• Home
  • Raw
  • Download

Lines Matching +full:layer +full:- +full:buffer +full:- +full:offset

10 Transport Layer Security (TLS) is a Upper Layer Protocol (ULP) that runs over
11 TCP. TLS provides end-to-end data integrity and confidentiality.
17 -------------------------
21 .. code-block:: c
29 data-path to the kernel. There is a separate socket option for moving
32 .. code-block:: c
65 ----------------------------
71 .. code-block:: c
76 send() data is directly encrypted from the userspace buffer provided
77 to the encrypted kernel send buffer if possible.
82 .. code-block:: c
86   sendfile(sock, file, &offset, stat.st_size);
92 The kernel will need to allocate a buffer for the encrypted data.
93 This buffer is allocated at the time send() is called, such that
94 either the entire send() call will return -ENOMEM (or block waiting
96 -ENOMEM and some data was left on the socket buffer from a previous
97 call using MSG_MORE, the MSG_MORE data is left on the socket buffer.
100 ------------------------------
106 .. code-block:: c
108   char buffer[16384];
109   recv(sock, buffer, 16384);
111 Received data is decrypted directly in to the user buffer if it is
113 buffer is too small, data is decrypted in the kernel and copied to
124 -------------------------
132 .. code-block:: c
147         cmsg->cmsg_level = SOL_TLS;
148         cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
149         cmsg->cmsg_len = CMSG_LEN(cmsg_len);
151         msg.msg_controllen = cmsg->cmsg_len;
165 ------------------------------
167 TLS control messages are passed in the userspace buffer, with message
168 type passed via cmsg.  If no cmsg buffer is provided, an error is
170 received without a cmsg buffer set.
172 .. code-block:: c
174   char buffer[16384];
181   msg_iov.iov_base = buffer;
190   if (cmsg->cmsg_level == SOL_TLS &&
191       cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
194       // buffer.
198       // Buffer contains application data.
204 ---------------------------------------
207 layer of a userspace TLS library.
209 A patchset to OpenSSL to use ktls as the record layer is
212 `An example <https://github.com/ktls/af_ktls-tool/commits/RX>`_
214 Since it doesn't implement a full record layer, control
220 TLS implementation exposes the following per-namespace statistics
223 - ``TlsCurrTxSw``, ``TlsCurrRxSw`` -
227 - ``TlsCurrTxDevice``, ``TlsCurrRxDevice`` -
231 - ``TlsTxSw``, ``TlsRxSw`` -
234 - ``TlsTxDevice``, ``TlsRxDevice`` -
237 - ``TlsDecryptError`` -
240 - ``TlsDeviceRxResync`` -