From patchwork Fri Oct 4 23:19:22 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1172081 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="IgRM7c2o"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46lQnZ6rT6z9sNw for ; Sat, 5 Oct 2019 09:19:46 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731347AbfJDXTq (ORCPT ); Fri, 4 Oct 2019 19:19:46 -0400 Received: from mail-qk1-f193.google.com ([209.85.222.193]:36521 "EHLO mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725730AbfJDXTp (ORCPT ); Fri, 4 Oct 2019 19:19:45 -0400 Received: by mail-qk1-f193.google.com with SMTP id y189so7407615qkc.3 for ; Fri, 04 Oct 2019 16:19:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Gcp4XuNJfB3xqTC6u+c8esqIXeYIJ8b3NGcR584ASdY=; b=IgRM7c2oJYZLWjlkVhhUbB+o8xXFMSatAe45rrGDEm0Emyu+SYyCFsilxOFoGpdfv2 7XZbEKIuOTUveGYCHoF2nWmjoHPvurdN/mB8GEUGn5WCPeU+kVLA6o+mrCylukjpivRs gdBRejXxnGlZ5MKYnxBhH3PQAhdRwgo4EkgqE0n8+eHJjQVxvZgTn+e8T07kaJO7wc8f wbLm8mNviozAnzN2CkJOw0hpF4dCLu2wt0ZDcpb7G9jvo5IrXMsjV0hZCwBVY6zcZfrE IckW837jwWYR35Tbq6+6L6JKsHBR6UChL8YlPWNq/p2euMqMf72EV3kPIeCN2JtWiKyo TK9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Gcp4XuNJfB3xqTC6u+c8esqIXeYIJ8b3NGcR584ASdY=; b=WFPFJbUPZPlqtwXlSyooboCiwb3BunIZ/FpcI3N3mlWYzL3L4SJbX+Cg4x01LbrjMX Y4LOXj0BMCBi3NJC6jKqsDT3RfsEhWITS666sFlywedSWkiMdVgVktZNJ5CkV94t8nMk OcEYtv9uIN9XX6cZTna0PieEXDRBCmQ5VRlSNJ05yQDd6TCsEYIj/mpJenxDqjk/K1/S fJWiukvFYZIY2U6tDtaZNFPyoEHK/td35tgeZTPhiOgAI2oMEeYF61IUFDJpyjrC3hLM ph9DUrqPYf7vQESFxnS4f8QyCLTsp+AgcWWlVEU2kYCfMdWQN070BVADwJejc+BLb1FK f0Qg== X-Gm-Message-State: APjAAAULl/a6rx1UdSj2At01gj7HEqqP6kOjHG5pVFHkcRCCtTeaN4pA 7OD12oyCCJP8Xon4soanxBaitw== X-Google-Smtp-Source: APXvYqzMIbUNKFyq9f2T/89Hw6cakt2O1Q7FABEsSKoFA7Gvr29boRWUld6cJIhZ6we44syYR0NaCQ== X-Received: by 2002:a37:b41:: with SMTP id 62mr12750497qkl.451.1570231184329; Fri, 04 Oct 2019 16:19:44 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id z46sm4653398qth.62.2019.10.04.16.19.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Oct 2019 16:19:43 -0700 (PDT) From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, davejwatson@fb.com, borisp@mellanox.com, aviadye@mellanox.com, john.fastabend@gmail.com, daniel@iogearbox.net, Jakub Kicinski Subject: [PATCH net-next 1/6] net/tls: add tracing for device/offload events Date: Fri, 4 Oct 2019 16:19:22 -0700 Message-Id: <20191004231927.21134-2-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191004231927.21134-1-jakub.kicinski@netronome.com> References: <20191004231927.21134-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add tracing of device-related interaction to aid performance analysis, especially around resync: tls:tls_device_offload_set tls:tls_device_rx_resync_send tls:tls_device_rx_resync_nh_schedule tls:tls_device_rx_resync_nh_delay tls:tls_device_tx_resync_req tls:tls_device_tx_resync_send Signed-off-by: Jakub Kicinski --- .../ethernet/netronome/nfp/nfp_net_common.c | 3 +- include/net/tls.h | 8 +- net/tls/Makefile | 4 +- net/tls/tls_device.c | 30 +++- net/tls/trace.c | 10 ++ net/tls/trace.h | 169 ++++++++++++++++++ 6 files changed, 213 insertions(+), 11 deletions(-) create mode 100644 net/tls/trace.c create mode 100644 net/tls/trace.h diff --git a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c index 61aabffc8888..bcdcd6de7dea 100644 --- a/drivers/net/ethernet/netronome/nfp/nfp_net_common.c +++ b/drivers/net/ethernet/netronome/nfp/nfp_net_common.c @@ -872,7 +872,8 @@ nfp_net_tls_tx(struct nfp_net_dp *dp, struct nfp_net_r_vector *r_vec, /* jump forward, a TX may have gotten lost, need to sync TX */ if (!resync_pending && seq - ntls->next_seq < U32_MAX / 4) - tls_offload_tx_resync_request(nskb->sk); + tls_offload_tx_resync_request(nskb->sk, seq, + ntls->next_seq); *nr_frags = 0; return nskb; diff --git a/include/net/tls.h b/include/net/tls.h index 5c48cb9e0c18..38086ade65ce 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -594,13 +594,6 @@ tls_offload_rx_resync_set_type(struct sock *sk, enum tls_offload_sync_type type) tls_offload_ctx_rx(tls_ctx)->resync_type = type; } -static inline void tls_offload_tx_resync_request(struct sock *sk) -{ - struct tls_context *tls_ctx = tls_get_ctx(sk); - - WARN_ON(test_and_set_bit(TLS_TX_SYNC_SCHED, &tls_ctx->flags)); -} - /* Driver's seq tracking has to be disabled until resync succeeded */ static inline bool tls_offload_tx_resync_pending(struct sock *sk) { @@ -634,6 +627,7 @@ void tls_device_free_resources_tx(struct sock *sk); int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx); void tls_device_offload_cleanup_rx(struct sock *sk); void tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq); +void tls_offload_tx_resync_request(struct sock *sk, u32 got_seq, u32 exp_seq); int tls_device_decrypted(struct sock *sk, struct sk_buff *skb); #else static inline void tls_device_init(void) {} diff --git a/net/tls/Makefile b/net/tls/Makefile index 95d8c06a14b9..0606d43d7582 100644 --- a/net/tls/Makefile +++ b/net/tls/Makefile @@ -3,9 +3,11 @@ # Makefile for the TLS subsystem. # +CFLAGS_trace.o := -I$(src) + obj-$(CONFIG_TLS) += tls.o -tls-y := tls_main.o tls_sw.o +tls-y := tls_main.o tls_sw.o trace.o tls-$(CONFIG_TLS_TOE) += tls_toe.o tls-$(CONFIG_TLS_DEVICE) += tls_device.o tls_device_fallback.o diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index f959487c5cd1..9f423caf48e3 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -38,6 +38,8 @@ #include #include +#include "trace.h" + /* device_offload_lock is used to synchronize tls_dev_add * against NETDEV_DOWN notifications. */ @@ -202,6 +204,15 @@ void tls_device_free_resources_tx(struct sock *sk) tls_free_partial_record(sk, tls_ctx); } +void tls_offload_tx_resync_request(struct sock *sk, u32 got_seq, u32 exp_seq) +{ + struct tls_context *tls_ctx = tls_get_ctx(sk); + + trace_tls_device_tx_resync_req(sk, got_seq, exp_seq); + WARN_ON(test_and_set_bit(TLS_TX_SYNC_SCHED, &tls_ctx->flags)); +} +EXPORT_SYMBOL_GPL(tls_offload_tx_resync_request); + static void tls_device_resync_tx(struct sock *sk, struct tls_context *tls_ctx, u32 seq) { @@ -216,6 +227,7 @@ static void tls_device_resync_tx(struct sock *sk, struct tls_context *tls_ctx, rcd_sn = tls_ctx->tx.rec_seq; + trace_tls_device_tx_resync_send(sk, seq, rcd_sn); down_read(&device_offload_lock); netdev = tls_ctx->netdev; if (netdev) @@ -637,10 +649,13 @@ void tls_device_write_space(struct sock *sk, struct tls_context *ctx) static void tls_device_resync_rx(struct tls_context *tls_ctx, struct sock *sk, u32 seq, u8 *rcd_sn) { + struct tls_offload_context_rx *rx_ctx = tls_offload_ctx_rx(tls_ctx); struct net_device *netdev; if (WARN_ON(test_and_set_bit(TLS_RX_SYNC_RUNNING, &tls_ctx->flags))) return; + + trace_tls_device_rx_resync_send(sk, seq, rcd_sn, rx_ctx->resync_type); netdev = READ_ONCE(tls_ctx->netdev); if (netdev) netdev->tlsdev_ops->tls_dev_resync(netdev, sk, seq, rcd_sn, @@ -653,8 +668,8 @@ void tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq) struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_offload_context_rx *rx_ctx; u8 rcd_sn[TLS_MAX_REC_SEQ_SIZE]; + u32 sock_data, is_req_pending; struct tls_prot_info *prot; - u32 is_req_pending; s64 resync_req; u32 req_seq; @@ -683,8 +698,12 @@ void tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq) /* head of next rec is already in, note that the sock_inq will * include the currently parsed message when called from parser */ - if (tcp_inq(sk) > rcd_len) + sock_data = tcp_inq(sk); + if (sock_data > rcd_len) { + trace_tls_device_rx_resync_nh_delay(sk, sock_data, + rcd_len); return; + } rx_ctx->resync_nh_do_now = 0; seq += rcd_len; @@ -728,6 +747,7 @@ static void tls_device_core_ctrl_rx_resync(struct tls_context *tls_ctx, /* head of next rec is already in, parser will sync for us */ if (tcp_inq(sk) > rxm->full_len) { + trace_tls_device_rx_resync_nh_schedule(sk); ctx->resync_nh_do_now = 1; } else { struct tls_prot_info *prot = &tls_ctx->prot_info; @@ -1013,6 +1033,8 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx) rc = netdev->tlsdev_ops->tls_dev_add(netdev, sk, TLS_OFFLOAD_CTX_DIR_TX, &ctx->crypto_send.info, tcp_sk(sk)->write_seq); + trace_tls_device_offload_set(sk, TLS_OFFLOAD_CTX_DIR_TX, + tcp_sk(sk)->write_seq, rec_seq, rc); if (rc) goto release_lock; @@ -1049,6 +1071,7 @@ int tls_set_device_offload(struct sock *sk, struct tls_context *ctx) int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx) { + struct tls12_crypto_info_aes_gcm_128 *info; struct tls_offload_context_rx *context; struct net_device *netdev; int rc = 0; @@ -1096,6 +1119,9 @@ int tls_set_device_offload_rx(struct sock *sk, struct tls_context *ctx) rc = netdev->tlsdev_ops->tls_dev_add(netdev, sk, TLS_OFFLOAD_CTX_DIR_RX, &ctx->crypto_recv.info, tcp_sk(sk)->copied_seq); + info = (void *)&ctx->crypto_recv.info; + trace_tls_device_offload_set(sk, TLS_OFFLOAD_CTX_DIR_RX, + tcp_sk(sk)->copied_seq, info->rec_seq, rc); if (rc) goto free_sw_resources; diff --git a/net/tls/trace.c b/net/tls/trace.c new file mode 100644 index 000000000000..e374913cf9c9 --- /dev/null +++ b/net/tls/trace.c @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +/* Copyright (C) 2019 Netronome Systems, Inc. */ + +#include + +#ifndef __CHECKER__ +#define CREATE_TRACE_POINTS +#include "trace.h" + +#endif diff --git a/net/tls/trace.h b/net/tls/trace.h new file mode 100644 index 000000000000..95b6ded2f9b2 --- /dev/null +++ b/net/tls/trace.h @@ -0,0 +1,169 @@ +/* SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) */ +/* Copyright (C) 2019 Netronome Systems, Inc. */ + +#undef TRACE_SYSTEM +#define TRACE_SYSTEM tls + +#if !defined(_TLS_TRACE_H_) || defined(TRACE_HEADER_MULTI_READ) +#define _TLS_TRACE_H_ + +#include +#include + +struct sock; + +TRACE_EVENT(tls_device_offload_set, + + TP_PROTO(struct sock *sk, int dir, u32 tcp_seq, u8 *rec_no, int ret), + + TP_ARGS(sk, dir, tcp_seq, rec_no, ret), + + TP_STRUCT__entry( + __field( struct sock *, sk ) + __field( u64, rec_no ) + __field( int, dir ) + __field( u32, tcp_seq ) + __field( int, ret ) + ), + + TP_fast_assign( + __entry->sk = sk; + __entry->rec_no = get_unaligned_be64(rec_no); + __entry->dir = dir; + __entry->tcp_seq = tcp_seq; + __entry->ret = ret; + ), + + TP_printk( + "sk=%p direction=%d tcp_seq=%u rec_no=%llu ret=%d", + __entry->sk, __entry->dir, __entry->tcp_seq, __entry->rec_no, + __entry->ret + ) +); + +TRACE_EVENT(tls_device_rx_resync_send, + + TP_PROTO(struct sock *sk, u32 tcp_seq, u8 *rec_no, int sync_type), + + TP_ARGS(sk, tcp_seq, rec_no, sync_type), + + TP_STRUCT__entry( + __field( struct sock *, sk ) + __field( u64, rec_no ) + __field( u32, tcp_seq ) + __field( int, sync_type ) + ), + + TP_fast_assign( + __entry->sk = sk; + __entry->rec_no = get_unaligned_be64(rec_no); + __entry->tcp_seq = tcp_seq; + __entry->sync_type = sync_type; + ), + + TP_printk( + "sk=%p tcp_seq=%u