In place encryption and decryption #8
Conversation
Timers are updated on every single packet call, but their accuracy is limited to 250ms where currentTime is updated. So just mark timers to update, and update them only once in update_timers.
| // The rate limiter initially checks mac1 and mac2, and optionally asks to send a cookie | ||
| let parsed_packet = | ||
| match rate_limiter.verify_packet(Some(addr.as_socket().unwrap().ip()), packet, &mut t.dst_buf) { | ||
| match rate_limiter.verify_packet(Some(addr.as_socket().unwrap().ip()), &mut t.src_buf, packet_len, &mut t.dst_buf) { |
There was a problem hiding this comment.
Maybe handle the unwrap() case, to avoid panics ..?
|
Maybe it is worth to add some benches ..? Or is it done by xray? |
|
@matislovas benches are there, but they are also a bit under active development. There is CI/tests/performance-tests. Eventually they would also post the results here. For now I will do that for better visibility. |
|
Results from current branch
Results from main branch
|
Not much of the improvement performance-vise, but ok ... 😸 |
|
+1 |
| buffer: &'a mut [u8], | ||
| data_len: usize, | ||
| ) -> &'a mut [u8] { | ||
| if buffer.len() < data_len + super::DATA_OVERHEAD_SZ { | ||
| panic!("The destination buffer is too small"); |
There was a problem hiding this comment.
I've experienced reproducible panic in this place when running iperf3 -u -b 500M -i 60 -t 120 -c locally
Hasan6979
force-pushed
the
LLT-5816_in_place_encrypt_decrypt
branch
from
50c35ed to
fa0f75f
Compare
Hasan6979
force-pushed
the
LLT-5805_update_timers_periodically
branch
from
e64f7d8 to
d4e74e9
Compare
|
Neither tests between two physical machines nor CI runs showed any significant improvement. The differences are within 0.5%. |
There is an extra copy step that happens during encryption/decryption. That is because boringtun ffi api expects separate buffers for plaintext and encrypted buffers. It is not important for us, so we can encrypt/decrypt in place instead.