git: d782385e9bc7 - main - tcp_ratelimit: Handle some edge cases with TLS + RL send tags.
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 01 Feb 2022 00:44:34 UTC
The branch main has been updated by jhb:
URL: https://cgit.FreeBSD.org/src/commit/?id=d782385e9bc7bf14ab0f6577bad7526cc51b6b64
commit d782385e9bc7bf14ab0f6577bad7526cc51b6b64
Author: John Baldwin <jhb@FreeBSD.org>
AuthorDate: 2022-02-01 00:40:04 +0000
Commit: John Baldwin <jhb@FreeBSD.org>
CommitDate: 2022-02-01 00:40:04 +0000
tcp_ratelimit: Handle some edge cases with TLS + RL send tags.
- After a connection has fallen back from NIC TLS to SW TLS, any
pacing rate changes should modify the inpcb send tag even though
SB_TLS_IFNET is set.
- If a connection tries to modify the pacing rate before the send
tag has been converted from plain TLS to TLS + RL, don't fail
the rate request set but let it fall through to setting the rate
on the non-TLS inpcb RL tag.
Reviewed by: gallatin, rrs, hselasky
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D34085
---
sys/netinet/tcp_ratelimit.c | 30 +++++++++++++++++++++---------
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/sys/netinet/tcp_ratelimit.c b/sys/netinet/tcp_ratelimit.c
index 2f36cea4faed..dc9a6b6650e1 100644
--- a/sys/netinet/tcp_ratelimit.c
+++ b/sys/netinet/tcp_ratelimit.c
@@ -1403,18 +1403,30 @@ tcp_chg_pacing_rate(const struct tcp_hwrate_limit_table *crte,
#ifdef KERN_TLS
if (tp->t_inpcb->inp_socket->so_snd.sb_flags & SB_TLS_IFNET) {
tls = tp->t_inpcb->inp_socket->so_snd.sb_tls_info;
- MPASS(tls->mode == TCP_TLS_MODE_IFNET);
- if (tls->snd_tag != NULL &&
+ if (tls->mode != TCP_TLS_MODE_IFNET)
+ tls = NULL;
+ else if (tls->snd_tag != NULL &&
tls->snd_tag->sw->type != IF_SND_TAG_TYPE_TLS_RATE_LIMIT) {
+ if (!tls->reset_pending) {
+ /*
+ * NIC probably doesn't support
+ * ratelimit TLS tags if it didn't
+ * allocate one when an existing rate
+ * was present, so ignore.
+ */
+ tcp_rel_pacing_rate(crte, tp);
+ if (error)
+ *error = EOPNOTSUPP;
+ return (NULL);
+ }
+
/*
- * NIC probably doesn't support ratelimit TLS
- * tags if it didn't allocate one when an
- * existing rate was present, so ignore.
+ * The send tag is being converted, so set the
+ * rate limit on the inpcb tag. There is a
+ * race that the new NIC send tag might use
+ * the current rate instead of this one.
*/
- tcp_rel_pacing_rate(crte, tp);
- if (error)
- *error = EOPNOTSUPP;
- return (NULL);
+ tls = NULL;
}
}
#endif