Commit 806744b7 authored by Boris Glimcher's avatar Boris Glimcher Committed by Konrad Sztyber
Browse files

sock: Add ktls and tls_version to spdk_sock_impl_opts



Since `sock_impl_opts` was added to `sock_opts`
Can remove `ktls` and `tls_version` from spdk_sock_opts

Example:
  rpc.py sock_impl_set_options -i ssl --enable-ktls
  rpc.py sock_impl_set_options -i ssl --disable-ktls
  rpc.py sock_impl_set_options -i ssl --tls-version=12

  ./build/examples/perf --enable-ktls
  ./build/examples/perf --disable-ktls
  ./build/examples/perf --tls-version=12

Check kTLS statistics here: /proc/net/tls_stat

Change-Id: Icf7ee822bad92fda149710be77feb77fc8d4f163
Signed-off-by: default avatarBoris Glimcher <Boris.Glimcher@emc.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/13510


Tested-by: default avatarSPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Mellanox Build Bot
Reviewed-by: default avatarKonrad Sztyber <konrad.sztyber@intel.com>
Reviewed-by: default avatarJim Harris <james.r.harris@intel.com>
parent d0038b70
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
@@ -23,7 +23,7 @@ Calculate num_md_pages from num_md_pages_per_cluster_ratio, and pass it to spdk_

### rpc

New options `ktls` and `tls_version` were added to the `spdk_sock_opts` structure.
New options `enable_ktls` and `tls_version` were added to the `sock_impl_set_options` structure.

Added warning message for `bdev_rbd_create`, if it is used without -c.
`bdev_rbd_create()` API without specifying -c is deprecated and will be removed in future release.
+8 −2
Original line number Diff line number Diff line
@@ -9518,7 +9518,9 @@ Example response:
    "enable_placement_id": 0,
    "enable_zerocopy_send_server": true,
    "enable_zerocopy_send_client": false,
    "zerocopy_threshold": 0
    "zerocopy_threshold": 0,
    "tls_version": 13,
    "enable_ktls": false
  }
}
~~~
@@ -9541,6 +9543,8 @@ enable_zerocopy_send_server | Optional | boolean | Enable or disable zero co
enable_zerocopy_send_client | Optional | boolean     | Enable or disable zero copy on send for client sockets
zerocopy_threshold          | Optional | number      | Set zerocopy_threshold in bytes. A consecutive sequence of requests' iovecs
that fall below this threshold may be sent without zerocopy flag set
tls_version                 | Optional | number      | TLS protocol version, e.g. 13 for v1.3 (only applies when impl_name == ssl)
enable_ktls                 | Optional | boolean     | Enable or disable Kernel TLS (only applies when impl_name == ssl)

#### Response

@@ -9564,7 +9568,9 @@ Example request:
    "enable_placement_id": 0,
    "enable_zerocopy_send_server": true,
    "enable_zerocopy_send_client": false,
    "zerocopy_threshold": 10240
    "zerocopy_threshold": 10240,
    "tls_version": 13,
    "enable_ktls": false
  }
}
~~~
+41 −6
Original line number Diff line number Diff line
@@ -291,7 +291,7 @@ static int g_file_optind; /* Index of first filename in argv */
static inline void task_complete(struct perf_task *task);

static void
perf_set_sock_zcopy(const char *impl_name, bool enable)
perf_set_sock_opts(const char *impl_name, const char *field, uint32_t val)
{
	struct spdk_sock_impl_opts sock_opts = {};
	size_t opts_size = sizeof(sock_opts);
@@ -314,11 +314,23 @@ perf_set_sock_zcopy(const char *impl_name, bool enable)
		opts_size = sizeof(sock_opts);
	}

	sock_opts.enable_zerocopy_send_client = enable;
	if (!field) {
		fprintf(stderr, "Warning: no socket opts field specified\n");
		return;
	} else if (strcmp(field, "enable_zerocopy_send_client") == 0) {
		sock_opts.enable_zerocopy_send_client = val;
	} else if (strcmp(field, "tls_version") == 0) {
		sock_opts.tls_version = val;
	} else if (strcmp(field, "ktls") == 0) {
		sock_opts.enable_ktls = val;
	} else {
		fprintf(stderr, "Warning: invalid or unprocessed socket opts field: %s\n", field);
		return;
	}

	if (spdk_sock_impl_set_opts(impl_name, &sock_opts, opts_size)) {
		fprintf(stderr, "Failed to %s zcopy send for sock impl %s: error %d (%s)\n",
			enable ? "enable" : "disable", impl_name, errno, strerror(errno));
		fprintf(stderr, "Failed to set %s: %d for sock impl %s : error %d (%s)\n", field, val, impl_name,
			errno, strerror(errno));
	}
}

