This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 35cdc506b06ed2e5fc8f7ad7fe57239eaadbda58 (commit) via 4d093b810552339a6a7df774412c8e144f799331 (commit) from effa44650ebc227d99a3781ba962e015a3430d3a (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 35cdc506b06ed2e5fc8f7ad7fe57239eaadbda58 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 26 21:58:01 2019 +0000
suricata: Enable CPU affinity
This will tie the detection threads to a certain CPU and slightly increases throughput on my system.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 4d093b810552339a6a7df774412c8e144f799331 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 26 21:18:45 2019 +0000
suricata: Tie queues to a CPU core
This should improve performance by a small margin
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/suricata/suricata.yaml | 13 +++++-------- src/initscripts/system/suricata | 4 ++-- 2 files changed, 7 insertions(+), 10 deletions(-)
Difference in files: diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 3b50157bf..8580827a1 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -697,7 +697,7 @@ spm-algo: auto
# Suricata is multi-threaded. Here the threading can be influenced. threading: - set-cpu-affinity: no + set-cpu-affinity: yes # Tune cpu affinity of threads. Each family of threads can be bound # on specific CPUs. # @@ -717,18 +717,15 @@ threading: - worker-cpu-set: cpu: [ "all" ] mode: "exclusive" - # Use explicitely 3 threads and don't compute number by using - # detect-thread-ratio variable: - # threads: 3 prio: low: [ 0 ] medium: [ "1-2" ] high: [ 3 ] default: "medium" - #- verdict-cpu-set: - # cpu: [ 0 ] - # prio: - # default: "high" + - verdict-cpu-set: + cpu: [ 0 ] + prio: + default: "high" # # By default Suricata creates one "detect" thread per available CPU/CPU core. # This setting allows controlling this behaviour. A ratio setting of 2 will diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata index ae434df65..16548753e 100644 --- a/src/initscripts/system/suricata +++ b/src/initscripts/system/suricata @@ -75,8 +75,8 @@ function generate_fw_rules { # Check if there are multiple cpu cores available. if [ "$cpu_count" -gt "1" ]; then # Balance beetween all queues. - NFQ_OPTIONS+="--queue-balance 0:" - NFQ_OPTIONS+=$(($cpu_count-1)) + NFQ_OPTIONS+="--queue-balance 0:$(($cpu_count-1))" + NFQ_OPTIONS+=" --queue-cpu-fanout" else # Send all packets to queue 0. NFQ_OPTIONS+="--queue-num 0"
hooks/post-receive -- IPFire 2.x development tree