CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	John Baldwin <jhb@FreeBSD.org>
	Mon, 27 Apr 2020 23:17:19 +0000 (23:17 +0000)
committer	John Baldwin <jhb@FreeBSD.org>
	Mon, 27 Apr 2020 23:17:19 +0000 (23:17 +0000)
commit	f1f93475463891194c453aff5f7c872fa9109b45
tree	96c3a00abf0c646544c443cf7a4ced5dae445568	tree \| snapshot
parent	ec1db6e13db4d5cffa7fadc42519f9bc4315eaee	commit \| diff

Initial support for kernel offload of TLS receive.

- Add a new TCP_RXTLS_ENABLE socket option to set the encryption and
  authentication algorithms and keys as well as the initial sequence
  number.

- When reading from a socket using KTLS receive, applications must use
  recvmsg().  Each successful call to recvmsg() will return a single
  TLS record.  A new TCP control message, TLS_GET_RECORD, will contain
  the TLS record header of the decrypted record.  The regular message
  buffer passed to recvmsg() will receive the decrypted payload.  This
  is similar to the interface used by Linux's KTLS RX except that
  Linux does not return the full TLS header in the control message.

- Add plumbing to the TOE KTLS interface to request either transmit
  or receive KTLS sessions.

- When a socket is using receive KTLS, redirect reads from
  soreceive_stream() into soreceive_generic().

- Note that this interface is currently only defined for TLS 1.1 and
  1.2, though I believe we will be able to reuse the same interface
  and structures for 1.3.

share/man/man4/tcp.4		diff \| blob \| history
sys/dev/cxgbe/tom/t4_tom.c		diff \| blob \| history
sys/kern/uipc_ktls.c		diff \| blob \| history
sys/kern/uipc_socket.c		diff \| blob \| history
sys/netinet/tcp.h		diff \| blob \| history
sys/netinet/tcp_offload.c		diff \| blob \| history
sys/netinet/tcp_offload.h		diff \| blob \| history
sys/netinet/tcp_usrreq.c		diff \| blob \| history
sys/netinet/toecore.c		diff \| blob \| history
sys/netinet/toecore.h		diff \| blob \| history
sys/sys/ktls.h		diff \| blob \| history