From nobody Fri Jul 12 11:25:07 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WL8QW64Lxz5QBgp; Fri, 12 Jul 2024 11:25:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WL8QW3zBwz4j8W; Fri, 12 Jul 2024 11:25:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720783507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0cTTO7jIwy0xfPTbHa+ZcBLZgIZYm9B7ODdwdivK41s=; b=lyB5OM7rZymGRLARXi+jvrjImx7i9x88/7jEWzEfklf3WuSXWAvW+2UEdy7C8cKUYl8GVi U/vLc/IhqUh7GUaepXGVCBcqWtOjZoF2Xybq4F2uE+bXgNS+F02s/xVad63PWZ5Dxlg5JA VTZ3XhSNAOjShIzKyE83wzHOCwbCUf7AgtqkIionLGVKFcb3hp9mxxu9xdRzQ8LZSZUvqg dCqtlyuwnYVj1UyIRSRMIVbvQxACLTGKchwcfUjMcp4no5ruf/1bJSpx1ljPq6W7dOmypO t+aY20wH0VbzC59KU2qlQXsaxfRvZybdG1SYM6ttpZK3sro3tCsJArttOPuIHw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1720783507; a=rsa-sha256; cv=none; b=Uk5HKXo2O1ORUiAQ1HZlDykBQF0ygKTJFhDwTeH/cHVBa5kiM9TBZYdum/6WSkicXV07Gu hQrfAdl2fOuw5pY+ihpCAJR2jF1UrK0GHIJT/IuLYe4Bnq2lBaJREPcKvxWcG4GL8r8E8r V+GDdRauXH7Ly+tl4Wnz6HpMZgmVCr5B4mrbHMsV505fFbvTEGwp3MNNEAj8mI666vIPlt peh/QOSHtHBg3klLi9Iacqj4FjMGsSLdbx95pHtRDscbC28micF3+2s1X9v2SnHTTDo7Tc gjRsYrRBnaxTSZyTdv3iEqXxRYEwMEGsY0kDLy+BDA5BITOkgQWxIfen7OrPgA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720783507; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0cTTO7jIwy0xfPTbHa+ZcBLZgIZYm9B7ODdwdivK41s=; b=YKLCleQoOJwFFA8A7NE8N6MhojGdMIxqjLoD0n2qrZ5oQf4uo0fhPAlp0iOtMdWe/sffDz vDnbSIe/N6kmM19CIsKFmIDJFs1DBsFQDLMo2wbDHYyZEBxBnYragVRISFXbYpFZb31lb7 0rvNz1qvO7T2X6K4cuaesVtj+OeWSSfymgKQFC/sHD8hHdY6fP4W07dUypm9fL1RQLqcwJ lPSyUPG+hRt3mV9U2uB/w6JsOhn91RFdbMFsCMfxicJelNwgRtphnWgErkF5uY90xZsZcm Rd88N/aZNQiaTc4Zw2aSaTJXcA8XTSE3Vobmy7PEE/tHA1S8Jttglp88JyS0DQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WL8QW3ZjVzh7x; Fri, 12 Jul 2024 11:25:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46CBP7rJ093087; Fri, 12 Jul 2024 11:25:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46CBP7nx093084; Fri, 12 Jul 2024 11:25:07 GMT (envelope-from git) Date: Fri, 12 Jul 2024 11:25:07 GMT Message-Id: <202407121125.46CBP7nx093084@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: b6919741b747 - main - ipsec_offload: handle TSO if supported List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b6919741b7479fab6886ae76ec151f4103bcf350 Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=b6919741b7479fab6886ae76ec151f4103bcf350 commit b6919741b7479fab6886ae76ec151f4103bcf350 Author: Konstantin Belousov AuthorDate: 2023-11-14 01:45:49 +0000 Commit: Konstantin Belousov CommitDate: 2024-07-12 03:29:32 +0000 ipsec_offload: handle TSO if supported Allow for TSO to operate if network interface supports ipsec inline offload and supports TSO over it. Reviewed by: tuexen Sponsored by: NVIDIA networking Differential revision: https://reviews.freebsd.org/D44222 --- sys/netinet/tcp_input.c | 2 ++ sys/netinet/tcp_output.c | 20 +++++++++----------- sys/netinet/tcp_subr.c | 4 ++++ sys/netinet/tcp_var.h | 2 ++ 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 7faa815fc1ac..833a1e501780 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -3979,6 +3979,8 @@ tcp_mss(struct tcpcb *tp, int offer) tp->t_tsomax = cap.tsomax; tp->t_tsomaxsegcount = cap.tsomaxsegcount; tp->t_tsomaxsegsize = cap.tsomaxsegsize; + if (cap.ipsec_tso) + tp->t_flags2 |= TF2_IPSEC_TSO; } } diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c index c318e8517c2e..080dabf3232f 100644 --- a/sys/netinet/tcp_output.c +++ b/sys/netinet/tcp_output.c @@ -201,9 +201,7 @@ tcp_default_output(struct tcpcb *tp) struct tcphdr *th; u_char opt[TCP_MAXOLEN]; unsigned ipoptlen, optlen, hdrlen, ulen; -#if defined(IPSEC) || defined(IPSEC_SUPPORT) unsigned ipsec_optlen = 0; -#endif int idle, sendalot, curticks; int sack_rxmit, sack_bytes_rxmt; struct sackhole *p; @@ -553,15 +551,15 @@ after_sack_rexmit: offsetof(struct ipoption, ipopt_list); else ipoptlen = 0; -#if defined(IPSEC) || defined(IPSEC_SUPPORT) ipoptlen += ipsec_optlen; -#endif if ((tp->t_flags & TF_TSO) && V_tcp_do_tso && len > tp->t_maxseg && (tp->t_port == 0) && ((tp->t_flags & TF_SIGNATURE) == 0) && tp->rcv_numsacks == 0 && ((sack_rxmit == 0) || V_tcp_sack_tso) && - ipoptlen == 0 && !(flags & TH_SYN)) + (ipoptlen == 0 || (ipoptlen == ipsec_optlen && + (tp->t_flags2 & TF2_IPSEC_TSO) != 0)) && + !(flags & TH_SYN)) tso = 1; if (SEQ_LT((sack_rxmit ? p->rxmit : tp->snd_nxt) + len, @@ -917,7 +915,7 @@ send: * overflowing or exceeding the maximum length * allowed by the network interface: */ - KASSERT(ipoptlen == 0, + KASSERT(ipoptlen == ipsec_optlen, ("%s: TSO can't do IP options", __func__)); /* @@ -926,8 +924,8 @@ send: */ if (if_hw_tsomax != 0) { /* compute maximum TSO length */ - max_len = (if_hw_tsomax - hdrlen - - max_linkhdr); + max_len = if_hw_tsomax - hdrlen - + ipsec_optlen - max_linkhdr; if (max_len <= 0) { len = 0; } else if (len > max_len) { @@ -941,7 +939,7 @@ send: * fractional unless the send sockbuf can be * emptied: */ - max_len = (tp->t_maxseg - optlen); + max_len = tp->t_maxseg - optlen - ipsec_optlen; if (((uint32_t)off + (uint32_t)len) < sbavail(&so->so_snd)) { moff = len % max_len; @@ -1393,10 +1391,10 @@ send: * The TCP pseudo header checksum is always provided. */ if (tso) { - KASSERT(len > tp->t_maxseg - optlen, + KASSERT(len > tp->t_maxseg - optlen - ipsec_optlen, ("%s: len <= tso_segsz", __func__)); m->m_pkthdr.csum_flags |= CSUM_TSO; - m->m_pkthdr.tso_segsz = tp->t_maxseg - optlen; + m->m_pkthdr.tso_segsz = tp->t_maxseg - optlen - ipsec_optlen; } KASSERT(len + hdrlen == m_length(m, NULL), diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c index 3d860d0cf6f9..b4f605534d59 100644 --- a/sys/netinet/tcp_subr.c +++ b/sys/netinet/tcp_subr.c @@ -3349,6 +3349,9 @@ tcp_maxmtu(struct in_conninfo *inc, struct tcp_ifcap *cap) cap->tsomax = ifp->if_hw_tsomax; cap->tsomaxsegcount = ifp->if_hw_tsomaxsegcount; cap->tsomaxsegsize = ifp->if_hw_tsomaxsegsize; + /* XXXKIB IFCAP2_IPSEC_OFFLOAD_TSO */ + cap->ipsec_tso = (ifp->if_capenable2 & + IFCAP2_BIT(IFCAP2_IPSEC_OFFLOAD)) != 0; } } } @@ -3388,6 +3391,7 @@ tcp_maxmtu6(struct in_conninfo *inc, struct tcp_ifcap *cap) cap->tsomax = ifp->if_hw_tsomax; cap->tsomaxsegcount = ifp->if_hw_tsomaxsegcount; cap->tsomaxsegsize = ifp->if_hw_tsomaxsegsize; + cap->ipsec_tso = false; /* XXXKIB */ } } } diff --git a/sys/netinet/tcp_var.h b/sys/netinet/tcp_var.h index e81ebf301c8e..8330966c2c3f 100644 --- a/sys/netinet/tcp_var.h +++ b/sys/netinet/tcp_var.h @@ -844,6 +844,7 @@ tcp_packets_this_ack(struct tcpcb *tp, tcp_seq ack) #define TF2_DONT_SACK_QUEUE 0x00040000 /* Don't wake on sack */ #define TF2_CANNOT_DO_ECN 0x00080000 /* The stack does not do ECN */ #define TF2_PROC_SACK_PROHIBIT 0x00100000 /* Due to small MSS size do not process sack's */ +#define TF2_IPSEC_TSO 0x00200000 /* IPSEC + TSO supported */ /* * Structure to hold TCP options that are only used during segment @@ -1430,6 +1431,7 @@ struct tcp_ifcap { u_int tsomax; u_int tsomaxsegcount; u_int tsomaxsegsize; + bool ipsec_tso; }; uint32_t tcp_maxmtu(struct in_conninfo *, struct tcp_ifcap *); uint32_t tcp_maxmtu6(struct in_conninfo *, struct tcp_ifcap *);