[stunnel-users] 23 secs to list 5000 files using stunnel and samba on linux

Wed Apr 2 05:12:09 CEST 2008

Hi

I'm using the following s/w versions on RHEL3:

Stunnel: 4.04   (also experimenting with 4.22, no difference so far)
Samba: 3.0.9-1.3E.10
Kernel: 2.4.21-32.0.1.EL

Stunnel is used to encrypt samba connections from linux clients because
redhat 3 doesn't support NTLMv2 (cifs not standard and probably not an
option).  To list 5000 files (simply typing ls within a mounted directory on
the client) it consistently takes around 20-23 seconds to return the data.
Listing is almost instantaneous when using a windows client, or using a
linux client without stunnel.  As a side note, if I pipe the result to
/dev/null it takes around 9 seconds (?).  The network forwarding path from
the samba client to samba server is: smbclient > localhost:924 > stunnel >
remotehost:923 > stunnel > samba server (port 446)

Tcpdump shows that when using stunnel about 10500 packets are
generated, minus stunnel it's more like 500.  I'd expect some overhead
related to SSL, but 21 times the traffic seems a little excessive.  I've
experimented with socket options such as TCP_NODELAY, SO_LINGER,
SO_RCVLOWAT, SO_OOBINLINE, etc with no improvement at all.  However, my
understanding of these is pretty superficial so I'm not confident I've
exhausted all options here (ie perhaps combining multiple settings at once).

I've got stunnel debug set to 7 on client and server.  No errors and no
logging at all except for the initial handshake when the mount is created.
Including the tcpdump would probably be excessive at this stage.  In
summary, using stunnel the data gets transmitted in packets usually
containing around 200 bytes, whereas without stunnel it's mostly 1408 byte
packets.

Any suggestions?

Thanks

Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080402/c8e48e65/attachment.html>