-
Notifications
You must be signed in to change notification settings - Fork 970
docs(linuxkm): document DTLS 1.3 configure flags #10377
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -57,6 +57,24 @@ $ sudo modprobe libwolfssl | |||||||||||||||||
| | `--enable-intelasm` | x86/amd64 crypto acceleration | | ||||||||||||||||||
| | `--enable-cryptonly` | Omit TLS/DTLS implementation (normally recommended) | | ||||||||||||||||||
|
|
||||||||||||||||||
| ### Enabling DTLS 1.3 in the kernel module | ||||||||||||||||||
|
|
||||||||||||||||||
| `--enable-linuxkm` does not implicitly enable TLS 1.3 or DTLS, so the DTLS 1.3 | ||||||||||||||||||
| configure check (`configure.ac:5634-5636`) requires all three flags to be | ||||||||||||||||||
| passed explicitly: | ||||||||||||||||||
|
|
||||||||||||||||||
| ```sh | ||||||||||||||||||
| ./configure --enable-linuxkm \ | ||||||||||||||||||
| --enable-tls13 --enable-dtls --enable-dtls13 \ | ||||||||||||||||||
| --with-linux-source=/lib/modules/$(uname -r)/build | ||||||||||||||||||
| make -j$(nproc) module | ||||||||||||||||||
|
Comment on lines
+67
to
+70
|
||||||||||||||||||
| ./configure --enable-linuxkm \ | |
| --enable-tls13 --enable-dtls --enable-dtls13 \ | |
| --with-linux-source=/lib/modules/$(uname -r)/build | |
| make -j$(nproc) module | |
| $ ./configure --enable-linuxkm \ | |
| --enable-tls13 --enable-dtls --enable-dtls13 \ | |
| --with-linux-source=/lib/modules/$(uname -r)/build | |
| $ make -j module |
Copilot
AI
May 1, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The module export mechanism here is EXPORT_SYMBOL_NS_GPL(..., WOLFSSL) (see linuxkm/Kbuild and module_exports.c.template), not plain EXPORT_SYMBOL_GPL. On kernels with symbol namespaces, in-kernel consumers may also need to import the namespace (e.g., MODULE_IMPORT_NS(WOLFSSL)). Consider updating this wording to avoid implying the symbols are exported without a namespace.
| (`wolfDTLSv1_3_client_method`, `wolfDTLSv1_3_server_method`, etc.) as GPL | |
| kernel symbols, available to other in-kernel consumers via | |
| `EXPORT_SYMBOL_GPL`. | |
| (`wolfDTLSv1_3_client_method`, `wolfDTLSv1_3_server_method`, etc.) as | |
| namespace-qualified GPL kernel symbols via | |
| `EXPORT_SYMBOL_NS_GPL(..., WOLFSSL)`. On kernels with symbol namespaces, | |
| other in-kernel consumers may also need to import the `WOLFSSL` namespace, | |
| for example with `MODULE_IMPORT_NS(WOLFSSL)`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The text says DTLS 1.3 "requires all three flags" to be passed explicitly and points to specific
configure.acline numbers. Inconfigure.ac,--enable-tls13defaults to enabled (unless overridden, e.g., some FIPS cases), so explicitly passing it is not generally required. Also, hard-codingconfigure.ac:5634-5636is brittle as line numbers change; consider referencing the actual configure error message or simply stating that--enable-dtls13requires both DTLS and TLS 1.3 to be enabled.