Page MenuHomeFreeBSD

ktls: Fix accounting for TLS 1.0 empty fragments.
ClosedPublic

Authored by jhb on Aug 13 2021, 11:13 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Sep 15, 12:13 AM
Unknown Object (File)
Aug 2 2025, 9:39 AM
Unknown Object (File)
Jul 8 2025, 3:57 PM
Unknown Object (File)
Jul 3 2025, 2:09 AM
Unknown Object (File)
Jul 2 2025, 1:35 AM
Unknown Object (File)
Jun 14 2025, 5:29 PM
Unknown Object (File)
Jun 14 2025, 10:42 AM
Unknown Object (File)
Jun 1 2025, 12:20 PM
Subscribers

Details

Summary

TLS 1.0 empty fragment mbufs have no payload and thus m_epg_npgs is
zero. However, these mbufs need to occupy a "unit" of space for the
purposes of M_NOTREADY tracking similar to regular mbufs. Previously
this was done for the page count returned from ktls_frame() and passed
to ktls_enqueue() as well as the page count passed to pru_ready().

However, sbready() and mb_free_notready() only use m_epg_nrdy to
determine the number of "units" of space in an M_EXT mbuf, so when a
TLS 1.0 fragment was marked ready it would mark one unit of the next
mbuf in the socket buffer as ready as well. To fix, set m_epg_nrdy to
1 for empty fragments. This actually simplifies the code as now only
ktls_frame() has to handle TLS 1.0 fragments explicitly and the rest
of the KTLS functions can just use m_epg_nrdy.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable