[Oisf-users] Suricata 3.0 / 3.0.1 IPS Perfomance Anomaly?
Victor Julien
lists at inliniac.net
Wed Apr 6 12:59:45 UTC 2016
On 06-04-16 14:34, Berk Gulenler wrote:
> Hi Victor,
>
> I guess that is what you wanted.
Is this output from during the transfer? If not, please start suri,run
your transfer, stop suri and generate the report.
Thanks!
Victor
>
> core2: (env CFLAGS='-g -O2 -march=core2' ./configure --enable-nfqueue
> --prefix=/usr --sysconfdir=/etc --localstatedir=/var
> --disable-gccmarch-native)
>
> 19.70% Suricata-Main [kernel.kallsyms] [k] clear_page_c
> 8.63% Suricata-Main [kernel.kallsyms] [k] mem_cgroup_charge_common
> 5.51% Suricata-Main [kernel.kallsyms] [k] page_fault
> 5.10% Suricata-Main libc-2.19.so [.] memset
> 5.08% Suricata-Main libc-2.19.so [.] 0x000000000007fee6
> 5.08% Suricata-Main libpthread-2.19.so [.] pthread_mutex_unlock
> 4.40% Suricata-Main libpthread-2.19.so [.] pthread_mutex_init
> 3.64% Suricata-Main libpthread-2.19.so [.] pthread_mutex_lock
> 3.63% Suricata-Main libc-2.19.so [.] malloc
> 3.17% Suricata-Main [kernel.kallsyms] [k] unmap_page_range
> 3.07% Suricata-Main [kernel.kallsyms] [k] __rmqueue
> 2.19% Suricata-Main suricata [.] DefragTrackerAlloc
> 2.04% suricata [kernel.kallsyms] [k] strlen
> 1.93% Suricata-Main [unknown] [.] 0x00007f5b5cc6a4be
> 1.89% Suricata-Main libyaml-0.so.2.0.2 [.]
> yaml_parser_fetch_more_tokens
> 1.74% suricata [kernel.kallsyms] [k] flush_tlb_page
> 1.59% Suricata-Main [kernel.kallsyms] [k] context_tracking_user_enter
> 1.47% Suricata-Main suricata [.] DefragInitConfig
> 1.45% Suricata-Main [kernel.kallsyms] [k] __acct_update_integrals
> 1.45% Suricata-Main [kernel.kallsyms] [k] handle_mm_fault
> 1.45% Suricata-Main suricata [.] DefragTrackerEnqueue
> 1.44% Suricata-Main [kernel.kallsyms] [k] copy_pte_range
> 1.38% Suricata-Main [kernel.kallsyms] [k] __mod_zone_page_state
> 1.22% Suricata-Main [kernel.kallsyms] [k] __pagevec_lru_add_fn
> 1.15% Suricata-Main suricata [.] SCACCreateFailureTable
> 1.09% Suricata-Main [kernel.kallsyms] [k] __khugepaged_enter
> 0.96% Suricata-Main suricata [.] PoolInit
> 0.90% Suricata-Main suricata [.] DefragFragInit
> 0.73% Suricata-Main [kernel.kallsyms] [k] __alloc_pages_nodemask
> 0.73% Suricata-Main [kernel.kallsyms] [k] find_get_page
> 0.73% Suricata-Main [kernel.kallsyms] [k] vtime_account_user
> 0.73% Suricata-Main [kernel.kallsyms] [k] __mem_cgroup_commit_charge
> 0.73% Suricata-Main [kernel.kallsyms] [k] jiffies_to_timeval
> 0.73% Suricata-Main [kernel.kallsyms] [k] ima_file_free
> 0.73% Suricata-Main [kernel.kallsyms] [k] rcu_eqs_enter
> 0.73% Suricata-Main [kernel.kallsyms] [k] get_page_from_freelist
> 0.73% Suricata-Main [kernel.kallsyms] [k] account_user_time
> 0.71% Suricata-Main [kernel.kallsyms] [k] copy_user_generic_string
> 0.19% suricata [kernel.kallsyms] [k] flush_signal_handlers
> 0.13% Suricata-Main [kernel.kallsyms] [k] finish_task_switch
> 0.03% Suricata-Main [kernel.kallsyms] [k] native_write_msr_safe
> 0.01% suricata [kernel.kallsyms] [k] native_write_msr_safe
>
>
> native: (./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc
> --localstatedir=/var)
>
> 21.68% Suricata-Main [kernel.kallsyms] [k] clear_page_c
> 8.73% Suricata-Main libc-2.19.so [.] 0x000000000008088c
> 6.53% Suricata-Main suricata [.] DefragTrackerAlloc
> 4.93% Suricata-Main [kernel.kallsyms] [k] page_fault
> 4.37% Suricata-Main libpthread-2.19.so [.] pthread_mutex_lock
> 4.27% Suricata-Main [kernel.kallsyms] [k] mem_cgroup_charge_common
> 3.60% Suricata-Main [kernel.kallsyms] [k] unmap_page_range
> 3.36% Suricata-Main [kernel.kallsyms] [k] __mem_cgroup_commit_charge
> 3.28% Suricata-Main [kernel.kallsyms] [k] get_page_from_freelist
> 2.77% Suricata-Main suricata [.] PoolInit
