From nobody Wed Jan 26 12:42:09 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 17613198AD01; Wed, 26 Jan 2022 12:42:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JkNdt20Y2z4kcg; Wed, 26 Jan 2022 12:42:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643200931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rWm1K9+UHeUOHYKWTwCx8PD4Ri2hfrFpW+y+ltCCt4s=; b=Wwk1zUMTpmH8DUb39p3q9kaYBKsJirfhWnkIUv7CaozUWfXLghfVc7qsNTv6Za5lk1MU1v EGHAVxj96AKbeU/W/b6fX0hJMg6Opqj2tYuhS0tkgWY47LVB9Ff00F1i/1Wx6IxqAOixWj LBjmAKyrsQ64TnRTOC0qHvwDqKO1o7JflQ7jM91pX4P2A2v58MkdhU7ao/3pV/ZrQv+tZN eGfvSjd/AjiMijvahCNxmrpXkFyFMct7LOW0qfwb6KlSHyjdv1u5y4+FDq+6HPAqj1mZit P37iVUntjpM6CuWPipAm7/SKbP806Vfr5dxeaGPVpIsHQhCDELw7gaICmOdXDw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B7E791D354; Wed, 26 Jan 2022 12:42:09 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 20QCg9k4074997; Wed, 26 Jan 2022 12:42:09 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 20QCg9SX074996; Wed, 26 Jan 2022 12:42:09 GMT (envelope-from git) Date: Wed, 26 Jan 2022 12:42:09 GMT Message-Id: <202201261242.20QCg9SX074996@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Hans Petter Selasky Subject: git: c8f2c290e40d - main - Add definitions for TLS receive tags using the existing send tag infrastructure. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: hselasky X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: c8f2c290e40d011a8d2d88a00ea8626237105c5e Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1643200931; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=rWm1K9+UHeUOHYKWTwCx8PD4Ri2hfrFpW+y+ltCCt4s=; b=kyd8tNAqX/QqMmtnK6pLm6EpxDE9cWKN7ibVJtqiONV08tZWFuDhgn+K3wmI9ckjeh+ikv rj9sGGE2slUQfGd/m50r8THsZW6B4Q/zoDF8yHoblV2KZ3e7Dy+AkKxE5xvUhCi+MgRIux d88HzaBHNbzLBc17Iaqow8l3SPlF5KSa5Q4miV4vpOQ96QUyqMwaSGaRnLJfcRqMT8+9LY 6VOpPmbCx+zGS2p3UMI6TD3r0HP8hSbLHe8Orat6qvbDuDHL9pe8YlIPeGv6Y15iIJleMP c61Fad3knzoVlwWD1TuhtiBVkTFh0tbTmpWXB4DVtLGCPsXnow+Fg+Nar1nn8Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1643200931; a=rsa-sha256; cv=none; b=u9hCyxN6XqKn84jz5FPJiXnav0ObXSGypQOB2JO13Qk7zTqfZiRMFlzfWZro78D1hUjF7Y jqXqqrddVxUPx0lgEijxSJ+xx7GzKpxPiA6nNTizXUOWgxazWZ5lYtbZHewrjY91RZYga2 WRqsyHH7gb47LOtUwImz+dJIj1+Dw2t5EOkGLFM/lNa0DiSBJSoHhCXVaZD7Hth54dg1G2 zfD5GvjAZK9R1RVehnvTEvrRgFjd/IuuQBDtQPZfljcpXf5AyxFa8o1Cvh7DnahFVPFfu4 K0IS5DZDAT3XfQXX0ZDMQ89nZT8fLkToqaznjLQur+4BPna3d2a6BQYCcdWg6A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by hselasky: URL: https://cgit.FreeBSD.org/src/commit/?id=c8f2c290e40d011a8d2d88a00ea8626237105c5e commit c8f2c290e40d011a8d2d88a00ea8626237105c5e Author: Hans Petter Selasky AuthorDate: 2022-01-26 11:33:47 +0000 Commit: Hans Petter Selasky CommitDate: 2022-01-26 11:55:00 +0000 Add definitions for TLS receive tags using the existing send tag infrastructure. Although send tags are strictly used for transmit, the name might be changed in the future to be more generic. The TLS receive tags support regular IPv4 and IPv6 traffic, and also over any VLAN. If prio-tagging is enabled, VLAN ID zero, this must be checked in the network driver itself when creating the TLS RX decryption offload filter. TLS receive tags have a modify callback to tell the network driver about the progress of decryption. Currently decryption is done IP packet by IP packet, even if the IP packet contains a partial TLS record. The modify callback allows the network driver to keep track of TCP sequence numbers pointing to the beginning of TLS records after TCP packet reassembly. These callbacks only happen when encrypted or partially decrypted data is received and are used to verify the decryptions starting point for the hardware. Typically the hardware will guess where TLS headers start and needs help from the software to know if the guess was correct. This is the purpose of the modify callback. Differential Revision: https://reviews.freebsd.org/D32356 Discussed with: jhb@ MFC after: 1 week Sponsored by: NVIDIA Networking --- sys/net/if_var.h | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/sys/net/if_var.h b/sys/net/if_var.h index f181780501fe..dedc73718125 100644 --- a/sys/net/if_var.h +++ b/sys/net/if_var.h @@ -192,7 +192,8 @@ struct m_snd_tag; #define IF_SND_TAG_TYPE_UNLIMITED 1 #define IF_SND_TAG_TYPE_TLS 2 #define IF_SND_TAG_TYPE_TLS_RATE_LIMIT 3 -#define IF_SND_TAG_TYPE_MAX 4 +#define IF_SND_TAG_TYPE_TLS_RX 4 +#define IF_SND_TAG_TYPE_MAX 5 struct if_snd_tag_alloc_header { uint32_t type; /* send tag type, see IF_SND_TAG_XXX */ @@ -214,6 +215,13 @@ struct if_snd_tag_alloc_tls { const struct ktls_session *tls; }; +struct if_snd_tag_alloc_tls_rx { + struct if_snd_tag_alloc_header hdr; + struct inpcb *inp; + const struct ktls_session *tls; + uint16_t vlan_id; /* valid if non-zero */ +}; + struct if_snd_tag_alloc_tls_rate_limit { struct if_snd_tag_alloc_header hdr; struct inpcb *inp; @@ -229,11 +237,26 @@ struct if_snd_tag_rate_limit_params { uint32_t flags; /* M_NOWAIT or M_WAITOK */ }; +struct if_snd_tag_modify_tls_rx { + /* TCP sequence number of TLS header in host endian format */ + uint32_t tls_hdr_tcp_sn; + + /* + * TLS record length, including all headers, data and trailers. + * If the tls_rec_length is zero, it means HW encryption resumed. + */ + uint32_t tls_rec_length; + + /* TLS sequence number in host endian format */ + uint64_t tls_seq_number; +}; + union if_snd_tag_alloc_params { struct if_snd_tag_alloc_header hdr; struct if_snd_tag_alloc_rate_limit rate_limit; struct if_snd_tag_alloc_rate_limit unlimited; struct if_snd_tag_alloc_tls tls; + struct if_snd_tag_alloc_tls_rx tls_rx; struct if_snd_tag_alloc_tls_rate_limit tls_rate_limit; }; @@ -241,6 +264,7 @@ union if_snd_tag_modify_params { struct if_snd_tag_rate_limit_params rate_limit; struct if_snd_tag_rate_limit_params unlimited; struct if_snd_tag_rate_limit_params tls_rate_limit; + struct if_snd_tag_modify_tls_rx tls_rx; }; union if_snd_tag_query_params {