tls svm: prealloc tcp fifo chunks before ssl write

Type: improvement Signed-off-by: Florin Coras <fcoras@cisco.com> Change-Id: I7c47b55ec6f0c83f2d13e0e737d0559a32f7c837
author: Florin Coras <fcoras@cisco.com> 2021-05-19 19:28:40 -0700
committer: Damjan Marion <dmarion@me.com> 2021-05-20 10:03:57 +0000
commit: e3c6a54995b052045709b1d80039eede1757f43f (patch)
tree: 0be3cb21df3fc374f5f1ee70de47ae997d384de7 /src/plugins/tlsopenssl
parent: 05bc33c15d814409933d741f6c88c450c4392fc9 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c
index dd0f96ad4f9..7a840f11b4a 100644
--- a/src/plugins/tlsopenssl/tls_openssl.c
+++ b/src/plugins/tlsopenssl/tls_openssl.c
@@ -382,6 +382,13 @@ openssl_ctx_write_tls (tls_ctx_t *ctx, session_t *app_session,
 
   deq_max = clib_min (deq_max, sp->max_burst_size);
 
+  /* Make sure tcp's tx fifo can actually buffer all bytes to be dequeued.
+   * If under memory pressure, tls's fifo segment might not be able to
+   * allocate the chunks needed. This also avoids errors from the underlying
+   * custom bio to the ssl infra which at times can get stuck. */
+  if (svm_fifo_provision_chunks (ts->tx_fifo, 0, 0, deq_max + TLSO_CTRL_BYTES))
+    goto check_tls_fifo;
+
   wrote = openssl_write_from_fifo_into_ssl (f, oc->ssl, deq_max);
   if (!wrote)
     goto check_tls_fifo;
author	Florin Coras <fcoras@cisco.com>	2021-05-19 19:28:40 -0700
committer	Damjan Marion <dmarion@me.com>	2021-05-20 10:03:57 +0000
commit	e3c6a54995b052045709b1d80039eede1757f43f (patch)
tree	0be3cb21df3fc374f5f1ee70de47ae997d384de7 /src/plugins/tlsopenssl
parent	05bc33c15d814409933d741f6c88c450c4392fc9 (diff)