Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 6 Dec 2019 15:36:32 +0000 (UTC)
From:      Hans Petter Selasky <hselasky@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r355446 - in head/sys: conf dev/mlx5 dev/mlx5/mlx5_en modules/mlx5en
Message-ID:  <201912061536.xB6FaWFg006545@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: hselasky
Date: Fri Dec  6 15:36:32 2019
New Revision: 355446
URL: https://svnweb.freebsd.org/changeset/base/355446

Log:
  Implement hardware TLS via send tags for mlx5en(4), which is supported by
  ConnectX-6 DX.
  
  Currently TLS v1.2 and v1.3 with AES 128/256 crypto over TCP/IP (v4
  and v6) is supported.
  
  A per PCI device UMA zone is used to manage the memory of the send
  tags.  To optimize performance some crypto contexts may be cached by
  the UMA zone, until the UMA zone finishes the memory of the given send
  tag.
  
  An asynchronous task is used manage setup of the send tags towards the
  firmware. Most importantly setting the AES 128/256 bit pre-shared keys
  for the crypto context.
  
  Updating the state of the AES crypto engine and encrypting data, is
  all done in the fast path. Each send tag tracks the TCP sequence
  number in order to detect non-contiguous blocks of data, which may
  require a dump of prior unencrypted data, to restore the crypto state
  prior to wire transmission.
  
  Statistics counters have been added to count the amount of TLS data
  transmitted in total, and the amount of TLS data which has been dumped
  prior to transmission. When non-contiguous TCP sequence numbers are
  detected, the software needs to dump the beginning of the current TLS
  record up until the point of retransmission. All TLS counters utilize
  the counter(9) API.
  
  In order to enable hardware TLS offload the following sysctls must be set:
  kern.ipc.mb_use_ext_pgs=1
  kern.ipc.tls.ifnet.permitted=1
  kern.ipc.tls.enable=1
  
  Sponsored by:	Mellanox Technologies

Added:
  head/sys/dev/mlx5/mlx5_en/en_hw_tls.h   (contents, props changed)
  head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c   (contents, props changed)
Modified:
  head/sys/conf/files
  head/sys/dev/mlx5/device.h
  head/sys/dev/mlx5/mlx5_en/en.h
  head/sys/dev/mlx5/mlx5_en/en_rl.h
  head/sys/dev/mlx5/mlx5_en/mlx5_en_ethtool.c
  head/sys/dev/mlx5/mlx5_en/mlx5_en_main.c
  head/sys/dev/mlx5/mlx5_en/mlx5_en_rl.c
  head/sys/dev/mlx5/mlx5_en/mlx5_en_tx.c
  head/sys/modules/mlx5en/Makefile

Modified: head/sys/conf/files
==============================================================================
--- head/sys/conf/files	Fri Dec  6 15:01:36 2019	(r355445)
+++ head/sys/conf/files	Fri Dec  6 15:36:32 2019	(r355446)
@@ -4781,6 +4781,8 @@ dev/mlx5/mlx5_en/mlx5_en_tx.c			optional mlx5en pci in
 	compile-with "${OFED_C}"
 dev/mlx5/mlx5_en/mlx5_en_flow_table.c		optional mlx5en pci inet inet6	\
 	compile-with "${OFED_C}"
+dev/mlx5/mlx5_en/mlx5_en_hw_tls.c		optional mlx5en pci inet inet6	\
+	compile-with "${OFED_C}"
 dev/mlx5/mlx5_en/mlx5_en_rx.c			optional mlx5en pci inet inet6	\
 	compile-with "${OFED_C}"
 dev/mlx5/mlx5_en/mlx5_en_rl.c			optional mlx5en pci inet inet6	\

Modified: head/sys/dev/mlx5/device.h
==============================================================================
--- head/sys/dev/mlx5/device.h	Fri Dec  6 15:01:36 2019	(r355445)
+++ head/sys/dev/mlx5/device.h	Fri Dec  6 15:36:32 2019	(r355446)
@@ -361,6 +361,7 @@ enum {
 	MLX5_OPCODE_ATOMIC_MASKED_FA	= 0x15,
 	MLX5_OPCODE_BIND_MW		= 0x18,
 	MLX5_OPCODE_CONFIG_CMD		= 0x1f,
+	MLX5_OPCODE_DUMP		= 0x23,
 
 	MLX5_RECV_OPCODE_RDMA_WRITE_IMM	= 0x00,
 	MLX5_RECV_OPCODE_SEND		= 0x01,

Modified: head/sys/dev/mlx5/mlx5_en/en.h
==============================================================================
--- head/sys/dev/mlx5/mlx5_en/en.h	Fri Dec  6 15:01:36 2019	(r355445)
+++ head/sys/dev/mlx5/mlx5_en/en.h	Fri Dec  6 15:36:32 2019	(r355446)
@@ -53,6 +53,7 @@
 #include <net/pfil.h>
 #include <sys/buf_ring.h>
 #include <sys/kthread.h>
+#include <sys/counter.h>
 
 #include "opt_rss.h"
 
@@ -167,6 +168,7 @@ typedef void (mlx5e_cq_comp_t)(struct mlx5_core_cq *);
 
 #define	MLX5E_STATS_COUNT(a, ...) a
 #define	MLX5E_STATS_VAR(a, b, c, ...) b c;
+#define	MLX5E_STATS_COUNTER(a, b, c, ...) counter_##b##_t c;
 #define	MLX5E_STATS_DESC(a, b, c, d, e, ...) d, e,
 
