Date: Thu, 29 Oct 2020 22:39:39 +0100 From: "Kristof Provost" <kp@FreeBSD.org> To: "John-Mark Gurney" <jmg@funkthat.com> Cc: "Carsten =?utf-8?q?B=C3=A4cker?=" <carbaecker@gmx.de>, freebsd-hackers@freebsd.org, freebsd-arm@freebsd.org Subject: Re: Problem with checksum offloading on RPi3 (PF + Jails involved) Message-ID: <55713894-A896-4F12-ABB9-93DFEB2F16B9@FreeBSD.org> In-Reply-To: <20201029213622.GM31099@funkthat.com> References: <748edc3d-4ef7-c4de-291f-7c0b460a6052@gmx.de> <D8CE4762-4D94-47C7-A8D1-6C537766813B@FreeBSD.org> <5130ee46-5832-d4df-d774-c6bd32e10b30@gmx.de> <A3890336-BE8F-438C-8C3E-7B21FB729FCA@FreeBSD.org> <20201029213622.GM31099@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29 Oct 2020, at 22:36, John-Mark Gurney wrote:
> Kristof Provost wrote this message on Thu, Oct 29, 2020 at 21:30
> +0100:
>> On 29 Oct 2020, at 16:30, Carsten Bäcker wrote:
>>> Sure, i am willing to help.
>>>
>>> Device is a Raspberry Pi 3B (not +), using the onboard-ethernet.
>>> I attached a bunch of information.
>>>
>>> Configuration is stripped down to the minimum required to reproduce
>>> the
>>> problem.
>>>
>> Okay, so that???s an SMC2 LAN9514_ETH device.
>> That???s the dev/usb/net/if_smsc.c driver.
>>
>> However, before we dig into that driver we should make sure that
>> we???re
>> really looking at a checksum problem.
>> It???s entirely normal for TX checksums to be incorrect when logged
>> on
>> the sending host itself (if the hardware does checksum offloading the
>> checksum in the packet sent to the MAC is incorrect, and left to the
>> hardware to fix).
>>
>> So, can you confirm that the `"[bad udp cksum 0xe58a -> 0x482d!]` you
>> reported was on an inbound packet? And let???s be safe: try to
>> capture
>> packets on a different machine. That???ll give us the true packet,
>> after
>> the hardware has done checksum calculations.
>
> One interesting point is that the smsc driver claims to not do TX
> offload,
> and a brief check shows that it doesn't allow a user to set the
> TXCSUM.
>
It does seem to do RX offload, and the comments in the driver suggest
some .. ahem, creative hardware behaviour:
/* The checksum appears to be simplistically calculated
* over the udp/tcp header and data up to the end of the
* eth frame. Which means if the eth frame is padded
* the csum calculation is incorrectly performed over
* the padding bytes as well. Therefore to be safe we
* ignore the H/W csum on frames less than or equal to
* 64 bytes.
*
* Ignore H/W csum for non-IPv4 packets.
*/
It’s not impossible that there’s some more issues like that in the
hardware, or even that there are different chip revisions out there.
That also matches up with `ifconfig ue0 -rxcsum` fixing things.
Best regards,
Kristof
From owner-freebsd-hackers@freebsd.org Fri Oct 30 15:45:26 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id E3A81454CBE
for <freebsd-hackers@mailman.nyi.freebsd.org>;
Fri, 30 Oct 2020 15:45:26 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org
[IPv6:2610:1c1:1:606c::24b:4])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
client-signature RSA-PSS (4096 bits) client-digest SHA256)
(Client CN "smtp.freebsd.org",
Issuer "Let's Encrypt Authority X3" (verified OK))
by mx1.freebsd.org (Postfix) with ESMTPS id 4CN68Q5jSmz475n;
Fri, 30 Oct 2020 15:45:26 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Received: from John-Baldwins-MacBook-Pro.local (unknown
[IPv6:2601:648:8681:1cb0:883c:5f2d:bc59:967b])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(Client did not present a certificate) (Authenticated sender: jhb)
by smtp.freebsd.org (Postfix) with ESMTPSA id 253D22F6E2;
Fri, 30 Oct 2020 15:45:26 +0000 (UTC) (envelope-from jhb@FreeBSD.org)
Subject: Re: QAT driver
To: Rick Macklem <rmacklem@uoguelph.ca>, Mark Johnston <markj@freebsd.org>
Cc: Neel Chauhan <neel@neelc.org>,
"freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org>
References: <20201026200059.GA66299@raichu>
<723fbd7326df42ce30cd5e361db9c736@neelc.org> <20201027032720.GB31663@raichu>
<YTBPR01MB39666C8CB2DA8292EA4E4033DD160@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM>
<20201027125508.GD31663@raichu>
<YTBPR01MB3966D1A13046294E5C10631DDD160@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM>
