[PATCH] Add support for using sendfile when openssl support ktls

ben ben ishay benishay at mellanox.com
Wed Apr 10 11:45:52 UTC 2019 

# HG changeset patch
# User ben ben ishay <benishay at mellanox.com>
# Date 1554896607 -10800
#      Wed Apr 10 14:43:27 2019 +0300
# Node ID 87938decdb98bf4a06ed18002a15156a5e8fbd67
# Parent  65074e13f1716e09c28d730586babad7930b7a98
Add support for using sendfile when openssl support ktls

when we need to transfer data between file and socket we prefer to use sendfile instead of write because we save the copy to a buffer.
the use of sendfile is possible in openssl only if it support ktls(the master of openssl support ktls) otherwise there is a copy of the data to userspace for encryption in any case (this paper explain this https://netdevconf.org/1.2/papers/ktls.pdf ).
the patch  change the flow when the request is to send data over ssl and also the nginx use openssl that support ktls, the new flow using the sendfile function that tcp use for send data (ngx_linux_sendfile_chain).
the performence with this patch applied was check with apib benchmark(https://github.com/apigee/apib), one machine run nginx and the other machine that connect back to back to the first one run apib with this comand: ./apib -c <num of connection> -d 30 https://<ip address>/<file name to send>.
the file size was 100K.

the result display  in this table , each value represnt average throughput in GBps of 10 runs.

num of connection   | regular nginx  | new nginx
	1		5		5.2
	2		7.5		8.5
	3		7.7		9

this result prove that this patch increase nginx performance and thus is useful.

diff -r 65074e13f171 -r 87938decdb98 auto/feature
--- a/auto/feature	Tue Mar 26 09:33:57 2019 +0300
+++ b/auto/feature	Wed Apr 10 14:43:27 2019 +0300
@@ -41,6 +41,10 @@
 
 ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS $ngx_feature_inc_path \
           -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_TEST_LD_OPT $ngx_feature_libs"
+if [ "$ngx_feature_name"  == "NGX_OPENSSL_KTLS" ];then
+        ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS $ngx_feature_inc_path -I$OPENSSL/include \
+          -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_TEST_LD_OPT $ngx_feature_libs"
+fi
 
 ngx_feature_inc_path=
 
diff -r 65074e13f171 -r 87938decdb98 auto/lib/openssl/conf
--- a/auto/lib/openssl/conf	Tue Mar 26 09:33:57 2019 +0300
+++ b/auto/lib/openssl/conf	Wed Apr 10 14:43:27 2019 +0300
@@ -140,3 +140,12 @@
     fi
 
 fi
+ngx_feature="OpenSSL library with KTLS"
+ngx_feature_name="NGX_OPENSSL_KTLS"
+ngx_feature_run=no
+ngx_feature_incs="#include \"openssl/bio.h\" "
+ngx_feature_path=
+ngx_feature_libs="-lssl -lcrypto $NGX_LIBDL $NGX_LIBPTHREAD"
+ngx_feature_test="BIO_get_ktls_send(NULL)"
+. auto/feature
+
diff -r 65074e13f171 -r 87938decdb98 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c	Tue Mar 26 09:33:57 2019 +0300
+++ b/src/event/ngx_event_openssl.c	Wed Apr 10 14:43:27 2019 +0300
@@ -1528,6 +1528,9 @@
 #endif
 
     sc->connection = SSL_new(ssl->ctx);
+#if (NGX_OPENSSL_KTLS)
+    sc->ktls = 0;
+#endif
 
     if (sc->connection == NULL) {
         ngx_ssl_error(NGX_LOG_ALERT, c->log, 0, "SSL_new() failed");
@@ -1639,6 +1642,12 @@
         c->recv_chain = ngx_ssl_recv_chain;
         c->send_chain = ngx_ssl_send_chain;
 
+#if (NGX_OPENSSL_KTLS)
+       if(BIO_get_ktls_send(SSL_get_wbio(c->ssl->connection))){
+           c->ssl->ktls = 1;
+           c->send_chain = ngx_linux_sendfile_chain;
+	}
+#endif
 #ifndef SSL_OP_NO_RENEGOTIATION
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
 #ifdef SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
diff -r 65074e13f171 -r 87938decdb98 src/event/ngx_event_openssl.h
--- a/src/event/ngx_event_openssl.h	Tue Mar 26 09:33:57 2019 +0300
+++ b/src/event/ngx_event_openssl.h	Wed Apr 10 14:43:27 2019 +0300
@@ -99,6 +99,9 @@
     unsigned                    in_early:1;
     unsigned                    early_preread:1;
     unsigned                    write_blocked:1;
+#if (NGX_OPENSSL_KTLS)
+    unsigned                    ktls:1;
+#endif
 };
 
 
diff -r 65074e13f171 -r 87938decdb98 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c	Tue Mar 26 09:33:57 2019 +0300
+++ b/src/http/ngx_http_request.c	Wed Apr 10 14:43:27 2019 +0300
@@ -604,9 +604,15 @@
     }
 
 #if (NGX_HTTP_SSL)
-    if (c->ssl) {
+#ifndef NGX_OPENSSL_KTLS
+    if (c->ssl){
         r->main_filter_need_in_memory = 1;
     }
+#else
+    if(!c->ssl->ktls && c->ssl){
+        r->main_filter_need_in_memory = 1;
+        }
+#endif
 #endif
 
     r->main = r;

More information about the nginx-devel mailing list