Commit 96668a81 authored by John Baldwin's avatar John Baldwin
Browse files

ktls: Always create a software backend for receive sessions.

A future change to TOE TLS will require a software fallback for the
first few TLS records received.  Future support for NIC TLS on receive
will also require a software fallback for certain cases.

Reviewed by:	gallatin, hselasky
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D32566
parent b33ff941
......@@ -784,7 +784,6 @@ ktls_cleanup(struct ktls_session *tls)
counter_u64_add(ktls_sw_chacha20, -1);
break;
}
ktls_ocf_free(tls);
break;
case TCP_TLS_MODE_IFNET:
switch (tls->params.cipher_algorithm) {
......@@ -817,6 +816,8 @@ ktls_cleanup(struct ktls_session *tls)
break;
#endif
}
if (tls->ocf_session != NULL)
ktls_ocf_free(tls);
if (tls->params.auth_key != NULL) {
zfree(tls->params.auth_key, M_KTLS);
tls->params.auth_key = NULL;
......@@ -1004,14 +1005,9 @@ ktls_try_ifnet(struct socket *so, struct ktls_session *tls, bool force)
return (error);
}
static int
ktls_try_sw(struct socket *so, struct ktls_session *tls, int direction)
static void
ktls_use_sw(struct ktls_session *tls)
{
int error;
error = ktls_ocf_try(so, tls, direction);
if (error)
return (error);
tls->mode = TCP_TLS_MODE_SW;
switch (tls->params.cipher_algorithm) {
case CRYPTO_AES_CBC:
......@@ -1024,6 +1020,17 @@ ktls_try_sw(struct socket *so, struct ktls_session *tls, int direction)
counter_u64_add(ktls_sw_chacha20, 1);
break;
}
}
static int
ktls_try_sw(struct socket *so, struct ktls_session *tls, int direction)
{
int error;
error = ktls_ocf_try(so, tls, direction);
if (error)
return (error);
ktls_use_sw(tls);
return (0);
}
......@@ -1184,17 +1191,18 @@ ktls_enable_rx(struct socket *so, struct tls_enable *en)
if (error)
return (error);
#ifdef TCP_OFFLOAD
error = ktls_try_toe(so, tls, KTLS_RX);
if (error)
#endif
error = ktls_try_sw(so, tls, KTLS_RX);
error = ktls_ocf_try(so, tls, KTLS_RX);
if (error) {
ktls_cleanup(tls);
return (error);
}
#ifdef TCP_OFFLOAD
error = ktls_try_toe(so, tls, KTLS_RX);
if (error)
#endif
ktls_use_sw(tls);
/* Mark the socket as using TLS offload. */
SOCKBUF_LOCK(&so->so_rcv);
so->so_rcv.sb_tls_seqno = be64dec(en->rec_seq);
......
......@@ -184,10 +184,8 @@ struct ktls_session {
const struct tls_record_layer *hdr, struct mbuf *m,
uint64_t seqno, int *trailer_len);
};
union {
struct ktls_ocf_session *ocf_session;
struct m_snd_tag *snd_tag;
};
struct ktls_ocf_session *ocf_session;
struct m_snd_tag *snd_tag;
struct tls_session_params params;
u_int wq_index;
volatile u_int refcount;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment