From owner-freebsd-transport@freebsd.org Thu Feb 22 18:12:44 2018 Return-Path: Delivered-To: freebsd-transport@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 410E5F1CEED for ; Thu, 22 Feb 2018 18:12:44 +0000 (UTC) (envelope-from gallatin@netflix.com) Received: from mail-lf0-x22f.google.com (mail-lf0-x22f.google.com [IPv6:2a00:1450:4010:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9FC9770BBB for ; Thu, 22 Feb 2018 18:12:43 +0000 (UTC) (envelope-from gallatin@netflix.com) Received: by mail-lf0-x22f.google.com with SMTP id m69so8689086lfe.8 for ; Thu, 22 Feb 2018 10:12:43 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ZJ8bqIg1S1/IcqSA3zZdfCutDXC6RH3gqXloAMke2hg=; b=muWwyyXQgBo3dk4U9twm+TO18yuMyIwGALDATa8oKBd69yjqNxjSLrU3cqlVYwhBpo /KtQEw1payDqd95PSI1hRrYDwTDimJ0VLC1GLQvt7GVPQg5PoCv+kPneZmvadEgojuCp vPyQpThdnGtXlEkmHdi+wR5jBMz69N8l2agFk8257wjK6ApgGsAxjmGXGiszGgrtwthn ZAhslnGPTTSBOzvPPYATaERhHiea7maHSbZFHW8e2jKz8jfI3KYW260wbUE5duwW1DpY NjlK3ZxTH9+yBgNM2jrKXbPKGOPRObdgl8n2ODz3AL+sq8XzPj+9oOk1dNXUexQDJRhK G55w== X-Gm-Message-State: APf1xPDABvbjLZr6MY2Q7nHonTOmIYW+NpEqiB9Ub5089dKQ/vTZf7V0 xbAey4NfnoilPk+iJQetmvwQjFfRfYRViEUCk9QLkE5KLQ== X-Google-Smtp-Source: AH8x225JFnEyy1+uPvg9LpttqqtTeNAcJ+kW0vzSSMtDdkEjD5BbMGee/rOVZ3MXHOgX+sG9PvdisMFEjb9zmWL8Gew= X-Received: by 10.46.21.86 with SMTP id 22mr5244512ljv.24.1519323161921; Thu, 22 Feb 2018 10:12:41 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.199.80 with HTTP; Thu, 22 Feb 2018 10:12:41 -0800 (PST) From: Drew Gallatin Date: Thu, 22 Feb 2018 13:12:41 -0500 Message-ID: Subject: Netflix kernel TLS To: freebsd-transport@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-transport@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussions of transport level network protocols in FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Feb 2018 18:12:44 -0000 As discussed in the meeting today, I have backported our kernel TLS to an upstream kernel and made it available for comment. See the nf_ktls branch of my public github: https://github.com/gallatin/freebsd/tree/nf_ktls It is enabled by 'options KERN_TLS" A few random facts: - This is transmit only. - Applications linking to OpenSSL are automatically accelerated, for socket writes assuming that a compatible cipher is supported in the kernel. - It adds a new OpenSSL API entry point, SSL_sendfile(), which is self explanatory. You can see example usage in our patch to nginx, at https://people.freebsd.org/~gallatin/nginx_ssl_sendfile.diff - It has been tested and run only on AMD64. I suspect it will work on any arch with a direct map. (eg, PHYS_TO_DMAP, DMAP_TO_PHYS) - It requires my vectorized unmapped mbufs (present in that branch). Note that my vectorized mbufs should work on any arch, and I've measured speedups on i386, simply because we avoid mapping sf_bufs. - It requires a backend crypto module to support the actual encryption. I totally suck at ports, but I've left a port of intel-isa-l at https://people.freebsd.org/~gallatin/intel-isa-aes-kmod.txz Best regards, Drew From owner-freebsd-transport@freebsd.org Fri Feb 23 22:27:05 2018 Return-Path: Delivered-To: freebsd-transport@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0EFA1F25E93 for ; Fri, 23 Feb 2018 22:27:05 +0000 (UTC) (envelope-from Richard.Scheffenegger@netapp.com) Received: from mx144.netapp.com (mx144.netapp.com [IPv6:2620:10a:4005:8000:2306::d]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (Client CN "mx141.netapp.com", Issuer "Entrust Certification Authority - L1K" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6887E7C2B7 for ; Fri, 23 Feb 2018 22:27:04 +0000 (UTC) (envelope-from Richard.Scheffenegger@netapp.com) X-IronPort-AV: E=Sophos;i="5.47,383,1515484800"; d="scan'208";a="243439148" Received: from vmwexchts04-prd.hq.netapp.com ([10.122.105.32]) by mx144-out.netapp.com with ESMTP; 23 Feb 2018 14:27:02 -0800 Received: from VMWEXCCAS01-PRD.hq.netapp.com (10.122.105.11) by VMWEXCHTS04-PRD.hq.netapp.com (10.122.105.32) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Fri, 23 Feb 2018 14:27:02 -0800 Received: from NAM02-BL2-obe.outbound.protection.outlook.com (10.120.60.153) by VMWEXCCAS01-PRD.hq.netapp.com (10.122.105.11) with Microsoft SMTP Server (TLS) id 15.0.1320.4 via Frontend Transport; Fri, 23 Feb 2018 14:27:02 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netapp.onmicrosoft.com; s=selector1-netapp-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=OskaPs1v3r9VwNev1OOiyIs7BCtV0wSu5wYsk5ys9SI=; b=PjS3G0GavFbn/1mkW1cUzDRK8V6e6gJgyKeIgOcPax3HKpm3rgYRyBtGQP7m9753GnT/Z8cI0aIfA3H1uyhhLmasisyfDCzklE+vQBA/b8YIBjElCUV6j+OUIbjceBBVTSOR7Nn+9bAx6Z6opMR19W8vJi4lbpJUy66niA7oQX8= Received: from CY4PR0601MB3731.namprd06.prod.outlook.com (52.132.101.144) by CY4PR0601MB3602.namprd06.prod.outlook.com (52.132.101.