[Question]: first off, how to test the tls feature of gnet?

[kolinfluence]

Actions I've taken before I'm here

• [x] I've thoroughly read the documentations about this problem but still have no answer.
• [X] I've searched the Github Issues/Discussions but didn't find any similar problems that have been solved.
• [X] I've searched the internet for this problem but didn't find anything helpful.

Questions with details

as titled

Code snippets (optional)

No response

[kolinfluence]

@leslie-fei my telegram username @MelbourneModerator

so far, so good. u are amazing. it works perfect now. no issues i can find.

it's doing 150k req/s https, that's kind of crazy because non tls does 165k req/s.

i'm running longer duration multiple connection tests on it with different gomaxprocs settings. will revert with findings.

everything seems to be running ok for 30s durations, 100 connections etc.

it seems fine. let me do 5 minutes segments and revert on findings. thx!

[kolinfluence]

@leslie-fei it is working perfectly fine. can you share what u did and mention how u fixed it? just curious

[leslie-fei]

@kolinfluence Because gnet is event-driven based on epoll, I need to change all data reading operations in std TLS to non-blocking. Previously, there was a dead loop issue when the handshake was completed and there were still data in InBoundBuffer. I just made changes here, you can check the commit log in https://github.com/leslie-fei/gnettls.

[kolinfluence]

@leslie-fei i confirm there's no issue with https testing.

Do u have something for tls tcp echo testing? u can ask for pull request now and review.

but i hope to see how u'll implement a tcp tls echo server as an example use.

p.s. : i read the code, it's fantastic. great work. everything works. ask for pull request

[leslie-fei]

@kolinfluence Are you looking to implement an HTTPS server, or do you just need to add TLS functionality to TCP? If it's HTTPS, you'll also have to handle encoding and decoding HTTP packets, which can be cumbersome. Does your use case require such high performance that the Go standard library cannot meet?

[kolinfluence]

@leslie-fei yes, i need both https and tcp tls. can you do an example for tcp tls? i can write my own but im curious how u'll implement it. maybe u can provide the basic example for me to test on too.

and yes, i've stretched the limit with other high performance libraries too. just fyi

i've used all the other frameworks in golang u can think of.

[kolinfluence]

@leslie-fei before u scold me for suggesting h2, pls check out the older version of gnet that has it working https://github.com/leslie-fei/gnet/issues/2

do take some time to see if it can be implemented easily using what has already been done. thx! this h2 can wait a bit. not sure when u anticipate can be included that's all.

[leslie-fei]

@kolinfluence I will try to see if it's feasible, but since I'm also working regularly, I won't be able to handle it promptly. I can spare some time to create a simplest TCP TLS echo example for you first.

[kolinfluence]

@leslie-fei , yes, pls delete the image thx.

can i ask what is this goroutine pool used for in the context of this http server? how to use it? do we need to use it?

        hs := &httpsServer{
                addr:      addr,
                multicore: multicore,
                //pool:      goroutine.Default(),
        }

using the pool while the server is idle generates 2 heap objects per second. so i was wondering if it's truly necessary, req/s wise, it is slower too when used.

how would u use it by the way?

[kolinfluence]

@leslie-fei tls tcp echo server by chatgpt, advisable to use this way?

package main

import (
    "bytes"
    "flag"
    "fmt"
    "log"
    "time"

    "github.com/leslie-fei/gnettls"
    "github.com/leslie-fei/gnettls/tls"
    "github.com/panjf2000/gnet/v2"
    "github.com/panjf2000/gnet/v2/pkg/pool/goroutine"
)

func main() {
    var port int
    var multicore bool

    flag.IntVar(&port, "port", 8443, "server port")
    flag.BoolVar(&multicore, "multicore", true, "multicore with multiple CPU cores")
    flag.Parse()

    addr := fmt.Sprintf("tcp://:%d", port)
    tlsConfig := &tls.Config{
        Certificates: []tls.Certificate{mustLoadCertificate()},
    }

    hs := &echoServer{
        addr:      addr,
        multicore: multicore,
        pool:      goroutine.Default(),
    }

