admin/geedge-jira
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6a8bfef5778fc7ddd06fa05776bf1ecd0f61d4c4
geedge-jira/md/OMPUB-1081.md
hello 46daec8ae4 first
2025-09-14 21:52:36 +00:00

113 lines
3.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 【E21现场】Bole-IGW NPB04 频繁出现单核CPU占用100%
| ID | Creation Date | Assignee | Status |
|----|----------------|----------|--------|
| OMPUB-1081 | 2023-12-11T23:13:41.000+0800 | 刘文坛 | 已关闭 |
---
*现象*
* 包处理核短时间内使用率100%触发Overload Protection一定概率导致自检不通过
* 使用 top -d 0.5提高cpu占用显示频率占用100%的时间多维持在1-2秒
* CPU占用100%的线程无特定规律不定时在各个核之前变化存在同时多个2-3个核占用100%的情况
*现场信息*
* perf top -C [core-id]该线程memcpy和memset调用排名靠前同时maat相关调用显著高于其他线程
* 生成火焰图当包处理占用CPU 70%100%占满持续时间较短70%为生成火焰图过程的平均值maat占用约24%显著高于其他线程正常约占4%
*推测*
* 部分流量触发maat命中导致CPU占用和内存拷贝显著增加
* 现场maat版本 v4.0.42
*[^master.maat.status]无异常*
[^cpu20.perf.svg]!image-2023-12-11-23-13-05-395.png|width=1390,height=839!
!image-2023-12-11-23-13-27-176.png|width=1487,height=985!
!image-2023-12-11-23-15-29-293.png!**yangwei** commented on *2023-12-12T16:43:43.429+0800*:
* 对应时段产生了死锁检测的日志显示Firewall调用maat_scan_string时耗时长
!image-2023-12-12-16-42-59-624.png|width=1492,height=554!
* 由于backtrace日志中maat的堆栈未显示安装debuginfo进一步排查
** addr2line -e /opt/tsg/framework/lib/libmaat4.so.4 0x5c2cc6查找对应的堆栈现场显示无法定位到具体的代码行
** gdb /opt/tsg/framework/lib/libmaat4.so.4
*
**
*** list *0x5c2cc6
*** 显示对应的堆栈在执行hs_scan_stream此时输入的扫描内容为HTTP Host
与[~liuwentan] 确认后当前maat4对于字符串扫描无论是否完整扫描底层都直接调用{*}Hyperscan的流式扫描接口{*}需要确认Hyperscan单核流式扫描的benchmark以便进一步的分析流式扫描性能不足是否是本次CPU占用100%的原因
 
---
**liuwentan** commented on *2023-12-12T17:30:16.832+0800*:
*Hyperscan流式扫描*
# 每次扫描只命中1条规则将单核 cpu 跑满的吞吐在{*}77MB{*}左右浮动
# 每次扫描命中100条规则将单核 cpu 跑满的吞吐在5{*}MB{*}左右浮动
---
**gitlab** commented on *2023-12-21T10:24:59.437+0800*:
[liuwentan|https://git.mesalab.cn/liuwentan] mentioned this issue in [a commit|https://git.mesalab.cn/MESA_framework/maat/-/commit/759f625cb178ada2751a9980062c4c9045a83675] of [MESA Framework / Maat|https://git.mesalab.cn/MESA_framework/maat] on branch [dev-23.07|https://git.mesalab.cn/MESA_framework/maat/-/tree/dev-23.07]:{quote}[PATCH]add bloom filter to optimize performance => OMPUB-1081{quote}
---
**liuwentan** commented on *2023-12-21T11:15:13.339+0800*:
maat v4.0.49 增加 bloom filter 进行 pattern_id 的去重,优化性能
---
**yangwei** commented on *2024-03-25T13:50:39.909+0800*:
升级后问题暂未复现关闭本issue
---
## Attachments
**47681/cpu20.perf.svg**
---
**47680/image-2023-12-11-23-13-05-395.png**
---
**47679/image-2023-12-11-23-13-27-176.png**
---
**47682/image-2023-12-11-23-15-29-293.png**
---
**47690/image-2023-12-12-16-42-59-624.png**
---
**47683/master.maat.status**
---
Reference in New Issue View Git Blame Copy Permalink