Dramatically improve HAVP performance and save CF lifetime

Forums Network Management ZeroShell Dramatically improve HAVP performance and save CF lifetime

  • This topic is empty.
Viewing 15 posts - 1 through 15 (of 28 total)
  • Author
  • #42162

    Hi Folks,

    This is a simple guide on how to dramatically improve HAVP transparent proxy performance while extending the lifetime of your Flash Memory medium)

    Target audience: This guide is directed to those who use the Compact Flash image of Zeroshell, but may also be useful by those who boot Zeroshell from a CD and have the Database in a pendrive or other flash memory based medium (in this case, for cdrom installation, it may require minor adjustments – not tested)

    In its original ZS compact flash image, HAVP is configured to write the temporary files (the ones yet to be scanned) into the “/Database/var/register/system/havp/tmp” folder which resides into the writable partition of the Compact Flash.
    This original configuration is very performance impacting because writing to Flash Memory is way too slow. In addition, this also tends to reduce the life time of the medium since Flash Memory is subject to aging in the proportion of the number of writings.
    This guide aims to implement a workaround for these issues by enabling a on-memory scan, thus also avoiding Compact Flash frequent writes.

    Overall steps (UPDATE: The below guide became obsolete. A better approach is described in the 3rd post of this topic):

    Step 0 – Disable your HAVP proxy using the GUI, in the case it is currently enabled.

    Step 1 – Create a 50MB ext2 file-system virtual medium:

      > cd /Database
      > dd if=/dev/zero of=HAVP.ext2 count=100000
      > mkfs.ext2 HAVP.ext2
      (answer yes since it will complain that HAVP.ext2 is not a block device)

    NOTE: This will be a ram disk, so there is no need to have a journaled filesystem like ext3, thus ext2 should be fine.

    Step 2 – Prepare the HAVP.ext2 directory ownership for havp:

      > mount -o loop HAVP.ext2 /mnt
      > chown havp.havp /mnt
      > umount /mnt

    Step 3 – These commands have to be both executed in the Zeroshell’s shell AND added to your pre-boot scripts:

      > cat /Database/HAVP.ext2 >/dev/ram3
      > mount -omand,noatime /dev/ram3 /Database/var/register/system/havp/tmp

    NOTE: Be careful to not mistype it as /dev/ram2, which is your root ram filesystem ๐Ÿ˜‰

    Step 4 – Re-enable your HAVP proxy using the GUI

    Have fun…

    Performance Gains:

    I didn’t use any tool to benchmark this, but I set a configuration for the Opera Browser to, at startup and with disk cache off, open several sites with tons of hundreds of images and started it twice, each time with one configuration, i.e., with this ram fs mounted and with it unmounted. Using the ram disk, I could notice a 10+ times performance increase.
    Of course your performance gain will depend on the processing power of your box as well as the Compact Flash quality/speed.

    Additional Considerations:

    The disadvantage of this on-memory scan approach is that it permanently consumes 50MB of ram, although I’m using this in my 512MB Fit-pc Slim (a GeodeLX 500MHz based gadget) with no problems.
    I’m not yet sure if 50MB is a good value for the ram disk and, in the future, I may edit this post after some fine tunning.

    Good luck!


    Improving the guide with a bit of diskspace optimization:

    Add a new step between steps 2 and 3:

    Step 2.1 – gzip the HAVP.ext2 image:

      > gzip HAVP.ext2

    Modify step3 accordingly:

    Step 3 – These commands have to be both executed in the Zeroshell’s shell AND added to your pre-boot scripts:

      > gzip -dc /Database/HAVP.ext2.gz >/dev/ram3
      > mount -omand,noatime /dev/ram3 /Database/var/register/system/havp/tmp

    Hi Folks, I’ve just learned more about tmpfs…. ๐Ÿ™‚

    …and this simply made my original guide (the first post in this topic) obsolete.

    I’ll describe here a newer and better (yet simpler) approach using tmpfs.
    Using tmpfs solves the permanent memory allocation downside of the initial approach and makes the virus scanning even quicker.

    The new guide:

    Step 0 – Disable your HAVP proxy using the GUI, in the case it is currently enabled.

    Step 1 – Undo the original approach (This step is only needed IF you have implemented the first approach described in the first post of this topic, otherwise skip it and jump right to step 2):

      > cd /Database
      > rm HAVP.ext2
      > umount /Database/var/register/system/havp/tmp

      [ edit the pre-boot script and remove the lines you added there as part of the original guide ]

      NOTE1: Unfortunately, unless if you manage to get a copy of the “busybox” tool (which BTW is not that difficult to obtain), there is not an easy way to free up the space allocated by the ram disk mount used by the original approach, so, you will have to reboot your zeroshell box to free this memory. Fortunately the new approach will never suffer from the same problem.
      NOTE2: If you did manage to copy busybox to your Zeroshell instalation, instead of rebooting, just execute “busybox freeramdisk /dev/ram3”

    Step 2 – The following command have to be both executed in the Zeroshell’s shell AND added to your pre-boot scripts (through the Zeroshell’s GUI):

      > mount -omand,noatime,uid=havp,gid=havp,size=50m -ttmpfs none /Database/var/register/system/havp/tmp

    Step 3 – Re-enable your HAVP proxy using the GUI.

