From owner-freebsd-net@FreeBSD.ORG Mon Sep 20 20:53:10 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D30CA16A4CE for ; Mon, 20 Sep 2004 20:53:10 +0000 (GMT) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B06643D41 for ; Mon, 20 Sep 2004 20:53:10 +0000 (GMT) (envelope-from andre@freebsd.org) Received: (qmail 41634 invoked from network); 20 Sep 2004 20:47:28 -0000 Received: from unknown (HELO freebsd.org) ([62.48.0.53]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 20 Sep 2004 20:47:28 -0000 Message-ID: <414F433F.97A1A789@freebsd.org> Date: Mon, 20 Sep 2004 22:53:19 +0200 From: Andre Oppermann X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Petri Helenius References: <20040905121111.GA78276@cell.sick.ru> <4140834C.3000306@freebsd.org> <20040909171018.GA11540@cell.sick.ru> <4140A8F5.92E4A2DF@freebsd.org> <414F3636.1040807@he.iki.fi> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: Gleb Smirnoff cc: net@freebsd.org Subject: Re: pfil question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2004 20:53:10 -0000 Petri Helenius wrote: > > Andre Oppermann wrote: > > >BTW: You may be better off using pfil_hooks instead of netgraph for your > >tool. You'll save one m_copym and m_freem for each packet. > > > Is pfil zero copy or one copy by default? If the driver supports it, > does a packet get directly DMA'd in mbufs and passed over the pf which > then drops the packet if applicable? pfil is in the ip_input() and ip_output() path. pfil stands for packet filter hooks. You chose to hook yourself into both of them or either of input or output. You get a reference to the mbuf passed when being called from the pfil hook. You can modify the packet (but it must still be a valid packet of that address family afterwards) or you can 'consume' the packet. That means you can take the packet and move it somewhere else (like dummynet into a queue for example) or you can decide to drop it (m_freem). pfil is zero-copy because of the mbuf pointer passing. The packet has been DMA'd to memory before naturally (otherwise we don't have access to it). > Also, did the locking work for network stack in 5.3 make pf fully > parallel so packets arriving can be processed by multiple CPU's? Do > these need to be coming in from multiple interfaces or can even packets > from one interface be distributed among multiple CPU's? The pfil hooks mechnism doesn't have any locking (other than for configuration changes) in itself. Which means more than one CPU can enter a pfil hook at the same time. All pfil hooks consumers have to do their own locking. If your pfil hook consumer doesn't require any internal locking then as many packets as you have CPUs can be in there at the same time. Which CPU handles a packet depends on which one is servicing the interrupt to collect the packet from the network interface. If the network driver is fully SMP capable then everthing can work fully in parallel. -- Andre