 #define	MLX5E_VPORT_STATS(m)						\
@@ -724,6 +726,7 @@ struct mlx5e_params_ethtool {
 	u8	fec_avail_10x_25x[MLX5E_MAX_FEC_10X_25X];
 	u16	fec_avail_50x[MLX5E_MAX_FEC_50X];
 	u32	fec_mode_active;
+	u32	hw_mtu_msb;
 };
 
 struct mlx5e_cq {
@@ -775,6 +778,7 @@ struct mlx5e_rq {
 struct mlx5e_sq_mbuf {
 	bus_dmamap_t dma_map;
 	struct mbuf *mbuf;
+	volatile s32 *p_refcount;	/* in use refcount, if any */
 	u32	num_bytes;
 	u32	num_wqebbs;
 };
@@ -959,9 +963,14 @@ struct mlx5e_flow_tables {
 	struct mlx5e_flow_table inner_rss;
 };
 
-#ifdef RATELIMIT
+struct mlx5e_xmit_args {
+	volatile s32 *pref;
+	u32 tisn;
+	u16 ihs;
+};
+
 #include "en_rl.h"
-#endif
+#include "en_hw_tls.h"
 
 #define	MLX5E_TSTMP_PREC 10
 
@@ -1035,10 +1044,11 @@ struct mlx5e_priv {
 	int	media_active_last;
 
 	struct callout watchdog;
-#ifdef RATELIMIT
+
 	struct mlx5e_rl_priv_data rl;
-#endif
 
+	struct mlx5e_tls tls;
+
 	struct callout tstmp_clbr;
 	int	clbr_done;
 	int	clbr_curr;
@@ -1092,6 +1102,8 @@ struct mlx5e_eeprom {
 
 #define	MLX5E_FLD_MAX(typ, fld) ((1ULL << __mlx5_bit_sz(typ, fld)) - 1ULL)
 
+bool	mlx5e_do_send_cqe(struct mlx5e_sq *);
+int	mlx5e_get_full_header_size(struct mbuf *, struct tcphdr **);
 int	mlx5e_xmit(struct ifnet *, struct mbuf *);
 
 int	mlx5e_open_locked(struct ifnet *);
@@ -1163,7 +1175,12 @@ void	mlx5e_create_ethtool(struct mlx5e_priv *);
 void	mlx5e_create_stats(struct sysctl_ctx_list *,
     struct sysctl_oid_list *, const char *,
     const char **, unsigned, u64 *);
+void	mlx5e_create_counter_stats(struct sysctl_ctx_list *,
+    struct sysctl_oid_list *, const char *,
+    const char **, unsigned, counter_u64_t *);
 void	mlx5e_send_nop(struct mlx5e_sq *, u32);
+int	mlx5e_sq_dump_xmit(struct mlx5e_sq *, struct mlx5e_xmit_args *, struct mbuf **);
+int	mlx5e_sq_xmit(struct mlx5e_sq *, struct mbuf **);
 void	mlx5e_sq_cev_timeout(void *);
 int	mlx5e_refresh_channel_params(struct mlx5e_priv *);
 int	mlx5e_open_cq(struct mlx5e_priv *, struct mlx5e_cq_param *,
@@ -1182,5 +1199,10 @@ void	mlx5e_update_sq_inline(struct mlx5e_sq *sq);
 void	mlx5e_refresh_sq_inline(struct mlx5e_priv *priv);
 int	mlx5e_update_buf_lossy(struct mlx5e_priv *priv);
 int	mlx5e_fec_update(struct mlx5e_priv *priv);
+
+if_snd_tag_alloc_t mlx5e_ul_snd_tag_alloc;
+if_snd_tag_modify_t mlx5e_ul_snd_tag_modify;
+if_snd_tag_query_t mlx5e_ul_snd_tag_query;
+if_snd_tag_free_t mlx5e_ul_snd_tag_free;
 
 #endif					/* _MLX5_EN_H_ */

Added: head/sys/dev/mlx5/mlx5_en/en_hw_tls.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sys/dev/mlx5/mlx5_en/en_hw_tls.h	Fri Dec  6 15:36:32 2019	(r355446)
@@ -0,0 +1,104 @@
+/*-
+ * Copyright (c) 2019 Mellanox Technologies. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#ifndef _MLX5_TLS_H_
+#define	_MLX5_TLS_H_
+
+#include <sys/queue.h>
+
+#define	MLX5E_TLS_TAG_LOCK(tag)		mtx_lock(&(tag)->mtx)
+#define	MLX5E_TLS_TAG_UNLOCK(tag)	mtx_unlock(&(tag)->mtx)
+
+#define	MLX5E_TLS_STAT_INC(tag, field, num) \
+	counter_u64_add((tag)->tls->stats.field, num)
+
+enum {
+      MLX5E_TLS_LOOP = 0,
+      MLX5E_TLS_FAILURE = 1,
+      MLX5E_TLS_DEFERRED = 2,
+      MLX5E_TLS_CONTINUE = 3,
+};
+
+struct mlx5e_tls_tag {
+	struct mlx5e_snd_tag tag;
+	STAILQ_ENTRY(mlx5e_tls_tag) entry;
+	volatile s32 refs;	/* number of pending mbufs */
+	uint32_t tisn;		/* HW TIS context number */
+	uint32_t dek_index;	/* HW TLS context number */
+	struct mlx5e_tls *tls;
+	struct m_snd_tag *rl_tag;
+	struct mtx mtx;
+	uint32_t expected_seq; /* expected TCP sequence number */
+	uint32_t state;	/* see MLX5E_TLS_ST_XXX */
+#define	MLX5E_TLS_ST_INIT 0
+#define	MLX5E_TLS_ST_SETUP 1
+#define	MLX5E_TLS_ST_TXRDY 2
+#define	MLX5E_TLS_ST_FREED 3
+	struct work_struct work;
+
+	uint32_t dek_index_ok:1;
+
+	/* parameters needed */
+	uint8_t crypto_params[128] __aligned(4);
+} __aligned(MLX5E_CACHELINE_SIZE);
+
+#define	MLX5E_TLS_STATS(m)					\
+  m(+1, u64, tx_packets, "tx_packets", "Transmitted packets")	\
+  m(+1, u64, tx_bytes, "tx_bytes", "Transmitted bytes")		\
+  m(+1, u64, tx_packets_ooo, "tx_packets_ooo", "Transmitted packets out of order") \
+  m(+1, u64, tx_bytes_ooo, "tx_bytes_ooo", "Transmitted bytes out of order") \
+  m(+1, u64, tx_error, "tx_error", "Transmitted packets with error")
+
+#define	MLX5E_TLS_STATS_NUM (0 MLX5E_TLS_STATS(MLX5E_STATS_COUNT))
+
+struct mlx5e_tls_stats {
+	struct	sysctl_ctx_list ctx;
+	counter_u64_t	arg[0];
+	MLX5E_TLS_STATS(MLX5E_STATS_COUNTER)
+};
+
+struct mlx5e_tls {
+	struct sysctl_ctx_list ctx;
+	struct mlx5e_tls_stats stats;
+	struct workqueue_struct *wq;
+	uma_zone_t zone;
+	uint32_t max_resources;		/* max number of resources */
+	volatile uint32_t num_resources;	/* current number of resources */
+	int init;			/* set when ready */
+	char zname[32];
+};
+
+int mlx5e_tls_init(struct mlx5e_priv *);
+void mlx5e_tls_cleanup(struct mlx5e_priv *);
+int mlx5e_sq_tls_xmit(struct mlx5e_sq *, struct mlx5e_xmit_args *, struct mbuf **);
+
+if_snd_tag_alloc_t mlx5e_tls_snd_tag_alloc;
+if_snd_tag_modify_t mlx5e_tls_snd_tag_modify;
+if_snd_tag_query_t mlx5e_tls_snd_tag_query;
+if_snd_tag_free_t mlx5e_tls_snd_tag_free;
+
+#endif					/* _MLX5_TLS_H_ */

Modified: head/sys/dev/mlx5/mlx5_en/en_rl.h
==============================================================================
--- head/sys/dev/mlx5/mlx5_en/en_rl.h	Fri Dec  6 15:01:36 2019	(r355445)
+++ head/sys/dev/mlx5/mlx5_en/en_rl.h	Fri Dec  6 15:36:32 2019	(r355446)
@@ -167,6 +167,7 @@ struct mlx5e_rl_priv_data {
 int mlx5e_rl_init(struct mlx5e_priv *priv);
 void mlx5e_rl_cleanup(struct mlx5e_priv *priv);
 void mlx5e_rl_refresh_sq_inline(struct mlx5e_rl_priv_data *rl);
+
 if_snd_tag_alloc_t mlx5e_rl_snd_tag_alloc;
 if_snd_tag_modify_t mlx5e_rl_snd_tag_modify;
 if_snd_tag_query_t mlx5e_rl_snd_tag_query;

Modified: head/sys/dev/mlx5/mlx5_en/mlx5_en_ethtool.c
==============================================================================
--- head/sys/dev/mlx5/mlx5_en/mlx5_en_ethtool.c	Fri Dec  6 15:01:36 2019	(r355445)
+++ head/sys/dev/mlx5/mlx5_en/mlx5_en_ethtool.c	Fri Dec  6 15:36:32 2019	(r355446)
@@ -48,6 +48,26 @@ mlx5e_create_stats(struct sysctl_ctx_list *ctx,
 	}
 }
 
+void
+mlx5e_create_counter_stats(struct sysctl_ctx_list *ctx,
+    struct sysctl_oid_list *parent, const char *buffer,
+    const char **desc, unsigned num, counter_u64_t *arg)
+{
+	struct sysctl_oid *node;
+	unsigned x;
+
+	sysctl_ctx_init(ctx);
+
+	node = SYSCTL_ADD_NODE(ctx, parent, OID_AUTO,
+	    buffer, CTLFLAG_RD, NULL, "Statistics");
+	if (node == NULL)
+		return;
+	for (x = 0; x != num; x++) {
+		SYSCTL_ADD_COUNTER_U64(ctx, SYSCTL_CHILDREN(node), OID_AUTO,
+		    desc[2 * x], CTLFLAG_RD, arg + x, desc[2 * x + 1]);
+	}
+}
+
 static void
 mlx5e_ethtool_sync_tx_completion_fact(struct mlx5e_priv *priv)
 {

Added: head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls.c	Fri Dec  6 15:36:32 2019	(r355446)
@@ -0,0 +1,834 @@
+/*-
+ * Copyright (c) 2019 Mellanox Technologies. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS `AS IS' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include "opt_kern_tls.h"
+
+#include "en.h"
+
+#include <dev/mlx5/tls.h>
+
+#include <linux/delay.h>
+#include <sys/ktls.h>
+#include <opencrypto/cryptodev.h>
+
+#ifdef KERN_TLS
+
+MALLOC_DEFINE(M_MLX5E_TLS, "MLX5E_TLS", "MLX5 ethernet HW TLS");
+
+/* software TLS context */
+struct mlx5_ifc_sw_tls_cntx_bits {
+	struct mlx5_ifc_tls_static_params_bits param;
+	struct mlx5_ifc_tls_progress_params_bits progress;
+	struct {
+		uint8_t key_data[8][0x20];
+		uint8_t key_len[0x20];
+	} key;
+};
+
+CTASSERT(MLX5_ST_SZ_BYTES(sw_tls_cntx) <= sizeof(((struct mlx5e_tls_tag *)0)->crypto_params));
+CTASSERT(MLX5_ST_SZ_BYTES(mkc) == sizeof(((struct mlx5e_tx_umr_wqe *)0)->mkc));
+
+static const char *mlx5e_tls_stats_desc[] = {
+	MLX5E_TLS_STATS(MLX5E_STATS_DESC)
+};
+
+static void mlx5e_tls_work(struct work_struct *);
+
+static int
+mlx5e_tls_tag_zinit(void *mem, int size, int flags)
+{
+	struct mlx5e_tls_tag *ptag = mem;
+
+	MPASS(size == sizeof(*ptag));
+
+	memset(ptag, 0, sizeof(*ptag));
+	mtx_init(&ptag->mtx, "mlx5-tls-tag-mtx", NULL, MTX_DEF);
+	INIT_WORK(&ptag->work, mlx5e_tls_work);
+
+	return (0);
+}
+
+static void
+mlx5e_tls_tag_zfini(void *mem, int size)
+{
+	struct mlx5e_tls_tag *ptag = mem;
+	struct mlx5e_priv *priv;
+	struct mlx5e_tls *ptls;
+
+	ptls = ptag->tls;
+	priv = container_of(ptls, struct mlx5e_priv, tls);
+
+	flush_work(&ptag->work);
+
+	if (ptag->tisn != 0) {
+		mlx5_tls_close_tis(priv->mdev, ptag->tisn);
+		atomic_add_32(&ptls->num_resources, -1U);
+	}
+
+	mtx_destroy(&ptag->mtx);
+}
+
+static void
+mlx5e_tls_tag_zfree(struct mlx5e_tls_tag *ptag)
+{
+
+	/* reset some variables */
+	ptag->state = MLX5E_TLS_ST_INIT;
+	ptag->dek_index = 0;
+	ptag->dek_index_ok = 0;
+
+	/* avoid leaking keys */
+	memset(ptag->crypto_params, 0, sizeof(ptag->crypto_params));
+
+	/* update number of TIS contexts */
+	if (ptag->tisn == 0)
+		atomic_add_32(&ptag->tls->num_resources, -1U);
+
+	/* return tag to UMA */
+	uma_zfree(ptag->tls->zone, ptag);
+}
+
+int
+mlx5e_tls_init(struct mlx5e_priv *priv)
+{
+	struct mlx5e_tls *ptls = &priv->tls;
+	struct sysctl_oid *node;
+	uint32_t x;
+
+	if (MLX5_CAP_GEN(priv->mdev, tls) == 0)
+		return (0);
+
+	ptls->wq = create_singlethread_workqueue("mlx5-tls-wq");
+	if (ptls->wq == NULL)
+		return (ENOMEM);
+
+	sysctl_ctx_init(&ptls->ctx);
+
+	snprintf(ptls->zname, sizeof(ptls->zname),
+	    "mlx5_%u_tls", device_get_unit(priv->mdev->pdev->dev.bsddev));
+
+	ptls->zone = uma_zcreate(ptls->zname, sizeof(struct mlx5e_tls_tag),
+	    NULL, NULL, mlx5e_tls_tag_zinit, mlx5e_tls_tag_zfini, UMA_ALIGN_CACHE, 0);
+
+	ptls->max_resources = 1U << MLX5_CAP_GEN(priv->mdev, log_max_dek);
+
+	for (x = 0; x != MLX5E_TLS_STATS_NUM; x++)
+		ptls->stats.arg[x] = counter_u64_alloc(M_WAITOK);
+
+	ptls->init = 1;
+
+	node = SYSCTL_ADD_NODE(&priv->sysctl_ctx,
+	    SYSCTL_CHILDREN(priv->sysctl_ifnet), OID_AUTO,
+	    "tls", CTLFLAG_RW, NULL, "Hardware TLS offload");
+	if (node == NULL)
+		return (0);
+
+	mlx5e_create_counter_stats(&ptls->ctx,
+	    SYSCTL_CHILDREN(node), "stats",
+	    mlx5e_tls_stats_desc, MLX5E_TLS_STATS_NUM,
+	    ptls->stats.arg);
+
+	return (0);
+}
+
+void
+mlx5e_tls_cleanup(struct mlx5e_priv *priv)
+{
+	struct mlx5e_tls *ptls = &priv->tls;
+	uint32_t x;
+
+	if (MLX5_CAP_GEN(priv->mdev, tls) == 0)
+		return;
+
+	ptls->init = 0;
+	flush_workqueue(ptls->wq);
+	sysctl_ctx_free(&ptls->ctx);
+	uma_zdestroy(ptls->zone);
+	destroy_workqueue(ptls->wq);
+
+	/* check if all resources are freed */
+	MPASS(priv->tls.num_resources == 0);
+
+	for (x = 0; x != MLX5E_TLS_STATS_NUM; x++)
+		counter_u64_free(ptls->stats.arg[x]);
