diff options
| author | John Baldwin <jhb@FreeBSD.org> | 2021-10-21 16:36:29 +0000 |
|---|---|---|
| committer | John Baldwin <jhb@FreeBSD.org> | 2021-10-21 16:36:29 +0000 |
| commit | c57dbec69a6cb20098b691b9cd5246f390d83e80 (patch) | |
| tree | 00dd26fcbe6ccc78881f697ff1c2b0569205fb74 | |
| parent | f1f7f31366e5830f4f5b96c6394a0b91475744f4 (diff) | |
ktls: Add a routine to query information in a receive socket buffer.
In particular, ktls_pending_rx_info() determines which TLS record is
at the end of the current receive socket buffer (including
not-yet-decrypted data) along with how much data in that TLS record is
not yet present in the socket buffer.
This is useful for future changes to support NIC TLS receive offload
and enhancements to TOE TLS receive offload. Those use cases need a
way to synchronize a state machine on the NIC with the TLS record
boundaries in the TCP stream.
Reviewed by: gallatin, hselasky
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D32564
| -rw-r--r-- | sys/kern/uipc_ktls.c | 63 | ||||
| -rw-r--r-- | sys/sys/ktls.h | 1 |
2 files changed, 64 insertions, 0 deletions
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c index 1d3321fd4ff6..eb1f8dec8c1e 100644 --- a/sys/kern/uipc_ktls.c +++ b/sys/kern/uipc_ktls.c @@ -1082,6 +1082,69 @@ sb_mark_notready(struct sockbuf *sb) sb->sb_ccc)); } +/* + * Return information about the pending TLS data in a socket + * buffer. On return, 'seqno' is set to the sequence number + * of the next TLS record to be received, 'resid' is set to + * the amount of bytes still needed for the last pending + * record. The function returns 'false' if the last pending + * record contains a partial TLS header. In that case, 'resid' + * is the number of bytes needed to complete the TLS header. + */ +bool +ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp) +{ + struct tls_record_layer hdr; + struct mbuf *m; + uint64_t seqno; + size_t resid; + u_int offset, record_len; + + SOCKBUF_LOCK_ASSERT(sb); + MPASS(sb->sb_flags & SB_TLS_RX); + seqno = sb->sb_tls_seqno; + resid = sb->sb_tlscc; + m = sb->sb_mtls; + offset = 0; + + if (resid == 0) { + *seqnop = seqno; + *residp = 0; + return (true); + } + + for (;;) { + seqno++; + + if (resid < sizeof(hdr)) { + *seqnop = seqno; + *residp = sizeof(hdr) - resid; + return (false); + } + + m_copydata(m, offset, sizeof(hdr), (void *)&hdr); + + record_len = sizeof(hdr) + ntohs(hdr.tls_length); + if (resid <= record_len) { + *seqnop = seqno; + *residp = record_len - resid; + return (true); + } + resid -= record_len; + + while (record_len != 0) { + if (m->m_len - offset > record_len) { + offset += record_len; + break; + } + + record_len -= (m->m_len - offset); + offset = 0; + m = m->m_next; + } + } +} + int ktls_enable_rx(struct socket *so, struct tls_enable *en) { diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h index cd0a786bb345..4258d2c342dc 100644 --- a/sys/sys/ktls.h +++ b/sys/sys/ktls.h @@ -224,6 +224,7 @@ int ktls_output_eagain(struct inpcb *inp, struct ktls_session *tls); #ifdef RATELIMIT int ktls_modify_txrtlmt(struct ktls_session *tls, uint64_t max_pacing_rate); #endif +bool ktls_pending_rx_info(struct sockbuf *sb, uint64_t *seqnop, size_t *residp); static inline struct ktls_session * ktls_hold(struct ktls_session *tls) |