freebsd with flexible iflib nic queues
Go to file
John Baldwin 9f03d2c001 ktls: Ensure FIFO encryption order for TLS 1.0.
TLS 1.0 records are encrypted as one continuous CBC chain where the
last block of the previous record is used as the IV for the next
record.  As a result, TLS 1.0 records cannot be encrypted out of order
but must be encrypted as a FIFO.

If the later pages of a sendfile(2) request complete before the first
pages, then TLS records can be encrypted out of order.  For TLS 1.1
and later this is fine, but this can break for TLS 1.0.

To cope, add a queue in each TLS session to hold TLS records that
contain valid unencrypted data but are waiting for an earlier TLS
record to be encrypted first.

- In ktls_enqueue(), check if a TLS record being queued is the next
  record expected for a TLS 1.0 session.  If not, it is placed in
  sorted order in the pending_records queue in the TLS session.

  If it is the next expected record, queue it for SW encryption like
  normal.  In addition, check if this new record (really a potential
  batch of records) was holding up any previously queued records in
  the pending_records queue.  Any of those records that are now in
  order are also placed on the queue for SW encryption.

- In ktls_destroy(), free any TLS records on the pending_records
  queue.  These mbufs are marked M_NOTREADY so were not freed when the
  socket buffer was purged in sbdestroy().  Instead, they must be
  freed explicitly.

Reviewed by:	gallatin, markj
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D32381
2021-10-13 12:30:15 -07:00
.cirrus-ci Cirrus-CI: add some timing info on pkg install failure 2021-08-04 15:02:00 -04:00
.github Vendor import of OpenSSH 8.7p1 2021-08-30 15:14:33 -04:00
bin src/bin/ps: Fix spelling error 2021-10-02 10:39:37 -06:00
cddl libctf: Improve check for duplicate SOU definitions in ctf_add_type() 2021-10-04 12:28:22 -04:00
contrib Teach the readelf about arm64 gnu properties 2021-10-11 10:39:49 +01:00
crypto OpenSSH: cherry-pick "need initgroups() before setresgid()" 2021-10-08 21:29:25 -04:00
etc Add support for jail.conf.d 2021-09-10 00:30:04 -05:00
gnu ncurses: chase dependency changes in the source tree 2021-10-04 11:38:24 +02:00
include vendor/bc: update to version 5.1.1 2021-10-06 23:27:16 +02:00
kerberos5 pkgbase: Create a FreeBSD-kerberos package 2021-09-07 10:23:14 +02:00
lib O_PATH: allow vfs_extattr syscalls 2021-10-11 20:09:49 +03:00
libexec rtld: Do not install libmap.conf when installing the COMPAT32 version 2021-10-13 14:42:08 +02:00
release Update Azure release bits 2021-10-02 04:59:10 +08:00
rescue rescue: fix after with to a ldscript of libncursesw.a 2021-10-10 08:53:41 +02:00
sbin sbin/mount_fusefs/mount_fusefs.8: Fix typos 2021-10-09 09:02:39 -06:00
secure openssh: Add new source files to libssl 2021-09-10 00:56:24 +02:00
share acpi(4): Correct outdated sysctl 2021-10-12 20:47:03 -04:00
stand stand: fix build after recent opencrypto changes 2021-10-06 20:23:44 -05:00
sys ktls: Ensure FIFO encryption order for TLS 1.0. 2021-10-13 12:30:15 -07:00
targets Fix bootstrapping to actually build lldb-tblgen for later use 2021-08-24 15:04:25 +01:00
tests fifos: delegate unhandled kqueue filters to underlying filesystem 2021-10-12 02:43:07 -05:00
tools stress2: Use two memory disks for this test 2021-10-12 06:45:19 +00:00
usr.bin last: improve non-UTF8 locale output after libxo support was added 2021-10-11 19:02:12 +02:00
usr.sbin bhyve: Update usage and synopsis for the -k flag 2021-10-13 08:39:57 +02:00
.arcconfig Remove history.immutable from .arcconfig 2021-04-13 12:36:25 +01:00
.arclint
.cirrus.yml Cirrus-CI: add a manually triggered arm64 task 2021-09-14 15:12:55 -04:00
.clang-format clang-format: Add bitset loop macros 2021-09-21 12:08:01 -04:00
.gitattributes Add a basic clang-format configuration file 2019-06-07 15:23:52 +00:00
.gitignore gitignore: Add .clangd and .ccls-cache 2021-06-04 16:56:08 +08:00
COPYRIGHT copyrights: Happy New Year 2021 2020-12-31 10:29:44 -05:00
LOCKS LOCKS: update current locks 2018-06-09 03:08:04 +00:00
MAINTAINERS [skip ci] volunteer to maintain POSIX AIO 2021-05-30 17:21:12 -06:00
Makefile Revert "Fix native-xtools build" 2021-08-03 10:00:28 -07:00
Makefile.inc1 native-xtools: avoid libllvm while populating the sysroot 2021-10-13 04:41:17 -05:00
Makefile.libcompat ncurses: fix libcompat (lib32 for example) building 2021-10-04 14:16:32 +02:00
Makefile.sys.inc
ObsoleteFiles.inc Update OptionalObsoleteFiles.inc after 021385aba5 2021-10-11 11:46:31 +01:00
README.md Vendor import of OpenSSH 8.7p1 2021-08-30 15:14:33 -04:00
RELNOTES RELNOTES: Add entries for KASAN and KMSAN 2021-08-11 13:08:36 -04:00
UPDATING ncurses: document in UPDATING and bump _FreeBSD_version 2021-10-04 11:38:29 +02:00

FreeBSD Source:

This is the top level of the FreeBSD source directory.

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms. A large community has continually developed it for more than thirty years. Its advanced networking, security, and storage features have made FreeBSD the platform of choice for many of the busiest web sites and most pervasive embedded networking and storage devices.

For copyright information, please see the file COPYRIGHT in this directory. Additional copyright information also exists for some sources in this tree - please see the specific source directories for more information.

The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree. See build(7), config(8), FreeBSD handbook on building userland, and Handbook for kernels for more information, including setting make(1) variables.

Source Roadmap:

Directory Description
bin System/user commands.
cddl Various commands and libraries under the Common Development and Distribution License.
contrib Packages contributed by 3rd parties.
crypto Cryptography stuff (see crypto/README).
etc Template files for /etc.
gnu Various commands and libraries under the GNU Public License. Please see gnu/COPYING and gnu/COPYING.LIB for more information.
include System include files.
kerberos5 Kerberos5 (Heimdal) package.
lib System libraries.
libexec System daemons.
release Release building Makefile & associated tools.
rescue Build system for statically linked /rescue utilities.
sbin System commands.
secure Cryptographic libraries and commands.
share Shared resources.
stand Boot loader sources.
sys Kernel sources.
sys/arch/conf Kernel configuration files. GENERIC is the configuration used in release builds. NOTES contains documentation of all possible entries.
tests Regression tests which can be run by Kyua. See tests/README for additional information.
tools Utilities for regression testing and miscellaneous tasks.
usr.bin User commands.
usr.sbin System administration commands.

For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see FreeBSD Handbook.