net/tls: add statistics for installed sessions

Add SNMP stats for number of sockets with successfully
installed sessions.  Break them down to software and
hardware ones.  Note that if hardware offload fails
stack uses software implementation, and counts the
session appropriately.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/Documentation/networking/tls.rst b/Documentation/networking/tls.rst
index a6ee595630eda91f0be17156ce69bda08c737787..cfba587af5c95226251f41eab30cfdec7a3fbc72 100644 (file)
--- a/Documentation/networking/tls.rst
+++ b/Documentation/networking/tls.rst
@@ -219,3 +219,17 @@ Statistics
 
 TLS implementation exposes the following per-namespace statistics
 (``/proc/net/tls_stat``):
+
+- ``TlsCurrTxSw``, ``TlsCurrRxSw`` -
+  number of TX and RX sessions currently installed where host handles
+  cryptography
+
+- ``TlsCurrTxDevice``, ``TlsCurrRxDevice`` -
+  number of TX and RX sessions currently installed where NIC handles
+  cryptography
+
+- ``TlsTxSw``, ``TlsRxSw`` -
+  number of TX and RX sessions opened with host cryptography
+
+- ``TlsTxDevice``, ``TlsRxDevice`` -
+  number of TX and RX sessions opened with NIC cryptography

diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
index 4abd57948ad453a446a3f0e7a81199a7cb00e9d7..1b4613b5af70ea8f45622dcaedd525732ad7d722 100644 (file)
--- a/include/uapi/linux/snmp.h
+++ b/include/uapi/linux/snmp.h
@@ -327,6 +327,14 @@ enum
 enum
 {
        LINUX_MIB_TLSNUM = 0,
+       LINUX_MIB_TLSCURRTXSW,                  /* TlsCurrTxSw */
+       LINUX_MIB_TLSCURRRXSW,                  /* TlsCurrRxSw */
+       LINUX_MIB_TLSCURRTXDEVICE,              /* TlsCurrTxDevice */
+       LINUX_MIB_TLSCURRRXDEVICE,              /* TlsCurrRxDevice */
+       LINUX_MIB_TLSTXSW,                      /* TlsTxSw */
+       LINUX_MIB_TLSRXSW,                      /* TlsRxSw */
+       LINUX_MIB_TLSTXDEVICE,                  /* TlsTxDevice */
+       LINUX_MIB_TLSRXDEVICE,                  /* TlsRxDevice */
        __LINUX_MIB_TLSMAX
 };
 

diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 686eba0df5908d3fbcc19f7b8ed5e289a0499e94..f144b965704e7c682bb2896895637ec6f041f843 100644 (file)
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -286,14 +286,19 @@ static void tls_sk_proto_cleanup(struct sock *sk,
                kfree(ctx->tx.rec_seq);
                kfree(ctx->tx.iv);
                tls_sw_release_resources_tx(sk);
+               TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW);
        } else if (ctx->tx_conf == TLS_HW) {
                tls_device_free_resources_tx(sk);
+               TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE);
        }
 
-       if (ctx->rx_conf == TLS_SW)
+       if (ctx->rx_conf == TLS_SW) {
                tls_sw_release_resources_rx(sk);
-       else if (ctx->rx_conf == TLS_HW)
+               TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW);
+       } else if (ctx->rx_conf == TLS_HW) {
                tls_device_offload_cleanup_rx(sk);
+               TLS_DEC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE);
+       }
 }
 
 static void tls_sk_proto_close(struct sock *sk, long timeout)
@@ -534,19 +539,29 @@ static int do_tls_setsockopt_conf(struct sock *sk, char __user *optval,
        if (tx) {
                rc = tls_set_device_offload(sk, ctx);
                conf = TLS_HW;
-               if (rc) {
+               if (!rc) {
+                       TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXDEVICE);
+                       TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXDEVICE);
+               } else {
                        rc = tls_set_sw_offload(sk, ctx, 1);
                        if (rc)
                                goto err_crypto_info;
+                       TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSTXSW);
+                       TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRTXSW);
                        conf = TLS_SW;
                }
        } else {
                rc = tls_set_device_offload_rx(sk, ctx);
                conf = TLS_HW;
-               if (rc) {
+               if (!rc) {
+                       TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXDEVICE);
+                       TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXDEVICE);
+               } else {
                        rc = tls_set_sw_offload(sk, ctx, 0);
                        if (rc)
                                goto err_crypto_info;
+                       TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSRXSW);
+                       TLS_INC_STATS(sock_net(sk), LINUX_MIB_TLSCURRRXSW);
                        conf = TLS_SW;
                }
                tls_sw_strparser_arm(sk, ctx);

diff --git a/net/tls/tls_proc.c b/net/tls/tls_proc.c
index 4ecc7c35d2f711f2887f953dbce0f241dea8a251..1b1f3783badc2ef3f762732de93b57f1609cd58b 100644 (file)
--- a/net/tls/tls_proc.c
+++ b/net/tls/tls_proc.c
@@ -7,6 +7,14 @@
 #include <net/tls.h>
 
 static const struct snmp_mib tls_mib_list[] = {
+       SNMP_MIB_ITEM("TlsCurrTxSw", LINUX_MIB_TLSCURRTXSW),
+       SNMP_MIB_ITEM("TlsCurrRxSw", LINUX_MIB_TLSCURRRXSW),
+       SNMP_MIB_ITEM("TlsCurrTxDevice", LINUX_MIB_TLSCURRTXDEVICE),
+       SNMP_MIB_ITEM("TlsCurrRxDevice", LINUX_MIB_TLSCURRRXDEVICE),
+       SNMP_MIB_ITEM("TlsTxSw", LINUX_MIB_TLSTXSW),
+       SNMP_MIB_ITEM("TlsRxSw", LINUX_MIB_TLSRXSW),
+       SNMP_MIB_ITEM("TlsTxDevice", LINUX_MIB_TLSTXDEVICE),
+       SNMP_MIB_ITEM("TlsRxDevice", LINUX_MIB_TLSRXDEVICE),
        SNMP_MIB_SENTINEL
 };