| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 May 2009 22:41:14 +0300 From: Denys Fedoryschenko <denys@...p.net.lb> To: Jarek Poplawski <jarkao2@...il.com> Cc: Patrick McHardy <kaber@...sh.net>, Stephen Hemminger <shemminger@...ux-foundation.org>, netdev@...r.kernel.org Subject: Re: [RFC] iproute2/tc caching proposal On Thursday 07 May 2009 21:44:52 Jarek Poplawski wrote: > Denys Fedoryschenko wrote, On 05/07/2009 12:03 AM: > > Since already someone did caching in iproute2, my changes is very > > trivial, but giving huge improvement in batch performance (30k rules > > 10minutes vs 30 seconds). > > > > ll_init_map is called in many places in tc, but since tc not changing > > anything, that can change this map, i think it is enough to call it only > > at the beginning, after rtnl_open(). > > > > Only one exclusion - tc monitor, because it is running long time, and > > things can change over this time, so we call ll_init_map on each received > > rtnetlink event. > > Do you mean 30 sec. is to short for a change? I don't know these things > enough; your idea looks very nice, but I wonder if you tested how it > behaves if e.g. after 15k rules some dev goes away which is used in the > next 15k? Well, i think if this point are criticial - not good idea to use batching at all. Bad condition can happen on 1k interface, and "old style", just each line takes hundreds of milliseconds, and there is chance that when root qdisc created, in batch, interface doesn't exist, and when you will start creating classes it will appear. In my case even if device disappeared and id is not valid , it will just not add shaper(error, in case of flag -force - not critical), because id of interface will be different, even if device with same name appeared, because device id is incremental as i understand. For example: ppp100 assigned to john, who have 100Mbit unlimited. Let's say ppp100 have assigned id 12345. Batch started, and before it is reached john, he disconnected and another user connected let's say willy (32Kbit/s) and catch ppp100, but id will be different, it will just give error. I use flag "-force" for that. If i will refresh "interface-id" map on each batch line, first, on system with 1k+ interface it will take around 10 minutes instead of 30 seconds, to load 20-40k lines batch file. Second, willy can get 100Mbits because of mistake. > > > Also please check "[RFC] [IPROUTE2] Filter class output by classid", if > > it is ok. Many people told it is useful patch. > > I agree it's useful and quite natural option. > > Thanks, > Jarek P. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists