gavinchou commented on code in PR #16340:
URL: https://github.com/apache/doris/pull/16340#discussion_r1109188938
##########
fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlChannel.java:
##########
@@ -44,17 +48,27 @@ public class MysqlChannel {
protected SocketChannel channel;
// used to receive/send header, avoiding new this many time.
protected ByteBuffer headerByteBuffer =
ByteBuffer.allocate(PACKET_HEADER_LEN);
+ // used to receive/send ssl header, avoiding new this many time.
+ protected ByteBuffer sslHeaderByteBuffer =
ByteBuffer.allocate(SSL_PACKET_HEADER_LEN);
// default packet byte buffer for most packet
protected ByteBuffer defaultBuffer = ByteBuffer.allocate(16 * 1024);
protected ByteBuffer sendBuffer;
+
+ protected ByteBuffer sendSslBuffer;
// for log and show
protected String remoteHostPortString;
protected String remoteIp;
protected boolean isSend;
+ protected boolean isSslMode;
+ protected boolean isHandshaking;
Review Comment:
Is it better to rename `isHandshaking` to `isSslHandShaking`?
##########
fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlChannel.java:
##########
@@ -197,6 +264,16 @@ protected void realNetSend(ByteBuffer buffer) throws
IOException {
isSend = true;
}
+ private void encryptData(ByteBuffer dstBuf) throws SSLException {
+ if (isSslMode) {
Review Comment:
Try this to reduce lines of code and indention
```
if (!isSslMode) return;
ByteBuffer netData = ...
...
```
##########
fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlChannel.java:
##########
@@ -126,32 +162,60 @@ protected int readAll(ByteBuffer dstBuf) throws
IOException {
int ret = channel.read(dstBuf);
// return -1 when remote peer close the channel
if (ret == -1) {
+ decryptData(dstBuf);
return readLen;
}
readLen += ret;
}
+ // if use ssl mode, wo need to decrypt received net data(ciphertext)
to app data(plaintext).
+ decryptData(dstBuf);
return readLen;
}
+ private void decryptData(ByteBuffer dstBuf) throws SSLException {
+ if (isSslMode) {
+ ByteBuffer appData =
ByteBuffer.allocate(sslEngine.getSession().getApplicationBufferSize());
Review Comment:
Do we have to allocate a buffer every time we need to decrypt/encrypt data?
Is it possible we allocate (not on heap) 2 large enough buffers for
decryption and encryption to reduce allocation?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
