> On Nov. 20, 2019, 3:53 a.m., Benjamin Mahler wrote: > > Are you aware of kTLS? > > > > E.g. https://blog.filippo.io/playing-with-kernel-tls-in-linux-4-13-and-go/ > > Greg Mann wrote: > Cool feature!! Although it landed in 4.13, so I don't think we could use > it? Sounds like it's also not full-featured enough to replace much > functionality here, it doesn't support handshakes or decryption: > ``` > Moreover, only encryption is supported, not decryption. This wasn't clear > to me until I failed to find the TLS_RX constant. > > These limitations are very good to contain complexity and attack surface, > but they mean that kTLS won't replace any userspace complexity as you still > need a TLS library to do the handshake, for all other cipher suites, and for > the receiving side of the connection. That makes kTLS purely a performance > feature. > ```
Ah sorry, I see why you left this on the `sendfile()` patch, that feature was added to facilitate improved `sendfile()` performance :) Would be cool, but seems hard for us to use if it only landed in 4.13? - Greg ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71790/#review218712 ----------------------------------------------------------- On Nov. 20, 2019, 12:29 a.m., Joseph Wu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71790/ > ----------------------------------------------------------- > > (Updated Nov. 20, 2019, 12:29 a.m.) > > > Review request for mesos, Benno Evers, Benjamin Mahler, Greg Mann, and Till > Toenshoff. > > > Bugs: MESOS-10010 > https://issues.apache.org/jira/browse/MESOS-10010 > > > Repository: mesos > > > Description > ------- > > This implements the SSL socket's sendfile method, which must read > the file (unlike the zero-copy os::sendfile). > > This also moves a test exercising sendfile from process_tests.cpp > into http_tests.cpp and parameterizes it for SSL and non-SSL. > > > Diffs > ----- > > 3rdparty/libprocess/src/ssl/socket_wrapper.cpp PRE-CREATION > 3rdparty/libprocess/src/tests/http_tests.cpp > 1433f3d09a72133fab1441be53562d508bc01682 > 3rdparty/libprocess/src/tests/process_tests.cpp > 05dc5ec2fdc74a989689e4378bef775bcf2b7a87 > > > Diff: https://reviews.apache.org/r/71790/diff/2/ > > > Testing > ------- > > cmake --build . --target libprocess-tests > libprocess-tests > > > Thanks, > > Joseph Wu > >
