From: Patrick McHardy <kaber@trash.net>
To: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Cc: netfilter-devel@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: Conntrack Events Performance - Multipart Messages?
Date: Wed, 23 Jul 2008 19:01:39 +0200 [thread overview]
Message-ID: <488763F3.5020506@trash.net> (raw)
In-Reply-To: <48875887.8040209@gmx.ch>
Fabian Hugelshofer wrote:
> Patrick McHardy wrote:
>> Fabian Hugelshofer wrote:
>>> Again most of the time is spent in the kernel. Memory and skb
>>> operations are accounted there. I suspect that they cause the most
>>> overhead.
>>>
>>> Do you plan to dig deeper into optimising the non-optimal parts? I
>>> consider myself not to have enough understanding to do it myself.
>>
>> The first thing to try would be to use sane allocation sizes
>> for the event messages. This patch doesn't implement it properly
>> (uses probing), but should be enough to test whether it helps.
>
> Thanks a lot. This patch already decreased the CPU usage for ctevtest
> from 85% to 44%. Sweet...
Nice. Now we just need to do it properly :)
> I created a new callgraph profile which you find attached to this mail.
> Let's have a look at two parts:
>
> First:
> 2055 2.7205 ctnetlink_conntrack_event
> 2378 21.6201 nla_put
> 2181 19.8291 nfnetlink_send
> 2055 18.6835 ctnetlink_conntrack_event [self]
> 1250 11.3647 __alloc_skb
> 955 8.6826 ipv4_tuple_to_nlattr
> 752 6.8370 nf_ct_port_tuple_to_nlattr
> 321 2.9184 __memzero
> 220 2.0002 nfnetlink_has_listeners
> 177 1.6092 nf_ct_l4proto_find_get
> 155 1.4092 __nla_put
> 116 1.0546 nf_ct_l3proto_find_get
> 82 0.7455 module_put
> 70 0.6364 nf_ct_l4proto_put
> 66 0.6001 nf_ct_l3proto_put
> 60 0.5455 nlmsg_notify
> 43 0.3909 netlink_has_listeners
> 42 0.3819 __kmalloc
> 37 0.3364 kmem_cache_alloc
> 26 0.2364 __nf_ct_l4proto_find
> 13 0.1182 __irq_svc
>
> nf_conntrack_event is now one of the first functions listed. Do you see
> other ways of improving performance?
For some members doing in-place message construction instead of
copying the data might help, but I couldn only spot few only
used rarely.
The module reference stuff (module_put/nf_ct_*_find_get etc)
is clearly superfluous, this runs in packet processing context
and shouldn't use module references but RCU.
> Second:
> 33 2.4775 __nf_ct_ext_add
> 63 4.7297 dev_hard_start_xmit
> 65 4.8799 sock_recvmsg
> 77 5.7808 netif_receive_skb
> 92 6.9069 __nla_put
> 96 7.2072 nf_conntrack_alloc
> 199 14.9399 nf_conntrack_in
> 246 18.4685 skb_copy
> 427 32.0571 nf_ct_invert_tuplepr
> 1793 2.3737 __memzero
> 1793 100.000 __memzero [self]
>
> Is the zeroing of the inverted tuple in nf_ct_invert_tuple really
> required? As far as I can see all fields are set by the subsequent code.
It dependfs on the protocol family. For IPv6 its completely
unnecessary, for IPv4 the last 12 bytes of each address need
to be zeroes. We could push this down to the protocols to
behave more optimally (actually something I started and didn't
finish some time ago).
next prev parent reply other threads:[~2008-07-23 17:01 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-16 16:42 Conntrack Events Performance - Multipart Messages? Fabian Hugelshofer
2008-07-17 9:16 ` Patrick McHardy
2008-07-17 10:03 ` Pablo Neira Ayuso
2008-07-17 14:34 ` Fabian Hugelshofer
2008-07-17 15:15 ` Fabian Hugelshofer
2008-07-18 15:56 ` Fabian Hugelshofer
2008-07-18 2:11 ` Patrick McHardy
2008-07-21 15:51 ` Fabian Hugelshofer
2008-07-21 15:59 ` Patrick McHardy
2008-07-21 17:49 ` Fabian Hugelshofer
2008-07-23 14:32 ` Fabian Hugelshofer
2008-07-23 14:38 ` Patrick McHardy
2008-07-23 16:12 ` Fabian Hugelshofer
2008-07-23 17:01 ` Patrick McHardy [this message]
2008-07-23 17:07 ` Patrick McHardy
2008-07-23 17:30 ` Fabian Hugelshofer
2008-07-23 17:32 ` Patrick McHardy
2008-07-23 17:38 ` Fabian Hugelshofer
2008-07-23 17:40 ` Patrick McHardy
2008-07-23 17:15 ` Fabian Hugelshofer
2008-07-23 17:20 ` Patrick McHardy
2008-07-24 13:21 ` Fabian Hugelshofer
2008-07-25 8:51 ` Fabian Hugelshofer
2008-07-25 9:32 ` Pablo Neira Ayuso
2008-07-25 11:15 ` Pablo Neira Ayuso
2008-07-27 17:23 ` Fabian Hugelshofer
2008-07-28 18:31 ` Pablo Neira Ayuso
2008-07-28 23:12 ` Fabian Hugelshofer
2008-07-29 17:11 ` Pablo Neira Ayuso
2008-07-25 8:44 ` Fabian Hugelshofer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=488763F3.5020506@trash.net \
--to=kaber@trash.net \
--cc=hugelshofer2006@gmx.ch \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.