tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

net/tls: add skeleton of MIB statistics

Add a skeleton structure for adding TLS statistics.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Jakub Kicinski and committed by
David S. Miller d26b698d 9ec1c6ac

+110 -1
+6
Documentation/networking/tls.rst
··· 213 213 of calling send directly after a handshake using gnutls. 214 214 Since it doesn't implement a full record layer, control 215 215 messages are not supported. 216 + 217 + Statistics 218 + ========== 219 + 220 + TLS implementation exposes the following per-namespace statistics 221 + (``/proc/net/tls_stat``):
+3
include/net/netns/mib.h
··· 24 24 #ifdef CONFIG_XFRM_STATISTICS 25 25 DEFINE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics); 26 26 #endif 27 + #if IS_ENABLED(CONFIG_TLS) 28 + DEFINE_SNMP_STAT(struct linux_tls_mib, tls_statistics); 29 + #endif 27 30 }; 28 31 29 32 #endif
+6
include/net/snmp.h
··· 111 111 unsigned long mibs[LINUX_MIB_XFRMMAX]; 112 112 }; 113 113 114 + /* Linux TLS */ 115 + #define LINUX_MIB_TLSMAX __LINUX_MIB_TLSMAX 116 + struct linux_tls_mib { 117 + unsigned long mibs[LINUX_MIB_TLSMAX]; 118 + }; 119 + 114 120 #define DEFINE_SNMP_STAT(type, name) \ 115 121 __typeof__(type) __percpu *name 116 122 #define DEFINE_SNMP_STAT_ATOMIC(type, name) \
+13
include/net/tls.h
··· 43 43 #include <linux/netdevice.h> 44 44 #include <linux/rcupdate.h> 45 45 46 + #include <net/net_namespace.h> 46 47 #include <net/tcp.h> 47 48 #include <net/strparser.h> 48 49 #include <crypto/aead.h> ··· 73 72 * Hence b0 contains (3 - 1) = 2. 74 73 */ 75 74 #define TLS_AES_CCM_IV_B0_BYTE 2 75 + 76 + #define __TLS_INC_STATS(net, field) \ 77 + __SNMP_INC_STATS((net)->mib.tls_statistics, field) 78 + #define TLS_INC_STATS(net, field) \ 79 + SNMP_INC_STATS((net)->mib.tls_statistics, field) 80 + #define __TLS_DEC_STATS(net, field) \ 81 + __SNMP_DEC_STATS((net)->mib.tls_statistics, field) 82 + #define TLS_DEC_STATS(net, field) \ 83 + SNMP_DEC_STATS((net)->mib.tls_statistics, field) 76 84 77 85 enum { 78 86 TLS_BASE, ··· 614 604 smp_mb__after_atomic(); 615 605 return ret; 616 606 } 607 + 608 + int __net_init tls_proc_init(struct net *net); 609 + void __net_exit tls_proc_fini(struct net *net); 617 610 618 611 int tls_proccess_cmsg(struct sock *sk, struct msghdr *msg, 619 612 unsigned char *record_type);
+7
include/uapi/linux/snmp.h
··· 323 323 __LINUX_MIB_XFRMMAX 324 324 }; 325 325 326 + /* linux TLS mib definitions */ 327 + enum 328 + { 329 + LINUX_MIB_TLSNUM = 0, 330 + __LINUX_MIB_TLSMAX 331 + }; 332 + 326 333 #endif /* _LINUX_SNMP_H */
+1 -1
net/tls/Makefile
··· 7 7 8 8 obj-$(CONFIG_TLS) += tls.o 9 9 10 - tls-y := tls_main.o tls_sw.o trace.o 10 + tls-y := tls_main.o tls_sw.o tls_proc.o trace.o 11 11 12 12 tls-$(CONFIG_TLS_TOE) += tls_toe.o 13 13 tls-$(CONFIG_TLS_DEVICE) += tls_device.o tls_device_fallback.o
+37
net/tls/tls_main.c
··· 41 41 #include <linux/inetdevice.h> 42 42 #include <linux/inet_diag.h> 43 43 44 + #include <net/snmp.h> 44 45 #include <net/tls.h> 45 46 #include <net/tls_toe.h> 46 47 ··· 796 795 return size; 797 796 } 798 797 798 + static int __net_init tls_init_net(struct net *net) 799 + { 800 + int err; 801 + 802 + net->mib.tls_statistics = alloc_percpu(struct linux_tls_mib); 803 + if (!net->mib.tls_statistics) 804 + return -ENOMEM; 805 + 806 + err = tls_proc_init(net); 807 + if (err) 808 + goto err_free_stats; 809 + 810 + return 0; 811 + err_free_stats: 812 + free_percpu(net->mib.tls_statistics); 813 + return err; 814 + } 815 + 816 + static void __net_exit tls_exit_net(struct net *net) 817 + { 818 + tls_proc_fini(net); 819 + free_percpu(net->mib.tls_statistics); 820 + } 821 + 822 + static struct pernet_operations tls_proc_ops = { 823 + .init = tls_init_net, 824 + .exit = tls_exit_net, 825 + }; 826 + 799 827 static struct tcp_ulp_ops tcp_tls_ulp_ops __read_mostly = { 800 828 .name = "tls", 801 829 .owner = THIS_MODULE, ··· 836 806 837 807 static int __init tls_register(void) 838 808 { 809 + int err; 810 + 811 + err = register_pernet_subsys(&tls_proc_ops); 812 + if (err) 813 + return err; 814 + 839 815 tls_sw_proto_ops = inet_stream_ops; 840 816 tls_sw_proto_ops.splice_read = tls_sw_splice_read; 841 817 ··· 855 819 { 856 820 tcp_unregister_ulp(&tcp_tls_ulp_ops); 857 821 tls_device_cleanup(); 822 + unregister_pernet_subsys(&tls_proc_ops); 858 823 } 859 824 860 825 module_init(tls_register);
+37
net/tls/tls_proc.c
··· 1 + // SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) 2 + /* Copyright (C) 2019 Netronome Systems, Inc. */ 3 + 4 + #include <linux/proc_fs.h> 5 + #include <linux/seq_file.h> 6 + #include <net/snmp.h> 7 + #include <net/tls.h> 8 + 9 + static const struct snmp_mib tls_mib_list[] = { 10 + SNMP_MIB_SENTINEL 11 + }; 12 + 13 + static int tls_statistics_seq_show(struct seq_file *seq, void *v) 14 + { 15 + unsigned long buf[LINUX_MIB_TLSMAX] = {}; 16 + struct net *net = seq->private; 17 + int i; 18 + 19 + snmp_get_cpu_field_batch(buf, tls_mib_list, net->mib.tls_statistics); 20 + for (i = 0; tls_mib_list[i].name; i++) 21 + seq_printf(seq, "%-32s\t%lu\n", tls_mib_list[i].name, buf[i]); 22 + 23 + return 0; 24 + } 25 + 26 + int __net_init tls_proc_init(struct net *net) 27 + { 28 + if (!proc_create_net_single("tls_stat", 0444, net->proc_net, 29 + tls_statistics_seq_show, NULL)) 30 + return -ENOMEM; 31 + return 0; 32 + } 33 + 34 + void __net_exit tls_proc_fini(struct net *net) 35 + { 36 + remove_proc_entry("tls_stat", net->proc_net); 37 + }