I noticed that krpc has the following syscall pattern:
This block of syscalls repeats in a pretty tight loop – epoll_wait, CORK, write, UNCORK. The writes are always 0x401d bytes (just more than 16kb). I found the following in the ssl_write manpage:
SSL_write() will only return with success, when the complete contents of buf of length num has been written. This default behaviour can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of ssl_ctx_set_mode(3). When this flag is set, SSL_write() will also return with success, when a partial write has been successfully completed. In this case the SSL_write() operation is considered completed. The bytes are sent and a new SSL_write() operation with a new buffer (with the already sent bytes removed) must be started. A partial write is performed with the size of a message block, which is 16kB for SSLv3/TLSv1.
Seems likely we should be looping the writes before uncorking – either until we run into a temporary socket error or run out of stuff to write.