View previous topic :: View next topic |
Author |
Message |
axl Veteran
Joined: 11 Oct 2002 Posts: 1144 Location: Romania
|
Posted: Thu Apr 23, 2020 12:06 pm Post subject: raspberry pi & kexec |
|
|
I thought about using an old thread. But decided to start a new one.
Long story short, what is the deal with smp on rpi? When you enable smp, the kexec option is disabled? Why? It's not a true smp system? its' buggy? Can you go unicore and still maintain the same cpu power?
I feel like regardless of the options, the rpi can only do so much. And I don't think it can do 4x1.xGhz. I feel like it's a pseudo smp. Am I right?
Based on some of the tests I did... maybe it would be ok to leave out smp on some of my pi's. Just rely on the multi threading code, rather than a pseudo smp. Kexec for me would be a big gain, but it's not just that.
For instance, I mentioned in another thread that I switched to a rpi router. A rpi 3a. One of the biggest problems is starting the firewall. And not just starting it, but using it. My firewall includes geolocation blocking. I took the geolocation info from maxwind, fed it to ipsec and using iptables I'm blocking not just countries but continents. Basically if you are in UE or North America u're ok... everyone else gets denied. That takes a lot. And I often look to the pi and I see 25% cpu blocked by ksoftirqd. I didn't experiment much without smp enabled, because that idea just came to me, and that's why i'm asking.
As far as throughput I know it's fine. It can reach maximum bandwidth very easily. It's the rest of the stuff that may slow it down... like this geolocation firewall. And I'm thinking... is it a true smp system? does it actually have a second core? Or it's just software? |
|
Back to top |
|
|
AlexJGreen Tux's lil' helper
Joined: 19 Sep 2018 Posts: 149
|
Posted: Thu Apr 23, 2020 12:50 pm Post subject: |
|
|
_
Last edited by AlexJGreen on Mon Dec 28, 2020 3:12 am; edited 1 time in total |
|
Back to top |
|
|
axl Veteran
Joined: 11 Oct 2002 Posts: 1144 Location: Romania
|
Posted: Thu Apr 23, 2020 1:00 pm Post subject: |
|
|
yes. ipset. sorry. typo.
sec. so I parsed the maxwind databases. I am willing to share that code too.
but in essence I went with a php approach. like when you enable or disable modules in php if they are linked in ext-active dir.
I created a /etc/firewall/countries. All countries there with the data from maxwind. And I have another dir with /etc/firewall/block_country.
And the last bit of the firewall has to
Code: |
ipset -q destroy $country
ipset create $country hash:net
xtables-legacy-multi iptables -I GEO -m set --match-set $country src -m conntrack --ctstate NEW -j DROP
#for IP in $(wget http://www.ipdeny.com/ipblocks/data/countries/${country}.zone -qO -)
for IP in `cat /etc/firewall/countries/$country`
do
ipset add $country $IP
done
|
[root@pid:~]# ipset list |wc -l
94663
They come compacted from maxwind. I have two different types of rejects. BLOCKS and GEO. in iptables. BLOCKS comes before GEO and then return. |
|
Back to top |
|
|
axl Veteran
Joined: 11 Oct 2002 Posts: 1144 Location: Romania
|
Posted: Thu Apr 23, 2020 1:21 pm Post subject: |
|
|
There are times, watching top, when the cpu is at 25, 50, 75 or 100. ksoftirqd. there's very little in between. And that was while I was torrenting "the last dance". Michael Jordan. the 98 bulls. Special time in my life. And I'm not just pirating content. I have a legitimate netflix account. I will be watching when they come online. I just wanted a sneak preview and it's a good test for a network setup.
It still hit the 10Mbps mark easily, or 100 MBps mark (depending how you count). But it's struggling at times. it feels awkward. because it's just limited to 25% or 50% or 75%. and those feels like threads. That's why I was asking about smp.
Is hash:net bad ? well... 90000 of them might not be good, but is it bad? is there another way? |
|
Back to top |
|
|
AlexJGreen Tux's lil' helper
Joined: 19 Sep 2018 Posts: 149
|
Posted: Thu Apr 23, 2020 2:05 pm Post subject: |
|
|
_
Last edited by AlexJGreen on Mon Dec 28, 2020 3:12 am; edited 1 time in total |
|
Back to top |
|
|
axl Veteran
Joined: 11 Oct 2002 Posts: 1144 Location: Romania
|
Posted: Fri Apr 24, 2020 1:25 pm Post subject: |
|
|
I used ipdeny for a while, but it had moments when it was down. That's why I switch to maxwind database. You should really add Russia to that list. On my list, it's my biggest offender. |
|
Back to top |
|
|
|