How do TCP / TLS / WS / WSS streams buffer data in Rust / Tokio?

If I have a TCP stream in a buffer, waiting for another TCP connection to connect before starting to exchange any data, how does any info that's arriving into this TCP stream get buffered?

Does it pile up on the server side before being read, or is the client waiting for the server to start processing it before transferring anything? Same question goes for WS / WSS streams.

Your kernel will typically have a few kilobytes of buffer for storing data until you are ready to read it from the TCP stream. The other end of the connection will also have another buffer with data that the kernel is trying to send to you. If your local buffer fills up, then it wont accept any more data, and the other end will not be able to empty its out-buffer. Finally, the application application sending the data will now be forced to wait for you because their send syscall will block until space becomes available in the out-buffer.

As for TLS, WS and WSS, they all build on top of TCP, so they get the same behavior. The TLS/WS/WSS implementation probably also has some additional buffers of their own, but this only has the effect of enlarging the buffers that need to be filled until the sender is blocked.

The default buffer size in the kernel is 87380 bytes.

1 Like

Understood - does that mean that in a production setting it's also advisable to monitor the incoming connections to make sure that none of them tries to fill this buffer with random junk, or is that unnecessary, for the most part?

Ah, I don't think they are able to send any data at all until you actually accept the connection. And you should generally try to limit the number of connections you accept at any one time to ensure you don't run out of memory from handling all of them at the same time.

Makes sense.

Does accepting the connection mean that I'm actively processing the data being sent - for instance, with the next() method on the stream, provided by the futures crate, or is the TCP handshake process successfully completed enough for the server to simply fill its buffer with whatever is being sent, as long as the connection hasn't been terminated, though?

No, as soon as you have a connection object, the connection has already been accepted.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.