|Main Archive Page > Month Archives > netfilter-devel archives|
On Friday 2010-04-02 02:16, Justin Yaple wrote:
>I have been working on a network accelerator, [...]
>Currently it can only compress/decompress the data field of the TCP
So, what makes it better than ipcomp?
>I want to add the ability for it to generate signatures for
>common data patterns, and then substitute the signature in place of
>that data pattern. The other accelerator host would the reverse that
>and replace the signature with the actual data pattern.
That is essentially the definition of coding/compression,
which you already seem to have (minus one change that you don't
throw away the dictionary).
>I am a little worried about the performance of the system overall
>assuming the only option is to move the majority of this to a user
>space service I would need to rewrite the module portion to QUEUE the
>packets to user space. This might severely effect performance of the
>system in the number of packets per second that can be processed.
>Given that it could be doing database queries, and substituting TCP
>data for a signature or compressing the data the time it takes to move
>a packet from kernel to user space and back might be negligible.
If it is not the case already, devise a mechanism so that userspace gathers
multiple nfqueued packets at once instead of one-at-a-time.
- multi-threading the userspace process might be worth looking into
- using NFQUEUE to deliver into separate queues per CPU
(so that one CPU does not have to wait for the lock of another)
-- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to email@example.com More majordomo info at http://vger.kernel.org/majordomo-info.html