On Mon, 2019-03-25 at 19:50 +0000, Phillips, Tony wrote:
> Okay. Now we're on to something.
>
> After applying that patch (and the minor edit) It's now noticeably
> faster. I average now 18-20 MBytes/sec (as opposed to 1.9 MB/sec)
>
> I ran 10 of the dd tests back to back, and the syslog is littered
> with about 40,000 of the Requeueing failed ESP send: Resource
> temporarily unavailable
OK, so we're spinning and trying to write, instead of waiting for the
fd to become writeable. Let's see what this does.
It could be that incoming packets (from UDP and from the tun device)
are waking us up each time, and just removing the PRG_ERR output is the
best we can do unless we really only try to write to the socket only
when we know it's writeable and not just because the loop was woken for
some other reason.
diff --git a/esp.c b/esp.c
index 9b79c03a..691db1c4 100644
--- a/esp.c
+++ b/esp.c
@@ -261,34 +261,56 @@ int esp_mainloop(struct openconnect_info *vpninfo, int *timeout)
case KA_NONE:
break;
}
- unmonitor_write_fd(vpninfo, dtls);
- while ((this = dequeue_packet(&vpninfo->outgoing_queue))) {
+ while (1) {
int len;
- len = encrypt_esp_packet(vpninfo, this);
- if (len > 0) {
- ret = send(vpninfo->dtls_fd, (void *)&this->esp, len, 0);
- if (ret < 0) {
- /* Not that this is likely to happen with UDP, but... */
- if (errno == ENOBUFS || errno == EAGAIN || errno == EWOULDBLOCK) {
- monitor_write_fd(vpninfo, dtls);
- /* XXX: Keep the packet somewhere? */
- free(this);
- return work_done;
- } else {
- /* A real error in sending. Fall back to TCP? */
- vpn_progress(vpninfo, PRG_ERR,
- _("Failed to send ESP packet: %s\n"),
- strerror(errno));
- }
- } else {
- vpninfo->dtls_times.last_tx = time(NULL);
+ if (vpninfo->deflate_pkt) {
+ this = vpninfo->deflate_pkt;
+ len = this->len;
+ } else {
+ this = dequeue_packet(&vpninfo->outgoing_queue);
+ if (!this)
+ break;
- vpn_progress(vpninfo, PRG_TRACE, _("Sent ESP packet of %d bytes\n"),
+ len = encrypt_esp_packet(vpninfo, this);
+ if (len < 0) {
+ vpn_progress(vpninfo, PRG_ERR,
+ _("Failed to encrypt ESP packet: %d\n"),
len);
+ free(this);
+ work_done = 1;
+ continue;
+ }
+ }
+
+ ret = send(vpninfo->dtls_fd, (void *)&this->esp, len, 0);
+ if (ret < 0) {
+ /* Not that this is likely to happen with UDP, but... */
+ if (errno == ENOBUFS || errno == EAGAIN || errno == EWOULDBLOCK) {
+ int err = errno;
+ vpninfo->deflate_pkt = this;
+ this->len = len;
+ vpn_progress(vpninfo, PRG_ERR,
+ _("Requeueing failed ESP send (work done %d, monitored %d): %s\n"),
+ work_done, FD_ISSET(vpninfo->dtls_fd, &vpninfo->_select_wfds),
+ strerror(err));
+ monitor_write_fd(vpninfo, dtls);
+ return work_done;
+ } else {
+ /* A real error in sending. Fall back to TCP? */
+ vpn_progress(vpninfo, PRG_ERR,
+ _("Failed to send ESP packet: %s\n"),
+ strerror(errno));
}
} else {
- /* XXX: Fall back to TCP transport? */
+ vpninfo->dtls_times.last_tx = time(NULL);
+
+ vpn_progress(vpninfo, PRG_TRACE, _("Sent ESP packet of %d bytes\n"),
+ len);
+ }
+ if (this == vpninfo->deflate_pkt) {
+ unmonitor_write_fd(vpninfo, dtls);
+ vpninfo->deflate_pkt = NULL;
}
free(this);
work_done = 1;
@@ -310,6 +332,10 @@ void esp_close(struct openconnect_info *vpninfo)
}
if (vpninfo->dtls_state > DTLS_DISABLED)
vpninfo->dtls_state = DTLS_SLEEPING;
+ if (vpninfo->deflate_pkt) {
+ free(vpninfo->deflate_pkt);
+ vpninfo->deflate_pkt = NULL;
+ }
}
void esp_shutdown(struct openconnect_info *vpninfo)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
