On 1/4/22 11:49 PM, Gaurav Jain wrote:
Hello Boris/John I am from NXP and currently working on enabling KTLS on NXP platforms via openssl. I see that you enabled KTLS support in openssl 3.0(https://www.openssl.org/news/changelog.html#openssl-30). when I configure openssl 3.0 or 3.1.0 with enable-ktls and and try to run the s_server, s_client application. I observe that connection is successfully established - but it didn't use KTLS. Then I added additional log in kernel(file net/tls/tls_main.c) and see that kernel is returning error -ENOTCONN when (sk->sk_state != TCP_ESTABLISHED) in function static int tls_init(struct sock *sk)
To be clear, I have worked on KTLS support for FreeBSD, not for Linux. However, I think the error you are seeing is a red herring. I think you are seeing the setsockopt() call from ktls_enable() fail because it is invoked on the listen socket since ktls_enable() is called when sockets are created by libssl. For KTLS to work on the server side on Linux what you need to find out is when ktls_enable() is invoked on the socket returned by accept() and why that is failing. -- John Baldwin