On 8/18/22 03:09, Adel Abouchaev wrote:
> QUIC requires end to end encryption of the data. The application usually
> prepares the data in clear text, encrypts and calls send() which implies
> multiple copies of the data before the packets hit the networking stack.
> Similar to kTLS, QUIC kernel offload of cryptography reduces the memory
> pressure by reducing the number of copies.
>
> The scope of kernel support is limited to the symmetric cryptography,
> leaving the handshake to the user space library. For QUIC in particular,
> the application packets that require symmetric cryptography are the 1RTT
> packets with short headers. Kernel will encrypt the application packets
> on transmission and decrypt on receive. This series implements Tx only,
> because in QUIC server applications Tx outweighs Rx by orders of
> magnitude.
>
> Supporting the combination of QUIC and GSO requires the application to
> correctly place the data and the kernel to correctly slice it. The
> encryption process appends an arbitrary number of bytes (tag) to the end
> of the message to authenticate it. The GSO value should include this
> overhead, the offload would then subtract the tag size to parse the
> input on Tx before chunking and encrypting it.
>
> With the kernel cryptography, the buffer copy operation is conjoined
> with the encryption operation. The memory bandwidth is reduced by 5-8%.
> When devices supporting QUIC encryption in hardware come to the market,
> we will be able to free further 7% of CPU utilization which is used
> today for crypto operations.
>
> Adel Abouchaev (6):
> Documentation on QUIC kernel Tx crypto.
> Define QUIC specific constants, control and data plane structures
> Add UDP ULP operations, initialization and handling prototype
> functions.
> Implement QUIC offload functions
> Add flow counters and Tx processing error counter
> Add self tests for ULP operations, flow setup and crypto tests
>
> Documentation/networking/index.rst | 1 +
> Documentation/networking/quic.rst | 185 ++++
> include/net/inet_sock.h | 2 +
> include/net/netns/mib.h | 3 +
> include/net/quic.h | 63 ++
> include/net/snmp.h | 6 +
> include/net/udp.h | 33 +
> include/uapi/linux/quic.h | 60 +
> include/uapi/linux/snmp.h | 9 +
> include/uapi/linux/udp.h | 4 +
> net/Kconfig | 1 +
> net/Makefile | 1 +
> net/ipv4/Makefile | 3 +-
> net/ipv4/udp.c | 15 +
> net/ipv4/udp_ulp.c | 192 ++++
> net/quic/Kconfig | 16 +
> net/quic/Makefile | 8 +
> net/quic/quic_main.c | 1417 ++++++++++++++++++++++++
> net/quic/quic_proc.c | 45 +
> tools/testing/selftests/net/.gitignore | 4 +-
> tools/testing/selftests/net/Makefile | 3 +-
> tools/testing/selftests/net/quic.c | 1153 +++++++++++++++++++
> tools/testing/selftests/net/quic.sh | 46 +
> 23 files changed, 3267 insertions(+), 3 deletions(-)
> create mode 100644 Documentation/networking/quic.rst
> create mode 100644 include/net/quic.h
> create mode 100644 include/uapi/linux/quic.h
> create mode 100644 net/ipv4/udp_ulp.c
> create mode 100644 net/quic/Kconfig
> create mode 100644 net/quic/Makefile
> create mode 100644 net/quic/quic_main.c
> create mode 100644 net/quic/quic_proc.c
> create mode 100644 tools/testing/selftests/net/quic.c
> create mode 100755 tools/testing/selftests/net/quic.sh
>
>
> base-commit: fd78d07c7c35de260eb89f1be4a1e7487b8092ad
Applied, but based on f86d1fbbe78588 ("Merge tag 'net-next-6.0' of
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next") instead,
since this series fails to apply on the specified base-commit tag.
Thanks.
--
An old man doll... just what I always wanted! - Clara
