GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
KTLSLIST(1) FreeBSD General Commands Manual KTLSLIST(1)

ktlslistlist TCP connections with offloaded kTLS sessions

ktlslist [-d] [-h] [-j] [-k] [-V]

The ktlslist utility lists established TCP connections for which kernel TLS offload sessions were created. Only connections visible to the current user are reported.

By default, somewhat informal format of reporting is used, where each line corresponds to single connection. Specifying the -j option changes the output format to JSON.

The -k option requests dumping the keying material for the cryptographic algorithms used for the session handling, as known to kernel.

Passing the -d option prints internal debugging information about ktlslist running. The option can be specified several times to dump more debugging information.

The -h option prints brief help on the utility usage, and the -V option requests to print the version.

Below is the default (free) format of the utility output, without keys:

1.1.1.1 5001    1.1.1.2 19502   rcv=(tls_vmajor=3 tls_vminor=4 cipher_algo=25 auth_algo=0 oflif=mce0)   snd=(tls_vmajor=3 tls_vminor=4 cipher_algo=25 auth_algo=0 oflif=mce0)

The first four line fields are remote IP address and port, then local IP address and port, that identify the connection.

Next is the rcv block that reports receive session info, if present. It provides tls versions, cipher and authentication algorithm numbers, which are listed in </usr/include/crypto/cryptodev.h> (see also crypto(7)).

The oflif value, if present, indicates that the session is offloaded onto specified network interface, in this case, mce0. Network drivers might provide additional free-format string for sessions, describing driver-specific offload state.

The -k option adds the values of the keys and nonces.

The next block snd provides the same information for transmit session.

netstat(1), ktls(4), tcp(4).

ktlslist is FreeBSD -specific and only works on FreeBSD.

ktlslist uses sysctl net.inet.tcp.ktlslist to get information about connections, or net.inet.tcp.ktlslist_wkeys if dumping the keys was requested.

Konstantin Belousov <kib@FreeBSD.org>.

April 4, 2025 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.