❦ 30 décembre 2016 09:47 +1000, Russell Stuart <russell-debian@stuart.id.au> : > [0] Now I've started, the Linux kernel's networking stack is a mess. > From the outside it looks like a mob of warning tribes, each > developing with their own way of doing the same thing. To people > not familiar with it this will sound like a hyperbolic claim. So > lets consider one simple task: dropping a packet. > > - Did you know the routing table can drop a packet? > "ip route add w.x.y.z/c blackhole" and > "ip route add w.x.y.z/c prohibit" and > "ip route add w.x.y.z/c unreachable" all do that. > > - The traffic control engine can "police" packets. You can "shot" > a packet during policing. (Being Australian, I find this odd, > but I'm sure US citizens will be comfortable with it). > > - Traffic control engine schedulers can also drop packets, (as well > as move them like a bridge, create duplicates and a lot of other > things). > > - Iptables can drop packets. This how most people do it. > > - The new nftables can drop packets. > > Not only can they drop packets, each has their own way of figuring > out what packets to drop. Which means each must pull apart the > packet to see it it matches, so the same work is being repeated > over and over again. The same work is not repeated over and over again. The kernel keeps the needed information in a structure to avoid parsing the packet several times. When you need to decide how to route the packet, you need to do a route lookup. If the route entry you find happens to be a blackhole route, you drop the packet. You didn't do any additional work. The same applies for all your examples. Those are different subsystems for different tasks. They all happen to have a way to drop packets but that's not their sole purpose. > This has real impacts. One is this spaghetti you see at the API > level is reflected underneath, making for one large, complex, hard > to understand and consequently fragile lump of code. Another is > the the BSD networking stack is faster than Linux - sometimes near > an order of magnitude faster(!) > > http://www.phoronix.com/scan.php?page=article&item=netperf-bsd-linux Those benchmarks show huge differences between Linux distributions for a kernel-related task. Like all phoronix benchmarks, it should not be trusted. -- In the first place, God made idiots; this was for practice; then he made school boards. -- Mark Twain
Attachment:
signature.asc
Description: PGP signature