Hi,

I saw some discussions previously that FastSocket has been ported to CentOS 7 already on URL
https://github.com/gfreewind/fastsocket-CentOS7
But it seems that the link is out of date and could not be accessed any more.

Would you please let me know if the porting work is done already?

Thanks

这2项默认都是0，脚本没有设置

cat /sys/class/net/eth0/queues/rx-0/rps_flow_cnt
0

sysctl -a|grep net.core.rps_sock_flow_entries
net.core.rps_sock_flow_entries = 0

还有就是判断开启rps条件

if [[ ! $HW_QUEUES == $CORES ]]; then

改成

if [[ $HW_QUEUES -lt $CORES ]]; then

是否更恰当？

clear_tfile_check_list每次添加没有全局锁会混乱么？

I'm cloning this repo to make some modifications to customize. However, I've noticed that some CVEs which were confirmed and fixed by linux do not get patched in this repo. To enhance the availability of my project as far as possible, I will appreciate it if any of the CVE below do exist in this repo as well, so that I can fix these security issue myself by applying the corresponding patch.
Here are the CVEs I found in this repo unpatched, but get fixed in linux:

CVE-2011-1161 in kernel/drivers/char/tpm/tpm.c's function static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, size_t bufsiz), with patch here for your reference.

CVE-2022-2639 in kernel/net/openvswitch/datapath.c's function static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, int attr_len), with patch here for your reference.

CVE-2020-9383 in kernel/drivers/block/floppy.c's function static void set_fdc(int drive), with patch here for your reference.

CVE-2017-8824 in kernel/net/dccp/proto.c's function int dccp_disconnect(struct sock *sk, int flags), with patch here for your reference.

CVE-2019-7222 in kernel/arch/x86/kvm/x86.c's function static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, struct kvm_vcpu *vcpu, u32 access, u32 *error), with patch here for your reference.

CVE-2013-4587 in kernel/virt/kvm/kvm_main.c's function static int kvm_vm_ioctl_create_vcpu(struct kvm *kvm, u32 id), with patch here for your reference.

Hi,

I am running demo server to test fastsocket. The client I am using is ab benchmark.
The server works fine in the normal kernel mode. However, when I run it with LD_PRELOAD of faastsocket.so, it handles a single burst of packets and then at ab I get connection reset by peer. Can you please help me resolve this issue.

可以支持apache trafficserver吗？

With 4x 82599 10GE NIC，LD_PRELOAD，modprobe，shutdown iptables.
The connection per second of Fastsocket is lower than Linux 3.10. Is there anything I missed?
Thank you!

我在CentOS6.5上成功安装了fastsocket, 但是用它启动nginx之后:
LD_PRELOAD=/opt/fsocket/libfsocket.so nginx
再在另一台机器上用ab测试:
ab -n 100000 -c 1000 http://node1/
始终是这样的错误:
apr_socket_recv: Connection reset by peer (104)
当不用LD_PRELOAD启动nginx时就不会有任何错误。
请教是哪个环节有问题呢？
谢谢

It would be amazing to see this in the mainline kernel.
What is the status of this?

my nginx is compiled under non-root user，when I use non-root user start fastsocket and nginx，It‘s seem cannot work，how to solved it？

Hi, everybody:
Recently, there is something wrong with the Fastsocket mailing list hosted on librelist.com, that is post can not be receive from the mailing list... Then, please contact us with Github Issue instead of the mailing list for the moment and I hope we did not lost any post during the failure.

Hi!
How to compile fastsocket module with newer kernel?
I copied files from net/fastsocket to /path/to/kernel/net and builded but modprobe fastsocket says there is now such module and i can't find it in make menuconfig.
I'm not so familiar with kernel build.

Hi there

我尝试将FastSocket内核和模块都迁移到了PLinux（Linux On Power）平台，几乎未碰到错误（除了一个亲和性绑定sched_setaffinity 返回值EINVAL）。

在测试过程中，我发现如果不启用fastsocket加速，demo 程序 Server能做到4个（我只启动了4个worker）并行处理；但启用fastsocket以后，从运行观察中只看到一个server在处理，其他都是空闲状态。

因为这样的现象，所以启用Fastsocket以后，反而性能不如未启用前。请指教大致的原因何在？与CPU亲和那个函数是否有关？

Hello,

Do you think that there is an interest to deploy a fastsocket on a virtualized environnement ? (such as KVM) or on the host system ?

Perhaps you could try to run some benchmarks in these types of environnement ?

A last question: you wrote "Swith kernel : change grub file to (...)", could you explain ? what file ? (grub.cfg ?) and what should I modify ? :)

Thanks

Regards

我在centos 6.5 x_86下面编译安装fastsocket时报了一下错误 请问是什么问题？？
[root@bogon kernel]# make defconfig
HOSTCC scripts/basic/fixdep
HOSTCC scripts/basic/docproc
HOSTCC scripts/basic/hash
HOSTCC scripts/kconfig/conf.o
HOSTCC scripts/kconfig/kxgettext.o
HOSTCC scripts/kconfig/zconf.tab.o
HOSTLD scripts/kconfig/conf
*** Default configuration is based on 'i386_defconfig'

configuration written to .config

[root@bogon kernel]# make
scripts/kconfig/conf -s arch/x86/Kconfig
CHK include/linux/version.h
CHK include/linux/utsrelease.h
SYMLINK include/asm -> include/asm-x86
CC kernel/bounds.s
GEN include/linux/bounds.h
CC arch/x86/kernel/asm-offsets.s
GEN include/asm/asm-offsets.h
CALL scripts/checksyscalls.sh
CC scripts/mod/empty.o
HOSTCC scripts/mod/mk_elfconfig
MKELF scripts/mod/elfconfig.h
HOSTCC scripts/mod/file2alias.o
scripts/mod/file2alias.c:797: 警告：‘do_x86cpu_entry’定义后未使用
HOSTCC scripts/mod/modpost.o
HOSTCC scripts/mod/sumversion.o
HOSTLD scripts/mod/modpost
HOSTCC scripts/mod/mod-extract
HOSTCC scripts/selinux/genheaders/genheaders
HOSTCC scripts/selinux/mdp/mdp
HOSTCC scripts/kallsyms
HOSTCC scripts/pnmtologo
HOSTCC scripts/conmakehash
CC init/main.o
CHK include/linux/compile.h
UPD include/linux/compile.h
CC init/version.o
CC init/do_mounts.o
CC init/do_mounts_rd.o
cc1: warnings being treated as errors
In file included from include/linux/kmemtrace.h:12,
from include/linux/slub_def.h:13,
from include/linux/slab.h:162,
from include/linux/percpu.h:5,
from include/linux/percpu_counter.h:13,
from include/linux/fs.h:433,
from init/do_mounts_rd.c:3:
include/trace/events/kmem.h:528: 错误：‘struct address_space’在形参表内部声明
include/trace/events/kmem.h:528: 错误：它的作用域仅限于此定义或声明，这可能并不是您想要的
include/trace/events/kmem.h:528: 错误：‘struct address_space’在形参表内部声明
include/trace/events/kmem.h:528: 错误：‘struct address_space’在形参表内部声明
make[1]: *** [init/do_mounts_rd.o] 错误 1
make: *** [init] 错误 2
[root@bogon kernel]# uname -a
Linux bogon 2.6.32-504.1.3.el6.i686 #1 SMP Tue Nov 11 16:30:09 UTC 2014 i686 i686 i386 GNU/Linux

你好，请问可以提供下fastsocket的spec文件吗？我用centos src的spec不能正常进行编译 ：-）

Hi,
our team have developed a recurring vulnerability detection tool. This tool mainly uses static analysis methods, and it has a high detection accuracy in our dataset. We have also received positive feedback from other projects before.
we have scanned your fastsocket and found some vulnerabilities, which were confirmed and fixed by linux do not get patched in this repo. Here are some details as follows:

