Date: Wed, 29 Apr 2026 23:36:15 +0000 From: Andrew Gallatin <gallatin@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 72e2ae505c4a - main - tcp: release nic ktls send tags when entering time wait Message-ID: <69f295ef.2598c.6834391@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by gallatin: URL: https://cgit.FreeBSD.org/src/commit/?id=72e2ae505c4a081d4b4759f51e25bf6e17c99442 commit 72e2ae505c4a081d4b4759f51e25bf6e17c99442 Author: Andrew Gallatin <gallatin@FreeBSD.org> AuthorDate: 2026-04-29 23:26:05 +0000 Commit: Andrew Gallatin <gallatin@FreeBSD.org> CommitDate: 2026-04-29 23:35:47 +0000 tcp: release nic ktls send tags when entering time wait When under heavy load or churn, inline ktls offload NICs may run out of hardware resources described by ktls send tags. Rather than waiting for connections to pass through the time_wait state, reclaim the ktls send tags early, at entry to time_wait. By preventing potentially tens or hundreds of thousands of sessions from holding send tags in time_wait, this allows more ktls sessions to be offloaded to hardware. Reviewed by: glebius, kib, nickbanks_netflix.com, rrs, tuexen Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D56610 --- sys/netinet/tcp_timewait.c | 10 ++++++++++ sys/sys/ktls.h | 12 ++++++++++++ 2 files changed, 22 insertions(+) diff --git a/sys/netinet/tcp_timewait.c b/sys/netinet/tcp_timewait.c index eaa2fa336a94..4f4ca445fa46 100644 --- a/sys/netinet/tcp_timewait.c +++ b/sys/netinet/tcp_timewait.c @@ -32,11 +32,15 @@ #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" +#include "opt_kern_tls.h" #include <sys/param.h> #include <sys/systm.h> #include <sys/callout.h> #include <sys/kernel.h> +#ifdef KERN_TLS +#include <sys/ktls.h> +#endif #include <sys/sysctl.h> #include <sys/malloc.h> #include <sys/mbuf.h> @@ -132,6 +136,12 @@ tcp_twstart(struct tcpcb *tp) tcp_free_sackholes(tp); soisdisconnected(inp->inp_socket); +#ifdef KERN_TLS + /* release ktls snd tag now that no more data can be sent */ + if (tptosocket(tp)->so_snd.sb_tls_info != NULL) { + ktls_release_snd_tag(tptosocket(tp)->so_snd.sb_tls_info); + } +#endif if (tp->t_flags & TF_ACKNOW) (void) tcp_output(tp); diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h index 6c7e7d3c5ee3..3e3f0b77e4a2 100644 --- a/sys/sys/ktls.h +++ b/sys/sys/ktls.h @@ -28,6 +28,7 @@ #define _SYS_KTLS_H_ #ifdef _KERNEL +#include <sys/mbuf.h> #include <sys/_null.h> #include <sys/refcount.h> #include <sys/_task.h> @@ -285,6 +286,17 @@ ktls_free(struct ktls_session *tls) ktls_destroy(tls); } +static inline void +ktls_release_snd_tag(struct ktls_session *tls) +{ + struct m_snd_tag *mst; + + mst = tls->snd_tag; + tls->snd_tag = NULL; + if (mst != NULL) + m_snd_tag_rele(mst); +} + void ktls_session_to_xktls_onedir(const struct ktls_session *ks, bool export_keys, struct xktls_session_onedir *xktls_od); void ktls_session_copy_keys(const struct ktls_session *ktls,home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69f295ef.2598c.6834391>