+}
+
+static void
+mlx5e_tls_work(struct work_struct *work)
+{
+	struct mlx5e_tls_tag *ptag;
+	struct mlx5e_priv *priv;
+	int err;
+
+	ptag = container_of(work, struct mlx5e_tls_tag, work);
+	priv = container_of(ptag->tls, struct mlx5e_priv, tls);
+
+	switch (ptag->state) {
+	case MLX5E_TLS_ST_SETUP:
+		/* try to open TIS, if not present */
+		if (ptag->tisn == 0) {
+			err = mlx5_tls_open_tis(priv->mdev, 0, priv->tdn,
+			    priv->pdn, &ptag->tisn);
+			if (err) {
+				MLX5E_TLS_STAT_INC(ptag, tx_error, 1);
+				break;
+			}
+		}
+		MLX5_SET(sw_tls_cntx, ptag->crypto_params, progress.pd, ptag->tisn);
+
+		/* try to allocate a DEK context ID */
+		err = mlx5_encryption_key_create(priv->mdev, priv->pdn,
+		    MLX5_ADDR_OF(sw_tls_cntx, ptag->crypto_params, key.key_data),
+		    MLX5_GET(sw_tls_cntx, ptag->crypto_params, key.key_len),
+		    &ptag->dek_index);
+		if (err) {
+			MLX5E_TLS_STAT_INC(ptag, tx_error, 1);
+			break;
+		}
+
+		MLX5_SET(sw_tls_cntx, ptag->crypto_params, param.dek_index, ptag->dek_index);
+
+		ptag->dek_index_ok = 1;
+
+		MLX5E_TLS_TAG_LOCK(ptag);
+		if (ptag->state == MLX5E_TLS_ST_SETUP)
+			ptag->state = MLX5E_TLS_ST_TXRDY;
+		MLX5E_TLS_TAG_UNLOCK(ptag);
+		break;
+
+	case MLX5E_TLS_ST_FREED:
+		/* wait for all refs to go away */
+		while (ptag->refs != 0)
+			msleep(1);
+
+		/* try to destroy DEK context by ID */
+		if (ptag->dek_index_ok)
+			err = mlx5_encryption_key_destroy(priv->mdev, ptag->dek_index);
+
+		/* free tag */
+		mlx5e_tls_tag_zfree(ptag);
+		break;
+
+	default:
+		break;
+	}
+}
+
+static int
+mlx5e_tls_set_params(void *ctx, const struct tls_session_params *en)
+{
+
+	MLX5_SET(sw_tls_cntx, ctx, param.const_2, 2);
+	if (en->tls_vminor == TLS_MINOR_VER_TWO)
+		MLX5_SET(sw_tls_cntx, ctx, param.tls_version, 2); /* v1.2 */
+	else
+		MLX5_SET(sw_tls_cntx, ctx, param.tls_version, 3); /* v1.3 */
+	MLX5_SET(sw_tls_cntx, ctx, param.const_1, 1);
+	MLX5_SET(sw_tls_cntx, ctx, param.encryption_standard, 1); /* TLS */
+
+	/* copy the initial vector in place */
+	if (en->iv_len == MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv)) {
+		memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, param.gcm_iv),
+		    en->iv, MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv));
+	} else if (en->iv_len == (MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv) +
+				  MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv))) {
+		memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, param.gcm_iv),
+		    (char *)en->iv + MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv),
+		    MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.gcm_iv));
+		memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, param.implicit_iv),
+		    en->iv,
+		    MLX5_FLD_SZ_BYTES(sw_tls_cntx, param.implicit_iv));
+	} else {
+		return (EINVAL);
+	}
+
+	if (en->cipher_key_len <= MLX5_FLD_SZ_BYTES(sw_tls_cntx, key.key_data)) {
+		memcpy(MLX5_ADDR_OF(sw_tls_cntx, ctx, key.key_data),
+		    en->cipher_key, en->cipher_key_len);
+		MLX5_SET(sw_tls_cntx, ctx, key.key_len, en->cipher_key_len);
+	} else {
+		return (EINVAL);
+	}
+	return (0);
+}
+
+/* Verify zero default */
+CTASSERT(MLX5E_TLS_ST_INIT == 0);
+
+int
+mlx5e_tls_snd_tag_alloc(struct ifnet *ifp,
+    union if_snd_tag_alloc_params *params,
+    struct m_snd_tag **ppmt)
+{
+	struct if_snd_tag_alloc_rate_limit rl_params;
+	struct mlx5e_priv *priv;
+	struct mlx5e_tls_tag *ptag;
+	const struct tls_session_params *en;
+	int error;
+
+	priv = ifp->if_softc;
+
+	if (priv->tls.init == 0)
+		return (EOPNOTSUPP);
+
+	/* allocate new tag from zone, if any */
+	ptag = uma_zalloc(priv->tls.zone, M_NOWAIT);
+	if (ptag == NULL)
+		return (ENOMEM);
+
+	/* sanity check default values */
+	MPASS(ptag->state == MLX5E_TLS_ST_INIT);
+	MPASS(ptag->dek_index == 0);
+	MPASS(ptag->dek_index_ok == 0);
+
+	/* setup TLS tag */