1. inet_create and inet6_create functions from kernel/net/ipv4/af_inet.c and kernel/net/ipv6/af_inet6.c respectively, which shares the similarity with CVE-2015-8543 and the patch is torvalds/linux@79462ad
2. pipe_iov_copy_from_user and pipe_iov_copy_to_user functions from kernel/fs/pipe.c , which shares the similarity with CVE-2015-1805 and the patch is torvalds/linux@637b58c
3. __mptctl_ioctl, mptctl_do_reset, mptctl_fw_download, mptctl_getiocinfo, mptctl_gettargetinfo, mptctl_readtest, mptctl_eventquery, mptctl_eventenable, mptctl_eventreport, mptctl_replace_fw, mptctl_mpt_command, mptctl_hp_hostinfo, mptctl_hp_targetinfo, compat_mptfwxfer_ioctl and compat_mpt_command functions from kernel/drivers/message/fusion/mptctl.c, which shares the similarity with CVE-2020-12652 and the patch is torvalds/linux@28d76df
4. sunkbd_interrupt function from kernel/net/ipv4/af_inet.c and kernel/drivers/input/keyboard/sunkbd.c, which shares the similarity with CVE-2020-25669 and the patch is torvalds/linux@77e70d3
5. vgacon_scroll function from kernel/drivers/video/console/vgacon.c, which shares the similarity with CVE-2020-28097 and the patch is torvalds/linux@973c096
6. notify_change function from kernel/fs/attr.c, which shares the similarity with CVE-2015-1350 and the patch is torvalds/linux@030b533
7. enable_nmi_window from kernel/arch/x86/kvm/svm.c, which shares the similarity with CVE-2015-8104 and the patch is torvalds/linux@cbdb967
8. isdn_ppp_ioctl, slhc_init, and sl_alloc_bufs functions from kernel/drivers/isdn/i4l/isdn_ppp.c, kernel/drivers/net/slhc.c and kernel/drivers/net/slip.c respectively, which shares the similarity with CVE-2015-7799 and the patch is torvalds/linux@4ab42d7
9. ext4_ext_split from kernel/fs/ext4/extents.c, which shares the similarity with CVE-2019-11833 and the patch is torvalds/linux@592acbf
10. snd_seq_client_enqueue_event, kernel_client_enqueue, snd_seq_fifo_event_in, snd_seq_cell_alloc and snd_seq_event_dup functions from kernel/sound/core/seq/seq_clientmgr.c, kernel/sound/core/seq/seq_fifo.c and kernel/sound/core/seq/seq_memory.c respectively, which shares the similarity with CVE-2018-1000004 and the patch is torvalds/linux@7bd8009
11. ext4_read_inode_bitmap and ext4_read_block_bitmap functions from kernel/fs/ext4/ialloc.c and kernel/fs/ext4/balloc.c respectively, which shares the similarity with CVE-2018-1093 and the patch is torvalds/linux@7dac4a1
12. ext4_mb_add_groupinfo and ext4_has_uninit_itable functions from kernel/fs/ext4/mballoc.c and kernel/fs/ext4/super.c respectively, which shares the similarity with CVE-2018-10876 and the patch is torvalds/linux@8844618
13. __ext4_get_inode_loc functions from kernel/fs/ext4/inode.c, which shares the similarity with CVE-2018-10882 and the patch is torvalds/linux@c37e9e0
14. flush_ldt, init_new_context, alloc_ldt, copy_ldt and convert_ip_to_linear functions from kernel/arch/x86/kernel/ldt.c and kernel/arch/x86/kernel/step.c respectively, which shares the similarity with CVE-2015-5157 and the patch is torvalds/linux@37868fe
15. create_kthread from kernel/kernel/kthread.c, which shares the similarity with CVE-2012-4398 and the patch is torvalds/linux@786235e
16. cypress_open from kernel/drivers/usb/serial/cypress_m8.c, which shares the similarity with CVE-2016-3137 and the patch is torvalds/linux@c55aee1
17. gru_handle_user_call_os and gru_check_context_placement functions from kernel/drivers/misc/sgi-gru/grufault.c and kernel/drivers/misc/sgi-gru/grumain.c respectively, which shares the similarity with CVE-2022-3424 and the patch is torvalds/linux@643a16a
18. rose_start_idletimer from ernel/net/rose/rose_timer.c, which shares the similarity with CVE-2022-2318 and the patch is torvalds/linux@9cc02ed
19. ext4_xattr_ibody_find and ext3_xattr_ibody_find functions from kernel/fs/ext4/xattr.c and kernel/fs/ext3/xattr.c respectively, which shares the similarity with CVE-2023-2513 and the patch is torvalds/linux@67d7d8ad99be
20. fib6_rule_action function from kernel/net/ipv6/fib6_rules.c, which shares the similarity with CVE-2023-3022 and the patch is torvalds/linux@a65120bae4b7
    We have preliminarily verified the correctness of the above list through static analysis. Would you can help to check if this bug is true? If it's true, please try to fix it, or I'd like to open a PR for that if necessary. Thank you for your effort and patience!

