@@ -51,7 +51,7 @@ and send them to the device for encryption and transmission.
5151RX
5252--
5353
54- On the receive side if the device handled decryption and authentication
54+ On the receive side, if the device handled decryption and authentication
5555successfully, the driver will set the decrypted bit in the associated
5656:c:type: `struct sk_buff <sk_buff> `. The packets reach the TCP stack and
5757are handled normally. ``ktls `` is informed when data is queued to the socket
@@ -120,8 +120,9 @@ before installing the connection state in the kernel.
120120RX
121121--
122122
123- In RX direction local networking stack has little control over the segmentation,
124- so the initial records' TCP sequence number may be anywhere inside the segment.
123+ In the RX direction, the local networking stack has little control over
124+ segmentation, so the initial records' TCP sequence number may be anywhere
125+ inside the segment.
125126
126127Normal operation
127128================
@@ -138,8 +139,8 @@ There are no guarantees on record length or record segmentation. In particular
138139segments may start at any point of a record and contain any number of records.
139140Assuming segments are received in order, the device should be able to perform
140141crypto operations and authentication regardless of segmentation. For this
141- to be possible device has to keep small amount of segment-to-segment state.
142- This includes at least:
142+ to be possible, the device has to keep a small amount of segment-to-segment
143+ state. This includes at least:
143144
144145 * partial headers (if a segment carried only a part of the TLS header)
145146 * partial data block
@@ -175,12 +176,12 @@ and packet transformation functions) the device validates the Layer 4
175176checksum and performs a 5-tuple lookup to find any TLS connection the packet
176177may belong to (technically a 4-tuple
177178lookup is sufficient - IP addresses and TCP port numbers, as the protocol
178- is always TCP). If connection is matched device confirms if the TCP sequence
179- number is the expected one and proceeds to TLS handling (record delineation,
180- decryption, authentication for each record in the packet). The device leaves
181- the record framing unmodified, the stack takes care of record decapsulation.
182- Device indicates successful handling of TLS offload in the per-packet context
183- (descriptor) passed to the host.
179+ is always TCP). If the packet is matched to a connection, the device confirms
180+ if the TCP sequence number is the expected one and proceeds to TLS handling
181+ (record delineation, decryption, authentication for each record in the packet).
182+ The device leaves the record framing unmodified, the stack takes care of record
183+ decapsulation. Device indicates successful handling of TLS offload in the
184+ per-packet context (descriptor) passed to the host.
184185
185186Upon reception of a TLS offloaded packet, the driver sets
186187the :c:member: `decrypted ` mark in :c:type: `struct sk_buff <sk_buff> `
@@ -439,7 +440,7 @@ by the driver:
439440 * ``rx_tls_resync_req_end `` - number of times the TLS async resync request
440441 properly ended with providing the HW tracked tcp-seq.
441442 * ``rx_tls_resync_req_skip `` - number of times the TLS async resync request
442- procedure was started by not properly ended.
443+ procedure was started but not properly ended.
443444 * ``rx_tls_resync_res_ok `` - number of times the TLS resync response call to
444445 the driver was successfully handled.
445446 * ``rx_tls_resync_res_skip `` - number of times the TLS resync response call to
@@ -507,8 +508,8 @@ in packets as seen on the wire.
507508Transport layer transparency
508509----------------------------
509510
510- The device should not modify any packet headers for the purpose
511- of the simplifying TLS offload .
511+ For the purpose of simplifying TLS offload, the device should not modify any
512+ packet headers .
512513
513514The device should not depend on any packet headers beyond what is strictly
514515necessary for TLS offload.
0 commit comments