diff options
| author | Andrei Vagin <avagin@google.com> | 2019-03-29 16:26:36 -0700 |
|---|---|---|
| committer | Shentubot <shentubot@google.com> | 2019-03-29 16:27:38 -0700 |
| commit | a046054ba35e8d8c4882f9311dc964eaa1497d58 (patch) | |
| tree | 7cdb13fc8f5f57716b143f94188f0f01169b1c6c /runsc/boot | |
| parent | 26e8d9981fcf6d08199a9fd9c609d9715c3cf37e (diff) | |
gvisor/runsc: enable generic segmentation offload (GSO)
The linux packet socket can handle GSO packets, so we can segment packets to
64K instead of the MTU which is usually 1500.
Here are numbers for the nginx-1m test:
runsc: 579330.01 [Kbytes/sec] received
runsc-gso: 1794121.66 [Kbytes/sec] received
runc: 2122139.06 [Kbytes/sec] received
and for tcp_benchmark:
$ tcp_benchmark --duration 15 --ideal
[ 4] 0.0-15.0 sec 86647 MBytes 48456 Mbits/sec
$ tcp_benchmark --client --duration 15 --ideal
[ 4] 0.0-15.0 sec 2173 MBytes 1214 Mbits/sec
$ tcp_benchmark --client --duration 15 --ideal --gso 65536
[ 4] 0.0-15.0 sec 19357 MBytes 10825 Mbits/sec
PiperOrigin-RevId: 241072403
Change-Id: I20b03063a1a6649362b43609cbbc9b59be06e6d5
Diffstat (limited to 'runsc/boot')
| -rw-r--r-- | runsc/boot/config.go | 3 | ||||
| -rw-r--r-- | runsc/boot/filter/config.go | 8 | ||||
| -rw-r--r-- | runsc/boot/network.go | 10 |
3 files changed, 17 insertions, 4 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go index 626fcabdd..2523077fd 100644 --- a/runsc/boot/config.go +++ b/runsc/boot/config.go @@ -175,6 +175,9 @@ type Config struct { // Network indicates what type of network to use. Network NetworkType + // GSO indicates that generic segmentation offload is enabled. + GSO bool + // LogPackets indicates that all network packets should be logged. LogPackets bool diff --git a/runsc/boot/filter/config.go b/runsc/boot/filter/config.go index 1ba5b7257..9c72e3b1a 100644 --- a/runsc/boot/filter/config.go +++ b/runsc/boot/filter/config.go @@ -256,12 +256,20 @@ var allowedSyscalls = seccomp.SyscallRules{ }, }, syscall.SYS_WRITE: {}, + // The only user in rawfile.NonBlockingWrite3 always passes iovcnt with + // values 2 or 3. Three iovec-s are passed, when the PACKET_VNET_HDR + // option is enabled for a packet socket. syscall.SYS_WRITEV: []seccomp.Rule{ { seccomp.AllowAny{}, seccomp.AllowAny{}, seccomp.AllowValue(2), }, + { + seccomp.AllowAny{}, + seccomp.AllowAny{}, + seccomp.AllowValue(3), + }, }, } diff --git a/runsc/boot/network.go b/runsc/boot/network.go index f025a42f1..77291415b 100644 --- a/runsc/boot/network.go +++ b/runsc/boot/network.go @@ -52,10 +52,11 @@ type DefaultRoute struct { // FDBasedLink configures an fd-based link. type FDBasedLink struct { - Name string - MTU int - Addresses []net.IP - Routes []Route + Name string + MTU int + Addresses []net.IP + Routes []Route + GSOMaxSize uint32 } // LoopbackLink configures a loopback li nk. @@ -140,6 +141,7 @@ func (n *Network) CreateLinksAndRoutes(args *CreateLinksAndRoutesArgs, _ *struct EthernetHeader: true, Address: mac, PacketDispatchMode: fdbased.PacketMMap, + GSOMaxSize: link.GSOMaxSize, }) log.Infof("Enabling interface %q with id %d on addresses %+v (%v)", link.Name, nicID, link.Addresses, mac) |