From nobody Thu Oct 21 17:08:54 2021 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id E989F180A956; Thu, 21 Oct 2021 17:08:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HZv8Q5X8qz4jvY; Thu, 21 Oct 2021 17:08:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7B7F61F20F; Thu, 21 Oct 2021 17:08:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 19LH8sG6080997; Thu, 21 Oct 2021 17:08:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 19LH8sDX080996; Thu, 21 Oct 2021 17:08:54 GMT (envelope-from git) Date: Thu, 21 Oct 2021 17:08:54 GMT Message-Id: <202110211708.19LH8sDX080996@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: John Baldwin Subject: git: c57dbec69a6c - main - ktls: Add a routine to query information in a receive socket buffer. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jhb X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c57dbec69a6cb20098b691b9cd5246f390d83e80 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jhb: URL: https://cgit.FreeBSD.org/src/commit/?id=c57dbec69a6cb20098b691b9cd5246f390d83e80 commit c57dbec69a6cb20098b691b9cd5246f390d83e80 Author: John Baldwin AuthorDate: 2021-10-21 16:36:29 +0000 Commit: John Baldwin CommitDate: 2021-10-21 16:36:29 +0000 ktls: Add a routine to query information in a receive socket buffer. In particular, ktls_pending_rx_info() determines which TLS record is at the end of the current receive socket buffer (including not-yet-decrypted data) along with how much data in that TLS record is not yet present in the socket buffer. This is useful for future changes to support NIC TLS receive offload and enhancements to TOE TLS receive offload. Those use cases need a way to synchronize a state machine on the NIC with the TLS record boundaries in the TCP stream. Reviewed by: gallatin, hselasky Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D32564 --- sys/kern/uipc_ktls.c | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++ sys/sys/ktls.h | 1 + 2 files changed, 64 insertions(+) diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index 1d3321fd4ff6..eb1f8dec8c1e 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -1082,6 +1082,69 @@ sb_mark_notready(struct sockbuf *sb) sb->sb_ccc)); } +/* + * Return information about the pending TLS data in a socket + * buffer. On return, 'seqno' is set to the sequence number + * of the next TLS record to be received, 'resid' is set to + * the amount of bytes still needed for the last pending + * record. The function returns 'false' if the last pending + * record contains a partial TLS header. In that case, 'resid' + * is the number of bytes needed to complete the TLS header. + */ +bool +ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp) +{ + struct tls_record_layer hdr; + struct mbuf *m; + uint64_t seqno; + size_t resid; + u_int offset, record_len; + + SOCKBUF_LOCK_ASSERT(sb); + MPASS(sb->sb_flags & SB_TLS_RX); + seqno = sb->sb_tls_seqno; + resid = sb->sb_tlscc; + m = sb->sb_mtls; + offset = 0; + + if (resid == 0) { + *seqnop = seqno; + *residp = 0; + return (true); + } + + for (;;) { + seqno++; + + if (resid < sizeof(hdr)) { + *seqnop = seqno; + *residp = sizeof(hdr) - resid; + return (false); + } + + m_copydata(m, offset, sizeof(hdr), (void *)&hdr); + + record_len = sizeof(hdr) + ntohs(hdr.tls_length); + if (resid <= record_len) { + *seqnop = seqno; + *residp = record_len - resid; + return (true); + } + resid -= record_len; + + while (record_len != 0) { + if (m->m_len - offset > record_len) { + offset += record_len; + break; + } + + record_len -= (m->m_len - offset); + offset = 0; + m = m->m_next; + } + } +} + int ktls_enable_rx(struct socket *so, struct tls_enable *en) { diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h index cd0a786bb345..4258d2c342dc 100644 --- a/sys/sys/ktls.h +++ b/sys/sys/ktls.h @@ -224,6 +224,7 @@ int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls); #ifdef RATELIMIT int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate); #endif +bool ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp); static inline struct ktls_session * ktls_hold(struct ktls_session *tls)