]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aee1f0b) | patch
flow-manager: optimize hash walking 2266/head
authorVictor Julien <victor@inliniac.net>
Sat, 14 May 2016 06:56:49 +0000 (08:56 +0200)
committerVictor Julien <victor@inliniac.net>
Thu, 22 Sep 2016 11:36:28 +0000 (13:36 +0200)
commit70c16f50e733f6f7cc40c1bc3465eb966e3be517
treedf936e161c033114a84a99c37b6f8c005d007a03tree
parentaee1f0bb99b82bb2cfc6553ecae602ea81acaa05commit | diff
flow-manager: optimize hash walking

Until now the flow manager would walk the entire flow hash table on an
interval. It would thus touch all flows, leading to a lot of memory
and cache pressure. In scenario's where the number of tracked flows run
into the hundreds on thousands, and the memory used can run into many
hundreds of megabytes or even gigabytes, this would lead to serious
performance degradation.

This patch introduces a new approach. A timestamp per flow bucket
(hash row) is maintained by the flow manager. It holds the timestamp
of the earliest possible timeout of a flow in the list. The hash walk
skips rows with timestamps beyond the current time.

As the timestamp depends on the flows in the hash row's list, and on
the 'state' of each flow in the list, any addition of a flow or
changing of a flow's state invalidates the timestamp. The flow manager
then has to walk the list again to set a new timestamp.

A utility function FlowUpdateState is introduced to change Flow states,
taking care of the bucket timestamp invalidation while at it.

Empty flow buckets use a special value so that we don't have to take
the flow bucket lock to find out the bucket is empty.

This patch also adds more performance counters:

flow_mgr.flows_checked         | Total    | 929
flow_mgr.flows_notimeout       | Total    | 391
flow_mgr.flows_timeout         | Total    | 538
flow_mgr.flows_removed         | Total    | 277
flow_mgr.flows_timeout_inuse   | Total    | 261
flow_mgr.rows_checked          | Total    | 1000000
flow_mgr.rows_skipped          | Total    | 998835
flow_mgr.rows_empty            | Total    | 290
flow_mgr.rows_maxlen           | Total    | 2

flow_mgr.flows_checked: number of flows checked for timeout in the
                        last pass
flow_mgr.flows_notimeout: number of flows out of flow_mgr.flows_checked
                        that didn't time out
flow_mgr.flows_timeout: number of out of flow_mgr.flows_checked that
                        did reach the time out
flow_mgr.flows_removed: number of flows out of flow_mgr.flows_timeout
                        that were really removed
flow_mgr.flows_timeout_inuse: number of flows out of flow_mgr.flows_timeout
                        that were still in use or needed work

flow_mgr.rows_checked: hash table rows checked
flow_mgr.rows_skipped: hash table rows skipped because non of the flows
                        would time out anyway

The counters below are only relating to rows that were not skipped.

flow_mgr.rows_empty:   empty hash rows
flow_mgr.rows_maxlen:  max number of flows per hash row. Best to keep low,
                        so increase hash-size if needed.
flow_mgr.rows_busy:    row skipped because it was locked by another thread
src/flow-hash.c diff | blob | blame | history
src/flow-hash.h diff | blob | blame | history
src/flow-manager.c diff | blob | blame | history
src/flow.c diff | blob | blame | history
src/flow.h diff | blob | blame | history
src/stream-tcp.c diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git