Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

process more TLS frames at one when available #50815

Merged
merged 16 commits into from
Jun 24, 2021
Merged

Conversation

wfurt
Copy link
Member

@wfurt wfurt commented Apr 6, 2021

This is fragment of original #49743
This change will process more frames if already read from transport returning bigger chunks of data to caller.
Aside from the big loop change this adds more spanification and tracing for EOF as we may reach it while already decrypted some data.

AuxRecord tests are removed as they depend on particular read side.

fixes #49000

@ghost
Copy link

ghost commented Apr 6, 2021

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

This is fragment of original #49743
This change will process more frames if already read from transport returning bigger chunks of data to caller.
Aside from the big loop change this adds more spanification and tracing for EOF as we may reach it while already decrypted some data.

AuxRecord tests are removed as they depend on particular read side.

fixes #49000

Author: wfurt
Assignees: wfurt
Labels:

area-System.Net.Security

Milestone: -

@davidfowl
Copy link
Member

Preview5?

@wfurt
Copy link
Member Author

wfurt commented Apr 30, 2021

I did another pass towards direction we discussed @geoffkizer.
While this is not 100% complete it would be great if you can take another look and provide feedback.
To make that more manageable I moved all the IO to getFullFrameIfNeed() and I also added haveFullTlsFrame() helper function to make it more obvious.

// _internalOffset is 0 after ResetReadBuffer and we use _internalBufferCount to determined where to read.
while (_internalBufferCount < frameSize)
{
// We don't have enough bytes buffered, so issue an initial read to try to get enough. This is
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment isn't really correct anymore

Copy link
Member Author

@wfurt wfurt Jun 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you think is incorrect? I'm reading it again and it seems to describe the intent.


private SecurityStatusPal DecryptData(int frameSize, out int decryptedCount, out int decryptedOffset)
{
// Set _decrytpedBytesOffset/Count to the current frame we have (including header)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like we should assert that _decryptedBytesCount is 0 here, right? Otherwise we could be overwriting unconsumed decrypted data.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, the asset is good idea.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// Set _decrytpedBytesOffset/Count to the current frame we have (including header)
// Set _decryptedBytesOffset/Count to the current frame we have (including header)

TlsFrameHelper.TryGetFrameHeader(_internalBuffer.AsSpan(_internalOffset), ref _lastFrame.Header);
if (_lastFrame.Header.Type != TlsContentType.AppData)
{
// Alerts, handshake and anything else will be processed separately.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why? Seems like it's better to process these sooner rather than later. And there could be more data in subsequent frames as well, right?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm worried about compatibility. Goal of this change is efficiency, not behavior changes. While I don't have specific example (besides the AUX tests) currently all the additional service frames would be processed after handing out data received prior.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, seems reasonable. Can we at least add a comment that this probably isn't strictly necessary?

@wfurt
Copy link
Member Author

wfurt commented Jun 14, 2021

This should be ready for another review round @geoffkizer @stephentoub. With exception of the Async debate all the feedback should be addressed.

@karelz
Copy link
Member

karelz commented Jun 16, 2021

@geoffkizer can you please finish code review here?

Copy link
Contributor

@geoffkizer geoffkizer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A couple nits above. Generally LGTM

@wfurt wfurt merged commit 2ac023c into dotnet:main Jun 24, 2021
@davidfowl
Copy link
Member

👍🏾

thaystg added a commit to thaystg/runtime that referenced this pull request Jun 24, 2021
…bugger2

* origin/main: (107 commits)
  Disable MacCatalyst arm64 PR test runs on staging pipeline (dotnet#54678)
  [WASM] Fix async/await in config loading (dotnet#54652)
  Fix for heap_use_after_free flagged by sanitizer (dotnet#54679)
  [wasm] Bump emscripten to 2.0.23 (dotnet#53603)
  Fix compiler references when building inside VS (dotnet#54614)
  process more TLS frames at one when available (dotnet#50815)
  Add PeriodicTimer (dotnet#53899)
  UdpClient with span support (dotnet#53429)
  exclude fragile tests (dotnet#54671)
  get last error before calling a method that might fail as well (dotnet#54667)
  [FileStream] add tests for device and UNC paths (dotnet#54545)
  Fix sporadic double fd close (dotnet#54660)
  Remove Version.Clone from AssemblyName.Clone (dotnet#54621)
  [wasm] Enable fixed libraries tests (dotnet#54641)
  [wasm] Fix blazor/aot builds (dotnet#54651)
  [mono][wasm] Fix compilation error on wasm (dotnet#54659)
  Fix telemetry for Socket connects to Dns endpoints (dotnet#54071)
  [wasm] Build static components; include hot_reload in runtime (dotnet#54568)
  [wasm][debugger] Reuse debugger-agent on wasm debugger (dotnet#52300)
  Put Crossgen2 in sync with dotnet#54235 (dotnet#54438)
  ...
MihaZupan added a commit to MihaZupan/runtime that referenced this pull request Jun 30, 2021
@karelz karelz added this to the 6.0.0 milestone Jul 15, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Aug 14, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

SSlStream reads TLS records one frame at a time
6 participants