From Fedora Project Wiki
mNo edit summary
mNo edit summary
Line 52: Line 52:
The goal of this change is to provide GnuTLS users with a high throughput data transfer mechanism on encrypted channels, with emphasis on network block devices(NBD).
The goal of this change is to provide GnuTLS users with a high throughput data transfer mechanism on encrypted channels, with emphasis on network block devices(NBD).


We accomplish this with KTLS which offloads enc/decryption to the kernel (possibly to NIC), while GnuTLS handles initial connection(TLS handshake). This approach saves us from frequent context switching as well as data copies in userspace when using send_file() function.
We accomplish this with KTLS which offloads enc/decryption to the kernel, while GnuTLS handles initial connection(TLS handshake). This approach saves us from frequent context switching as well as data copies in userspace when using send_file() function.
 


== Feedback ==
== Feedback ==
Line 128: Line 129:
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->


To enable this feature, user has to load TLS kernel module (`modprobe tls`) and enable ktls by entering `ktls = true` in `[global]` section of GnuTLS configuration file [https://gnutls.org/manual/html_node/Enabling_002fDisabling-system_002facceleration-protocols.html#Enabling-KTLS see].


== User Experience ==
== User Experience ==

Revision as of 13:20, 22 July 2022

Comments and Explanations
The page source contains comments providing guidance to fill out each section. They are invisible when viewing this page. To read it, choose the "view source" link.
Copy the source to a new page before making changes! DO NOT EDIT THIS TEMPLATE FOR YOUR CHANGE PROPOSAL.
Guidance
For details on how to fill out this form, see the documentation.


KTLS implementation for GnuTLS

This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary

Acceleration of GnuTLS with software Kernel TLS(KTLS)

Owner


Current status

  • Targeted release: Fedora Linux 38
  • Last updated: 2022-07-22
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

The goal of this change is to provide GnuTLS users with a high throughput data transfer mechanism on encrypted channels, with emphasis on network block devices(NBD).

We accomplish this with KTLS which offloads enc/decryption to the kernel, while GnuTLS handles initial connection(TLS handshake). This approach saves us from frequent context switching as well as data copies in userspace when using send_file() function.


Feedback

Benefit to Fedora

Scope

  • Proposal owners:
  • Other developers:
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives:

Upgrade/compatibility impact

How To Test

To enable this feature, user has to load TLS kernel module (modprobe tls) and enable ktls by entering ktls = true in [global] section of GnuTLS configuration file see.

User Experience

Dependencies

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No


Documentation

N/A (not a System Wide Change)

Release Notes

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/KTLSSupportForGnuTLS&oldid=650402"