<div style="line-height:1.4">the constant value here is optimal for most cases, like another patch that optimizing ssl initial write buffer size for large certificate, I think having a knob at conf file did not make any difference.<br><br><br><br><br></div>On 2015-05-13 12:57 , <a href="mailto:mat999@gmail.com">SplitIce</a> Wrote: <br><br><blockquote id="ntes-andriodmail-quote" style="margin:0px;padding-left:1ex;border-left:#ccc 1px solid"><div dir="ltr">Good Job.<div><br></div><div>Perhaps rather than changing the constants, they could be exposed as configuration options?</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 13, 2015 at 12:28 PM, chen <span dir="ltr"><<a href="mailto:gzchenym@126.com" target="_blank">gzchenym@126.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div>1) we will have that fixed</div><div>2) no api is exposed by openssl that we can use to trigger a FLUSH, use SSL_write is what we can do. If we inspect the data using wireshark, you will find out that one SSL_write we result in one ssl record.</div><div>3) there are some old linux box that are still using IW4, </div><div><br></div><div>To Q2 specifically, BIO_flush we disrupt the internal state of ssl layer? And it will be better if we let ssl layer itself handle the bio stuff. <br><br><br><br><br></div><div><div class="h5"><div></div><div></div><div><br></div>At 2015-05-05 21:39:40, "chen" <<a href="mailto:gzchenym@126.com" target="_blank">gzchenym@126.com</a>> wrote:<br> <blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid"><div style="color:rgb(0,0,0);line-height:1.7;font-family:Arial;font-size:14px"><div style="color:rgb(0,0,0);line-height:1.7;font-family:Arial;font-size:14px"><div>Hi list:</div><div>This is v1 of the patchset the implementing the feature SSL Dynamic Record Sizing, inspiring by Google Front End (<a href="https://www.igvita.com/2013/10/24/optimizing-tls-record-size-and-buffering-latency/" target="_blank">https://www.igvita.com/2013/10/24/optimizing-tls-record-size-and-buffering-latency/</a>) .</div><div>There are 3 conditions, if true at the same time, may trigger SSL_write to send small record over the link, hard coded 1400 bytes at this time to keep it fit into MTU size. We just send out 3 of this small record at most to reduce framing overhead when serving large object, that is enough for browser to discovery other dependency of the page at top of html file. If the buffer chain is smaller than 4096 bytes, it will not justify the overhead of sending small record. After idle for 60s(hard coded at this moment), start all over again.</div><div><br></div><div>Any comments is welcome.</div><div><br></div><div>Regard</div><div>YM</div><div><br></div><div>hg export tip<br># HG changeset patch<br># User YM Chen <<a href="mailto:gzchenym@126.com" target="_blank">gzchenym@126.com</a>><br># Date 1430828974 -28800<br># Node ID 31bfe6403c340bdc4c04e8e87721736c07bceef8<br># Parent 162b2d27d4e1ce45bb9217d6958348c64f726a28<br>[RFC] event/openssl: Add dynamic record size support for serving ssl trafic</div><p>SSL Dynamic Record Sizing is a long sought after feature for website that serving<br>huge amount of encrypted traffic. The rational behide this is that SSL record should<br>not overflow the congestion window at the beginning of slow-start period and by doing<br>so, we can let the browser decode the first ssl record within 1 rtt and establish other<br>connections to fetch other resources that are referenced at the top of the html file.</p><p>diff -r 162b2d27d4e1 -r 31bfe6403c34 src/event/ngx_event_openssl.c<br>--- a/src/event/ngx_event_openssl.c Wed Apr 29 14:59:02 2015 +0300<br>+++ b/src/event/ngx_event_openssl.c Tue May 05 20:29:34 2015 +0800<br>@@ -1508,6 +1508,11 @@<br> ngx_uint_t flush;<br> ssize_t send, size;<br> ngx_buf_t *buf;<br>+ ngx_msec_t last_sent_timer_diff;<br>+ ngx_uint_t loop_count;<br>+<br>+ last_sent_timer_diff = ngx_current_msec - c->ssl->last_write_msec;<br>+ loop_count = 0;<br> <br> if (!c->ssl->buffer) {<br> <br>@@ -1517,7 +1522,13 @@<br> continue;<br> }<br> <br>- n = ngx_ssl_write(c, in->buf->pos, in->buf->last - in->buf->pos);<br>+ size = in->buf->last - in->buf->pos;<br>+<br>+ if(last_sent_timer_diff > 1000*60 && loop_count < 3 && size > 4096) {<br>+ size = 1400;<br>+ }<br>+<br>+ n = ngx_ssl_write(c, in->buf->pos, size);<br> <br> if (n == NGX_ERROR) {<br> return NGX_CHAIN_ERROR;<br>@@ -1532,8 +1543,11 @@<br> if (in->buf->pos == in->buf->last) {<br> in = in->next;<br> }<br>+<br>+ loop_count ++;<br> }<br> <br>+ c->ssl->last_write_msec = ngx_current_msec;<br> return in;<br> }<br> <br>@@ -1614,9 +1628,14 @@<br> if (size == 0) {<br> buf->flush = 0;<br> c->buffered &= ~NGX_SSL_BUFFERED;<br>+ c->ssl->last_write_msec = ngx_current_msec;<br> return in;<br> }<br> <br>+ if(last_sent_timer_diff > 1000*60 && loop_count < 3 && size > 4096) {<br>+ size = 1400;<br>+ }<br>+<br> n = ngx_ssl_write(c, buf->pos, size);<br> <br> if (n == NGX_ERROR) {<br>@@ -1633,14 +1652,18 @@<br> break;<br> }<br> <br>- flush = 0;<br>-<br>- buf->pos = buf->start;<br>- buf->last = buf->start;<br>+ if(buf->last == buf->pos) {<br>+ flush = 0;<br>+<br>+ buf->pos = buf->start;<br>+ buf->last = buf->start;<br>+ }<br> <br> if (in == NULL || send == limit) {<br> break;<br> }<br>+<br>+ loop_count++;<br> }<br> <br> buf->flush = flush;<br>@@ -1652,6 +1675,7 @@<br> c->buffered &= ~NGX_SSL_BUFFERED;<br> }<br> <br>+ c->ssl->last_write_msec = ngx_current_msec;<br> return in;<br> }<br> <br>diff -r 162b2d27d4e1 -r 31bfe6403c34 src/event/ngx_event_openssl.h<br>--- a/src/event/ngx_event_openssl.h Wed Apr 29 14:59:02 2015 +0300<br>+++ b/src/event/ngx_event_openssl.h Tue May 05 20:29:34 2015 +0800<br>@@ -51,6 +51,8 @@<br> ngx_buf_t *buf;<br> size_t buffer_size;<br> <br>+ ngx_msec_t last_write_msec;<br>+<br> ngx_connection_handler_pt handler;<br> <br> ngx_event_handler_pt saved_read_handler;</p></div><br><br><span title="neteasefooter"><span></span></span></div><br><br><span title="neteasefooter"><span></span></span></blockquote></div></div></div><br><br><span title="neteasefooter"><span></span></span><br>_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br></blockquote></div><br></div>
</blockquote><br><br><span title="neteasefooter"><span id="netease_mail_footer"></span></span>