> 2.22% Suricata-Main suricata [.] DefragInitConfig
> 2.18% Suricata-Main libpthread-2.19.so [.] pthread_mutex_unlock
> 2.18% Suricata-Main [kernel.kallsyms] [k] page_add_new_anon_rmap
> 2.14% suricata libc-2.19.so [.] _dl_addr
> 1.98% Suricata-Main libyaml-0.so.2.0.2 [.] yaml_parser_update_buffer
> 1.72% suricata ld-2.19.so [.] 0x0000000000005b20
> 1.67% Suricata-Main [kernel.kallsyms] [k] __zone_watermark_ok
> 1.61% Suricata-Main [unknown] [.] 0x00007f7710518494
> 1.55% Suricata-Main [kernel.kallsyms] [k] __pagevec_lru_add_fn
> 1.51% Suricata-Main libpthread-2.19.so [.] pthread_mutex_init
> 1.46% Suricata-Main libpcre.so.3.13.1 [.] compile_regex
> 1.46% Suricata-Main [kernel.kallsyms] [k] __rmqueue
> 1.45% Suricata-Main [kernel.kallsyms] [k] _raw_spin_lock
> 1.24% Suricata-Main [kernel.kallsyms] [k] free_pages_prepare
> 1.17% Suricata-Main suricata [.] SCACPreparePatterns
> 0.94% Suricata-Main suricata [.] DefragFragInit
> 0.82% Suricata-Main [kernel.kallsyms] [k] local_clock
> 0.74% Suricata-Main [kernel.kallsyms] [k] context_tracking_user_enter
> 0.74% Suricata-Main suricata [.] DefragTrackerEnqueue
> 0.73% Suricata-Main [kernel.kallsyms] [k] lookup_page_cgroup
> 0.73% Suricata-Main [kernel.kallsyms] [k] get_pageblock_flags_group
> 0.73% Suricata-Main [kernel.kallsyms] [k] account_user_time
> 0.73% Suricata-Main [kernel.kallsyms] [k] rcu_eqs_exit_common.isra.48
> 0.73% Suricata-Main [kernel.kallsyms] [k] vma_adjust
> 0.73% Suricata-Main [kernel.kallsyms] [k] native_sched_clock
> 0.73% Suricata-Main [kernel.kallsyms] [k] release_pages
> 0.72% Suricata-Main [kernel.kallsyms] [k] mem_cgroup_page_lruvec
> 0.72% Suricata-Main [kernel.kallsyms] [k] copy_pte_range
> 0.72% Suricata-Main [kernel.kallsyms] [k] dup_mm
> 0.24% suricata [kernel.kallsyms] [k] fput
> 0.12% Suricata-Main [kernel.kallsyms] [k] _raw_spin_unlock
> 0.05% Suricata-Main [kernel.kallsyms] [k] native_write_msr_safe
> 0.02% suricata [kernel.kallsyms] [k] native_write_msr_safe
>
>
> On 05-04-2016 16:15, Victor Julien wrote:
>> On 05-04-16 11:00, Berk Gulenler wrote:
>>> I'm having performance problems over HTTP with "-march=native" flag. I'm
>>> sending you test results that I have made on the same hardware and with
>>> same configuration.
>>>
>>> Suricata 3.0.1:
>>> * IPS
>>> * --enable-nfqueue --prefix=/usr --sysconfdir=/etc
>>> --localstatedir=/var
>>> * *CFLAGS -g -O2 -march=native*
>>> * workers mode
>>> * af_packet: threads: 16, cluster-type: cluster_cpu, use-mmap: yes
>>> * threading: set-cpu-affinity: yes
>>> Intel Xeon CPU E5-2690 x 2
>>> Intel X540-AT2
>>> Ubuntu 14.04.4 LTS
>>> gcc version 4.8.4
>>>
>>> wget over Suricata: (results are consistent over many tests)
>>> 1.784.676.352 55,1MB/s (single flow)
>>>
>>> Suricata 3.0.1:
>>> * IPS
>>> * --enable-nfqueue --prefix=/usr --sysconfdir=/etc
>>> --localstatedir=/var
>>> * *CFLAGS -g -O2 -march=core2*
>>> * workers mode
>>> * af_packet: threads: 16, cluster-type: cluster_cpu, use-mmap: yes
>>> * threading: set-cpu-affinity: yes
>>> Intel Xeon CPU E5-2690 x 2
>>> Intel X540-AT2
>>> Ubuntu 14.04.4 LTS
>>> gcc version 4.8.4
>>>
>>> wget over Suricata: (results are consistent over many tests)
>>> 1.784.676.352 74,8MB/s (single flow)
>>>
>>> However there are no performance problems observed over iperf (tcp)
>>> benchmarks in both tests. (~860 Mbit/s over single flow)
>>>
>> Could you add additional information? I'd be interested in learning
>> where the performance is different in the code.
>>
>> Use 'perf' to record this info:
>>
>> perf record <your suricata startup line>
>>
>> Then when you stopped Suricata, share the output of
>>
>> perf report
>>
>> You may have to recompile Suricata with CFLAGS="-g".
>>
>> Thanks!
>>
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list