    Have fun…

    Why is tmpfs better?

    tmpfs is a memory filesysytem derived from ramfs that resides in the vfs layer and which framework is the same used by the kernel for caching all files of all mounted file systems. So, tmpfs reduces the overhead of having a format like ext2, ext3, etc, needed by the /dev/ramX devices. In addition, comparing to the original approach, it reduces cpu utilization and memory accesses for every file access when compared to /dev/ramX devices.

    Tmpfs eliminates the permanently allocated memory downside of using the traditional ram disks. The “size=50m” option just specifies the maximum limit size of the filesystem, not a permanent allocation. Tmpfs allocates memory on demand and only the necessary amount to hold the existing files. Every time a file is deleted or truncated, memory is freed.

    For more information on tmpfs refer to the documentation found on the kernel sources tree (note: this is not installed in your Zeroshell box):


    Best regards,


    Hi Marcelo,

    my df looks:

    Filesystem 1K-blocks Used Available Use% Mounted on
    /dev/ram2 31729 15404 16325 49% /
    /dev/hda2 140524 140524 0 100% /cdrom
    shm 484588 0 484588 0% /dev/shm
    /dev/hda1 13197 4900 7616 40% /boot
    /udev/hda3 806928 185428 580508 25% /DB
    /DB/_DB.001 806928 185428 580508 25% /Database
    none 51200 0 51200 0% /Database/var/register/system/havp/tmp

    HTTP Proxy refuses to start after the changes. Do you have any idea?



    df output looks fine.

    Sounds like a permission problem, are you sure you have executed the chown step?

    to check, run “ls -lad /Database/var/register/system/havp/tmp” from the shell. You should see (only the text in bold is important, the remaining text may differ a bit when you run):

    drwxrwxrwt 2 havp havp 540 Feb 5 15:32 /Database/var/register/system/havp/tmp


    Hi ,
    this is my ls:

    drwxrwxrwt 2 havp havp 40 Feb 5 21:30 /Database/var/register/system/havp/tmp

    I posted your code to /Database/var/register/system/startup/rc.local.
    After reboot there is no tmpfs. I changed also to /bin/mount and /bin/chown. But no tmpfs. Are there other pre-boot scripts?



    Ok, my tutorial could be clearer about what pre-boot scripts I’m refferring to: Pre-boot scripts are accessible from the Zeroshell’s GUI under Setup -> Startup / Cron -> pre-boot scripts.

    Editing rc.local in the filesystem won’t get persisted after reboot as the root filesystem is a ramdisk on Zeroshell.

    Getting back to your original problem: Did it work after fixing the directory permissions? If not, what is the output from the “free” command?


    No chanche, nothing works.

    Here is my screenshot:




    And the output of free:

    root@zeroshell root> free
    total used free shared buffers cached
    Mem: 969180 132216 836964 0 12108 36320
    -/+ buffers/cache: 83788 885392
    Swap: 131064 0 131064


    Ok, no reason for the previous commands not to work, but I edited the guide to make it simpler and replaced

    > mount -omand,noatime,size=50m -ttmpfs none /Database/var/register/system/havp/tmp
    > chown havp.havp /Database/var/register/system/havp/tmp


    > mount -omand,noatime,uid=havp,gid=havp,size=50m -ttmpfs none /Database/var/register/system/havp/tmp

    This will always make sure the ownership definition of the directory isn’t skiped as it has been directly incorporated in the mount command (no more chown needed).

    I also added a note that the pre-boot scripts I’m referring to is the Zeroshell’s GUI one



    – Never never use Opera Browser for administering Zeroshell web-gui.

    – Firefox works fine for me.

    – Enter the new code from Marcelo into Setup/Startup-Cron/Pre-Boot.
    – Check the status button and save.
    – Reboot.

    – Start HTTP Proxy from the gui. Checkbox is enabled andStatus shows DOWN.
    – Reboot.
    – HTTP Proxy Status shows ACTIVE

    Thanks a lot for your help.



    You are welcome.

    It doesn’t really require any reboot. Just execute the mount command both in the ZS shell and in the pre-boot script. If you are configuring your home router, rebooting is certainly a good way of testing that the pre-boot scripts are really working (or if you can afford doing this in a produciton router of your organization – in a maintenance window, maybe…).

    I’m happy it is working for you now. Enjoy your new “boosted speed” proxy.


    I tried this on my new zeroshell box because web browsing was painfully slow, even after I had disabled image scanning.

    after following this procedure the proxy starts fine.

    however there is absolutely no performance increase.

    the proxy is still mind-numbingly slow.

    I am running a p4 1500mhz with 128MB ram.

    note: the only reason I am using the proxy is for the url blacklist, not the a/v scanning.



    please, post here the output of your df command when typed in the router’s shell.


    Filesystem 1K-blocks Used Available Use% Mounted on
    /dev/ram2 31729 15349 16380 49% /
    /dev/hda2 140524 140524 0 100% /cdrom
    shm 62848 0 62848 0% /dev/shm
    /dev/hda1 13197 4900 7616 40% /boot
    /udev/hda3 806928 273828 492108 36% /DB
    /DB/_DB.001 806928 273828 492108 36% /Database
    none 51200 0 51200 0% /Database/var/register/system/havp/tmp

Viewing 15 posts - 1 through 15 (of 28 total)
  • You must be logged in to reply to this topic.