Dynamic record size implementation and integration test

s2n_connection_set_dynamic_record_threshold sets the number of bytes to send before changing the record size. If this value > 0 then dynamic TLS record size is enabled. Otherwise, the feature is disabled (default).
If dynamic record size is enabled, s2n_send
1. Uses small TLS records that fit into a single TCP segment for the threshold bytes of data.
2. Resets record size back to a single segment after timeout_threshold seconds of inactivity.

.travis/install_ubuntu_dependencies.sh

@@ -18,7 +18,7 @@ set -ex
 sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y
 sudo apt-get update
 
-DEPENDENCIES="indent kwstyle"
+DEPENDENCIES="indent kwstyle tcpdump"
 
 sudo apt-get install -y ${DEPENDENCIES}
 

api/s2n.h

@@ -146,6 +146,7 @@ extern int s2n_connection_set_send_cb(struct s2n_connection *conn, s2n_send_fn s
 
 extern int s2n_connection_prefer_throughput(struct s2n_connection *conn);
 extern int s2n_connection_prefer_low_latency(struct s2n_connection *conn);
+extern int s2n_connection_set_dynamic_record_threshold(struct s2n_connection *conn, uint32_t resize_threshold, uint16_t timeout_threshold);
 
 /* If you don't want to use the configuration wide callback, you can set this per connection and it will be honored. */
 extern int s2n_connection_set_verify_host_callback(struct s2n_connection *config, s2n_verify_host_fn host_fn, void *data);

bin/s2nc.c

@@ -16,6 +16,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/ioctl.h>
+#include <sys/param.h>
 #include <poll.h>
 #include <netdb.h>
 
@@ -63,6 +64,10 @@ void usage()
     fprintf(stderr, "    Turns off certification validation altogether.\n");
     fprintf(stderr, "  -r,--reconnect\n");
     fprintf(stderr, "    Drop and re-make the connection with the same Session-ID\n");
+    fprintf(stderr, "  -D,--dynamic\n");
+    fprintf(stderr, "    Set dynamic record resize threshold\n");
+    fprintf(stderr, "  -t,--timeout\n");
+    fprintf(stderr, "    Set dynamic record timeout threshold\n");
     fprintf(stderr, "\n");
     exit(1);
 }
@@ -219,6 +224,8 @@ int main(int argc, char *const *argv)
     uint8_t insecure = 0;
     int reconnect = 0;
     s2n_status_request_type type = S2N_STATUS_REQUEST_NONE;
+    uint32_t dyn_rec_threshold = 0;
+    uint8_t dyn_rec_timeout = 0;
     /* required args */
     const char *cipher_prefs = "default";
     const char *host = NULL;
@@ -237,11 +244,13 @@ int main(int argc, char *const *argv)
         {"ca-file", required_argument, 0, 'f'},
         {"ca-dir", required_argument, 0, 'd'},
         {"insecure", no_argument, 0, 'i'},
-        {"reconnect", no_argument, 0, 'r'}
+        {"reconnect", no_argument, 0, 'r'},
+        {"Dynamic", required_argument, 0, 'D'},
+        {"timeout", required_argument, 0, 't'},
     };
     while (1) {
         int option_index = 0;
-        int c = getopt_long(argc, argv, "a:c:ehn:sf:d:ir", long_options, &option_index);
+        int c = getopt_long(argc, argv, "a:c:ehn:sf:d:D:t:ir", long_options, &option_index);
         if (c == -1) {
             break;
         }
@@ -279,6 +288,15 @@ int main(int argc, char *const *argv)
         case 'r':
             reconnect = 5;
             break;
+        case 't':
+            dyn_rec_timeout = (uint8_t) MIN(255, atoi(optarg));
+            break;
+        case 'D':
+            dyn_rec_threshold = strtoul(optarg, 0, 10);
+            if (errno == ERANGE) {
+              dyn_rec_threshold = 0;      
+            }
+            break;
         case '?':
         default:
             usage();
@@ -408,6 +426,10 @@ int main(int argc, char *const *argv)
             }
         }
 
+        if (dyn_rec_threshold > 0 && dyn_rec_timeout > 0) {
+            s2n_connection_set_dynamic_record_threshold(conn, dyn_rec_threshold, dyn_rec_timeout);
+        }
+
         if (echo_input == 1) {
             echo(conn, sockfd);
         }

tests/integration/Makefile

@@ -30,6 +30,12 @@ all:
 	LD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$LD_LIBRARY_PATH" \
 	python3 s2n_client_endpoint_handshake_test.py $(S2ND_HOST) $(S2ND_PORT); \
 	)
+	# Run dynamic record size tests
+	( \
+	DYLD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$DYLD_LIBRARY_PATH" \
+	LD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$LD_LIBRARY_PATH" \
+	python3 s2n_dynamic_record_size_test.py --libcrypto $(S2N_LIBCRYPTO) $(S2ND_HOST) $(S2ND_PORT); \
+	)
 	# Run s_client handshake tests
 	( \
 	DYLD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$DYLD_LIBRARY_PATH" \