-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: group chunks into TLS segments #27861
Conversation
test-http2-large-write-destroy is broken... I checked and there seems to be a bug in |
Benchmarks seem good!
Maybe too good? I'm worried I'm missing something... |
I suppose this is blocked until the bug in |
Benchmark results: 😮 |
Hmm, we can mark the test as flaky (which seems to be the case, i.e. it depends on a race condition) until the bug is fixed in |
/ping @nodejs/crypto |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, if CI is green. Great PR!
I've done some changes (basically, add a debug message if there's no data). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(My main hesitation has been that the benchmark results seem too good to be true!)
|
It's a race in the test, see the discussion at #27863. The test (at the server) writes data and then destroys the stream, and (at the client) it just waits for before -> stream is destroyed before written data can be sent, so the client emits after -> |
TLSWrap::DoWrite() now concatenates data chunks and makes a single call to SSL_write(). Grouping data into a single segment: - reduces network overhead: by factors of even 2 or 3 in usages like `http2` or `form-data` - improves security: segment lengths can reveal lots of info, i.e. with `form-data`, how many fields are sent and the approximate length of every individual field and its headers - reduces encryption overhead: a quick benchmark showed a ~30% CPU time decrease for an extreme case, see nodejs#27573 (comment) Fixes: nodejs#27573
2b2bcba
to
4ef156b
Compare
I've just rebased, this should now pass CI ^^ |
Landed in 28ec14f 🎉 |
TLSWrap::DoWrite() now concatenates data chunks and makes a single call to SSL_write(). Grouping data into a single segment: - reduces network overhead: by factors of even 2 or 3 in usages like `http2` or `form-data` - improves security: segment lengths can reveal lots of info, i.e. with `form-data`, how many fields are sent and the approximate length of every individual field and its headers - reduces encryption overhead: a quick benchmark showed a ~30% CPU time decrease for an extreme case, see #27573 (comment) Fixes: #27573 PR-URL: #27861 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Rich Trott <[email protected]>
@jmendeth Yeah, I only made the connection after this landed – #20263 isn’t about TLSSocket, but about us switching to implementing SecurePair on top of TLSSocket (because they ultimately provide the same functionality). And regarding the backport, there seems to be quite a large number of conflicts when cherry-picking the commit here directly, so it’s probably going to require a manual one. (There is a guide for how to do that here, if you would like to do so yourself – the tl;dr is, cherry-picking the commit, resolving conflicts and opening a PR against v10.x-staging.) We do have a general rule of a commit being released in the Current release line for 2 weeks before it gets released in LTS, so there’s no rush and it might be a good idea to wait and see if we can backport other TLS-related changes first (mostly @sam-github’s #25713 and my #26843). |
Oh, nice! I volunteer to open a backport PR of these three PRs if it's useful? |
Okay! |
TLSWrap::DoWrite() now concatenates data chunks and makes a single call to SSL_write(). Grouping data into a single segment: - reduces network overhead: by factors of even 2 or 3 in usages like `http2` or `form-data` - improves security: segment lengths can reveal lots of info, i.e. with `form-data`, how many fields are sent and the approximate length of every individual field and its headers - reduces encryption overhead: a quick benchmark showed a ~30% CPU time decrease for an extreme case, see #27573 (comment) Fixes: #27573 PR-URL: #27861 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Rich Trott <[email protected]>
TLSWrap::DoWrite() now concatenates data chunks and makes a single call to SSL_write(). Grouping data into a single segment: - reduces network overhead: by factors of even 2 or 3 in usages like `http2` or `form-data` - improves security: segment lengths can reveal lots of info, i.e. with `form-data`, how many fields are sent and the approximate length of every individual field and its headers - reduces encryption overhead: a quick benchmark showed a ~30% CPU time decrease for an extreme case, see nodejs#27573 (comment) Fixes: nodejs#27573 PR-URL: nodejs#27861 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Rich Trott <[email protected]>
TLSWrap::DoWrite() now concatenates data chunks and makes a single call to SSL_write(). Grouping data into a single segment: - reduces network overhead: by factors of even 2 or 3 in usages like `http2` or `form-data` - improves security: segment lengths can reveal lots of info, i.e. with `form-data`, how many fields are sent and the approximate length of every individual field and its headers - reduces encryption overhead: a quick benchmark showed a ~30% CPU time decrease for an extreme case, see #27573 (comment) Fixes: #27573 Backport-PR-URL: #28904 PR-URL: #27861 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]> Reviewed-By: Rich Trott <[email protected]>
TLSWrap::DoWrite()
now concatenates data chunks and makes a single call toSSL_write()
. Grouping data into a single segment:http2
orform-data
form-data
, how many fields are sent and the approximate length of every individual field and its headersFixes: #27573
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passes