MINOR: haterm: enable ktls on the SSL bind line when supported

When both USE_LINUX_SPLICE and USE_KTLS are enabled, it's worth enabling kTLS on the bind line as it significantly increases the local bit rate as well as through TLS accelerators (up to x2/x3). The -dT option remains available to disable it. It was verified to gracefully downgrade when not supported (e.g. OpenSSL 3.0.1 does this).
2026-06-09 00:32:33 -04:00 · 2026-06-02 19:19:25 +02:00 · 2026-06-02 19:19:25 +02:00 · d17fb63ce7
commit d17fb63ce7
parent 564b9d06c0
1 changed files with 18 additions and 2 deletions
--- a/src/haterm_init.c
+++ b/src/haterm_init.c
@ -3,6 +3,7 @@
 #include <haproxy/chunk.h>
 #include <haproxy/errors.h>
 #include <haproxy/global.h>
+#include <haproxy/openssl-compat.h>
 #include <haproxy/version.h>

 static int haterm_debug;
@ -259,6 +260,11 @@ void haproxy_init_args(int argc, char **argv)
 			else if (*opt == 'd' && *(opt+1) == 'S') {
 				global.tune.options &= ~GTUNE_USE_SPLICE;
 			}
+# if defined(HA_USE_KTLS)
+			else if (*opt == 'd' && *(opt+1) == 'T') {
+				global.tune.options |= GTUNE_NO_KTLS;
+			}
+# endif
 #endif
 			else if (*opt == 'd' && *(opt+1) == 'Z') {
 				global.tune.no_zero_copy_fwd |= NO_ZERO_COPY_FWD;
@ -411,10 +417,16 @@ void haproxy_init_args(int argc, char **argv)
 					hbuf_appendf(&fbuf, "\tbind %s:%s shards by-thread ssl "
 					             "alpn h3,h2,http1.1,http1.0"
 					             " crt " HATERM_RSA_CERT_NAME
-					             " crt " HATERM_ECDSA_CERT_NAME "%s%s\n",
+					             " crt " HATERM_ECDSA_CERT_NAME "%s%s%s\n",
 					             ip, port2,
 					             tcp_bind_opt ? " " : "",
-					             tcp_bind_opt ? tcp_bind_opt : "");
+					             tcp_bind_opt ? tcp_bind_opt : "",
+# if defined(USE_LINUX_SPLICE) && defined(HA_USE_KTLS)
+						     " ktls on"
+# else
+						     "" /* no ktls */
+# endif
+						     );

 # if defined(USE_QUIC)
 					/* QUIC binding */
@ -454,6 +466,10 @@ void haproxy_init_args(int argc, char **argv)
 		hbuf_appendf(&gbuf, "\ttune.memory.hot-size 3145728\n");
 		if (has_ssl)
 			hbuf_appendf(&gbuf, "\texpose-experimental-directives\n");
+#if defined(USE_LINUX_SPLICE) && defined(HA_USE_KTLS)
+		if (has_ssl)
+			hbuf_appendf(&gbuf, "\ttune.pipesize 262144\n");
+#endif
 	}

 	/* "global" section */