Re: performance of jailed processes

• Previous message: Niki Denev: "Small typo in the setproctitle() output in sbin/fsck_ffs/pass5.c"
• In reply to: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Next in thread: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Reply: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 30 Mar 2004 21:56:20 +0200
To: Dag-Erling Sm?rgrav <des@des.no>

On Tue, Mar 30, 2004 at 09:09:35PM +0200, Dag-Erling Sm?rgrav wrote:
+> > Can you identify any micro-benchmarks rather than macro-benchmarks that
+> > reflect a significant difference?
+>
+> haven't had much luck with that... fetch, for instance, doesn't seem
+> to suffer, but with mysql the difference is dramatic:
+>
+> (outside jail)
+> 1 row in set (0.01 sec)
+>
+> (inside jail)
+> 1 row in set (13.20 sec)
+>
+> note that 13 seconds is far too short for a DNS issue, and that the
+> time reported is measured *after* login (i.e. after any DNS lookup)

I'm wondering if this piece of code is responsible for this delay:
(sys/netinet/in_pcb.c:551)

        if (laddr.s_addr == INADDR_ANY && jailed(socred)) {
                bzero(&sa, sizeof(sa));
                sa.sin_addr.s_addr = htonl(prison_getip(socred));
                sa.sin_len = sizeof(sa);
                sa.sin_family = AF_INET;
                error = in_pcbbind_setup(inp, (struct sockaddr *)&sa,
                    &laddr.s_addr, &lport, cred);
                if (error)
                        return (error);
        }

Maybe you can test it by putting a printf() after this if() and check
if it is printed with fetch and with mysql.

-- 
Pawel Jakub Dawidek                       http://www.FreeBSD.org
pjd@FreeBSD.org                           http://garage.freebsd.pl
FreeBSD committer                         Am I Evil? Yes, I Am!

• application/pgp-signature attachment: stored

• Previous message: Niki Denev: "Small typo in the setproctitle() output in sbin/fsck_ffs/pass5.c"
• In reply to: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Next in thread: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Reply: Dag-Erling Smørgrav: "Re: performance of jailed processes"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: performance of jailed processes ... +>> reflect a significant difference? ... fetch, for instance, doesn't seem ... +> (outside jail) ... +> time reported is measured *after* login (i.e. after any DNS lookup) ... (freebsd-current) Re: freebsd-update ... I believe the security patch information below is what is being ... For general information regarding FreeBSD Security Advisories, ... The host's jail rc.dscript can be used to start and stop jails ... # fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch.asc ... (freebsd-questions) FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED] ... For general information regarding FreeBSD Security Advisories, ... The host's jail rc.dscript can be used to start and stop jails ... a path inside the jail file system structure is a symbolic link before ... # fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch.asc ... (Bugtraq) FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED] ... For general information regarding FreeBSD Security Advisories, ... The host's jail rc.dscript can be used to start and stop jails ... a path inside the jail file system structure is a symbolic link before ... # fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch.asc ... (FreeBSD-Security) [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED] ... For general information regarding FreeBSD Security Advisories, ... The host's jail rc.dscript can be used to start and stop jails ... a path inside the jail file system structure is a symbolic link before ... # fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch.asc ... (freebsd-announce)