-
-
Notifications
You must be signed in to change notification settings - Fork 32.7k
Description
Bug report
Bug description:
Event loops like uvloop, asyncio use nonblocking ssl. They typically
- read data from the socket when epoll returns that it is ready
- push data to the incoming MemoryBIO
- read from SSLObject until SSLWantReadError is thrown
- pass read data to the application protocol
when peers are exchanging relatively small messages, SSLObject.read is typically called 2 times . First call returns data, second - throws SSLWantReadError
perf shows that the second call is almost as expensive as the first call because of time spent on constructing new exception object.
Is it possible to optimize exception object creation for the second call?
I tried to avoid the second call by analyzing MemoryBIO.pending and SSLObject.pending values but they can't always reliably tell that we have to wait for more data.
For example, it is possible that incoming MemoryBIO.pending > 0, SSLObject.pending == 0. We call SSLObject.read and it throws because incoming MemoryBIO doesn't have the full ssl frame yet.
Example echo client that replicates internal logic in asyncio/uvloop:
import socket import ssl import select from typing import Optional ssl_context = ssl.create_default_context() ssl_context.check_hostname = False ssl_context.verify_mode = ssl.CERT_NONE ep = select.epoll(2) incoming = ssl.MemoryBIO() outgoing = ssl.MemoryBIO() sock: Optional[socket.socket] = None ssl_sock: Optional[ssl.SSLObject] = None def wait_data(): ep.poll() try: while True: chunk = sock.recv(1024) incoming.write(chunk) except BlockingIOError: pass def wait_data_until_ssl_read_succeed(): data = bytearray() try: wait_data() # while ssl_sock.pending() > 0 or incoming.pending > 0: while True: data += ssl_sock.read() except ssl.SSLWantReadError: pass return data with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock: ep.register(sock.fileno(), select.EPOLLIN) ssl_sock = ssl_context.wrap_bio(incoming, outgoing, server_hostname='localhost') sock.connect(('127.0.0.1', 25000)) sock.setblocking(False) handshake_complete = False message_sent = False msg = b"a" * 256 # do handshake while True: try: ssl_sock.do_handshake() break except ssl.SSLWantReadError as ex: if outgoing.pending > 0: chunk = outgoing.read(outgoing.pending) sock.send(chunk) wait_data() # send message and wait for reply while True: ssl_sock.write(msg) chunk = outgoing.read(outgoing.pending) sock.send(chunk) data = wait_data_until_ssl_read_succeed() # print(data)
Perf output:
17.41% 0.25% 43 python _ssl.cpython-314-x86_64-linux-gnu.so [.] _ssl__SSLSocket_read
|
--17.16%--_ssl__SSLSocket_read
|
|--8.09%--SSL_read_ex
| |
| --7.74%--0x7b1fbef883f9
| |
| |--4.83%--0x7b1fbefadc22
| | |
| | |--0.93%--0x7b1fbefa6919
| | | |
| | | --0.90%--EVP_DecryptUpdate
| | | |
| | | --0.90%--0x7b1fbec90c8b
| | | |
| | | --0.87%--0x7b1fbec90b45
| | |
| | |--0.79%--0x7b1fbefa64a5
| | | |
| | | --0.61%--EVP_CIPHER_CTX_get_iv_length
| | |
| | |--0.72%--0x7b1fbefa6721
| | | |
| | | --0.60%--EVP_CipherInit_ex
| | |
| | |--0.57%--0x7b1fbefa6750
| | |
| | --0.52%--0x7b1fbefa68f0
| |
| |--1.13%--0x7b1fbefadf94
| | |
| | --0.52%--0x7b1fbefac3c7
| |
| --0.68%--0x7b1fbefad750
|
|--6.21%--PySSL_SetError.constprop.0
| |
| --5.17%--fill_and_set_sslerror
| |
| |--2.83%--PyUnicode_FromFormat
| | |
| | --2.54%--unicode_from_format
| | |
| | --1.23%--__sprintf_chk
| | __vsprintf_internal
| | |
| | --0.99%--__vfprintf_internal
| |
| --1.01%--PyObject_SetAttr
| |
| --0.98%--PyObject_GenericSetAttr
| |
| --0.52%--_PyObjectDict_SetItem
|
--0.60%--SSL_get_error
To reproduce you would need some ssl echo server running on localhost 25000 port. After you have started it, run echo client code under perf.
$ perf record -F 999 -g --call-graph lbr --user-callchains -- python echo_client.py
$ perf report -G -n --stdio
Let it work for 15 seconds and then press Ctrl-C
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux