-
Notifications
You must be signed in to change notification settings - Fork 922
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dnsdist: Add experimental support for TLS asynchronous engines #10734
Conversation
|
6ecc3b7
to
c5a01f9
Compare
Rebased to fix CI failures (missing promtool). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I reviewed this concentrating mostly on two questions:
- Does it build with libressl (it does)
- Does it not breakk the non-async way of doing things (it does not)
As for the async code itself: I never worked with that libssl mode, so it's new territory. I will try to look at that part in a next round of review later.
c5a01f9
to
d10c305
Compare
I rebased that PR on master to fix the conflicts then applied the suggestions made during code review. |
@omoerbeek Do you want to take a new look at this PR before I merge it? d10c305 in particular affects the recursor. |
Short description
Tested with the Intel QAT engine on a C3XXX, where it seems to reduce the CPU usage significantly, to a third of the CPU usage seen in normal mode.
At the moment this is only implemented for incoming DNS over TLS, but it should not be too hard to implement for outgoing DNS over TLS and outgoing DNS over HTTPS. Incoming DNS over HTTPS would be more tricky since it requires implementing the feature in libh2o as well.
Checklist
I have: