Received: by 2002:ac0:e350:0:0:0:0:0 with SMTP id g16csp423460imn; Wed, 3 Aug 2022 09:33:17 -0700 (PDT) X-Google-Smtp-Source: AA6agR7u3xLKIucMRhB1kC9egKtF8F+plesV2FS8/7CbNayv4XvbLHkU41lGiH4rfV/MB1ltTgGH X-Received: by 2002:a17:907:2bd6:b0:730:a2f7:f885 with SMTP id gv22-20020a1709072bd600b00730a2f7f885mr6184765ejc.214.1659544397184; Wed, 03 Aug 2022 09:33:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1659544397; cv=none; d=google.com; s=arc-20160816; b=kk9nrmatcg8leErTOS19xEGK5SCCH3ou5DP8YQ7YJ74o+f0xX3daLUYRgOQIV5xxKV 1500XVeVtI7i96s08mRLSCtS5gqlbT5rgyYAn1g8tu5Dj5hd/AwizJJpeuM8+LKsDHCC 5c0G0mRKzrQJHx/zHUUO1Uq6TWL2RFhcLGgRKI/C9ND5ePQ2tF4QOj0sLsR8oUwaTzSA kM/qQfyVPnR214WpSLoiFPGVgZLQpLeRsR5WAt4NHCTH/RzQC/aKoySA6J+3wFXW4L7C +eqxVNM/nIWgXqqmGTWpg2clvuYDLu+LDjdEv3pLgAuQ3e6ONw8FIcUUoretNPhwTk3D 7npw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent :content-transfer-encoding:references:in-reply-to:date:cc:to:from :subject:message-id; bh=oFdI4opJS7IMw/4N5/eTxlWM+q1XI6xQMUMJ5rqcxHQ=; b=ZNND1VZpQ9DdlzzfDkDWXyblp5aKlZ6XX7ZxRQoXEiTemUagnuGx5dm/Ix4+mGKe0u F66Dpl6uhN33rmEAWkX3BxFf7et0lsf4xO1oRsGa2b5XMjqV3d47uFU9J52Dv1F/32Wb YT/7efPCHB+sYB/xbJMNRmfSUklh2EqYSmquUHLr2nTh4uUr5Hxqr7FjC0Ehqyqux2KQ jzvUrEOQvFdSxiabA/gdPhPYNCF/He6KsGu2jf3kbvVw+bgds2ToTRGhoxVoGsPfDCsO H8rdWl4pl5rpr/JZDF+ArLNBUSY5JQoCxtCjELpfFqPJqV29TsP9sgKz3KtkjE5lSlBa t89w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g15-20020a50d5cf000000b0043d68d2cf50si10475031edj.77.2022.08.03.09.32.52; Wed, 03 Aug 2022 09:33:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237881AbiHCQEN convert rfc822-to-8bit (ORCPT + 99 others); Wed, 3 Aug 2022 12:04:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36372 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233632AbiHCQEM (ORCPT ); Wed, 3 Aug 2022 12:04:12 -0400 Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DCB3C13D59; Wed, 3 Aug 2022 09:04:10 -0700 (PDT) Received: from omf04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 9A685415AB; Wed, 3 Aug 2022 16:04:09 +0000 (UTC) Received: from [HIDDEN] (Authenticated sender: joe@perches.com) by omf04.hostedemail.com (Postfix) with ESMTPA id 85DAF20027; Wed, 3 Aug 2022 16:04:07 +0000 (UTC) Message-ID: <04c967669e4ed8845323f1487fff86949f07a81d.camel@perches.com> Subject: Re: [RFC 1/1] net: introduce OpenVPN Data Channel Offload (ovpn-dco) From: Joe Perches To: Antonio Quartulli , netdev@vger.kernel.org Cc: David Miller , Jakub Kicinski , linux-kernel@vger.kernel.org Date: Wed, 03 Aug 2022 09:04:06 -0700 In-Reply-To: <20220719014704.21346-2-antonio@openvpn.net> References: <20220719014704.21346-1-antonio@openvpn.net> <20220719014704.21346-2-antonio@openvpn.net> Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8BIT User-Agent: Evolution 3.44.1-0ubuntu1 MIME-Version: 1.0 X-Rspamd-Server: rspamout01 X-Rspamd-Queue-Id: 85DAF20027 X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS, SPF_NONE,UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6 X-Stat-Signature: