From owner-freebsd-hackers@freebsd.org Mon Nov 9 18:53:08 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9AB9E46AFB1 for ; Mon, 9 Nov 2020 18:53:08 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qk1-x732.google.com (mail-qk1-x732.google.com [IPv6:2607:f8b0:4864:20::732]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CVKrN3ktqz3lJD for ; Mon, 9 Nov 2020 18:53:08 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-qk1-x732.google.com with SMTP id y197so8948299qkb.7 for ; Mon, 09 Nov 2020 10:53:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to; bh=//69+1p6ZXiEZ0wKgw4u2eJxrMKzh/GjGxQRUYeS740=; b=Ygi8rD6rYYhaiXCXTVm68oOEYE6O8m5QDzRGharkcA/6Fj1VQyvyeMb8en9xxSQvt2 nnzQVAym8sA+zWEno+WT9fNOWmQfaC82JWstPZHO0u2feXUDIrw1d0SwnbGI4Tb0urAm H7NIvAw0O1K+eTQws9Q6H84yYeUWxpTkoW+AFCesLp21DC4MEG0YBktxuDLGAM3b52G3 i8K9utxpJZocSUbgns/a6sdSyb8zYOwCoDY01jB5QZY73fVjzIxhuRDB8rqS5uua9nnT 4G54dGffHoA/7t/XSzSE0+X9f1BdPrQf/QPrk5DGAFnjKhxeiGx7/euRBmFYi22M+zO+ JU7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition :content-transfer-encoding:in-reply-to; bh=//69+1p6ZXiEZ0wKgw4u2eJxrMKzh/GjGxQRUYeS740=; b=SL2zxKHHPAOk6C6TyKfZNqd7JW1BhnHPQdULKBLXdCv6Wqs99zT/C6z3N2RkDvfUc+ b6z4S3emXtmLT+v9yIrmAAqvFExHDG49Am0msZ11bTGlRKqQXpVv5uj3+5DPX1PhiEH2 gKYXWeccIvjUb/HJSCzGvpcziyMIpS1MR8XaGihBks7fqlDY2qtEeE9NgxXCE0I/pXhA 1sNd9KA+o/kP1FWsEUOflvqyDQYA7HlUG1Z5CymNT4hdrWWsJnf10x/apMlX57DkV4P7 uMukEN9BmBFJbk3wWtdueCOBdPKnOjfaIJvEcxbPXNnknb9f7+7edvtmjoaWvD4+ziIV 93RA== X-Gm-Message-State: AOAM532+h3tx5pv8CY8Z2tg643IbFepACBSJsD9OKJA6id5FQXrJGEHX JuACCAV2vzMY/Nlu0CXmzOk= X-Google-Smtp-Source: ABdhPJzN4ayh97k8lJMRlJCRUNptJU8tO32d7JhPN53Qia8H2BV2eqlmCL1twr+fRJjRirLDaecyKQ== X-Received: by 2002:a37:6143:: with SMTP id v64mr5636637qkb.490.1604947987642; Mon, 09 Nov 2020 10:53:07 -0800 (PST) Received: from raichu ([142.126.164.150]) by smtp.gmail.com with ESMTPSA id c27sm6653945qkk.57.2020.11.09.10.53.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Nov 2020 10:53:06 -0800 (PST) Sender: Mark Johnston Date: Mon, 9 Nov 2020 13:53:04 -0500 From: Mark Johnston To: =?iso-8859-1?Q?=D6zkan?= KIRIK Cc: "freebsd-hackers@freebsd.org" Subject: Re: QAT driver Message-ID: <20201109185304.GB4990@raichu> References: <20201026200059.GA66299@raichu> <723fbd7326df42ce30cd5e361db9c736@neelc.org> <20201027032720.GB31663@raichu> <20201027125508.GD31663@raichu> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Rspamd-Queue-Id: 4CVKrN3ktqz3lJD X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; TAGGED_RCPT(0.00)[]; REPLY(-4.00)[] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Nov 2020 18:53:08 -0000 On Mon, Nov 09, 2020 at 09:44:40PM +0300, Özkan KIRIK wrote: > great job! thank you! > > Does the work supports Xeon D-2100 series ? (Exact model: Xeon D-2146NT) > Regards I'm not sure - could you provide the PCI ID for the QAT device in question? "pciconf -lv" output would be sufficient. I don't see distinct Xeon D-2XXX support in any open-source QAT drivers, so it's probably covered by one of the other device types. > On Fri, Oct 30, 2020 at 6:45 PM John Baldwin wrote: > > > On 10/27/20 2:15 PM, Rick Macklem wrote: > > > Mark Johnston wrote: > > >> On Tue, Oct 27, 2020 at 04:32:40AM +0000, Rick Macklem wrote: > > > [stuff snipped] > > >>> Can it be made to work with the KERN_TLS in head? > > >>> (KERN_TLS works fine for me using the ktls_ocf and aesni modules.) > > >>> I think it is only head and requires the patched OpenSSL3 that jhb@ > > >>> currently has. > > >> > > >> I hadn't looked at ktls_ocf.c before but at a glance it looks like it > > >> can make use of any hardware or software opencrypto driver that supports > > >> the requested algorithms. The qat(4) port implements the algorithms > > >> referenced by ktls_ocf_try(). > > > Well, if you were inspired to try it out, the basic doc for NFS-over-TLS > > is here: > > > https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt > > > (Same file is in base/projects/nfs-over-tls on subversion.) > > > For someone who is used to building/running head kernels, it should be > > > pretty straightforward. > > > > > > You could become the first tester in the whole wide world;-) rick > > > ps: Although the NFS code uses it in the kernel, I think that an > > application > > > that uses OpenSSL's SSL_read()/SSL_write via a patched OpenSSL > > library, > > > has the encrypt/decrypt done in the kernel and the userspace library > > > code just does socket I/O with unencrypted data. > > > pss: Hopefully jhb@ will correct me if I got this wrong. > > > > > >> I know nothing about it, except that it seems to work well, doing > > >> the TLS application data records in the kernel for a TCP socket > > >> enabled by the patched OpenSSL library. > > >> I've cc'd jhb@, so hopefully he can let us know what it needs? > > > > qat(4) should work with KERN_TLS. I've used ccr(4) with the KERN_TLS > > bits many times. It is a good throughput test, though you will need > > a fast network connection to really push it (e.g. with ccr(4) I've > > done about 50 Gbps of TLS traffic using nginx with the KTLS patches > > to use sendfile, so that requires a 100G NIC and/or two 40G NICs.) > > > > -- > > John Baldwin > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > >