From: Thomas Fjellstrom <thomas@fjellstrom.ca>
To: LKML <linux-kernel@vger.kernel.org>
Subject: low overhead packet capturing on linux
Date: Tue, 30 Nov 2010 17:28:05 -0700 [thread overview]
Message-ID: <201011301728.05197.thomas@fjellstrom.ca> (raw)
I'm working on a little tool to monitor and measure bandwidth use on a vm
host, down to keeping track of all guest and host bandwidth, including,
eventually per layer7 protocol use.
Right now I have a pretty simple setup, I setup an AF_PACKET socket, select on
it, and read data as it comes in. Obviously, this has a fatal flaw. It takes up
a rather large amount of cpu time just to capture the packets. On a GbE
interface, it uses up easily 60-80% cpu (on a 2.6Ghz amd phenom II cpu core)
just to capture the packets, trying to do anything fancy with them will likely
cause the kernel to drop some packets.
So what I'm looking for is a very low overhead way to capture packets. I've
come up with a few ideas, some of which I have no idea if they'd even work.
One idea that came to mind (that doesn't entirely look possible) is using
splice or vmsplice to get me as little copying as is necessary from the net
device to my own chunk of memory. Even better if it can be a circular queue of
sorts. I'd probably use one thread to just sit on the socket and manage the
packets, and a second thread to actually do the accounting on the incoming
packets.
Anyone have any pointers or tips for me?
--
Thomas Fjellstrom
thomas@fjellstrom.ca
next reply other threads:[~2010-12-01 0:28 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-01 0:28 Thomas Fjellstrom [this message]
2010-12-01 9:21 ` low overhead packet capturing on linux Alexander Clouter
2010-12-01 10:18 ` Thomas Fjellstrom
2010-12-01 12:19 ` Pekka Pietikainen
2010-12-01 20:28 ` Thomas Fjellstrom
2010-12-02 14:49 ` Henrique de Moraes Holschuh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201011301728.05197.thomas@fjellstrom.ca \
--to=thomas@fjellstrom.ca \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox