search

openssl / project

Tracking of project related issues
2 stars 1 forks source link

Investigation: Implement send unblocking on QUIC objects #859

Open nhorman opened 2 months ago

nhorman commented 2 months ago

Item 2 here

Is requesting the following:

When doing large uploads, the stream/connection window will get exhausted, and QUIC waits for server ACKs to make progress. This is detected by writes to a stream SSL* returning SSL_ERROR_WANT_WRITE. We then block the nghttp3 stream for futher processing.

What we lack in curl is the indication when to correctly unblock that stream processing again. For that we currently use SSL_want_write(stream->ssl). When that returns FALSE, we unblock. However, this returns FALSE much too early, unblocking the stream only to immediately giving SSL_ERROR_WANT_WRITE again. This leads to curl using 100% cpu on a single large upload that is merely under flow control.

Question: how can we manage this situation better?

Update: we use SSL_net_write_desired(connssl) to decide the POLLOUT status. A single, blocked stream seems to result in us keep on triggering writes.

It seems what is needed here is a mechanism to only return fals from SSL_want_write in the case of a stream error or in the event that (I think) ossl_quic_txfc_get_credit_local returns a non-zero value.

Sashan commented 1 week ago

We need to implement more complex application which will also do non-blocking I/O on SSL stream object. It should be using SSL_poll() to test readiness of write/read operation. The application can be kind of proxy which will shovel data between TCP socket and QUIC stream, something like that.

nhorman commented 1 day ago

We actually have that, for the client side at least. The demos/guide/quic-hq-interop.c client uses nonblocking I/O with SSL_poll on multiple stream objects to know when a given stream is readable. I've got a server for quic hq-interop started. It uses blocking I/O though. We also have quic-server-non-block.c, but it doesn't use SSL_poll, since it only writes very small amounts of data, that could be expanded though

nhorman commented 1 day ago

I've asked the curl devs in https://github.com/openssl/openssl/discussions/23339#discussion-6094341 if SSL_poll is really what they need here