> The unnecessary use of bind() was removed on outgoing connections by
> request of several OS security teams. There were some vulnerabilities
> when bind() was called with an unset IP.
> The ioctl() would be the NAT lookups?
> that also occurs in 3.1, but only after receiving and parsing a
> request, for every request. 3.2 moves it up to a single lookup after
> connection establishment and removes the useless duplicate lookups
> between pipelined requests. Reducing vulnerability to NAT table expiry
> and wrong log details on early connection closures.
> Or were the ioctl() packet TOS / MARK processing? That has had a bit
> of a redesign in 3.2 for better QoS management.
> In the architectural changes:
> - the pending queue of deferred accept() operations was changed from
> LIFO to FIFO to try and serve multiple listening ports more equally
> under load. - the acceptor callback was altered from synchronous
> callback to a scheduled async call. Adding a small async I/O
> processing delay between accept and first-read.
> - SMP workers compete for accept() on shared sockets
>
> Those should be the only differences during regular operation.
As I've mentioned before, IOCTLs are gone when Squid is configured with "--disable-eui".
In Squid 3.1.15 NAT Lookup is performed in httpAccept() (through connStateCreate())
function, so it shall be called once for every connection, not for request.
In 3.2.0.16 NAT Lookup really moves up a little - to oldAccept().
So in 3.1 NAT Lookup will be made asynchronously relative to the accept() function. Can this difference affect performance?
-- Best wishes, Alexander KomyaginReceived on Tue Mar 20 2012 - 13:59:22 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 20 2012 - 12:00:07 MDT