Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-20-2016, 08:07 AM
|
#1
|
LQ Newbie
Registered: Nov 2016
Posts: 4
Rep:
|
Tcp ip stack vs. perfo
hello all,
I've a question linked to tcp ip stack level and performances.
is it correct to say that the kernel addesses the level 1 to 3 of the ip stack level?
for example when you catch an udp message using a hook in the kernel comparing to open/bind socket and monitor it a Udp level.
I've also read that for performances issues catching a message at kernel level is faster than catching it at udp level. I understand that but how many times faster?
Is it still true as hw items are more powerful and I'm wondering if this gap is still large to avoid doing it?
Thanks for your help
|
|
|
11-20-2016, 10:26 AM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Your terminology isn't very clear to me so maybe explain it with a Real Life problem you're actually trying to solve please?
|
|
|
11-22-2016, 05:10 PM
|
#3
|
LQ Newbie
Registered: Nov 2016
Posts: 4
Original Poster
Rep:
|
Hi again,
I've a question linked to TCP/IP stack level and performances. Is it correct to say that the kernel addesses the level 1 to 3 of the TCP/IP stack ?
For example when you catch an udp message using a hook in the kernel comparing to open/bind socket and monitor it a Udp level.
Code:
+++++ <---------------------
| 7 |
+++++
| 6 |
+++++ User Space Level
| 5 |
+++++
| 4 |
+++++ <---------------------
| 3 |
+++++
| 2 | Kernel Level
+++++
| 1 |
+++++ <---------------------
TCP/IP
Stack
2) Performance issues:
The performance issue deals with the fact to catch a message at Kernel level ( https://www.google.fr/url?sa=t&rct=j...2sxXVzqOPzNBsw) comparing with a standard create, open, bind socket and select syscall. http://broux.developpez.com/articles/c/sockets/
I've also read that for performances issues catching a message at kernel level is faster than catching it at UDP level. I understand that but how many times faster? Is it still true as hw items are more powerful and I'm wondering if this gap is still large to avoid doing it?
Thanks for your help
|
|
|
11-22-2016, 08:30 PM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
Basically Netfilter is a "hook" into the kernel too, so you define "at UDP level" as using NFQUEUE (which is a hook too) then yes, the latter would be slower because it relays packets through user land?
|
|
|
11-22-2016, 09:28 PM
|
#5
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,970
|
Pragmatically speaking, it does not matter, and here's why . . .
The process of sending-and-receiving network packets is a physical process, ruled by the physical realities of transmission lines and so-forth, and therefore occurring "on the order of milli-seconds."
The process of interpreting those packets, throughout the various layers of software that do so, takes place at CPU speeds: nano-seconds and micro-seconds. In other words: "at least one, if not two, orders of magnitude time-difference."
Regardless of how many microseconds the CPU spends interpreting each packet as it is sent or received, it simply makes no pragmatic difference to the actual rate at which said packets might be sent or received by the physical(!) hardware.
The software, if it wishes to be, can afford to be as "sloppy" as it wishes to be, and in the end it will make no pragmatic difference at all. The "ruling constraint," in this case, is entirely physical.
|
|
|
11-23-2016, 07:43 AM
|
#6
|
Senior Member
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,908
|
Quote:
Originally Posted by LnxNewUser
Hi again,
I've a question linked to TCP/IP stack level and performances. Is it correct to say that the kernel addesses the level 1 to 3 of the TCP/IP stack ?
For example when you catch an udp message using a hook in the kernel comparing to open/bind socket and monitor it a Udp level.
Code:
+++++ <---------------------
| 7 |
+++++
| 6 |
+++++ User Space Level
| 5 |
+++++
| 4 |
+++++ <---------------------
| 3 |
+++++
| 2 | Kernel Level
+++++
| 1 |
+++++ <---------------------
TCP/IP
Stack
2) Performance issues:
The performance issue deals with the fact to catch a message at Kernel level ( https://www.google.fr/url?sa=t&rct=j...2sxXVzqOPzNBsw) comparing with a standard create, open, bind socket and select syscall. http://broux.developpez.com/articles/c/sockets/
I've also read that for performances issues catching a message at kernel level is faster than catching it at UDP level. I understand that but how many times faster? Is it still true as hw items are more powerful and I'm wondering if this gap is still large to avoid doing it?
Thanks for your help
|
Well... it is a little hard to compare an ISO networking model with the TCP networking model as the levels are "mixed up":
http://www.studytonight.com/computer...-osi-tcp-model
TCP only has four layers, not 7. It is also possible (depending on the implementation) that none of the levels are in the kernel (I believe slip is/was implemented nearly entirely in a userspace application for the data link, then there is the "promiscuous mode" of the network interface driver allowing everything). I believe some of the packet layer can also be in user space ( https://www.netfilter.org/documentat...g-HOWTO-7.html) for filtering purposes.
About the only time performance comes into play is when dealing with a DoS attack, as it helps to try and catch/drop/block the attacker as soon as possible, but that is usually a user mode activity.
Last edited by jpollard; 11-23-2016 at 07:46 AM.
|
|
|
All times are GMT -5. The time now is 10:15 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|