@gfreewind 你好，请问kernel-2.6.32-642能否使用fastsocket呢？如果可以的话，是不是只需要编译 library和module目录的东东就可以？

fastsocket.c -> ../kernel/net/fastsocket/fastsocket.c 这是一个无效的链接文件

你好， 我的 centos 6.5 在 编译安装内核的时候报错
sh /usr/local/src/fastsocket/kernel/arch/x86/boot/install.sh 2.6.32-431.29.2.el6.FASTSOCKET arch/x86/boot/bzImage
System.map "/boot"
Invalid output format udev. Choose from value,
device, list, or full
Invalid output format udev. Choose from value,
device, list, or full
Invalid output format udev. Choose from value,
device, list, or full
Invalid output format udev. Choose from value,
device, list, or full
Invalid output format udev. Choose from value,
device, list, or full
重启之后

我的操作系统环境是64位Centos6.5,在执行make install过程中出现以下错误：
ERROR: modinfo: could not find module vmhgfs
ERROR: modinfo: could not find module vsock
ERROR: modinfo: could not find module vmci
想问一下是什么原因？

Can you make a list for kernel modify with fastsocket? Thanks.

请问下fastsocket内核，应用层我能否跑带reuseport功能的程序？我这边有台机器带reuseport功能的程序启动不大正常，本来是要启动16个进程，只起来3-4个。

Upstream already supports early demux, for a long time. :)

list_for_each_entry_rcu(epi, &file->f_ep_links, fllink) {
ep = epi->ep;
mutex_lock(&ep->mtx);
ep_remove(ep, epi);
mutex_unlock(&ep->mtx);
}
如果不调用epoll_ctl DEL,直接close fd，那从close调用到此函数，

1. 这里没有在rcu_read_lock包含?
2. 这里不是list_for_each_safe, ep_remove会造成断链？

1、环境说明：
服务器配置：
CPU：16核Intel(R) Xeon(R) CPU E5620@ 2.40GHz
内存：20G
硬盘：900G
网卡：(eth5)Intel Corporation I350 Gigabit Network Connection (rev 01)
8队列千兆（队列绑定到后8个CPU核）
系统：CentOS release 6.4 (Final)
内核版本：

有执行nic.sh脚本
tengine版本：

2、测试前，加载fastsocket.ko(默认参数),使用libfsocket.so启动tengine


3、Client用wrk

4、测试完成后，内存情况

几分钟后，内存情况

又几分钟后，内存情况

同样，用fastos, 不加载fastsocket.ko,不使用libfsocket.so启动tengine,则不存在泄漏。
用fastsocket，tengine作proxy不存在泄漏。

不知是否遇到此问题，还是我本人的测试有问题，求指导。

hello，
FastSocket现在的版本好像只支持到CentOS6.5；我想了解一下支持CentOS7计划是怎样的？谢谢！

Will fastsocket work if i'm using 2.6.32-504 kernel?
Or it will work only with patched kernel (with included kernel)?

如果可以的话，要如何设置，是和haproxy的配置一样吗？thx！

当添加或者删除文件是epoll文件时,加了锁mutex_lock(&tep->mtx);,这里加锁是什么原因？

可不可以做成像网卡驱动一样的kernel module 。这样不用每次编译kernel更新kernel才可以使用。这个不适合批量部署，不太方便的呢。

rfd的代码为什么注释掉了？这样proxy 的回包如何保证分派到同一个cpu？