[Bro-Dev] new IPv6 code
Siwek, Jonathan Luke
jsiwek at illinois.edu
Wed Feb 8 15:02:12 PST 2012
In topic/v6-addr, I finished switching Bro to enable IPv6 support by default and changing the internal representation to use classes. I tried to do some initial rough benchmarking to compare it versus master and master with --enable-brov6. Tests were run on a 16GB pcap (no IPv6 traffic) with local.bro loaded.
master
120574kb vsize, 207.65s user, 20.36s system
master --enable-brov6
126458kb vsize, 307.38s user, 20.87s system
+5% mem, +44% cpu
topic/v6-addr
121142kb vsize, 309.33s user, 20.62s system
+0.5%mem, +45% cpu
About 65% of the time difference in either the IPv6-supporting configurations looks to be due to the fact that the size of Conn::Key exceeds UHASH_KEY_SIZE and so falls back on the slower HMAC/MD5 when creating a HashKey of the data, which happens for every packet.
The negligible memory usage difference surprised me since they differ from previous results here: http://tracker.bro-ids.org/bro/ticket/68. Maybe one possibility is that the scripts have changed so much since those benchmarks were run such that there's less state being tracked that involves addrs. Or the pcap I used was likely not as robust.
Thoughts on how to improve the hashing or other plans to investigate memory usage?
And does it seem like a good idea to merge topic/v6-addr into master at this point so that we get more users exercising that code and so we can start working in separate branches for more IPv6 enhancements? All the unit tests pass, but the external baselines need another set of eyes to sanity check them.
+Jon
More information about the bro-dev
mailing list