ktls: Capture initial tls seqno at time offload is initiated

Some drivers want the TLS seqno when offload starts. Capture this for them by adding a union for initial_seqno, sharing space with the TLS 1.0 next_seqno. Reviewed by: jhb Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D54275 MFC After: 1 month
2026-01-16 23:02:24 +00:00 · 2025-12-20 16:10:12 -05:00 · 2025-12-20 16:10:12 -05:00 · 4d692068f6
commit 4d692068f6
parent 43d7ee540e
2 changed files with 9 additions and 3 deletions
--- a/sys/kern/uipc_ktls.c
+++ b/sys/kern/uipc_ktls.c
@ -1406,6 +1406,9 @@ ktls_enable_tx(struct socket *so, struct tls_enable *en)
 	if (error)
 		return (error);

+	/* some ktls offload NICs require initial seqno to start offload */
+	tls->initial_offload_seqno = be64dec(en->rec_seq);
+
 	/* Prefer TOE -> ifnet TLS -> software TLS. */
 #ifdef TCP_OFFLOAD
 	error = ktls_try_toe(so, tls, KTLS_TX);
--- a/sys/sys/ktls.h
+++ b/sys/sys/ktls.h
@ -221,9 +221,12 @@ struct ktls_session {
 	bool tx;
 	bool sync_dispatch;
 	bool sequential_records;
-
-	/* Only used for TLS 1.0. */
-	uint64_t next_seqno;
+	union {
+		/* Only used for TLS 1.0. */
+		uint64_t next_seqno;
+		/* Needed by some ktls offload NICs */
+		uint64_t initial_offload_seqno;
+	};
 	STAILQ_HEAD(, mbuf) pending_records;

 	/* Used to destroy any kTLS session */