While thinking about what it would take to improve the capability of OpenSolaris to act as a worthwhile platform for observing network traffic, I delved into the dls code to see what happens with promiscuous mode packets.
There appears to be a serious architectural problem for high performance packet sniffing inside dls and mac: handing out a packet to a promiscuous listener requires that a copy of the packet is made. While some applications that make use of packets received in promiscuous mode are going to require their own copy, the most popular use (sniffing) does not. As an aside, this design does support using STREAMS to capture packets quite neatly as it allows complete packets to be queued up on the queue, awaiting their turn on the CPU, while packets are delivered to sockets simultaneously. But for many packets, the copy is made, given to the promiscuous handler and then the original is freed because it doesn't have a local destination. So... To get to a point where we can efficiently sniff packets from the ether, we need to look at how to enable promiscuous mode on a network interface such that it doesn't impact the delivery of normal packets. This should also lead to sniffing of packets not requiring meaningless copies for those that are being sniff'd and not received. Thoughts? Darren _______________________________________________ networking-discuss mailing list [email protected]