+	ptag->tls = &priv->tls;
+	ptag->tag.type = params->hdr.type;
+
+	/* check if there is no TIS context */
+	if (ptag->tisn == 0) {
+		uint32_t value;
+
+		value = atomic_fetchadd_32(&priv->tls.num_resources, 1U);
+
+		/* check resource limits */
+		if (value >= priv->tls.max_resources) {
+			error = ENOMEM;
+			goto failure;
+		}
+	}
+
+	en = &params->tls.tls->params;
+
+	/* only TLS v1.2 and v1.3 is currently supported */
+	if (en->tls_vmajor != TLS_MAJOR_VER_ONE ||
+	    (en->tls_vminor != TLS_MINOR_VER_TWO
+#ifdef TLS_MINOR_VER_THREE
+	     && en->tls_vminor != TLS_MINOR_VER_THREE
+#endif
+	     )) {
+		error = EPROTONOSUPPORT;
+		goto failure;
+	}
+
+	switch (en->cipher_algorithm) {
+	case CRYPTO_AES_NIST_GCM_16:
+		switch (en->cipher_key_len) {
+		case 128 / 8:
+			if (en->auth_algorithm != CRYPTO_AES_128_NIST_GMAC) {
+				error = EINVAL;
+				goto failure;
+			}
+			if (en->tls_vminor == TLS_MINOR_VER_TWO) {
+				if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_128) == 0) {
+					error = EPROTONOSUPPORT;
+					goto failure;
+				}
+			} else {
+				if (MLX5_CAP_TLS(priv->mdev, tls_1_3_aes_gcm_128) == 0) {
+					error = EPROTONOSUPPORT;
+					goto failure;
+				}
+			}
+			error = mlx5e_tls_set_params(ptag->crypto_params, en);
+			if (error)
+				goto failure;
+			break;
+
+		case 256 / 8:
+			if (en->auth_algorithm != CRYPTO_AES_256_NIST_GMAC) {
+				error = EINVAL;
+				goto failure;
+			}
+			if (en->tls_vminor == TLS_MINOR_VER_TWO) {
+				if (MLX5_CAP_TLS(priv->mdev, tls_1_2_aes_gcm_256) == 0) {
+					error = EPROTONOSUPPORT;
+					goto failure;
+				}
+			} else {
+				if (MLX5_CAP_TLS(priv->mdev, tls_1_3_aes_gcm_256) == 0) {
+					error = EPROTONOSUPPORT;
+					goto failure;
+				}
+			}
+			error = mlx5e_tls_set_params(ptag->crypto_params, en);
+			if (error)
+				goto failure;
+			break;
+
+		default:
+			error = EINVAL;
+			goto failure;
+		}
+		break;
+	default:
+		error = EPROTONOSUPPORT;
+		goto failure;
+	}
+
+	switch (ptag->tag.type) {
+#if defined(RATELIMIT) && defined(IF_SND_TAG_TYPE_TLS_RATE_LIMIT)
+	case IF_SND_TAG_TYPE_TLS_RATE_LIMIT:
+		memset(&rl_params, 0, sizeof(rl_params));
+		rl_params.hdr = params->tls_rate_limit.hdr;
+		rl_params.hdr.type = IF_SND_TAG_TYPE_RATE_LIMIT;
+		rl_params.max_rate = params->tls_rate_limit.max_rate;
+
+		error = mlx5e_rl_snd_tag_alloc(ifp,
+		    container_of(&rl_params, union if_snd_tag_alloc_params, rate_limit),
+		    &ptag->rl_tag);
+		if (error)
+			goto failure;
+		break;
+#endif
+	case IF_SND_TAG_TYPE_TLS:
+		memset(&rl_params, 0, sizeof(rl_params));
+		rl_params.hdr = params->tls.hdr;
+		rl_params.hdr.type = IF_SND_TAG_TYPE_UNLIMITED;
+
+		error = mlx5e_ul_snd_tag_alloc(ifp,
+		    container_of(&rl_params, union if_snd_tag_alloc_params, unlimited),
+		    &ptag->rl_tag);
+		if (error)
+			goto failure;
+		break;
+	default:
+		error = EOPNOTSUPP;
+		goto failure;
+	}
+
+	/* store pointer to mbuf tag */
+	MPASS(ptag->tag.m_snd_tag.refcount == 0);
+	m_snd_tag_init(&ptag->tag.m_snd_tag, ifp);
+	*ppmt = &ptag->tag.m_snd_tag;
+	return (0);
+
+failure:
+	mlx5e_tls_tag_zfree(ptag);
+	return (error);
+}
+
+int
+mlx5e_tls_snd_tag_modify(struct m_snd_tag *pmt, union if_snd_tag_modify_params *params)
+{
+#if defined(RATELIMIT) && defined(IF_SND_TAG_TYPE_TLS_RATE_LIMIT)
+	struct if_snd_tag_rate_limit_params rl_params;
+	int error;
+#endif
+	struct mlx5e_tls_tag *ptag =
+	    container_of(pmt, struct mlx5e_tls_tag, tag.m_snd_tag);
+
+	switch (ptag->tag.type) {
+#if defined(RATELIMIT) && defined(IF_SND_TAG_TYPE_TLS_RATE_LIMIT)
+	case IF_SND_TAG_TYPE_TLS_RATE_LIMIT:
+		memset(&rl_params, 0, sizeof(rl_params));
+		rl_params.max_rate = params->tls_rate_limit.max_rate;
+		error = mlx5e_rl_snd_tag_modify(ptag->rl_tag,
+		    container_of(&rl_params, union if_snd_tag_modify_params, rate_limit));
+		return (error);
+#endif
+	default:
