Looking for feedback: Samba upgrade

RMerlin

Asuswrt-Merlin dev
Howdy folks,

Last weekend was spent getting Samba 3.6.24 to work under Asuswrt-Merlin. The OpenWRT devs did a really good job at trimming the fat out of it, so size-wise it's reasonable enough to be used on the router.

Unfortunately, the end results aren't all that was expected.

The plus: you get a modern version of Samba, with improved interoperability with clients, and better security overall

The downside: performance drop. On the AC87U, read SMB performance dropped from 69 MB/s to 64-65 MB/s.

The surprising point: when enabling support for the SMB2 protocol (which is used by Win7 and newer versions), performance actually DROPPED rather than improve. When using SMB 2.02, read performance dropped to 55 MB/s. I was expecting an improvement there since SMB2 uses larger blocks. I suspect it would only help in a scenario where you are bottlenecked by the network, not by the CPU.

So because of this, I'm facing dilemma: is the performance drop worth the improved security and interoperability? If it were me, I'd say yes, at least for the router model with a faster CPU where the performance hit might not be as visible. Unfortunately, there are a lot of users out there who seem to only evaluate everything by raw numbers. For example, some people will rant at how wireless performance can drop by 5% after an update, without considering the fact that this drop might be the price to pay for a more STABLE, and sustained connection. That means I'd have to continuously have to defend the decision when people start complaining about the performance loss.

I'm sure this will come up, but yes, I already tested all the various optimizations suggested on the web (I must have spent an entire night doing just tests with different settings). The current settings were already optimal for the router's environment. The only thing that did help a bit was compiling Samba with the highest level of compiler optimization - the size tradeoff seemed pretty marginal, especially for the RT-AC87's 64 MB FW partition.

Right now, the code on Github can easily be compiled with the old or the modern version of Samba (it's a build time switch in the device profile).

I'd like to see what everyone thinks here about this, before devoting more time to testing it and adjusting/fixing new issues (for instance there might currently be a charset encoding issue with this new build).

For reference, the ARM version of Samba used by Asus is 3.0.25b. They probably backported a good bit of stuff over the years, but I doubt it's anywhere near the 3.6 branch.
 

panhead20

Occasional Visitor
Please upgrade any module or software that increases stability or security. Routers are not performance file/print servers nor a NAS. If users are looking for performance file server, using a router is not a wise choice.
 

Bamsefar

Senior Member
From my very simple perspective (working with risk elimination, with banks and IT):

1) Security - If it is not safe, why bother?
2) Stability - Stability is useless if it is not safe
3) Peformance - Performance is nothing without stability
4) Functionality - I don't need more functions, I need Security and Stability, then Performance. When all this works, then add functions.

This is how I would prioritize the challenge!
 

ColinTaylor

Part of the Furniture
Thanks for the info RMerlin. Can I ask;

1) What are the interoperability issues that this fixes? Are there widespread problems with the current version?

2) How does this effect less capable routers like the N66U? Do they see a similar drop in performance, in absolute or percentage terms?

I only have a flash drive plugged into my router to collect logs so that is the bottleneck, 4MB/s write and 14MB/s read. Personally I'd say go ahead with the newer version, but if I were running the media server with an attached USB3 hard disk I might think differently. :D
 

RMerlin

Asuswrt-Merlin dev
Thanks for the info RMerlin. Can I ask;

1) What are the interoperability issues that this fixes? Are there widespread problems with the current version?

I don't have any specific documented case there that is currently happening (but a couple of anecdotal reports here and there), but I know that at least in the case of Windows 7, Tomato devs/Oleg/Asus had to backport some code from Samba 3.5.x to allow their old 3.0.x to connect with Windows 7. So, it wouldn't surprise me to see more of these type of issues appear with OS X, newer versions of Windows, or some embedded devices that aren't tested as toroughly against older versions of Samba.

2) How does this effect less capable routers like the N66U? Do they see a similar drop in performance, in absolute or percentage terms?

I haven't done any MIPS-specific test yet. I did the initial development/testing on my RT-AC56U (this is my main development device, since it's left disassembled to make it easy to hook it over serial for low-level debugging), and then moved on to my main router (the AC87U). Worst case scenario, it would be possible for me to only enable Samba 3.6 in the faster ARM devices if the penalty is too steep with slower MIPS devices.

I want to finalize testing/tweaking on ARM first before I focus on the MIPS version. I'd also like to be able to totally ditch the partial Samba 3.5.8 build that is used by AiCloud, but so far I failed to port Asus's AiCloud-specific code from 3.5.8 to 3.6.24.

If a dev wants to try for himself, just enable "SAMBA36=y" in target.mak for the specific device, delete the .config file, and recompile the FW.

I only have a flash drive plugged into my router to collect logs so that is the bottleneck, 4MB/s write and 14MB/s read. Personally I'd say go ahead with the newer version, but if I were running the media server with an attached USB3 hard disk I might think differently. :D

At those speeds, I doubt the Samba upgrade will make any visible performance difference. I was more concerned about people who actually use their router as a cheap NAS, or the influx of support requests about "OMG it's slower please fix now!!!" I would be dealing with.
 

RMerlin

Asuswrt-Merlin dev
From my very simple perspective (working with risk elimination, with banks and IT):

1) Security - If it is not safe, why bother?
2) Stability - Stability is useless if it is not safe
3) Peformance - Performance is nothing without stability
4) Functionality - I don't need more functions, I need Security and Stability, then Performance. When all this works, then add functions.

This is how I would prioritize the challenge!

