On Fri, 2012-03-23 at 19:44 +0100, Henrik Nordström wrote: > fre 2012-03-23 klockan 19:49 +0400 skrev Alexander Komyagin: > > > It seems I finally figured out where the problem is. Squid 3.2.0.16 > > performs host verification for each request. And this verification > > produces the call to libc getaddrinfo() function (converting IP address > > from text to numeric in my case), but uClibc implementation of this > > functions looks like not aware of AF_HOSTNUMERIC hint flag, thus > > performing full lookup (I haven't checked details yet). With RSBAC-Net > > turned on it's too much overhead. (Actually there are two calls for such > > conversion per request - one more is in url.cc:urlParseFinish() > > function) > > Why is the overhead with RSBAC-Net that high in this case? > > getaddrinfo() is a quite frequenty used call. > > But I agree that getaddrinfo for converting textual ip to addrinfo to > compare with resolved hostname may be a bit overkill. Not even sure why > we are converting textual IP to to addrinfo there, we should already > have it in IpAddress internal representaion form. > > > After adding a special hack for numeric IP address conversion requests > > in Squid (avoiding call to real getaddrinfo() in that case), the > > performance problem has gone (workers work fine too!). > > Good! > > >
Actually I think the RSBAC-Net overhead resides in the logic of gethostbyname(), which is called in the getaddrinfo() function. From performance tests it looks like that RSBAC-Net not just slows things down a little with extra calls to getaddrinfo() (which is expected), but probably also blocks simultaneous access to the resolver - in profiler logs I can see some internal RSBAC kernel functions that are related to list structure modification - such modifications are surely guarded by spinlocks! We want to try switch to the Squid compat realization of getaddrinfo() for now (called xgetaddrinfo(), hope it works), until the uClibc is fixed. -- Best wishes, Alexander Komyagin
