Hello! On Tue, Aug 04, 2020 at 04:46:00PM +0530, rohit maheshwari wrote:
> On 29/07/20 7:48 PM, Maxim Dounin wrote: > > Hello! > > > > On Wed, Jul 29, 2020 at 02:44:06PM +0530, Rohit Maheshwari wrote: > > > > > # HG changeset patch > > > # User Rohit Maheshwari <[email protected]> > > > # Date 1595354862 -19800 > > > # Tue Jul 21 23:37:42 2020 +0530 > > > # Node ID 32c7a0088f6d259163bb2820db0b44d36659b333 > > > # Parent 32a343635b50662979975e1204417bb1fc7e1b1f > > > Enable TCP offload support on tls connecitons > > > > > > Linux provides feasibility to enable TOE BYPASS iff setsockopt > > > of type TCP_ULP is called just after socket creation. After that > > > only, driver can register its TCP callbacks and move to TCP > > > listen. > > For TLS connections, setsockopt(TCP_ULP, "tls") is expected to be > > called by the SSL layer. You may want to elaborate more on why > > you are trying to call it on all connections instead. > > The main reason of calling it here is, to override stack's TCP > listen with TCP offloaded listen, and so that TOE supported > HW will get aware of the incoming TCP connection open > request, and establishes and maintains that connection. > I agree, it should have been called by SSL layer, but, since > the socket is opened here, in my understanding SSL layer > won't be aware of this server socket ever. Shouldn't it be enough for the HW that the socket of a particular connection is properly marked with setsockopt() by the SSL layer? Either way, if the intention is to only touch listening sockets with SSL enabled, the patch is clearly wrong: it touches all listening sockets, not just SSL ones, as well as DNS client sockets which aren't listening and never use SSL. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
