[tproxy] Performance problem of tproxy

KOVACS Krisztian hidden@balabit.hu
Thu, 03 Feb 2005 10:42:16 +0100


2005-02-03, cs keltezéssel 00.00-kor Siming Li ezt írta:
> Due to lots of system code depending on kernel 2.4.20,
> so it's not easy for me to try the latest vresion
> right away.
> From the view of tproxy source code, what's the extra
> effort when using foreign-connect?  (more conntrack or
> NAT lookup?) It may give me so hints about this
> problem.

  Theoretically it's one extra hash lookup per connection (tproxy has
its own hashtable). However, older versions of tproxy scanned the whole
conntrack table on connection teardown, so it may be perfectly possible
that this is the culprit in your case. The version you're using is
really, really old, newer versions have fixed lots of bugs. This is why
I suggested trying 1.2.1 instead of trying to fix that old version -
probably you don't need that many changes to backport the 1.2.1 version.
(A release for 2.4.22 is available.)

  Krisztian Kovacs