git: 72326db3c0e3 - stable/15 - ktls: Capture initial tls seqno at time offload is initiated
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 23 Jan 2026 18:19:41 UTC
The branch stable/15 has been updated by gallatin:
URL: https://cgit.FreeBSD.org/src/commit/?id=72326db3c0e372883f27144b96f2d4f8388889d6
commit 72326db3c0e372883f27144b96f2d4f8388889d6
Author: Andrew Gallatin <gallatin@FreeBSD.org>
AuthorDate: 2025-12-20 21:10:12 +0000
Commit: Andrew Gallatin <gallatin@FreeBSD.org>
CommitDate: 2026-01-23 15:00:53 +0000
ktls: Capture initial tls seqno at time offload is initiated
Some drivers want the TLS seqno when offload starts. Capture this
for them by adding a union for initial_seqno, sharing space with
the TLS 1.0 next_seqno.
Reviewed by: jhb
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D54275
MFC After: 1 month
(cherry picked from commit 4d692068f6850282dabde9e35b3098a4ebec9592)
---
sys/kern/uipc_ktls.c | 3 +++
sys/sys/ktls.h | 9 ++++++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/sys/kern/uipc_ktls.c b/sys/kern/uipc_ktls.c
index 66ce1b5a081d..35009ad77722 100644
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@@ -1406,6 +1406,9 @@ ktls_enable_tx(struct socket *so, struct tls_enable *en)
if (error)
return (error);
+ /* some ktls offload NICs require initial seqno to start offload */
+ tls->initial_offload_seqno = be64dec(en->rec_seq);
+
/* Prefer TOE -> ifnet TLS -> software TLS. */
#ifdef TCP_OFFLOAD
error = ktls_try_toe(so, tls, KTLS_TX);
diff --git a/sys/sys/ktls.h b/sys/sys/ktls.h
index a940bcfaba25..6c7e7d3c5ee3 100644
--- a/sys/sys/ktls.h
+++ b/sys/sys/ktls.h
@@ -221,9 +221,12 @@ struct ktls_session {
bool tx;
bool sync_dispatch;
bool sequential_records;
-
- /* Only used for TLS 1.0. */
- uint64_t next_seqno;
+ union {
+ /* Only used for TLS 1.0. */
+ uint64_t next_seqno;
+ /* Needed by some ktls offload NICs */
+ uint64_t initial_offload_seqno;
+ };
STAILQ_HEAD(, mbuf) pending_records;
/* Used to destroy any kTLS session */