NFS: Request use of TCP_USE_DDP for in-kernel TCP sockets

Since this is an optimization, ignore failures to enable the option. For the server side, defer enabling DDP until the first non-NULLPROC RPC is received. This allows TLS handling (which uses NULLPROC RPCs) to enable TLS offload first. Reviewed by: rmacklem Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D44002
2024-11-26 20:12:44 +00:00 · 2024-03-20 15:29:51 -07:00 · 2024-03-20 15:29:51 -07:00 · a16ff32f04
commit a16ff32f04
parent eba13bbc37
3 changed files with 29 additions and 0 deletions
--- a/sys/rpc/clnt_rc.c
+++ b/sys/rpc/clnt_rc.c
@ -42,6 +42,8 @@
 #include <sys/time.h>
 #include <sys/uio.h>

+#include <netinet/tcp.h>
+
 #include <rpc/rpc.h>
 #include <rpc/rpc_com.h>
 #include <rpc/krpc.h>
@ -212,6 +214,12 @@ clnt_reconnect_connect(CLIENT *cl)
 				goto out;
 			}
 		}
+		if (newclient != NULL) {
+			int optval = 1;
+
+			(void)so_setsockopt(so, IPPROTO_TCP, TCP_USE_DDP,
+			    &optval, sizeof(optval));
+		}
 		if (newclient != NULL && rc->rc_reconcall != NULL)
 			(*rc->rc_reconcall)(newclient, rc->rc_reconarg,
 			    rc->rc_ucred);
--- a/sys/rpc/svc.c
+++ b/sys/rpc/svc.c
@ -50,6 +50,7 @@
 #include <sys/mbuf.h>
 #include <sys/mutex.h>
 #include <sys/proc.h>
+#include <sys/protosw.h>
 #include <sys/queue.h>
 #include <sys/socketvar.h>
 #include <sys/systm.h>
@ -57,6 +58,8 @@
 #include <sys/sx.h>
 #include <sys/ucred.h>

+#include <netinet/tcp.h>
+
 #include <rpc/rpc.h>
 #include <rpc/rpcb_clnt.h>
 #include <rpc/replay.h>
@ -987,6 +990,23 @@ svc_getreq(SVCXPRT *xprt, struct svc_req **rqstp_ret)
 			goto call_done;
 		}

+		/*
+		 * Defer enabling DDP until the first non-NULLPROC RPC
+		 * is received to allow STARTTLS authentication to
+		 * enable TLS offload first.
+		 */
+		if (xprt->xp_doneddp == 0 && r->rq_proc != NULLPROC &&
+		    atomic_cmpset_int(&xprt->xp_doneddp, 0, 1)) {
+			if (xprt->xp_socket->so_proto->pr_protocol ==
+			    IPPROTO_TCP) {
+				int optval = 1;
+
+				(void)so_setsockopt(xprt->xp_socket,
+				    IPPROTO_TCP, TCP_USE_DDP, &optval,
+				    sizeof(optval));
+			}
+		}
+
 		/*
 		 * Everything checks out, return request to caller.
 		 */
--- a/sys/rpc/svc.h
+++ b/sys/rpc/svc.h
@ -185,6 +185,7 @@ typedef struct __rpc_svcxprt {
 	int		xp_ngrps;	/* Cred. from TLS cert. */
 	uid_t		xp_uid;
 	gid_t		*xp_gidp;
+	int		xp_doneddp;
 #else
 	int		xp_fd;
 	u_short		xp_port;	 /* associated port number */