@@ -1775,6 +1787,9 @@ usage(char *program_name)
	printf("\t[--transport-stats dump transport statistics]\n");
	printf("\t[--iova-mode <mode> specify DPDK IOVA mode: va|pa]\n");
	printf("\t[--io-queue-size <val> size of NVMe IO queue. Default: maximum allowed by controller]\n");
	printf("\t[--disable-ktls disable Kernel TLS. Only valid for ssl impl. Default for ssl impl]\n");
	printf("\t[--enable-ktls enable Kernel TLS. Only valid for ssl impl]\n");
	printf("\t[--tls-version <val> TLS version to use. Only valid for ssl impl. Default: 0 (auto-negotiation)]\n");
}

static void
@@ -2267,6 +2282,12 @@ static const struct option g_perf_cmdline_opts[] = {
	{"iova-mode", required_argument, NULL, PERF_IOVA_MODE},
#define PERF_IO_QUEUE_SIZE	259
	{"io-queue-size", required_argument, NULL, PERF_IO_QUEUE_SIZE},
#define PERF_DISABLE_KTLS	260
	{"disable-ktls", no_argument, NULL, PERF_DISABLE_KTLS},
#define PERF_ENABLE_KTLS	261
	{"enable-ktls", no_argument, NULL, PERF_ENABLE_KTLS},
#define PERF_TLS_VERSION	262
	{"tls-version", required_argument, NULL, PERF_TLS_VERSION},
	/* Should be the last element */
	{0, 0, 0, 0}
};
@@ -2447,11 +2468,25 @@ parse_args(int argc, char **argv, struct spdk_env_opts *env_opts)
		case PERF_ENABLE_VMD:
			g_vmd = true;
			break;
		case PERF_DISABLE_KTLS:
			perf_set_sock_opts(optarg, "ktls", 0);
			break;
		case PERF_ENABLE_KTLS:
			perf_set_sock_opts(optarg, "ktls", 1);
			break;
		case PERF_TLS_VERSION:
			val = spdk_strtol(optarg, 10);
			if (val < 0) {
				fprintf(stderr, "Illegal tls version value %s\n", optarg);
				return val;
			}
			perf_set_sock_opts(optarg, "tls_version", val);
			break;
		case PERF_DISABLE_ZCOPY:
			perf_set_sock_zcopy(optarg, false);
			perf_set_sock_opts(optarg, "enable_zerocopy_send_client", 0);
			break;
		case PERF_ENABLE_ZCOPY:
			perf_set_sock_zcopy(optarg, true);
			perf_set_sock_opts(optarg, "enable_zerocopy_send_client", 1);
			break;
		case PERF_DEFAULT_SOCK_IMPL:
			rc = spdk_sock_set_default_impl(optarg);
+16 −4
Original line number Diff line number Diff line
@@ -218,13 +218,19 @@ hello_sock_connect(struct hello_context_t *ctx)
	int rc;
	char saddr[ADDR_STR_LEN], caddr[ADDR_STR_LEN];
	uint16_t cport, sport;
	struct spdk_sock_impl_opts impl_opts;
	size_t impl_opts_size = sizeof(impl_opts);
	struct spdk_sock_opts opts;

	spdk_sock_impl_get_opts(ctx->sock_impl_name, &impl_opts, &impl_opts_size);
	impl_opts.enable_ktls = ctx->ktls;
	impl_opts.tls_version = ctx->tls_version;

	opts.opts_size = sizeof(opts);
	spdk_sock_get_default_opts(&opts);
	opts.zcopy = ctx->zcopy;
	opts.ktls = ctx->ktls;
	opts.tls_version = ctx->tls_version;
	opts.impl_opts = &impl_opts;
	opts.impl_opts_size = sizeof(impl_opts);

	SPDK_NOTICELOG("Connecting to the server on %s:%d with sock_impl(%s)\n", ctx->host, ctx->port,
		       ctx->sock_impl_name);
@@ -356,13 +362,19 @@ hello_sock_group_poll(void *arg)
static int
hello_sock_listen(struct hello_context_t *ctx)
{
	struct spdk_sock_impl_opts impl_opts;
	size_t impl_opts_size = sizeof(impl_opts);
	struct spdk_sock_opts opts;

	spdk_sock_impl_get_opts(ctx->sock_impl_name, &impl_opts, &impl_opts_size);
	impl_opts.enable_ktls = ctx->ktls;
	impl_opts.tls_version = ctx->tls_version;

	opts.opts_size = sizeof(opts);
	spdk_sock_get_default_opts(&opts);
	opts.zcopy = ctx->zcopy;
	opts.ktls = ctx->ktls;
	opts.tls_version = ctx->tls_version;
	opts.impl_opts = &impl_opts;
	opts.impl_opts_size = sizeof(impl_opts);

	ctx->sock = spdk_sock_listen_ext(ctx->host, ctx->port, ctx->sock_impl_name, &opts);
	if (ctx->sock == NULL) {
+10 −10
Original line number Diff line number Diff line
@@ -128,6 +128,16 @@ struct spdk_sock_impl_opts {
	 * threshold may be sent without zerocopy flag set.
	 */
	uint32_t zerocopy_threshold;

	/**
	 * TLS protocol version. Used by ssl socket module.
	 */
	uint32_t tls_version;

	/**
	 * Enable or disable kernel TLS. Used by ssl socket modules.
	 */
	bool enable_ktls;
};

/**
@@ -159,16 +169,6 @@ struct spdk_sock_opts {
	 */
	uint32_t ack_timeout;

	/**
	 * TLS protocol version. Used by posix socket module.
	 */
	uint32_t tls_version;

	/**
	 * Used to enable or disable KTLS for ssl posix socket module.
	 */
	bool ktls;

	/**
	 * Socket implementation options.  If non-NULL, these will override those set by
	 * spdk_sock_impl_set_opts().  The library copies this structure internally, so the user can
Loading