Expand description
§ktls-core
Abstraction for implementing Linux kernel TLS (kTLS) offload in Rust.
§Overview
This crate provides a low-level interface for setting up kernel TLS (kTLS) regardless of your preferred TLS library.
§Implementation Guide
Setting up kTLS generally involves these steps:
- Creates a
TcpStream(or something else likeUnixStream). - Configures the TLS User Level Protocol (ULP) on the stream.
- Performs the TLS handshake using your preferred TLS library over the stream.
- Creates the
KtlsStreamusing the configured stream and crypto materials.
Then you can use the KtlsStream as a drop-in replacement of the original TcpStream.
§Kernel Compatibility
We perform daily CI tests against the following kernel versions:
| Version |
|---|
| mainline |
| stable |
| 6.6.x (LTS) |
| 6.1.x (LTS) |
| 5.15.x (LTS) |
| 5.10.x (LTS) |
| 5.4.x (LTS) |
(For LTS kernels, we test against the latest patch version)
For examples and tests details, please refer to the ktls-tests.
§License
Licensed under either of:
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT License (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Re-exports§
pub use self::context::Context;pub use self::error::Error;pub use self::setup::setup_tls_params;pub use self::setup::setup_ulp;pub use self::setup::TlsCryptoInfoRx;pub use self::setup::TlsCryptoInfoTx;pub use self::tls::ConnectionTrafficSecrets;pub use self::tls::ProtocolVersion;pub use self::tls::TlsSession;
Modules§
- context
- Kernel TLS connection context.
- error
- Error related types and implementations.
- ffi
- Safe syscall wrappers.
- probe
- Utilities for probing kernel TLS support.
- setup
- Transport Layer Security (TLS) is a Upper Layer Protocol (ULP) that runs over TCP. TLS provides end-to-end data integrity and confidentiality.
- shim
- Shim layer for different TLS libraries.
- tls
- Shim layer for TLS protocol implementations.
- utils
- Utilities