[EMAIL PROTECTED] wrote: > On Thu, 13 Jul 2006 14:25:07 EDT, Paul Moore said: > >>>There's still something unexplained about that 625 for tcp_stream on C_FlCat. >>>Was either box hitting CPU saturation at that point? >> >>Don't know for certain, I wasn't watching CPU usage since I wanted all >>the numbers to be as unmolested as possibile - I just kicked off the >>script and had a cookie. Although I can say there is a lot of work that >>needs to be done in the "s0:c0.c239", i.e. full category, case and I >>wouldn't be surprised if the receive thread was maxing out a CPU core; >>look at the validation code in cipso_ipv4.c and the ebitmap_import() >>routine up in the SELinux code. I both cases I tried to write code that >>didn't suck too badly but I haven't done any serious refinement either. >> I suspect there is probably more speed to be gained but it is always >>going to be inherently painful. > > Well, at least we *already* know where to start tuning. :) > > The numbers look good enough that you probably want to push this to the netdev > list and Andrew Morton's -mm fairly soon - the code looks good enough for -mm > now, and you want to get it in there so it's been there a while before the > 2.6.19 merge window opens. Hopefully, further optimization can happen before > 19-rc1 hits, but you want to get your foot in the door *soon*. >
Heh. For what it's worth the code has been to the netdev list a few times, although the latest version hasn't due to only minor changes, and the main problem right now seems to be a disagreement about whether CIPSO belongs in the kernel at all. I tend to think it does, but David Miller seems to disagree ... however, I'm optimistic that he might have a change in heart if the code is decent enough and enough people come out of the woodwork in support of CIPSO. For clarification, you mention that the code "looks good enough for -mm", are you basing that on the performance numbers only or have you had a chance to look at the patches too? -- paul moore linux security @ hp -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
