From owner-freebsd-net@FreeBSD.ORG Thu Oct 16 14:19:02 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0D57116A4B3 for ; Thu, 16 Oct 2003 14:19:02 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C01B43F85 for ; Thu, 16 Oct 2003 14:19:01 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9p2/8.12.9) with ESMTP id h9GLIOMg067229; Thu, 16 Oct 2003 17:18:24 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h9GLIOMJ067226; Thu, 16 Oct 2003 17:18:24 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 16 Oct 2003 17:18:24 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Fernando A. Paulo" In-Reply-To: <20031016200604.72938.qmail@web41501.mail.yahoo.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: Question about bridging code X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2003 21:19:02 -0000 On Thu, 16 Oct 2003, Fernando A. Paulo wrote: > this is about the thread regarding the use of a freebsd bridge and > tap(4) to change the contents of the frames. > > the solution proposed in the list was to use: > > net.link.ether.bridge_cfg=fxp0:0,tap0:0,tap1:1,fxp1:1 > > then you'd write and application to bridge between clusters 0 and 1. > > i have a couple of questions, hopefully you can help me: > > 1) wont the userland bridge kill your application because of all the > context-switches and copies? > > 2) are you using any library to rebuild your frames (crc, etc)? i'm > thinking about libnet. > > i'd be very glad if you could help me with these doubts. I've done something very like this before for some research I did a few years ago. We built a user process ethernet bridge using BPF -- the process opened a BPF descriptor per interface that needed to be bridged, and then read/write frames using them, rewriting as needed. We implemented both link layer and IP-layer filtering. Because you have to copy every packet in and out of the kernel, it is fairly expensive -- however, if you just have a single process running on the system most of the time, there isn't a lot of context switching going on. The same is true of natd: natd hurts a lot worse from being in userspace if you simultaneously run tcpdump or trafshow on the host, since you force frequent context switches. My conclusion from my BPF bridge experience was that prototyping in userspace made it a lot easier to experiment with changes, and dramatically reduced the development time. On the other hand, it did terrible things to performance on high bandwidth tests, and because we weren't using mbufs in userspace, made it harder to port to the kernel. One nice benefit, though, was that we had TCP/IP people programming TCP/IP stuff without having to teach them about mbuf semantics or kernel debugging :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories