low pending handshake limit - Moritz Wanzenböck

public inbox for kernel-tls-handshake@lists.linux.dev
 help / color / mirror / Atom feed

From: "Moritz Wanzenböck" <moritz.wanzenboeck@linbit.com>
To: kernel-tls-handshake@lists.linux.dev
Subject: low pending handshake limit
Date: Mon, 04 Sep 2023 14:39:54 +0200	[thread overview]
Message-ID: <IIOG0S.DV0B3MDEVDQF1@linbit.com> (raw)

Hi all,

I'm currently working on enabling TLS support for DRBD, so I'm very 
keen to use the handshake infrastructure. During testing I noticed that 
the allowed number of pending handshakes is quite low. This seems to 
stem from the following calculation:

 /*
  * Arbitrary limit to prevent handshakes that do not make
  * progress from clogging up the system. The cap scales up
  * with the amount of physical memory on the system.
  */
 si_meminfo(&si);
 tmp = si.totalram / (25 * si.mem_unit);
 hn->hn_pending_max = clamp(tmp, 3UL, 50UL);

Which, for the typical VMs I use for testing (1Gi RAM), ends up being 
just 3 handshakes. The limits in general seem too low also in the best 
case. If a node just booted, and would start connecting to all 
configured DRBD devices, we could easily hit even the upper limit of 50.

Also the calculation used doesn't seem to make too much sense to me. It 
allows more handshakes when using a smaller page size?

Would it be possible to increase the number of pending handshakes?

Best regards,
Moritz

next             reply	other threads:[~2023-09-04 12:40 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-04 12:39 Moritz Wanzenböck [this message]
2023-09-04 15:13 ` low pending handshake limit Chuck Lever III
2023-09-05  8:56   ` Moritz Wanzenböck
2023-09-05 11:30     ` Paolo Abeni

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=IIOG0S.DV0B3MDEVDQF1@linbit.com \
    --to=moritz.wanzenboeck@linbit.com \
    --cc=kernel-tls-handshake@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox