Packet drop while using BPF filter
Mulyadi Santosa
mulyadi.santosa at gmail.com
Tue Dec 20 19:52:20 EST 2011
Hi Mukesh..
On Wed, Dec 21, 2011 at 01:38, Mukesh Yadav <mukesh.fkd at gmail.com> wrote:
> BPF filters used are:
> Even IP filter :-> tcpdump -i interface 'ether dst <dest mac> && ip[19] &
> 0x01 = 0'
> Odd IP filter :-> tcpdump -i interface 'ether dst <dest mac> && ip[19] &
> 0x01 = 1'
>
> There is a packet loss for odd IP thread even when CPU is available. Reason
> being packet drop due recv buffer full.
> Same amount of traffic is well handled by even IP thread(user code being
> same in both), scaling CPU to full 100%.
>
> In odd IP thread, If filter is changed to "tcpdump -i interface 'ether dst
> <dest mac> && ip proto 17' ", all goes fine.
> Also CPU usage at kernel drops from 50% to 4 % for a particular amount of
> traffic.
I have zero experience with BPF, so this is just my theory.
In kernel level, (or maybe between kernel and user level), by putting
your odd and even filter, kernel work too hard to separate the packets
into different "queue" or "channel"...or something like that. While in
the mean time, incoming packets are bursting .... This makes buffers
filled up fast.
How about this... just filter anything that match your target
MAC....fed this up to the user level application and let your
application do the odd and even IP filtering?
--
regards,
Mulyadi Santosa
Freelance Linux trainer and consultant
blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com
More information about the Kernelnewbies
mailing list