evilsocket / opensnitch

OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
GNU General Public License v3.0
10.96k stars 511 forks source link

CPU/power usage on Linux v1.6.6 needs further improvement #1200

Closed geotro closed 1 month ago

geotro commented 1 month ago

I've been running opensnitch for years. Back in the day it tended to be quite bad. I am very happy to report it has been improving a lot in this area. Version 1.6.6 has further improved CPU and power usage, congratulations! Thank you to everyone who worked on this!

As someone who tries to optimize his laptop battery power usage religiously I do still see that opensnitchd uses more CPU than it should on a totally idle system, both CPU but especially network wise, even when comparing it to the many other, heavy processes that run at the same time. At any moment, including in the powertop screenshot below I have 4 separate Firefox instances with a combined hundreds of tabs open in them, and a Brave process with tons of open tabs as well.

Right now I left the system untouched, all browser processes running and the UI foucsed on powertop. I let it run idle for a bit and took the screenshot.

The screenshot below shows that opensnitchd still uses more CPU and therefore power than all of my other processes, and regularly shows near the top of the power consuming processes on my system.

It would be great if someone can look further into this and reduce CPU usage even further.

I love opensnitch, it's a wonderful and extremely important tool to have running. Thanks to everyone who is involved in making and improving it.

image

gustavo-iniguez-goya commented 1 month ago

hey @geotro !

What's the CPU usage of opensnitchd reported by top? In my system, with some tabs opened in firefox (a lot, but only a few active), the Events/s are ~45. Updating the system the Events increase to ~120/s, but only during the update.

How many opensnitch rules so you have?

geotro commented 1 month ago

Hi @gustavo-iniguez-goya

I have 50 rules. They are all allow rules for various apps.

According to top, opensnitchd hovers between 0.7% and 1.3%. It's definitely not much, but for an idle system I'd still hope for it to be less than that.

gustavo-iniguez-goya commented 1 month ago

aah I see, then that CPU usage while the system is idle is expected. One of the task which is running in background is the firewall rules checker, to ensure that we re-add them if they're deleted.

I added an option to configure or disable the check interval of that background task on the main branch (v1.7.0), but it's not available on v1.6.x.

There're some other background tasks which can't be really disabled for now.

Anyway, thank you for let us know this issue.

gustavo-iniguez-goya commented 1 month ago

By the way, there's another background task that maybe we won't need in the future, a monitor of established connections. Any call via netlink is a bit expensive, so maybe we can improve it in the future (hooking tcp_close() for example).

If we merge the send-recv-bytes branch , I think we won't need that background task anymore.