mbox series

[net-next,0/5] tls: rx: nopad and backlog flushing

Message ID 20220705235926.1035407-1-kuba@kernel.org
Headers show
Series tls: rx: nopad and backlog flushing | expand

Message

Jakub Kicinski July 5, 2022, 11:59 p.m. UTC 
This small series contains the two changes I've been working
towards in the previous ~50 patches a couple of months ago.

The first major change is the optional "nopad" optimization.
Currently TLS 1.3 Rx performs quite poorly because it does
not support the "zero-copy" or rather direct decrypt to a user
space buffer. Because of TLS 1.3 record padding we don't
know if a record contains data or a control message until
we decrypt it. Most records will contain data, tho, so the
optimization is to try the decryption hoping its data and
retry if it wasn't.

The performance gain from doing that is significant (~40%)
but if I'm completely honest the major reason is that we
call skb_cow_data() on the non-"zc" path. The next series
will remove the CoW, dropping the gain to only ~10%.

The second change is to flush the backlog every 128kB.

Jakub Kicinski (5):
  tls: rx: don't include tail size in data_len
  tls: rx: support optimistic decrypt to user buffer with TLS 1.3
  tls: rx: add sockopt for enabling optimistic decrypt with TLS 1.3
  selftests: tls: add selftest variant for pad
  tls: rx: periodically flush socket backlog

 Documentation/networking/tls.rst  | 18 +++++++
 include/linux/sockptr.h           |  8 +++
 include/net/tls.h                 |  3 ++
 include/uapi/linux/snmp.h         |  1 +
 include/uapi/linux/tls.h          |  2 +
 net/core/sock.c                   |  1 +
 net/tls/tls_main.c                | 75 +++++++++++++++++++++++++++
 net/tls/tls_proc.c                |  1 +
 net/tls/tls_sw.c                  | 84 ++++++++++++++++++++++++-------
 tools/testing/selftests/net/tls.c | 15 ++++++
 10 files changed, 191 insertions(+), 17 deletions(-)

Comments

patchwork-bot+netdevbpf@kernel.org July 6, 2022, 12:10 p.m. UTC | #1 
Hello:

This series was applied to netdev/net-next.git (master)
by David S. Miller <davem@davemloft.net>:

On Tue,  5 Jul 2022 16:59:21 -0700 you wrote:
> This small series contains the two changes I've been working
> towards in the previous ~50 patches a couple of months ago.
> 
> The first major change is the optional "nopad" optimization.
> Currently TLS 1.3 Rx performs quite poorly because it does
> not support the "zero-copy" or rather direct decrypt to a user
> space buffer. Because of TLS 1.3 record padding we don't
> know if a record contains data or a control message until
> we decrypt it. Most records will contain data, tho, so the
> optimization is to try the decryption hoping its data and
> retry if it wasn't.
> 
> [...]

Here is the summary with links:
  - [net-next,1/5] tls: rx: don't include tail size in data_len
    https://git.kernel.org/netdev/net-next/c/603380f54f83
  - [net-next,2/5] tls: rx: support optimistic decrypt to user buffer with TLS 1.3
    https://git.kernel.org/netdev/net-next/c/ce61327ce989
  - [net-next,3/5] tls: rx: add sockopt for enabling optimistic decrypt with TLS 1.3
    https://git.kernel.org/netdev/net-next/c/88527790c079
  - [net-next,4/5] selftests: tls: add selftest variant for pad
    https://git.kernel.org/netdev/net-next/c/f36068a20256
  - [net-next,5/5] tls: rx: periodically flush socket backlog
    https://git.kernel.org/netdev/net-next/c/c46b01839f7a

You are awesome, thank you!