From d782385e9bc7bf14ab0f6577bad7526cc51b6b64 Mon Sep 17 00:00:00 2001 From: John Baldwin Date: Mon, 31 Jan 2022 16:40:04 -0800 Subject: [PATCH] tcp_ratelimit: Handle some edge cases with TLS + RL send tags. - After a connection has fallen back from NIC TLS to SW TLS, any pacing rate changes should modify the inpcb send tag even though SB_TLS_IFNET is set. - If a connection tries to modify the pacing rate before the send tag has been converted from plain TLS to TLS + RL, don't fail the rate request set but let it fall through to setting the rate on the non-TLS inpcb RL tag. Reviewed by: gallatin, rrs, hselasky Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D34085 --- sys/netinet/tcp_ratelimit.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/sys/netinet/tcp_ratelimit.c b/sys/netinet/tcp_ratelimit.c index 2f36cea4fae..dc9a6b6650e 100644 --- a/sys/netinet/tcp_ratelimit.c +++ b/sys/netinet/tcp_ratelimit.c @@ -1403,18 +1403,30 @@ tcp_chg_pacing_rate(const struct tcp_hwrate_limit_table *crte, #ifdef KERN_TLS if (tp->t_inpcb->inp_socket->so_snd.sb_flags & SB_TLS_IFNET) { tls = tp->t_inpcb->inp_socket->so_snd.sb_tls_info; - MPASS(tls->mode == TCP_TLS_MODE_IFNET); - if (tls->snd_tag != NULL && + if (tls->mode != TCP_TLS_MODE_IFNET) + tls = NULL; + else if (tls->snd_tag != NULL && tls->snd_tag->sw->type != IF_SND_TAG_TYPE_TLS_RATE_LIMIT) { + if (!tls->reset_pending) { + /* + * NIC probably doesn't support + * ratelimit TLS tags if it didn't + * allocate one when an existing rate + * was present, so ignore. + */ + tcp_rel_pacing_rate(crte, tp); + if (error) + *error = EOPNOTSUPP; + return (NULL); + } + /* - * NIC probably doesn't support ratelimit TLS - * tags if it didn't allocate one when an - * existing rate was present, so ignore. + * The send tag is being converted, so set the + * rate limit on the inpcb tag. There is a + * race that the new NIC send tag might use + * the current rate instead of this one. */ - tcp_rel_pacing_rate(crte, tp); - if (error) - *error = EOPNOTSUPP; - return (NULL); + tls = NULL; } } #endif -- 2.45.0