ktls: Always create a software backend for receive sessions.
ClosedPublic
Actions

Authored by jhb on Oct 19 2021, 5:51 PM.

Details

Reviewers

• hselasky
gallatin

Commits

rG96668a81aef7: ktls: Always create a software backend for receive sessions.

Summary

A future change to TOE TLS will require a software fallback for the
first few TLS records received. Future support for NIC TLS on receive
will also require a software fallback for certain cases.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.Oct 19 2021, 5:51 PM

Herald added a subscriber: imp. · View Herald TranscriptOct 19 2021, 5:51 PM

jhb requested review of this revision.Oct 19 2021, 5:51 PM

Harbormaster completed remote builds in B42260: Diff 97116.Oct 19 2021, 5:51 PM

jhb added a parent revision: D32565: ktls: Change struct ktls_session.cipher to an OCF-specific type..Oct 19 2021, 5:51 PM

FYI, this effectively disables support for AES-CBC ciphers via TOE TLS. In the future I may add it back by adding a software decryption for MTE, but probably restrict it by default to only being enabled for TOE where the software route is only used for a few records.

gallatin accepted this revision.Oct 19 2021, 10:19 PM

This revision is now accepted and ready to land.Oct 19 2021, 10:19 PM

Looks good.

Closed by commit rG96668a81aef7: ktls: Always create a software backend for receive sessions. (authored by jhb). · Explain WhyOct 21 2021, 5:09 PM

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rG96668a81aef7: ktls: Always create a software backend for receive sessions..