| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jul 2016 07:09:26 -0400 From: Jamal Hadi Salim <jhs@...atatu.com> To: Brenden Blanco <bblanco@...mgrid.com>, davem@...emloft.net, netdev@...r.kernel.org Cc: Martin KaFai Lau <kafai@...com>, Jesper Dangaard Brouer <brouer@...hat.com>, Ari Saha <as754m@....com>, Alexei Starovoitov <alexei.starovoitov@...il.com>, Or Gerlitz <gerlitz.or@...il.com>, john.fastabend@...il.com, hannes@...essinduktion.org, Thomas Graf <tgraf@...g.ch>, Tom Herbert <tom@...bertland.com>, Daniel Borkmann <daniel@...earbox.net> Subject: Re: [PATCH v6 05/12] Add sample for adding simple drop program to link On 16-07-07 10:15 PM, Brenden Blanco wrote: > Add a sample program that only drops packets at the BPF_PROG_TYPE_XDP_RX > hook of a link. With the drop-only program, observed single core rate is > ~20Mpps. > > Other tests were run, for instance without the dropcnt increment or > without reading from the packet header, the packet rate was mostly > unchanged. > > $ perf record -a samples/bpf/xdp1 $(</sys/class/net/eth0/ifindex) > proto 17: 20403027 drops/s > So - devil's advocate speaking: I can filter and drop with this very specific NIC at 10x as fast in hardware, correct? Would a different NIC (pick something like e1000) have served a better example? BTW: Brenden, now that i looked closer here, you really dont have apple-apple comparison with dropping at tc ingress. You have a tweaked prefetch and are intentionally running things on a single core. Note: We are able to do 20Mpps drops with tc with a single core (as shown in netdev11) on a NUC with removing driver overhead. cheers, jamal
Powered by blists - more mailing lists