| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Oct 2011 10:49:46 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: "Yan, Zheng" <zheng.z.yan@...ux.intel.com> Cc: Kim Phillips <kim.phillips@...escale.com>, netdev@...r.kernel.org, davem@...emloft.net, hirofumi@...l.parknet.co.jp Subject: Re: IPsec performance bug Le vendredi 21 octobre 2011 à 16:28 +0800, Yan, Zheng a écrit : > On Thu, Oct 20, 2011 at 10:22 AM, Kim Phillips > <kim.phillips@...escale.com> wrote: > > Hi, > > > > I'm trying to debug an IPSec forwarding performance slowdown on a > > p2020 dual-core powerpc linux box using s/w crypto (no crypto h/w > > offload enabled) between vanilla kernel versions 2.6.35 and 3.0. > > Using a h/w packet generator set to 64-byte packets, I get the > > following results: > > > > v2.6.35: 48.5kpps > > v3.0.0: 0.2kpps > > v3.0.7: 0.2kpps > > v3.1.0-rc9-01707-gf7ba35d (a recent net-next): 13.6kpps > > > > I was able to bisect the problem down to the following commit: > > > > 7e1dc7b6f709dfc1a9ab4b320dbe723f45992693 is the first bad commit > > commit 7e1dc7b6f709dfc1a9ab4b320dbe723f45992693 > > Author: David S. Miller <davem@...emloft.net> > > Date: Sat Mar 12 02:42:11 2011 -0500 > > > > net: Use flowi4 and flowi6 in xfrm layer. > > > > Signed-off-by: David S. Miller <davem@...emloft.net> > > > > And, indeed, going back one commit (i.e., v2.6.38-rc8-1468-g2032656 > > and manually applying commit 7313714: "xfrm: fix > > __xfrm_route_forward ()"), brings performance back to ~50kpps from > > 0.2kpps. > > > > Tracing shows that the commit breaks the route cache [1], and I > > understand there is major surgery going on in the area [2], so I > > suppose my question is twofold: > > > > (a) was such a large performance drop to be expected for v3.0? > > > > (b) any ideas how to fix? I don't know much about routing > > internals, but in ip_route_input_common(), if I remove the input > > interface comparison (rth->rt_route_iif ^ iif), I get some > > performance back, but the system becomes unstable (it's booted over > > nfs). > > > > Thanks, > > > > Kim > > > > Looks like xfrm4_fill_dst() reset rt->rt_route_iif to 0, it makes the > comparison (rth->rt_route_iif ^ iif) in > ip_route_input_common() return false. > > Please try patch below. It improves the performance of 3.1-rc10 > kernel. (I'm not sure the patch is harmless) > > --- > diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c > index fc5368a..88a0972 100644 > --- a/net/ipv4/xfrm4_policy.c > +++ b/net/ipv4/xfrm4_policy.c > @@ -82,7 +82,6 @@ static int xfrm4_fill_dst(struct xfrm_dst *xdst, > struct net_device *dev, > rt->rt_key_dst = fl4->daddr; > rt->rt_key_src = fl4->saddr; > rt->rt_key_tos = fl4->flowi4_tos; > - rt->rt_route_iif = fl4->flowi4_iif; > rt->rt_iif = fl4->flowi4_iif; > rt->rt_oif = fl4->flowi4_oif; > rt->rt_mark = fl4->flowi4_mark; > -- Hmm, looks like 1b86a58f9d7ce4fe237 (ipv4: Fix "Set rt->rt_iif more sanely on output routes.") assumed xfrm4_fill_dst() was used for input routes. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists