[Oisf-users] Suricata 3.0 / 3.0.1 IPS Perfomance Anomaly?

Berk Gulenler gulenler at boun.edu.tr
Fri Apr 8 13:03:25 UTC 2016 

Hi Victor,

Removing msse4 optimization from "-march=native" has fixed the 
performance problem.

On 06-04-2016 16:58, Berk Gulenler wrote:
>
>
> On 06-04-2016 15:59, Victor Julien wrote:
>> On 06-04-16 14:34, Berk Gulenler wrote:
>>> Hi Victor,
>>>
>>> I guess that is what you wanted.
>> Is this output from during the transfer? If not, please start suri,run
>> your transfer, stop suri and generate the report.
> Yes, those outputs are generated as you described before.
>>
>> Thanks!
>> Victor
>>
>>> core2: (env CFLAGS='-g -O2 -march=core2' ./configure --enable-nfqueue
>>> --prefix=/usr --sysconfdir=/etc --localstatedir=/var
>>> --disable-gccmarch-native)
>>>
>>>   19.70%  Suricata-Main  [kernel.kallsyms]   [k] clear_page_c
>>>    8.63%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> mem_cgroup_charge_common
>>>    5.51%  Suricata-Main  [kernel.kallsyms]   [k] page_fault
>>>    5.10%  Suricata-Main  libc-2.19.so        [.] memset
>>>    5.08%  Suricata-Main  libc-2.19.so        [.] 0x000000000007fee6
>>>    5.08%  Suricata-Main  libpthread-2.19.so  [.] pthread_mutex_unlock
>>>    4.40%  Suricata-Main  libpthread-2.19.so  [.] pthread_mutex_init
>>>    3.64%  Suricata-Main  libpthread-2.19.so  [.] pthread_mutex_lock
>>>    3.63%  Suricata-Main  libc-2.19.so        [.] malloc
>>>    3.17%  Suricata-Main  [kernel.kallsyms]   [k] unmap_page_range
>>>    3.07%  Suricata-Main  [kernel.kallsyms]   [k] __rmqueue
>>>    2.19%  Suricata-Main  suricata            [.] DefragTrackerAlloc
>>>    2.04%       suricata  [kernel.kallsyms]   [k] strlen
>>>    1.93%  Suricata-Main  [unknown]           [.] 0x00007f5b5cc6a4be
>>>    1.89%  Suricata-Main  libyaml-0.so.2.0.2  [.]
>>> yaml_parser_fetch_more_tokens
>>>    1.74%       suricata  [kernel.kallsyms]   [k] flush_tlb_page
>>>    1.59%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> context_tracking_user_enter
>>>    1.47%  Suricata-Main  suricata            [.] DefragInitConfig
>>>    1.45%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> __acct_update_integrals
>>>    1.45%  Suricata-Main  [kernel.kallsyms]   [k] handle_mm_fault
>>>    1.45%  Suricata-Main  suricata            [.] DefragTrackerEnqueue
>>>    1.44%  Suricata-Main  [kernel.kallsyms]   [k] copy_pte_range
>>>    1.38%  Suricata-Main  [kernel.kallsyms]   [k] __mod_zone_page_state
>>>    1.22%  Suricata-Main  [kernel.kallsyms]   [k] __pagevec_lru_add_fn
>>>    1.15%  Suricata-Main  suricata            [.] SCACCreateFailureTable
>>>    1.09%  Suricata-Main  [kernel.kallsyms]   [k] __khugepaged_enter
>>>    0.96%  Suricata-Main  suricata            [.] PoolInit
>>>    0.90%  Suricata-Main  suricata            [.] DefragFragInit
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] __alloc_pages_nodemask
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] find_get_page
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] vtime_account_user
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> __mem_cgroup_commit_charge
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] jiffies_to_timeval
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] ima_file_free
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] rcu_eqs_enter
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] get_page_from_freelist
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] account_user_time
>>>    0.71%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> copy_user_generic_string
>>>    0.19%       suricata  [kernel.kallsyms]   [k] flush_signal_handlers
>>>    0.13%  Suricata-Main  [kernel.kallsyms]   [k] finish_task_switch
>>>    0.03%  Suricata-Main  [kernel.kallsyms]   [k] native_write_msr_safe
>>>    0.01%       suricata  [kernel.kallsyms]   [k] native_write_msr_safe
>>>
>>>
>>> native: (./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc
>>> --localstatedir=/var)
>>>
>>>   21.68%  Suricata-Main  [kernel.kallsyms]   [k] clear_page_c
>>>    8.73%  Suricata-Main  libc-2.19.so        [.] 0x000000000008088c
>>>    6.53%  Suricata-Main  suricata            [.] DefragTrackerAlloc
>>>    4.93%  Suricata-Main  [kernel.kallsyms]   [k] page_fault
>>>    4.37%  Suricata-Main  libpthread-2.19.so  [.] pthread_mutex_lock
>>>    4.27%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> mem_cgroup_charge_common
>>>    3.60%  Suricata-Main  [kernel.kallsyms]   [k] unmap_page_range
>>>    3.36%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> __mem_cgroup_commit_charge
>>>    3.28%  Suricata-Main  [kernel.kallsyms]   [k] get_page_from_freelist
>>>    2.77%  Suricata-Main  suricata            [.] PoolInit
>>>    2.22%  Suricata-Main  suricata            [.] DefragInitConfig
>>>    2.18%  Suricata-Main  libpthread-2.19.so  [.] pthread_mutex_unlock
>>>    2.18%  Suricata-Main  [kernel.kallsyms]   [k] page_add_new_anon_rmap
>>>    2.14%       suricata  libc-2.19.so        [.] _dl_addr
>>>    1.98%  Suricata-Main  libyaml-0.so.2.0.2  [.] 
>>> yaml_parser_update_buffer
>>>    1.72%       suricata  ld-2.19.so          [.] 0x0000000000005b20
>>>    1.67%  Suricata-Main  [kernel.kallsyms]   [k] __zone_watermark_ok
>>>    1.61%  Suricata-Main  [unknown]           [.] 0x00007f7710518494
>>>    1.55%  Suricata-Main  [kernel.kallsyms]   [k] __pagevec_lru_add_fn
>>>    1.51%  Suricata-Main  libpthread-2.19.so  [.] pthread_mutex_init
>>>    1.46%  Suricata-Main  libpcre.so.3.13.1   [.] compile_regex
>>>    1.46%  Suricata-Main  [kernel.kallsyms]   [k] __rmqueue
>>>    1.45%  Suricata-Main  [kernel.kallsyms]   [k] _raw_spin_lock
>>>    1.24%  Suricata-Main  [kernel.kallsyms]   [k] free_pages_prepare
>>>    1.17%  Suricata-Main  suricata            [.] SCACPreparePatterns
>>>    0.94%  Suricata-Main  suricata            [.] DefragFragInit
>>>    0.82%  Suricata-Main  [kernel.kallsyms]   [k] local_clock
>>>    0.74%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> context_tracking_user_enter
>>>    0.74%  Suricata-Main  suricata            [.] DefragTrackerEnqueue
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] lookup_page_cgroup
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> get_pageblock_flags_group
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] account_user_time
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] 
>>> rcu_eqs_exit_common.isra.48
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] vma_adjust
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] native_sched_clock
>>>    0.73%  Suricata-Main  [kernel.kallsyms]   [k] release_pages
>>>    0.72%  Suricata-Main  [kernel.kallsyms]   [k] mem_cgroup_page_lruvec
>>>    0.72%  Suricata-Main  [kernel.kallsyms]   [k] copy_pte_range
>>>    0.72%  Suricata-Main  [kernel.kallsyms]   [k] dup_mm
>>>    0.24%       suricata  [kernel.kallsyms]   [k] fput
>>>    0.12%  Suricata-Main  [kernel.kallsyms]   [k] _raw_spin_unlock
>>>    0.05%  Suricata-Main  [kernel.kallsyms]   [k] native_write_msr_safe
>>>    0.02%       suricata  [kernel.kallsyms]   [k] native_write_msr_safe
>>>
>>>
>>> On 05-04-2016 16:15, Victor Julien wrote:
>>>> On 05-04-16 11:00, Berk Gulenler wrote:
>>>>> I'm having performance problems over HTTP with "-march=native" 
>>>>> flag. I'm
>>>>> sending you test results that I have made on the same hardware and 
>>>>> with
>>>>> same configuration.
>>>>>
>>>>> Suricata 3.0.1:
>>>>>       * IPS
>>>>>       * --enable-nfqueue --prefix=/usr --sysconfdir=/etc
>>>>> --localstatedir=/var
>>>>>       * *CFLAGS -g -O2 -march=native*
>>>>>       * workers mode
>>>>>       * af_packet: threads: 16, cluster-type: cluster_cpu, 
>>>>> use-mmap: yes
>>>>>       * threading: set-cpu-affinity: yes
>>>>> Intel Xeon CPU E5-2690 x 2
>>>>> Intel X540-AT2
>>>>> Ubuntu 14.04.4 LTS
>>>>> gcc version 4.8.4
>>>>>
>>>>> wget over Suricata: (results are consistent over many tests)
>>>>> 1.784.676.352 55,1MB/s (single flow)
>>>>>
>>>>> Suricata 3.0.1:
>>>>>       * IPS
>>>>>       * --enable-nfqueue --prefix=/usr --sysconfdir=/etc
>>>>> --localstatedir=/var
>>>>>       * *CFLAGS -g -O2 -march=core2*
>>>>>       * workers mode
>>>>>       * af_packet: threads: 16, cluster-type: cluster_cpu, 
>>>>> use-mmap: yes
>>>>>       * threading: set-cpu-affinity: yes
>>>>> Intel Xeon CPU E5-2690 x 2
>>>>> Intel X540-AT2
>>>>> Ubuntu 14.04.4 LTS
>>>>> gcc version 4.8.4
>>>>>
>>>>> wget over Suricata: (results are consistent over many tests)
>>>>> 1.784.676.352 74,8MB/s (single flow)
>>>>>
>>>>> However there are no performance problems observed over iperf (tcp)
>>>>> benchmarks in both tests. (~860 Mbit/s over single flow)
>>>>>
>>>> Could you add additional information? I'd be interested in learning
>>>> where the performance is different in the code.
>>>>
>>>> Use 'perf' to record this info:
>>>>
>>>> perf record <your suricata startup line>
>>>>
>>>> Then when you stopped Suricata, share the output of
>>>>
>>>> perf report
>>>>
>>>> You may have to recompile Suricata with CFLAGS="-g".
>>>>
>>>> Thanks!
>>>>
>>>
>>>
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support: 
>>> http://suricata-ids.org/support/
>>> List: 
>>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> Suricata User Conference November 9-11 in Washington, DC: 
>>> http://oisfevents.net
>>>
>>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: 
> http://oisfevents.net

More information about the Oisf-users mailing list