Andres Perera [andre...@zoho.com] wrote: > On Fri, Jul 13, 2012 at 11:59 AM, Chris Cappuccio <ch...@nmedia.net> wrote: > > But having a generic mechanism to bring network data in/out userland for > > analysis or manipulation, abstracted in a secure way from the kernel across > > multiple network card types, and "zero copy", could be very useful. The > > typical response to this is "well just make the slow parts of the kernel > > more efficient and you won't need to do this" but, especially for pcap-type > > applications, I think netmap _is_ the solution. > > talking about userland capture exclusively: > > is there a comparison against freebsd bpf zero copy? how is better > than bpf overall? >
Luigi Rizzo's page talk about how efficient this technique is. IIRC, he says it can max out a 10G link with small packets using one core of a modern four-core intel processor. Of, course that is doing no useful work with the packets. But that gives you an idea of the overhead involved with managing the virtual tx/rx rings in the kernel. If you relied on the filtering features of the BPF, this doesn't help you. > i ask because there's been a considerable amount of work put into bpf > compilers so it's replacement better justify the time spent optimizing > it's predecessor It's not a replacement for BPF. Why go through layers and layers of kernel processing for applications that simply don't need to? That's the goal here. Not replacing BPF. Chris