diff options
author | Andrew Gallatin <gallatin@FreeBSD.org> | 2020-05-11 19:17:33 +0000 |
---|---|---|
committer | Andrew Gallatin <gallatin@FreeBSD.org> | 2020-05-11 19:17:33 +0000 |
commit | 6043ac201ab3ce0df2342c8453a7375157b0f860 (patch) | |
tree | 0b373fe6ed420159f7617654515e540ec9e6f054 /sys/netinet/ip_output.c | |
parent | 17dd52dfabf67afde97d032ec897769ed09c76ca (diff) | |
download | src-6043ac201ab3ce0df2342c8453a7375157b0f860.tar.gz src-6043ac201ab3ce0df2342c8453a7375157b0f860.zip |
Ktls: never skip stamping tags for NIC TLS
The newer RACK and BBR TCP stacks have added a mechanism
to disable hardware packet pacing for TCP retransmits.
This mechanism works by skipping the send-tag stamp
on rate-limited connections when the TCP stack calls
ip_output() with the IP_NO_SND_TAG_RL flag set.
When doing NIC TLS, we must ignore this flag, as
NIC TLS packets must always be stamped. Failure
to stamp a NIC TLS packet will result in crypto
issues.
Reviewed by: hselasky, rrs
Sponsored by: Netflix, Mellanox
Notes
Notes:
svn path=/head/; revision=360914
Diffstat (limited to 'sys/netinet/ip_output.c')
-rw-r--r-- | sys/netinet/ip_output.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 22f223d97d03..6c31793d296b 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -242,6 +242,10 @@ ip_output_send(struct inpcb *inp, struct ifnet *ifp, struct mbuf *m, error = EAGAIN; goto done; } + /* + * Always stamp tags that include NIC ktls. + */ + stamp_tag = true; } #endif #ifdef RATELIMIT |