Re: bozohttpd support for SNI

[Thor Lancelot Simon]

On Fri, Sep 30, 2016 at 04:45:10PM -0400, matthew sporleder wrote:
> 
> bozo is growing features pretty quickly as netbsd keeps trying to use it to
> do actual stuff(tm).  :)

I'd prefer to see a lot of the complex functionality in bozo split out into
helper programs.

This feature, in particular, along with the rest of bozo's SSL handling, could
go in something like pound -- except that pound is GPL.  The helper could
communicate with bozo on an AF_UNIX socket.

Experience from a past life tells me such a program would take about two days
to write, would leave me owing dyoung about six dinners for debugging, and
would be about 1500 lines long.

-- 
  Thor Lancelot Simont...@panix.com

"The dirtiest word in art is the C-word.  I can't even say 'craft'
 without feeling dirty."-Chuck Close

Re: bozohttpd support for SNI

[matthew sporleder]

On Fri, Sep 30, 2016 at 4:43 PM, Alistair Crooks  wrote:

> Personally, I'd love to have support for SNI (and multiple -Z paths
> per site too) - I'd use it daily.
>
> In fact, I was just bemoaning that fact yesterday, but am not
> best-placed to do anything about it right now (yes, I suck :()
>
> Best,
> Alistair
>
> On 30 September 2016 at 13:37, J. Lewis Muir  wrote:
> > Hello!
> >
> > Does bozohttpd in NetBSD (7 or current) support SNI (Server Name
> > Identification) such that multiple SSL sites can be served from one
> > HTTPS server?  If not, what is NetBSD's position on the feature: is it
> > "we're open to accepting a quality patch," or is it more "we'd rather
> > not add the feature; it's better to just use separate server instances
> > on separate IP addresses; we're trying to keep with bozohttpd's main
> > feature as stated on its website which is 'the lack of features,
> > reducing the code size and improving verifiability'"?
> >
> > Thanks!
> >
> > Lewis
> >
>

bozo is growing features pretty quickly as netbsd keeps trying to use it to
do actual stuff(tm).  :)

Re: bozohttpd support for SNI

[Alistair Crooks]

Personally, I'd love to have support for SNI (and multiple -Z paths
per site too) - I'd use it daily.

In fact, I was just bemoaning that fact yesterday, but am not
best-placed to do anything about it right now (yes, I suck :()

Best,
Alistair

On 30 September 2016 at 13:37, J. Lewis Muir  wrote:
> Hello!
>
> Does bozohttpd in NetBSD (7 or current) support SNI (Server Name
> Identification) such that multiple SSL sites can be served from one
> HTTPS server?  If not, what is NetBSD's position on the feature: is it
> "we're open to accepting a quality patch," or is it more "we'd rather
> not add the feature; it's better to just use separate server instances
> on separate IP addresses; we're trying to keep with bozohttpd's main
> feature as stated on its website which is 'the lack of features,
> reducing the code size and improving verifiability'"?
>
> Thanks!
>
> Lewis
>

bozohttpd support for SNI

[J. Lewis Muir]

Hello!

Does bozohttpd in NetBSD (7 or current) support SNI (Server Name
Identification) such that multiple SSL sites can be served from one
HTTPS server?  If not, what is NetBSD's position on the feature: is it
"we're open to accepting a quality patch," or is it more "we'd rather
not add the feature; it's better to just use separate server instances
on separate IP addresses; we're trying to keep with bozohttpd's main
feature as stated on its website which is 'the lack of features,
reducing the code size and improving verifiability'"?

Thanks!

Lewis

Re: Poor network performances

[Emile `iMil' Heitor]

On Fri, 30 Sep 2016, Emile `iMil' Heitor wrote:



I tried tweaking sysctl a bit like indicated here:

https://wiki.netbsd.org/tutorials/tuning_netbsd_for_performance/


I found these values to help a lot:

http://proj.sunet.se/E2E/netbsd.txt

from http://proj.sunet.se/E2E/tcptune.html


Emile `iMil' Heitor * 
  _
| http://imil.net| ASCII ribbon campaign ( )
| http://www.NetBSD.org  |  - against HTML email  X
| http://gcu.info|  & vCards / \


!DSPAM:57ee8907262441074220105!

