Merge pull request #128 from proftpd/tls-adaptive-buffering

Implement adaptive tuning of the TLS record/buffer size for data tran…
proftpd · May 29, 2015 · 5923952 · 5923952
2 parents 6752fd9 + 87f8496
commit 5923952
Showing 1 changed file with 40 additions and 5 deletions.
diff --git a/contrib/mod_tls.c b/contrib/mod_tls.c
@@ -61,7 +61,6 @@
 # include <openssl/ecdh.h>
 #endif /* PR_USE_OPENSSL_ECC */
 
-
 #ifdef HAVE_MLOCK
 # include <sys/mman.h>
 #endif
@@ -377,8 +376,16 @@ static unsigned int tls_npkeys = 0;
 #define TLS_DEFAULT_NEXT_PROTO		"ftp"
 
 /* SSL record/buffer sizes */
-#define TLS_DATA_WRITE_BUFFER_SIZE	(16 * 1024)
-#define TLS_HANDSHAKE_WRITE_BUFFER_SIZE	1400
+#define TLS_HANDSHAKE_WRITE_BUFFER_SIZE			1400
+
+/* SSL adaptive buffer sizes/values */
+#define TLS_DATA_ADAPTIVE_WRITE_MIN_BUFFER_SIZE		(4 * 1024)
+#define TLS_DATA_ADAPTIVE_WRITE_MAX_BUFFER_SIZE		(16 * 1024)
+#define TLS_DATA_ADAPTIVE_WRITE_BOOST_THRESHOLD		(1024 * 1024)
+#define TLS_DATA_ADAPTIVE_WRITE_BOOST_INTERVAL_MS	1000
+
+static uint64_t tls_data_adaptive_bytes_written_ms = 0L;
+static off_t tls_data_adaptive_bytes_written_count = 0;
 
 /* Module variables */
 #if OPENSSL_VERSION_NUMBER > 0x000907000L
@@ -4058,7 +4065,9 @@ static int tls_accept(conn_t *conn, unsigned char on_data) {
       SSL_CTX_set_session_cache_mode(ssl_ctx, cache_mode);
     }
 
-    BIO_set_write_buf_size(wbio, TLS_DATA_WRITE_BUFFER_SIZE);
+    BIO_set_write_buf_size(wbio, TLS_DATA_ADAPTIVE_WRITE_MIN_BUFFER_SIZE);
+    tls_data_adaptive_bytes_written_ms = 0L;
+    tls_data_adaptive_bytes_written_count = 0;
   }
 
   /* Disable the handshake timer. */
@@ -6684,7 +6693,6 @@ static ssize_t tls_write(SSL *ssl, const void *buf, size_t len) {
   ssize_t count;
 
   count = SSL_write(ssl, buf, len);
-
   if (count < 0) {
     long err = SSL_get_error(ssl, count);
 
@@ -6704,6 +6712,33 @@ static ssize_t tls_write(SSL *ssl, const void *buf, size_t len) {
     }
   }
 
+  if (ssl != ctrl_ssl) {
+    BIO *wbio;
+    uint64_t now;
+
+    (void) pr_gettimeofday_millis(&now);
+    tls_data_adaptive_bytes_written_count += count;
+    wbio = SSL_get_wbio(ssl);
+
+    if (tls_data_adaptive_bytes_written_count >= TLS_DATA_ADAPTIVE_WRITE_BOOST_THRESHOLD) {
+      /* Boost the buffer size if we've written more than the "boost"
+       * threshold.
+       */
+      BIO_set_write_buf_size(wbio, TLS_DATA_ADAPTIVE_WRITE_MAX_BUFFER_SIZE);
+    }
+
+    if (now > (tls_data_adaptive_bytes_written_ms + TLS_DATA_ADAPTIVE_WRITE_BOOST_INTERVAL_MS)) {
+      /* If it's been longer than the boost interval since our last write,
+       * then reset the buffer size to the smaller version, assuming
+       * congestion (and thus closing of the TCP congestion window).
+       */
+      tls_data_adaptive_bytes_written_count = 0;
+      BIO_set_write_buf_size(wbio, TLS_DATA_ADAPTIVE_WRITE_MIN_BUFFER_SIZE);
+    }
+
+    tls_data_adaptive_bytes_written_ms = now;
+  }
+
   return count;
 }