Use gro_gells to trigger GRO and allow RPS on macsec traffic after decryption. Also, be sure to avoid clearing software offload features in macsec_fix_features(). Overall this increase TCP tput by 30% on recent h/w.
Signed-off-by: Paolo Abeni <pab...@redhat.com> Acked-by: Hannes Frederic Sowa <han...@stressinduktion.org> --- drivers/net/macsec.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 8bcd78f..0cbb935 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -18,6 +18,7 @@ #include <linux/rtnetlink.h> #include <net/genetlink.h> #include <net/sock.h> +#include <net/gro_cells.h> #include <uapi/linux/if_macsec.h> @@ -268,6 +269,7 @@ struct macsec_dev { struct net_device *real_dev; struct pcpu_secy_stats __percpu *stats; struct list_head secys; + struct gro_cells gro_cells; }; /** @@ -879,7 +881,7 @@ static void macsec_decrypt_done(struct crypto_async_request *base, int err) macsec_reset_skb(skb, macsec->secy.netdev); len = skb->len; - ret = netif_rx(skb); + ret = gro_cells_receive(&macsec->gro_cells, skb); if (ret == NET_RX_SUCCESS) count_rx(dev, len); else @@ -1052,6 +1054,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb) struct pcpu_rx_sc_stats *rxsc_stats; struct pcpu_secy_stats *secy_stats; bool pulled_sci; + int ret; if (skb_headroom(skb) < ETH_HLEN) goto drop_direct; @@ -1193,12 +1196,17 @@ deliver: if (rx_sa) macsec_rxsa_put(rx_sa); - count_rx(dev, skb->len); + + ret = gro_cells_receive(&macsec->gro_cells, skb); + if (ret == NET_RX_SUCCESS) + count_rx(dev, skb->len); + else + macsec->secy.netdev->stats.rx_dropped++; rcu_read_unlock(); - *pskb = skb; - return RX_HANDLER_ANOTHER; + *pskb = NULL; + return RX_HANDLER_CONSUMED; drop: macsec_rxsa_put(rx_sa); @@ -1218,7 +1226,6 @@ nosci: list_for_each_entry_rcu(macsec, &rxd->secys, secys) { struct sk_buff *nskb; - int ret; secy_stats = this_cpu_ptr(macsec->stats); @@ -2675,11 +2682,18 @@ static int macsec_dev_init(struct net_device *dev) { struct macsec_dev *macsec = macsec_priv(dev); struct net_device *real_dev = macsec->real_dev; + int err; dev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats); if (!dev->tstats) return -ENOMEM; + err = gro_cells_init(&macsec->gro_cells, dev); + if (err) { + free_percpu(dev->tstats); + return err; + } + dev->features = real_dev->features & MACSEC_FEATURES; dev->features |= NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE; @@ -2698,6 +2712,9 @@ static int macsec_dev_init(struct net_device *dev) static void macsec_dev_uninit(struct net_device *dev) { + struct macsec_dev *macsec = macsec_priv(dev); + + gro_cells_destroy(&macsec->gro_cells); free_percpu(dev->tstats); } @@ -2707,8 +2724,9 @@ static netdev_features_t macsec_fix_features(struct net_device *dev, struct macsec_dev *macsec = macsec_priv(dev); struct net_device *real_dev = macsec->real_dev; - features &= real_dev->features & MACSEC_FEATURES; - features |= NETIF_F_LLTX | NETIF_F_GSO_SOFTWARE; + features &= (real_dev->features & MACSEC_FEATURES) | + NETIF_F_GSO_SOFTWARE | NETIF_F_SOFT_FEATURES; + features |= NETIF_F_LLTX; return features; } -- 1.8.3.1