[Bro-Dev] Connection Compressor
Gregor Maier
gregor at icir.org
Sun Aug 7 13:54:23 PDT 2011
Hi,
since my tunnel decapsulation code can't propagate the identity of the
tunnel's parent and since the connection compressor doesn't work with
IPv6 yet, I was wondering whether it actually still saves a significant
amount of memory or not.
So, I've done some benchmarks and it appears that the connection
compressor doesn't help much more these days given that we accept all
packets by default.
* 107GB trace, 5M conns, with http and conn:
memory and runtime unchanged.
same trace with bro-1.5, conn, http-request, http-response, filter that
* accepts all packets:
runtime unchanged. Memory 202MB vs. 215MB
* same trace, only SYN,FIN,RST packets:
memory and runtime unchanged
* pure SYN trace, 34M conns (==SYNs): that's the only case were I saw
a difference:
CC: 1202s, 128MB,
no-CC: 1613s, 276MB
So, all in all, it appears that the connection compressor doesn't help
much anymore these days and given that has been in pain in the past and
that we'd have to extend it to support IPv6 as well, I would opt for
removing it.
(BTW, I've briefly talked to Robin about that before I did the benchmark
and the thought was, that just disabling the connection compressor by
default is not a good idea, since it would almost certainly fall in
disuse and would succumb to bit-rot. So we should either keep it and
leave it on per default, or remove the code)
cu
Gregor
--
Gregor Maier
<gregor at icir.org> <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/
More information about the bro-dev
mailing list