+		return (EOPNOTSUPP);
+	}
+}
+
+int
+mlx5e_tls_snd_tag_query(struct m_snd_tag *pmt, union if_snd_tag_query_params *params)
+{
+	struct mlx5e_tls_tag *ptag =
+	    container_of(pmt, struct mlx5e_tls_tag, tag.m_snd_tag);
+	int error;
+
+	switch (ptag->tag.type) {
+#if defined(RATELIMIT) && defined(IF_SND_TAG_TYPE_TLS_RATE_LIMIT)
+	case IF_SND_TAG_TYPE_TLS_RATE_LIMIT:
+		error = mlx5e_rl_snd_tag_query(ptag->rl_tag, params);
+		break;
+#endif
+	case IF_SND_TAG_TYPE_TLS:
+		error = mlx5e_ul_snd_tag_query(ptag->rl_tag, params);
+		break;
+	default:
+		error = EOPNOTSUPP;
+		break;
+	}
+	return (error);
+}
+
+void
+mlx5e_tls_snd_tag_free(struct m_snd_tag *pmt)
+{
+	struct mlx5e_tls_tag *ptag =
+	    container_of(pmt, struct mlx5e_tls_tag, tag.m_snd_tag);
+	struct mlx5e_priv *priv;
+
+	switch (ptag->tag.type) {
+#if defined(RATELIMIT) && defined(IF_SND_TAG_TYPE_TLS_RATE_LIMIT)
+	case IF_SND_TAG_TYPE_TLS_RATE_LIMIT:
+		mlx5e_rl_snd_tag_free(ptag->rl_tag);
+		break;
+#endif
+	case IF_SND_TAG_TYPE_TLS:
+		mlx5e_ul_snd_tag_free(ptag->rl_tag);
+		break;
+	default:
+		break;
+	}
+
+	MLX5E_TLS_TAG_LOCK(ptag);
+	ptag->state = MLX5E_TLS_ST_FREED;
+	MLX5E_TLS_TAG_UNLOCK(ptag);
+
+	priv = ptag->tag.m_snd_tag.ifp->if_softc;
+	queue_work(priv->tls.wq, &ptag->work);
+}
+
+CTASSERT((MLX5_FLD_SZ_BYTES(sw_tls_cntx, param) % 16) == 0);
+
+static void
+mlx5e_tls_send_static_parameters(struct mlx5e_sq *sq, struct mlx5e_tls_tag *ptag)
+{
+	const u32 ds_cnt = DIV_ROUND_UP(sizeof(struct mlx5e_tx_umr_wqe) +
+	    MLX5_FLD_SZ_BYTES(sw_tls_cntx, param), MLX5_SEND_WQE_DS);
+	struct mlx5e_tx_umr_wqe *wqe;
+	u16 pi;
+
+	pi = sq->pc & sq->wq.sz_m1;
+	wqe = mlx5_wq_cyc_get_wqe(&sq->wq, pi);
+
+	memset(wqe, 0, sizeof(*wqe));
+
+	wqe->ctrl.opmod_idx_opcode = cpu_to_be32((sq->pc << 8) |
+	    MLX5_OPCODE_UMR | (MLX5_OPCODE_MOD_UMR_TLS_TIS_STATIC_PARAMS << 24));
+	wqe->ctrl.qpn_ds = cpu_to_be32((sq->sqn << 8) | ds_cnt);
+	wqe->ctrl.imm = cpu_to_be32(ptag->tisn << 8);
+
+	if (mlx5e_do_send_cqe(sq))
+		wqe->ctrl.fm_ce_se = MLX5_WQE_CTRL_CQ_UPDATE | MLX5_FENCE_MODE_INITIATOR_SMALL;
+	else
+		wqe->ctrl.fm_ce_se = MLX5_FENCE_MODE_INITIATOR_SMALL;
+
+	/* fill out UMR control segment */
+	wqe->umr.flags = 0x80;	/* inline data */
+	wqe->umr.bsf_octowords = cpu_to_be16(MLX5_FLD_SZ_BYTES(sw_tls_cntx, param) / 16);
+
+	/* copy in the static crypto parameters */
+	memcpy(wqe + 1, MLX5_ADDR_OF(sw_tls_cntx, ptag->crypto_params, param),
+	    MLX5_FLD_SZ_BYTES(sw_tls_cntx, param));
+
+	/* copy data for doorbell */
+	memcpy(sq->doorbell.d32, &wqe->ctrl, sizeof(sq->doorbell.d32));
+
+	sq->mbuf[pi].mbuf = NULL;
+	sq->mbuf[pi].num_bytes = 0;
+	sq->mbuf[pi].num_wqebbs = DIV_ROUND_UP(ds_cnt, MLX5_SEND_WQEBB_NUM_DS);
+	sq->mbuf[pi].p_refcount = &ptag->refs;
+	atomic_add_int(&ptag->refs, 1);
+	sq->pc += sq->mbuf[pi].num_wqebbs;
+}
+
+CTASSERT(MLX5_FLD_SZ_BYTES(sw_tls_cntx, progress) ==
+    sizeof(((struct mlx5e_tx_psv_wqe *)0)->psv));
+
+static void
+mlx5e_tls_send_progress_parameters(struct mlx5e_sq *sq, struct mlx5e_tls_tag *ptag)
+{
+	const u32 ds_cnt = DIV_ROUND_UP(sizeof(struct mlx5e_tx_psv_wqe),
+	    MLX5_SEND_WQE_DS);
+	struct mlx5e_tx_psv_wqe *wqe;
+	u16 pi;
+
+	pi = sq->pc & sq->wq.sz_m1;
+	wqe = mlx5_wq_cyc_get_wqe(&sq->wq, pi);
+
+	memset(wqe, 0, sizeof(*wqe));
+
+	wqe->ctrl.opmod_idx_opcode = cpu_to_be32((sq->pc << 8) |
+	    MLX5_OPCODE_SET_PSV | (MLX5_OPCODE_MOD_PSV_TLS_TIS_PROGRESS_PARAMS << 24));
+	wqe->ctrl.qpn_ds = cpu_to_be32((sq->sqn << 8) | ds_cnt);
+
+	if (mlx5e_do_send_cqe(sq))
+		wqe->ctrl.fm_ce_se = MLX5_WQE_CTRL_CQ_UPDATE | MLX5_FENCE_MODE_INITIATOR_SMALL;
+	else
+		wqe->ctrl.fm_ce_se = MLX5_FENCE_MODE_INITIATOR_SMALL;
+
+	/* copy in the PSV control segment */
+	memcpy(&wqe->psv, MLX5_ADDR_OF(sw_tls_cntx, ptag->crypto_params, progress),
+	    sizeof(wqe->psv));
+
+	/* copy data for doorbell */
+	memcpy(sq->doorbell.d32, &wqe->ctrl, sizeof(sq->doorbell.d32));
