[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190611044010.29161-13-jakub.kicinski@netronome.com>
Date: Mon, 10 Jun 2019 21:40:10 -0700
From: Jakub Kicinski <jakub.kicinski@...ronome.com>
To: davem@...emloft.net
Cc: netdev@...r.kernel.org, oss-drivers@...ronome.com,
alexei.starovoitov@...il.com, davejwatson@...com,
borisp@...lanox.com, Jakub Kicinski <jakub.kicinski@...ronome.com>,
Dirk van der Merwe <dirk.vandermerwe@...ronome.com>
Subject: [PATCH net-next 12/12] nfp: tls: make use of kernel-driven TX resync
When TCP stream gets out of sync (driver stops receiving skbs
with expected TCP sequence numbers) request a TX resync from
the kernel.
We try to distinguish retransmissions from missed transmissions
by comparing the sequence number to expected - if it's further
than the expected one - we probably missed packets.
Signed-off-by: Jakub Kicinski <jakub.kicinski@...ronome.com>
Reviewed-by: Dirk van der Merwe <dirk.vandermerwe@...ronome.com>
---
.../ethernet/netronome/nfp/crypto/crypto.h | 1 -
.../net/ethernet/netronome/nfp/crypto/tls.c | 21 ++++++++++++-------
.../ethernet/netronome/nfp/nfp_net_common.c | 8 ++++---
3 files changed, 18 insertions(+), 12 deletions(-)
diff --git a/drivers/net/ethernet/netronome/nfp/crypto/crypto.h b/drivers/net/ethernet/netronome/nfp/crypto/crypto.h
index 591924ad920c..60372ddf69f0 100644
--- a/drivers/net/ethernet/netronome/nfp/crypto/crypto.h
+++ b/drivers/net/ethernet/netronome/nfp/crypto/crypto.h
@@ -13,7 +13,6 @@ struct nfp_net_tls_offload_ctx {
*/
u32 next_seq;
- bool out_of_sync;
};
#ifdef CONFIG_TLS_DEVICE
diff --git a/drivers/net/ethernet/netronome/nfp/crypto/tls.c b/drivers/net/ethernet/netronome/nfp/crypto/tls.c
index 93f87b7633b1..3ee829d69c04 100644
--- a/drivers/net/ethernet/netronome/nfp/crypto/tls.c
+++ b/drivers/net/ethernet/netronome/nfp/crypto/tls.c
@@ -390,25 +390,30 @@ nfp_net_tls_resync(struct net_device *netdev, struct sock *sk, u32 seq,
struct nfp_net_tls_offload_ctx *ntls;
struct nfp_crypto_req_update *req;
struct sk_buff *skb;
+ gfp_t flags;
- if (WARN_ON_ONCE(direction != TLS_OFFLOAD_CTX_DIR_RX))
- return;
-
- skb = nfp_net_tls_alloc_simple(nn, sizeof(*req), GFP_ATOMIC);
+ flags = direction == TLS_OFFLOAD_CTX_DIR_TX ? GFP_KERNEL : GFP_ATOMIC;
+ skb = nfp_net_tls_alloc_simple(nn, sizeof(*req), flags);
if (!skb)
return;
- ntls = tls_driver_ctx(sk, TLS_OFFLOAD_CTX_DIR_RX);
+ ntls = tls_driver_ctx(sk, direction);
req = (void *)skb->data;
req->ep_id = 0;
- req->opcode = NFP_NET_CRYPTO_OP_TLS_1_2_AES_GCM_128_DEC;
+ req->opcode = nfp_tls_1_2_dir_to_opcode(direction);
memset(req->resv, 0, sizeof(req->resv));
memcpy(req->handle, ntls->fw_handle, sizeof(ntls->fw_handle));
req->tcp_seq = cpu_to_be32(seq);
memcpy(req->rec_no, rcd_sn, sizeof(req->rec_no));
- nfp_ccm_mbox_post(nn, skb, NFP_CCM_TYPE_CRYPTO_UPDATE,
- sizeof(struct nfp_crypto_reply_simple));
+ if (direction == TLS_OFFLOAD_CTX_DIR_TX) {
+ nfp_net_tls_communicate_simple(nn, skb, "sync",
+ NFP_CCM_TYPE_CRYPTO_UPDATE);
+ ntls->next_seq = seq;
+ } else {
+ nfp_ccm_mbox_post(nn, skb, NFP_CCM_TYPE_CRYPTO_UPDATE,
+ sizeof(struct nfp_crypto_reply_simple));
+ }
}
static const struct tlsdev_ops nfp_net_tls_ops = {
diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
index c9c43abb2427..8e9568b15062 100644
--- a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
+++ b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c
@@ -829,6 +829,7 @@ nfp_net_tls_tx(struct nfp_net_dp *dp, struct nfp_net_r_vector *r_vec,
{
struct nfp_net_tls_offload_ctx *ntls;
struct sk_buff *nskb;
+ bool resync_pending;
u32 datalen, seq;
if (likely(!dp->ktls_tx))
@@ -839,7 +840,8 @@ nfp_net_tls_tx(struct nfp_net_dp *dp, struct nfp_net_r_vector *r_vec,
datalen = skb->len - (skb_transport_offset(skb) + tcp_hdrlen(skb));
seq = ntohl(tcp_hdr(skb)->seq);
ntls = tls_driver_ctx(skb->sk, TLS_OFFLOAD_CTX_DIR_TX);
- if (unlikely(ntls->next_seq != seq || ntls->out_of_sync)) {
+ resync_pending = tls_offload_tx_resync_pending(skb->sk);
+ if (unlikely(resync_pending || ntls->next_seq != seq)) {
/* Pure ACK out of order already */
if (!datalen)
return skb;
@@ -869,8 +871,8 @@ nfp_net_tls_tx(struct nfp_net_dp *dp, struct nfp_net_r_vector *r_vec,
}
/* jump forward, a TX may have gotten lost, need to sync TX */
- if (!ntls->out_of_sync && seq - ntls->next_seq < U32_MAX / 4)
- ntls->out_of_sync = true;
+ if (!resync_pending && seq - ntls->next_seq < U32_MAX / 4)
+ tls_offload_tx_resync_request(nskb->sk);
*nr_frags = 0;
return nskb;
--
2.21.0
Powered by blists - more mailing lists