From 1bb98f3b7b25719bed586f4f2c80e514382e55ee Mon Sep 17 00:00:00 2001 From: Sam Leffler Date: Fri, 27 Jun 2003 20:10:03 +0000 Subject: [PATCH] Check crypto driver capabilities and if the driver operates synchronously mark crypto requests with ``callback immediately'' to avoid doing a context switch to return crypto results. This completes the work to eliminate context switches for using software crypto via the crypto subsystem (with symmetric crypto ops). --- sys/netipsec/xform_ah.c | 18 ++++++++++++++++++ sys/netipsec/xform_esp.c | 18 ++++++++++++++++++ sys/netipsec/xform_ipcomp.c | 18 ++++++++++++++++++ 3 files changed, 54 insertions(+) diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 40f86a396834..02176fdf2de8 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -688,6 +688,15 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) /* Crypto operation descriptor. */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ crp->crp_flags = CRYPTO_F_IMBUF; + /* + * When using crypto support the operates "synchronously" (e.g. + * software crypto) mark the operation for immediate callback to + * avoid the context switch. This increases the amount of kernel + * stack required to process a frame but we assume there is enough + * to do this. + */ + if (CRYPTO_SESID2CAPS(sav->tdb_cryptoid) & CRYPTOCAP_F_SYNC) + crp->crp_flags |= CRYPTO_F_CBIMM; crp->crp_buf = (caddr_t) m; crp->crp_callback = ah_input_cb; crp->crp_sid = sav->tdb_cryptoid; @@ -1091,6 +1100,15 @@ ah_output( /* Crypto operation descriptor. */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ crp->crp_flags = CRYPTO_F_IMBUF; + /* + * When using crypto support the operates "synchronously" (e.g. + * software crypto) mark the operation for immediate callback to + * avoid the context switch. This increases the amount of kernel + * stack required to process a frame but we assume there is enough + * to do this. + */ + if (CRYPTO_SESID2CAPS(sav->tdb_cryptoid) & CRYPTOCAP_F_SYNC) + crp->crp_flags |= CRYPTO_F_CBIMM; crp->crp_buf = (caddr_t) m; crp->crp_callback = ah_output_cb; crp->crp_sid = sav->tdb_cryptoid; diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index 649d2d0b0bc5..82f4049d864f 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -396,6 +396,15 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) /* Crypto operation descriptor */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length */ crp->crp_flags = CRYPTO_F_IMBUF; + /* + * When using crypto support the operates "synchronously" (e.g. + * software crypto) mark the operation for immediate callback to + * avoid the context switch. This increases the amount of kernel + * stack required to process a frame but we assume there is enough + * to do this. + */ + if (CRYPTO_SESID2CAPS(sav->tdb_cryptoid) & CRYPTOCAP_F_SYNC) + crp->crp_flags |= CRYPTO_F_CBIMM; crp->crp_buf = (caddr_t) m; crp->crp_callback = esp_input_cb; crp->crp_sid = sav->tdb_cryptoid; @@ -834,6 +843,15 @@ esp_output( /* Crypto operation descriptor. */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ crp->crp_flags = CRYPTO_F_IMBUF; + /* + * When using crypto support the operates "synchronously" (e.g. + * software crypto) mark the operation for immediate callback to + * avoid the context switch. This increases the amount of kernel + * stack required to process a frame but we assume there is enough + * to do this. + */ + if (CRYPTO_SESID2CAPS(sav->tdb_cryptoid) & CRYPTOCAP_F_SYNC) + crp->crp_flags |= CRYPTO_F_CBIMM; crp->crp_buf = (caddr_t) m; crp->crp_callback = esp_output_cb; crp->crp_opaque = (caddr_t) tc; diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c index 75b3d7583b7e..aee938245176 100644 --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -174,6 +174,15 @@ ipcomp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) /* Crypto operation descriptor */ crp->crp_ilen = m->m_pkthdr.len - (skip + hlen); crp->crp_flags = CRYPTO_F_IMBUF; + /* + * When using crypto support the operates "synchronously" (e.g. + * software crypto) mark the operation for immediate callback to + * avoid the context switch. This increases the amount of kernel + * stack required to process a frame but we assume there is enough + * to do this. + */ + if (CRYPTO_SESID2CAPS(sav->tdb_cryptoid) & CRYPTOCAP_F_SYNC) + crp->crp_flags |= CRYPTO_F_CBIMM; crp->crp_buf = (caddr_t) m; crp->crp_callback = ipcomp_input_cb; crp->crp_sid = sav->tdb_cryptoid; @@ -478,6 +487,15 @@ ipcomp_output( /* Crypto operation descriptor */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length */ crp->crp_flags = CRYPTO_F_IMBUF; + /* + * When using crypto support the operates "synchronously" (e.g. + * software crypto) mark the operation for immediate callback to + * avoid the context switch. This increases the amount of kernel + * stack required to process a frame but we assume there is enough + * to do this. + */ + if (CRYPTO_SESID2CAPS(sav->tdb_cryptoid) & CRYPTOCAP_F_SYNC) + crp->crp_flags |= CRYPTO_F_CBIMM; crp->crp_buf = (caddr_t) m; crp->crp_callback = ipcomp_output_cb; crp->crp_opaque = (caddr_t) tc;