af_ktls
af_ktls copied to clipboard
ktls
Linux Kernel TLS/DTLS Module
See the manpages at http://man.cat-v.org/plan_9/2/pushtls (user-facing API) and http://man.cat-v.org/plan_9/3/tls (kernel driver)
Remove the socket callback reference in the skb_splice_bits() function to make af_ktls compatible with newer kernels (4.9 and later).
Return values should be disjoint from ones from calls to other parts of the kernel. This will give us ability to clarify what went wrong (e.g. there was an error...
OpenConnect protocol support is currently not finished. Instead of hardcoding every protocol or rule, AF_KTLS can be extended with [Linux Socket Filtering](https://www.kernel.org/doc/Documentation/networking/filter.txt) support. This needs inspection and suitability study.
`include/linux/socket.h` should cover AF_KTLS socket. For now, you have to choose unused protocol family in order to do `insmod`.
For KTLS only there is no need for async crypto API, since all encryption and decryption is called from userspace (the only time cryptd is used is if in bh...
More feedback from netdev1.2: Investigate using a single FD. Either a sockopt to switch between encrypted / unencrypted mode, or a special return code like we're using now, or maybe...
I think this was broken when decrypt moved in 29f38179df59926aebacffbd8fa93aad79e225a9. Decrypt should definitely happen on recv or send if possible to avoid copying user data if crypto framework can be...
The crypto API expects data to be contiguous in memory. This means that even though it supports a scatter/gather buffer interface, under the covers it does a copy to make...
The current implementation of DTLS sliding window handling behaves correctly only if there are no out of order DTLS records. If we receive a record that is not at the...