On 21.03.2012 09:35, Henrik Nordström wrote:
tis 2012-03-20 klockan 16:14 +0400 skrev Alexander Komyagin:
Yep, looks like I have them in SYN_SENT for 5 secs and then they are
discarded (timeout for httperf is set for 5 secs).
And what is seen on the server side?
There is mainly two limits that may get hit with such results, not
counting kernel bugs.
a) Firewall connection tracking.
b) Socket listen backlog queue.
'a' shows up in dmesg.
not sure about 'b'.
> This RSBAC? http://www.rsbac.org/
>
> If so, which kernel version?
This one. 2.6.35.10 SMP x86_64.
With which version of the RBAC patch? RBAC 1.4.5 have issues
according
to rbac.org, and 2.6.35.10 is in the affected range. Now I do not
think
that issue affects socket operations but not 100% sure.
>From RSBAC logs squid 3.2 produces much more operations on NETLINK
RAW
ROUTE sockets than 3.1. Maybe performance differs due to some
changes in
the Squid interception mechanism in 3.2?
Maybe. Wonder what that is. Amos?
The UDS packets comes to mind, but that is a different PF_* family
type. I stopped looking at that point.
It could be the packet MARK lookups which are done through
libnetfilter-*. I have very little idea how that library works
internally.
Amos
