From ed8db52539a8d8239a9a43bea53328d25eb47f0d Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Thu, 27 Feb 2020 04:32:51 +0000 Subject: session tls: improve app transports tx scheduling Type: improvement - allow apps to request rescheduling of tx events via SESSION_F_CUSTOM_TX flag - limit max burst per session custom tx dispatch In tls - use the new infra to reschedule tx events - use max burst bytes as upper limit to number of bytes to be encrypted Signed-off-by: Florin Coras Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c --- src/plugins/tlsmbedtls/tls_mbedtls.c | 9 +++++---- src/plugins/tlsopenssl/tls_openssl.c | 17 +++++++---------- src/plugins/tlspicotls/tls_picotls.c | 8 +++++--- 3 files changed, 17 insertions(+), 17 deletions(-) (limited to 'src/plugins') diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c index 7b722faf822..8ac736ae6f3 100644 --- a/src/plugins/tlsmbedtls/tls_mbedtls.c +++ b/src/plugins/tlsmbedtls/tls_mbedtls.c @@ -431,7 +431,7 @@ mbedtls_ctx_handshake_rx (tls_ctx_t * ctx) } static int -mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session) +mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session, u32 max_write) { mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx; u8 thread_index = ctx->c_thread_index; @@ -446,13 +446,14 @@ mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session) if (!deq_max) return 0; + deq_max = clib_min (deq_max, max_write); tls_session = session_get_from_handle (ctx->tls_session_handle); enq_max = svm_fifo_max_enqueue_prod (tls_session->tx_fifo); deq_now = clib_min (deq_max, TLS_CHUNK_SIZE); if (PREDICT_FALSE (enq_max == 0)) { - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; return 0; } @@ -462,7 +463,7 @@ mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session) wrote = mbedtls_ssl_write (&mc->ssl, mm->tx_bufs[thread_index], deq_now); if (wrote <= 0) { - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; return 0; } @@ -471,7 +472,7 @@ mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session) tls_add_vpp_q_tx_evt (tls_session); if (deq_now < deq_max) - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; return 0; } diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 43bb13ff967..935e0147e30 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -413,7 +413,7 @@ openssl_confirm_app_close (tls_ctx_t * ctx) } static inline int -openssl_ctx_write (tls_ctx_t * ctx, session_t * app_session) +openssl_ctx_write (tls_ctx_t * ctx, session_t * app_session, u32 max_write) { openssl_ctx_t *oc = (openssl_ctx_t *) ctx; int wrote = 0, read, max_buf = 4 * TLS_CHUNK_SIZE, max_space; @@ -427,6 +427,8 @@ openssl_ctx_write (tls_ctx_t * ctx, session_t * app_session) if (!deq_max) goto check_tls_fifo; + deq_max = clib_min (deq_max, max_write); + /* Figure out how much data to write */ max_space = max_buf - BIO_ctrl_pending (oc->rbio); max_space = (max_space < 0) ? 0 : max_space; @@ -434,17 +436,11 @@ openssl_ctx_write (tls_ctx_t * ctx, session_t * app_session) wrote = openssl_write_from_fifo_into_ssl (f, oc->ssl, to_write); if (!wrote) - { - tls_add_vpp_q_builtin_tx_evt (app_session); - goto check_tls_fifo; - } + goto check_tls_fifo; if (svm_fifo_needs_deq_ntf (f, wrote)) session_dequeue_notify (app_session); - if (svm_fifo_max_dequeue_cons (f)) - tls_add_vpp_q_builtin_tx_evt (app_session); - check_tls_fifo: if (BIO_ctrl_pending (oc->rbio) <= 0) @@ -455,14 +451,15 @@ check_tls_fifo: read = openssl_read_from_bio_into_fifo (tls_session->tx_fifo, oc->rbio); if (!read) { - tls_add_vpp_q_builtin_tx_evt (app_session); + /* Request tx reschedule of the app session */ + app_session->flags |= SESSION_F_CUSTOM_TX; return wrote; } tls_add_vpp_q_tx_evt (tls_session); if (BIO_ctrl_pending (oc->rbio) > 0) - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; else if (ctx->app_closed) openssl_confirm_app_close (ctx); diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index 17834e3e051..a9eea333779 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -410,7 +410,7 @@ picotls_content_process (picotls_ctx_t * ptls_ctx, svm_fifo_t * src_fifo, } static inline int -picotls_ctx_write (tls_ctx_t * ctx, session_t * app_session) +picotls_ctx_write (tls_ctx_t * ctx, session_t * app_session, u32 max_write) { picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx; u32 deq_max, deq_now; @@ -457,13 +457,15 @@ picotls_ctx_write (tls_ctx_t * ctx, session_t * app_session) deq_max = svm_fifo_max_dequeue_cons (app_tx_fifo); if (!deq_max) return deq_max; + + deq_max = clib_min (deq_max, max_write); deq_now = clib_min (deq_max, svm_fifo_max_read_chunk (app_tx_fifo)); enq_max = svm_fifo_max_enqueue_prod (tls_tx_fifo); /** There is no engough enqueue space for one record **/ if (enq_max <= record_overhead) { - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; return 0; } @@ -506,7 +508,7 @@ picotls_ctx_write (tls_ctx_t * ctx, session_t * app_session) tls_add_vpp_q_tx_evt (tls_session); if (from_app_len < deq_max || TLS_WRITE_IS_LEFT (ptls_ctx)) - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; if (ctx->app_closed) picotls_app_close (ctx); -- cgit 1.2.3-korg