On 1/4/22 11:49 PM, Gaurav Jain wrote:
Hello Boris/John
I am from NXP and currently working on enabling KTLS on NXP platforms via
openssl.
I see that you enabled KTLS support in openssl
3.0(https://www.openssl.org/news/changelog.html#openssl-30).
when I configure openssl 3.0 or 3.1.0 with enable-ktls and and try to run the
s_server, s_client application.
I observe that connection is successfully established - but it didn't use KTLS.
Then I added additional log in kernel(file net/tls/tls_main.c) and see that
kernel is returning error -ENOTCONN
when (sk->sk_state != TCP_ESTABLISHED) in function static int tls_init(struct
sock *sk)
To be clear, I have worked on KTLS support for FreeBSD, not for Linux.
However, I think the error you are seeing is a red herring. I think you are
seeing the setsockopt() call from ktls_enable() fail because it is invoked
on the listen socket since ktls_enable() is called when sockets are created
by libssl.
For KTLS to work on the server side on Linux what you need to find out is when
ktls_enable() is invoked on the socket returned by accept() and why that is
failing.
--
John Baldwin