LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-20-2016, 08:07 AM   #1
LnxNewUser
LQ Newbie
 
Registered: Nov 2016
Posts: 4

Rep: Reputation: Disabled
Tcp ip stack vs. perfo


hello all,
I've a question linked to tcp ip stack level and performances.
is it correct to say that the kernel addesses the level 1 to 3 of the ip stack level?
for example when you catch an udp message using a hook in the kernel comparing to open/bind socket and monitor it a Udp level.

I've also read that for performances issues catching a message at kernel level is faster than catching it at udp level. I understand that but how many times faster?

Is it still true as hw items are more powerful and I'm wondering if this gap is still large to avoid doing it?
Thanks for your help
 
Old 11-20-2016, 10:26 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Your terminology isn't very clear to me so maybe explain it with a Real Life problem you're actually trying to solve please?
 
Old 11-22-2016, 05:10 PM   #3
LnxNewUser
LQ Newbie
 
Registered: Nov 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
Hi again,

I've a question linked to TCP/IP stack level and performances. Is it correct to say that the kernel addesses the level 1 to 3 of the TCP/IP stack ?
For example when you catch an udp message using a hook in the kernel comparing to open/bind socket and monitor it a Udp level.

Code:
 +++++   <---------------------
 | 7 |
 +++++
 | 6 | 
 +++++    User Space Level
 | 5 |
 +++++
 | 4 |
 +++++   <---------------------
 | 3 |
 +++++  
 | 2 |    Kernel Level
 +++++
 | 1 |
 +++++   <---------------------
 TCP/IP
 Stack
2) Performance issues:
The performance issue deals with the fact to catch a message at Kernel level (https://www.google.fr/url?sa=t&rct=j...2sxXVzqOPzNBsw) comparing with a standard create, open, bind socket and select syscall. http://broux.developpez.com/articles/c/sockets/


I've also read that for performances issues catching a message at kernel level is faster than catching it at UDP level. I understand that but how many times faster? Is it still true as hw items are more powerful and I'm wondering if this gap is still large to avoid doing it?

Thanks for your help
 
Old 11-22-2016, 08:30 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Basically Netfilter is a "hook" into the kernel too, so you define "at UDP level" as using NFQUEUE (which is a hook too) then yes, the latter would be slower because it relays packets through user land?
 
Old 11-22-2016, 09:28 PM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,614
Blog Entries: 4

Rep: Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998Reputation: 2998
Pragmatically speaking, it does not matter, and here's why . . .

The process of sending-and-receiving network packets is a physical process, ruled by the physical realities of transmission lines and so-forth, and therefore occurring "on the order of milli-seconds."

The process of interpreting those packets, throughout the various layers of software that do so, takes place at CPU speeds: nano-seconds and micro-seconds. In other words: "at least one, if not two, orders of magnitude time-difference."

Regardless of how many microseconds the CPU spends interpreting each packet as it is sent or received, it simply makes no pragmatic difference to the actual rate at which said packets might be sent or received by the physical(!) hardware.

The software, if it wishes to be, can afford to be as "sloppy" as it wishes to be, and in the end it will make no pragmatic difference at all. The "ruling constraint," in this case, is entirely physical.
 
Old 11-23-2016, 07:43 AM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,712

Rep: Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279Reputation: 1279
Quote:
Originally Posted by LnxNewUser View Post
Hi again,

I've a question linked to TCP/IP stack level and performances. Is it correct to say that the kernel addesses the level 1 to 3 of the TCP/IP stack ?
For example when you catch an udp message using a hook in the kernel comparing to open/bind socket and monitor it a Udp level.

Code:
 +++++   <---------------------
 | 7 |
 +++++
 | 6 | 
 +++++    User Space Level
 | 5 |
 +++++
 | 4 |
 +++++   <---------------------
 | 3 |
 +++++  
 | 2 |    Kernel Level
 +++++
 | 1 |
 +++++   <---------------------
 TCP/IP
 Stack
2) Performance issues:
The performance issue deals with the fact to catch a message at Kernel level (https://www.google.fr/url?sa=t&rct=j...2sxXVzqOPzNBsw) comparing with a standard create, open, bind socket and select syscall. http://broux.developpez.com/articles/c/sockets/


I've also read that for performances issues catching a message at kernel level is faster than catching it at UDP level. I understand that but how many times faster? Is it still true as hw items are more powerful and I'm wondering if this gap is still large to avoid doing it?

Thanks for your help
Well... it is a little hard to compare an ISO networking model with the TCP networking model as the levels are "mixed up":
http://www.studytonight.com/computer...-osi-tcp-model

TCP only has four layers, not 7. It is also possible (depending on the implementation) that none of the levels are in the kernel (I believe slip is/was implemented nearly entirely in a userspace application for the data link, then there is the "promiscuous mode" of the network interface driver allowing everything). I believe some of the packet layer can also be in user space (https://www.netfilter.org/documentat...g-HOWTO-7.html) for filtering purposes.

About the only time performance comes into play is when dealing with a DoS attack, as it helps to try and catch/drop/block the attacker as soon as possible, but that is usually a user mode activity.

Last edited by jpollard; 11-23-2016 at 07:46 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
modification of tcp/ip stack kavi123 Programming 9 08-07-2012 06:38 AM
TCP STACK Implementaion vibhayadaw Linux - Newbie 0 03-01-2008 10:01 AM
TCP cannections in TCP stack hegdeshashi Linux - Networking 1 01-04-2006 08:24 PM
getting new tcp/ip stack on linux cdp Linux - Networking 7 06-29-2005 01:50 PM
TCP/IP Stack on Linux? Rossak Linux - Networking 2 07-27-2003 07:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration