Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / ac78c4fd9d87c93bfb61c9c15182c9c0e38053f9^! / .
commitac78c4fd9d87c93bfb61c9c15182c9c0e38053f9[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Fri Mar 17 16:13:05 2023 +0100
committerWilly Tarreau <w@1wt.eu>Fri Mar 17 16:43:51 2023 +0100
tree5538b3dbd6cc993e22be00a4e5643a66d596be78
parent464fa06e9adbadc0c93fa5866d8fa4f55d69c2eb [diff]
MINOR: ssl-sock: pass the CO_SFL_MSG_MORE info down the stack

Despite having replaced the SSL BIOs to use our own raw_sock layer, we
still didn't exploit the CO_SFL_MSG_MORE flag which is pretty useful to
avoid sending incomplete packets. It's particularly important for SSL
since the extra overhead almost guarantees that each send() will be
followed by an incomplete (and often odd-sided) segment.

We already have an xprt_st set of flags to pass info to the various
layers, so let's just add a new one, SSL_SOCK_SEND_MORE, that is set
or cleared during ssl_sock_from_buf() to transfer the knowledge of
CO_SFL_MSG_MORE. This way we can recover this information and pass
it to raw_sock.

This alone is sufficient to increase by ~5-10% the H2 bandwidth over
SSL when multiple streams are used in parallel.

diff --git a/include/haproxy/ssl_sock-t.h b/include/haproxy/ssl_sock-t.h
index 661c700..022c574 100644
--- a/include/haproxy/ssl_sock-t.h
+++ b/include/haproxy/ssl_sock-t.h

@@ -49,6 +49,7 @@
 #define SSL_SOCK_ST_FL_16K_WBFSIZE  0x00000002
 #define SSL_SOCK_SEND_UNLIMITED     0x00000004
 #define SSL_SOCK_RECV_HEARTBEAT     0x00000008
+#define SSL_SOCK_SEND_MORE          0x00000010  /* set MSG_MORE at lower levels */
 
 /* bits 0xFFFFFF00 are reserved to store verify errors.
  * The CA en CRT error codes will be stored on 7 bits each

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index fa080d6..5993a72 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c

@@ -214,6 +214,7 @@
 {
 	struct buffer tmpbuf;
 	struct ssl_sock_ctx *ctx;
+	uint flags;
 	int ret;
 
 	ctx = BIO_get_data(h);
@@ -221,7 +222,8 @@
 	tmpbuf.area = (void *)(uintptr_t)buf;
 	tmpbuf.data = num;
 	tmpbuf.head = 0;
-	ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, 0);
+	flags = (ctx->xprt_st & SSL_SOCK_SEND_MORE) ? CO_SFL_MSG_MORE : 0;
+	ret = ctx->xprt->snd_buf(ctx->conn, ctx->xprt_ctx, &tmpbuf, num, flags);
 	if (ret == 0 && !(ctx->conn->flags & (CO_FL_ERROR | CO_FL_SOCK_WR_SH))) {
 		BIO_set_retry_write(h);
 		ret = -1;
@@ -6449,6 +6451,11 @@
 			ctx->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
 		}
 
+		if (try < count || flags & CO_SFL_MSG_MORE)
+			ctx->xprt_st |= SSL_SOCK_SEND_MORE;
+		else
+			ctx->xprt_st &= ~SSL_SOCK_SEND_MORE;
+
 #ifdef SSL_READ_EARLY_DATA_SUCCESS
 		if (!SSL_is_init_finished(ctx->ssl) && conn_is_back(conn)) {
 			unsigned int max_early;