjè  hžhhŸNh Nubj&  )”}”(hŒ``TlsCurrRxSw``”h]”hŒTlsCurrRxSw”…””}”(hjþ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjè  ubhŒS -
number of TX and RX sessions currently installed where host handles
cryptography”…””}”(hjè  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M5hjä  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒ{``TlsCurrTxDevice``, ``TlsCurrRxDevice`` -
number of TX and RX sessions currently installed where NIC handles
cryptography
”h]”h×)”}”(hŒz``TlsCurrTxDevice``, ``TlsCurrRxDevice`` -
number of TX and RX sessions currently installed where NIC handles
cryptography”h]”(j&  )”}”(hŒ``TlsCurrTxDevice``”h]”hŒTlsCurrTxDevice”…””}”(hj$  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj   ubhŒ, ”…””}”(hj   hžhhŸNh Nubj&  )”}”(hŒ``TlsCurrRxDevice``”h]”hŒTlsCurrRxDevice”…””}”(hj6  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj   ubhŒR -
number of TX and RX sessions currently installed where NIC handles
cryptography”…””}”(hj   hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M9hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒV``TlsTxSw``, ``TlsRxSw`` -
number of TX and RX sessions opened with host cryptography
”h]”h×)”}”(hŒU``TlsTxSw``, ``TlsRxSw`` -
number of TX and RX sessions opened with host cryptography”h]”(j&  )”}”(hŒ``TlsTxSw``”h]”hŒTlsTxSw”…””}”(hj\  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjX  ubhŒ, ”…””}”(hjX  hžhhŸNh Nubj&  )”}”(hŒ``TlsRxSw``”h]”hŒTlsRxSw”…””}”(hjn  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjX  ubhŒ= -
number of TX and RX sessions opened with host cryptography”…””}”(hjX  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M=hjT  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒ]``TlsTxDevice``, ``TlsRxDevice`` -
number of TX and RX sessions opened with NIC cryptography
”h]”h×)”}”(hŒ\``TlsTxDevice``, ``TlsRxDevice`` -
number of TX and RX sessions opened with NIC cryptography”h]”(j&  )”}”(hŒ``TlsTxDevice``”h]”hŒTlsTxDevice”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj  ubhŒ, ”…””}”(hj  hžhhŸNh Nubj&  )”}”(hŒ``TlsRxDevice``”h]”hŒTlsRxDevice”…””}”(hj¦  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj  ubhŒ< -
number of TX and RX sessions opened with NIC cryptography”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h M@hjŒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒZ``TlsDecryptError`` -
record decryption failed (e.g. due to incorrect authentication tag)
”h]”h×)”}”(hŒY``TlsDecryptError`` -
record decryption failed (e.g. due to incorrect authentication tag)”h]”(j&  )”}”(hŒ``TlsDecryptError``”h]”hŒTlsDecryptError”…””}”(hjÌ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjÈ  ubhŒF -
record decryption failed (e.g. due to incorrect authentication tag)”…””}”(hjÈ  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h MChjÄ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒP``TlsDeviceRxResync`` -
number of RX resyncs sent to NICs handling cryptography
”h]”h×)”}”(hŒO``TlsDeviceRxResync`` -
number of RX resyncs sent to NICs handling cryptography”h]”(j&  )”}”(hŒ``TlsDeviceRxResync``”h]”hŒTlsDeviceRxResync”…””}”(hjò  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjî  ubhŒ: -
number of RX resyncs sent to NICs handling cryptography”…””}”(hjî  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h MFhjê  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒ¹``TlsDecryptRetry`` -
number of RX records which had to be re-decrypted due to
``TLS_RX_EXPECT_NO_PAD`` mis-prediction. Note that this counter will
also increment for non-data records.
”h]”h×)”}”(hŒ¸``TlsDecryptRetry`` -
number of RX records which had to be re-decrypted due to
``TLS_RX_EXPECT_NO_PAD`` mis-prediction. Note that this counter will
also increment for non-data records.”h]”(j&  )”}”(hŒ``TlsDecryptRetry``”h]”hŒTlsDecryptRetry”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj  ubhŒ< -
number of RX records which had to be re-decrypted due to
”…””}”(hj  hžhhŸNh Nubj&  )”}”(hŒ``TLS_RX_EXPECT_NO_PAD``”h]”hŒTLS_RX_EXPECT_NO_PAD”…””}”(hj*  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj  ubhŒQ mis-prediction. Note that this counter will
also increment for non-data records.”…””}”(hj  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h MIhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒ``TlsRxNoPadViolation`` -
number of data RX records which had to be re-decrypted due to
``TLS_RX_EXPECT_NO_PAD`` mis-prediction.