Poor network performances

[Emile `iMil' Heitor]

Hi,

I've been witnessing poor performances while using NetBSD 7.0/amd64 on a
Gigabit network. I tried this with 2 differents NICs.

Default scenario, either re(4) or alc(4):

$ ifconfig re0 # relevant bits
re0: flags=8843 mtu 1500
capabilities=3f00
capabilities=3f00
enabled=0
ec_capabilities=3
ec_enabled=0
address: f8:df:2f:f7:af:f2
media: Ethernet autoselect (1000baseT full-duplex)
status: active
[...]

On the actual gigabit LAN:

$ iperf3 -c coruscant -l16k
Connecting to host coruscant, port 5201
[  4] local 192.168.1.57 port 32792 connected to 192.168.1.249 port 5201
[ ID] Interval   Transfer Bandwidth   Retr  Cwnd
[  4]   0.00-1.00   sec  6.73 MBytes  56.5 Mbits/sec0   69.3 KBytes 
[  4]   1.00-2.00   sec  12.1 MBytes   102 Mbits/sec0102 KBytes 
[  4]   2.00-3.00   sec  14.1 MBytes   118 Mbits/sec0136 KBytes 
[  4]   3.00-4.00   sec  15.0 MBytes   126 Mbits/sec   19154 KBytes 
[  4]   4.00-5.00   sec  16.4 MBytes   138 Mbits/sec0188 KBytes 
[  4]   5.00-6.00   sec  16.7 MBytes   140 Mbits/sec   30187 KBytes 
[  4]   6.00-7.00   sec  18.3 MBytes   153 Mbits/sec0195 KBytes 
[  4]   7.00-8.00   sec  17.8 MBytes   149 Mbits/sec0195 KBytes 
[  4]   8.00-9.00   sec  18.1 MBytes   152 Mbits/sec0195 KBytes 
[  4]   9.00-10.00  sec  18.0 MBytes   151 Mbits/sec0195 KBytes 
- - - - - - - - - - - - - - - - - - - - - - - - -

[ ID] Interval   Transfer Bandwidth   Retr
[  4]   0.00-10.00  sec   153 MBytes   129 Mbits/sec   49 sender
[  4]   0.00-10.00  sec   152 MBytes   128 Mbits/sec  receiver

The client machine is a linux box which actually reaches Gb transfer with
another linux host.

Over my FO Internet connection:

NetBSD:
$ iperf3 -c ping.online.net
[...]
[ ID] Interval   Transfer Bandwidth   Retr
[  6]   0.00-10.01  sec  44.3 MBytes  37.1 Mbits/sec   45 sender
[  6]   0.00-10.01  sec  44.1 MBytes  37.0 Mbits/sec  receiver

Linux:
$ iperf3 -c ping.online.net
[...]
[ ID] Interval   Transfer Bandwidth   Retr
[  4]   0.00-10.00  sec   124 MBytes   104 Mbits/sec   49 sender
[  4]   0.00-10.00  sec   121 MBytes   102 Mbits/sec  receiver

To be 100% honest, the Linux box is connected through a PLC while the NetBSD box
is directly connected to the ISP router...

I tried tweaking sysctl a bit like indicated here:

https://wiki.netbsd.org/tutorials/tuning_netbsd_for_performance/

without success.

Hints? Thoughts?


Emile `iMil' Heitor * 
  _
| http://imil.net| ASCII ribbon campaign ( )
| http://www.NetBSD.org  |  - against HTML email  X
| http://gcu.info|  & vCards / \


!DSPAM:57ee707c128551504132269!