The branch main has been updated by kib:
URL:
https://cgit.FreeBSD.org/src/commit/?id=d6d66936c45e99ec284554292181d26b6a5558d3
commit d6d66936c45e99ec284554292181d26b6a5558d3
Author: Ariel Ehrenberg <aehrenb...@nvidia.com>
AuthorDate: 2025-07-03 08:57:40 +0000
Commit: Konstantin Belousov <k...@freebsd.org>
CommitDate: 2025-07-16 23:32:27 +0000
mlx5en: fix TLS Rx hardware offload initialization
The TLS RX context had the tcp sequence number of next TLS record set
in resync_tcp_sn parameter instead of in next_record_tcp_sn parameter
during hardware initialization. This prevent the hardware from
synchronizing with the TLS stream, and caused TLS offload to remain
inactive. Set next_record_tcp_sn to the next TCP sequence number and
resync_tcp_sn to zero to enable proper TLS record boundary detection
and activate hardware offload.
Reviewed by: kib, slavash
Sponsored by: NVidia networking
MFC after: 1 week
---
sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls_rx.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls_rx.c
b/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls_rx.c
index 4de451f1b039..89d2010656c5 100644
--- a/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls_rx.c
+++ b/sys/dev/mlx5/mlx5_en/mlx5_en_hw_tls_rx.c
@@ -659,7 +659,8 @@ mlx5e_tls_rx_set_params(void *ctx, struct inpcb *inp, const
struct tls_session_p
return (EINVAL);
MLX5_SET64(sw_tls_rx_cntx, ctx, param.initial_record_number, tls_sn_he);
- MLX5_SET(sw_tls_rx_cntx, ctx, param.resync_tcp_sn, tcp_sn_he);
+ MLX5_SET(sw_tls_rx_cntx, ctx, param.resync_tcp_sn, 0);
+ MLX5_SET(sw_tls_rx_cntx, ctx, progress.next_record_tcp_sn, tcp_sn_he);
return (0);
}
