Page MenuHomeFreeBSD

Handle CPL_RX_DATA on active TLS sockets.

Authored by jhb on Oct 15 2020, 6:12 PM.



In certain edge cases, the NIC might have only received a partial TLS
record which it needs to return to the driver. For example, if the
local socket was closed while data was still in flight, a partial TLS
record might be pending when the connection is closed. Receiving a
RST in the middle of a TLS record is another example. When this
happens, the firmware returns the the partial TLS record as plain TCP
data via CPL_RX_DATA. Handle these requests by returning an error to
OpenSSL (via so_error for KTLS or via an error TLS record header for
the older Chelsio OpenSSL interface).

Test Plan
  • found by Chelsio's QA and verified by re-running their test

Diff Detail

Lint Skipped
Unit Tests Skipped
Build Status
Buildable 34332
Build 31458: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Oct 15 2020, 6:12 PM
jhb added inline comments.

I've left this in for you to look at Navdeep to decide if we should enable this or if we should axe it instead. If we axe it, I will probably leave the comment about not bothering to return credits as a placeholder for the removed code.


Let's leave it enabled for now because in theory we haven't seen a FIN so the rcv window
should be maintained properly. In practice I don't think the connection can fall out of ULP
mode TLS without something "terminal" having happened.

This revision is now accepted and ready to land.Oct 21 2020, 10:40 PM
  • Enable credit return in do_rx_data_tls().
This revision now requires review to proceed.Oct 21 2020, 11:53 PM
  • Compile fixes after enabling rx_credits handling.
This revision is now accepted and ready to land.Oct 22 2020, 11:55 PM