On 10/9/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > On Tue, Oct 09, 2007 at 08:03:18PM +0200, Henning Brauer wrote: > > > So, assuming the box is a pure firewall / static router (so just pf and > > > static routes), even with multiple interfaces, all those tasks run in a > > > single kernel thread? > > > > yup
actually, i think henning wanted to say that the network stack runs in no threads. :) > Why is this? Is there a security reason why the kernel is > single-thread; is it OBSD resource limitations (no developer time, no > hardware, etc); is it not enough interest yet? the stack runs entirely as interrupts. if there were a thread, we could add another, but going from 0 to 1 is more work than 1 to 2. networking workloads do not always divide up among CPUs nicely. assuming the code is written, just turning 2 or more CPUs loose on a stream of packets is likely to result in reordering, which is bad. to avoid reordering, you need lots of queueing, which hurts performance and drives up latency. the problem is unfortunately not as simple as add a lock here, a thread there, and presto.
