maskit commented on code in PR #13284:
URL: https://github.com/apache/trafficserver/pull/13284#discussion_r3424297214


##########
src/iocore/net/unit_tests/benchmark_TLSCertCompression.cc:
##########
@@ -0,0 +1,317 @@
+/** @file
+
+  Microbenchmark for the TLS Certificate Compression cache.
+
+  Drives the production compression callbacks
+  (compression_func_zlib/_brotli/_zstd) and the cache attach/invalidate
+  helpers exported by inknet — no logic is duplicated here. The benchmark
+  measures the three states the cache toggles between, per algorithm:
+
+    - disabled : cache=false at registration; callback always compresses
+    - cold     : cache attached but empty (just invalidated); callback
+                 compresses and publishes a new Entry
+    - warm     : cache attached and populated; callback takes the
+                 acquire-load + memcpy fast path
+
+  Run only the benchmarks: ./test_net "[!benchmark]"
+
+  @section license License
+
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+ */
+
+#include "tscore/ink_config.h"
+
+#if HAVE_SSL_CTX_ADD_CERT_COMPRESSION_ALG
+
+#include "../TLSCertCompression.h"
+#include "../TLSCertCompression_zlib.h"
+#if HAVE_BROTLI_ENCODE_H
+#include "../TLSCertCompression_brotli.h"
+#endif
+#if HAVE_ZSTD_H
+#include "../TLSCertCompression_zstd.h"
+#endif
+#include "../SSLStats.h"
+
+#include <openssl/ssl.h>
+#include <openssl/bytestring.h>
+
+#include <catch2/catch_test_macros.hpp>
+#include <catch2/benchmark/catch_benchmark.hpp>
+
+#include <algorithm>
+#include <atomic>
+#include <chrono>
+#include <cstdint>
+#include <cstdio>
+#include <random>
+#include <thread>
+#include <vector>
+
+namespace
+{
+// Realistic size for a server leaf + 2 intermediates with RSA keys.
+constexpr size_t CERT_BLOB_SIZE = 3 * 1024;
+// Generous upper bound on compressed output; CBB will grow if needed.
+constexpr size_t CBB_INITIAL_CAPACITY = 8 * 1024;
+
+std::vector<uint8_t>
+make_cert_blob()
+{
+  // Mix of structured (DER-like repetition) and pseudo-random bytes so
+  // compression ratios are non-trivial. Fixed seed for reproducibility.
+  std::vector<uint8_t> blob(CERT_BLOB_SIZE);
+  std::mt19937         rng(0xC0FFEE);
+  for (size_t i = 0; i < blob.size(); ++i) {
+    blob[i] = (i % 4 == 0) ? static_cast<uint8_t>(i & 0xFF) : 
static_cast<uint8_t>(rng() & 0xFF);
+  }
+  return blob;
+}
+
+struct CtxBundle {
+  SSL_CTX *ctx{nullptr};
+  SSL     *ssl{nullptr};
+
+  CtxBundle(std::string const &alg, bool cache_enabled)
+  {
+    static bool stats_initialized = false;
+    if (!stats_initialized) {
+      SSLInitializeStatistics();
+      stats_initialized = true;
+    }
+    cert_compress_cache_init();
+    ctx = SSL_CTX_new(TLS_method());
+    REQUIRE(ctx != nullptr);
+    REQUIRE(register_certificate_compression_preference(ctx, {alg}, 
cache_enabled) == 1);
+    ssl = SSL_new(ctx);
+    REQUIRE(ssl != nullptr);
+  }
+  ~CtxBundle()
+  {
+    if (ssl) {
+      SSL_free(ssl);
+    }
+    if (ctx) {
+      SSL_CTX_free(ctx);
+    }
+  }
+  CtxBundle(CtxBundle const &)            = delete;
+  CtxBundle &operator=(CtxBundle const &) = delete;
+};
+
+// Single-shot compress through the production callback, into a fresh CBB.
+// Returns the compressed length.
+template <typename Fn>
+size_t
+run_callback(Fn fn, SSL *ssl, std::vector<uint8_t> const &input)
+{
+  CBB cbb;
+  CBB_init(&cbb, CBB_INITIAL_CAPACITY);
+  int rv = fn(ssl, &cbb, input.data(), input.size());

Review Comment:
   Fixed it



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to