ktls.4 - OpenGrok cross reference for /freebsd/share/man/man4/ktls.4

Deleted Added

sdiffudifftextold (b39a93b1..)new (7ffc9b15..)

ktls.4 (b39a93b18ef17dcb1897186b1f01999337b9f8b9)	ktls.4 (7ffc9b15ba9cd10d3bec232a3741f5fce0b93e7c)
1.\" Copyright (c) 2020, Chelsio Inc 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions are met: 6.\" 7.\" 1. Redistributions of source code must retain the above copyright notice, 8.\" this list of conditions and the following disclaimer. --- 17 unchanged lines hidden (view full) --- 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28.\" POSSIBILITY OF SUCH DAMAGE. 29.\" 30.\" * Other names and brands may be claimed as the property of others. 31.\" 32.\" $FreeBSD$ 33.\"	1.\" Copyright (c) 2020, Chelsio Inc 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions are met: 6.\" 7.\" 1. Redistributions of source code must retain the above copyright notice, 8.\" this list of conditions and the following disclaimer. --- 17 unchanged lines hidden (view full) --- 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28.\" POSSIBILITY OF SUCH DAMAGE. 29.\" 30.\" * Other names and brands may be claimed as the property of others. 31.\" 32.\" $FreeBSD$ 33.\"
34.Dd May 26, 2021	34.Dd December 14, 2021
35.Dt KTLS 4 36.Os 37.Sh NAME 38.Nm ktls 39.Nd kernel Transport Layer Security 40.Sh SYNOPSIS 41.Cd options KERN_TLS 42.Sh DESCRIPTION --- 29 unchanged lines hidden (view full) --- 72or a socket may only offload a single direction. 73The available modes are: 74.Bl -tag -width "Dv TCP_TLS_MODE_IFNET" 75.It Dv TCP_TLS_MODE_NONE 76.Nm 77is not enabled. 78.It Dv TCP_TLS_MODE_SW 79TLS records are encrypted or decrypted in the kernel in the socket	35.Dt KTLS 4 36.Os 37.Sh NAME 38.Nm ktls 39.Nd kernel Transport Layer Security 40.Sh SYNOPSIS 41.Cd options KERN_TLS 42.Sh DESCRIPTION --- 29 unchanged lines hidden (view full) --- 72or a socket may only offload a single direction. 73The available modes are: 74.Bl -tag -width "Dv TCP_TLS_MODE_IFNET" 75.It Dv TCP_TLS_MODE_NONE 76.Nm 77is not enabled. 78.It Dv TCP_TLS_MODE_SW 79TLS records are encrypted or decrypted in the kernel in the socket
80layer. 81Typically the encryption or decryption is performed in software, 82but it may also be performed by co-processors via	80layer via
83.Xr crypto 9 .	81.Xr crypto 9 .
	82Typically the encryption or decryption is performed in software, 83but it may also be performed by co-processors.
84.It Dv TCP_TLS_MODE_IFNET 85TLS records are encrypted or decrypted by the network interface card (NIC). 86In this mode, the network stack does not work with encrypted data. 87Instead, the NIC encrypts TLS records as they are being transmitted, 88or decrypts received TLS records before providing them to the host. 89.Pp 90Network interfaces which support this feature will advertise the 91.Dv TXTLS4 --- 107 unchanged lines hidden (view full) --- 199.It Va kern.ipc.tls.stats 200A tree of nodes containing various kernel TLS statistics. 201.El 202.Pp 203The 204.Va kern.ipc.mb_use_ext_pgs 205sysctl controls whether the kernel may use unmapped mbufs. 206They are required for TLS transmit.	84.It Dv TCP_TLS_MODE_IFNET 85TLS records are encrypted or decrypted by the network interface card (NIC). 86In this mode, the network stack does not work with encrypted data. 87Instead, the NIC encrypts TLS records as they are being transmitted, 88or decrypts received TLS records before providing them to the host. 89.Pp 90Network interfaces which support this feature will advertise the 91.Dv TXTLS4 --- 107 unchanged lines hidden (view full) --- 199.It Va kern.ipc.tls.stats 200A tree of nodes containing various kernel TLS statistics. 201.El 202.Pp 203The 204.Va kern.ipc.mb_use_ext_pgs 205sysctl controls whether the kernel may use unmapped mbufs. 206They are required for TLS transmit.
207.Ss Backends 208The base system includes a software backend for the 209.Dv TCP_TLS_MODE_SW 210mode which uses 211.Xr crypto 9 212to encrypt and decrypt TLS records. 213This backend can be enabled by loading the 214.Pa ktls_ocf.ko 215kernel module. 216.Pp	207.Ss Supported Hardware
217The 218.Xr cxgbe 4 219and 220.Xr mlx5en 4 221drivers include support for the 222.Dv TCP_TLS_MODE_IFNET 223mode. 224.Pp --- 42 unchanged lines hidden ---	208The 209.Xr cxgbe 4 210and 211.Xr mlx5en 4 212drivers include support for the 213.Dv TCP_TLS_MODE_IFNET 214mode. 215.Pp --- 42 unchanged lines hidden ---