git: dc12ee39b7f2 - main - if_ovpn: add sysctls for netisr_queue() and crypto_dispatch_async()

Reply: Kristof Provost : "Re: git: dc12ee39b7f2 - main - if_ovpn: add sysctls for netisr_queue() and crypto_dispatch_async()"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Mon, 24 Oct 2022 08:08:56 UTC

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=dc12ee39b7f266f7d4975722b7454d18536fcf11

commit dc12ee39b7f266f7d4975722b7454d18536fcf11
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-10-17 09:06:34 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-10-24 08:08:35 +0000

    if_ovpn: add sysctls for netisr_queue() and crypto_dispatch_async()
    
    Allow the choice between asynchronous and synchronous netisr and crypto
    calls. These have performance implications, but depend on the specific
    setup and OCF back-end.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D37017
---
 sys/net/if_ovpn.c | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/sys/net/if_ovpn.c b/sys/net/if_ovpn.c
index 14634cfc969b..76274fc87159 100644
--- a/sys/net/if_ovpn.c
+++ b/sys/net/if_ovpn.c
@@ -235,6 +235,18 @@ VNET_DEFINE_STATIC(int, replay_protection) = 0;
 SYSCTL_INT(_net_link_openvpn, OID_AUTO, replay_protection, CTLFLAG_VNET | CTLFLAG_RW,
     &VNET_NAME(replay_protection), 0, "Validate sequence numbers");
 
+VNET_DEFINE_STATIC(int, async_crypto);
+#define	V_async_crypto		VNET(async_crypto)
+SYSCTL_INT(_net_link_openvpn, OID_AUTO, async_crypto,
+	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(async_crypto), 0,
+	"Use asynchronous mode to parallelize crypto jobs.");
+
+VNET_DEFINE_STATIC(int, netisr_queue);
+#define	V_netisr_queue		VNET(netisr_queue)
+SYSCTL_INT(_net_link_openvpn, OID_AUTO, netisr_queue,
+	CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(netisr_queue), 0,
+	"Use netisr_queue() rather than netisr_dispatch().");
+
 static struct ovpn_kpeer *
 ovpn_find_peer(struct ovpn_softc *sc, uint32_t peerid)
 {
@@ -1503,7 +1515,10 @@ ovpn_finish_rx(struct ovpn_softc *sc, struct mbuf *m,
 	af = ovpn_get_af(m);
 	if (af != 0) {
 		BPF_MTAP2(sc->ifp, &af, sizeof(af), m);
-		netisr_dispatch(af == AF_INET ? NETISR_IP : NETISR_IPV6, m);
+		if (V_netisr_queue)
+			netisr_queue(af == AF_INET ? NETISR_IP : NETISR_IPV6, m);
+		else
+			netisr_dispatch(af == AF_INET ? NETISR_IP : NETISR_IPV6, m);
 	} else {
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1);
 		m_freem(m);
@@ -1869,7 +1884,10 @@ ovpn_transmit_to_peer(struct ifnet *ifp, struct mbuf *m,
 	atomic_add_int(&peer->refcount, 1);
 	if (_ovpn_lock_trackerp != NULL)
 		OVPN_RUNLOCK(sc);
-	ret = crypto_dispatch(crp);
+	if (V_async_crypto)
+		ret = crypto_dispatch_async(crp, CRYPTO_ASYNC_ORDERED);
+	else
+		ret = crypto_dispatch(crp);
 	if (ret) {
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_out, 1);
 	}
@@ -2266,7 +2284,10 @@ ovpn_udp_input(struct mbuf *m, int off, struct inpcb *inp,
 
 	atomic_add_int(&sc->refcount, 1);
 	OVPN_RUNLOCK(sc);
-	ret = crypto_dispatch(crp);
+	if (V_async_crypto)
+		ret = crypto_dispatch_async(crp, CRYPTO_ASYNC_ORDERED);
+	else
+		ret = crypto_dispatch(crp);
 	if (ret != 0) {
 		OVPN_COUNTER_ADD(sc, lost_data_pkts_in, 1);
 	}