upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-11 01:30:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys
History
Hans Petter Selasky c8f2c290e4 Add definitions for TLS receive tags using the existing send tag infrastructure. 
Although send tags are strictly used for transmit, the name might be changed
in the future to be more generic.

The TLS receive tags support regular IPv4 and IPv6 traffic, and also over any
VLAN. If prio-tagging is enabled, VLAN ID zero, this must be checked in the
network driver itself when creating the TLS RX decryption offload filter.

TLS receive tags have a modify callback to tell the network driver about
the progress of decryption. Currently decryption is done IP packet by IP
packet, even if the IP packet contains a partial TLS record. The modify
callback allows the network driver to keep track of TCP sequence numbers
pointing to the beginning of TLS records after TCP packet reassembly.
These callbacks only happen when encrypted or partially decrypted data is
received and are used to verify the decryptions starting point for the
hardware. Typically the hardware will guess where TLS headers start and
needs help from the software to know if the guess was correct. This is
the purpose of the modify callback.

Differential Revision:	https://reviews.freebsd.org/D32356
Discussed with:	jhb@
MFC after:	1 week
Sponsored by:	NVIDIA Networking
2022-01-26 12:55:00 +01:00
..
amd64 exec: Remove the stack gap implementation 2022-01-17 16:11:54 -05:00
arm exec: Introduce the PROC_PS_STRINGS() macro 2022-01-17 16:11:54 -05:00
arm64 Add the Armv8.3-SPE registers 2022-01-19 12:07:35 +00:00
bsm Add fspacectl(2), vn_deallocate(9) and VOP_DEALLOCATE(9). 2021-08-05 23:20:42 +08:00
cam ses: minor cleanup 2022-01-19 12:08:03 -07:00
cddl Teach DTrace about BTI on arm64 2022-01-19 12:07:35 +00:00
compat linuxkpi: i2c: Add MODULE_DEPEND for iicbus 2022-01-26 10:44:07 +01:00
conf linuxkpi: Add i2c support 2022-01-25 16:15:39 +01:00
contrib ice_ddp: Update to 1.3.27.0 2022-01-24 18:25:56 -08:00
crypto crypto: Add an API supporting curve25519. 2022-01-24 15:27:39 -08:00
ddb ddb: Remove SOFTWARE_SSTEP support 2022-01-07 09:25:33 -07:00
dev sdhci: fix dumping support in MMCCAM configuration 2022-01-26 09:31:45 +02:00
dts add overlay for enabling spi0 on allwinner h3 2022-01-26 11:42:20 +02:00
fs fusefs: Address -Wunused-but-set-variable warnings 2022-01-20 08:25:00 -05:00
gdb gdb(4): Do not use run length encoding for 3-symbol repetitions 2022-01-22 14:46:06 -05:00
geom geom: Handle partial I/O in g_{read,write,delete}_data() 2022-01-20 08:29:39 -05:00
gnu Remove the old dts imported tree. 2021-01-15 20:09:55 +01:00
i386 exec: Reimplement stack address randomization 2022-01-17 16:12:36 -05:00
isa sys/isa: Use C99 fixed-width integer types. 2021-12-28 09:41:57 -08:00
kern mbuf(9): Assert receive mbufs don't carry a send tag. 2022-01-26 12:55:00 +01:00
kgssapi opencrypto: Introduce crypto_dispatch_async() 2021-02-08 09:19:19 -05:00
libkern sys/libkern: Use C99 fixed-width integer types. 2021-12-28 09:42:11 -08:00
modules add overlay for enabling spi0 on allwinner h3 2022-01-26 11:42:20 +02:00
net Add definitions for TLS receive tags using the existing send tag infrastructure. 2022-01-26 12:55:00 +01:00
net80211 net80211: ieee80211_dump_node() cosmetics 2022-01-17 00:01:46 +00:00
netgraph domains: make domain_init() initialize only global state 2022-01-03 10:15:22 -08:00
netinet extra_tcp_stacks: Fix a few common typos 2022-01-26 10:35:17 +01:00
netinet6 nd6: use CARP link level address in SLLAO for NS sent out 2022-01-24 21:02:47 -08:00
netipsec IPsec: Use protocol-specific malloc types instead of M_XDATA. 2022-01-24 15:27:39 -08:00
netpfil pf: ensure we don't destroy an uninitialised lock 2022-01-16 09:04:57 +01:00
netsmb netsmb: Avoid a read-after-free in smb_t2_request_int() 2021-05-26 10:45:40 -04:00
nfs nfs: don't truncate directory cookies to 32-bits in the NFS server 2021-12-15 20:54:57 -07:00
nfsclient nfs: Cleanup dead files 2021-03-17 06:16:31 +11:00
nfsserver nfs: Cleanup dead files 2021-03-17 06:16:31 +11:00
nlm sys/nlm: Use C99 fixed-width integer types. 2021-12-28 09:42:42 -08:00
ofed domains: init with standard SYSINIT(9) or VNET_SYSINIT() 2022-01-03 10:15:22 -08:00
opencrypto opencrypto/xform_*.h: Trim scope of included headers. 2022-01-25 15:21:22 -08:00
powerpc powerpc: enable ice in GENERIC64LE 2022-01-21 02:17:46 +01:00
riscv riscv: fix unused var in page_fault_handler() 2022-01-19 17:21:25 -04:00
rpc sys/rpc: Use C99 fixed-width integer types. 2021-12-28 09:43:15 -08:00
security Thread creation privilege for realtime group 2021-12-15 00:01:58 +02:00
sys mbuf(9): Assert receive mbufs don't carry a send tag. 2022-01-26 12:55:00 +01:00
teken loader: implement framebuffer console 2021-01-02 21:41:36 +02:00
tests routing: add IPv6 fib validation procedure. 2021-08-16 23:04:01 +00:00
tools Revert "syscallarg_t: Add a type for system call arguments" 2022-01-12 23:29:20 +00:00
ufs Avoid unnecessary setting of UFS flag requesting fsck(8) be run. 2022-01-09 16:18:28 -08:00
vm vm_pageout_scans: correct detection of active object 2022-01-22 19:34:32 +02:00
x86 atrtc: Install address space handler for \_SB and its descendant. 2022-01-21 15:32:30 +09:00
xdr sys/xdr: Use C99 fixed-width integer types. 2021-12-28 09:43:26 -08:00
xen Create wrapper for Giant taken for newbus 2021-12-09 17:04:45 -07:00
Makefile Fix 'make cscope' with ALL_ARCH defined 2022-01-07 11:53:52 -04:00