Date: Fri, 9 Jan 2004 15:51:43 -0600 From: "Guy Helmer" <ghelmer@palisadesys.com> To: "Richard Bejtlich" <richard_bejtlich@yahoo.com>, <freebsd-net@freebsd.org> Subject: RE: Paper on device polling and packet capture performance Message-ID: <FPEBKMIFGFHCGLLKBLMMEEIKCDAA.ghelmer@palisadesys.com> In-Reply-To: <20040109171717.33976.qmail@web60804.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Richard Bejtlich wrote on January 09, 2004 11:17 AM > I was wondering if anyone read the paper by Luca Deri > (of Ntop fame) on "Improving Passive Packet Capture: > Beyond Device Polling": > > http://luca.ntop.org/Ring.pdf > > Luca makes some astounding claims regarding packet > capture performance, with FreeBSD performing very well > when device polling is enabled. Looks interesting. I would hope the packet loss with FreeBSD and polling could be eliminated by tweaking the HZ and kern_frac/user_frac parameters, unless the machine is just too slow to handle the load. However, I think tying directly into the network drivers isn't as general an approach as is working at a little higher level in the system. The network device drivers have been modified in the past to perform special functions (e.g., polling) but it is more useful and less bug-prone to push general functions into the system at other levels (e.g., bridging, which used to have hooks into each network device driver). I want to look at memory-mapped access to the BPF device. This would preserve the existing network device drivers while reducing mbuf copies, context switches/user-kernel transitions, and latency. Performance ought to be comparable to Luca's approach, and this would also preserve bpf filtering capability. (If someone else has already done this, I'd love to know where to find the code!) > A wrote a short and probably naive synopsis for my > Blog: > > http://taosecurity.blogspot.com/2004_01_01_taosecurity_archive.htm > l#107358025105922521 > > Does anyone care to comment on the paper? (I asked > Luca and he agreed to this post.) > > Thank you, > > Richard Bejtlich > http://www.taosecurity.com Thanks for bringing this to my attention! Guy Helmer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FPEBKMIFGFHCGLLKBLMMEEIKCDAA.ghelmer>