| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1356789203.21409.3923.camel@edumazet-glaptop>
Date: Sat, 29 Dec 2012 05:53:23 -0800
From: Eric Dumazet <eric.dumazet@...il.com>
To: Andrew Vagin <avagin@...allels.com>
Cc: netdev@...r.kernel.org, vvs@...allels.com,
Michał Mirosław <mirq-linux@...e.qmqm.pl>
Subject: Re: Slow speed of tcp connections in a network namespace
On Sat, 2012-12-29 at 13:24 +0400, Andrew Vagin wrote:
> We found a few nodes, where network works slow in containers.
>
> For testing speed of TCP connections we use wget, which downloads iso
> images from the internet.
>
> wget in the new netns reports only 1.5 MB/s, but wget in the root netns
> reports 33MB/s.
>
> A few facts:
> * Experiments shows that window size for CT traffic does not increases
> up to ~900, however for host traffic window size increases up to ~14000
> * packets are shuffled in the netns sometimes.
> * tso/gro/gso changes on interfaces does not help
> * issue was _NOT_ reproduced if kernel booted with maxcpus=1 or bnx2.disable_msi=1
>
> I reduced steps to reproduce:
> * Create a new network namespace "test" and a veth pair.
> # ip netns add test
> # ip link add name veth0 type veth peer name veth1
>
> * Move veth1 into the netns test
> # ip link set veth1 netns test
>
> * Set ip address on veth1 and proper routing rules are added for this ip
> in the root netns.
> # ip link set up dev veth0; ip link set up dev veth0
> # ip netns exec test ip a add REMOTE dev veth1
> # ip netns exec test ip r a default via veth1
> # ip r a REMOTE/32 via dev veth0
>
> Tcpdump for both cases are attached to this message.
> tcpdump.host - wget in the root netns
> tcpdump.netns.host - tcpdump for the host device, wget in the new netns
> tcpdump.netns.veth - tcpdump for the veth1 device, wget in the new netns
>
> 3.8-rc1 is used for experiments.
>
> Do you have any ideas where is a problem?
veth has absolutely no offload features
It needs some care...
At the very miminum, let TCP coalesce do its job by allowing SG
CC Michał Mirosław <mirq-linux@...e.qmqm.pl> for insights.
Please try following patch :
diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 95814d9..9fefeb3 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -259,6 +259,10 @@ static const struct net_device_ops veth_netdev_ops = {
.ndo_set_mac_address = eth_mac_addr,
};
+#define VETH_FEATURES (NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_TSO | \
+ NETIF_F_HW_CSUM | NETIF_F_HIGHDMA | \
+ NETIF_F_HW_VLAN_TX | NETIF_F_HW_VLAN_RX)
+
static void veth_setup(struct net_device *dev)
{
ether_setup(dev);
@@ -269,9 +273,10 @@ static void veth_setup(struct net_device *dev)
dev->netdev_ops = &veth_netdev_ops;
dev->ethtool_ops = &veth_ethtool_ops;
dev->features |= NETIF_F_LLTX;
+ dev->features |= VETH_FEATURES;
dev->destructor = veth_dev_free;
- dev->hw_features = NETIF_F_HW_CSUM | NETIF_F_SG | NETIF_F_RXCSUM;
+ dev->hw_features = VETH_FEATURES;
}
/*
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists