[Bug 253912] [PATCH] Ineffective lookup of incoming packets in libalias
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Feb 28 15:05:20 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253912
Bug ID: 253912
Summary: [PATCH] Ineffective lookup of incoming packets in
libalias
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: 8an at praha12.net
Created attachment 222878
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=222878&action=edit
Change lookup of incoming packets to use both addresses
While lookup of outgoing packets uses hash based on both source and destination
address, for incoming packets only alias address and port is used. So when
multiple connections from different addresses target the same port of
redirected address (using redirect_addr or redirect_port in IPFW), the link
table must be searched sequentially - tens of thousand of items for every
incoming packet. To make it worse, the search is under a lock, so it is forced
to run on a single core. Consequently just 1000pps from different addresses are
enough to bring down a server with the fastest CPU available in under a minute.
The attached patch fixes the problem by using both addresses and ports for
lookup of incoming packets. We are running it currently on 11.2, but it applies
to CURRENT without changes.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list