On Fri, 30 Oct 2020 23:32:22 +0530 Rohit Maheshwari wrote: > There could be a case where ACK for tls exchanges prior to start > marker is missed out, and by the time tls is offloaded. This pkt > should not be discarded and handled carefully. It could be > plaintext alone or plaintext + finish as well.
By plaintext + finish you mean the start of offload falls in the middle of a TCP skb? That should never happen. We force EOR when we turn on TLS, so you should never see a TCP skb that needs to be half-encrypted.
