Strona główna Odkrywaj Pomoc
Zarejestruj się Zaloguj się
OpenWrt
/
openwrt
kopia lustrzana https://github.com/openwrt/openwrt.git
2
0
Forkuj 0
Pliki Problemy 0 Wiki
Przeglądaj źródła

openssl: add kTLS support option

This commit add option to enable kTLS support, improving
performance by offloading TLS encryption and decryption to
kernel space.

- Reduced CPU usage by minimizing data copying between user space
  and kernel space.
- Enables the use of the sendfile() system call with encrypted
  sockets for zero-copy data transmission.
- Leverages hardware-accelerated NIC that support TLS offloading.

Signed-off-by: Tan Zien <[email protected]>
Link: https://github.com/openwrt/openwrt/pull/21306
Signed-off-by: Hauke Mehrtens <[email protected]>
Tan Zien 1 tydzień temu
rodzic
f49b452cc0
commit
34836dffb1
2 zmienionych plików z 14 dodań i 1 usunięć
Widok podzielony Pokaż statystyki zmian
  1. 8 0
      package/libs/openssl/Config.in
  2. 6 1
      package/libs/openssl/Makefile

+ 8 - 0
package/libs/openssl/Config.in
Wyświetl plik 

@@ -26,6 +26,14 @@ config OPENSSL_SMALL_FOOTPRINT
 
 		Chacha20-Poly1305 is 15% slower.  X86_64 drops 1% of its size
 
 		for 3% of performance.  Other arches have not been tested.
 
 
+config OPENSSL_KTLS
 
+	bool
 
+	prompt "Enable kTLS support"
 
+	select PACKAGE_kmod-tls
 
+	help
 
+		This will enable kTLS support, allowing data encryption
 
+		operations to be performed in kernel space.
 
+
 
 config OPENSSL_WITH_ASM
 
 	bool
 
 	default y

+ 6 - 1
package/libs/openssl/Makefile
Wyświetl plik 

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 
 PKG_NAME:=openssl
 
 PKG_VERSION:=3.5.4
 
-PKG_RELEASE:=1
 
+PKG_RELEASE:=2
 
 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
 
 
 PKG_BUILD_PARALLEL:=1
 
@@ -37,6 +37,7 @@ PKG_CONFIG_DEPENDS:= \
 
 	CONFIG_OPENSSL_OPTIMIZE_SPEED \
 
 	CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \
 
 	CONFIG_OPENSSL_SMALL_FOOTPRINT \
 
+	CONFIG_OPENSSL_KTLS \
 
 	CONFIG_OPENSSL_WITH_ARIA \
 
 	CONFIG_OPENSSL_WITH_ASM \
 
 	CONFIG_OPENSSL_WITH_ASYNC \
 
@@ -293,6 +294,10 @@ ifeq ($(CONFIG_OPENSSL_SMALL_FOOTPRINT),y)
 
   OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT
 
 endif
 
 
+ifdef CONFIG_OPENSSL_KTLS
 
+  OPENSSL_OPTIONS += enable-ktls
 
+endif
 
+
 
 ifdef CONFIG_OPENSSL_ENGINE
 
   ifdef CONFIG_OPENSSL_ENGINE_BUILTIN
 
     OPENSSL_OPTIONS += disable-dynamic-engine