[PATCH RFC 4/5] net/tls: Add support for PF_TLSH (a TLS handshake listener)
Sagi Grimberg
sagi at grimberg.me
Tue Apr 26 07:29:03 PDT 2022
>>> Currently the prototype does not handle multiple listeners that
>>> overlap -- multiple listeners in the same net namespace that have
>>> overlapping bind addresses.
>>
>> Create the socket in user space, do all the handshakes you need there
>> and then pass it to the kernel. This is how NBD + TLS works. Scales
>> better and requires much less kernel code.
>>
> But we can't, as the existing mechanisms (at least for NVMe) creates the
> socket in-kernel.
> Having to create the socket in userspace would require a completely new
> interface for nvme and will not be backwards compatible.
And we will still need the upcall anyways when we reconnect
(re-establish the socket)
More information about the Linux-nvme
mailing list