HomeFreeBSD
Diffusion FreeBSD src repository c8f2c290e40d

Add definitions for TLS receive tags using the existing send tag infrastructure.
c8f2c290e40d
Actions

Description

Add definitions for TLS receive tags using the existing send tag infrastructure.

Although send tags are strictly used for transmit, the name might be changed
in the future to be more generic.

The TLS receive tags support regular IPv4 and IPv6 traffic, and also over any
VLAN. If prio-tagging is enabled, VLAN ID zero, this must be checked in the
network driver itself when creating the TLS RX decryption offload filter.

TLS receive tags have a modify callback to tell the network driver about
the progress of decryption. Currently decryption is done IP packet by IP
packet, even if the IP packet contains a partial TLS record. The modify
callback allows the network driver to keep track of TCP sequence numbers
pointing to the beginning of TLS records after TCP packet reassembly.
These callbacks only happen when encrypted or partially decrypted data is
received and are used to verify the decryptions starting point for the
hardware. Typically the hardware will guess where TLS headers start and
needs help from the software to know if the guess was correct. This is
the purpose of the modify callback.

Differential Revision: https://reviews.freebsd.org/D32356
Discussed with: jhb@
MFC after: 1 week
Sponsored by: NVIDIA Networking

Details

Provenance
hselaskyAuthored on Jan 26 2022, 11:33 AM
Differential Revision
D32356: ktls: Add full support for TLS RX offloading via network interface.
Parents
rG17cbcf33c3b6: mbuf(9): Assert receive mbufs don't carry a send tag.
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
net/

rGc8f2c290e40d

View Options

sys/net/if_var.h

Loading...