[RFC,net-next,0/6] RFC: TLS TX HW offload for Bond

Message ID	20201229114104.7120-1-tariqt@nvidia.com (mailing list archive)
Headers	show Return-Path: <netdev-owner@kernel.org> From: Tariq Toukan <tariqt@nvidia.com> To: "David S. Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org> Cc: Saeed Mahameed <saeedm@nvidia.com>, Boris Pismenny <borisp@nvidia.com>, netdev@vger.kernel.org, Moshe Shemesh <moshe@nvidia.com>, andy@greyhouse.net, vfalico@gmail.com, j.vosburgh@gmail.com, Tariq Toukan <ttoukan.linux@gmail.com>, Tariq Toukan <tariqt@nvidia.com> Subject: [PATCH RFC net-next 0/6] RFC: TLS TX HW offload for Bond Date: Tue, 29 Dec 2020 13:40:58 +0200 Message-Id: <20201229114104.7120-1-tariqt@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	RFC: TLS TX HW offload for Bond \| expand [RFC,net-next,0/6] RFC: TLS TX HW offload for Bond [RFC,net-next,1/6] net: netdevice: Add operation ndo_sk_get_slave [RFC,net-next,2/6] net/tls: Device offload to use lowest netdevice in chain [RFC,net-next,3/6] net/tls: Except bond interface from some TLS checks [RFC,net-next,4/6] net/bonding: Take IP hash logic into a helper [RFC,net-next,5/6] net/bonding: Implement ndo_sk_get_slave [RFC,net-next,6/6] net/bonding: Support TLS TX device offload

Message ID

20201229114104.7120-1-tariqt@nvidia.com (mailing list archive)

Headers

From: Tariq Toukan <tariqt@nvidia.com>
To: "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>
Cc: Saeed Mahameed <saeedm@nvidia.com>,
        Boris Pismenny <borisp@nvidia.com>, netdev@vger.kernel.org,
        Moshe Shemesh <moshe@nvidia.com>, andy@greyhouse.net,
        vfalico@gmail.com, j.vosburgh@gmail.com,
        Tariq Toukan <ttoukan.linux@gmail.com>,
        Tariq Toukan <tariqt@nvidia.com>
Subject: [PATCH RFC net-next 0/6] RFC: TLS TX HW offload for Bond
Date: Tue, 29 Dec 2020 13:40:58 +0200
Message-Id: <20201229114104.7120-1-tariqt@nvidia.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

RFC: TLS TX HW offload for Bond | expand

Message

Tariq Toukan Dec. 29, 2020, 11:40 a.m. UTC

Hi,

This is an RFC of the series that opens TLS TX HW offload for bond interfaces.
It allows them to benefit from capable slave devices.

To keep simple track of the HW and SW TLS contexts, we bind each socket to
a specific slave for the socket's whole lifetime. This is logically valid
(and similar to the SW kTLS behavior) in the following bond configuration, 
so we restrict the offload support to it:

((mode == balance-xor) or (mode == 802.3ad))
and xmit_hash_policy == layer3+4.

Opens/points for discussion:
- New ndo_sk_get_slave is introduced, as the existing ndo_get_xmit_slave returns
  a slave based on SKB fields, which in throry could give different results
  along the socket's lifetime.

- In this design, bond driver has no way to specify its own restrictions on
  when the TLS device offload is supported (depending on mode and xmit_policy).
  The best it can do today is return NULL in bond_sk_get_slave().
  This is not optimal, non-TLS cases might also want to call bond_sk_get_slave()
  in the future, and they might have other restrictions (for example, they might
  be okay in working with layer != LAYER34).
  That's another reason why I didn't combine ndo_sk_get_slave/ndo_get_xmit_slave
  into a single operation in this RFC.

- Patch #3 adds two explicit exceptions for bond devices in the TLS module.
  First is because a bond device supports the device offload without having
  a tls_dev_ops structure of it's own.
  Second, the TLS context is totally unaware of the bond netdev, but SKBs 
  still go through its xmit/validate functions.
  This is not very clean. What do you think?

- This bond design and implementation for the TLS device offload differs from the
  xfrm/ipsec offload. Bond does have struct xfrmdev_ops and callbacks of its own,
  communication is done via the bond and not directly to the lowest device.

Regards,
Tariq


Tariq Toukan (6):
  net: netdevice: Add operation ndo_sk_get_slave
  net/tls: Device offload to use lowest netdevice in chain
  net/tls: Except bond interface from some TLS checks
  net/bonding: Take IP hash logic into a helper
  net/bonding: Implement ndo_sk_get_slave
  net/bonding: Support TLS TX device offload

 drivers/net/bonding/bond_main.c    | 134 +++++++++++++++++++++++++++--
 drivers/net/bonding/bond_options.c |  27 ++++--
 include/linux/netdevice.h          |   4 +
 include/net/bonding.h              |   2 +
 net/core/dev.c                     |  32 +++++++
 net/tls/tls_device.c               |   4 +-
 net/tls/tls_device_fallback.c      |   3 +-
 7 files changed, 194 insertions(+), 12 deletions(-)