Audit / Netlink slowness
Bernardo Innocenti
bernie at develer.com
Tue Jun 14 07:04:44 UTC 2005
Hello,
on a server running kernel 2.6.11-1.1369_FC4, both ssh
and su where taking a longish amount of time (over >1.5 sec.)
Running "strace -r 2>strace.out su", I discovered that
netlink communication is the major cause of slowdown.
"su" connects to a NETLINK_AUDIT socket 3 or 4 times.
Each time it does 2 sendto() + recvfrom() operations,
with a latency of ~200ms. This adds up to 800ms wasted
time.
Disabling CONFIG_AUDIT in the kernel makes su and ssh
very fast again.
Is this behavior to be expected? CONFIG_AUDIT is enabled
by default, therefore many people are going to be hit by
this problem.
--
// Bernardo Innocenti - Develer S.r.l., R&D dept.
\X/ http://www.develer.com/
More information about the fedora-devel-list
mailing list