git: dc12ee39b7f2 - main - if_ovpn: add sysctls for netisr_queue() and crypto_dispatch_async()
Date: Mon, 24 Oct 2022 08:08:56 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=dc12ee39b7f266f7d4975722b7454d18536fcf11 commit dc12ee39b7f266f7d4975722b7454d18536fcf11 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2022-10-17 09:06:34 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2022-10-24 08:08:35 +0000 if_ovpn: add sysctls for netisr_queue() and crypto_dispatch_async() Allow the choice between asynchronous and synchronous netisr and crypto calls. These have performance implications, but depend on the specific setup and OCF back-end. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D37017 --- sys/net/if_ovpn.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c index 14634cfc969b..76274fc87159 100644 --- a/sys/net/if_ovpn.c +++ b/sys/net/if_ovpn.c @@ -235,6 +235,18 @@ VNET_DEFINE_STATIC(int, replay_protection) = 0; SYSCTL_INT(_net_link_openvpn, OID_AUTO, replay_protection, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(replay_protection), 0, "Validate sequence numbers"); +VNET_DEFINE_STATIC(int, async_crypto); +#define V_async_crypto VNET(async_crypto) +SYSCTL_INT(_net_link_openvpn, OID_AUTO, async_crypto, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(async_crypto), 0, + "Use asynchronous mode to parallelize crypto jobs."); + +VNET_DEFINE_STATIC(int, netisr_queue); +#define V_netisr_queue VNET(netisr_queue) +SYSCTL_INT(_net_link_openvpn, OID_AUTO, netisr_queue, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(netisr_queue), 0, + "Use netisr_queue() rather than netisr_dispatch()."); + static struct ovpn_kpeer * ovpn_find_peer(struct ovpn_softc *sc, uint32_t peerid) { @@ -1503,7 +1515,10 @@ ovpn_finish_rx(struct ovpn_softc *sc, struct mbuf *m, af = ovpn_get_af(m); if (af != 0) { BPF_MTAP2(sc->ifp, &af, sizeof(af), m); - netisr_dispatch(af == AF_INET ? NETISR_IP : NETISR_IPV6, m); + if (V_netisr_queue) + netisr_queue(af == AF_INET ? NETISR_IP : NETISR_IPV6, m); + else + netisr_dispatch(af == AF_INET ? NETISR_IP : NETISR_IPV6, m); } else { OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1); m_freem(m); @@ -1869,7 +1884,10 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m, atomic_add_int(&peer->refcount, 1); if (_ovpn_lock_trackerp != NULL) OVPN_RUNLOCK(sc); - ret = crypto_dispatch(crp); + if (V_async_crypto) + ret = crypto_dispatch_async(crp, CRYPTO_ASYNC_ORDERED); + else + ret = crypto_dispatch(crp); if (ret) { OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1); } @@ -2266,7 +2284,10 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp, atomic_add_int(&sc->refcount, 1); OVPN_RUNLOCK(sc); - ret = crypto_dispatch(crp); + if (V_async_crypto) + ret = crypto_dispatch_async(crp, CRYPTO_ASYNC_ORDERED); + else + ret = crypto_dispatch(crp); if (ret != 0) { OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1); }