Page MenuHomeFreeBSD

Add support for KTLS via the TOE on Chelsio's T6 adapters.

Authored by jhb on Thu, Oct 3, 9:19 PM.



Add a TOE KTLS mode and a TOE hook for allocationg TLS sessions.

This adds the glue to allocate TLS sessions and invokes it from
the TLS enable socket option handler. This also adds some counters
for active TOE sessions.

The TOE KTLS mode is returned by getsockopt(TLSTX_TLS_MODE) when
TOE KTLS is in use on a socket, but cannot be set via setsockopt().

Add support for KTLS in the Chelsio TOE module.

This adds a TOE hook to allocate a KTLS session. It also recognizes
TLS mbufs in the socket buffer and sends those to the NIC using a TLS
work request to encrypt the record before segmenting it.

Test Plan
  • tested with nginx and KTLS, able to send at about the same rate (70 Gbps) as NIC TLS on T6, though all the tests performed with TOE KTLS have been client-limited.

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb created this revision.Thu, Oct 3, 9:19 PM
gallatin added inline comments.Thu, Oct 3, 11:15 PM
1686 ↗(On Diff #62886)

Is all this trickery to reduce sgl lengths really worth it for what's going to be 4K chunks? That's the largest PCIe max read request size anyway, so the device is going to have to split the segments that you've combined regardless. All we're doing here is maybe compressing the SGL,s but it just doesn't seem worth the effort to me.

I think the tradeoff is different here than in what might be a series of 128b mbufs written on a socket, for example.

706 ↗(On Diff #62886)

Shouldn't this be ktls_toe_{cbc,gcm} ?

jhb marked an inline comment as done.Fri, Oct 4, 7:05 PM
jhb added inline comments.
1686 ↗(On Diff #62886)

Hmm. Ironically pretty much all the bugs I had were in this function, though they weren't due to dealing with coalescing (and at this point they are all resolved). The other interesting thing is that the main driver also tries to coalesce ext_pgs mbufs as well as the NIC TLS code, and arguably it would simplify all of those to not bother with coalescing. I'll talk to np@ to see what the tradeoff is for coalescing SGL entries and what effect that might have (e.g. it might also use less resources on the NIC itself for all I know to store the more compact SGL which might matter when you have a lot of active connections)

706 ↗(On Diff #62886)

Yes, I fixed this yesterday when i noticed the counters were wrong and need to update the diff.

np added inline comments.Fri, Oct 4, 7:12 PM
1686 ↗(On Diff #62886)

Compressing SGLs so that they use fewer tx descriptors is definitely worth it for any TOE txq (ulp mode crypto or not). The the per-tid toep->tx_credits are in high demand during tx and it makes sense to pack as much as possible into as few len16 tx credits for bulk transmit.

jhb updated this revision to Diff 63005.Mon, Oct 7, 8:16 PM
jhb marked an inline comment as done.
  • Increment correct counters.
gallatin accepted this revision.Mon, Oct 7, 8:20 PM
np accepted this revision.Tue, Oct 8, 1:22 AM
jhb added inline comments.Tue, Oct 8, 9:31 PM
1032 ↗(On Diff #63005)

Should be 'tls_new->mode'. Will fix.

This revision was not accepted when it landed; it landed in state Needs Review.Tue, Oct 8, 9:34 PM
This revision was automatically updated to reflect the committed changes.