lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHXqBFL+Ycw4-_LRcOCT0bjhALE3HfVMB7YfcoCruu=zW5PN-g@mail.gmail.com> Date: Sat, 29 Dec 2012 17:01:01 +0100 From: Michał Mirosław <mirqus@...il.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: Andrew Vagin <avagin@...allels.com>, netdev@...r.kernel.org, vvs@...allels.com, Michał Mirosław <mirq-linux@...e.qmqm.pl> Subject: Re: Slow speed of tcp connections in a network namespace 2012/12/29 Eric Dumazet <eric.dumazet@...il.com>: > On Sat, 2012-12-29 at 13:24 +0400, Andrew Vagin wrote: >> We found a few nodes, where network works slow in containers. >> >> For testing speed of TCP connections we use wget, which downloads iso >> images from the internet. >> >> wget in the new netns reports only 1.5 MB/s, but wget in the root netns >> reports 33MB/s. >> >> A few facts: >> * Experiments shows that window size for CT traffic does not increases >> up to ~900, however for host traffic window size increases up to ~14000 >> * packets are shuffled in the netns sometimes. >> * tso/gro/gso changes on interfaces does not help >> * issue was _NOT_ reproduced if kernel booted with maxcpus=1 or bnx2.disable_msi=1 >> >> I reduced steps to reproduce: >> * Create a new network namespace "test" and a veth pair. >> # ip netns add test >> # ip link add name veth0 type veth peer name veth1 >> >> * Move veth1 into the netns test >> # ip link set veth1 netns test >> >> * Set ip address on veth1 and proper routing rules are added for this ip >> in the root netns. >> # ip link set up dev veth0; ip link set up dev veth0 >> # ip netns exec test ip a add REMOTE dev veth1 >> # ip netns exec test ip r a default via veth1 >> # ip r a REMOTE/32 via dev veth0 >> >> Tcpdump for both cases are attached to this message. >> tcpdump.host - wget in the root netns >> tcpdump.netns.host - tcpdump for the host device, wget in the new netns >> tcpdump.netns.veth - tcpdump for the veth1 device, wget in the new netns >> >> 3.8-rc1 is used for experiments. >> >> Do you have any ideas where is a problem? > > veth has absolutely no offload features > > It needs some care... > > At the very miminum, let TCP coalesce do its job by allowing SG > > CC Michał Mirosław <mirq-linux@...e.qmqm.pl> for insights. veth is just like a tunnel device. In terms of offloads, it can do anything we have software fallbacks for (in case packets get forwarded to real hardware). > Please try following patch : > > diff --git a/drivers/net/veth.c b/drivers/net/veth.c > index 95814d9..9fefeb3 100644 > --- a/drivers/net/veth.c > +++ b/drivers/net/veth.c > @@ -259,6 +259,10 @@ static const struct net_device_ops veth_netdev_ops = { > .ndo_set_mac_address = eth_mac_addr, > }; > > +#define VETH_FEATURES (NETIF_F_SG | NETIF_F_FRAGLIST | NETIF_F_TSO | \ > + NETIF_F_HW_CSUM | NETIF_F_HIGHDMA | \ > + NETIF_F_HW_VLAN_TX | NETIF_F_HW_VLAN_RX) > + > static void veth_setup(struct net_device *dev) > { > ether_setup(dev); > @@ -269,9 +273,10 @@ static void veth_setup(struct net_device *dev) > dev->netdev_ops = &veth_netdev_ops; > dev->ethtool_ops = &veth_ethtool_ops; > dev->features |= NETIF_F_LLTX; > + dev->features |= VETH_FEATURES; > dev->destructor = veth_dev_free; > > - dev->hw_features = NETIF_F_HW_CSUM | NETIF_F_SG | NETIF_F_RXCSUM; > + dev->hw_features = VETH_FEATURES; > } You missed NETIF_F_RXCSUM in VETH_FEATURES. We might support NETIF_F_ALL_TSO, not just the IPv4 version. Best Regards, Michał Mirosław -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists