Rather than requiring a socket to be created as a TLS socket from the get go, switch a TOE socket from "plain" TOE to TLS mode when a receive key is added to the socket. The firmware is only able to switch a "plain" TOE connection to TLS mode if the head of the pending socket data is the start of a TLS record, so the connection is migrated to TLS mode as a multi-step process. When TOE TLS RX is enabled, the associated connection's receive side is frozen via a flag in the TCB. The state of the socket buffer is then examined to determine if the pending data in the socket buffer ends on a TLS record boundary. If so, the connection is migrated to TLS mode and unfrozen. Otherwise, the connection is unfrozen temporarily until more data arrives. Once more data arrives, the receive queue is frozen again and rechecked. This continues until the connection is paused at a record boundary. Any records received before TLS mode is enabled are decrypted as software records. Note that this removes the 'rx_tls_ports' sysctl. TOE TLS offload for receive is now enabled automatically on existing TOE connections when using a KTLS-aware SSL library just as it was previously enabled automatically for TLS transmit. This also enables TLS offload for TOE connections which enable TLS after passing initial data in the clear (e.g. STARTTLS with SMTP). Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37351 |
||
---|---|---|
.. | ||
amd64 | ||
arm | ||
arm64 | ||
bsm | ||
cam | ||
cddl | ||
compat | ||
conf | ||
contrib | ||
crypto | ||
ddb | ||
dev | ||
dts | ||
fs | ||
gdb | ||
geom | ||
gnu | ||
i386 | ||
isa | ||
kern | ||
kgssapi | ||
libkern | ||
modules | ||
net | ||
net80211 | ||
netgraph | ||
netinet | ||
netinet6 | ||
netipsec | ||
netlink | ||
netpfil | ||
netsmb | ||
nfs | ||
nfsclient | ||
nfsserver | ||
nlm | ||
ofed | ||
opencrypto | ||
powerpc | ||
riscv | ||
rpc | ||
security | ||
sys | ||
teken | ||
tests | ||
tools | ||
ufs | ||
vm | ||
x86 | ||
xdr | ||
xen | ||
Makefile | ||
README.md |
FreeBSD Kernel Source:
This directory contains the source files and build glue that make up the FreeBSD kernel and its modules, including both original and contributed software.
Kernel configuration files are located in the conf/
subdirectory of each
architecture. GENERIC
is the configuration used in release builds. NOTES
contains documentation of all possible entries. LINT
is a compile-only
configuration used to maximize build coverage and detect regressions.
Source Roadmap:
Directory | Description |
---|---|
amd64 | AMD64 (64-bit x86) architecture support |
arm | 32-bit ARM architecture support |
arm64 | 64-bit ARM (AArch64) architecture support |
cam | Common Access Method storage subsystem - cam(4) and ctl(4) |
cddl | CDDL-licensed optional sources such as DTrace |
conf | kernel build glue |
compat | Linux compatibility layer, FreeBSD 32-bit compatibility |
contrib | 3rd-party imported software such as OpenZFS |
crypto | crypto drivers |
ddb | interactive kernel debugger - ddb(4) |
fs | most filesystems, excluding UFS, NFS, and ZFS |
dev | device drivers |
gdb | kernel remote GDB stub - gdb(4) |
geom | GEOM framework - geom(4) |
i386 | i386 (32-bit x86) architecture support |
kern | main part of the kernel |
libkern | libc-like and other support functions for kernel use |
modules | kernel module infrastructure |
net | core networking code |
net80211 | wireless networking (IEEE 802.11) - net80211(4) |
netgraph | graph-based networking subsystem - netgraph(4) |
netinet | IPv4 protocol implementation - inet(4) |
netinet6 | IPv6 protocol implementation - inet6(4) |
netipsec | IPsec protocol implementation - ipsec(4) |
netpfil | packet filters - ipfw(4) , pf(4) , and ipfilter(4) |
opencrypto | OpenCrypto framework - crypto(7) |
powerpc | PowerPC/POWER (32 and 64-bit) architecture support |
riscv | 64-bit RISC-V architecture support |
security | security facilities - audit(4) and mac(4) |
sys | kernel headers |
tests | kernel unit tests |
ufs | Unix File System - ffs(7) |
vm | virtual memory system |
x86 | code shared by AMD64 and i386 architectures |