rec_no=%llu sync_type=%d", + __entry->sk, __entry->tcp_seq, __entry->rec_no, + __entry->sync_type + ) +); + +TRACE_EVENT(tls_device_rx_resync_nh_schedule, + + TP_PROTO(struct sock *sk), + + TP_ARGS(sk), + + TP_STRUCT__entry( + __field( struct sock *, sk ) + ), + + TP_fast_assign( + __entry->sk = sk; + ), + + TP_printk( + "sk=%p", __entry->sk + ) +); + +TRACE_EVENT(tls_device_rx_resync_nh_delay, + + TP_PROTO(struct sock *sk, u32 sock_data, u32 rec_len), + + TP_ARGS(sk, sock_data, rec_len), + + TP_STRUCT__entry( + __field( struct sock *, sk ) + __field( u32, sock_data ) + __field( u32, rec_len ) + ), + + TP_fast_assign( + __entry->sk = sk; + __entry->sock_data = sock_data; + __entry->rec_len = rec_len; + ), + + TP_printk( + "sk=%p sock_data=%u rec_len=%u", + __entry->sk, __entry->sock_data, __entry->rec_len + ) +); + +TRACE_EVENT(tls_device_tx_resync_req, + + TP_PROTO(struct sock *sk, u32 tcp_seq, u32 exp_tcp_seq), + + TP_ARGS(sk, tcp_seq, exp_tcp_seq), + + TP_STRUCT__entry( + __field( struct sock *, sk ) + __field( u32, tcp_seq ) + __field( u32, exp_tcp_seq ) + ), + + TP_fast_assign( + __entry->sk = sk; + __entry->tcp_seq = tcp_seq; + __entry->exp_tcp_seq = exp_tcp_seq; + ), + + TP_printk( + "sk=%p tcp_seq=%u exp_tcp_seq=%u", + __entry->sk, __entry->tcp_seq, __entry->exp_tcp_seq + ) +); + +TRACE_EVENT(tls_device_tx_resync_send, + + TP_PROTO(struct sock *sk, u32 tcp_seq, u8 *rec_no), + + TP_ARGS(sk, tcp_seq, rec_no), + + TP_STRUCT__entry( + __field( struct sock *, sk ) + __field( u64, rec_no ) + __field( u32, tcp_seq ) + ), + + TP_fast_assign( + __entry->sk = sk; + __entry->rec_no = get_unaligned_be64(rec_no); + __entry->tcp_seq = tcp_seq; + ), + + TP_printk( + "sk=%p tcp_seq=%u rec_no=%llu", + __entry->sk, __entry->tcp_seq, __entry->rec_no + ) +); + +#endif /* _TLS_TRACE_H_ */ + +#undef TRACE_INCLUDE_PATH +#define TRACE_INCLUDE_PATH . +#undef TRACE_INCLUDE_FILE +#define TRACE_INCLUDE_FILE trace + +#include From patchwork Fri Oct 4 23:19:23 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1172082 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="1fK04LJB"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46lQnb6cqGz9sP7 for ; Sat, 5 Oct 2019 09:19:47 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731447AbfJDXTr (ORCPT ); Fri, 4 Oct 2019 19:19:47 -0400 Received: from mail-qk1-f196.google.com ([209.85.222.196]:34414 "EHLO mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731387AbfJDXTq (ORCPT ); Fri, 4 Oct 2019 19:19:46 -0400 Received: by mail-qk1-f196.google.com with SMTP id q203so7417399qke.1 for ; Fri, 04 Oct 2019 16:19:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/tJ+bTHMQ8uBV04LGOQPS5HsZFDvp9O+pW0Og490cHY=; b=1fK04LJB1WGzJEmFifSsTk/sKdbTSdwo4e0bfygsaGkD3d3xT/qrXU9t4jSA5HlIPl 0b+m0MuiQGpA9hcvVhJ7CNniAqyW5AkX7wQMPQC0lzbXhEeQp8tmT6XpFGlyix+V/Bxf rYyvebkP084UYnR68RHNCfNU5kePmPZPMn4fAIS8HprU4F0vqrAMrToWsGBwbqQx63pW 9vlPKtRMDsyplguBxU4dFB7TVmfp9nr1K0oNrmVVYew7xNnBvpV5Q1fGHZYoVeN04Vhk fa17lE1V2Tca9mpbI0UKlHxZCuGvPPxIDBInHzA6TR/mjLrokYW+phFK7fZdlfhq3P1/ GqNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/tJ+bTHMQ8uBV04LGOQPS5HsZFDvp9O+pW0Og490cHY=; b=fuchy13YsZQP0syxpzwyTBLxEckF16jlucfca/dTwWMShMp9kxRRf4mVedclBMcoTR 1jiwZnFJwurAwn/7nL3vuMunyvr5HZ2l9a3Um55o8jwVyY6uIdmaPNu17ZP81iWAwF46 g8KlSCxwS0oYgDn//Beq/Uupq/tiVIzDO+6uLOk7elVf4f3xPCklaZ1VlSRB5k/pNxt+ zrPJAkUcZ8Rd0El9ZasDG1m5vBkrTDh0YcMPC9pjM8vSCfuXIxcoWtTtCJJLrdb8gIxL cO5KTQ+EFNS0c4GZ7to5F0USAa7F6iyLBZRAJ/iSjZ1qp6LIRN/CurkUoOLsqBfu4por x86w== X-Gm-Message-State: APjAAAUnMLpe6rOW0IZ+J+j6zO4DegbgPSbnz92J7MHJppDxONWxkWmM zkX4eeM1RQPwpi7EUltj0ljUbw== X-Google-Smtp-Source: APXvYqwPSsgjx7qoCmaC1Z0uzxcanMAZbuMIywa8n9KmYXBgiicHw1+yXuwjaMmBZTP/vzis9GFKyg== X-Received: by 2002:a37:66cc:: with SMTP id a195mr11975587qkc.66.1570231185846; Fri, 04 Oct 2019 16:19:45 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id z46sm4653398qth.62.2019.10.04.16.19.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Oct 2019 16:19:45 -0700 (PDT) From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, davejwatson@fb.com, borisp@mellanox.com, aviadye@mellanox.com, john.fastabend@gmail.com, daniel@iogearbox.net, Jakub Kicinski Subject: [PATCH net-next 2/6] net/tls: add device decrypted trace point Date: Fri, 4 Oct 2019 16:19:23 -0700 Message-Id: <20191004231927.21134-3-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191004231927.21134-1-jakub.kicinski@netronome.com> References: <20191004231927.21134-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add a tracepoint to the TLS offload's fast path. This tracepoint can be used to track the decrypted and encrypted status of received records. Records decrypted by the device should have decrypted set to 1, records which have neither decrypted nor decrypted set are partially decrypted, require re-encryption and therefore are most expensive to deal with. Signed-off-by: Jakub Kicinski --- net/tls/tls_device.c | 5 +++++ net/tls/trace.h | 33 +++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 9f423caf48e3..5a9a86bf0ee1 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -850,6 +850,7 @@ int tls_device_decrypted(struct sock *sk, struct sk_buff *skb) { struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_offload_context_rx *ctx = tls_offload_ctx_rx(tls_ctx); + struct strp_msg *rxm = strp_msg(skb); int is_decrypted = skb->decrypted; int is_encrypted = !is_decrypted; struct sk_buff *skb_iter; @@ -860,6 +861,10 @@ int tls_device_decrypted(struct sock *sk, struct sk_buff *skb) is_encrypted &= !skb_iter->decrypted; } + trace_tls_device_decrypted(sk, tcp_sk(sk)->copied_seq - rxm->full_len, + tls_ctx->rx.rec_seq, rxm->full_len, + is_encrypted, is_decrypted); + ctx->sw.decrypted |= is_decrypted; /* Return immediately if the record is either entirely plaintext or diff --git a/net/tls/trace.h b/net/tls/trace.h index 95b6ded2f9b2..9ba5f600ea43 100644 --- a/net/tls/trace.h +++ b/net/tls/trace.h @@ -41,6 +41,39 @@ TRACE_EVENT(tls_device_offload_set, ) ); +TRACE_EVENT(tls_device_decrypted, + + TP_PROTO(struct sock *sk, u32 tcp_seq, u8 *rec_no, u32 rec_len, + bool encrypted, bool decrypted), + + TP_ARGS(sk, tcp_seq, rec_no, rec_len, encrypted, decrypted), + + TP_STRUCT__entry( + __field( struct sock *, sk ) + __field( u64, rec_no ) + __field( u32, tcp_seq ) + __field( u32, rec_len ) + __field( bool, encrypted ) + __field( bool, decrypted ) + ), + + TP_fast_assign( + __entry->sk = sk; + __entry->rec_no = get_unaligned_be64(rec_no); + __entry->tcp_seq = tcp_seq; + __entry->rec_len = rec_len; + __entry->encrypted = encrypted; + __entry->decrypted = decrypted; + ), + + TP_printk( + "sk=%p tcp_seq=%u rec_no=%llu len=%u encrypted=%d decrypted=%d", + __entry->sk, __entry->tcp_seq, + __entry->rec_no, __entry->rec_len, + __entry->encrypted, __entry->decrypted + ) +); + TRACE_EVENT(tls_device_rx_resync_send, TP_PROTO(struct sock *sk, u32 tcp_seq, u8 *rec_no, int sync_type), From patchwork Fri Oct 4 23:19:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1172083 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="iJ1mi9L3"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46lQnf4xr0z9sNw for ; Sat, 5 Oct 2019 09:19:50 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731517AbfJDXTt (ORCPT ); Fri, 4 Oct 2019 19:19:49 -0400 Received: from mail-qk1-f194.google.com ([209.85.222.194]:41937 "EHLO mail-qk1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731387AbfJDXTt (ORCPT ); Fri, 4 Oct 2019 19:19:49 -0400 Received: by mail-qk1-f194.google.com with SMTP id p10so7365128qkg.8 for ; Fri, 04 Oct 2019 16:19:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=TerU2gfNzio93w4tFn9guwsNAHFZKIhJdcV4fi72+BY=; b=iJ1mi9L3kxPDze+XW/zAy3XtSeHfixmbFUxVnSONHZ0AWKT0rbwkRtRuTVLuPA16vj vnWM2QfuInU9rS9lDsM/VNozV0rFvTu69wklqC2jut6HpZ883wC2zb/jBYIeytyyJD/L TrI4IyNXs4FcCgZSpeNTC8UJPSakN7MwUKYXWEqYrcakoCoKYvcNxOnBkNuVpReRfMV3 jAD5aCNpUSXTqGjCBkZ5Y95CSlIe1dA/OBcYTkAFdA4uOdK8vK53jxai9kWqKvgTjewg 17XDvXXe/gXM823eXRw69kprFbTODfcZ244InYg5Pa1Tpr+FyOOtGFT+qwUedyyPjupE ZB6g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TerU2gfNzio93w4tFn9guwsNAHFZKIhJdcV4fi72+BY=; b=I1Zq048vx9/i7v4L4KzxZZOBHa98+0ecv3JCUa8jSost88230JVGPthfX5NmDTYyAr g6igLjfxdYDOSFEYkYoLYosYkOy5fo0Sa2Nhn31pMbtnWCAbLVAGrz705FWPMWLoCa9b p0EILZiKAuZEtuW7gmOWcJp/mqicgxxcZvuVfXm6O9qKck1jNmXPKqOr5jkmAgJkSv/D yQZssijaILSxapD/W2nq0AiR6jXaZWXYnXOm5hEb+m38lQdeXUbgF3cjZqu11d3OYvFl s02LLHPTo3M6ya/XHlbGenVGM4v4xcnbP97YTAyF21QdWjdKH4nc9OL3JgNBDug6P8At iTPg== X-Gm-Message-State: APjAAAUT9s+XNrQx3qjWL+UAR3AHMVsv/lPXkC//92vsyUy6k1/8QNO4 KaDEC7fb+jt8laI/sk5hFPuTJg== X-Google-Smtp-Source: APXvYqyYcBZIKglRFmyQBlRIXrpGA/sOxoYqvlbEOnuqafz/RLJ7j/difi9OYH5jhU9cmbkV32FWPA== X-Received: by 2002:a37:a704:: with SMTP id q4mr2257869qke.385.1570231187393; Fri, 04 Oct 2019 16:19:47 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id z46sm4653398qth.62.2019.10.04.16.19.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Oct 2019 16:19:46 -0700 (PDT) From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, davejwatson@fb.com, borisp@mellanox.com, aviadye@mellanox.com, john.fastabend@gmail.com, daniel@iogearbox.net, Jakub Kicinski Subject: [PATCH net-next 3/6] net/tls: add skeleton of MIB statistics Date: Fri, 4 Oct 2019 16:19:24 -0700 Message-Id: <20191004231927.21134-4-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191004231927.21134-1-jakub.kicinski@netronome.com> References: <20191004231927.21134-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add a skeleton structure for adding TLS statistics. Signed-off-by: Jakub Kicinski --- Documentation/networking/tls.rst | 6 ++++++ include/net/netns/mib.h | 3 +++ include/net/snmp.h | 6 ++++++ include/net/tls.h | 13 +++++++++++ include/uapi/linux/snmp.h | 7 ++++++ net/tls/Makefile | 2 +- net/tls/tls_main.c | 37 ++++++++++++++++++++++++++++++++ net/tls/tls_proc.c | 37 ++++++++++++++++++++++++++++++++ 8 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 net/tls/tls_proc.c diff --git a/Documentation/networking/tls.rst b/Documentation/networking/tls.rst index 5bcbf75e2025..a6ee595630ed 100644 --- a/Documentation/networking/tls.rst +++ b/Documentation/networking/tls.rst @@ -213,3 +213,9 @@ A patchset to OpenSSL to use ktls as the record layer is of calling send directly after a handshake using gnutls. Since it doesn't implement a full record layer, control messages are not supported. + +Statistics +========== + +TLS implementation exposes the following per-namespace statistics +(``/proc/net/tls_stat``): diff --git a/include/net/netns/mib.h b/include/net/netns/mib.h index 830bdf345b17..b5fdb108d602 100644 --- a/include/net/netns/mib.h +++ b/include/net/netns/mib.h @@ -24,6 +24,9 @@ struct netns_mib { #ifdef CONFIG_XFRM_STATISTICS DEFINE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics); #endif +#if IS_ENABLED(CONFIG_TLS) + DEFINE_SNMP_STAT(struct