Ktls: never skip stamping tags for NIC TLS
The newer RACK and BBR TCP stacks have added a mechanism to disable hardware packet pacing for TCP retransmits. This mechanism works by skipping the send-tag stamp on rate-limited connections when the TCP stack calls ip_output() with the IP_NO_SND_TAG_RL flag set. When doing NIC TLS, we must ignore this flag, as NIC TLS packets must always be stamped. Failure to stamp a NIC TLS packet will result in crypto issues. Reviewed by: hselasky, rrs Sponsored by: Netflix, Mellanox
This commit is contained in:
parent
17dd52dfab
commit
6043ac201a
@ -242,6 +242,10 @@ ip_output_send(struct inpcb *inp, struct ifnet *ifp, struct mbuf *m,
|
|||||||
error = EAGAIN;
|
error = EAGAIN;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
* Always stamp tags that include NIC ktls.
|
||||||
|
*/
|
||||||
|
stamp_tag = true;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef RATELIMIT
|
#ifdef RATELIMIT
|
||||||
|
@ -353,6 +353,10 @@ ip6_output_send(struct inpcb *inp, struct ifnet *ifp, struct ifnet *origifp,
|
|||||||
error = EAGAIN;
|
error = EAGAIN;
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
* Always stamp tags that include NIC ktls.
|
||||||
|
*/
|
||||||
|
stamp_tag = true;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef RATELIMIT
|
#ifdef RATELIMIT
|
||||||
|
Loading…
Reference in New Issue
Block a user