Skip to content

issue: 4424775 Improve KTLS compliancy with kernel in setsockopt(TCP_ULP) #346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: vNext
Choose a base branch
from
Open

issue: 4424775 Improve KTLS compliancy with kernel in setsockopt(TCP_ULP) #346

wants to merge 2 commits into from

Conversation

pasis
Copy link
Member

@pasis pasis commented Apr 30, 2025

Description

Improve KTLS compliancy with kernel.
setsockopt(TCP_ULP) has different behavior than kernel if an application calls it multiple times by mistake.
Skip calling to kernel, because kernel will always fail this option for the shadow socket.

What

Improve KTLS compliancy with kernel.

Why ?

Improve KTLS compliancy with kernel.

Change type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Documentation content changes
  • Tests
  • Other

Check list

  • Code follows the style de facto guidelines of this project
  • Comments have been inserted in hard to understand places
  • Documentation has been updated (if necessary)
  • Test has been added (if possible)

pasis added 2 commits April 30, 2025 16:18
@pasis
issue: 4424775 Skip kernel setsockopt() for TCP_ULP
2d009dd 
Kernel supports TLS ULP only for a TCP socket in the ESTABLISHED state.
NVME ULP is a vendor-specific and is already skipped.

Since the shadow socket cannot be established for an offloaded socket,
we always expect TCP_ULP to fail in kernel. Therefore, don't call it.

Signed-off-by: Dmytro Podgornyi <[email protected]>
@pasis
issue: 4424775 Return EEXIST on duplicate setsockopt(TCP_ULP)
1efbe02 
Fail setsockopt() instead of resetting the TLS offload state.
This change improve robustness and makes the behavior be compliant
to kernel.

Signed-off-by: Dmytro Podgornyi <[email protected]>
@pasis pasis changed the title Tls robustness issue: 4424775 Improve KTLS compliancy with kernel in setsockopt(TCP_ULP) Apr 30, 2025
@pasis pasis requested a review from BasharRadya May 5, 2025 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BasharRadya BasharRadya Awaiting requested review from BasharRadya

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@pasis