2023-08-11, 18:43:47 -0700, Jakub Kicinski wrote:
> On Wed, 9 Aug 2023 14:58:52 +0200 Sabrina Dubroca wrote:
> > TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXSW);
> > TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW);
> > conf = TLS_SW;
>
> Should we add a statistic for rekeying?
Hmpf, at least I shouldn't be incrementing the existing stats on every
update, especially not TLSCURR* :/
I don't see much benefit in tracking succesful rekeys. Failed rekeys
seem more interesting to me. What would we get from counting succesful
rekeys?
> > +int tls_set_sw_offload(struct sock *sk, int tx,
> > + struct tls_crypto_info *new_crypto_info)
> > {
>
> This function is already 300 LoC and we're making longer with
> a not-so-pretty goto skip;
>
> Any way we can refactor it first?
I guess all the actual init (alloc software context and set it up)
could go in a separate function. I'll see if I can split a few more
things out from the end of the function without making it too messy.
> I think someone had a plan
> to at least make the per-algo stuff less verbose?
Yep, that's me. Basically, expanding the existing tls_cipher_size_desc
to completely remove the switch (crypto_info->cipher_type) (from both
setsockopt and getsockopt). I'll clean up and submit those changes,
and then rebase the next version of this series on top. Dunno why I
decided to focus on the rekey first.
--
Sabrina
