Mastodawn

a very strange trackball 1d ago

Ungh. Gotta do something about iocaine's firewalling performance.

Show thread

a very strange trackball 1d ago

Had to restart it on Eru, because 31GiB resident memory was making the server crawl.

Firewalling temporarily disabled, because it's currently causing more trouble than what it is worth. sigh

Show thread

a very strange trackball 1d ago

Looks like single-threading it was a bad idea. I either need batching, or a small pool, or both.

Show thread

a very strange trackball 1d ago

A single thread in a release build can do ~4-5 blocks / sec on my development box. That's... piss poor.

On top of that, it slows down over time.

Show thread

Vysogota 1d ago

@algernon errr... so... an ffi call to add entry to nft ipset can be executed at a rate of max 5 per second... wow...

Show thread

Vysogota

@algernon maybe some tree balancing or summarisation takes place??

Show thread

a very strange trackball 1d ago

@petko It's mostly parsing. I don't directly talk to netlink, I talk to libnftables, which turns a string into... something, and then sends that to netlink.

There's quite a bit of work involved in that process that has nothing to do with nftables.

I could make it a lot faster if I talked directly to netlink, but the Rust support for that is limited. So: compromises had to be made.

The fault lies not in nft or libnftables, but in the way I use them.