Hi Ping, Much appreciated! Please check the comments. There are a few things that still need to be ironed out, but once those are handled, it should be good to be merged.
Cheers, Florin > On Aug 12, 2018, at 10:01 PM, Yu, Ping <ping...@intel.com> wrote: > > Hi, Florin, > > Based on this discuss, I have submitted a code review #14156 for this. Please > help review it. > > The main change is: > 1) Add a point in ctx_id to point engine specific data, and point to a > openssl_tls_ctx data structure. > 2) Add 2 engine specific API such for start listen and stop listen. > 3) CPS performance has been improved around 30% after this patch. > 4) Main implementation in openssl, and will not break mbedtls. > > Thanks > Ping > <> > <>From: vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io> > [mailto:vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io>] On Behalf Of Yu, > Ping > Sent: Thursday, July 26, 2018 9:26 AM > To: Florin Coras (fcoras) <fco...@cisco.com <mailto:fco...@cisco.com>>; > vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io> > Cc: Yu, Ping <ping...@intel.com <mailto:ping...@intel.com>> > Subject: Re: [vpp-dev] tls init server is too heavy > > That’s great. I will implement it and submit patch for this optimization. > > Ping > > From: Florin Coras (fcoras) [mailto:fco...@cisco.com > <mailto:fco...@cisco.com>] > Sent: Thursday, July 26, 2018 1:01 AM > To: Yu, Ping <ping...@intel.com <mailto:ping...@intel.com>>; > vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io> > Subject: Re: tls init server is too heavy > > Hi Ping, > > The plan you proposed sounds great, so definitely go for it! You’ll have to > find a place to store a pointer to the shared engine-generated context (i.e., > ssl_ctx) in the generic listener context. If no obvious field is available, > maybe you can abuse the ctx_id since we still have space there (note that > it’s limited to 42B). > > Let me know how it goes! > > Cheers, > Florin > > From: "Yu, Ping" <ping...@intel.com <mailto:ping...@intel.com>> > Date: Wednesday, July 25, 2018 at 9:13 AM > To: "Florin Coras (fcoras)" <fco...@cisco.com <mailto:fco...@cisco.com>>, > "vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io>" <vpp-dev@lists.fd.io > <mailto:vpp-dev@lists.fd.io>> > Cc: "Yu, Ping" <ping...@intel.com <mailto:ping...@intel.com>> > Subject: tls init server is too heavy > > Hello, Florin > > In current TLS openssl implementation, in each accepted TLS session, > openssl_ctx_init_server needs to re-init ssl_ctx, and set key and > certificate, which actually is not necessary, and normally one-time > initialization is good enough. After I change this initialization to run only > once, I can get around 20~30% performance improvement for CPS. > I am now considering to re-architect this initialization, and one possible > point is to move this to tls_start_listen. A generic tls_ssl_ctx_init can be > the interface, then it will call engine specific, such as openssl ssl_ctx > initialization afterward. How do you think? > > Thanks > Ping > > > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#10109): https://lists.fd.io/g/vpp-dev/message/10109 > <https://lists.fd.io/g/vpp-dev/message/10109> > Mute This Topic: https://lists.fd.io/mt/23814247/675152 > <https://lists.fd.io/mt/23814247/675152> > Group Owner: vpp-dev+ow...@lists.fd.io <mailto:vpp-dev+ow...@lists.fd.io> > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub > <https://lists.fd.io/g/vpp-dev/unsub> [fcoras.li...@gmail.com > <mailto:fcoras.li...@gmail.com>] > -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10125): https://lists.fd.io/g/vpp-dev/message/10125 Mute This Topic: https://lists.fd.io/mt/23814247/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-