diff --git a/backend/binsrc/classes/netfilter.cpp b/backend/binsrc/classes/netfilter.cpp index 4ab759b..257e983 100644 --- a/backend/binsrc/classes/netfilter.cpp +++ b/backend/binsrc/classes/netfilter.cpp @@ -224,9 +224,6 @@ class NetfilterQueue { } static void on_data_recv(Stream& stream, stream_ctx* sctx, string data) { - #ifdef DEBUG - cerr << "[DEBUG] [NetfilterQueue.on_data_recv] data: " << data << endl; - #endif sctx->tcp_match_util.matching_has_been_called = true; bool result = callback_func(*sctx->tcp_match_util.pkt_info); #ifdef DEBUG @@ -355,7 +352,7 @@ class NetfilterQueue { sctx->tcp_match_util.matching_has_been_called = false; sctx->tcp_match_util.pkt_info = &pktinfo; #ifdef DEBUG - cerr << "[DEBUG] [NetfilterQueue.build_verdict] TCP Packet received " << packet.src_addr() << ":" << tcp->sport() << " -> " << packet.dst_addr() << ":" << tcp->dport() << ", sending to libtins StreamFollower" << endl; + cerr << "[DEBUG] [NetfilterQueue.build_verdict] TCP Packet received " << packet.src_addr() << ":" << tcp->sport() << " -> " << packet.dst_addr() << ":" << tcp->dport() << " thr: " << this_thread::get_id() << ", sending to libtins StreamFollower" << endl; #endif sctx->follower.process_packet(packet); #ifdef DEBUG diff --git a/backend/binsrc/nfqueue.cpp b/backend/binsrc/nfqueue.cpp index 6538661..a97fd88 100644 --- a/backend/binsrc/nfqueue.cpp +++ b/backend/binsrc/nfqueue.cpp @@ -76,9 +76,6 @@ bool filter_callback(packet_info& info){ #ifdef DEBUG cerr << "[DEBUG] [filter_callback] Matching packet with " << (info.is_input ? "input" : "output") << " ruleset" << endl; - if (info.payload.size() <= 30){ - cerr << "[DEBUG] [filter_callback] Packet: " << info.payload << endl; - } #endif matched_data match_res; diff --git a/tests/README.md b/tests/README.md index 16c4138..8e47c47 100644 --- a/tests/README.md +++ b/tests/README.md @@ -78,10 +78,15 @@ You will find a new benchmark.csv file containg the results. # Firegex Performance Results The test was performed on: -- Bedrock Linux 0.7.27 Poki x86_64 -- Intel i5-7200U (4) @ 3.100GHz -- 8GB RAM DDR4 2133 MT/s +- Macbook Air M2 16GB RAM +- On a VM powered by OrbStack with Ubuntu 24.04.1 LTS aarch64 +- 6.12.10-orbstack-00297-gf8f6e015b993 Command: `./benchmark.py -p testpassword -r 50 -d 1 -s 60` +### NOTE: 8 threads performance do not change due to the fact that the source and destination ip is always the same, so the packets are sent to the same thread by the kernel. +[https://netfilter.vger.kernel.narkive.com/sTP7613Y/meaning-of-nfqueue-s-queue-balance-option](https://netfilter.vger.kernel.narkive.com/sTP7613Y/meaning-of-nfqueue-s-queue-balance-option) + +Internally the kernel hashes the source and dest ip and choose the target thread based on the hash. If the source and dest ip are the same, the hash will be the same and the packets will be sent to the same thread. + ![Firegex Benchmark](results/Benchmark-chart.png)