New commits:
commit f9af980132f585a7735e8cbe62d9691565a0f5b1
Author: Ilya Maximets <[email protected]>
Date: Thu Jan 2 12:50:38 2025 +0100
ttoport: check numbers before the service name lookup
getservbyname() is a very slow function. It seems to linearly scan all
the values in /etc/services (11473 lines on my system) and compare the
provided string to each and every one of them. One such lookup takes
around 1.8 milliseconds. Which is huge in CPU time.
If the ipsec.conf contains a lot of connections, the time multiplies.
For example, a single 'addconn --checkconfig' with an ipsec.conf
containing 1000 connections takes 1.8 seconds. Most of that time is
just getservbyname() calls.
Let's first check if the port string is a number before looking up the
service. This brings the total time of parsing a large config from
1.8 seconds down to 40-ish milliseconds in case the port is actually
just a number.
Tested with an ipsec.conf containing 1000 connections with the left
protoport=udp and the right protoport=udp/6081 or udp/geneve. The
table below shows how much time it takes to execute the
'addconn --checkconfig'.
protoport Before After SpeedUp
-------------------------------------------
udp/6081 1.77 sec 0.04 sec 44x
udp/geneve 1.37 sec 1.37 sec --
Times for 'geneve' are very similar before and after, so the change
doesn't affect performance in cases where getservbyname() is needed.
This change allows to save extra 8-10% on 'ipsec add <conn>' calls as
well. Below are the times for 1000 consequent calls:
protoport Before After SpeedUp
-------------------------------------------
udp/6081 24.5 sec 22.5 sec 8.2%
udp/geneve 23.9 sec 23.9 sec --
Signed-off-by: Ilya Maximets <[email protected]>
Signed-off-by: Andrew Cagney <[email protected]>
_______________________________________________
Swan-commit mailing list -- [email protected]
To unsubscribe send an email to [email protected]