    options := []gnet.Option{
        gnet.WithMulticore(multicore),
        gnet.WithTCPKeepAlive(time.Minute * 5),
        gnet.WithReusePort(true),
    }

    log.Fatal(gnettls.Run(hs, hs.addr, tlsConfig, options...))
}

type echoServer struct {
    gnet.BuiltinEventEngine

    addr      string
    multicore bool
    pool      *goroutine.Pool
}

func (es *echoServer) OnTraffic(c gnet.Conn) (action gnet.Action) {
    buf, _ := c.Peek(c.InboundBuffered())
    if bytes.Contains(buf, []byte("\r\n\r\n")) { // Checks if the HTTP request is complete
        _, _ = c.Next(-1) // Read the buffer to prepare for writing back
        _, _ = c.Write(buf) // Echo back the received data
    }
    return
}

func (es *echoServer) OnClose(c gnet.Conn, err error) (action gnet.Action) {
    log.Printf("Closed connection on %s, error: %v", c.RemoteAddr().String(), err)
    return
}

func mustLoadCertificate() tls.Certificate {
    cert, err := tls.LoadX509KeyPair("server.crt", "server.key")
    if err != nil {
        log.Fatalf("Failed to load server certificate: %v", err)
    }
    return cert
}

[leslie-fei]

@kolinfluence Change the repository address from https://github.com/leslie-fei/gnettls.git to https://github.com/leslie-fei/gnet-tls.git, pull the code, navigate to example/echo, run go build main.go and then execute ./main. It implements a relatively simple TLS TCP echo server & client, where the server uses gnet TLS and the client uses the standard library's TLS TCP client. You should also transfer the issue to the repository gnet-tls.

[root@localhost echo]# go build main.go
[root@localhost echo]# ./main
[gnet] 2024-04-25T02:54:28.423694411-04:00      INFO    logging/logger.go:256   Launching gnet with 8 event-loops, listening on: tcp://:443
[gnet] 2024-04-25T02:54:29.427279583-04:00      INFO    logging/logger.go:256   server OnTraffic data: HelloWorld
[gnet] 2024-04-25T02:54:29.427358693-04:00      INFO    logging/logger.go:256   read from server: HelloWorld
[gnet] 2024-04-25T02:54:30.427617314-04:00      INFO    logging/logger.go:256   server OnTraffic data: HelloWorld
[gnet] 2024-04-25T02:54:30.427777616-04:00      INFO    logging/logger.go:256   read from server: HelloWorld
[gnet] 2024-04-25T02:54:31.428327836-04:00      INFO    logging/logger.go:256   server OnTraffic data: HelloWorld
[gnet] 2024-04-25T02:54:31.428451564-04:00      INFO    logging/logger.go:256   read from server: HelloWorld
[gnet] 2024-04-25T02:54:32.428643859-04:00      INFO    logging/logger.go:256   server OnTraffic data: HelloWorld
[gnet] 2024-04-25T02:54:32.42873486-04:00       INFO    logging/logger.go:256   read from server: HelloWorld

[kolinfluence]

@leslie-fei

1. i just tested, it works. hope panjf can pull this repo asap

2. can u pls check this code and make it work? it can compile, but when request http page will fail. not sure how to fix it. https://github.com/leslie-fei/gnet/issues/3

[leslie-fei]

@kolinfluence I don't think panjf will merge this TLS change anytime soon; after all, it's quite a large amount of code that introduces the entire std TLS and might lack sufficient testing. From what I saw in your issue, supporting HTTP protocol encoding and decoding also requires some time.

[kolinfluence]

@leslie-fei erm... so basically, do u think you can do the protocol support or something? because it works without the tls...

i mean i dont really understand why http protocol encoding / decoding will affect this tls that's all.

is it difficult or will it be long? i thought it's just simple reuse of existing...

when can it be supported? really hope to use it asap. can i sponsor u some coffees to speed this up? u'll help me greatly.

[leslie-fei]

@kolinfluence I've been researching it recently, as I still need to work, I'll look into it in my spare time. Can you receive messages on Telegram?

[kolinfluence]

@leslie-fei yes i see ur msg on telegram now. do mention when the protocol can be done and if i can assist too. thx