d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2ff447ee3b
freebsd-dev/sys
History
John Baldwin 2ff447ee3b cxgbe: Enable TOE TLS RX when an RX key is provided via setsockopt(). 
Rather than requiring a socket to be created as a TLS socket from the
get go, switch a TOE socket from "plain" TOE to TLS mode when a
receive key is added to the socket.

The firmware is only able to switch a "plain" TOE connection to TLS
mode if the head of the pending socket data is the start of a TLS
record, so the connection is migrated to TLS mode as a multi-step
process.

When TOE TLS RX is enabled, the associated connection's receive side
is frozen via a flag in the TCB.  The state of the socket buffer is
then examined to determine if the pending data in the socket buffer
ends on a TLS record boundary.  If so, the connection is migrated to
TLS mode and unfrozen.  Otherwise, the connection is unfrozen
temporarily until more data arrives.  Once more data arrives, the
receive queue is frozen again and rechecked.  This continues until the
connection is paused at a record boundary.  Any records received
before TLS mode is enabled are decrypted as software records.

Note that this removes the 'rx_tls_ports' sysctl.  TOE TLS offload for
receive is now enabled automatically on existing TOE connections when
using a KTLS-aware SSL library just as it was previously enabled
automatically for TLS transmit.  This also enables TLS offload for TOE
connections which enable TLS after passing initial data in the clear
(e.g. STARTTLS with SMTP).

Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D37351
2022-11-15 12:08:51 -08:00
..
amd64 Retire broken GPROF support from the kernel 2022-11-15 14:17:10 +00:00
arm Retire broken GPROF support from the kernel 2022-11-15 14:17:10 +00:00
arm64 Split out the arm64 EL2 exception vectors 2022-11-15 17:26:52 +00:00
bsm
cam cam: Use FreeBSD standard copyright 2022-10-07 23:37:46 -06:00
cddl dtrace: avoid kinst warn when not used 2022-11-15 13:40:31 +00:00
compat LinuxKPI: add memset_startat macro 2022-11-15 12:52:10 +00:00
conf Split out the arm64 EL2 exception vectors 2022-11-15 17:26:52 +00:00
contrib Import device-tree files from Linux 6.0 2022-11-15 20:02:06 +01:00
crypto OpenSSL: Regen assembly file for OpenSSSL 1.1.1s 2022-11-01 19:12:09 -04:00
ddb ddb: Don't flag breakpoint/watchpoint commands as MEMSAFE 2022-11-02 13:46:24 -04:00
dev cxgbe: Enable TOE TLS RX when an RX key is provided via setsockopt(). 2022-11-15 12:08:51 -08:00
dts
fs nfs: Fix common typos in source code comments 2022-11-08 14:58:32 +01:00
gdb ddb: use _FLAGS command macros where appropriate 2022-07-05 11:56:55 -03:00
geom Don't panic when tasting a disk with sectorsize=0 2022-11-09 10:21:12 -07:00
gnu
i386 Retire broken GPROF support from the kernel 2022-11-15 14:17:10 +00:00
isa Adjust function definition in isa's pnp.c to avoid clang 15 warning 2022-07-27 21:13:59 +02:00
kern ktls: Add software support for AES-CBC decryption for TLS 1.1+. 2022-11-15 12:02:03 -08:00
kgssapi
libkern arm: Remove unused ffs.S 2022-10-20 10:48:31 -06:00
modules pfsync: prepare code to accommodate AF_INET6 family 2022-11-09 21:06:07 +01:00
net if_ovpn: pass control packets through the socket 2022-11-15 10:01:18 +01:00
net80211 net8021: Fix a typo in a kernel error message 2022-10-25 04:31:51 +02:00
netgraph ng_hci: handle NG_HCI_M_PULLUP failure in le_advertizing_report 2022-11-01 14:33:37 -04:00
netinet tcp: account sent/received IP ECN markings independently 2022-11-10 11:35:35 +01:00
netinet6 sctp: minor changes due to upstreaming of Glebs recent changes 2022-11-06 23:06:40 +01:00
netipsec ipsec: add support for CHACHA20POLY1305 2022-11-02 14:19:04 +01:00
netlink netlink: unregister groups along with family 2022-11-08 12:46:58 +01:00
netpfil pfsync: fix memory leak 2022-11-15 12:13:11 +01:00
netsmb
nfs
nfsclient
nfsserver
nlm
ofed ibcore: The use of IN_LOOPBACK() now requires a valid VNET context. 2022-09-23 13:42:03 +02:00
opencrypto ktls_ocf: Reject encrypted TLS records using AEAD that are too small. 2022-11-15 12:02:57 -08:00
powerpc powerpc: slb_alloc_user_cache: fix missing uma_zalloc wait flag 2022-10-03 20:56:41 -03:00
riscv Revert "Check alignment of fp in unwind_frame" 2022-11-15 12:33:39 +00:00
rpc clnt_vc.c: Replace msleep() with pause() to avoid assert panic 2022-10-14 15:46:55 -07:00
security mac_lomac: whack giant usage 2022-11-15 14:31:41 +00:00
sys proc: retire 2 unused lock annotations 2022-11-15 10:50:39 +00:00
teken
tests
tools dtb: Be much less verbose in the building of dtb 2022-10-29 10:13:54 -06:00
ufs Enable taking snapshots on UFS/FFS filesystems using journaled soft updates. 2022-11-12 22:56:03 -08:00
vm ddb: don't limit pindex output in 'show vmopag' 2022-11-11 14:25:39 -04:00
x86 Retire broken GPROF support from the kernel 2022-11-15 14:17:10 +00:00
xdr
xen
Makefile Remove dead code in the cscope target 2022-11-11 15:53:57 +00:00
README.md README.md: shift description of kernel config files 2022-11-01 12:20:55 -03:00

