[noise] NoiseSocket revision 1

Rhys Weatherley rhys.weatherley at gmail.com
Thu Aug 3 01:02:39 PDT 2017

On Thu, Aug 3, 2017 at 4:30 PM, Alexey Ermishkin <scratch.net at gmail.com>

> I talked to guys who use TLS at >10gbps speeds and would like to reduce
> the amount of memcpy calls per packet which is why they want ~2mb packets.
> So maybe for ones who know what they are doing this may be an option.

I assume they want to encrypt-in-place, which means minimising buffer
rearrangements for inserting packet length headers and trailing MAC's.

However, using a system call like writev()/sendmsg() and a scatter/gather
array, the two-byte header and 16-byte MAC's don't have to be stored in the
same memory array as the payload.  Those can be stored in a separate buffer
with scatter/gather stitching things back together inside the network
stack.  A little trickier to pull off on the receive side.

I suppose theoretically NoiseSocket could allow for 32-bit header lengths,
but internally chop things into fixed-size sub-64K chunks with MAC's along
the way.  That would make it easier to use readv()/recvmsg() on the receive
side as the position of the MAC's in the input stream would be predictable.

Just an idea.  I haven't profiled such a solution to see if the in-kernel
stitching overhead is better or worse than user space rearrangement.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20170803/75fcfaf1/attachment.html>

More information about the Noise mailing list