From: John Baldwin <jhb@FreeBSD.org>
Autocrypt: addr=jhb@FreeBSD.org; keydata=
mQGiBETQ+XcRBADMFybiq69u+fJRy/0wzqTNS8jFfWaBTs5/OfcV7wWezVmf9sgwn8TW0Dk0
c9MBl0pz+H01dA2ZSGZ5fXlmFIsee1WEzqeJzpiwd/pejPgSzXB9ijbLHZ2/E0jhGBcVy5Yo
/Tw5+U/+laeYKu2xb0XPvM0zMNls1ah5OnP9a6Ql6wCgupaoMySb7DXm2LHD1Z9jTsHcAQMD
/1jzh2BoHriy/Q2s4KzzjVp/mQO5DSm2z14BvbQRcXU48oAosHA1u3Wrov6LfPY+0U1tG47X
1BGfnQH+rNAaH0livoSBQ0IPI/8WfIW7ub4qV6HYwWKVqkDkqwcpmGNDbz3gfaDht6nsie5Z
pcuCcul4M9CW7Md6zzyvktjnbz61BADGDCopfZC4of0Z3Ka0u8Wik6UJOuqShBt1WcFS8ya1
oB4rc4tXfSHyMF63aPUBMxHR5DXeH+EO2edoSwViDMqWk1jTnYza51rbGY+pebLQOVOxAY7k
do5Ordl3wklBPMVEPWoZ61SdbcjhHVwaC5zfiskcxj5wwXd2E9qYlBqRg7QeSm9obiBCYWxk
d2luIDxqaGJARnJlZUJTRC5vcmc+iGAEExECACAFAkTQ+awCGwMGCwkIBwMCBBUCCAMEFgID
AQIeAQIXgAAKCRBy3lIGd+N/BI6RAJ9S97fvbME+3hxzE3JUyUZ6vTewDACdE1stFuSfqMvM
jomvZdYxIYyTUpC5Ag0ERND5ghAIAPwsO0B7BL+bz8sLlLoQktGxXwXQfS5cInvL17Dsgnr3
1AKa94j9EnXQyPEj7u0d+LmEe6CGEGDh1OcGFTMVrof2ZzkSy4+FkZwMKJpTiqeaShMh+Goj
XlwIMDxyADYvBIg3eN5YdFKaPQpfgSqhT+7El7w+wSZZD8pPQuLAnie5iz9C8iKy4/cMSOrH
YUK/tO+Nhw8Jjlw94Ik0T80iEhI2t+XBVjwdfjbq3HrJ0ehqdBwukyeJRYKmbn298KOFQVHO
EVbHA4rF/37jzaMadK43FgJ0SAhPPF5l4l89z5oPu0b/+5e2inA3b8J3iGZxywjM+Csq1tqz
hltEc7Q+E08AAwUIAL+15XH8bPbjNJdVyg2CMl10JNW2wWg2Q6qdljeaRqeR6zFus7EZTwtX
sNzs5bP8y51PSUDJbeiy2RNCNKWFMndM22TZnk3GNG45nQd4OwYK0RZVrikalmJY5Q6m7Z16
4yrZgIXFdKj2t8F+x613/SJW1lIr9/bDp4U9tw0V1g3l2dFtD3p3ZrQ3hpoDtoK70ioIAjjH
aIXIAcm3FGZFXy503DOA0KaTWwvOVdYCFLm3zWuSOmrX/GsEc7ovasOWwjPn878qVjbUKWwx
Q4QkF4OhUV9zPtf9tDSAZ3x7QSwoKbCoRCZ/xbyTUPyQ1VvNy/mYrBcYlzHodsaqUDjHuW+I
SQQYEQIACQUCRND5ggIbDAAKCRBy3lIGd+N/BCO8AJ9j1dWVQWxw/YdTbEyrRKOY8YZNwwCf
afMAg8QvmOWnHx3wl8WslCaXaE8=
Message-ID: <ca6dad2f-ddae-7b0b-06ac-50b52f624aa1@FreeBSD.org>
Date: Fri, 30 Oct 2020 08:45:24 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0)
Gecko/20100101 Thunderbird/68.6.0
MIME-Version: 1.0
In-Reply-To: <YTBPR01MB3966D1A13046294E5C10631DDD160@YTBPR01MB3966.CANPRD01.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
<freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>,
<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>;
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 15:45:26 -0000
On 10/27/20 2:15 PM, Rick Macklem wrote:
> Mark Johnston wrote:
>> On Tue, Oct 27, 2020 at 04:32:40AM +0000, Rick Macklem wrote:
> [stuff snipped]
>>> Can it be made to work with the KERN_TLS in head?
>>> (KERN_TLS works fine for me using the ktls_ocf and aesni modules.)
>>> I think it is only head and requires the patched OpenSSL3 that jhb@
>>> currently has.
>>
>> I hadn't looked at ktls_ocf.c before but at a glance it looks like it
>> can make use of any hardware or software opencrypto driver that supports
>> the requested algorithms. The qat(4) port implements the algorithms
>> referenced by ktls_ocf_try().
> Well, if you were inspired to try it out, the basic doc for NFS-over-TLS is here:
> https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt
> (Same file is in base/projects/nfs-over-tls on subversion.)
> For someone who is used to building/running head kernels, it should be
> pretty straightforward.
>
> You could become the first tester in the whole wide world;-) rick
> ps: Although the NFS code uses it in the kernel, I think that an application
> that uses OpenSSL's SSL_read()/SSL_write via a patched OpenSSL library,
> has the encrypt/decrypt done in the kernel and the userspace library
> code just does socket I/O with unencrypted data.
> pss: Hopefully jhb@ will correct me if I got this wrong.
>
>> I know nothing about it, except that it seems to work well, doing
>> the TLS application data records in the kernel for a TCP socket
>> enabled by the patched OpenSSL library.
>> I've cc'd jhb@, so hopefully he can let us know what it needs?
qat(4) should work with KERN_TLS. I've used ccr(4) with the KERN_TLS
bits many times. It is a good throughput test, though you will need
a fast network connection to really push it (e.g. with ccr(4) I've
done about 50 Gbps of TLS traffic using nginx with the KTLS patches
to use sendfile, so that requires a 100G NIC and/or two 40G NICs.)
--
John Baldwin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55713894-A896-4F12-ABB9-93DFEB2F16B9>