mirror of
https://github.com/opnsense/src.git
synced 2026-02-25 02:42:54 -05:00
2ff447ee3b
Rather than requiring a socket to be created as a TLS socket from the get go, switch a TOE socket from "plain" TOE to TLS mode when a receive key is added to the socket. The firmware is only able to switch a "plain" TOE connection to TLS mode if the head of the pending socket data is the start of a TLS record, so the connection is migrated to TLS mode as a multi-step process. When TOE TLS RX is enabled, the associated connection's receive side is frozen via a flag in the TCB. The state of the socket buffer is then examined to determine if the pending data in the socket buffer ends on a TLS record boundary. If so, the connection is migrated to TLS mode and unfrozen. Otherwise, the connection is unfrozen temporarily until more data arrives. Once more data arrives, the receive queue is frozen again and rechecked. This continues until the connection is paused at a record boundary. Any records received before TLS mode is enabled are decrypted as software records. Note that this removes the 'rx_tls_ports' sysctl. TOE TLS offload for receive is now enabled automatically on existing TOE connections when using a KTLS-aware SSL library just as it was previously enabled automatically for TLS transmit. This also enables TLS offload for TOE connections which enable TLS after passing initial data in the clear (e.g. STARTTLS with SMTP). Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D37351 |
||
|---|---|---|
| .. | ||
| common | ||
| crypto | ||
| cudbg | ||
| cxgbei | ||
| firmware | ||
| iw_cxgbe | ||
| tom | ||
| adapter.h | ||
| if_cc.c | ||
| if_ccv.c | ||
| if_cxl.c | ||
| if_cxlv.c | ||
| offload.h | ||
| osdep.h | ||
| t4_clip.c | ||
| t4_clip.h | ||
| t4_filter.c | ||
| t4_if.m | ||
| t4_ioctl.h | ||
| t4_iov.c | ||
| t4_l2t.c | ||
| t4_l2t.h | ||
| t4_main.c | ||
| t4_mp_ring.c | ||
| t4_mp_ring.h | ||
| t4_netmap.c | ||
| t4_sched.c | ||
| t4_sge.c | ||
| t4_smt.c | ||
| t4_smt.h | ||
| t4_tracer.c | ||
| t4_vf.c | ||