From: Willy Tarreau Date: Tue, 11 Jul 2017 12:38:39 +0000 (+0200) Subject: OPTIM: ssl: don't consider a small ssl_read() as an indication of end of buffer X-Git-Tag: v1.8-dev3~246 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7784f1739c740ff5a9958906bf5ddd1d75b36f60;p=thirdparty%2Fhaproxy.git OPTIM: ssl: don't consider a small ssl_read() as an indication of end of buffer In ssl_sock_to_buf(), when we face a small read, we used to consider it as an indication for the end of incoming data, as is the case with plain text. The problem is that here it's quite different, SSL records are returned at once so doing so make us wake all the upper layers for each and every record. Given that SSL records are 16kB by default, this is rarely observed unless the protocol employs small records or the buffers are increased. But with 64kB buffers while trying to deal with HTTP/2 frames, the exchanges are obviously suboptimal as there are two messages per frame (one for the frame header and another one for the frame payload), causing the H2 parser to be woken up half of the times without being able to proceed : try=65536 ret=45 try=65536 ret=16384 try=49152 ret=9 try=49143 ret=16384 try=32759 ret=9 try=32750 ret=16384 try=16366 ret=9 try=32795 ret=27 try=49161 ret=9 try=49152 ret=16384 try=49116 ret=9 try=49107 ret=16384 try=32723 ret=9 try=32714 ret=16384 try=16330 ret=9 try=32831 ret=63 try=49161 ret=9 try=49152 ret=16384 try=49080 ret=9 try=49071 ret=2181 With this change, the buffer can safely be filled with all pending frames at once when they are available. --- diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 19cc52610b..b53779db7b 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4875,8 +4875,6 @@ static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int coun if (ret > 0) { buf->i += ret; done += ret; - if (ret < try) - break; count -= ret; } else if (ret == 0) {