fe8c78f0d2
Basic TLS RX offloading uses the "csum_flags" field in the mbuf packet header to figure out if an incoming mbuf has been fully offloaded or not. This information follows the packet stream via the LRO engine, IP stack and finally to the TCP stack. The TCP stack preserves the mbuf packet header also when re-assembling packets after packet loss. When the mbuf goes into the socket buffer the packet header is demoted and the offload information is transferred to "m_flags" . Later on a worker thread will analyze the mbuf flags and decide if the mbufs making up a TLS record indicate a fully-, partially- or not decrypted TLS record. Based on these three cases the worker thread will either pass the packet on as-is or recrypt the decrypted bits, if any, or decrypt the packet as usual. During packet loss the kernel TLS code will call back into the network driver using the send tag, informing about the TCP starting sequence number of every TLS record that is not fully decrypted by the network interface. The network interface then stores this information in a compressed table and starts asking the hardware if it has found a valid TLS header in the TCP data payload. If the hardware has found a valid TLS header and the referred TLS header is at a valid TCP sequence number according to the TCP sequence numbers provided by the kernel TLS code, the network driver then informs the hardware that it can resume decryption. Care has been taken to not merge encrypted and decrypted mbuf chains, in the LRO engine and when appending mbufs to the socket buffer. The mbuf's leaf network interface pointer is used to figure out from which network interface the offloading rule should be allocated. Also this pointer is used to track route changes. Currently mbuf send tags are used in both transmit and receive direction, due to convenience, but may get a new name in the future to better reflect their usage. Reviewed by: jhb@ and gallatin@ Differential revision: https://reviews.freebsd.org/D32356 Sponsored by: NVIDIA Networking |
||
---|---|---|
.cirrus-ci | ||
.github | ||
bin | ||
cddl | ||
contrib | ||
crypto | ||
etc | ||
gnu | ||
include | ||
kerberos5 | ||
lib | ||
libexec | ||
release | ||
rescue | ||
sbin | ||
secure | ||
share | ||
stand | ||
sys | ||
targets | ||
tests | ||
tools | ||
usr.bin | ||
usr.sbin | ||
.arcconfig | ||
.arclint | ||
.cirrus.yml | ||
.clang-format | ||
.gitattributes | ||
.gitignore | ||
COPYRIGHT | ||
LOCKS | ||
MAINTAINERS | ||
Makefile | ||
Makefile.inc1 | ||
Makefile.libcompat | ||
Makefile.sys.inc | ||
ObsoleteFiles.inc | ||
README.md | ||
RELNOTES | ||
UPDATING |
FreeBSD Source:
This is the top level of the FreeBSD source directory.
FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.
For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.
The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), FreeBSD handbook on building userland, and Handbook for kernels for more information, including setting make(1) variables.
Source Roadmap:
Directory | Description |
---|---|
bin | System/user commands. |
cddl | Various commands and libraries under the Common Development and Distribution License. |
contrib | Packages contributed by 3rd parties. |
crypto | Cryptography stuff (see crypto/README). |
etc | Template files for /etc. |
gnu | Commands and libraries under the GNU General Public License (GPL) or Lesser General Public License (LGPL). Please see gnu/COPYING and gnu/COPYING.LIB for more information. |
include | System include files. |
kerberos5 | Kerberos5 (Heimdal) package. |
lib | System libraries. |
libexec | System daemons. |
release | Release building Makefile & associated tools. |
rescue | Build system for statically linked /rescue utilities. |
sbin | System commands. |
secure | Cryptographic libraries and commands. |
share | Shared resources. |
stand | Boot loader sources. |
sys | Kernel sources. |
sys/arch /conf |
Kernel configuration files. GENERIC is the configuration used in release builds. NOTES contains documentation of all possible entries. |
tests | Regression tests which can be run by Kyua. See tests/README for additional information. |
tools | Utilities for regression testing and miscellaneous tasks. |
usr.bin | User commands. |
usr.sbin | System administration commands. |
For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see FreeBSD Handbook.