Date: Mon, 20 Sep 2004 22:53:19 +0200 From: Andre Oppermann <andre@freebsd.org> To: Petri Helenius <pete@he.iki.fi> Cc: net@freebsd.org Subject: Re: pfil question Message-ID: <414F433F.97A1A789@freebsd.org> References: <20040905121111.GA78276@cell.sick.ru> <4140834C.3000306@freebsd.org> <20040909171018.GA11540@cell.sick.ru> <4140A8F5.92E4A2DF@freebsd.org> <414F3636.1040807@he.iki.fi>
next in thread | previous in thread | raw e-mail | index | archive | help
Petri Helenius wrote: > > Andre Oppermann wrote: > > >BTW: You may be better off using pfil_hooks instead of netgraph for your > >tool. You'll save one m_copym and m_freem for each packet. > > > Is pfil zero copy or one copy by default? If the driver supports it, > does a packet get directly DMA'd in mbufs and passed over the pf which > then drops the packet if applicable? pfil is in the ip_input() and ip_output() path. pfil stands for packet filter hooks. You chose to hook yourself into both of them or either of input or output. You get a reference to the mbuf passed when being called from the pfil hook. You can modify the packet (but it must still be a valid packet of that address family afterwards) or you can 'consume' the packet. That means you can take the packet and move it somewhere else (like dummynet into a queue for example) or you can decide to drop it (m_freem). pfil is zero-copy because of the mbuf pointer passing. The packet has been DMA'd to memory before naturally (otherwise we don't have access to it). > Also, did the locking work for network stack in 5.3 make pf fully > parallel so packets arriving can be processed by multiple CPU's? Do > these need to be coming in from multiple interfaces or can even packets > from one interface be distributed among multiple CPU's? The pfil hooks mechnism doesn't have any locking (other than for configuration changes) in itself. Which means more than one CPU can enter a pfil hook at the same time. All pfil hooks consumers have to do their own locking. If your pfil hook consumer doesn't require any internal locking then as many packets as you have CPUs can be in there at the same time. Which CPU handles a packet depends on which one is servicing the interrupt to collect the packet from the network interface. If the network driver is fully SMP capable then everthing can work fully in parallel. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?414F433F.97A1A789>