On Fri, Jul 13, 2012 at 07:37:09PM -0400, Ted Unangst wrote: > On Fri, Jul 13, 2012 at 17:56, Geoff Steckel wrote: > > On 07/13/2012 05:13 PM, Ted Unangst wrote: > >> On Fri, Jul 13, 2012 at 16:06, Andres Perera wrote: > >> > >>> you did! you explicitly said that it would be advantageous for > >>> programs looking to perform analysis on captured packets. for those > >>> programs, it turns out the placement of the filter doesn't matter > >> Sure it matters. Simple example: count packets by /24. Very simple, > >> but you can't do it with bpf. You have to pull all the packets to > >> userland, and bpf is kind of slow at that. > >> > >> Not sure why I wanted to wade into this, but nobody's going to force > >> you to use netmap. > > A perhaps silly question: in order to achieve the throughput described, > > is the application in a hard loop monitoring the ring status? If so, the > > statistic is of limited applicability. > > Well, of course if you want to count every packet you need to look at > every packet, but the total counts can be swept up on a daily or > whatever basis. If I want to know how much traffic I sent to XYZ/24 > last week, I'm still happy if that stat is missing the last minute of > traffic. I'm less happy if the stat is missing 33% of the total > traffic because bpf couldn't copy it out in time. >
To know how much traffic was sent to an IP range or any other kind of such accounting you only need 20bytes for IP and 40bytes for IPv6 per packet. If you make the bpf buffer large enough you can stick many of those headers into the bpf ring buffer. The main problem with netmap is, that it takes over the HW. It is X for networking and god beware your HW has a DMA ring bug - like gem(4), fxp(4) and a load of other drivers. And similar to X where you can not use the console and X at the same time, you can't use an interface or its DMA ring only for one mode at a time (bpf does not have that limitation). As I said it is a nice research project but I don't think it will change the way networking is done in general. -- :wq Claudio