README.md

FreeBSD Kernel Source:

This directory contains the source files and build glue that make up the FreeBSD kernel and its modules, including both original and contributed software.

Kernel configuration files are located in the conf/ subdirectory of each architecture. GENERIC is the configuration used in release builds. NOTES contains documentation of all possible entries. LINT is a compile-only configuration used to maximize build coverage and detect regressions.

Source Roadmap:

Directory Description
amd64 AMD64 (64-bit x86) architecture support
arm 32-bit ARM architecture support
arm64 64-bit ARM (AArch64) architecture support
cam Common Access Method storage subsystem - cam(4) and ctl(4)
cddl CDDL-licensed optional sources such as DTrace
conf kernel build glue
compat Linux compatibility layer, FreeBSD 32-bit compatibility
contrib 3rd-party imported software such as OpenZFS
crypto crypto drivers
ddb interactive kernel debugger - ddb(4)
fs most filesystems, excluding UFS, NFS, and ZFS
dev device drivers
gdb kernel remote GDB stub - gdb(4)
geom GEOM framework - geom(4)
i386 i386 (32-bit x86) architecture support
kern main part of the kernel
libkern libc-like and other support functions for kernel use
modules kernel module infrastructure
net core networking code
net80211 wireless networking (IEEE 802.11) - net80211(4)
netgraph graph-based networking subsystem - netgraph(4)
netinet IPv4 protocol implementation - inet(4)
netinet6 IPv6 protocol implementation - inet6(4)
netipsec IPsec protocol implementation - ipsec(4)
netpfil packet filters - ipfw(4), pf(4), and ipfilter(4)
opencrypto OpenCrypto framework - crypto(7)
powerpc PowerPC/POWER (32 and 64-bit) architecture support
riscv 64-bit RISC-V architecture support
security security facilities - audit(4) and mac(4)
sys kernel headers
tests kernel unit tests
ufs Unix File System - ffs(7)
vm virtual memory system
x86 code shared by AMD64 and i386 architectures