linux_tls_mib, tls_statistics); +#endif }; #endif diff --git a/include/net/snmp.h b/include/net/snmp.h index cb8ced4380a6..468a67836e2f 100644 --- a/include/net/snmp.h +++ b/include/net/snmp.h @@ -111,6 +111,12 @@ struct linux_xfrm_mib { unsigned long mibs[LINUX_MIB_XFRMMAX]; }; +/* Linux TLS */ +#define LINUX_MIB_TLSMAX __LINUX_MIB_TLSMAX +struct linux_tls_mib { + unsigned long mibs[LINUX_MIB_TLSMAX]; +}; + #define DEFINE_SNMP_STAT(type, name) \ __typeof__(type) __percpu *name #define DEFINE_SNMP_STAT_ATOMIC(type, name) \ diff --git a/include/net/tls.h b/include/net/tls.h index 38086ade65ce..24c37bffc961 100644 --- a/include/net/tls.h +++ b/include/net/tls.h @@ -43,6 +43,7 @@ #include #include +#include #include #include #include @@ -73,6 +74,15 @@ */ #define TLS_AES_CCM_IV_B0_BYTE 2 +#define __TLS_INC_STATS(net, field) \ + __SNMP_INC_STATS((net)->mib.tls_statistics, field) +#define TLS_INC_STATS(net, field) \ + SNMP_INC_STATS((net)->mib.tls_statistics, field) +#define __TLS_DEC_STATS(net, field) \ + __SNMP_DEC_STATS((net)->mib.tls_statistics, field) +#define TLS_DEC_STATS(net, field) \ + SNMP_DEC_STATS((net)->mib.tls_statistics, field) + enum { TLS_BASE, TLS_SW, @@ -605,6 +615,9 @@ static inline bool tls_offload_tx_resync_pending(struct sock *sk) return ret; } +int __net_init tls_proc_init(struct net *net); +void __net_exit tls_proc_fini(struct net *net); + int tls_proccess_cmsg(struct sock *sk, struct msghdr *msg, unsigned char *record_type); int decrypt_skb(struct sock *sk, struct sk_buff *skb, diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h index 549a31c29f7d..4abd57948ad4 100644 --- a/include/uapi/linux/snmp.h +++ b/include/uapi/linux/snmp.h @@ -323,4 +323,11 @@ enum __LINUX_MIB_XFRMMAX }; +/* linux TLS mib definitions */ +enum +{ + LINUX_MIB_TLSNUM = 0, + __LINUX_MIB_TLSMAX +}; + #endif /* _LINUX_SNMP_H */ diff --git a/net/tls/Makefile b/net/tls/Makefile index 0606d43d7582..f1ffbfe8968d 100644 --- a/net/tls/Makefile +++ b/net/tls/Makefile @@ -7,7 +7,7 @@ CFLAGS_trace.o := -I$(src) obj-$(CONFIG_TLS) += tls.o -tls-y := tls_main.o tls_sw.o trace.o +tls-y := tls_main.o tls_sw.o tls_proc.o trace.o tls-$(CONFIG_TLS_TOE) += tls_toe.o tls-$(CONFIG_TLS_DEVICE) += tls_device.o tls_device_fallback.o diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 237e58e4928a..686eba0df590 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -41,6 +41,7 @@ #include #include +#include #include #include @@ -795,6 +796,35 @@ static size_t tls_get_info_size(const struct sock *sk) return size; } +static int __net_init tls_init_net(struct net *net) +{ + int err; + + net->mib.tls_statistics = alloc_percpu(struct linux_tls_mib); + if (!net->mib.tls_statistics) + return -ENOMEM; + + err = tls_proc_init(net); + if (err) + goto err_free_stats; + + return 0; +err_free_stats: + free_percpu(net->mib.tls_statistics); + return err; +} + +static void __net_exit tls_exit_net(struct net *net) +{ + tls_proc_fini(net); + free_percpu(net->mib.tls_statistics); +} + +static struct pernet_operations tls_proc_ops = { + .init = tls_init_net, + .exit = tls_exit_net, +}; + static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = { .name = "tls", .owner = THIS_MODULE, @@ -806,6 +836,12 @@ static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = { static int __init tls_register(void) { + int err; + + err = register_pernet_subsys(&tls_proc_ops); + if (err) + return err; + tls_sw_proto_ops = inet_stream_ops; tls_sw_proto_ops.splice_read = tls_sw_splice_read; @@ -819,6 +855,7 @@ static void __exit tls_unregister(void) { tcp_unregister_ulp(&tcp_tls_ulp_ops); tls_device_cleanup(); + unregister_pernet_subsys(&tls_proc_ops); } module_init(tls_register); diff --git a/net/tls/tls_proc.c b/net/tls/tls_proc.c new file mode 100644 index 000000000000..4ecc7c35d2f7 --- /dev/null +++ b/net/tls/tls_proc.c @@ -0,0 +1,37 @@ +// SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) +/* Copyright (C) 2019 Netronome Systems, Inc. */ + +#include +#include +#include +#include + +static const struct snmp_mib tls_mib_list[] = { + SNMP_MIB_SENTINEL +}; + +static int tls_statistics_seq_show(struct seq_file *seq, void *v) +{ + unsigned long buf[LINUX_MIB_TLSMAX] = {}; + struct net *net = seq->private; + int i; + + snmp_get_cpu_field_batch(buf, tls_mib_list, net->mib.tls_statistics); + for (i = 0; tls_mib_list[i].name; i++) + seq_printf(seq, "%-32s\t%lu\n", tls_mib_list[i].name, buf[i]); + + return 0; +} + +int __net_init tls_proc_init(struct net *net) +{ + if (!proc_create_net_single("tls_stat", 0444, net->proc_net, + tls_statistics_seq_show, NULL)) + return -ENOMEM; + return 0; +} + +void __net_exit tls_proc_fini(struct net *net) +{ + remove_proc_entry("tls_stat", net->proc_net); +} From patchwork Fri Oct 4 23:19:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1172084 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="gHXh13Qz"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46lQng3Qqnz9sP7 for ; Sat, 5 Oct 2019 09:19:51 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731569AbfJDXTu (ORCPT ); Fri, 4 Oct 2019 19:19:50 -0400 Received: from mail-qk1-f193.google.com ([209.85.222.193]:38394 "EHLO mail-qk1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731461AbfJDXTt (ORCPT ); Fri, 4 Oct 2019 19:19:49 -0400 Received: by mail-qk1-f193.google.com with SMTP id u186so7394531qkc.5 for ; Fri, 04 Oct 2019 