ztcdnm9ndary5wdcrw8jjpb7yjr6ewt6 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Session-ID: U2FsdGVkX1+NxlwGsrjEsOp3yX577wwnzhNPxY7WYmg= X-HE-Tag: 1659542647-117471 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2022-07-19 at 03:47 +0200, Antonio Quartulli wrote: > OpenVPN is a userspace software existing since around 2005 that allows > users to create secure tunnels. > > So far OpenVPN has implemented all operations in userspace, which > implies several back and forth between kernel and user land in order to > process packets (encapsulate/decapsulate, encrypt/decrypt, rerouting..). > > With ovpn-dco, we intend to move the fast path (data channel) entirely > in kernel space and thus improve user measured throughput over the > tunnel. Logging trivia: > diff --git a/drivers/net/ovpn-dco/crypto.c b/drivers/net/ovpn-dco/crypto.c > new file mode 100644 > index 000000000000..fcc3a351ba9d > --- /dev/null > +++ b/drivers/net/ovpn-dco/crypto.c > @@ -0,0 +1,154 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* OpenVPN data channel accelerator > + * > + * Copyright (C) 2020-2022 OpenVPN, Inc. > + * > + * Author: James Yonan > + * Antonio Quartulli > + */ Please add #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt before any #include when a logging message is output [] > +void ovpn_crypto_key_slot_delete(struct ovpn_crypto_state *cs, > + enum ovpn_key_slot slot) > +{ > + struct ovpn_crypto_key_slot *ks = NULL; > + > + mutex_lock(&cs->mutex); > + switch (slot) { > + case OVPN_KEY_SLOT_PRIMARY: > + ks = rcu_replace_pointer(cs->primary, NULL, > + lockdep_is_held(&cs->mutex)); > + break; > + case OVPN_KEY_SLOT_SECONDARY: > + ks = rcu_replace_pointer(cs->secondary, NULL, > + lockdep_is_held(&cs->mutex)); > + break; > + default: > + pr_warn("Invalid slot to release: %u\n", slot); So messages like these are prefixed appropriately. > + break; > + } > + mutex_unlock(&cs->mutex); > + > + if (!ks) { > + pr_debug("Key slot already released: %u\n", slot); > + return; > + } > + pr_debug("deleting key slot %u, key_id=%u\n", slot, ks->key_id); > + > + ovpn_crypto_key_slot_put(ks); > +} > diff --git a/drivers/net/ovpn-dco/crypto_aead.c b/drivers/net/ovpn-dco/crypto_aead.c [] > +/* Initialize a struct crypto_aead object */ > +struct crypto_aead *ovpn_aead_init(const char *title, const char *alg_name, > + const unsigned char *key, unsigned int keylen) > +{ > + struct crypto_aead *aead; > + int ret; > + > + aead = crypto_alloc_aead(alg_name, 0, 0); > + if (IS_ERR(aead)) { > + ret = PTR_ERR(aead); > + pr_err("%s crypto_alloc_aead failed, err=%d\n", title, ret); > + aead = NULL; > + goto error; > + } > + > + ret = crypto_aead_setkey(aead, key, keylen); > + if (ret) { > + pr_err("%s crypto_aead_setkey size=%u failed, err=%d\n", title, > + keylen, ret); > + goto error; > + } > + > + ret = crypto_aead_setauthsize(aead, AUTH_TAG_SIZE); > + if (ret) { > + pr_err("%s crypto_aead_setauthsize failed, err=%d\n", title, > + ret); Could use another #define pr_fmt(fmt) etc...