This small series contains the two changes I've been working towards in the previous ~50 patches a couple of months ago.
The first major change is the optional "nopad" optimization. Currently TLS 1.3 Rx performs quite poorly because it does not support the "zero-copy" or rather direct decrypt to a user space buffer. Because of TLS 1.3 record padding we don't know if a record contains data or a control message until we decrypt it. Most records will contain data, tho, so the optimization is to try the decryption hoping its data and retry if it wasn't.
The performance gain from doing that is significant (~40%) but if I'm completely honest the major reason is that we call skb_cow_data() on the non-"zc" path. The next series will remove the CoW, dropping the gain to only ~10%.
The second change is to flush the backlog every 128kB.
Jakub Kicinski (5): tls: rx: don't include tail size in data_len tls: rx: support optimistic decrypt to user buffer with TLS 1.3 tls: rx: add sockopt for enabling optimistic decrypt with TLS 1.3 selftests: tls: add selftest variant for pad tls: rx: periodically flush socket backlog
Documentation/networking/tls.rst | 18 +++++++ include/linux/sockptr.h | 8 +++ include/net/tls.h | 3 ++ include/uapi/linux/snmp.h | 1 + include/uapi/linux/tls.h | 2 + net/core/sock.c | 1 + net/tls/tls_main.c | 75 +++++++++++++++++++++++++++ net/tls/tls_proc.c | 1 + net/tls/tls_sw.c | 84 ++++++++++++++++++++++++------- tools/testing/selftests/net/tls.c | 15 ++++++ 10 files changed, 191 insertions(+), 17 deletions(-)