Skip to content
  • Daniel Borkmann's avatar
    tls: convert to generic sk_msg interface · d829e9c4
    Daniel Borkmann authored
    Convert kTLS over to make use of sk_msg interface for plaintext and
    encrypted scattergather data, so it reuses all the sk_msg helpers
    and data structure which later on in a second step enables to glue
    this to BPF.
    This also allows to remove quite a bit of open coded helpers which
    are covered by the sk_msg API. Recent changes in kTLs 80ece6a0
    ("tls: Remove redundant vars from tls record structure") and
     ("tls: Add support for inplace records encryption")
    changed the data path handling a bit; while we've kept the latter
    optimization intact, we had to undo the former change to better
    fit the sk_msg model, hence the sg_aead_in and sg_aead_out have
    been brought back and are linked into the sk_msg sgs. Now the kTLS
    record contains a msg_plaintext and msg_encrypted sk_msg each.
    In the original code, the zerocopy_from_iter() has been used out
    of TX but also RX path. For the strparser skb-based RX path,
    we've left the zerocopy_from_iter() in decrypt_internal() mostly
    untouched, meaning it has been moved into tls_setup_from_iter()
    with charging logic removed (as not used from RX). Given RX path
    is not based on sk_msg objects, we haven't pursued setting up a
    dummy sk_msg to call into sk_msg_zerocopy_from_iter(), but it
    could be an option to prusue in a later step.
    Joint work with John.
    Signed-off-by: default avatarDaniel Borkmann <>
    Signed-off-by: default avatarJohn Fastabend <>
    Signed-off-by: default avatarAlexei Starovoitov <>