Re: [CFT/R] IPv4 source address selection
On Sun, 24 Aug 2008, Bjoern A. Zeeb wrote: Hi, I have a patch, that was inspired by work from Y!, to do porper IPv4 source address selection for unbound sockets (with multi-IP jails). You can temporary find it here: http://people.freebsd.org/~bz/20080823-01-in_pcbladdr.diff People running my latest jail patches have been ``testing'' this without really knowing the last weeks. In case you wonder why, in the jail case, I loop over the ifa first before simply falling back to the primary jail IP (which is the only jail IP as in HEAD) -- this is because with the upcoming jail patches I have to check if any of possibly lots of IPs match any IP on an interface and only if none matches I have to fall back to the 'primary' jail IP. So the code has been prepared for upcoming changes already. Feel free to test it and report problems or unexpected behavior. Unless someone is going to cry it'll hit HEAD in a few days. Okay, there was close to zero feedback:( I had Kris test it performance wise and he found a performance regression and I talked to Robert about the general code a bit more then decided that I can simplify it. After that I re-ran some performance tests myself and found that passing in pointers improves things and now we are at the following with unbound udp sockets: x cvs-plain2 + bz-laddr ++ |++ + + x x x + x| | |__A_M|___|_A|| ++ N Min MaxMedian AvgStddev x 5 498932.16 500399.34 499727.93 499724.08 668.35243 + 5 496178.62 500190.01 498391.13 497996.98 1649.8572 No difference proven at 95.0% confidence x cvs-plain2-jailed + bz-laddr-jailed ++ |x + * + xx + x +| |||_M_AA__M||| ++ N Min MaxMedian AvgStddev x 5 493049.99 499015.59 497250.89 496364.37 2305.2757 + 5 493335.46 499712.52 496067.19 496411.24 2431.479 No difference proven at 95.0% confidence For jails this already has the loops, though I was still trying with a single (extra) IP only. So the latest patch is here: http://people.freebsd.org/~bz/20080831-01-in_pcbladdr.diff I'd really like some review before this goes in especially as it changes the semantics for jails a bit more. I'll probably time out by Sunday (UTC) or so; in case you want to look at it but need more time, let me know and I'll wait. /bz PS: I'll also post an updated jail patch for HEAD with this change in case people want to try that with multi-IP jails. PS: in case you review this properly (not only glance at it or test it) let me know so I can punish you in the Reviewed by: line;-) -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [CFT/R] IPv4 source address selection
Bjoern A. Zeeb wrote: On Sun, 24 Aug 2008, Bjoern A. Zeeb wrote: Hi, I have a patch, that was inspired by work from Y!, to do porper IPv4 source address selection for unbound sockets (with multi-IP jails). You can temporary find it here: http://people.freebsd.org/~bz/20080823-01-in_pcbladdr.diff People running my latest jail patches have been ``testing'' this without really knowing the last weeks. In case you wonder why, in the jail case, I loop over the ifa first before simply falling back to the primary jail IP (which is the only jail IP as in HEAD) -- this is because with the upcoming jail patches I have to check if any of possibly lots of IPs match any IP on an interface and only if none matches I have to fall back to the 'primary' jail IP. So the code has been prepared for upcoming changes already. Feel free to test it and report problems or unexpected behavior. Unless someone is going to cry it'll hit HEAD in a few days. Okay, there was close to zero feedback:( sorry I'm flat out, but very interested.. I had Kris test it performance wise and he found a performance regression and I talked to Robert about the general code a bit more then decided that I can simplify it. After that I re-ran some performance tests myself and found that passing in pointers improves things and now we are at the following with unbound udp sockets: x cvs-plain2 + bz-laddr ++ |++ + + x x x + x| | |__A_M|___|_A|| ++ N Min MaxMedian Avg Stddev x 5 498932.16 500399.34 499727.93 499724.08 668.35243 + 5 496178.62 500190.01 498391.13 497996.98 1649.8572 No difference proven at 95.0% confidence x cvs-plain2-jailed + bz-laddr-jailed ++ |x + * + xx + x +| |||_M_AA__M||| ++ N Min MaxMedian Avg Stddev x 5 493049.99 499015.59 497250.89 496364.37 2305.2757 + 5 493335.46 499712.52 496067.19 496411.24 2431.479 No difference proven at 95.0% confidence For jails this already has the loops, though I was still trying with a single (extra) IP only. So the latest patch is here: http://people.freebsd.org/~bz/20080831-01-in_pcbladdr.diff I'd really like some review before this goes in especially as it changes the semantics for jails a bit more. I'll probably time out by Sunday (UTC) or so; in case you want to look at it but need more time, let me know and I'll wait. /bz PS: I'll also post an updated jail patch for HEAD with this change in case people want to try that with multi-IP jails. PS: in case you review this properly (not only glance at it or test it) let me know so I can punish you in the Reviewed by: line;-) ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
[CFT/R] IPv4 source address selection
Hi, I have a patch, that was inspired by work from Y!, to do porper IPv4 source address selection for unbound sockets (with multi-IP jails). You can temporary find it here: http://people.freebsd.org/~bz/20080823-01-in_pcbladdr.diff People running my latest jail patches have been ``testing'' this without really knowing the last weeks. In case you wonder why, in the jail case, I loop over the ifa first before simply falling back to the primary jail IP (which is the only jail IP as in HEAD) -- this is because with the upcoming jail patches I have to check if any of possibly lots of IPs match any IP on an interface and only if none matches I have to fall back to the 'primary' jail IP. So the code has been prepared for upcoming changes already. Feel free to test it and report problems or unexpected behavior. Unless someone is going to cry it'll hit HEAD in a few days. /bz PS: in case you review this properly (not only glance at it or test it) let me know so I can punish you in the Reviewed by: line;-) -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [CFT/R] IPv4 source address selection
Bjoern A. Zeeb wrote: Hi, I have a patch, that was inspired by work from Y!, to do porper IPv4 source address selection for unbound sockets (with multi-IP jails). Hi, This kinda overlaps with some other ideas I'd like to see go in. It looks good and if it's already been tested, it should probably go in anyway as it disentangles the logic and puts it in a separate function. I'm thinking we may wish to use criteria other than interface or jailed socket to select source address. I should point out though that we picked some stuff up from KAME to do source address selection but it's not in the IPv4 stack. cheers BMS ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
