0xb00b5/firegex-traffic-viewer
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated benchmarks docs

Browse Source
This commit is contained in:
Domingo Dirutigliano
2025-02-05 19:25:07 +01:00
parent 1f9bd38ebf
commit 21a0769a03
3 changed files with 9 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
backend/binsrc/classes/netfilter.cpp
View File

@@ -224,9 +224,6 @@ class NetfilterQueue {
} }
static void on_data_recv(Stream& stream, stream_ctx* sctx, string data) { static void on_data_recv(Stream& stream, stream_ctx* sctx, string data) {
#ifdef DEBUG
cerr << "[DEBUG] [NetfilterQueue.on_data_recv] data: " << data << endl;
#endif
sctx->tcp_match_util.matching_has_been_called = true; sctx->tcp_match_util.matching_has_been_called = true;
bool result = callback_func(*sctx->tcp_match_util.pkt_info); bool result = callback_func(*sctx->tcp_match_util.pkt_info);
#ifdef DEBUG #ifdef DEBUG
@@ -355,7 +352,7 @@ class NetfilterQueue {
sctx->tcp_match_util.matching_has_been_called = false; sctx->tcp_match_util.matching_has_been_called = false;
sctx->tcp_match_util.pkt_info = &pktinfo; sctx->tcp_match_util.pkt_info = &pktinfo;
#ifdef DEBUG #ifdef DEBUG
cerr << "[DEBUG] [NetfilterQueue.build_verdict] TCP Packet received " << packet.src_addr() << ":" << tcp->sport() << " -> " << packet.dst_addr() << ":" << tcp->dport() << ", sending to libtins StreamFollower" << endl; cerr << "[DEBUG] [NetfilterQueue.build_verdict] TCP Packet received " << packet.src_addr() << ":" << tcp->sport() << " -> " << packet.dst_addr() << ":" << tcp->dport() << " thr: " << this_thread::get_id() << ", sending to libtins StreamFollower" << endl;
#endif #endif
sctx->follower.process_packet(packet); sctx->follower.process_packet(packet);
#ifdef DEBUG #ifdef DEBUG

3
backend/binsrc/nfqueue.cpp
View File

@@ -76,9 +76,6 @@ bool filter_callback(packet_info& info){
#ifdef DEBUG #ifdef DEBUG
cerr << "[DEBUG] [filter_callback] Matching packet with " << (info.is_input ? "input" : "output") << " ruleset" << endl; cerr << "[DEBUG] [filter_callback] Matching packet with " << (info.is_input ? "input" : "output") << " ruleset" << endl;
if (info.payload.size() <= 30){
cerr << "[DEBUG] [filter_callback] Packet: " << info.payload << endl;
}
#endif #endif
matched_data match_res; matched_data match_res;

11
tests/README.md
View File

@@ -78,10 +78,15 @@ You will find a new benchmark.csv file containg the results.
# Firegex Performance Results # Firegex Performance Results
The test was performed on: The test was performed on:
- Bedrock Linux 0.7.27 Poki x86_64 - Macbook Air M2 16GB RAM
- Intel i5-7200U (4) @ 3.100GHz - On a VM powered by OrbStack with Ubuntu 24.04.1 LTS aarch64
- 8GB RAM DDR4 2133 MT/s - 6.12.10-orbstack-00297-gf8f6e015b993
Command: `./benchmark.py -p testpassword -r 50 -d 1 -s 60` Command: `./benchmark.py -p testpassword -r 50 -d 1 -s 60`
### NOTE: 8 threads performance do not change due to the fact that the source and destination ip is always the same, so the packets are sent to the same thread by the kernel.
[https://netfilter.vger.kernel.narkive.com/sTP7613Y/meaning-of-nfqueue-s-queue-balance-option](https://netfilter.vger.kernel.narkive.com/sTP7613Y/meaning-of-nfqueue-s-queue-balance-option)
Internally the kernel hashes the source and dest ip and choose the target thread based on the hash. If the source and dest ip are the same, the hash will be the same and the packets will be sent to the same thread.
![Firegex Benchmark](results/Benchmark-chart.png) ![Firegex Benchmark](results/Benchmark-chart.png)