| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 20 Apr 2013 13:31:02 +0200 From: Daniel Borkmann <dborkman@...hat.com> To: David Miller <davem@...emloft.net> CC: gregkh@...uxfoundation.org, stephen@...workplumber.org, netdev@...r.kernel.org, Eric Leblond <eric@...it.org>, Eric Dumazet <eric.dumazet@...il.com> Subject: Re: [RFC 1/2] netmap: infrastructure (in staging) On 04/19/2013 09:58 PM, David Miller wrote: > From: Greg KH <gregkh@...uxfoundation.org> > Date: Fri, 19 Apr 2013 12:45:37 -0700 > >> On Fri, Apr 19, 2013 at 12:06:51PM -0700, Stephen Hemminger wrote: >>> Netmap is a framework for packet generation and capture from user >>> space. It allows for efficient packet handling (up to line rate on >>> 10Gb) with minimum system load. For more info see: >>> http://info.iet.unipi.it/~luigi/netmap/ > > So are you saying that people can't get line rate today? > > Even the the suricata folks are doing deep packet inspection at line > rate using AF_PACKET fanouts just fine. That means they aren't just > grabbing packets, they are actually processing them and making > stateful decisions based upon the packet's contents. > > That means that capture is cheap enough already that they have all > the compute left over that they need. > > The existing mechanisms also have the huge advantage that they are > already implemented, require zero driver specific changes, and are > already starting to be deployed to end users. +1, and if so, then I'm actually rather for further improving/optimizing/.. AF_PACKET. Btw., Eric had a blog post from 2012 about this topic (and maybe TPACKET_V3 could even further improve perf. over TPACKET_V2 on this): https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/ Also, I just looked over Netmap's Usenix paper from 2012, where they compare netmap against pktgen, and while they state the version of the FreeBSD kernel where they did the evaluation on, they just don't even mention the Linux' kernel version, their Linux kernel setup etc. Not even mentioning a comparison of PF_PACKET+fanout (similarly as the PF_RING project seems to avoid this comparison and only presents perf numbers where they just count packets !). Also, I've seen other papers published in 2012 on this topic, where they compare performance with a 2.6.2x kernel, hm, quite sad actually. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists