Skip to content

Commit 89df6a8

Browse files
Tariq Toukankuba-moo
authored andcommitted
net/bonding: Implement TLS TX device offload
Implement TLS TX device offload for bonding interfaces. This allows kTLS sockets running on a bond to benefit from the device offload on capable lower devices. To allow a simple and fast maintenance of the TLS context in SW and lower devices, we bind the TLS socket to a specific lower dev. To achieve a behavior similar to SW kTLS, we support only balance-xor and 802.3ad modes, with xmit_hash_policy=layer3+4. This is enforced in bond_sk_check(), done in a previous patch. For the above configuration, the SW implementation keeps picking the same exact lower dev for all the socket's SKBs. The device offload behaves similarly, making the decision once at the connection creation. Per socket, the TLS module should work directly with the lowest netdev in chain, to call the tls_dev_ops operations. As the bond interface is being bypassed by the TLS module, interacting directly against the lower devs, there is no way for the bond interface to disable its device offload capabilities, as long as the mode/policy config allows it. Hence, the feature flag is not directly controllable, but just reflects the current offload status based on the logic under bond_sk_check(). Signed-off-by: Tariq Toukan <[email protected]> Reviewed-by: Boris Pismenny <[email protected]> Signed-off-by: Jakub Kicinski <[email protected]>
1 parent f45583d commit 89df6a8

File tree

3 files changed

+56
-2
lines changed

3 files changed

+56
-2
lines changed

drivers/net/bonding/bond_main.c

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,9 @@
8383
#include <net/bonding.h>
8484
#include <net/bond_3ad.h>
8585
#include <net/bond_alb.h>
86+
#if IS_ENABLED(CONFIG_TLS_DEVICE)
87+
#include <net/tls.h>
88+
#endif
8689

8790
#include "bonding_priv.h"
8891

@@ -1225,6 +1228,13 @@ static netdev_features_t bond_fix_features(struct net_device *dev,
12251228
netdev_features_t mask;
12261229
struct slave *slave;
12271230

1231+
#if IS_ENABLED(CONFIG_TLS_DEVICE)
1232+
if (bond_sk_check(bond))
1233+
features |= BOND_TLS_FEATURES;
1234+
else
1235+
features &= ~BOND_TLS_FEATURES;
1236+
#endif
1237+
12281238
mask = features;
12291239

12301240
features &= ~NETIF_F_ONE_FOR_ALL;
@@ -4647,6 +4657,16 @@ static struct net_device *bond_sk_get_lower_dev(struct net_device *dev,
46474657
return lower;
46484658
}
46494659

4660+
#if IS_ENABLED(CONFIG_TLS_DEVICE)
4661+
static netdev_tx_t bond_tls_device_xmit(struct bonding *bond, struct sk_buff *skb,
4662+
struct net_device *dev)
4663+
{
4664+
if (likely(bond_get_slave_by_dev(bond, tls_get_ctx(skb->sk)->netdev)))
4665+
return bond_dev_queue_xmit(bond, skb, tls_get_ctx(skb->sk)->netdev);
4666+
return bond_tx_drop(dev, skb);
4667+
}
4668+
#endif
4669+
46504670
static netdev_tx_t __bond_start_xmit(struct sk_buff *skb, struct net_device *dev)
46514671
{
46524672
struct bonding *bond = netdev_priv(dev);
@@ -4655,6 +4675,11 @@ static netdev_tx_t __bond_start_xmit(struct sk_buff *skb, struct net_device *dev
46554675
!bond_slave_override(bond, skb))
46564676
return NETDEV_TX_OK;
46574677

4678+
#if IS_ENABLED(CONFIG_TLS_DEVICE)
4679+
if (skb->sk && tls_is_sk_tx_device_offloaded(skb->sk))
4680+
return bond_tls_device_xmit(bond, skb, dev);
4681+
#endif
4682+
46584683
switch (BOND_MODE(bond)) {
46594684
case BOND_MODE_ROUNDROBIN:
46604685
return bond_xmit_roundrobin(skb, dev);
@@ -4855,6 +4880,10 @@ void bond_setup(struct net_device *bond_dev)
48554880
if (BOND_MODE(bond) == BOND_MODE_ACTIVEBACKUP)
48564881
bond_dev->features |= BOND_XFRM_FEATURES;
48574882
#endif /* CONFIG_XFRM_OFFLOAD */
4883+
#if IS_ENABLED(CONFIG_TLS_DEVICE)
4884+
if (bond_sk_check(bond))
4885+
bond_dev->features |= BOND_TLS_FEATURES;
4886+
#endif
48584887
}
48594888

48604889
/* Destroy a bonding device.

drivers/net/bonding/bond_options.c

Lines changed: 25 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -758,6 +758,19 @@ static bool bond_set_xfrm_features(struct bonding *bond)
758758
return true;
759759
}
760760

761+
static bool bond_set_tls_features(struct bonding *bond)
762+
{
763+
if (!IS_ENABLED(CONFIG_TLS_DEVICE))
764+
return false;
765+
766+
if (bond_sk_check(bond))
767+
bond->dev->wanted_features |= BOND_TLS_FEATURES;
768+
else
769+
bond->dev->wanted_features &= ~BOND_TLS_FEATURES;
770+
771+
return true;
772+
}
773+
761774
static int bond_option_mode_set(struct bonding *bond,
762775
const struct bond_opt_value *newval)
763776
{
@@ -784,9 +797,15 @@ static int bond_option_mode_set(struct bonding *bond,
784797
bond->params.arp_validate = BOND_ARP_VALIDATE_NONE;
785798
bond->params.mode = newval->value;
786799

787-
if (bond->dev->reg_state == NETREG_REGISTERED)
788-
if (bond_set_xfrm_features(bond))
800+
if (bond->dev->reg_state == NETREG_REGISTERED) {
801+
bool update = false;
802+
803+
update |= bond_set_xfrm_features(bond);
804+
update |= bond_set_tls_features(bond);
805+
806+
if (update)
789807
netdev_update_features(bond->dev);
808+
}
790809

791810
return 0;
792811
}
@@ -1220,6 +1239,10 @@ static int bond_option_xmit_hash_policy_set(struct bonding *bond,
12201239
newval->string, newval->value);
12211240
bond->params.xmit_policy = newval->value;
12221241

1242+
if (bond->dev->reg_state == NETREG_REGISTERED)
1243+
if (bond_set_tls_features(bond))
1244+
netdev_update_features(bond->dev);
1245+
12231246
return 0;
12241247
}
12251248

include/net/bonding.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,8 @@
8989
#define BOND_XFRM_FEATURES (NETIF_F_HW_ESP | NETIF_F_HW_ESP_TX_CSUM | \
9090
NETIF_F_GSO_ESP)
9191

92+
#define BOND_TLS_FEATURES (NETIF_F_HW_TLS_TX)
93+
9294
#ifdef CONFIG_NET_POLL_CONTROLLER
9395
extern atomic_t netpoll_block_tx;
9496

0 commit comments

Comments
 (0)