Paths

Table of Contentst

Differential D30138

Assume OCF is the only KTLS software backend.
ClosedPublic
Actions

Authored by jhb on May 5 2021, 9:30 PM.

Tags

None

Referenced Files

	F144956661: D30138.diff
	Sat, Feb 14, 11:53 AM

	F144956652: D30138.diff
	Sat, Feb 14, 11:53 AM

	Unknown Object (File)
	Mon, Feb 9, 2:01 AM

	Unknown Object (File)
	Mon, Jan 19, 4:30 PM

	Unknown Object (File)
	Dec 30 2025, 11:06 PM

	Unknown Object (File)
	Dec 3 2025, 12:04 AM

	Unknown Object (File)
	Nov 23 2025, 3:24 PM

	Unknown Object (File)
	Nov 16 2025, 2:01 AM

Subscribers

Details

Reviewers

markj
gallatin

Commits

rG21e3c1fbe246: Assume OCF is the only KTLS software backend.

Summary

This removes support for loadable software backends. The KTLS OCF
support is now always included in kernels with KERN_TLS and the
ktls_ocf.ko module has been removed. The software encryption routines
now take an mbuf directly and use the TLS mbuf as the crypto buffer
when possible.

Sponsored by: Netflix

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.May 5 2021, 9:30 PM

Herald added subscribers: jmg, imp. · View Herald TranscriptMay 5 2021, 9:30 PM

jhb requested review of this revision.May 5 2021, 9:30 PM

Harbormaster completed remote builds in B39043: Diff 88713.May 5 2021, 9:30 PM

jhb added a parent revision: D30137: ktls_ocf: Fix a few places to not hardcode the GMAC hash length..May 5 2021, 9:30 PM

jhb added a child revision: D30139: Include the trailer in the original dst_iov..

Nice cleanup.

sys/conf/files
4933	ktls_ocf.c sorts after gfmult.c.
sys/kern/uipc_ktls.c
2046–2047	Can we easily put the case below into a separate function?
sys/opencrypto/ktls_ocf.c
522	Doesn't it need to be `crp.crp_payload_length + m->m_epg_hdrlen`?

markj added inline comments.May 6 2021, 3:34 PM

sys/opencrypto/ktls_ocf.c
522	Never mind, I am wrong.

jhb added inline comments.May 6 2021, 11:25 PM

sys/kern/uipc_ktls.c
2046–2047	My WIP changes to add async mode move this around quite a bi, so I'd be inclined to refactor as part of those changes.

gallatin accepted this revision.May 7 2021, 2:05 PM

This revision is now accepted and ready to land.May 7 2021, 2:05 PM

markj accepted this revision.May 7 2021, 2:11 PM

markj added inline comments.

sys/kern/uipc_ktls.c
2046–2047	Ok.
sys/opencrypto/ktls_ocf.c
375	Recomputing `tls_comp_len` here. I think it is unused, so maybe just drop that variable instead.

jhb added a parent revision: D30279: Only build security/ktls_isa-l_crypto-kmod on FreeBSD 13..May 15 2021, 6:16 PM

jhb marked 3 inline comments as done.May 22 2021, 12:34 AM

jhb added inline comments.

sys/opencrypto/ktls_ocf.c
375	It is used to set the inner frame length in the AAD (ad.tls_length). I will reuse it as I did in the other routines.

Various review feedback.

This revision now requires review to proceed.May 24 2021, 11:57 PM

Harbormaster completed remote builds in B39425: Diff 89788.May 24 2021, 11:57 PM

gallatin accepted this revision.May 25 2021, 1:32 AM

This revision is now accepted and ready to land.May 25 2021, 1:32 AM

markj accepted this revision.May 25 2021, 1:52 PM

Closed by commit rG21e3c1fbe246: Assume OCF is the only KTLS software backend. (authored by jhb). · Explain WhyMay 26 2021, 12:00 AM

This revision was automatically updated to reflect the committed changes.

jhb added a commit: rG21e3c1fbe246: Assume OCF is the only KTLS software backend..

Revision Contents
Changeset List

Path

Size

sys/

conf/

1 line

kern/

232 lines

modules/

2 lines

ktls_ocf/

opencrypto/

328 lines

sys/

25 lines

2 lines

Diff 89876

sys/conf/files

Loading...

sys/kern/uipc_ktls.c

Loading...

sys/modules/Makefile

Loading...

sys/modules/ktls_ocf/Makefile

Loading...

sys/opencrypto/ktls_ocf.c

Loading...

sys/sys/ktls.h

Loading...

sys/sys/param.h

Loading...