Hacker News new | ask | show | jobs
by drewg123 3599 days ago
I'm on the team. A few limited comments:

ISA-L: There will be some more recent results presented next week at IDF: http://myeventagenda.com/sessions/0B9F4191-1C29-408A-8B61-65...

Hacking sendfile:

Note that only the bulk encryption for a limited number of ciphers is done in the kernel. All the TLS setup still happens in the userspace SSL library. So the kernel part is quite small. So it is more like hacking the bulk encryption into the kernel, not the entire library.
1 comments
mfjordvald 3598 days ago
Have you guys ever written anything on how you configure nginx and FreeBSD in general? Would love to read more about this.
link
drewg123 3598 days ago
That's a great idea -- I will pass it along.

I'm afraid that most of the interesting "configuration" is to run patched kernel (async sendfile vs aio + sendfile, tls sendfile vs read/encrypt/send, etc). Of course, I work on the kernel, so I'm biased :)

link
2trill2spill 3598 days ago
> I'm afraid that most of the interesting "configuration" is to run patched kernel (async sendfile vs aio + sendfile, tls sendfile vs read/encrypt/send, etc).

Do you have any idea if or when Netflix plans on open sourcing tls sendfile?

link
drewg123 3598 days ago
It has always been the plan to upstream it. However, the patch is rather extensive, and it needs quite a lot of cleanup. (for example, making ISA-L pluggable)
link