tls-offload.rst - OpenGrok cross reference for /linux-6.14.4/Documentation/networking/tls-offload.rst

Lines Matching full:offload
4 Kernel TLS offload
10 Linux kernel provides TLS connection offload infrastructure. Once a TCP
24  * Packet-based NIC offload mode (``TLS_HW``) - the NIC handles crypto
28    (``ethtool`` flags ``tls-hw-tx-offload`` and ``tls-hw-rx-offload``).
29  * Full TCP NIC offload mode (``TLS_HW_RECORD``) - mode of operation where
36 offload opt-in or opt-out on per-connection basis is not currently supported.
48 for crypto offload based on the socket the packet is attached to,
63 .. kernel-figure::  tls-offload-layers.svg
64    :alt:	TLS offload layers
82 network device is offload-capable and attempts the offload. In case offload
84 as if the offload was never tried.
86 Offload request is performed via the :c:member:`tls_dev_add` callback of
114 TX offload being fully initialized does not imply that all segments passing
150 Record reassembly is not necessary for TLS offload. If the packets arrive
165 packets requiring HW offload, see the :ref:`5tuple_problems` section)
183 decapsulation. Device indicates successful handling of TLS offload in the
269 .. kernel-figure::  tls-offload-reorder-good.svg
294 .. kernel-figure::  tls-offload-reorder-bad.svg
361 device than the selected TLS offload device. The stack will handle
363 (TLS offload code installs :c:func:`tls_validate_xmit_skb` at this hook).
364 Offload maintains information about all records until the data is
368 Any device TLS offload handling error on the transmission side must result
376 If the device encounters any problems with TLS offload on the receive
392 A packet should also not be handled by the TLS offload if it contains
398 TLS offload can be characterized by the following basic metrics:
417 Offload performance may depend on segment and record size.
432  * ``rx_tls_ctx`` - number of TLS RX HW offload contexts added to device for
434  * ``rx_tls_del`` - number of TLS RX HW offload contexts deleted from device
454  * ``tx_tls_ctx`` - number of TLS TX HW offload contexts added to device for
459    a TLS stream and arrived out-of-order, but skipped the HW offload routine
467    software and data that expects hardware crypto offload.
478 of the socket. Current ``ktls`` implementation will not offload sockets
484 should still be able to perform TX offload (encryption) and should
501 Coexistence with standard networking offload features
505 transparently. Enabling device TLS offload should not cause any difference
511 For the purpose of simplifying TLS offload, the device should not modify any
515 necessary for TLS offload.
534 offload. Hence, TLS TX device feature flag requires TX csum offload being set.
535 Disabling the latter implies clearing the former. Disabling TX checksum offload
539 does not want to enable RX csum offload, TLS RX device feature is disabled