Hi! I recently wanted to take a look at the kernel TLS support that made it into 4.13-rc1, but ran into some issues.
After fixing the benchmark/test tool that the patch description linked to (https://github.com/Mellanox/tls-af_ktls_tool) to make sure that the server and client actually *agree* on AES-128-GCM, I simply ran the client program with the --verify-sendpage option. The handshake and setting up of the sockets appears to work but the program complains that the sent and received page contents do not match (sent is 0x12 repeated all over and received looks pretty random). I compiled the 4.13-rc1 tarball from kernel.org with defconfig/kvmconfig for x86_64 and ran it on qemu using a freshly debootstraped Debian sid rootfs. I previously also tried it on a physical machine (localmodconfig, also x86_64), running CentOS 7 and a custom build of recent gnutls and its dependencies, with the same results. Surely somebody must have tested this before it was merged? What am I missing? Am I using a broken version of the benchmark tool or am I holding it wrong? Thanks, David