+
+	sq->mbuf[pi].mbuf = NULL;
+	sq->mbuf[pi].num_bytes = 0;
+	sq->mbuf[pi].num_wqebbs = DIV_ROUND_UP(ds_cnt, MLX5_SEND_WQEBB_NUM_DS);
+	sq->mbuf[pi].p_refcount = &ptag->refs;
+	atomic_add_int(&ptag->refs, 1);
+	sq->pc += sq->mbuf[pi].num_wqebbs;
+}
+
+static void
+mlx5e_tls_send_nop(struct mlx5e_sq *sq, struct mlx5e_tls_tag *ptag)
+{
+	const u32 ds_cnt = MLX5_SEND_WQEBB_NUM_DS;
+	struct mlx5e_tx_wqe *wqe;
+	u16 pi;
+
+	pi = sq->pc & sq->wq.sz_m1;
+	wqe = mlx5_wq_cyc_get_wqe(&sq->wq, pi);
+
+	memset(&wqe->ctrl, 0, sizeof(wqe->ctrl));
+
+	wqe->ctrl.opmod_idx_opcode = cpu_to_be32((sq->pc << 8) | MLX5_OPCODE_NOP);
+	wqe->ctrl.qpn_ds = cpu_to_be32((sq->sqn << 8) | ds_cnt);
+	if (mlx5e_do_send_cqe(sq))
+		wqe->ctrl.fm_ce_se = MLX5_WQE_CTRL_CQ_UPDATE | MLX5_FENCE_MODE_INITIATOR_SMALL;
+	else
+		wqe->ctrl.fm_ce_se = MLX5_FENCE_MODE_INITIATOR_SMALL;
+
+	/* Copy data for doorbell */
+	memcpy(sq->doorbell.d32, &wqe->ctrl, sizeof(sq->doorbell.d32));
+
+	sq->mbuf[pi].mbuf = NULL;
+	sq->mbuf[pi].num_bytes = 0;
+	sq->mbuf[pi].num_wqebbs = DIV_ROUND_UP(ds_cnt, MLX5_SEND_WQEBB_NUM_DS);
+	sq->mbuf[pi].p_refcount = &ptag->refs;
+	atomic_add_int(&ptag->refs, 1);
+	sq->pc += sq->mbuf[pi].num_wqebbs;
+}
+
+#define	SBTLS_MBUF_NO_DATA ((struct mbuf *)1)
+
+static struct mbuf *
+sbtls_recover_record(struct mbuf *mb, int wait, uint32_t tcp_old, uint32_t *ptcp_seq)
+{
+	struct mbuf *mr;
+	uint32_t offset;
+	uint32_t delta;
+
+	/* check format of incoming mbuf */
+	if (mb->m_next == NULL ||
+	    (mb->m_next->m_flags & (M_NOMAP | M_EXT)) != (M_NOMAP | M_EXT) ||
+	    mb->m_next->m_ext.ext_buf == NULL) {
+		mr = NULL;
+		goto done;
+	}
+
+	/* get unmapped data offset */
+	offset = mtod(mb->m_next, uintptr_t);
+
+	/* check if we don't need to re-transmit anything */
+	if (offset == 0) {
+		mr = SBTLS_MBUF_NO_DATA;
+		goto done;
+	}
+
+	/* try to get a new mbufs with packet header */
+	mr = m_gethdr(wait, MT_DATA);
+	if (mr == NULL)
+		goto done;
+
+	mb_dupcl(mr, mb->m_next);
+
+	/* the beginning of the TLS record */
+	mr->m_data = NULL;
+
+	/* setup packet header length */
+	mr->m_pkthdr.len = mr->m_len = offset;
+
+	/* check for partial re-transmit */
+	delta = *ptcp_seq - tcp_old;
+
+	if (delta < offset) {
+		m_adj(mr, offset - delta);
+		offset = delta;
+	}
+
+	/*
+	 * Rewind the TCP sequence number by the amount of data
+	 * retransmitted:
+	 */
+	*ptcp_seq -= offset;
+done:
+	return (mr);
+}
+
+static int
+mlx5e_sq_tls_populate(struct mbuf *mb, uint64_t *pseq)
+{
+	struct mbuf_ext_pgs *ext_pgs;
+
+	for (; mb != NULL; mb = mb->m_next) {
+		if (!(mb->m_flags & M_NOMAP))
+			continue;
+		ext_pgs = (void *)mb->m_ext.ext_buf;
+		*pseq = ext_pgs->seqno;
+		return (1);
+	}
+	return (0);
+}
+
+int
+mlx5e_sq_tls_xmit(struct mlx5e_sq *sq, struct mlx5e_xmit_args *parg, struct mbuf **ppmb)
+{
+	struct mlx5e_tls_tag *ptls_tag;
+	struct mlx5e_snd_tag *ptag;
+	struct tcphdr *th;
+	struct mbuf *mb = *ppmb;
+	u64 rcd_sn;
+	u32 header_size;
+	u32 mb_seq;
+
+	if ((mb->m_pkthdr.csum_flags & CSUM_SND_TAG) == 0)
+		return (MLX5E_TLS_CONTINUE);
+
+	ptag = container_of(mb->m_pkthdr.snd_tag,
+	    struct mlx5e_snd_tag, m_snd_tag);
+
+	if (
+#if defined(RATELIMIT) && defined(IF_SND_TAG_TYPE_TLS_RATE_LIMIT)
+	    ptag->type != IF_SND_TAG_TYPE_TLS_RATE_LIMIT &&
+#endif
+	    ptag->type != IF_SND_TAG_TYPE_TLS)
+		return (MLX5E_TLS_CONTINUE);
+
+	ptls_tag = container_of(ptag, struct mlx5e_tls_tag, tag);
+
+	header_size = mlx5e_get_full_header_size(mb, &th);
+	if (unlikely(header_size == 0 || th == NULL))
+		return (MLX5E_TLS_FAILURE);
+
+	/*
+	 * Send non-TLS TCP packets AS-IS:
+	 */
+	if (header_size == mb->m_pkthdr.len ||
+	    mlx5e_sq_tls_populate(mb, &rcd_sn) == 0) {
+		parg->tisn = 0;
+		parg->ihs = header_size;
+		return (MLX5E_TLS_CONTINUE);

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201912061536.xB6FaWFg006545>