Fridolín Pokorný

I think it would worth it to add check even for verifying implementation, e.g. running testing tool with all --verify-\* options https://github.com/fridex/af_ktls-tool/blob/9d84a12/client.c#L126 This will need git submodules reorganization.

Thanks a lot! This looks really interesting, I didn't know about it. BTW if you are interested: in-kernel TLS implementations could be found in Solaris [1] and I know that...

https://github.com/ktls/af_ktls/issues/87 is also relevant here. IMHO we should make possible to get DTLS window state to userspace, otherwise we are dealing with possible reply attacks here. In case of DTLS,...

A simpler version would drop records and aggressively advance when coming back to userspace: we could simply advance dtls window to the newest received , e.g. (see `include/linux/count_zeros.h` for `count_leading_zeros`):...

There seem to be linting issues - see reports in Travis CI - for example - https://travis-ci.org/selinon/selinon/jobs/461193958. Could you take a look at them? I would like to have some...

Also, I think the worker looks statefull with this change - see my comments above.

> There are no pylint errors from the files which i have modified have attached the screen short for reference. I set up Travis CI to make these things reproducible...

Oh, sorry. The link was incorrectly copied - https://travis-ci.org/selinon/selinon/pull_requests

You can try to run `make check` with pylint being installed. If there are still some issues, don't bother with them, I'll take a look.

Master should be fixed in https://github.com/selinon/selinon/pull/138. You can rebase to see if issues persist.