On Fri, Jul 13, 2012 at 12:43:42PM -0700, Chris Cappuccio wrote: > Andres Perera [[email protected]] wrote: > > On Fri, Jul 13, 2012 at 11:59 AM, Chris Cappuccio <[email protected]> wrote: > > > But having a generic mechanism to bring network data in/out userland for > > > analysis or manipulation, abstracted in a secure way from the kernel > > > across multiple network card types, and "zero copy", could be very > > > useful. The typical response to this is "well just make the slow parts of > > > the kernel more efficient and you won't need to do this" but, especially > > > for pcap-type applications, I think netmap _is_ the solution. > > > > talking about userland capture exclusively: > > > > is there a comparison against freebsd bpf zero copy? how is better > > than bpf overall? > > > > Luigi Rizzo's page talk about how efficient this technique is. IIRC, he > says it can max out a 10G link with small packets using one core of a > modern four-core intel processor. Of, course that is doing no useful > work with the packets. But that gives you an idea of the overhead > involved with managing the virtual tx/rx rings in the kernel.
If I glue two humongous DMA queues directly together in the kernel and just point them together then I can also put insane amount of traffic through a OpenBSD box but honestly it is cheaper to just use a longer cable in that case. > If you relied on the filtering features of the BPF, this doesn't help you. If you rely on anything else then moving buffers from interfaceto interface then it will not help you as much as you like. > > i ask because there's been a considerable amount of work put into bpf > > compilers so it's replacement better justify the time spent optimizing > > it's predecessor > > It's not a replacement for BPF. Nope, it is not even getting near the capabilities of BPF. There is not a single filter implemented. > Why go through layers and layers of kernel processing for applications > that simply don't need to? That's the goal here. Not replacing BPF. You think it is better to go through layers and layers of userland code? In the end you need to do the same work to process a packet. -- :wq Claudio
