On Tue, 2015-02-03 at 16:19 -0800, David Miller wrote: > From: David Woodhouse <dw...@infradead.org> > Date: Mon, 02 Feb 2015 07:27:10 +0000 > > > I'm guessing you don't want to push the *whole* management of the TLS > > control connection *and* the UDP transport, and probing the latter with > > keepalives, into the kernel? I certainly don't :) > > Whilst Herbert Xu and I have discussed in the past supporting > automatic SSL handling of socket data during socket writes in the > kernel, doing TLS stuff would be a bit of a stretch :-)
Right. For the DTLS I was thinking we'd do the handshake in userspace and then hand the UDP socket down. At that point it's basically the same as ESP with the bytes in a slightly different place. So I really am looking at an option for "here's a UDP socket to send those tun packets out on, with <this> encryption setup" as the sanest plan I can come up with. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
