git: d958bc7963d4 - main - ktls: Try to enable TOE TLS after marking existing data not ready.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 01 Feb 2022 00:44:33 UTC
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=d958bc7963d415d6745abf3e6829f05dabf4c9ed
commit d958bc7963d415d6745abf3e6829f05dabf4c9ed
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-02-01 00:39:21 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-02-01 00:39:21 +0000
ktls: Try to enable TOE TLS after marking existing data not ready.
At the moment this is mostly a no-op but in the future there will be
in-flight encrypted data which requires software decryption. This
same setup is also needed for NIC TLS RX.
Note that this does break TOE TLS RX for AES-CBC ciphers since there
is no software fallback for AES-CBC receive. This will be resolved
one way or another before 14.0 is released.
Reviewed by: hselasky
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D34082
---
sys/kern/uipc_ktls.c | 18 ++++++++----------
1 file changed, 8 insertions(+), 10 deletions(-)
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index 620536f28b34..b3235e8a1e0c 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -1195,12 +1195,6 @@ ktls_enable_rx(struct socket *so, struct tls_enable *en)
return (error);
}
-#ifdef TCP_OFFLOAD
- error = ktls_try_toe(so, tls, KTLS_RX);
- if (error)
-#endif
- ktls_use_sw(tls);
-
/* Mark the socket as using TLS offload. */
SOCKBUF_LOCK(&so->so_rcv);
so->so_rcv.sb_tls_seqno = be64dec(en->rec_seq);
@@ -1208,12 +1202,16 @@ ktls_enable_rx(struct socket *so, struct tls_enable *en)
so->so_rcv.sb_flags |= SB_TLS_RX;
/* Mark existing data as not ready until it can be decrypted. */
- if (tls->mode != TCP_TLS_MODE_TOE) {
- sb_mark_notready(&so->so_rcv);
- ktls_check_rx(&so->so_rcv);
- }
+ sb_mark_notready(&so->so_rcv);
+ ktls_check_rx(&so->so_rcv);
SOCKBUF_UNLOCK(&so->so_rcv);
+#ifdef TCP_OFFLOAD
+ error = ktls_try_toe(so, tls, KTLS_RX);
+ if (error)
+#endif
+ ktls_use_sw(tls);
+
counter_u64_add(ktls_offload_total, 1);
return (0);