-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ktls: configure socket and feature detect kTLS support #3808
Conversation
ea93bca
to
52c40b0
Compare
52c40b0
to
ea9f0ba
Compare
4d0dc65
to
5a3441c
Compare
0fcad1d
to
8614314
Compare
85a2fca
to
770da4f
Compare
tests/unit/s2n_ktls_test.c
Outdated
/* kTLS support was first added to AL2 starting in 5.10.130. */ | ||
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 130)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And our CI includes AL2 > 5.10.130? This check gets exercised? You've confirmed the CI fails if you check for S2N_PLATFORM_SUPPORTS_KTLS being set instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am checking this now to see if we are able to test ktls platform supported in our CI at the moment. We will need this eventually to deliver kTLS but it doent need to happen in this PR. Will report back
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
edit:
Looks like we are also running on Ubuntu 22 and are testing it there!
We should still try and detect AL2/update it so leaving the task in the issue.
To be clear here, its possible to check this but we dont currently since out AL2 image doesnt support kTLS. We dont because of the #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 130))
check.
Solution:
- detect and ignore AL2
- update AL2 image to >5.10.130
Adding a task to the tracking issue: #3711
a33f786
to
7e6e4ad
Compare
This reverts commit e87f1f3.
4ad768c
to
5bc503d
Compare
This PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Description of changes:
This PR adds the interface for enabling kTLS on the socket and connection. It does proper error handling (some errors are recoverable) when trying to enable kTLS.
In this PR we enable the TLS_ULP on the socket. In following PRs we will enable setting kTLS keys on the socket, and configuring the connection IO.
Callout
Created issue to track down why feature probe and s2n-tls build envs are different: #3813
Testing:
Its difficult to test this code until the kTLS feature is finished so there is no testing at this point.
Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.