Page MenuHomeFreeBSD

Assume OCF is the only KTLS software backend.
ClosedPublic

Authored by jhb on May 5 2021, 9:30 PM.

Details

Summary

This removes support for loadable software backends. The KTLS OCF
support is now always included in kernels with KERN_TLS and the
ktls_ocf.ko module has been removed. The software encryption routines
now take an mbuf directly and use the TLS mbuf as the crypto buffer
when possible.

Sponsored by: Netflix

Diff Detail

Repository
R10 FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb requested review of this revision.May 5 2021, 9:30 PM

Nice cleanup.

sys/conf/files
4932

ktls_ocf.c sorts after gfmult.c.

sys/kern/uipc_ktls.c
2046–2047

Can we easily put the case below into a separate function?

sys/opencrypto/ktls_ocf.c
521

Doesn't it need to be crp.crp_payload_length + m->m_epg_hdrlen?

sys/opencrypto/ktls_ocf.c
521

Never mind, I am wrong.

sys/kern/uipc_ktls.c
2046–2047

My WIP changes to add async mode move this around quite a bi, so I'd be inclined to refactor as part of those changes.

This revision is now accepted and ready to land.May 7 2021, 2:05 PM
markj added inline comments.
sys/kern/uipc_ktls.c
2046–2047

Ok.

sys/opencrypto/ktls_ocf.c
374

Recomputing tls_comp_len here. I think it is unused, so maybe just drop that variable instead.

jhb marked 3 inline comments as done.Sat, May 22, 12:34 AM
jhb added inline comments.
sys/opencrypto/ktls_ocf.c
374

It is used to set the inner frame length in the AAD (ad.tls_length). I will reuse it as I did in the other routines.

jhb marked an inline comment as done.
  • Various review feedback.
This revision now requires review to proceed.Mon, May 24, 11:57 PM
This revision is now accepted and ready to land.Tue, May 25, 1:32 AM
This revision was automatically updated to reflect the committed changes.