tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Broadcast traffic on vlans leaks into the parent interface on NetBSD-5.1 (John Nemeth) writes:

> On Apr 27,  3:15am, David Laight wrote:
> } On Tue, Dec 04, 2012 at 10:17:23PM -0800, John Nemeth wrote:
> } > 
> } >      We use ISC's DHCP server.  As third party software, it is designed
> } > to be portable to many systems.  BPF is a fairly portable interface,
> } > thus a reasonable interface for it to use.
> } 
> } One thing I discovered long ago, in an operating system far ... well
> } not NetBSD is that dhcp's use of the bpf (equivalent) caused a data
> } copy for every received ethernet frame - at considerable cost.
> } I've NFI whether this happens withthe current code.
>      Given that DHCP is very low traffic, I'm not sure that this really
> matters.

I don't think that's what he means.  In most drivers, the idiom is

 if (there are bpf listeners) {
   m0 = cons up an mbuf chain that represents the packet
   bpf_mtap(m0, blah blah)

So the work to marshall the packet that might be tapped happens if there
is a listener, not if the listener wants this packet.

I haven't pored over this code for a few years, but my memory is that
typically there is no copy.  Often there is a fabricated ethernet header
in a faux mbuf on the stack, which ->m_next is a second faux mbuf with
external data pointing to the packet.  This of course depends on the
details of how the driver organizes data.

Regardless, I think two things would be nice (to go with my pony):

  marshalling and bpf tap of non-matching packets should be low cost

  if it's possible for dhcp to use raw sockets or something else, that
  would be better.  But I'm not sure that's easy or even doable.

> } Although DHCP has to do strange things in order to acquire the
> } original lease, renewing it should really only requires packets
> } with the current IP address.
>      True.  Renewing a lease takes two packets, a RENEW request, and an
> ACK.  Those packets are sent using assigned addresses for both the
> destination and the source.

But the point is that the server has to be listening for DISCOVER,

Attachment: pgpWZZbmaXOKz.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index