Hi Stefano, On Wed, 2025-11-12 at 11:32 +0100, Stefano Brivio wrote:
Hmm, actually, I have a hack that's not quite correct (we should make ACK_INTERVAL adaptive instead, which is one of the other bits I'm working on), but if it fixes the issue for you, it should at least mean that we're talking about the same issue.
Patch attached. Can you give that a try?
That seemed to help quite a bit---it's now 200x faster than before, but still 10x slower than --network=host: $ curl --output /dev/null --progress-meter --form file=@./test.tar.gz "https://www.ctan.org/submit/validate" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 100M 0 345 100 100M 63 18.4M 0:00:05 0:00:05 --:--:-- 20.3M (With the original pasta, stopped early) $ podman run --rm --pull=newer --volume="$(realpath .):/srv/:Z" --workdir=/srv/ --network=pasta quay.io/fedora/fedora-minimal curl --output /dev/null --progress-meter --form file=@./test.tar.gz "https://www.ctan.org/submit/validate" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 4 100M 0 0 4 5056k 0 78152 0:22:21 0:01:06 0:21:15 39298⏎ (With the patch applied) $ podman run --rm --pull=newer --volume="$(realpath .):/srv/:Z" --workdir=/srv/ --network=pasta quay.io/fedora/fedora-minimal curl --output /dev/null --progress-meter --form file=@./test.tar.gz "https://www.ctan.org/submit/validate" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 100M 0 345 100 100M 8 2393k 0:00:42 0:00:42 --:--:-- 4729k $ podman run --rm --pull=newer --volume="$(realpath .):/srv/:Z" --workdir=/srv/ --network=host quay.io/fedora/fedora-minimal curl --output /dev/null --progress-meter --form file=@./test.tar.gz "https://www.ctan.org/submit/validate" % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 100M 0 345 100 100M 69 20.0M 0:00:04 0:00:04 --:--:-- 20.4M Also, I should mention that I'm using the following networking-related sysctls: net.core.wmem_max=7500000 net.core.rmem_max=7500000 net.ipv4.tcp_notsent_lowat=131072 net.core.default_qdisc=cake net.ipv4.tcp_congestion_control=bbr I read some articles that suggested that those were a good idea, and I've been using them for about a year now, but I can disable those for testing if you want. I'm also using systemd's IPAddressAllow/IPAddressDeny/RestrictAddressFamilies and some SELinux port restrictions; I can easily disable those too. Thanks, -- Max