lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Oct 2009 15:45:36 +0300 From: Denys Fedoryschenko <denys@...p.net.lb> To: hadi@...erus.ca Cc: netdev@...r.kernel.org Subject: Re: kernel mode pppoe ppp if + ifb + mirred redirect, ethernet packets in ifb?! > I bet pppd in user space is probably your biggest problem in terms of > performance. No. :-) First problem, on restart and massive users login i am getting some weird locking problem with modprobe,probably related to busybox/mdev. When interface come up, maybe it is problem of mdev, it is trying to do modprobe with ip address as attribute. Probably they must not modprobe on virtual interface. It is not easy to track who is reason of such call. As result: [ 174.564503] request_module: runaway loop modprobe 172.16.3.1 [ 174.564702] request_module: runaway loop modprobe 172.16.3.1 [ 174.801355] request_module: runaway loop modprobe 172.16.106.1 [ 174.801487] request_module: runaway loop modprobe 172.16.106.1 [ 175.011415] request_module: runaway loop modprobe 172.16.106.1 load average (even it doesn't mean anything in terms of CPU load) jumps to 72-80. Another bottleneck is u32 (i can optimize but) and some strange locks appearing at top of perf, maybe same as logon case. And yes, pppd also appearing, but seems just registering new sysctls (for new interface?) takes a lot of resources. I can post perf -a -f g if you are interested for "logging in" case and regular operation. > > > After switching to skbedit things improve a lot (before 1k users was near > > max) > > Not using netfilter will improve your numbers. So can skbedit do fwmark > as well? I dont need it, i am using skb->priority as a key for flow classifier. It looks weird, a lot of obsolete code there, but it is very nice, i dont need to touch almost anything on ifb, and i can predefine even on startup required amount of classes and just change rate when required. Here is key part of shaper code: $TC filter add dev ifb0 protocol ip pref 32 parent 1: handle 1 flow map key priority baseclass 1:64 Then i create classes for id's i need (at my case id related to ppp interface number). and when ppp interface come up also: (lowid is related to ppp interface or user id) filter add dev $2 parent ffff: protocol ip prio 10 u32 \ match u32 0 0 flowid 1:1 \ action skbedit priority 0x${lowid} pipe \ action mirred egress redirect dev ifb0 > > yes, something like that. > It may be easier to tcpdump -x on both pppoe and ifb and see how the > packets look like at what offset. If that doesnt work well, I will work > on a patch... Well another way is just to use as you suggest - egress on output interface(s). > > cheers, > jamal -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists