WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* [ANNOUNCE] WireGuard Snapshot `0.0.20180708` Available
@ 2018-07-08 16:52 Jason A. Donenfeld
  2018-07-10 14:54 ` Roman Mamedov
  0 siblings, 1 reply; 7+ messages in thread
From: Jason A. Donenfeld @ 2018-07-08 16:52 UTC (permalink / raw)
  To: WireGuard mailing list

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

A new snapshot, `0.0.20180708`, has been tagged in the git repository.

Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.

With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.

== Changes ==

  * device: print daddr not saddr in missing peer error
  * receive: style
  
  Debug messages now make sense again.
  
  * wg-quick: android: support excluding applications
  
  Android now supports excluding certain apps (uids) from the tunnel.
  
  * selftest: ratelimiter: improve chance of success via retry
  * qemu: bump default kernel version
  * qemu: decide debug kernel based on KERNEL_VERSION
  
  Some improvements to our testing infrastructure.
  
  * receive: use NAPI on the receive path
  
  This is a big change that should both improve preemption latency (by not
  disabling it unconditionally) and vastly improve rx performance on most
  systems by using NAPI. The main purpose of this snapshot is to test out this
  technique.

This snapshot contains commits from: Jason A. Donenfeld and Jonathan 
Neuschäfer.

As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.com/ .

This snapshot is available in compressed tarball form here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180708.tar.xz
  SHA2-256: 5e38d554f7d1e3a64e3a5319ca1a3b790c84ed89c896586c490a93ac1f953a91

A PGP signature of that file decompressed is available here:
  https://git.zx2c4.com/WireGuard/snapshot/WireGuard-0.0.20180708.tar.asc
  Signing key: AB9942E6D4A4CFC3412620A749FC7012A5DE03AE

If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
snapshot.

Finally, WireGuard development thrives on donations. By popular demand, we
have a webpage for this: https://www.wireguard.com/donations/

Thank you,
Jason Donenfeld


-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEEq5lC5tSkz8NBJiCnSfxwEqXeA64FAltCQTEQHGphc29uQHp4
MmM0LmNvbQAKCRBJ/HASpd4Drk5yD/0fpLfUMa8BaSE6wdqBGd6P0DSvA3IdjEz0
qP3++ivwGMgp33UwRM470n+2qaJ0x+pX4yMFDXJzpH/SPKkEj84ZssgGoHidEszB
EU2h0GpBPOdc7zddJHA6mUzjNXQn89py/X5AnF7XKZrW5PaaHP2YAvTd52HuB3fn
DFe5KsUqf4R+1uDoCHj0KUjS+9U6NMWpf2vPC6JdDFF7kbqYTPBUd1SNRO992RWl
0u5KypyEI2asmcNGuATA4h6P7JsLrOFkXxJePVfhyhd49ILPnYYR1PT179Si8wSb
LDX/G8vA/8vlrE40C+ALCWUoqHVQQIJmgQtJ/Dp3Kszp5fQZVUkg7UR5RT38leRD
p1vuYUcjtF9kJuyOvYBCAjhVBCtuYQ+VjSrwfdIfGT+cvO8ldbg9xVMKwjjiFuvs
z8EZ4UNqgCWORDewa8DCMNGvbQKWLV7GXUVVmEe2wnIeZOKylCTOtPBgP7oePTNx
3x29oX3D9RCoXZxfjODkYFJG4LWoBJALW0YXgqlrWLQScEW6Dxe2FhnLz7epNxl6
PDHprlX3UTFFFiLziuZrao83+eZmSFo9e7TRvsLHxne6eeQ2qQhH6MqKvDuK5U9g
MNShl+LihJqEB+fxJGvcGyJ4uMord8kdHof+M4/4VUBERpudoT3omN9jMJZoRWsL
oF9lvNmNeA==
=koRB
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [ANNOUNCE] WireGuard Snapshot `0.0.20180708` Available
  2018-07-08 16:52 [ANNOUNCE] WireGuard Snapshot `0.0.20180708` Available Jason A. Donenfeld
@ 2018-07-10 14:54 ` Roman Mamedov
  2018-07-10 14:57   ` Jason A. Donenfeld
  0 siblings, 1 reply; 7+ messages in thread
From: Roman Mamedov @ 2018-07-10 14:54 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

On Sun, 08 Jul 2018 18:52:32 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:

>   * receive: use NAPI on the receive path
>   
>   This is a big change that should both improve preemption latency (by not
>   disabling it unconditionally) and vastly improve rx performance on most
>   systems by using NAPI. The main purpose of this snapshot is to test out this
>   technique.

Just ran a few tests, it appears the performance is about 5-10% higher.
Great work!

Two VMs running on the same host (non-WG iperf3 is 14 Gbit/sec), typical
results (upgrading receiver machine only):

Single core:

Before: 1.06 Gbit/sec
After: 1.13 Gbit/sec

Dual core:

Before: 1.25 Gbit/sec
After: 1.35 Gbit/sec

Note that my "before" is a bit non-stock, but with a patch which removed two
calls of "simd_relax" (as I wanted to keep max performance over the
interactivity changes). "After" is the new snapshot without any patches.

-- 
With respect,
Roman

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [ANNOUNCE] WireGuard Snapshot `0.0.20180708` Available
  2018-07-10 14:54 ` Roman Mamedov
@ 2018-07-10 14:57   ` Jason A. Donenfeld
  2018-07-10 15:57     ` Roman Mamedov
  0 siblings, 1 reply; 7+ messages in thread
From: Jason A. Donenfeld @ 2018-07-10 14:57 UTC (permalink / raw)
  To: Roman Mamedov; +Cc: WireGuard mailing list

Hey Roman,

Thanks for the update. That's great to hear.

The latest snapshot will still have the same preemption relaxation
with simd_relax(), but gets performance gains by moving to napi, so
it's still faster overall. If you want the simd_relax() to not take a
hit and get maximum throughput, the right way of doing this is
actually to just disable preemption in your kernel with
PREEMPT_NONE=y.

Jason

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [ANNOUNCE] WireGuard Snapshot `0.0.20180708` Available
  2018-07-10 14:57   ` Jason A. Donenfeld
@ 2018-07-10 15:57     ` Roman Mamedov
  2018-07-10 18:37       ` Roman Mamedov
  0 siblings, 1 reply; 7+ messages in thread
From: Roman Mamedov @ 2018-07-10 15:57 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

On Tue, 10 Jul 2018 16:57:14 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:

> The latest snapshot will still have the same preemption relaxation
> with simd_relax(), but gets performance gains by moving to napi, so
> it's still faster overall. If you want the simd_relax() to not take a
> hit and get maximum throughput, the right way of doing this is
> actually to just disable preemption in your kernel with
> PREEMPT_NONE=y.

I build a single kernel to use across a diverse park of machines, including
servers, routers -- and a few GUI desktops. It is not an option for me to
disable preemption entirely in that kernel. (And it would be a hassle to build
two or more kernels each time).

However those of my hosts which are routers with WG, are NOT the same hosts
which are interactive desktops. So I don't want any sacrifices towards
interactivity *in WG*.

I'll probably test again without simd_relax, but from the past mailing list
discussion it seemed like that one doesn't affect things much. In any case,
it's great that you found a way to keep performance and increase interactivity
at the same time with NAPI.

-- 
With respect,
Roman

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [ANNOUNCE] WireGuard Snapshot `0.0.20180708` Available
  2018-07-10 15:57     ` Roman Mamedov
@ 2018-07-10 18:37       ` Roman Mamedov
  2018-07-10 18:38         ` Jason A. Donenfeld
  0 siblings, 1 reply; 7+ messages in thread
From: Roman Mamedov @ 2018-07-10 18:37 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

On Tue, 10 Jul 2018 20:57:29 +0500
Roman Mamedov <rm@romanrm.net> wrote:

> I'll probably test again without simd_relax

Somehow it's now noticeably worse without those. Even got some dips below
1 Gbit/s which I have never seen before, and the overall speed is lower.

-- 
With respect,
Roman

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [ANNOUNCE] WireGuard Snapshot `0.0.20180708` Available
  2018-07-10 18:37       ` Roman Mamedov
@ 2018-07-10 18:38         ` Jason A. Donenfeld
  2018-07-10 19:07           ` Roman Mamedov
  0 siblings, 1 reply; 7+ messages in thread
From: Jason A. Donenfeld @ 2018-07-10 18:38 UTC (permalink / raw)
  To: Roman Mamedov; +Cc: WireGuard mailing list

On Tue, Jul 10, 2018 at 8:37 PM Roman Mamedov <rm@romanrm.net> wrote:
>
> On Tue, 10 Jul 2018 20:57:29 +0500
> Roman Mamedov <rm@romanrm.net> wrote:
>
> > I'll probably test again without simd_relax
>
> Somehow it's now noticeably worse without those. Even got some dips below
> 1 Gbit/s which I have never seen before, and the overall speed is lower.

I might not be understanding you correctly. Do you mean to suggest
that removing simd_relax() actually harms performance now? That having
it in there helps performance?

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [ANNOUNCE] WireGuard Snapshot `0.0.20180708` Available
  2018-07-10 18:38         ` Jason A. Donenfeld
@ 2018-07-10 19:07           ` Roman Mamedov
  0 siblings, 0 replies; 7+ messages in thread
From: Roman Mamedov @ 2018-07-10 19:07 UTC (permalink / raw)
  To: Jason A. Donenfeld; +Cc: WireGuard mailing list

On Tue, 10 Jul 2018 20:38:24 +0200
"Jason A. Donenfeld" <Jason@zx2c4.com> wrote:

> I might not be understanding you correctly. Do you mean to suggest
> that removing simd_relax() actually harms performance now? That having
> it in there helps performance?

Actually no, after your message I swapped kernels again to recheck, and nope,
now the one with simd_relax removed appears faster a bit as it should be (by
about 5%).

Perhaps it was something else, maybe my test bench is not ideal: both
"dual-core" VMs run on the same 8-core FX-8350, which has some of its cores
coupled to share resources, so at the scheduler's whim VMs can probably affect
each other. (Will try further tests with affinity pinning).

-- 
With respect,
Roman

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, back to index

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-08 16:52 [ANNOUNCE] WireGuard Snapshot `0.0.20180708` Available Jason A. Donenfeld
2018-07-10 14:54 ` Roman Mamedov
2018-07-10 14:57   ` Jason A. Donenfeld
2018-07-10 15:57     ` Roman Mamedov
2018-07-10 18:37       ` Roman Mamedov
2018-07-10 18:38         ` Jason A. Donenfeld
2018-07-10 19:07           ` Roman Mamedov

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox