Menu
▾
▴
1 Attachments
#7 Reduce CPU usage with epoll_wait()
Hello Andrea,
to reduce the cpu usage, please consider the following patch (now also with Cmake find for HAVE_SYS_EPOLL_H) to switch from select() with 1 ms timeout to epoll_wait() without timeout in the function intf_capture.
syscount-bpfcc -i 1
Tracing syscalls, printing top 10... Ctrl+C to quit
[14:48:24]
SYSCALL COUNT
select 1497
syscount-bpfcc -i 1
Tracing syscalls, printing top 10... Ctrl+C to quit
[07:45:46]
SYSCALL COUNT
epoll_wait 34
Additionaly could you consider to increase the DARPICA_TIMEOUT and DARPICA_LOOPTIMEOUT for larger networks? But I don't know the security implications.
My understanding is that this would reduce the overall ARP trafic (1 second is quite far from the default arp cache timeout of 15 - 45 seconds).
Regards
Tobias
Hi,
I am going to accept and plan your patch for 3.1-ng, related to switch from old select() syscall implementation to new epoll() syscall implementation.
In reference to SARPI, DARPI, and HARPI parameters, like those ones that you suggested, I am going to make them changeable by using parameters or configuration file.
Thanks
Hi Andrea,
I’ve encountered a situation where multiple devices on our network are being spoofed and I’ve successfully been able to build ArpON for OpenWRT to protect against ARP spoofing for all devices on the network. However, during ARP spoofing, the CPU usage becomes pretty high.
I’m curious if the solution mentioned above will be included in the upcoming 3.1-ng release. If so, do you have an estimated release date? If there’s a development version available with this patch I’d greatly appreciate it.