Remove dedicated SSL network write buffer #41283
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is related to elastic#27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
|
Pinging @elastic/es-security |
|
I don't feel I am comfortable enough with SSL code to give a good review. I looked over it and nothing looks terrible. So I am relying on @original-brownbear for this. |
|
I'm on it today, sorry for missing this one! |
original-brownbear
approved these changes
Apr 25, 2019
|
|
||
|
|
There was a problem hiding this comment.
NIT: double empty line
| while (true) { | ||
| SSLEngineResult result; | ||
| ByteBuffer networkBuffer = outboundBuffer.nextWriteBuffer(packetSize); | ||
| try { | ||
| if (buffers.length == 1) { |
There was a problem hiding this comment.
This is a little off-topic but I figured I'd mention it while we're changing these lines anyway:
For the default implementation of the JDK's SSLEngine, wrap for just a single buffer source argument src reads:
public SSLEngineResult wrap(ByteBuffer src,
ByteBuffer dst) throws SSLException {
return wrap(new ByteBuffer [] { src }, 0, 1, dst);
}
=> I think we can just remove this if and always pass the buffer array even in the single value case?
|
|
||
| public class Page implements Closeable { | ||
|
|
||
| private static final Runnable DEFAULT_CLOSEABLE = () -> {}; |
There was a problem hiding this comment.
NIT: why not just inline this lambda?
|
@original-brownbear Thanks. I've made your suggested changes and will merge once CI passes. |
Tim-Brooks
added a commit
that referenced
this pull request
Apr 25, 2019
This is related to #27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
Tim-Brooks
added a commit
that referenced
this pull request
Apr 26, 2019
This reverts commit f65a86c.
jasontedor
added a commit
to jasontedor/elasticsearch
that referenced
this pull request
Apr 26, 2019
…s-in-all-the-places * elastic/master: (70 commits) Remove experimental label froms script_score query (elastic#41572) [Ml-Dataframe] Update URLs in Data frame client java doc (elastic#41539) Reenable bwc Tests in master (elastic#41540) Fix search_as_you_type's sub-fields to pick their names from the full path of the root field (elastic#41541) Remove search analyzers from DocumentFieldMappers (elastic#41484) Update community client and integration docs (elastic#41513) Remove Version.V_6_x_x constants use in security (elastic#41185) Mute testDriverConfigurationWithSSLInURL Remove dedicated SSL network write buffer (elastic#41283) Disable max score optimization for queries with unbounded max scores (elastic#41361) [DOCS] Explicitly set section IDs for Asciidoctor migration (elastic#41547) [ML] add multi node integ tests for data frames (elastic#41508) [Docs] Fix common word repetitions (elastic#39703) [DOCS] Note TESTRESPONSE can't be used immediately after TESTSETUP (elastic#41542) Update configuring-ldap-realm.asciidoc (elastic#40427) Fixed very small typo in date (elastic#41398) Refactor GeoHashUtils (elastic#40869) Make 0 as invalid value for `min_children` in `has_child` query (elastic#41347) field_caps: adapt bwc version after backport (elastic#41427) Remove Exists Check from S3 Repository Deletes (elastic#40931) ...
Tim-Brooks
added a commit
to Tim-Brooks/elasticsearch
that referenced
this pull request
Apr 29, 2019
This is related to elastic#27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
akhil10x5
pushed a commit
to akhil10x5/elasticsearch
that referenced
this pull request
May 2, 2019
This is related to elastic#27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
gurkankaymak
pushed a commit
to gurkankaymak/elasticsearch
that referenced
this pull request
May 27, 2019
This is related to elastic#27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is related to #27260. Currently for the SSLDriver we allocate a
dedicated network write buffer and encrypt the data into that buffer one
buffer at a time. This requires constantly switching between encrypting
and flushing. This commit adds a dedicated outbound buffer for SSL
operations that will internally allocate new packet sized buffers as
they are need (for writing encrypted data). This allows us to totally
encrypt an operation before writing it to the network. Eventually it can
be hooked up to buffer recycling.