<html><body><p><tt><font size="2">> > [g] Agreed about general efficiency, but with TLS, you would need a different context for each of these streams.<br>> <br>> I can’t follow you. Which different streams? What do you want to coordinate?<br>> <br>> Are we still talking about<br>> <br>> func tlsWritev(vectors: AnyCollection<iovec>)<br>> <br>> ?? What has been proposed is simply supporting `writev` semantics (man writev).<br></font></tt><br><br><tt><font size="2">I'll reword what my understanding is and let me know if I am incorrect. I obviously haven't worked with vectored IO before so this is new for me.</font></tt><br><br><br><tt><font size="2">I understand the benefit of iov and its single-copy properties when we call readv or writev (efficiency + atomicity).</font></tt><br><tt><font size="2">But this assumes we are using those functions in our implementation of TLS.</font></tt><br><br><tt><font size="2">** In OpenSSL, there seems to be some support for it though I have not tested it.</font></tt><br><br><tt><font size="2">According to </font></tt><a href="https://mta.openssl.org/pipermail/openssl-dev/2015-March/000861.html"><tt><font size="2">https://mta.openssl.org/pipermail/openssl-dev/2015-March/000861.html</font></tt></a><tt><font size="2"> there is a patch that went in OpenSSL that supports iovec.</font></tt><br><br><tt><font size="2">Also possibly we can do this via BIO with </font></tt><tt><font size="2">BIO_f_buffer(). It seems there is one additional copy but it's still more efficient than treating each buffer separately.</font></tt><br><a href="http://stackoverflow.com/questions/38198638/openssl-ssl-write-from-multiple-buffers-ssl-writev"><tt><font size="2">http://stackoverflow.com/questions/38198638/openssl-ssl-write-from-multiple-buffers-ssl-writev</font></tt></a><br><br><br><tt><font size="2">(I would assume the latter technique would also work in LibreSSL and other forks)</font></tt><br><br><tt><font size="2">** In SecureTransport, AFAIK there is no support for iov though our friends at Apple may give us a definitive answer.</font></tt><br><br><br><br><tt><font size="2">If iov is not supported in the underlying TLS library, then we go back to treating each buffer in iov as a separate buffer and calling the SSL_write on each buffer individually.</font></tt><br><br><br><tt><font size="2">Furthermore, if not all underyling TLS libraries support vectored IO, then having that as input to onReceive/onSend doesn't make sense.</font></tt><br><br><tt><font size="2">Perhaps we can define new procedures in TLSService protocol for vectored IO that return NotImplemented if underlying library doesn't support them, but we need a basic one that handles one buffer at a time and is supported by all security libraries.</font></tt><br><br><tt><font size="2">g.</font></tt><br><BR>
</body></html>