On 3 Dec 2002, Oleg Goldshmidt wrote: [..snip..]
> 1) You'll go to userland for each packet, paying in performance. I > don't see how you can send only packets with bad checksum across > the border: if you could, you would have a simple solution for your > problem, I guess. > > 2) Libpcap grabs a copy of the packet, so you need to configure your > firewall (ipchains, I guess) to drop everything you grab, otherwise > the original packet will live on regardless of what you do to the > copy in userland. If you can rely upon the kernel to drop corrupted > packets (can you?) you can send only those you have corrected back, > ignoring the rest. actualy, netlink can be used to do both sides of the task. one can write a netlink program that will see all packets, find those with the broken CS field, fix only this field, and tell the kernel to move the packet onwards. all this - wihtout copying the full packet to user space - only its header. i don't remember the full details, but as far as i saw, it is do-able, and is not _that_ hard. this has an advantage of making sure the packets don't go out-of-order - while if you grab them using pcap, the packets _may_ go out-of-order - it shouldn't hurt functionality (after all, proper UDP-based applications need to be able ot handle out-of-order packets) - but it may hurt performance. using this solution, btw, will easily handle a sustained 10MBps link on a 500MHz p-3, even with full packet copying - and is likely to sustain a much higher bandwidth (especially that you don't copy all pakcets to user-space in this way). note: it could be that pcap uses BSD filters to filter the packets already inside the kernel, which might make it give better performance. -- guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]