From ed8db52539a8d8239a9a43bea53328d25eb47f0d Mon Sep 17 00:00:00 2001 From: Florin Coras Date: Thu, 27 Feb 2020 04:32:51 +0000 Subject: [PATCH] session tls: improve app transports tx scheduling Type: improvement - allow apps to request rescheduling of tx events via SESSION_F_CUSTOM_TX flag - limit max burst per session custom tx dispatch In tls - use the new infra to reschedule tx events - use max burst bytes as upper limit to number of bytes to be encrypted Signed-off-by: Florin Coras Change-Id: I544a5a3337af7ebdff3406b776adf30cf96ebf3c --- src/plugins/tlsmbedtls/tls_mbedtls.c | 9 +++++---- src/plugins/tlsopenssl/tls_openssl.c | 17 +++++++---------- src/plugins/tlspicotls/tls_picotls.c | 8 +++++--- src/vnet/session/session_node.c | 30 ++++++++++++++++++++++++++---- src/vnet/session/transport.h | 1 + src/vnet/tls/tls.c | 22 +++++++++------------- src/vnet/tls/tls.h | 2 +- 7 files changed, 54 insertions(+), 35 deletions(-) diff --git a/src/plugins/tlsmbedtls/tls_mbedtls.c b/src/plugins/tlsmbedtls/tls_mbedtls.c index 7b722faf822..8ac736ae6f3 100644 --- a/src/plugins/tlsmbedtls/tls_mbedtls.c +++ b/src/plugins/tlsmbedtls/tls_mbedtls.c @@ -431,7 +431,7 @@ mbedtls_ctx_handshake_rx (tls_ctx_t * ctx) } static int -mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session) +mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session, u32 max_write) { mbedtls_ctx_t *mc = (mbedtls_ctx_t *) ctx; u8 thread_index = ctx->c_thread_index; @@ -446,13 +446,14 @@ mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session) if (!deq_max) return 0; + deq_max = clib_min (deq_max, max_write); tls_session = session_get_from_handle (ctx->tls_session_handle); enq_max = svm_fifo_max_enqueue_prod (tls_session->tx_fifo); deq_now = clib_min (deq_max, TLS_CHUNK_SIZE); if (PREDICT_FALSE (enq_max == 0)) { - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; return 0; } @@ -462,7 +463,7 @@ mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session) wrote = mbedtls_ssl_write (&mc->ssl, mm->tx_bufs[thread_index], deq_now); if (wrote <= 0) { - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; return 0; } @@ -471,7 +472,7 @@ mbedtls_ctx_write (tls_ctx_t * ctx, session_t * app_session) tls_add_vpp_q_tx_evt (tls_session); if (deq_now < deq_max) - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; return 0; } diff --git a/src/plugins/tlsopenssl/tls_openssl.c b/src/plugins/tlsopenssl/tls_openssl.c index 43bb13ff967..935e0147e30 100644 --- a/src/plugins/tlsopenssl/tls_openssl.c +++ b/src/plugins/tlsopenssl/tls_openssl.c @@ -413,7 +413,7 @@ openssl_confirm_app_close (tls_ctx_t * ctx) } static inline int -openssl_ctx_write (tls_ctx_t * ctx, session_t * app_session) +openssl_ctx_write (tls_ctx_t * ctx, session_t * app_session, u32 max_write) { openssl_ctx_t *oc = (openssl_ctx_t *) ctx; int wrote = 0, read, max_buf = 4 * TLS_CHUNK_SIZE, max_space; @@ -427,6 +427,8 @@ openssl_ctx_write (tls_ctx_t * ctx, session_t * app_session) if (!deq_max) goto check_tls_fifo; + deq_max = clib_min (deq_max, max_write); + /* Figure out how much data to write */ max_space = max_buf - BIO_ctrl_pending (oc->rbio); max_space = (max_space < 0) ? 