Copilot commented on code in PR #13202:
URL: https://github.com/apache/trafficserver/pull/13202#discussion_r3359805874
##########
src/iocore/net/SSLNetVConnection.cc:
##########
@@ -737,18 +737,19 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite,
MIOBufferAccessor &buf
Dbg(dbg_ctl_ssl, "towrite=%" PRId64, towrite);
+ // Per-thread scratch to coalesce fragmented blocks into one SSL_write.
Reuse across
+ // connections is safe: a WANT_WRITE retry flushes SSL's own record buffer,
not this.
+ static thread_local char gather_buf[SSL_MAX_TLS_RECORD_SIZE];
+
ERR_clear_error();
do {
- // What is remaining left in the next block?
- l = buf.reader()->block_read_avail();
- char *current_block = buf.reader()->start();
+ IOBufferReader *reader = buf.reader();
- // check if to amount to write exceeds that in this buffer
+ // Unlike the per-block original, l may span blocks so it can be coalesced
below.
+ int64_t avail = reader->read_avail();
int64_t wavail = towrite - total_written;
- if (l > wavail) {
- l = wavail;
- }
+ l = (wavail < avail) ? wavail : avail;
Review Comment:
IOBufferReader::read_avail() walks the entire IOBufferBlock chain (O(n) in
block count). This function is on the TLS write hot-path, and switching from
per-block block_read_avail() to read_avail() can add significant overhead when
buffers are highly fragmented (ironically the exact case this change targets).
Consider using IOBufferReader::is_read_avail_more_than() to early-exit once the
desired threshold is met (e.g., up to one TLS record) and only fall back to
read_avail() when you actually need the exact total.
##########
src/iocore/net/SSLNetVConnection.cc:
##########
@@ -737,18 +737,19 @@ SSLNetVConnection::load_buffer_and_write(int64_t towrite,
MIOBufferAccessor &buf
Dbg(dbg_ctl_ssl, "towrite=%" PRId64, towrite);
+ // Per-thread scratch to coalesce fragmented blocks into one SSL_write.
Reuse across
+ // connections is safe: a WANT_WRITE retry flushes SSL's own record buffer,
not this.
+ static thread_local char gather_buf[SSL_MAX_TLS_RECORD_SIZE];
Review Comment:
The PR description says the optimization is to insert a buffered BIO on the
write side so multiple TLS records accumulate without syscalls and are flushed
once after the write loop. This change instead coalesces plaintext across
IOBuffer blocks before calling SSL_write(), and it does not change the
per-SSL_write BIO_flush() behavior in _ssl_write_buffer(). Please either update
the PR description to match the actual approach, or extend the implementation
to add the described buffered-BIO + single flush semantics.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