16:19:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=CXfifb6bYDRxcf0uxkKHuRVZMD6qU6qHFLXrnM88Gns=; b=gHXh13QzhO+dM6vSktks9wt0ZzfveH91LsEAVgKVCkOvpEuhp80J7kth1kjz/0pasg xIaNaA9kQ3v7z8qb1aohmoNLhgBGb9QB4J0QPPykDS4dL2+MrE2vlMwWqbNoI/R1JwkR n24cqy0XU5Zuh7Ha1CO5dS0G/IA2dq/P2UGC1Fagtdk87qkIn30e5MBP5Dq6T9OgsG/X Qc3Q0O68H7DODmV1DN8MF0zPr7j55dCb9cH0/NWaNFot8yhZNTkrgqJOpPi+Jgvr89MD KCu3hDTjiXdfGP/t90mQu8/Rd7upvemvKg1+mJ/IFRqLfzNqKSo0bjO4ijSMR7FqD0OZ /k0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=CXfifb6bYDRxcf0uxkKHuRVZMD6qU6qHFLXrnM88Gns=; b=MdQHuyNmNwL9RKFh2NG54DrA/POmO7xhTPatWTzhHjit28gi/skgg8fWLCWpwEW+t+ VKw1dHpYY1X/9fLdOm6EI5X59A3B+LChqw9ptduYd099OEnXUHca1IdSzGDp5TSRaeMJ 2t0iQGM/0V+4T0LnBdvafSBpFJ/l0pRfUwosCP27IsqLTHSZPczr6NU518PeilApSNKV aB0cGThqQGAmbOBJfTyWTbVIg12B0Y79fUnQVsevAtDQxM9UgQKu5wr2A/U9rUG+kdG7 bjHK5fwZ9pvszwRn98c4IIGq028SOTFzQinHpdl4e7zXnYc6KL8hTVpQz4EDXzwE1/9X RM5A== X-Gm-Message-State: APjAAAURAIFtxt+/2JMFqmmz4iia+W7M/ZnOndXrqs24RCC4miSRTZqQ U/Nm9jYucpbZ2NkVNfukvK61sdUxYnU= X-Google-Smtp-Source: APXvYqx6uF2TD1p+oHWhIAmYR7yIHlvvxxLyfH+6occcurERM0vN8KkQVOLRntcoWz4HKUQCW+jraQ== X-Received: by 2002:ae9:dd42:: with SMTP id r63mr12758067qkf.394.1570231188906; Fri, 04 Oct 2019 16:19:48 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id z46sm4653398qth.62.2019.10.04.16.19.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Oct 2019 16:19:48 -0700 (PDT) From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, davejwatson@fb.com, borisp@mellanox.com, aviadye@mellanox.com, john.fastabend@gmail.com, daniel@iogearbox.net, Jakub Kicinski Subject: [PATCH net-next 4/6] net/tls: add statistics for installed sessions Date: Fri, 4 Oct 2019 16:19:25 -0700 Message-Id: <20191004231927.21134-5-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191004231927.21134-1-jakub.kicinski@netronome.com> References: <20191004231927.21134-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add SNMP stats for number of sockets with successfully installed sessions. Break them down to software and hardware ones. Note that if hardware offload fails stack uses software implementation, and counts the session appropriately. Signed-off-by: Jakub Kicinski --- Documentation/networking/tls.rst | 14 ++++++++++++++ include/uapi/linux/snmp.h | 8 ++++++++ net/tls/tls_main.c | 23 +++++++++++++++++++---- net/tls/tls_proc.c | 8 ++++++++ 4 files changed, 49 insertions(+), 4 deletions(-) diff --git a/Documentation/networking/tls.rst b/Documentation/networking/tls.rst index a6ee595630ed..cfba587af5c9 100644 --- a/Documentation/networking/tls.rst +++ b/Documentation/networking/tls.rst @@ -219,3 +219,17 @@ Statistics TLS implementation exposes the following per-namespace statistics (``/proc/net/tls_stat``): + +- ``TlsCurrTxSw``, ``TlsCurrRxSw`` - + number of TX and RX sessions currently installed where host handles + cryptography + +- ``TlsCurrTxDevice``, ``TlsCurrRxDevice`` - + number of TX and RX sessions currently installed where NIC handles + cryptography + +- ``TlsTxSw``, ``TlsRxSw`` - + number of TX and RX sessions opened with host cryptography + +- ``TlsTxDevice``, ``TlsRxDevice`` - + number of TX and RX sessions opened with NIC cryptography diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h index 4abd57948ad4..1b4613b5af70 100644 --- a/include/uapi/linux/snmp.h +++ b/include/uapi/linux/snmp.h @@ -327,6 +327,14 @@ enum enum { LINUX_MIB_TLSNUM = 0, + LINUX_MIB_TLSCURRTXSW, /* TlsCurrTxSw */ + LINUX_MIB_TLSCURRRXSW, /* TlsCurrRxSw */ + LINUX_MIB_TLSCURRTXDEVICE, /* TlsCurrTxDevice */ + LINUX_MIB_TLSCURRRXDEVICE, /* TlsCurrRxDevice */ + LINUX_MIB_TLSTXSW, /* TlsTxSw */ + LINUX_MIB_TLSRXSW, /* TlsRxSw */ + LINUX_MIB_TLSTXDEVICE, /* TlsTxDevice */ + LINUX_MIB_TLSRXDEVICE, /* TlsRxDevice */ __LINUX_MIB_TLSMAX }; diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c index 686eba0df590..f144b965704e 100644 --- a/net/tls/tls_main.c +++ b/net/tls/tls_main.c @@ -286,14 +286,19 @@ static void tls_sk_proto_cleanup(struct sock *sk, kfree(ctx->tx.rec_seq); kfree(ctx->tx.iv); tls_sw_release_resources_tx(sk); + TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW); } else if (ctx->tx_conf == TLS_HW) { tls_device_free_resources_tx(sk); + TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE); } - if (ctx->rx_conf == TLS_SW) + if (ctx->rx_conf == TLS_SW) { tls_sw_release_resources_rx(sk); - else if (ctx->rx_conf == TLS_HW) + TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW); + } else if (ctx->rx_conf == TLS_HW) { tls_device_offload_cleanup_rx(sk); + TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE); + } } static void tls_sk_proto_close(struct sock *sk, long timeout) @@ -534,19 +539,29 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval, if (tx) { rc = tls_set_device_offload(sk, ctx); conf = TLS_HW; - if (rc) { + if (!rc) { + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXDEVICE); + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE); + } else { rc = tls_set_sw_offload(sk, ctx, 1); if (rc) goto err_crypto_info; + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXSW); + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW); conf = TLS_SW; } } else { rc = tls_set_device_offload_rx(sk, ctx); conf = TLS_HW; - if (rc) { + if (!rc) { + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXDEVICE); + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE); + } else { rc = tls_set_sw_offload(sk, ctx, 