”h]”h×)”}”(hŒ€``TlsRxNoPadViolation`` -
number of data RX records which had to be re-decrypted due to
``TLS_RX_EXPECT_NO_PAD`` mis-prediction.”h]”(j&  )”}”(hŒ``TlsRxNoPadViolation``”h]”hŒTlsRxNoPadViolation”…””}”(hjP  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjL  ubhŒA -
number of data RX records which had to be re-decrypted due to
”…””}”(hjL  hžhhŸNh Nubj&  )”}”(hŒ``TLS_RX_EXPECT_NO_PAD``”h]”hŒTLS_RX_EXPECT_NO_PAD”…””}”(hjb  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjL  ubhŒ mis-prediction.”…””}”(hjL  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h MNhjH  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒd``TlsTxRekeyOk``, ``TlsRxRekeyOk`` -
number of successful rekeys on existing sessions for TX and RX
”h]”h×)”}”(hŒc``TlsTxRekeyOk``, ``TlsRxRekeyOk`` -
number of successful rekeys on existing sessions for TX and RX”h]”(j&  )”}”(hŒ``TlsTxRekeyOk``”h]”hŒTlsTxRekeyOk”…””}”(hjˆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj„  ubhŒ, ”…””}”(hj„  hžhhŸNh Nubj&  )”}”(hŒ``TlsRxRekeyOk``”h]”hŒTlsRxRekeyOk”…””}”(hjš  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj„  ubhŒA -
number of successful rekeys on existing sessions for TX and RX”…””}”(hj„  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h MRhj€  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒf``TlsTxRekeyError``, ``TlsRxRekeyError`` -
number of failed rekeys on existing sessions for TX and RX
”h]”h×)”}”(hŒe``TlsTxRekeyError``, ``TlsRxRekeyError`` -
number of failed rekeys on existing sessions for TX and RX”h]”(j&  )”}”(hŒ``TlsTxRekeyError``”h]”hŒTlsTxRekeyError”…””}”(hjÀ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj¼  ubhŒ, ”…””}”(hj¼  hžhhŸNh Nubj&  )”}”(hŒ``TlsRxRekeyError``”h]”hŒTlsRxRekeyError”…””}”(hjÒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hj¼  ubhŒ= -
number of failed rekeys on existing sessions for TX and RX”…””}”(hj¼  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h MUhj¸  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubj5  )”}”(hŒu``TlsRxRekeyReceived`` -
number of received KeyUpdate handshake messages, requiring userspace
to provide a new RX key”h]”h×)”}”(hŒu``TlsRxRekeyReceived`` -
number of received KeyUpdate handshake messages, requiring userspace
to provide a new RX key”h]”(j&  )”}”(hŒ``TlsRxRekeyReceived``”h]”hŒTlsRxRekeyReceived”…””}”(hjø  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j%  hjô  ubhŒ_ -
number of received KeyUpdate handshake messages, requiring userspace
to provide a new RX key”…””}”(hjô  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÖhŸh¯h MXhjð  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4  hjá  hžhhŸh¯h Nubeh}”(h]”h ]”h"]”h$]”h&]”jk  Œ-”uh1j/  hŸh¯h M5hj°  hžhubeh}”(h]”Œ
statistics”ah ]”h"]”Œ
statistics”ah$]”h&]”uh1h°hh²hžhhŸh¯h M0ubeh}”(h]”(h®Œid1”eh ]”h"]”(Œ
kernel tls”Œ
kernel_tls”eh$]”h&]”uh1h°hhhžhhŸh¯h KŒexpect_referenced_by_name”}”j+  h£sŒexpect_referenced_by_id”}”h®h£subeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¯uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hµNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jU  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¯Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”h®]”h£asŒnameids”}”(j+  h®j*  j'  hëhèj­  jª  je  jb  jâ  jß  j|  jy  jÀ  j½  j  j  j¯  j¬  j6  j3  jö  jó  j#  j   j¥  j¢  jª  j§  jÿ  jü  j  jš  j"  j  uŒ	nametypes”}”(j+  ˆj*  ‰hë‰j­  ‰je  ‰jâ  ‰j|  ‰jÀ  ‰j  ‰j¯  ‰j6  ‰jö  ˆj#  ˆj¥  ‰jª  ‰jÿ  ‰j  ‰j"  ‰uh}”(h®h²j'  h²hèhÅjª  hîjb  hÿjß  jh  jy  jå  j½  j  j  jÃ  j¬  j  j3  j²  jó  jí  j   j  j¢  j9  j§  jj  jü  j­  jš  j  j  j°  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”jc  Ks…”R”Œparse_messages”]”Œtransform_messages”]”hŒsystem_message”“”)”}”(hhh]”h×)”}”(hhh]”hŒ0Hyperlink target "kernel-tls" is not referenced.”…””}”hj¿  sbah}”(h]”h ]”h"]”h$]”h&]”uh1hÖhj¼  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”ŒINFO”Œsource”h¯Œline”Kuh1jº  ubaŒtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.