Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Apr 2020 09:18:49 -0700
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r360408 - in head: share/man/man4 sys/dev/cxgbe/tom sys/kern sys/netinet sys/sys
Message-ID:  <938fc390-316e-ae01-eae9-c17a0dd65fbe@FreeBSD.org>
In-Reply-To: <202004272317.03RNHJ8G057366@repo.freebsd.org>
References:  <202004272317.03RNHJ8G057366@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 4/27/20 4:17 PM, John Baldwin wrote:
> Author: jhb
> Date: Mon Apr 27 23:17:19 2020
> New Revision: 360408
> URL: https://svnweb.freebsd.org/changeset/base/360408
> 
> Log:
>   Initial support for kernel offload of TLS receive.
>   
>   - Add a new TCP_RXTLS_ENABLE socket option to set the encryption and
>     authentication algorithms and keys as well as the initial sequence
>     number.
>   
>   - When reading from a socket using KTLS receive, applications must use
>     recvmsg().  Each successful call to recvmsg() will return a single
>     TLS record.  A new TCP control message, TLS_GET_RECORD, will contain
>     the TLS record header of the decrypted record.  The regular message
>     buffer passed to recvmsg() will receive the decrypted payload.  This
>     is similar to the interface used by Linux's KTLS RX except that
>     Linux does not return the full TLS header in the control message.
>   
>   - Add plumbing to the TOE KTLS interface to request either transmit
>     or receive KTLS sessions.
>   
>   - When a socket is using receive KTLS, redirect reads from
>     soreceive_stream() into soreceive_generic().
>   
>   - Note that this interface is currently only defined for TLS 1.1 and
>     1.2, though I believe we will be able to reuse the same interface
>     and structures for 1.3.

The OpenSSL changes required for RX support are not yet upstream, but
I hope to open the pull request for those later today after retesting
them against latest OpenSSL master.

-- 
John Baldwin

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?938fc390-316e-ae01-eae9-c17a0dd65fbe>