Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
KTLSLIST(1)		    General Commands Manual		   KTLSLIST(1)

NAME
       ktlslist	-- list	TCP connections	with offloaded kTLS sessions

SYNOPSIS
       ktlslist	[-d] [-h] [-j] [-k] [-V]

DESCRIPTION
       The ktlslist utility lists established TCP connections for which	kernel
       TLS  offload  sessions  were  created.  Only connections	visible	to the
       current user are	reported.

       By default, somewhat informal format of reporting is used,  where  each
       line  corresponds  to  single  connection.   Specifying	the  -j	option
       changes the output format to JSON.

       The -k option requests dumping the  keying  material  for  the  crypto-
       graphic algorithms used for the session handling, as known to kernel.

       Passing	the  -d	 option	 prints	 internal  debugging information about
       ktlslist	running.  The option can be specified several  times  to  dump
       more debugging information.

       The -h option prints brief help on the utility usage, and the -V	option
       requests	to print the version.

EXAMPLE
       Below is	the default (free) format of the utility output, without keys:

       1.1.1.1 5001    1.1.1.2 19502   rcv=(tls_vmajor=3 tls_vminor=4 cipher_algo=25 auth_algo=0 oflif=mce0)   snd=(tls_vmajor=3 tls_vminor=4 cipher_algo=25 auth_algo=0 oflif=mce0)

       The  first  four	line fields are	remote IP address and port, then local
       IP address and port, that identify the connection.

       Next is the rcv block that reports receive session  info,  if  present.
       It  provides tls	versions, cipher and authentication algorithm numbers,
       which  are  listed  in  </usr/include/crypto/cryptodev.h>   (see	  also
       crypto(7)).

       The  oflif  value,  if present, indicates that the session is offloaded
       onto specified network interface, in this case, mce0.  Network  drivers
       might  provide  additional  free-format string for sessions, describing
       driver-specific offload state.

       The -k option adds the values of	the keys and nonces.

       The next	block snd provides the same information	for transmit session.

SEE ALSO
       netstat(1), ktls(4), tcp(4).

NOTES
       ktlslist	is FreeBSD -specific and only works on FreeBSD.

       ktlslist	uses sysctl net.inet.tcp.ktlslist  to  get  information	 about
       connections, or net.inet.tcp.ktlslist_wkeys if dumping the keys was re-
       quested.

AUTHORS
       Konstantin Belousov <kib@FreeBSD.org>.

FreeBSD	ports 15.0		 April 4, 2025			   KTLSLIST(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ktcplist&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help