On 03/20/2012 06:14 AM, Alexander Komyagin wrote: >>>> By comparing oprofile results for 3.2 with and w/o RSBAC-Net, I can >>>> assume that RSBAC-Net subsystem performs some internal operations on >>>> list structures, which are indeed protected by locks - and this, in my >>>> point of view, may block simultaneous squid socket operations and affect >>>> performance.
>> > Possible. We would not know. There are no simultaneous squid socket operations in no-daemon mode. > From RSBAC logs squid 3.2 produces much more operations on NETLINK RAW > ROUTE sockets than 3.1. Maybe performance differs due to some changes in > the Squid interception mechanism in 3.2? FWIW, I think it would be rather valuable for Squid and possibly RSBAC folks to figure this one out: 1) If Squid v3.2 in no-daemon mode is slower than v3.1, then we may want to change something in v3.2. In no-daemon mode, there are no shared accepting sockets so we cannot use them as an excuse for slowing things down. I recommend switching to forward proxying mode to eliminate or confirm interception as a suspect first. 2) If #1 is resolved but Squid v3.2 is still slower than v3.1 when multiple workers are used, then RSBAC folks may need to fix their stuff. I would not recommend working on this until #1 is resolved though. HTH, Alex.
