HIPL

lp:~christof-mroz/hipl/hipfw-esp-speedup

Created by Christof Mroz and last modified

This branch contains the principal improvement from the old hipfw-performance branch:
Dynamic insertion and deletion of iptables rules for known SPI/Destination IP pairs, in order to prevent packets that don't need further processing from being received by ip_queue, which would otherwise result in a useless kernel-userspace round trip and thus a considerable performance hit.

Quoting from my original mail:

<snip>
=== trunk ===

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[ 4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected
with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.3 sec 12.0 MBytes 9.80 Mbits/sec

------------------------------------------------------------
Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 60265 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.1 sec 12.0 MBytes 9.97 Mbits/sec

=== hipfw-performance ===

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[ 4] local 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001 connected with 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461
[ ID] Interval Transfer Bandwidth
[ 4] 0.0-10.0 sec 21.1 MBytes 17.7 Mbits/sec

------------------------------------------------------------
Client connecting to 2001:10:8453:d73e:de44:24de:51e:1e77, TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------
[ 3] local 2001:11:2910:6a40:17f1:d819:d272:ea99 port 50461 connected with 2001:10:8453:d73e:de44:24de:51e:1e77 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-10.0 sec 21.1 MBytes 17.7 Mbits/sec
</snip>

This feature is currently opt-in and can be turned on using the -u command line option. Otherwise, everything should behave as before.
Even if ip_queue is bypassed for a connection, timeouts should still work as expected, with all associated rules getting removed.

Get this branch:
bzr branch lp:~christof-mroz/hipl/hipfw-esp-speedup
Only Christof Mroz can upload to this branch. If you are Christof Mroz please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Christof Mroz
Project:
HIPL
Status:
Merged

Recent revisions

5811. By Christof Mroz

Document static global total_esp_rules_count.

5810. By Christof Mroz

Declare tuple variable at tighter scope.

5809. By Christof Mroz

Unit test for system_printf().

5808. By Christof Mroz

Fixed system_printf() length check.

5807. By Christof Mroz

Merged lp:~christof-mroz/hipl/hipfw-timeout rev 5810.

5806. By Christof Mroz

Merged with hipfw-timeout branch.

5805. By Christof Mroz

Export the maximum command line length as a global preprocessor #define.

5804. By Christof Mroz

Fix unsigned <-> signed cast direction.

A signed value that's known to be positive may be safely cast into an unsigned
value, but cast unsigned to signed carries the risk of overflow (in C).

5803. By Christof Mroz

Unit tests for hip_fw_manage_esp_rule.

5802. By Christof Mroz

Use true/false rather than 1/0 for boolean.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:hipl
This branch contains Public information 
Everyone can see this information.

Subscribers