[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: SELinux performance
From:       "Serge E. Hallyn" <serue () us ! ibm ! com>
Date:       2005-12-15 4:37:31
Message-ID: 20051215043730.GA8546 () sergelap ! austin ! ibm ! com
[Download RAW message or body]

Quoting sharp (steven.harp@adventiumlabs.org):
> On Wednesday 14 December 2005 06:47 pm, James Morris wrote:
> > On Wed, 14 Dec 2005, Joy Latten wrote:
> > > A while back I took up some SELinux performance work that a colleague of
> > > mine, Kylie Hall had done. The patch added ipv4 address, ipv6 address
> > > and port caches to SELinux. I believe I sent the patch a while back
> > > also, but can do so again if anyone is interested. The caches are
> > > exercised in such SELinux hooks as socket_bind(), socket_connect() and
> > > socket_sock_rcv_skb(). Bandwidth has allowed me some time to work on
> > > this. Can anyone recommend a benchmark that will exercise this code?  I
> > > figured something that utilized many ip addresses or ports.
> >
> > apachebench is a good basic test, and you can also try webstone, lmbench
> > and iperf.
> >
> > Not sure how to realistically simulate large numbers of IP addresses.
> 
> You might consider, budget permitting, something like Net Avalanche
> <spirentcom>. Rack mountable thingy designed for stress testing using
> realistic traffic: "simulates up to 50,000 simultaneously-connected 
> users with unique IP addresses".  (Every home should have one.)

Nifty.  If someone has one of these sitting around and wants to try
out Joy's (/Kylie's) patchset, that sounds like a very good test indeed.

-serge

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]