0); if (rc) goto err_crypto_info; + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXSW); + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW); conf = TLS_SW; } tls_sw_strparser_arm(sk, ctx); diff --git a/net/tls/tls_proc.c b/net/tls/tls_proc.c index 4ecc7c35d2f7..1b1f3783badc 100644 --- a/net/tls/tls_proc.c +++ b/net/tls/tls_proc.c @@ -7,6 +7,14 @@ #include static const struct snmp_mib tls_mib_list[] = { + SNMP_MIB_ITEM("TlsCurrTxSw", LINUX_MIB_TLSCURRTXSW), + SNMP_MIB_ITEM("TlsCurrRxSw", LINUX_MIB_TLSCURRRXSW), + SNMP_MIB_ITEM("TlsCurrTxDevice", LINUX_MIB_TLSCURRTXDEVICE), + SNMP_MIB_ITEM("TlsCurrRxDevice", LINUX_MIB_TLSCURRRXDEVICE), + SNMP_MIB_ITEM("TlsTxSw", LINUX_MIB_TLSTXSW), + SNMP_MIB_ITEM("TlsRxSw", LINUX_MIB_TLSRXSW), + SNMP_MIB_ITEM("TlsTxDevice", LINUX_MIB_TLSTXDEVICE), + SNMP_MIB_ITEM("TlsRxDevice", LINUX_MIB_TLSRXDEVICE), SNMP_MIB_SENTINEL }; From patchwork Fri Oct 4 23:19:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1172085 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="QsY8Ystu"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46lQnk5Pqkz9sNw for ; Sat, 5 Oct 2019 09:19:54 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731630AbfJDXTy (ORCPT ); Fri, 4 Oct 2019 19:19:54 -0400 Received: from mail-qt1-f195.google.com ([209.85.160.195]:43709 "EHLO mail-qt1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731461AbfJDXTx (ORCPT ); Fri, 4 Oct 2019 19:19:53 -0400 Received: by mail-qt1-f195.google.com with SMTP id c3so10820655qtv.10 for ; Fri, 04 Oct 2019 16:19:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+0eqHGTyvAmjESpJMkU3b/crAwl9rLtoJF/dY89RqiA=; b=QsY8YstujIUBXQj3GXSOT8Rf84QZ4ybTvC63fpmNZ2b+c9AQcIQHzZrhiMXPbLM+W+ berQVt4F75Tn+MTe5PLB5V+XT1Rm3HQSM2Br0Yl5AQaC0dUz347wsidt0dyYLg5qR+u2 N+/B7ZBNW1c0FFXPail3bBklTBxHz6siujMRjG8rvcCJR3ITDyNx7jm3Z+LpnTrtfZO4 BQb9IAK/LmVhniDJTt9xDjRYivzeFqnJZVgy5MiuoQz9GOkSY+zU0iHuuCr3otajxmaV HENe/ZaonE1PQ9s0iCOiqqdsy2OarmhKfF/dcVFl04JL81QBjm7TW9j+v9boXtiYecxX FbuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+0eqHGTyvAmjESpJMkU3b/crAwl9rLtoJF/dY89RqiA=; b=n9S0XYEpu1ejuzdS2u1XMLnUqbzbZhZTl2y1Do3lD6or+gWlBQe7GS6ADYierDjva1 6NyTmLA0MTVo3UwS3T7YQ6mdxGP1G83Kh2bMsUdoUuWeFFZ9M+9LaH1h6cJy/jsKy7kF o0kqW9kL6r/typ61ju1pIE6jjMcMM/IE8Yd4/B2ep6ms0whLRRxdMZqfM5d2yWiphr0A Ty46yfeMm/AeCPUZ8ZWVoGNG2NQY75n8Afn1BhZixPcUHsh1+6fX38pLxNpaS2bb00Ub nuG4aEfzLlvGwPTywJUWu0tu4gkIFoRO1rJHXHipiNNM2x6SEqNb6O2Vn231KaJnAU10 LsXw== X-Gm-Message-State: APjAAAWXUac11geE7tjCmJ2B3P6ovABpwXegeHz7KncV2/cU3qhOWfho b5c+FtMiEUpLH5DntUy/75Y2Ig== X-Google-Smtp-Source: APXvYqw/YWa5hSNIE2hgiQg6N4Mr3x/S0cWOnk5Fj5Y939qZhuu2upcLaK9dd02Jnd8LLpSLIWLxNA== X-Received: by 2002:ac8:3195:: with SMTP id h21mr19534949qte.350.1570231191099; Fri, 04 Oct 2019 16:19:51 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id z46sm4653398qth.62.2019.10.04.16.19.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Oct 2019 16:19:49 -0700 (PDT) From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, davejwatson@fb.com, borisp@mellanox.com, aviadye@mellanox.com, john.fastabend@gmail.com, daniel@iogearbox.net, Jakub Kicinski Subject: [PATCH net-next 5/6] net/tls: add TlsDecryptError stat Date: Fri, 4 Oct 2019 16:19:26 -0700 Message-Id: <20191004231927.21134-6-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191004231927.21134-1-jakub.kicinski@netronome.com> References: <20191004231927.21134-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add a statistic for TLS record decryption errors. Since devices are supposed to pass records as-is when they encounter errors this statistic will count bad records in both pure software and inline crypto configurations. Signed-off-by: Jakub Kicinski --- Documentation/networking/tls.rst | 3 +++ include/uapi/linux/snmp.h | 1 + net/tls/tls_proc.c | 1 + net/tls/tls_sw.c | 5 +++++ 4 files changed, 10 insertions(+) diff --git a/Documentation/networking/tls.rst b/Documentation/networking/tls.rst index cfba587af5c9..ab82362dd819 100644 --- a/Documentation/networking/tls.rst +++ b/Documentation/networking/tls.rst @@ -233,3 +233,6 @@ TLS implementation exposes the following per-namespace statistics - ``TlsTxDevice``, ``TlsRxDevice`` - number of TX and RX sessions opened with NIC cryptography + +- ``TlsDecryptError`` - + record decryption failed (e.g. due to incorrect authentication tag) diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h index 1b4613b5af70..c9e4963e26f0 100644 --- a/include/uapi/linux/snmp.h +++ b/include/uapi/linux/snmp.h @@ -335,6 +335,7 @@ enum LINUX_MIB_TLSRXSW, /* TlsRxSw */ LINUX_MIB_TLSTXDEVICE, /* TlsTxDevice */ LINUX_MIB_TLSRXDEVICE, /* TlsRxDevice */ + LINUX_MIB_TLSDECRYPTERROR, /* TlsDecryptError */ __LINUX_MIB_TLSMAX }; diff --git a/net/tls/tls_proc.c b/net/tls/tls_proc.c index 1b1f3783badc..2bea7ef4823c 100644 --- a/net/tls/tls_proc.c +++ b/net/tls/tls_proc.c @@ -15,6 +15,7 @@ static const struct snmp_mib tls_mib_list[] = { SNMP_MIB_ITEM("TlsRxSw", LINUX_MIB_TLSRXSW), SNMP_MIB_ITEM("TlsTxDevice", LINUX_MIB_TLSTXDEVICE), SNMP_MIB_ITEM("TlsRxDevice", LINUX_MIB_TLSRXDEVICE), + SNMP_MIB_ITEM("TlsDecryptError", LINUX_MIB_TLSDECRYPTERROR), SNMP_MIB_SENTINEL }; diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c index c2b5e0d2ba1a..0b1e86f856eb 100644 --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -168,6 +168,9 @@ static void tls_decrypt_done(struct crypto_async_request *req, int err) /* Propagate if there was an err */ if (err) { + if (err == -EBADMSG) + TLS_INC_STATS(sock_net(skb->sk), + LINUX_MIB_TLSDECRYPTERROR); ctx->async_wait.err = err; tls_err_abort(skb->sk, err); } else { @@ -253,6 +256,8 @@ static int tls_do_decryption(struct sock *sk, return ret; ret = crypto_wait_req(ret, &ctx->async_wait); + } else if (ret == -EBADMSG) { + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSDECRYPTERROR); } if (async) From patchwork Fri Oct 4 23:19:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jakub Kicinski X-Patchwork-Id: 1172086 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=netronome.