From: Tiago Gaspar <tiagogaspar8@gmail.com>
Date: Wed, 12 Apr 2023 12:53:33 +0000 (+0100)
Subject: kernel: net: add support for kernel tls
X-Git-Tag: v23.05.0-rc1~89
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=3f99b2b3f7e4567e331fce35c3d27b65c34ea651;p=openwrt%2Fstaging%2Fhauke.git

kernel: net: add support for kernel tls

Add ktls (Kernel TLS) kmods to enable TLS support
in kernel (allowing TLS offload when the network
card supports it)

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
(added disabled symbols)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
---

diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk
index 4653b82565..b739289809 100644
--- a/package/kernel/linux/modules/netsupport.mk
+++ b/package/kernel/linux/modules/netsupport.mk
@@ -46,6 +46,7 @@ define KernelPackage/bonding
   SUBMENU:=$(NETWORK_SUPPORT_MENU)
   TITLE:=Ethernet bonding driver
   KCONFIG:=CONFIG_BONDING
+  DEPENDS:=PACKAGE_kmod-tls:kmod-tls
   FILES:=$(LINUX_DIR)/drivers/net/bonding/bonding.ko
   AUTOLOAD:=$(call AutoLoad,40,bonding)
   MODPARAMS.bonding:=max_bonds=0
@@ -1042,6 +1043,24 @@ endef
 
 $(eval $(call KernelPackage,tcp-bbr))
 
+define KernelPackage/tls
+  SUBMENU:=$(NETWORK_SUPPORT_MENU)
+  TITLE:=In-kernel TLS Support with HW Offload
+  KCONFIG:=CONFIG_TLS \
+	CONFIG_TLS_DEVICE=y
+  FILES:=$(LINUX_DIR)/net/tls/tls.ko
+  AUTOLOAD:=$(call AutoProbe,tls)
+endef
+
+define KernelPackage/tls/description
+ Kernel module for in-kernel TLS protocol support and hw offload
+ (to supported interfaces).
+ This allows symmetric encryption handling of the TLS protocol to
+ be done in-kernel and it's HW offload when available.
+endef
+
+$(eval $(call KernelPackage,tls))
+
 
 define KernelPackage/tcp-hybla
   SUBMENU:=$(NETWORK_SUPPORT_MENU)
diff --git a/target/linux/generic/config-5.15 b/target/linux/generic/config-5.15
index 4c35281b54..f13af8ba26 100644
--- a/target/linux/generic/config-5.15
+++ b/target/linux/generic/config-5.15
@@ -6571,6 +6571,8 @@ CONFIG_TINY_RCU=y
 # CONFIG_TI_TSC2046 is not set
 # CONFIG_TLAN is not set
 # CONFIG_TLS is not set
+# CONFIG_TLS_DEVICE is not set
+# CONFIG_TLS_TOE is not set
 # CONFIG_TMD_HERMES is not set
 # CONFIG_TMP006 is not set
 # CONFIG_TMP007 is not set