user: imporve #463, impact on the performance of the tested program #471
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* When calling `SSL_connect` in the OpenSSL library in a client role or `SSL_accept` in a server role, the execution flow ultimately enters the `state_machine` function in `ssl/statem/statem.c` for TLS handshake. * Therefore, the optional scope is functions within this `state_machine` function that start with an uppercase `SSL`. * When using OpenSSL synchronously, a successful TLS handshake returns 1, i.e., `ret = 1`. Thus, after this variable is assigned, the called functions can obtain the desired memory data. * Under this premise, the only function within the `state_machine` function that meets the requirements is `SSL_get_wbio`. * Adding an alternate HOOK function, `SSL_in_before`, to the scope. Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
cfc4n
added
enhancement
Closed
see readme.md for more detail. Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
测试结果 Result
|
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
Signed-off-by: CFC4N <cfc4n.cs@gmail.com>
|
最终是选择换了hook点的函数么?可否再测试一种场景,本地大文件wget下载场景,在修改之前,对性能影响会有约20%的下载速度下降,本地nginx,约700m->500m |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
设计思路
问题
解决思路
SSL_connect或者以服务端角色SSL_accept,最终都会进入ssl/statem/statem.c的state_machine函数进行TLS握手。SSL开头的函数。同步调用时,TLS握手成功会返回1,也就是ret = 1,即需要在这个变量赋值后,被调用的函数,才能拿到符合要求的内存数据。state_machine函数内符合要求的就只有SSL_get_wbio了。异步 (BIO)调用时,还需要增加SSL_in_before函数。Design concept
Question
Solution
SSL_connectin the OpenSSL library in a client role orSSL_acceptin a server role, the execution flow ultimately enters thestate_machinefunction inssl/statem/statem.cfor TLS handshake.state_machinefunction that start with an uppercaseSSL.ret = 1. Thus, after this variable is assigned, the called functions can obtain the desired memory data. the only function within thestate_machinefunction that meets the requirements isSSL_get_wbio.asynchronous (BIO)manner, it is also necessary to add theSSL_in_beforefunction.