-
Notifications
You must be signed in to change notification settings - Fork 24.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove dedicated SSL network write buffer #41283
Conversation
This is related to elastic#27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
Pinging @elastic/es-security |
I don't feel I am comfortable enough with SSL code to give a good review. I looked over it and nothing looks terrible. So I am relying on @original-brownbear for this. |
I'm on it today, sorry for missing this one! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM :)
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NIT: double empty line
while (true) { | ||
SSLEngineResult result; | ||
ByteBuffer networkBuffer = outboundBuffer.nextWriteBuffer(packetSize); | ||
try { | ||
if (buffers.length == 1) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a little off-topic but I figured I'd mention it while we're changing these lines anyway:
For the default implementation of the JDK's SSLEngine
, wrap
for just a single buffer source argument src
reads:
public SSLEngineResult wrap(ByteBuffer src,
ByteBuffer dst) throws SSLException {
return wrap(new ByteBuffer [] { src }, 0, 1, dst);
}
=> I think we can just remove this if
and always pass the buffer array even in the single value case?
|
||
public class Page implements Closeable { | ||
|
||
private static final Runnable DEFAULT_CLOSEABLE = () -> {}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
NIT: why not just inline this lambda?
@original-brownbear Thanks. I've made your suggested changes and will merge once CI passes. |
This is related to #27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
This reverts commit f65a86c.
…s-in-all-the-places * elastic/master: (70 commits) Remove experimental label froms script_score query (elastic#41572) [Ml-Dataframe] Update URLs in Data frame client java doc (elastic#41539) Reenable bwc Tests in master (elastic#41540) Fix search_as_you_type's sub-fields to pick their names from the full path of the root field (elastic#41541) Remove search analyzers from DocumentFieldMappers (elastic#41484) Update community client and integration docs (elastic#41513) Remove Version.V_6_x_x constants use in security (elastic#41185) Mute testDriverConfigurationWithSSLInURL Remove dedicated SSL network write buffer (elastic#41283) Disable max score optimization for queries with unbounded max scores (elastic#41361) [DOCS] Explicitly set section IDs for Asciidoctor migration (elastic#41547) [ML] add multi node integ tests for data frames (elastic#41508) [Docs] Fix common word repetitions (elastic#39703) [DOCS] Note TESTRESPONSE can't be used immediately after TESTSETUP (elastic#41542) Update configuring-ldap-realm.asciidoc (elastic#40427) Fixed very small typo in date (elastic#41398) Refactor GeoHashUtils (elastic#40869) Make 0 as invalid value for `min_children` in `has_child` query (elastic#41347) field_caps: adapt bwc version after backport (elastic#41427) Remove Exists Check from S3 Repository Deletes (elastic#40931) ...
This is related to elastic#27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
This is related to elastic#27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
This is related to elastic#27260. Currently for the SSLDriver we allocate a dedicated network write buffer and encrypt the data into that buffer one buffer at a time. This requires constantly switching between encrypting and flushing. This commit adds a dedicated outbound buffer for SSL operations that will internally allocate new packet sized buffers as they are need (for writing encrypted data). This allows us to totally encrypt an operation before writing it to the network. Eventually it can be hooked up to buffer recycling.
This is related to #27260. Currently for the SSLDriver we allocate a
dedicated network write buffer and encrypt the data into that buffer one
buffer at a time. This requires constantly switching between encrypting
and flushing. This commit adds a dedicated outbound buffer for SSL
operations that will internally allocate new packet sized buffers as
they are need (for writing encrypted data). This allows us to totally
encrypt an operation before writing it to the network. Eventually it can
be hooked up to buffer recycling.