Tuesday, December 19, 2017 5:12 PM, Marcelo Ricardo Leitner wrote: > > I'm not quite sure what you mean by "no net_device's are registered" > > Presumably you mean there is no device that implements the > > NETIF_F_HW_TLS_TX capability yet. > > Not really. Let me try again. This patchset is using the expression > "tls_device". > When I read that, I expect a new interface type, like a tunnel, that would be > created on top of another interface that has the offloading capability. That's > why I'm confused. IMHO "tls_offload" is a better fit. Makes sense? >
We don't expose a new interface. An existing netdev does the offload. The xfrm layer also calls the offload layer xfrm_device and It also doesn't need to add another interface to offload ipsec to a netdev. I thought about calling it tls_hw or tls_hw_offload. The problem is that the important distinction here is that the offload is done by a netdev. tls_sw can also use hw offload if you have the required memory to memory crypto engine and crypto_alloc_aead("gcm(aes)", 0, 0); decides on using it.