Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hello all,
I've a question linked to tcp ip stack level and performances.
is it correct to say that the kernel addesses the level 1 to 3 of the ip stack level?
for example when you catch an udp message using a hook in the kernel comparing to open/bind socket and monitor it a Udp level.
I've also read that for performances issues catching a message at kernel level is faster than catching it at udp level. I understand that but how many times faster?
Is it still true as hw items are more powerful and I'm wondering if this gap is still large to avoid doing it?
Thanks for your help
I've a question linked to TCP/IP stack level and performances. Is it correct to say that the kernel addesses the level 1 to 3 of the TCP/IP stack ? For example when you catch an udp message using a hook in the kernel comparing to open/bind socket and monitor it a Udp level.
I've also read that for performances issues catching a message at kernel level is faster than catching it at UDP level. I understand that but how many times faster? Is it still true as hw items are more powerful and I'm wondering if this gap is still large to avoid doing it?
Basically Netfilter is a "hook" into the kernel too, so you define "at UDP level" as using NFQUEUE (which is a hook too) then yes, the latter would be slower because it relays packets through user land?
Pragmatically speaking, it does not matter, and here's why . . .
The process of sending-and-receiving network packets is a physical process, ruled by the physical realities of transmission lines and so-forth, and therefore occurring "on the order of milli-seconds."
The process of interpreting those packets, throughout the various layers of software that do so, takes place at CPU speeds: nano-seconds and micro-seconds. In other words: "at least one, if not two, orders of magnitude time-difference."
Regardless of how many microseconds the CPU spends interpreting each packet as it is sent or received, it simply makes no pragmatic difference to the actual rate at which said packets might be sent or received by the physical(!) hardware.
The software, if it wishes to be, can afford to be as "sloppy" as it wishes to be, and in the end it will make no pragmatic difference at all. The "ruling constraint," in this case, is entirely physical.
I've a question linked to TCP/IP stack level and performances. Is it correct to say that the kernel addesses the level 1 to 3 of the TCP/IP stack ? For example when you catch an udp message using a hook in the kernel comparing to open/bind socket and monitor it a Udp level.
I've also read that for performances issues catching a message at kernel level is faster than catching it at UDP level. I understand that but how many times faster? Is it still true as hw items are more powerful and I'm wondering if this gap is still large to avoid doing it?
TCP only has four layers, not 7. It is also possible (depending on the implementation) that none of the levels are in the kernel (I believe slip is/was implemented nearly entirely in a userspace application for the data link, then there is the "promiscuous mode" of the network interface driver allowing everything). I believe some of the packet layer can also be in user space (https://www.netfilter.org/documentat...g-HOWTO-7.html) for filtering purposes.
About the only time performance comes into play is when dealing with a DoS attack, as it helps to try and catch/drop/block the attacker as soon as possible, but that is usually a user mode activity.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.