summaryrefslogtreecommitdiffstats
path: root/Documentation/networking/tls-offload.rst
diff options
context:
space:
mode:
authorTariq Toukan <tariqt@nvidia.com>2020-12-13 15:39:29 +0100
committerJakub Kicinski <kuba@kernel.org>2020-12-15 04:31:36 +0100
commitae0b04b238e283cafd906cdc3489cf5dc9a825cf (patch)
tree2c4c8941f0f01d238f913ce8f4236bf151ccbd0e /Documentation/networking/tls-offload.rst
parenttcp: Add logic to check for SYN w/ data in tcp_simple_retransmit (diff)
downloadlinux-ae0b04b238e283cafd906cdc3489cf5dc9a825cf.tar.xz
linux-ae0b04b238e283cafd906cdc3489cf5dc9a825cf.zip
net: Disable NETIF_F_HW_TLS_TX when HW_CSUM is disabled
With NETIF_F_HW_TLS_TX packets are encrypted in HW. This cannot be logically done when HW_CSUM offload is off. Fixes: 2342a8512a1e ("net: Add TLS TX offload features") Signed-off-by: Tariq Toukan <tariqt@nvidia.com> Reviewed-by: Boris Pismenny <borisp@nvidia.com> Link: https://lore.kernel.org/r/20201213143929.26253-1-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'Documentation/networking/tls-offload.rst')
-rw-r--r--Documentation/networking/tls-offload.rst8
1 files changed, 7 insertions, 1 deletions
diff --git a/Documentation/networking/tls-offload.rst b/Documentation/networking/tls-offload.rst
index 37773da2bee5..0f55c6d540f9 100644
--- a/Documentation/networking/tls-offload.rst
+++ b/Documentation/networking/tls-offload.rst
@@ -524,7 +524,13 @@ on TCP retransmissions to handle corner cases is not acceptable.
TLS device features
-------------------
-Drivers should ignore the changes to TLS the device feature flags.
+Drivers should ignore the changes to the TLS device feature flags.
These flags will be acted upon accordingly by the core ``ktls`` code.
TLS device feature flags only control adding of new TLS connection
offloads, old connections will remain active after flags are cleared.
+
+TLS encryption cannot be offloaded to devices without checksum calculation
+offload. Hence, TLS TX device feature flag requires NETIF_F_HW_CSUM being set.
+Disabling the latter implies clearing the former. Disabling TX checksum offload
+should not affect old connections, and drivers should make sure checksum
+calculation does not break for them.