From: Jakub Kicinski <kuba@kernel•org>
To: davem@davemloft•net
Cc: netdev@vger•kernel.org, edumazet@google•com, pabeni@redhat•com,
borisp@nvidia•com, john.fastabend@gmail•com, maximmi@nvidia•com,
tariqt@nvidia•com, vfedorenko@novek•ru,
Jakub Kicinski <kuba@kernel•org>,
yoshfuji@linux-ipv6•org, dsahern@kernel•org
Subject: [PATCH net-next v3 5/7] tcp: allow tls to decrypt directly from the tcp rcv queue
Date: Fri, 22 Jul 2022 16:50:31 -0700 [thread overview]
Message-ID: <20220722235033.2594446-6-kuba@kernel.org> (raw)
In-Reply-To: <20220722235033.2594446-1-kuba@kernel.org>
Expose TCP rx queue accessor and cleanup, so that TLS can
decrypt directly from the TCP queue. The expectation
is that the caller can access the skb returned from
tcp_recv_skb() and up to inq bytes worth of data (some
of which may be in ->next skbs) and then call
tcp_read_done() when data has been consumed.
The socket lock must be held continuously across
those two operations.
Signed-off-by: Jakub Kicinski <kuba@kernel•org>
---
v3: drop unnecessay tcp_recv_skb() (Paolo)
CC: yoshfuji@linux-ipv6•org
CC: dsahern@kernel•org
---
include/net/tcp.h | 2 ++
net/ipv4/tcp.c | 42 +++++++++++++++++++++++++++++++++++++++++-
2 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/include/net/tcp.h b/include/net/tcp.h
index f9e7c85ea829..b8620be32f8f 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -673,6 +673,8 @@ void tcp_get_info(struct sock *, struct tcp_info *);
int tcp_read_sock(struct sock *sk, read_descriptor_t *desc,
sk_read_actor_t recv_actor);
int tcp_read_skb(struct sock *sk, skb_read_actor_t recv_actor);
+struct sk_buff *tcp_recv_skb(struct sock *sk, u32 seq, u32 *off);
+void tcp_read_done(struct sock *sk, size_t len);
void tcp_initialize_rcv_mss(struct sock *sk);
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index ba2bdc811374..dc7cc3ce6a53 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1635,7 +1635,7 @@ static void tcp_eat_recv_skb(struct sock *sk, struct sk_buff *skb)
__kfree_skb(skb);
}
-static struct sk_buff *tcp_recv_skb(struct sock *sk, u32 seq, u32 *off)
+struct sk_buff *tcp_recv_skb(struct sock *sk, u32 seq, u32 *off)
{
struct sk_buff *skb;
u32 offset;
@@ -1658,6 +1658,7 @@ static struct sk_buff *tcp_recv_skb(struct sock *sk, u32 seq, u32 *off)
}
return NULL;
}
+EXPORT_SYMBOL(tcp_recv_skb);
/*
* This routine provides an alternative to tcp_recvmsg() for routines
@@ -1788,6 +1789,45 @@ int tcp_read_skb(struct sock *sk, skb_read_actor_t recv_actor)
}
EXPORT_SYMBOL(tcp_read_skb);
+void tcp_read_done(struct sock *sk, size_t len)
+{
+ struct tcp_sock *tp = tcp_sk(sk);
+ u32 seq = tp->copied_seq;
+ struct sk_buff *skb;
+ size_t left;
+ u32 offset;
+
+ if (sk->sk_state == TCP_LISTEN)
+ return;
+
+ left = len;
+ while (left && (skb = tcp_recv_skb(sk, seq, &offset)) != NULL) {
+ int used;
+
+ used = min_t(size_t, skb->len - offset, left);
+ seq += used;
+ left -= used;
+
+ if (skb->len > offset + used)
+ break;
+
+ if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN) {
+ tcp_eat_recv_skb(sk, skb);
+ ++seq;
+ break;
+ }
+ tcp_eat_recv_skb(sk, skb);
+ }
+ WRITE_ONCE(tp->copied_seq, seq);
+
+ tcp_rcv_space_adjust(sk);
+
+ /* Clean up data we have read: This will do ACK frames. */
+ if (left != len)
+ tcp_cleanup_rbuf(sk, len - left);
+}
+EXPORT_SYMBOL(tcp_read_done);
+
int tcp_peek_len(struct socket *sock)
{
return tcp_inq(sock->sk);
--
2.37.1
next prev parent reply other threads:[~2022-07-22 23:50 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-22 23:50 [PATCH net-next v3 0/7] tls: rx: decrypt from the TCP queue Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 1/7] tls: rx: wrap recv_pkt accesses in helpers Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 2/7] tls: rx: factor SW handling out of tls_rx_one_record() Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 3/7] tls: rx: don't free the output in case of zero-copy Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 4/7] tls: rx: device: keep the zero copy status with offload Jakub Kicinski
2022-07-22 23:50 ` Jakub Kicinski [this message]
2022-07-22 23:50 ` [PATCH net-next v3 6/7] tls: rx: device: add input CoW helper Jakub Kicinski
2022-07-22 23:50 ` [PATCH net-next v3 7/7] tls: rx: do not use the standard strparser Jakub Kicinski
2022-07-26 9:27 ` Paolo Abeni
2022-07-26 17:01 ` Jakub Kicinski
2022-07-26 17:26 ` Paolo Abeni
2022-08-02 14:54 ` Tariq Toukan
2022-08-02 15:40 ` Jakub Kicinski
2022-08-04 1:24 ` Jakub Kicinski
2022-08-04 6:13 ` Tariq Toukan
2022-08-04 8:05 ` Tariq Toukan
2022-08-04 15:35 ` Jakub Kicinski
2022-08-07 6:01 ` Tariq Toukan
2022-08-04 15:59 ` Jakub Kicinski
2022-08-07 6:01 ` Tariq Toukan
2022-08-08 5:24 ` Tariq Toukan
2022-08-08 18:24 ` Jakub Kicinski
2022-08-09 8:47 ` Tariq Toukan
2023-03-09 15:15 ` Tariq Toukan
2023-03-09 17:54 ` Jakub Kicinski
2023-03-12 17:59 ` Tariq Toukan
2023-03-13 18:22 ` Jakub Kicinski
2023-03-15 20:26 ` Tariq Toukan
2023-03-16 1:41 ` Jakub Kicinski
2022-07-26 22:00 ` [PATCH net-next v3 0/7] tls: rx: decrypt from the TCP queue patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220722235033.2594446-6-kuba@kernel.org \
--to=kuba@kernel$(echo .)org \
--cc=borisp@nvidia$(echo .)com \
--cc=davem@davemloft$(echo .)net \
--cc=dsahern@kernel$(echo .)org \
--cc=edumazet@google$(echo .)com \
--cc=john.fastabend@gmail$(echo .)com \
--cc=maximmi@nvidia$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=pabeni@redhat$(echo .)com \
--cc=tariqt@nvidia$(echo .)com \
--cc=vfedorenko@novek$(echo .)ru \
--cc=yoshfuji@linux-ipv6$(echo .)org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox