Page MenuHomeFreeBSD

Clear TLS offload mode if a TLS socket hangs without receiving data.
ClosedPublic

Authored by jhb on Dec 3 2020, 9:33 PM.
Tags
None
Referenced Files
F107018463: D27470.diff
Thu, Jan 9, 1:28 AM
Unknown Object (File)
Nov 16 2024, 5:46 PM
Unknown Object (File)
Nov 16 2024, 11:40 AM
Unknown Object (File)
Sep 24 2024, 12:51 AM
Unknown Object (File)
Sep 12 2024, 2:24 AM
Unknown Object (File)
Sep 6 2024, 12:01 AM
Unknown Object (File)
Aug 28 2024, 3:57 AM
Unknown Object (File)
Aug 18 2024, 11:58 AM
Subscribers

Details

Summary

By default, if a TLS socket stops receiving data for more than 5
seconds, revert the connection back to plain TOE mode. This provides
a fallback if the userland SSL library does not support KTLS.
In addition, for client TLS 1.3 sockets using connect(), the TOE socket
blocks before the handshake has completed since the socket option is
only invoked for the final handshake.

The timeout defaults to 5 seconds, but can be changed at boot via the
hw.cxgbe.toe.tls_rx_timeout tunable or for an individual interface via
the dev.<nexus>.toe.tls_rx_timeout sysctl.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable