Cover Letter Detail

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 813777,
    "url": "http://patchwork.ozlabs.org/api/covers/813777/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netdev/cover/1505385988-94522-1-git-send-email-ilyal@mellanox.com/",
    "project": {
        "id": 7,
        "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api",
        "name": "Linux network development",
        "link_name": "netdev",
        "list_id": "netdev.vger.kernel.org",
        "list_email": "netdev@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<1505385988-94522-1-git-send-email-ilyal@mellanox.com>",
    "list_archive_url": null,
    "date": "2017-09-14T10:46:23",
    "name": "[net-next,0/5] tls: Add generic NIC offload infrastructure",
    "submitter": {
        "id": 67931,
        "url": "http://patchwork.ozlabs.org/api/people/67931/?format=api",
        "name": "Ilya Lesokhin",
        "email": "ilyal@mellanox.com"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netdev/cover/1505385988-94522-1-git-send-email-ilyal@mellanox.com/mbox/",
    "series": [
        {
            "id": 3066,
            "url": "http://patchwork.ozlabs.org/api/series/3066/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=3066",
            "date": "2017-09-14T10:46:26",
            "name": "tls: Add generic NIC offload infrastructure",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/3066/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/covers/813777/comments/",
    "headers": {
        "Return-Path": "<netdev-owner@vger.kernel.org>",
        "X-Original-To": "patchwork-incoming@ozlabs.org",
        "Delivered-To": "patchwork-incoming@ozlabs.org",
        "Authentication-Results": "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)",
        "Received": [
            "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xtFbW2chmz9sP1\n\tfor <patchwork-incoming@ozlabs.org>;\n\tThu, 14 Sep 2017 20:47:19 +1000 (AEST)",
            "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751903AbdINKqg (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tThu, 14 Sep 2017 06:46:36 -0400",
            "from mail-il-dmz.mellanox.com ([193.47.165.129]:37204 \"EHLO\n\tmellanox.co.il\" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org\n\twith ESMTP id S1751602AbdINKqf (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Thu, 14 Sep 2017 06:46:35 -0400",
            "from Internal Mail-Server by MTLPINE1 (envelope-from\n\tilyal@mellanox.com)\n\twith ESMTPS (AES256-SHA encrypted); 14 Sep 2017 13:46:30 +0300",
            "from gen-l-vrt-094.mtl.labs.mlnx (gen-l-vrt-094.mtl.labs.mlnx\n\t[10.137.9.1])\n\tby labmailer.mlnx (8.13.8/8.13.8) with ESMTP id v8EAkUov020670;\n\tThu, 14 Sep 2017 13:46:30 +0300"
        ],
        "From": "Ilya Lesokhin <ilyal@mellanox.com>",
        "To": "netdev@vger.kernel.org, davem@davemloft.net",
        "Cc": "davejwatson@fb.com, tom@herbertland.com,\n\thannes@stressinduktion.org, borisp@mellanox.com,\n\tilyal@mellanox.com, aviadye@mellanox.com, liranl@mellanox.com",
        "Subject": "[PATCH net-next 0/5] tls: Add generic NIC offload infrastructure",
        "Date": "Thu, 14 Sep 2017 13:46:23 +0300",
        "Message-Id": "<1505385988-94522-1-git-send-email-ilyal@mellanox.com>",
        "X-Mailer": "git-send-email 1.8.3.1",
        "Sender": "netdev-owner@vger.kernel.org",
        "Precedence": "bulk",
        "List-ID": "<netdev.vger.kernel.org>",
        "X-Mailing-List": "netdev@vger.kernel.org"
    },
    "content": "This series add a generic infrastructure to offload TLS crypto to a\nnetwork devices. It enables the kernel TLS socket to skip encryption and\nauthentication operations on the transmit side of the data path. Leaving\nthose computationally expensive operations to the NIC.\n\nThe NIC offload infrastructure builds TLS records and pushes them to the\nTCP layer just like the SW KTLS implementation and using the same API.\nTCP segmentation is mostly unaffected. Currently the only exception is\nthat we prevent mixed SKBs where only part of the payload requires\noffload. In the future we are likely to add a similar restriction\nfollowing a change cipher spec record.\n\nThe notable differences between SW KTLS and NIC offloaded TLS\nimplementations are as follows:\n1. The offloaded implementation builds \"plaintext TLS record\", those\nrecords contain plaintext instead of ciphertext and place holder bytes\ninstead of authentication tags.\n2. The offloaded implementation maintains a mapping from TCP sequence\nnumber to TLS records. Thus given a TCP SKB sent from a NIC offloaded\n TLS socket, we can use the tls NIC offload infrastructure to obtain\nenough context to encrypt the payload of the SKB.\nA TLS record is released when the last byte of the record is ack'ed,\nthis is done through the new icsk_clean_acked callback.\n\nThe infrastructure should be extendable to support various NIC offload\nimplementations.  However it is currently written with the\nimplementation below in mind:\nThe NIC assumes that packets from each offloaded stream are sent as\nplaintext and in-order. It keeps track of the TLS records in the TCP\nstream. When a packet marked for offload is transmitted, the NIC\nencrypts the payload in-place and puts authentication tags in the\nrelevant place holders.\n\nThe responsibility for handling out-of-order packets (i.e. TCP\nretransmission, qdisc drops) falls on the netdev driver.\n\nThe netdev driver keeps track of the expected TCP SN from the NIC's\nperspective.  If the next packet to transmit matches the expected TCP\nSN, the driver advances the expected TCP SN, and transmits the packet\nwith TLS offload indication.\n\nIf the next packet to transmit does not match the expected TCP SN. The\ndriver calls the TLS layer to obtain the TLS record that includes the\nTCP of the packet for transmission. Using this TLS record, the driver\nposts a work entry on the transmit queue to reconstruct the NIC TLS\nstate required for the offload of the out-of-order packet. It updates\nthe expected TCP SN accordingly and transmit the now in-order packet.\nThe same queue is used for packet transmission and TLS context\nreconstruction to avoid the need for flushing the transmit queue before\nissuing the context reconstruction request.\n\nExpected TCP SN is accessed without a lock, under the assumption that\nTCP doesn't transmit SKBs from different TX queue concurrently.\n\nWe assume that packets are not rerouted to a different network device.\n\nGithub with mlx5e TLS offload support:\nhttps://github.com/Mellanox/tls-offload/tree/tls_device_v1\n\nPaper: https://www.netdevconf.org/1.2/papers/netdevconf-TLS.pdf\n\nIlya Lesokhin (5):\n  tls: Move release of tls_ctx into tls_sw_free_resources\n  tcp: Add clean acked data hook\n  net: Add TLS offload netdev ops\n  net: Add TLS TX offload features\n  tls: Add generic NIC offload infrastructure.\n\n include/linux/netdev_features.h    |   2 +\n include/linux/netdevice.h          |  21 ++\n include/net/inet_connection_sock.h |   2 +\n include/net/tls.h                  |  41 ++-\n net/core/ethtool.c                 |   1 +\n net/ipv4/tcp_input.c               |   3 +\n net/tls/Kconfig                    |   9 +\n net/tls/Makefile                   |   3 +\n net/tls/tls_device.c               | 673 +++++++++++++++++++++++++++++++++++++\n net/tls/tls_main.c                 |  68 ++--\n net/tls/tls_sw.c                   |   1 +\n 11 files changed, 803 insertions(+), 21 deletions(-)\n create mode 100644 net/tls/tls_device.c"
}