That's pretty close to my own project rationale as well for this firmware project (stability > performance > features). I didn't put Security into the mix because in the case of home devices, compromises often have to be made for the sake of ease of use. That's why uPNP is enabled by default on all home routers that I know of, for instance. Or, there is no requirement for a complex password to be set for the admin interface (tho for a while Asus had a strength checker to provide you with some feedback - that had to be removed because it created... a security hole. Of all things :) )

That's why I'm curious to see the general feedback there, see other points of view than my own, just in case. :)
 

abescalamis

Regular Contributor
The upgrade fixes some security issues, but this are home routers and only trusted clients access the hard drive at my house, I have set guest WiFi that I give to visitors and I block the intranet access.

I will just say to keep the current samba for now.
 

nairn62

Occasional Visitor
I also got Samba 3.6.24 to work under Asuswrt-Merlin back in July 2014. The main performance changes seem to be whether you use libtalloc/libtevent (and maybe libtdb). I didn't use the OpenWRT devs, so I'm not sure if these libraries were compiled into your code. Libtalloc, for example, is slower than malloc, but libtalloc/libtevent make up for this performance degradation by using faster memory allocation.

Samba 3.6.24 has only been running on my RT-AC87U for a couple of weeks, but it hasn't crashed it yet!
 
Last edited:

greggy101

Regular Contributor
stability & security - first.
performance - second.

Just my 2 cents :)
 

System Error Message

Part of the Furniture
cheaper routers like tp-link overcome this problem by allowing a client access to the usb device. The downside to this is that only 1 client can access it at a time but at the very least the performance is bottlenecked either by network or usb device speed.

Perhaps you can also add this feature to merlin firmware too as a choice for those that want performance but with the restriction of only 1 client at a time for that usb device.

I think samba performance on routers is mainly bottlenecked by the CPU. This is mainly a problem because there are is no DMA between the device and client like you have in your PC. I dont know if this is a chipset limitation or driver.
 

RMerlin

Asuswrt-Merlin dev
I also got Samba 3.6.24 to work under Asuswrt-Merlin back in July 2014. The main performance changes seem to be whether you use libtalloc/libtevent (and maybe libtdb). I didn't use the OpenWRT devs, so I'm not sure if these libraries were compiled into your code. Libtalloc, for example, is slower than malloc, but libtalloc/libtevent make up for this performance degradation by using faster memory allocation.

Samba 3.6.24 has only been running on my RT-AC87U for a couple of weeks, but it hasn't crashed it yet!

I compiled my build without libtalloc and libtevent because it was simpler, and I was expecting libtalloc to actually bring a performance drop. That's one thing worth investigating I suppose.

What I used from OpenWRT is mostly their patches that mostly take care of reducing the binary sizes, the build options are mostly based on Asus' own for the 3.5.8 build that they make for AiCloud.
 

RMerlin

Asuswrt-Merlin dev
The upgrade fixes some security issues, but this are home routers and only trusted clients access the hard drive at my house, I have set guest WiFi that I give to visitors and I block the intranet access.

I will just say to keep the current samba for now.

That's one of the reasons that made me pause there - security in a controlled environment isn't as important as when you are directly exposing something to the Internet. However keep in mind that you are partly exposing Samba to the WAN if you use AiCloud, although only indirectly.
 

RMerlin

Asuswrt-Merlin dev
Perhaps you can also add this feature to merlin firmware too as a choice for those that want performance but with the restriction of only 1 client at a time for that usb device.

There's already an option that lets you control how many simultaneous users you want to allow. The default value is 5.
 

White_Knight

Regular Contributor
Hello Merlin,
For me Work Stability and Security is First of All. Because of this i allways watch for updates!
Router not NAS, and work speed is second about i think.

My latest FW compilled point on this http://goo.gl/mJjVT1 commit

But look in target.mak file i see, for my MIPS N66U router this feature ( SAMBA36 ) is not present.
Could you tell,new SAMBA version is only for ARM devices or in future you include MIPS too ?

Thanks.
 

RMerlin

Asuswrt-Merlin dev
I compiled my build without libtalloc and libtevent because it was simpler, and I was expecting libtalloc to actually bring a performance drop. That's one thing worth investigating I suppose.

What I used from OpenWRT is mostly their patches that mostly take care of reducing the binary sizes, the build options are mostly based on Asus' own for the 3.5.8 build that they make for AiCloud.

Actually, you cannot disable the use of talloc from what I can see, only whether you want to compile it as a shared library, or static linked.
 

RMerlin

Asuswrt-Merlin dev
My latest FW compilled point on this http://goo.gl/mJjVT1 commit

But look in target.mak file i see, for my MIPS N66U router this feature ( SAMBA36 ) is not present.
Could you tell,new SAMBA version is only for ARM devices or in future you include MIPS too ?

Thanks.

I simply haven't added the option to all these profiles yet. As I wrote earlier, I haven't tested it at all under MIPS yet, I want to work out the existing issues on my development platform (an RT-AC56) before spending any time on the other models.
 

noric

Senior Member
Worst case scenario, it would be possible for me to only enable Samba 3.6 in the faster ARM devices if the penalty is too steep with slower MIPS devices.

...

I was more concerned about people who actually use their router as a cheap NAS, or the influx of support requests about "OMG it's slower please fix now!!!" I would be dealing with.

On my MIPS RT-N66U I have 19MB/read and 12MB/write. As ColinTaylor said, if there is a performance hit we should think if it's worth the encreased security: we risk destroying the NAS-like experience. While I don't think I have severe vulnerabilities to fix in my home network (at least I hope so... :) ).
 

oversim

Regular Contributor
Maybe in a router is the CPU the main bottleneck, and the absence of DMA (every transfer load the precious CPU clock cycles..).
IMHO, I'd vote per stability and security...

BTW: Does overclock improve SAMBA performances?
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top