Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
protocol validity checksprotocol validity checksPosted Feb 1, 2006 3:57 UTC (Wed) by xoddam (subscriber, #2322)In reply to: That's not the only meaning of that statement by Ross Parent article: Van Jacobson's network channels can imagine an internal 'firewall' inspecting the header of each packet traversing a channel from userspace to ensure the app has sufficient privilege to send it. A pipeline stage with negligible performance impact -- it wouldn't thrash the cache, and if it's in the kernel it would involve no extra context switches.
(Log in to post comments)
protocol validity checks Posted Feb 1, 2006 6:38 UTC (Wed) by cventers (subscriber, #31465) [Link] Yeah, since you're writing into mapped memory, the kernel can check itout in place. And since there's no copy, it's going to be hanging out in the cache when the check has to take place.
protocol validity checks Posted Feb 3, 2006 4:15 UTC (Fri) by zblaxell (subscriber, #26385) [Link] kernel can check it out in place...while the user, maybe on another CPU, switches a few bits just after the kernel check but before the network card picks up the data.
Sneaky indeed! Posted Feb 3, 2006 5:48 UTC (Fri) by xoddam (subscriber, #2322) [Link] Ok, freely mapped memory doesn't cut it then. I wonder what theperformance impact of changing packet buffers' page permissions would be, relative to copying (and relative to keeping the TCP implementation in kernel space)?
|
|||||||||||