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=netronome-com.20150623.gappssmtp.com header.i=@netronome-com.20150623.gappssmtp.com header.b="PAvaeytL"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46lQnm2fw8z9sNw for ; Sat, 5 Oct 2019 09:19:56 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731635AbfJDXTz (ORCPT ); Fri, 4 Oct 2019 19:19:55 -0400 Received: from mail-qt1-f196.google.com ([209.85.160.196]:39620 "EHLO mail-qt1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731593AbfJDXTx (ORCPT ); Fri, 4 Oct 2019 19:19:53 -0400 Received: by mail-qt1-f196.google.com with SMTP id n7so10846010qtb.6 for ; Fri, 04 Oct 2019 16:19:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=kLO+1RVBPzfq69ohl1dd4R6zmwVoF+TZpJ7jLdc5g/I=; b=PAvaeytL50Z8HJxvh5cW5tYpZrUiGxjUg9qB4iGSyOgF9KF0UBUZUCvf/94U/zF5yu 5co/FL0FTCZto/GSWEPMQ2f5Fr2qsIsBZ8vuyD1EWl3v7px674TitKdSo3ENLILyPSLo SztWt3eTV62wrfDexX4bUDxIcbRQN04R4dMW35IixubBsqaBjzusyv/o7kVJ8evqYllR tx/qQAfIUnZo53vQchgj62e/GyV5/3XlUnu5B08M/E6LjNW9m1OKUZn5SPNrEGH/t/2E iJeRTSMhMIrrihRCujUrgly3WOSIamEfbtTkSag6e9QoWY6VyH3iAAk1ipItoqekFGaf K1ag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=kLO+1RVBPzfq69ohl1dd4R6zmwVoF+TZpJ7jLdc5g/I=; b=SNc6XJoCofxUbVQdzCJVbesTG85MZ3NBY7GpdgaspbzTrbMakoLaEiyofSIcVs+Bzt t5wWmEOVLN0DBwNWLSFIPAHkAUnOT0dz94yjZUE6uERhg8MrYim3k4biSblMZPjkswZi 8qJ7DDgf+wpyUI4cofRli7vDR0A3cI+pFDlJgidDtd2JPjFG/gMHUjNMcUKAv1oueGdt Ie/AUYcY6I2kjm3I8u4bKWR/QhgsDJxwlAxKdG8GgWdwjSQOKgQ3zo6Ihj4/GpKCvZtu jsxQ0WGRte3RHtrj3F3W+hXcn8IqVNBmbLpGo11BeL89W1Cpr7+iBL0kyrBoXDCgkZJp Ru9Q== X-Gm-Message-State: APjAAAUV+3UnN3wNylUFcBhFoSmCC07SKRHz87ZoXVBV5o3HoM8eWNdU iWiFh8eSAp9u7s8jtJ0yxVqL/mE+wN4= X-Google-Smtp-Source: APXvYqyDmtuNRl6FkRHNJTo86CWx6OQD4rX+2iSJMa0xEPW2ZdekTYvXHmR/Wzvyxj5ESsX1fUiy4g== X-Received: by 2002:ac8:4641:: with SMTP id f1mr18658218qto.37.1570231192766; Fri, 04 Oct 2019 16:19:52 -0700 (PDT) Received: from jkicinski-Precision-T1700.netronome.com ([66.60.152.14]) by smtp.gmail.com with ESMTPSA id z46sm4653398qth.62.2019.10.04.16.19.51 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 Oct 2019 16:19:52 -0700 (PDT) From: Jakub Kicinski To: davem@davemloft.net Cc: netdev@vger.kernel.org, davejwatson@fb.com, borisp@mellanox.com, aviadye@mellanox.com, john.fastabend@gmail.com, daniel@iogearbox.net, Jakub Kicinski Subject: [PATCH net-next 6/6] net/tls: add TlsDeviceRxResync statistic Date: Fri, 4 Oct 2019 16:19:27 -0700 Message-Id: <20191004231927.21134-7-jakub.kicinski@netronome.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191004231927.21134-1-jakub.kicinski@netronome.com> References: <20191004231927.21134-1-jakub.kicinski@netronome.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add a statistic for number of RX resyncs sent down to the NIC. Signed-off-by: Jakub Kicinski --- Documentation/networking/tls.rst | 3 +++ include/uapi/linux/snmp.h | 1 + net/tls/tls_device.c | 1 + net/tls/tls_proc.c | 1 + 4 files changed, 6 insertions(+) diff --git a/Documentation/networking/tls.rst b/Documentation/networking/tls.rst index ab82362dd819..8cb2cd4e2a80 100644 --- a/Documentation/networking/tls.rst +++ b/Documentation/networking/tls.rst @@ -236,3 +236,6 @@ TLS implementation exposes the following per-namespace statistics - ``TlsDecryptError`` - record decryption failed (e.g. due to incorrect authentication tag) + +- ``TlsDeviceRxResync`` - + number of RX resyncs sent to NICs handling cryptography diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h index c9e4963e26f0..7eee233e78d2 100644 --- a/include/uapi/linux/snmp.h +++ b/include/uapi/linux/snmp.h @@ -336,6 +336,7 @@ enum LINUX_MIB_TLSTXDEVICE, /* TlsTxDevice */ LINUX_MIB_TLSRXDEVICE, /* TlsRxDevice */ LINUX_MIB_TLSDECRYPTERROR, /* TlsDecryptError */ + LINUX_MIB_TLSRXDEVICERESYNC, /* TlsRxDeviceResync */ __LINUX_MIB_TLSMAX }; diff --git a/net/tls/tls_device.c b/net/tls/tls_device.c index 5a9a86bf0ee1..f306e4c7bf15 100644 --- a/net/tls/tls_device.c +++ b/net/tls/tls_device.c @@ -661,6 +661,7 @@ static void tls_device_resync_rx(struct tls_context *tls_ctx, netdev->tlsdev_ops->tls_dev_resync(netdev, sk, seq, rcd_sn, TLS_OFFLOAD_CTX_DIR_RX); clear_bit_unlock(TLS_RX_SYNC_RUNNING, &tls_ctx->flags); + TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXDEVICERESYNC); } void tls_device_rx_resync_new_rec(struct sock *sk, u32 rcd_len, u32 seq) diff --git a/net/tls/tls_proc.c b/net/tls/tls_proc.c index 2bea7ef4823c..83d9c80a684e 100644 --- a/net/tls/tls_proc.c +++ b/net/tls/tls_proc.c @@ -16,6 +16,7 @@ static const struct snmp_mib tls_mib_list[] = { SNMP_MIB_ITEM("TlsTxDevice", LINUX_MIB_TLSTXDEVICE), SNMP_MIB_ITEM("TlsRxDevice", LINUX_MIB_TLSRXDEVICE), SNMP_MIB_ITEM("TlsDecryptError", LINUX_MIB_TLSDECRYPTERROR), + SNMP_MIB_ITEM("TlsRxDeviceResync", LINUX_MIB_TLSRXDEVICERESYNC), SNMP_MIB_SENTINEL };