On Friday 2010-04-02 02:16, Justin Yaple wrote: > >I have been working on a network accelerator, [...] >Currently it can only compress/decompress the data field of the TCP >segments. So, what makes it better than ipcomp? >I want to add the ability for it to generate signatures for >common data patterns, and then substitute the signature in place of >that data pattern. The other accelerator host would the reverse that >and replace the signature with the actual data pattern. That is essentially the definition of coding/compression, which you already seem to have (minus one change that you don't throw away the dictionary). >I am a little worried about the performance of the system overall >assuming the only option is to move the majority of this to a user >space service I would need to rewrite the module portion to QUEUE the >packets to user space. This might severely effect performance of the >system in the number of packets per second that can be processed. >Given that it could be doing database queries, and substituting TCP >data for a signature or compressing the data the time it takes to move >a packet from kernel to user space and back might be negligible. If it is not the case already, devise a mechanism so that userspace gathers multiple nfqueued packets at once instead of one-at-a-time. - multi-threading the userspace process might be worth looking into - using NFQUEUE to deliver into separate queues per CPU (so that one CPU does not have to wait for the lock of another) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
