| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160309175307.GM2207@uranus.lan> Date: Wed, 9 Mar 2016 20:53:07 +0300 From: Cyrill Gorcunov <gorcunov@...il.com> To: David Miller <davem@...emloft.net> Cc: alexei.starovoitov@...il.com, eric.dumazet@...il.com, netdev@...r.kernel.org, solar@...nwall.com, vvs@...tuozzo.com, avagin@...tuozzo.com, xemul@...tuozzo.com, vdavydov@...tuozzo.com, khorenko@...tuozzo.com Subject: Re: [RFC] net: ipv4 -- Introduce ifa limit per net On Wed, Mar 09, 2016 at 12:24:00PM -0500, David Miller wrote: ... > We asked you for numbers without a lot of features enabled, it'll > help us diagnose which subsystem still causes a lot of overhead > much more clearly. > > So please do so. Sure. Gimme some time and I'll back with numbers. > Although it's already pretty clear that netfilter conntrack > cleanup is insanely expensive. Yes. I can drop it off for a while and run tests without it, then turn it back and try again. Would you like to see such numbers? > You're also jumping to a lot of conclusions, work with us to fix the > fundamental performance problems rather than continually insisting on > a limit. > > We should be able to remove millions of IP addresses in less than > half a second, no problem. Limits make no sense at all. Sure, I'll continue experimenting (and turn off preemt as a first step). Sorry if I sounded rough. Cyrill
Powered by blists - more mailing lists