d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
FreeBSD src
275,977 Commits 72 Branches 135 Tags 3.2 GiB
C 59.6%
C++ 25.5%
Roff 5.1%
Shell 2.9%
Assembly 2.7%
Other 3.6%
fe8c78f0d2
Go to file
Hans Petter Selasky fe8c78f0d2 ktls: Add full support for TLS RX offloading via network interface. 
Basic TLS RX offloading uses the "csum_flags" field in the mbuf packet
header to figure out if an incoming mbuf has been fully offloaded or
not. This information follows the packet stream via the LRO engine, IP
stack and finally to the TCP stack. The TCP stack preserves the mbuf
packet header also when re-assembling packets after packet loss. When
the mbuf goes into the socket buffer the packet header is demoted and
the offload information is transferred to "m_flags" . Later on a
worker thread will analyze the mbuf flags and decide if the mbufs
making up a TLS record indicate a fully-, partially- or not decrypted
TLS record. Based on these three cases the worker thread will either
pass the packet on as-is or recrypt the decrypted bits, if any, or
decrypt the packet as usual.

During packet loss the kernel TLS code will call back into the network
driver using the send tag, informing about the TCP starting sequence
number of every TLS record that is not fully decrypted by the network
interface. The network interface then stores this information in a
compressed table and starts asking the hardware if it has found a
valid TLS header in the TCP data payload. If the hardware has found a
valid TLS header and the referred TLS header is at a valid TCP
sequence number according to the TCP sequence numbers provided by the
kernel TLS code, the network driver then informs the hardware that it
can resume decryption.

Care has been taken to not merge encrypted and decrypted mbuf chains,
in the LRO engine and when appending mbufs to the socket buffer.

The mbuf's leaf network interface pointer is used to figure out from
which network interface the offloading rule should be allocated. Also
this pointer is used to track route changes.

Currently mbuf send tags are used in both transmit and receive
direction, due to convenience, but may get a new name in the future to
better reflect their usage.

Reviewed by:	jhb@ and gallatin@
Differential revision:	https://reviews.freebsd.org/D32356
Sponsored by:	NVIDIA Networking
2022-06-07 12:58:09 +02:00
.cirrus-ci Cirrus-CI: add some timing info on pkg install failure 2021-08-04 15:02:00 -04:00
.github Replace EXTRA_DIST with dist_noinst_DATA 2022-05-26 09:24:50 -07:00
bin sleep.1: Fix mdoc style 2022-05-25 10:11:33 +02:00
cddl zfs: merge openzfs/zfs@b9d98453f 2022-06-03 18:17:53 +02:00
contrib bsddialog(3): Fix text wrapping 2022-06-06 21:12:36 +02:00
crypto ssh: update sshd_config for prohibit-password option 2022-05-12 11:16:09 -04:00
etc Update rest of llvm-project build glue for 14.0.4 2022-06-05 18:39:43 +02:00
gnu libdialog: Bump shared library version to 10. 2021-10-27 09:30:24 -07:00
include Linux 5.19 compat: asm/fpu/internal.h 2022-06-01 09:59:15 -07:00
kerberos5 pkgbase: Create a FreeBSD-kerberos package 2021-09-07 10:23:14 +02:00
lib Update rest of llvm-project build glue for 14.0.4 2022-06-05 18:39:43 +02:00
libexec rc: Fix quoting in the zpoolreguid script 2022-05-31 10:51:28 -04:00
release Replace subversion with git in the installation DVD 2022-05-27 09:10:19 -06:00
rescue Fix conflict between libnvpair and libnv when building rescue binaries. 2022-05-24 23:59:33 +03:00
sbin nvmecontrol(8): Fix a typo in an error message 2022-06-04 20:30:48 +02:00
secure OpenSSL: Merge OpenSSL 1.1.1o 2022-05-03 15:12:42 -04:00
share firewire.4: Fix typo 2022-06-05 23:52:34 -04:00
stand stand: Fix a common typo in source code comments 2022-06-05 09:49:51 +02:00
sys ktls: Add full support for TLS RX offloading via network interface. 2022-06-07 12:58:09 +02:00
targets bintrans: move files to a new directory 2022-04-18 10:53:11 +02:00
tests unix/*: rewrite unp_internalize() cmsg parsing cycle 2022-06-06 10:05:28 -07:00
tools Add more old clang files to (Optional)ObsoleteFiles.inc 2022-06-05 22:45:52 +02:00
usr.bin gcore: Don't hardcode VM write permissions. 2022-06-06 16:43:02 -07:00
usr.sbin bsdinstall/scripts/docsinstall: Add Indonesian Documentation 2022-06-06 13:44:43 +02:00
.arcconfig Remove history.immutable from .arcconfig 2021-04-13 12:36:25 +01:00
.arclint
.cirrus.yml Cirrus-CI: update image to FreeBSD 13.1 (latest release) 2022-06-02 15:25:36 -04:00
.clang-format clang-format: Add bitset loop macros 2021-09-21 12:08:01 -04:00
.gitattributes Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitignore gitignore: Ignore compile_commands.events.json 2022-05-30 10:43:25 -04:00
COPYRIGHT Welcome 2022, update copyrights. 2022-01-01 09:49:49 -07:00
LOCKS
MAINTAINERS Remove myself from bhyve maintenance; ENOTIME. 2021-11-19 07:09:30 +10:00
Makefile Switch to GCC 9 for the GCC tinderbox. 2022-05-20 10:16:57 -07:00
Makefile.inc1 Merge llvm-project release/14.x llvmorg-14-init-18315-g190be5457c90 2022-05-14 13:45:25 +02:00
Makefile.libcompat Makefile.libcompat: Sort 2022-02-02 14:34:29 -07:00
Makefile.sys.inc
ObsoleteFiles.inc Add more old clang files to (Optional)ObsoleteFiles.inc 2022-06-05 22:45:52 +02:00
README.md README.md: update gnu directory description 2021-12-17 08:45:31 -05:00
RELNOTES RELNOTES: Add an entry for boottrace(4) 2022-03-29 13:35:14 +02:00
UPDATING UPDATING: Fix a few typos 2022-04-10 10:11:17 +02:00

README.md

FreeBSD Source:

This is the top level of the FreeBSD source directory.

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), FreeBSD handbook on building userland, and Handbook for kernels for more information, including setting make(1) variables.

Source Roadmap:

Directory Description
bin System/user commands.
cddl Various commands and libraries under the Common Development and Distribution License.
contrib Packages contributed by 3rd parties.
crypto Cryptography stuff (see crypto/README).
etc Template files for /etc.
gnu Commands and libraries under the GNU General Public License (GPL) or Lesser General Public License (LGPL). Please see gnu/COPYING and gnu/COPYING.LIB for more information.
include System include files.
kerberos5 Kerberos5 (Heimdal) package.
lib System libraries.
libexec System daemons.
release Release building Makefile & associated tools.
rescue Build system for statically linked /rescue utilities.
sbin System commands.
secure Cryptographic libraries and commands.
share Shared resources.
stand Boot loader sources.
sys Kernel sources.
sys/arch/conf Kernel configuration files. GENERIC is the configuration used in release builds. NOTES contains documentation of all possible entries.
tests Regression tests which can be run by Kyua. See tests/README for additional information.
tools Utilities for regression testing and miscellaneous tasks.
usr.bin User commands.
usr.sbin System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see FreeBSD Handbook.