Page MenuHomeFreeBSD

cxgbe: Enable TOE TLS RX when an RX key is provided via setsockopt().
ClosedPublic

Authored by jhb on Nov 11 2022, 1:57 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 1, 1:56 AM
Unknown Object (File)
Mon, Oct 28, 2:53 PM
Unknown Object (File)
Fri, Oct 25, 12:44 AM
Unknown Object (File)
Sat, Oct 19, 12:23 AM
Unknown Object (File)
Oct 4 2024, 5:15 PM
Unknown Object (File)
Oct 4 2024, 3:25 PM
Unknown Object (File)
Sep 28 2024, 2:24 AM
Unknown Object (File)
Sep 18 2024, 1:24 PM
Subscribers

Details

Summary

Rather than requiring a socket to be created as a TLS socket from the
get go, switch a TOE socket from "plain" TOE to TLS mode when a receive
key is added to the socket.

The firmware is able to switch a "plain" TOE connection to TLS mode if
the head of the pending socket data is the start of a TLS record, so
some the connection is migrated to TLS mode as a multi-step process.

When TOE TLS RX is enabled, the associated connection's receive side
is frozen via a flag in the TCB. The state of the socket buffer is
then examined to determine if the pending data in the socket buffer
ends on a TLS record boundary. If so, the connection is migrated to
TLS mode and unfrozen. Otherwise, the connection is unfrozen
temporarily until more data arrives. Once more data arrives, the
queue is frozen again and rechecked. This continues until the
connection is paused at a record boundary. Any records received
before TLS mode is enabled are decrypted as software records.

Sponsored by: Chelsio Communications

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable