listen on ipv4 addresses - high cpu

[deekshithd]

Hi

I have multiple IPs mounted to my machine and using sniproxy, and I wanted to know on which IP the connection was accepted by sniproxy.

So, changed listen clauses in sniproxy config file to use ipv4 address (e.g. "listen a.b.c.d:8043 {...}"). After this change, seeing high cpu usage in sniproxy. Also, seeing high number of connection resets from client side. The client connections come thru a NAT.

Does anyone know what can be the issue here? Is this possible if the NAT from where connections are coming from using a mix of ipv4 and ipv6 connections? How does client behave if sniproxy only listening on ipv4 socket?

I assume to listen on both ipv4, and ipv6 and accept connections from both ipv4 and ipv6 end points, I should use the config like: "listen ::ffff:a.b.c.d:8043 {...}". Is this assumption correct?

Or can someone suggest what is the best way to know the IP address at which a connection was accepted, as well support both ipv4 and ipv6 connections coming to sniproxy?

Also, note that prior to this cpu issue, I was using "listen 8043 {...}" clause.

Thanks

[dlundquist]

@deekshithd if you just want to log the local socket address of the incoming client connection, you need to add a getsockname() call to accept_connection() and persist it in the connection object until log_connection() and use this instead of con->listener->address. This wasn't included because this information was not necessary, might be confusing when trying to match listener configuration to access logs, and required may have negatively impacted performance. It would be great to see some performance data with this change enabled, the profile-nonblocking-connect branch includes connection timestamping code that could be used to examine the performance impact of this change.

As for your high CPU usage when listening on IPv4 addresses, this is surprising. My usual approach is to enable debug logging, and look for any unusual activity, then take a look at systrace. Can you reproduce this high CPU usage without NAT?

A listener bound to an specific IPv6 address (i.e. not ::) should only accept connections from IPv6 clients, only ::/in6addr_any is special in this regard. This sounds like another case for adding a configuration knob for IPV6_V6ONLY to selectively disable accepting IPv4 connections on IPbv6 listeners.