0 : max_space; @@ -434,17 +436,11 @@ openssl_ctx_write (tls_ctx_t * ctx, session_t * app_session) wrote = openssl_write_from_fifo_into_ssl (f, oc->ssl, to_write); if (!wrote) - { - tls_add_vpp_q_builtin_tx_evt (app_session); - goto check_tls_fifo; - } + goto check_tls_fifo; if (svm_fifo_needs_deq_ntf (f, wrote)) session_dequeue_notify (app_session); - if (svm_fifo_max_dequeue_cons (f)) - tls_add_vpp_q_builtin_tx_evt (app_session); - check_tls_fifo: if (BIO_ctrl_pending (oc->rbio) <= 0) @@ -455,14 +451,15 @@ check_tls_fifo: read = openssl_read_from_bio_into_fifo (tls_session->tx_fifo, oc->rbio); if (!read) { - tls_add_vpp_q_builtin_tx_evt (app_session); + /* Request tx reschedule of the app session */ + app_session->flags |= SESSION_F_CUSTOM_TX; return wrote; } tls_add_vpp_q_tx_evt (tls_session); if (BIO_ctrl_pending (oc->rbio) > 0) - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; else if (ctx->app_closed) openssl_confirm_app_close (ctx); diff --git a/src/plugins/tlspicotls/tls_picotls.c b/src/plugins/tlspicotls/tls_picotls.c index 17834e3e051..a9eea333779 100644 --- a/src/plugins/tlspicotls/tls_picotls.c +++ b/src/plugins/tlspicotls/tls_picotls.c @@ -410,7 +410,7 @@ picotls_content_process (picotls_ctx_t * ptls_ctx, svm_fifo_t * src_fifo, } static inline int -picotls_ctx_write (tls_ctx_t * ctx, session_t * app_session) +picotls_ctx_write (tls_ctx_t * ctx, session_t * app_session, u32 max_write) { picotls_ctx_t *ptls_ctx = (picotls_ctx_t *) ctx; u32 deq_max, deq_now; @@ -457,13 +457,15 @@ picotls_ctx_write (tls_ctx_t * ctx, session_t * app_session) deq_max = svm_fifo_max_dequeue_cons (app_tx_fifo); if (!deq_max) return deq_max; + + deq_max = clib_min (deq_max, max_write); deq_now = clib_min (deq_max, svm_fifo_max_read_chunk (app_tx_fifo)); enq_max = svm_fifo_max_enqueue_prod (tls_tx_fifo); /** There is no engough enqueue space for one record **/ if (enq_max <= record_overhead) { - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; return 0; } @@ -506,7 +508,7 @@ picotls_ctx_write (tls_ctx_t * ctx, session_t * app_session) tls_add_vpp_q_tx_evt (tls_session); if (from_app_len < deq_max || TLS_WRITE_IS_LEFT (ptls_ctx)) - tls_add_vpp_q_builtin_tx_evt (app_session); + app_session->flags |= SESSION_F_CUSTOM_TX; if (ctx->app_closed) picotls_app_close (ctx); diff --git a/src/vnet/session/session_node.c b/src/vnet/session/session_node.c index c2a6ec921af..30eca1e6577 100644 --- a/src/vnet/session/session_node.c +++ b/src/vnet/session/session_node.c @@ -1066,15 +1066,37 @@ session_tx_fifo_dequeue_and_snd (session_worker_t * wrk, int session_tx_fifo_dequeue_internal (session_worker_t * wrk, vlib_node_runtime_t * node, - session_evt_elt_t * e, int *n_tx_packets) + session_evt_elt_t * elt, int *n_tx_packets) { session_t *s = wrk->ctx.s; + u32 n_packets, max_pkts; if (PREDICT_FALSE (s->session_state >= SESSION_STATE_TRANSPORT_CLOSED)) return 0; - svm_fifo_unset_event (s->tx_fifo); - return transport_custom_tx (session_get_transport_proto (s), s, - VLIB_FRAME_SIZE - *n_tx_packets); + + /* Clear custom-tx flag used to request reschedule for tx */ + s->flags &= ~SESSION_F_CUSTOM_TX; + + max_pkts = clib_min (VLIB_FRAME_SIZE - *n_tx_packets, + TRANSPORT_PACER_MAX_BURST_PKTS); + n_packets = transport_custom_tx (session_get_transport_proto (s), s, + max_pkts); + *n_tx_packets -= n_packets; + + if (svm_fifo_max_dequeue_cons (s->tx_fifo) + || (s->flags & SESSION_F_CUSTOM_TX)) + { + session_evt_add_old (wrk, elt); + } + else + { + svm_fifo_unset_event (s->tx_fifo); + if (svm_fifo_max_dequeue_cons (s->tx_fifo)) + if (svm_fifo_set_event (s->tx_fifo)) + session_evt_add_head_old (wrk, elt); + } + + return n_packets; } always_inline session_t * diff --git a/src/vnet/session/transport.h b/src/vnet/session/transport.h index 53a0dd6c14e..6dc6984cdf4 100644 --- a/src/vnet/session/transport.h +++ b/src/vnet/session/transport.h @@ -22,6 +22,7 @@ #define TRANSPORT_PACER_MIN_MSS 1460 #define TRANSPORT_PACER_MIN_BURST TRANSPORT_PACER_MIN_MSS #define TRANSPORT_PACER_MAX_BURST (43 * TRANSPORT_PACER_MIN_MSS) +#define TRANSPORT_PACER_MAX_BURST_PKTS 43 #define TRANSPORT_PACER_MIN_IDLE 100 #define TRANSPORT_PACER_IDLE_FACTOR 0.05 diff --git a/src/vnet/tls/tls.c b/src/vnet/tls/tls.c index 7a172b88928..d0552dc6f3b 100644 --- a/src/vnet/tls/tls.c +++ b/src/vnet/tls/tls.c @@ -74,15 +74,6 @@ tls_add_vpp_q_tx_evt (session_t * s) return 0; } -int -tls_add_vpp_q_builtin_tx_evt (session_t * s) -{ - if (svm_fifo_set_event (s->tx_fifo)) - session_send_io_evt_to_thread_custom (s, s->thread_index, - SESSION_IO_EVT_BUILTIN_TX); - return 0; -} - static inline int tls_add_app_q_evt (app_worker_t * app, session_t * app_session) { @@ -316,9 +307,14 @@ tls_ctx_init_client (tls_ctx_t * ctx) } static inline int -tls_ctx_write (tls_ctx_t * ctx, session_t * app_session) +tls_ctx_write (tls_ctx_t * ctx, session_t * app_session, u32 max_burst_size) { - return tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session); + u32 max_write, n_wrote; + + max_write = max_burst_size * TRANSPORT_PACER_MIN_MSS; + n_wrote = tls_vfts[ctx->tls_ctx_engine].ctx_write (ctx, app_session, + max_write); + return n_wrote > 0 ? clib_max (n_wrote / TRANSPORT_PACER_MIN_MSS, 1) : 0; } static inline int @@ -726,7 +722,7 @@ tls_custom_tx_callback (void *session, u32 max_burst_size) return 0; ctx = tls_ctx_get (app_session->connection_index); - tls_ctx_write (ctx, app_session); + tls_ctx_write (ctx, app_session, max_burst_size); return 0; } @@ -890,7 +886,7 @@ tls_init (vlib_main_t * vm) { u32 add_segment_size = 256 << 20, first_seg_size = 32 << 20; vlib_thread_main_t *vtm = vlib_get_thread_main (); - u32 num_threads, fifo_size = 128 << 10; + u32 num_threads, fifo_size = 128 << 12; vnet_app_attach_args_t _a, *a = &_a; u64 options[APP_OPTIONS_N_OPTIONS]; tls_main_t *tm = &tls_main; diff --git a/src/vnet/tls/tls.h b/src/vnet/tls/tls.h index 1281e3d62c9..2d09b291aa7 100644 --- a/src/vnet/tls/tls.h +++ b/src/vnet/tls/tls.h @@ -110,7 +110,7 @@ typedef struct tls_engine_vft_ int (*ctx_init_client) (tls_ctx_t * ctx); int (*ctx_init_server) (tls_ctx_t * ctx); int (*ctx_read) (tls_ctx_t * ctx, session_t * tls_session); - int (*ctx_write) (tls_ctx_t * ctx, session_t * app_session); + int (*ctx_write) (tls_ctx_t * ctx, session_t * app_session, u32 max_write); u8 (*ctx_handshake_is_over) (tls_ctx_t * ctx); int (*ctx_start_listen) (tls_ctx_t * ctx); int (*ctx_stop_listen) (tls_ctx_t * ctx); -- 2.16.6