Page MenuHomeFreeBSD
Differential D30138

Assume OCF is the only KTLS software backend.
ClosedPublic
Actions

Authored by jhb on May 5 2021, 9:30 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jun 9, 10:33 PM
Unknown Object (File)
Mon, Jun 8, 9:24 AM
Unknown Object (File)
May 19 2026, 1:54 AM
Unknown Object (File)
May 18 2026, 2:51 PM
Unknown Object (File)
May 18 2026, 2:49 PM
Unknown Object (File)
May 18 2026, 4:04 AM
Unknown Object (File)
May 17 2026, 8:09 PM
Unknown Object (File)
May 17 2026, 8:04 PM
View All Files
Subscribers
imp
jmg

Details

Reviewers
markj
gallatin
Commits
rG21e3c1fbe246: Assume OCF is the only KTLS software backend.
Summary

This removes support for loadable software backends. The KTLS OCF
support is now always included in kernels with KERN_TLS and the
ktls_ocf.ko module has been removed. The software encryption routines
now take an mbuf directly and use the TLS mbuf as the crypto buffer
when possible.

Sponsored by: Netflix

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.May 5 2021, 9:30 PM
Herald added subscribers: jmg, imp. · View Herald TranscriptMay 5 2021, 9:30 PM
jhb requested review of this revision.May 5 2021, 9:30 PM
Harbormaster completed remote builds in B39043: Diff 88713.May 5 2021, 9:30 PM
jhb added a parent revision: D30137: ktls_ocf: Fix a few places to not hardcode the GMAC hash length..May 5 2021, 9:30 PM
jhb added a child revision: D30139: Include the trailer in the original dst_iov..
markj added a comment.May 6 2021, 3:30 PM

Nice cleanup.

sys/conf/files
4933

ktls_ocf.c sorts after gfmult.c.

sys/kern/uipc_ktls.c
2046–2047

Can we easily put the case below into a separate function?

sys/opencrypto/ktls_ocf.c
522

Doesn't it need to be crp.crp_payload_length + m->m_epg_hdrlen?

markj added inline comments.May 6 2021, 3:34 PM
sys/opencrypto/ktls_ocf.c
522

Never mind, I am wrong.

jhb added inline comments.May 6 2021, 11:25 PM
sys/kern/uipc_ktls.c
2046–2047

My WIP changes to add async mode move this around quite a bi, so I'd be inclined to refactor as part of those changes.

gallatin accepted this revision.May 7 2021, 2:05 PM
This revision is now accepted and ready to land.May 7 2021, 2:05 PM
markj accepted this revision.May 7 2021, 2:11 PM
markj added inline comments.
sys/kern/uipc_ktls.c
2046–2047

Ok.

sys/opencrypto/ktls_ocf.c
375

Recomputing tls_comp_len here. I think it is unused, so maybe just drop that variable instead.

jhb added a parent revision: D30279: Only build security/ktls_isa-l_crypto-kmod on FreeBSD 13..May 15 2021, 6:16 PM
jhb marked 3 inline comments as done.May 22 2021, 12:34 AM
jhb added inline comments.
sys/opencrypto/ktls_ocf.c
375

It is used to set the inner frame length in the AAD (ad.tls_length). I will reuse it as I did in the other routines.

jhb updated this revision to Diff 89788.May 24 2021, 11:57 PM
jhb marked an inline comment as done.
  • Various review feedback.
This revision now requires review to proceed.May 24 2021, 11:57 PM
Harbormaster completed remote builds in B39425: Diff 89788.May 24 2021, 11:57 PM
gallatin accepted this revision.May 25 2021, 1:32 AM
This revision is now accepted and ready to land.May 25 2021, 1:32 AM
markj accepted this revision.May 25 2021, 1:52 PM
Closed by commit rG21e3c1fbe246: Assume OCF is the only KTLS software backend. (authored by jhb). · Explain WhyMay 26 2021, 12:00 AM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rG21e3c1fbe246: Assume OCF is the only KTLS software backend..

Revision Contents
Changeset List

PathSize
sys/
conf/
1 line
kern/
232 lines
modules/
2 lines
ktls_ocf/
opencrypto/
328 lines
sys/
25 lines
2 lines

Diff 89876

View Options

sys/conf/files

Loading...
View Options

sys/kern/uipc_ktls.c

Loading...
View Options

sys/modules/Makefile

Loading...
View Options

sys/modules/ktls_ocf/Makefile

Loading...
View Options

sys/opencrypto/ktls_ocf.c

Loading...
View Options

sys/sys/ktls.h

Loading...
View Options

sys/sys/param.h

Loading...