allocations improvements and tunnel fixes (#1248)

* reduce allocations in tunnel code Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * another allocation fix Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * allocate maps with len if it known Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org> * allocate key for send once Signed-off-by: Vasiliy Tolstov <v.tolstov@unistack.org>
2020-02-24 17:15:20 +03:00
parent 01d88601c0
commit 5b0175c2e5
13 changed files with 58 additions and 31 deletions
--- a/tunnel/crypto.go
+++ b/tunnel/crypto.go
@@ -5,7 +5,16 @@ import (
 	"crypto/cipher"
 	"crypto/rand"
 	"crypto/sha256"
-	"io"
+
+	"github.com/oxtoacart/bpool"
+)
+
+var (
+	// the local buffer pool
+	// gcmStandardNonceSize from crypto/cipher/gcm.go is 12 bytes
+	// 100 - is max size of pool
+	noncePool = bpool.NewBytePool(100, 12)
+	hashPool  = bpool.NewBytePool(1024*32, 32)
 )

 // hash hahes the data into 32 bytes key and returns it
@@ -13,7 +22,10 @@ import (
 func hash(key string) []byte {
 	hasher := sha256.New()
 	hasher.Write([]byte(key))
-	return hasher.Sum(nil)
+	out := hashPool.Get()
+	defer hashPool.Put(out[:0])
+	out = hasher.Sum(out[:0])
+	return out
 }

 // Encrypt encrypts data and returns the encrypted data
@@ -32,12 +44,13 @@ func Encrypt(data []byte, key string) ([]byte, error) {
 		return nil, err
 	}

-	// create a new byte array the size of the nonce
+	// get new byte array the size of the nonce from pool
 	// NOTE: we might use smaller nonce size in the future
-	nonce := make([]byte, gcm.NonceSize())
-	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
+	nonce := noncePool.Get()
+	if _, err = rand.Read(nonce); err != nil {
 		return nil, err
 	}
+	defer noncePool.Put(nonce)

 	// NOTE: we prepend the nonce to the payload
 	// we need to do this as we need the same nonce
--- a/tunnel/default.go
+++ b/tunnel/default.go
@@ -131,6 +131,7 @@ func (t *tun) newSession(channel, sessionId string) (*session, bool) {
 		recv:    make(chan *message, 128),
 		send:    t.send,
 		errChan: make(chan error, 1),
+		key:     t.token + channel + sessionId,
 	}

 	// save session
--- a/tunnel/listener.go
+++ b/tunnel/listener.go
@@ -77,6 +77,8 @@ func (t *tunListener) process() {

 				// create a new session session
 				sess = &session{
+					// the session key
+					key: t.token + m.channel + sessionId,
 					// the id of the remote side
 					tunnel: m.tunnel,
 					// the channel
--- a/tunnel/session.go
+++ b/tunnel/session.go
@@ -47,6 +47,8 @@ type session struct {
 	link string
 	// the error response
 	errChan chan error
+	// key for session encryption
+	key string
 }

 // message is sent over the send channel
@@ -326,22 +328,22 @@ func (s *session) Announce() error {
 // Send is used to send a message
 func (s *session) Send(m *transport.Message) error {
 	// encrypt the transport message payload
-	body, err := Encrypt(m.Body, s.token+s.channel+s.session)
+	body, err := Encrypt(m.Body, s.key)
 	if err != nil {
 		log.Debugf("failed to encrypt message body: %v", err)
 		return err
 	}

-	// make copy
+	// make copy, without rehash and realloc
 	data := &transport.Message{
-		Header: make(map[string]string),
+		Header: make(map[string]string, len(m.Header)),
 		Body:   body,
 	}

 	// encrypt all the headers
 	for k, v := range m.Header {
 		// encrypt the transport message payload
-		val, err := Encrypt([]byte(v), s.token+s.channel+s.session)
+		val, err := Encrypt([]byte(v), s.key)
 		if err != nil {
 			log.Debugf("failed to encrypt message header %s: %v", k, err)
 			return err
@@ -387,14 +389,14 @@ func (s *session) Recv(m *transport.Message) error {
 	default:
 	}

-	//log.Tracef("Received %+v from recv backlog", msg)
 	log.Tracef("Received %+v from recv backlog", msg)

+	key := s.token + s.channel + msg.session
 	// decrypt the received payload using the token
 	// we have to used msg.session because multicast has a shared
 	// session id of "multicast" in this session struct on
 	// the listener side
-	body, err := Decrypt(msg.data.Body, s.token+s.channel+msg.session)
+	body, err := Decrypt(msg.data.Body, key)
 	if err != nil {
 		log.Debugf("failed to decrypt message body: %v", err)
 		return err
@@ -410,7 +412,7 @@ func (s *session) Recv(m *transport.Message) error {
 			return err
 		}
 		// encrypt the transport message payload
-		val, err := Decrypt([]byte(h), s.token+s.channel+msg.session)
+		val, err := Decrypt([]byte(h), key)
 		if err != nil {
 			log.Debugf("failed to decrypt message header %s: %v", k, err)
 			return err