Page MenuHomeFreeBSD

Handle CPL_RX_DATA on active TLS sockets.
ClosedPublic

Authored by jhb on Oct 15 2020, 6:12 PM.

Details

Summary

In certain edge cases, the NIC might have only received a partial TLS
record which it needs to return to the driver. For example, if the
local socket was closed while data was still in flight, a partial TLS
record might be pending when the connection is closed. Receiving a
RST in the middle of a TLS record is another example. When this
happens, the firmware returns the the partial TLS record as plain TCP
data via CPL_RX_DATA. Handle these requests by returning an error to
OpenSSL (via so_error for KTLS or via an error TLS record header for
the older Chelsio OpenSSL interface).

Test Plan
  • found by Chelsio's QA and verified by re-running their test

Diff Detail

Lint
Lint Skipped
Unit
Unit Tests Skipped
Build Status
Buildable 34332
Build 31458: arc lint + arc unit

Event Timeline

jhb requested review of this revision.Oct 15 2020, 6:12 PM
jhb added inline comments.
sys/dev/cxgbe/tom/t4_tls.c
2329

I've left this in for you to look at Navdeep to decide if we should enable this or if we should axe it instead. If we axe it, I will probably leave the comment about not bothering to return credits as a placeholder for the removed code.

sys/dev/cxgbe/tom/t4_tls.c
2329

Let's leave it enabled for now because in theory we haven't seen a FIN so the rcv window
should be maintained properly. In practice I don't think the connection can fall out of ULP
mode TLS without something "terminal" having happened.

This revision is now accepted and ready to land.Oct 21 2020, 10:40 PM
  • Enable credit return in do_rx_data_tls().
This revision now requires review to proceed.Oct 21 2020, 11:53 PM
  • Compile fixes after enabling rx_credits handling.
This revision is now accepted and ready to land.Oct 22 2020, 11:55 PM