[Oisf-users] Suricata 3.0 / 3.0.1 IPS Perfomance Anomaly?
Berk Gulenler
gulenler at boun.edu.tr
Wed Apr 6 13:58:05 UTC 2016
On 06-04-2016 15:59, Victor Julien wrote:
> On 06-04-16 14:34, Berk Gulenler wrote:
>> Hi Victor,
>>
>> I guess that is what you wanted.
> Is this output from during the transfer? If not, please start suri,run
> your transfer, stop suri and generate the report.
Yes, those outputs are generated as you described before.
>
> Thanks!
> Victor
>
>> core2: (env CFLAGS='-g -O2 -march=core2' ./configure --enable-nfqueue
>> --prefix=/usr --sysconfdir=/etc --localstatedir=/var
>> --disable-gccmarch-native)
>>
>> 19.70% Suricata-Main [kernel.kallsyms] [k] clear_page_c
>> 8.63% Suricata-Main [kernel.kallsyms] [k] mem_cgroup_charge_common
>> 5.51% Suricata-Main [kernel.kallsyms] [k] page_fault
>> 5.10% Suricata-Main libc-2.19.so [.] memset
>> 5.08% Suricata-Main libc-2.19.so [.] 0x000000000007fee6
>> 5.08% Suricata-Main libpthread-2.19.so [.] pthread_mutex_unlock
>> 4.40% Suricata-Main libpthread-2.19.so [.] pthread_mutex_init
>> 3.64% Suricata-Main libpthread-2.19.so [.] pthread_mutex_lock
>> 3.63% Suricata-Main libc-2.19.so [.] malloc
>> 3.17% Suricata-Main [kernel.kallsyms] [k] unmap_page_range
>> 3.07% Suricata-Main [kernel.kallsyms] [k] __rmqueue
>> 2.19% Suricata-Main suricata [.] DefragTrackerAlloc
>> 2.04% suricata [kernel.kallsyms] [k] strlen
>> 1.93% Suricata-Main [unknown] [.] 0x00007f5b5cc6a4be
>> 1.89% Suricata-Main libyaml-0.so.2.0.2 [.]
>> yaml_parser_fetch_more_tokens
>> 1.74% suricata [kernel.kallsyms] [k] flush_tlb_page
>> 1.59% Suricata-Main [kernel.kallsyms] [k] context_tracking_user_enter
>> 1.47% Suricata-Main suricata [.] DefragInitConfig
>> 1.45% Suricata-Main [kernel.kallsyms] [k] __acct_update_integrals
>> 1.45% Suricata-Main [kernel.kallsyms] [k] handle_mm_fault
>> 1.45% Suricata-Main suricata [.] DefragTrackerEnqueue
>> 1.44% Suricata-Main [kernel.kallsyms] [k] copy_pte_range
>> 1.38% Suricata-Main [kernel.kallsyms] [k] __mod_zone_page_state
>> 1.22% Suricata-Main [kernel.kallsyms] [k] __pagevec_lru_add_fn
>> 1.15% Suricata-Main suricata [.] SCACCreateFailureTable
>> 1.09% Suricata-Main [kernel.kallsyms] [k] __khugepaged_enter
>> 0.96% Suricata-Main suricata [.] PoolInit
>> 0.90% Suricata-Main suricata [.] DefragFragInit
>> 0.73% Suricata-Main [kernel.kallsyms] [k] __alloc_pages_nodemask
>> 0.73% Suricata-Main [kernel.kallsyms] [k] find_get_page
>> 0.73% Suricata-Main [kernel.kallsyms] [k] vtime_account_user
>> 0.73% Suricata-Main [kernel.kallsyms] [k] __mem_cgroup_commit_charge
>> 0.73% Suricata-Main [kernel.kallsyms] [k] jiffies_to_timeval
>> 0.73% Suricata-Main [kernel.kallsyms] [k] ima_file_free
>> 0.73% Suricata-Main [kernel.kallsyms] [k] rcu_eqs_enter
>> 0.73% Suricata-Main [kernel.kallsyms] [k] get_page_from_freelist
>> 0.73% Suricata-Main [kernel.kallsyms] [k] account_user_time
>> 0.71% Suricata-Main [kernel.kallsyms] [k] copy_user_generic_string
>> 0.19% suricata [kernel.kallsyms] [k] flush_signal_handlers
>> 0.13% Suricata-Main [kernel.kallsyms] [k] finish_task_switch
>> 0.03% Suricata-Main [kernel.kallsyms] [k] native_write_msr_safe
>> 0.01% suricata [kernel.kallsyms] [k] native_write_msr_safe
>>
>>
>> native: (./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc
>> --localstatedir=/var)
>>
>> 21.68% Suricata-Main [kernel.kallsyms] [k] clear_page_c
>> 8.73% Suricata-Main libc-2.19.so [.] 0x000000000008088c
>> 6.53% Suricata-Main suricata [.] DefragTrackerAlloc
>> 4.93% Suricata-Main [kernel.kallsyms] [k] page_fault
>> 4.37% Suricata-Main libpthread-2.19.so [.] pthread_mutex_lock
>> 4.27% Suricata-Main [kernel.kallsyms] [k] mem_cgroup_charge_common
>> 3.60% Suricata-Main [kernel.kallsyms] [k] unmap_page_range
>> 3.36% Suricata-Main [kernel.kallsyms] [k] __mem_cgroup_commit_charge
>> 3.28% Suricata-Main [kernel.kallsyms] [k] get_page_from_freelist
>> 2.77% Suricata-Main suricata [.] PoolInit
>> 2.22% Suricata-Main suricata [.] DefragInitConfig
>> 2.18% Suricata-Main libpthread-2.19.so [.] pthread_mutex_unlock
>> 2.18% Suricata-Main [kernel.kallsyms] [k] page_add_new_anon_rmap
>> 2.14% suricata libc-2.19.so [.] _dl_addr
>> 1.98% Suricata-Main libyaml-0.so.2.0.2 [.] yaml_parser_update_buffer
>> 1.72% suricata ld-2.19.so [.] 0x0000000000005b20
>> 1.67% Suricata-Main [kernel.kallsyms] [k] __zone_watermark_ok
>> 1.61% Suricata-Main [unknown] [.] 0x00007f7710518494
>> 1.55% Suricata-Main [kernel.kallsyms] [k] __pagevec_lru_add_fn
>> 1.51% Suricata-Main libpthread-2.19.so [.] pthread_mutex_init
>> 1.46% Suricata-Main libpcre.so.3.13.1 [.] compile_regex
>> 1.46% Suricata-Main [kernel.kallsyms] [k] __rmqueue
>> 1.45% Suricata-Main [kernel.kallsyms] [k] _raw_spin_lock
>> 1.24% Suricata-Main [kernel.kallsyms] [k] free_pages_prepare
>> 1.17% Suricata-Main suricata [.] SCACPreparePatterns
>> 0.94% Suricata-Main suricata [.] DefragFragInit
>> 0.82% Suricata-Main [kernel.kallsyms] [k] local_clock
>> 0.74% Suricata-Main [kernel.kallsyms] [k] context_tracking_user_enter
>> 0.74% Suricata-Main suricata [.] DefragTrackerEnqueue
>> 0.73% Suricata-Main [kernel.kallsyms] [k] lookup_page_cgroup
>> 0.73% Suricata-Main [kernel.kallsyms] [k] get_pageblock_flags_group
>> 0.73% Suricata-Main [kernel.kallsyms] [k] account_user_time
>> 0.73% Suricata-Main [kernel.kallsyms] [k] rcu_eqs_exit_common.isra.48
>> 0.73% Suricata-Main [kernel.kallsyms] [k] vma_adjust
>> 0.73% Suricata-Main [kernel.kallsyms] [k] native_sched_clock
>> 0.73% Suricata-Main [kernel.kallsyms] [k] release_pages
>> 0.72% Suricata-Main [kernel.kallsyms] [k] mem_cgroup_page_lruvec
>> 0.72% Suricata-Main [kernel.kallsyms] [k] copy_pte_range
>> 0.72% Suricata-Main [kernel.kallsyms] [k] dup_mm
>> 0.24% suricata [kernel.kallsyms] [k] fput
>> 0.12% Suricata-Main [kernel.kallsyms] [k] _raw_spin_unlock
>> 0.05% Suricata-Main [kernel.kallsyms] [k] native_write_msr_safe
>> 0.02% suricata [kernel.kallsyms] [k] native_write_msr_safe
>>
>>
>> On 05-04-2016 16:15, Victor Julien wrote:
>>> On 05-04-16 11:00, Berk Gulenler wrote:
>>>> I'm having performance problems over HTTP with "-march=native" flag. I'm
>>>> sending you test results that I have made on the same hardware and with
>>>> same configuration.
>>>>
>>>> Suricata 3.0.1:
>>>> * IPS
>>>> * --enable-nfqueue --prefix=/usr --sysconfdir=/etc
>>>> --localstatedir=/var
>>>> * *CFLAGS -g -O2 -march=native*
>>>> * workers mode
>>>> * af_packet: threads: 16, cluster-type: cluster_cpu, use-mmap: yes
>>>> * threading: set-cpu-affinity: yes
>>>> Intel Xeon CPU E5-2690 x 2
>>>> Intel X540-AT2
>>>> Ubuntu 14.04.4 LTS
>>>> gcc version 4.8.4
>>>>
>>>> wget over Suricata: (results are consistent over many tests)
>>>> 1.784.676.352 55,1MB/s (single flow)
>>>>
>>>> Suricata 3.0.1:
>>>> * IPS
>>>> * --enable-nfqueue --prefix=/usr --sysconfdir=/etc
>>>> --localstatedir=/var
>>>> * *CFLAGS -g -O2 -march=core2*
>>>> * workers mode
>>>> * af_packet: threads: 16, cluster-type: cluster_cpu, use-mmap: yes
>>>> * threading: set-cpu-affinity: yes
>>>> Intel Xeon CPU E5-2690 x 2
>>>> Intel X540-AT2
>>>> Ubuntu 14.04.4 LTS
>>>> gcc version 4.8.4
>>>>
>>>> wget over Suricata: (results are consistent over many tests)
>>>> 1.784.676.352 74,8MB/s (single flow)
>>>>
>>>> However there are no performance problems observed over iperf (tcp)
>>>> benchmarks in both tests. (~860 Mbit/s over single flow)
>>>>
>>> Could you add additional information? I'd be interested in learning
>>> where the performance is different in the code.
>>>
>>> Use 'perf' to record this info:
>>>
>>> perf record <your suricata startup line>
>>>
>>> Then when you stopped Suricata, share the output of
>>>
>>> perf report
>>>
>>> You may have to recompile Suricata with CFLAGS="-g".
>>>
>>> Thanks!
>>>
>>
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
>>
>
More information about the Oisf-users
mailing list