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.506.18; Fri, 23 Feb 2018 22:26:58 +0000 Received: from CY4PR0601MB3731.namprd06.prod.outlook.com ([fe80::c465:c945:97d0:8413]) by CY4PR0601MB3731.namprd06.prod.outlook.com ([fe80::c465:c945:97d0:8413%13]) with mapi id 15.20.0506.023; Fri, 23 Feb 2018 22:26:58 +0000 From: "Scheffenegger, Richard" To: "freebsd-transport@freebsd.org" Subject: RFC6675 RescueReTx Thread-Topic: RFC6675 RescueReTx Thread-Index: AdOs9BE0meKgT81dSruq+utmf7Ua1A== Date: Fri, 23 Feb 2018 22:26:58 +0000 Message-ID: Accept-Language: de-AT, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=Richard.Scheffenegger@netapp.com; x-originating-ip: [213.143.121.76] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY4PR0601MB3602; 7:hzpHg9flXnoUPy6JwLAT13SRDLWomW1RXlAsJTq9wz+Wc4Fb74T8LmP9prHS5/mKIbvuIfi00s7iIGKrWGJtjCvzyK/F/o0xu4qkoS/3lw9hIv2S804Z0wykdh7Z+mkf6Iq+jHpb49/5A+N8OQ+ks3HdK4C1RgxhRsH7ucmpXNULEbkt+OfNLVxHxi6uF/4t9w9TQxoGqTj8swjpUFcsRpbTZn8muhED/9STut3S7UmywXweDbrry4XjQsYef7t3 x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 93e682c4-92af-4c17-add3-08d57b0c8d75 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7193020); SRVR:CY4PR0601MB3602; x-ms-traffictypediagnostic: CY4PR0601MB3602: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(75325880899374); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(5005006)(8121501046)(3231200)(944501161)(52105095)(10201501046)(3002001)(93006095)(93001095)(6055026)(6041288)(20161123562045)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(6072148)(201708071742011); SRVR:CY4PR0601MB3602; BCL:0; PCL:0; RULEID:; SRVR:CY4PR0601MB3602; x-forefront-prvs: 0592A9FDE6 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6029001)(396003)(366004)(39860400002)(376002)(346002)(39380400002)(199004)(189003)(8676002)(3846002)(81166006)(97736004)(106356001)(81156014)(26005)(5250100002)(2906002)(2351001)(86362001)(305945005)(8936002)(7736002)(316002)(33656002)(102836004)(6116002)(7696005)(6916009)(25786009)(186003)(105586002)(6506007)(966005)(72206003)(74316002)(99286004)(5640700003)(9686003)(478600001)(6436002)(68736007)(3660700001)(3280700002)(6306002)(53936002)(55016002)(2900100001)(2501003)(66066001)(14454004)(7116003)(5660300001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR0601MB3602; H:CY4PR0601MB3731.namprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: netapp.com does not designate permitted sender hosts) x-microsoft-antispam-message-info: SbmWCdSaK7JHNJUfvFdMCzMdHeLdx0BVSRkaXwxC0exqn0TvP2OfvBBOinj4UfoJ3Xp8d1ZM1PmSAKwjBzkx7BzfZ4n0pGtloDshzBw7s/cAew4WNO7h4uOadu689oTKkWjX63NG1S4okKLC9CiBen60FUWpkG3XC/P5srd3fME= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 93e682c4-92af-4c17-add3-08d57b0c8d75 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Feb 2018 22:26:58.4510 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 4b0911a0-929b-4715-944b-c03745165b3a X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR0601MB3602 X-OriginatorOrg: netapp.com X-Mailman-Approved-At: Fri, 23 Feb 2018 22:36:05 +0000 X-BeenThere: freebsd-transport@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Discussions of transport level network protocols in FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 22:27:05 -0000 Hi, I've been afk for quite some time, thus I still have to do a bit of catchin= g up.=20 When looking into recent advances in the freebsd tcp stack, I found that so= me work was done to make the SACK code RFC6675 compliant. Before unpacking packetdrill or running a code inspection - can someone tel= l me, if this means that not only the bug fixes / clarifications of 6675 ov= er 3517 have been implemented, but also the rescue retransmission (section = 4, nextseg, clause 4)? Would still love to get that lost retransmission patch discussed and done p= roperly (cc reaction on each iteration is missing; that patch preceeds the = modular_cc work though) one of these days though. https://lists.freebsd.org/pipermail/freebsd-net/2010-April/025061.html Thanks a lot,=20 Richard Scheffenegger