Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Share connection between curl requests #170

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Share connection between curl requests #170

wants to merge 1 commit into from

Conversation

rvdgracht
Copy link

Using a curl_share between curl requests allows sharing an open connection and re-use cached DNS, PSL and TLS session id.

This change allows performing multiple requests without having to do re-perform the (full) TLS handshake.

For reference, on a stm32mp151c with OPTEE + pkcs11 TA a full TLS handshake takes ~8 seconds. Mostly due to small pager pool (internal sram) available for OPTEE.

With this change a mTLS curl request take around 60ms after the initial connection has been established.

@rvdgracht
Copy link
Author

I have some concerns about sharing the connection (CURL_LOCK_DATA_CONNECT) between the mainloop (poller) and the download thread. The documentation states: "It is not supported to share connections between multiple concurrent threads." I did place locking on the shared data including CURL_LOCK_DATA_CONNECT though.
I have succesfully tested this. So the mainloop can poll for status while the download thread is streaming data over the
same connection. Maybe someone with more extensive libcurl knowledge can verify this.

@rvdgracht rvdgracht mentioned this pull request Feb 1, 2024
Open
@Bastian-Krause
Copy link
Member

I think inter-thread connection sharing as it's implemented here should be okay. Maybe we should add -fsanitize=thread here, so we stumble upon any issues:

rauc-hawkbit-updater/.github/workflows/tests.yml

Line 16 in 76f5a1d

- CFLAGS="-fsanitize=address -fsanitize=leak -g" LDFLAGS="-fsanitize=address -fsanitize=leak"

@Bastian-Krause Bastian-Krause added the enhancement New feature or request label Feb 15, 2024
@rvdgracht
Copy link
Author

Maybe we should add -fsanitize=thread here

Added.

@Bastian-Krause
Copy link
Member

Maybe we should add -fsanitize=thread here

Added.

TSAN works by inserting instrumentation into compiled code to detect race conditions. We use glib from Debian in CI, meaning those libraries are not built with TSAN instrumentation, so memory accesses cannot be tracked. This leads to false positives. So suggesting to enable the sanitizer was not a good idea after all.

I'll drop the commit.

Bastian-Krause
Bastian-Krause previously approved these changes Dec 16, 2024
View reviewed changes
@Bastian-Krause Bastian-Krause dismissed their stale review December 18, 2024 10:58

Additional changes required.

@Bastian-Krause
Copy link
Member

I've changed the PR slightly:

  • use GMutexes instead of pthread_mutex_t, add mutex init/clear
  • moved curl_share_setopt() calls to set_default_curl_opts() guarded with g_once_init_enter()/g_once_init_leave()
  • add g_return_if_fail() for return value of curl_share_init()
  • added asserts in curl lock/unlock functions

@rvdgracht @Bastian-Krause
hawkbit-client: share connection between curl requests
56feb22 
Using a curl_share between curl requests allows sharing an open connection
and re-use cached DNS, PSL and TLS session id.

This change allows performing multiple requests without having to do
re-perform the (full) TLS handshake.

For reference, on a stm32mp151c with OPTEE + pkcs11 TA a full TLS
handshake takes ~8 seconds. Mostly due to small pager pool (internal sram)
available for OPTEE.

With this change a mTLS curl request take around 60ms after the initial
connection has been established.

Signed-off-by: Robin van der Gracht <[email protected]>
Signed-off-by: Bastian Krause <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Bastian-Krause Bastian-Krause Bastian-Krause approved these changes

@ejoerns ejoerns Awaiting requested review from ejoerns

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rvdgracht @Bastian-Krause