Date: Wed, 22 Apr 2020 09:15:31 -0700 From: Xin Li <delphij@delphij.net> To: Kristof Provost <kp@FreeBSD.org>, d@delphij.net Cc: freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: Re: CFT: if_bridge performance improvements Message-ID: <8634ec5c-a509-d2dd-8f5c-31efcbd50340@delphij.net> In-Reply-To: <BF81FE6C-D4F4-43BA-9DE1-2C6A28A65AF3@FreeBSD.org> References: <5377E42E-4C01-4BCC-B934-011AC3448B54@FreeBSD.org> <8e0e2bf1-27cd-1a99-b266-c7223255942f@delphij.net> <BF81FE6C-D4F4-43BA-9DE1-2C6A28A65AF3@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --LTzKgwOdjrRKkXH73ISC8Gb63OQfMJK5L Content-Type: multipart/mixed; boundary="XOxeXS7BD53fWLQUJLyKPnqYQNh3B0zbP"; protected-headers="v1" From: Xin Li <delphij@delphij.net> Reply-To: d@delphij.net To: Kristof Provost <kp@FreeBSD.org>, d@delphij.net Cc: freebsd-current@freebsd.org, freebsd-stable@freebsd.org Message-ID: <8634ec5c-a509-d2dd-8f5c-31efcbd50340@delphij.net> Subject: Re: CFT: if_bridge performance improvements References: <5377E42E-4C01-4BCC-B934-011AC3448B54@FreeBSD.org> <8e0e2bf1-27cd-1a99-b266-c7223255942f@delphij.net> <BF81FE6C-D4F4-43BA-9DE1-2C6A28A65AF3@FreeBSD.org> In-Reply-To: <BF81FE6C-D4F4-43BA-9DE1-2C6A28A65AF3@FreeBSD.org> --XOxeXS7BD53fWLQUJLyKPnqYQNh3B0zbP Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 4/22/20 01:45, Kristof Provost wrote: > On 22 Apr 2020, at 10:20, Xin Li wrote: >> Hi, >> >> On 4/14/20 02:51, Kristof Provost wrote: >>> Hi, >>> >>> Thanks to support from The FreeBSD Foundation I=E2=80=99ve been able = to work on >>> improving the throughput of if_bridge. >>> It changes the (data path) locking to use the NET_EPOCH infrastructur= e. >>> Benchmarking shows substantial improvements (x5 in test setups). >>> >>> This work is ready for wider testing now. >>> >>> It=E2=80=99s under review here: https://reviews.freebsd.org/D24250 >>> >>> Patch for CURRENT: https://reviews.freebsd.org/D24250?download=3Dtrue= >>> Patches for stable/12: >>> https://people.freebsd.org/~kp/if_bridge/stable_12/ >>> >>> I=E2=80=99m not currently aware of any panics or issues resulting fro= m these >>> patches. >> >> I have observed the following panic with latest stable/12 after applyi= ng >> the stable_12 patchset, it appears like a race condition related NULL >> pointer deference, but I haven't took a deeper look yet. >> >> The box have 7 igb(4) NICs, with several bridge and VLAN configured >> acting as a router.=C2=A0 Please let me know if you need additional >> information; I can try -CURRENT as well, but it would take some time a= s >> the box is relatively slow (it's a ZFS based system so I can create a >> separate boot environment for -CURRENT if needed, but that would take >> some time as I might have to upgrade the packages, should there be any= >> ABI breakages). >> > Thanks for the report. I don=E2=80=99t immediately see how this could h= appen. >=20 > Are you running an L2 firewall on that bridge by any chance? An earlier= > version of the patch had issues with a stray unlock in that code path. I don't think I have a L2 firewall (I assume means filtering based on MAC address like what can be done with e.g. ipfw? The bridges were created on vlan interfaces though, do they count as L2 firewall?), the system is using pf with a few NAT rules: $ sudo pfctl -s rules anchor "miniupnpd" all pass in quick inet6 proto tcp from <myv6> to any flags S/SA keep state block drop in quick inet6 proto tcp from ! <myv6> to <myv6> flags S/SA block drop in quick proto tcp from any os "Linux" to any port =3D ssh pass out on igb6 inet proto tcp from (igb6) to any port =3D domain flags S/SA keep state queue dns pass out on igb6 inet proto udp from (igb6) to any port =3D domain keep state queue dns pass in on igb6 proto tcp from any to (igb6) port =3D http flags S/SA modulate state queue(web, ack) pass in on igb6 proto tcp from any to (igb6) port =3D https flags S/SA modulate state queue(web, ack) pass out on igb6 inet proto tcp from (igb6) to any flags S/SA modulate state queue bulk block drop in quick on igb6 proto tcp from <sshguard> to any port =3D ssh= label "ssh bruteforce" block drop in on igb6 from <badhosts> to any Cheers, --XOxeXS7BD53fWLQUJLyKPnqYQNh3B0zbP-- --LTzKgwOdjrRKkXH73ISC8Gb63OQfMJK5L Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.2.20 (Darwin) iQIzBAEBCgAdFiEEceNg5NEMZIki80nQQHl/fJX0g08FAl6gbaQACgkQQHl/fJX0 g0/gDg/8DM4yJGY6veYbj3XCp7j0LEnu3YZCmQCzeTQBHlep/4VnXXFpapcusIgy L+M5AjvKcu/83qi64HY3yf9llYTLxJBHblTY5ZlfIYpfkHpHFshJ4v7WZAPqL5OP /bfMucXsomL6tVjhwmj5ByaT7LugL/ESPhMrWM6W+kKABpWfKXbJdC+FVapuchf8 KCvs2HNrlfbgwut+p2szXpA0qnwhvWctwVjpnTF18jYwnUEgrrXKD7n47OszPTN2 n6ZKFD9KPL6WdUfhWlK9mgZVRE7b5TvjsCxnixFT472MK5ziQdJ2Xju/u0CxnQTb TGME3wvvOxU1JyjjQ5SXJRST0UFVS56VdleESrbUoYG2XIDi0AuoF8rV7UAPumS/ Ahxnzy0JxO/yU06q3cHyilmo55ldBwqMaTNg/lDHGp1sALJjMdjg1YgG12kKkCMo gO2YQKdfDOOCt0A7unk5K2FklKMnTzy5H+iBKvnUR+Ch0gkD/FRofuZH1A8qkpiC Zy7X0x+CYoRopGEV7cO5p572htuKHqcGo5yj9rgIS8N7qsiyd7PwiRKhSu/iLjLY DFVMVEJgDKlabXqrPCBXwhNVIqtV0uvCoGGMKyKb6bBNHZxVUse8M9007NvZ8r9w 5EYutBu60v/hduywL3xGmlTMFbeQQsxc5Do37go0luXAmZlFGhI= =JaNn -----END PGP SIGNATURE----- --LTzKgwOdjrRKkXH73ISC8Gb63OQfMJK5L--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8634ec5c-a509-d2dd-8f5c-31efcbd50340>