Re: How can I create and use a Tap device

• Previous message: Robert Watson: "Re: How can I create and use a Tap device"
• In reply to: Robert Watson: "Re: How can I create and use a Tap device"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 18 Nov 2004 10:49:44 -0800
To: Robert Watson <rwatson@freebsd.org>

Robert Watson wrote:

>On Thu, 18 Nov 2004, Elton Machado wrote:
>
>
>
>>I need a virtual ethernet device, can I use tap for that?
>>
>>How can I create it?
>>
>>
>[...]
>
>A couple of performance caveats:
>
>- Every packet delivery requires going to user space, so possibly a
> context switch and certainly a system call.
>- Every packet is copied to user space, and/or from user space, so you get
> a lot of memory copying.
>

You can also use netgraph's eiface node.
thid delivers teh packet to a netgraph interface which can be then used
for further processing in the kernel..
(e.g. a ksocket node to encapsulate it in UDP).. No extra context
switches..

>
>For prototyping or light-weight stuff, tap is a great tool, but to improve
>performance you want to run network code in the kernel, especially if
>there are other applications running (and/or processing packets), which
>will increase the number of context switches. The cost as it stands isn't
>bad -- I regularly use tap-derived tunnel software for remote network
>access without a hitch. There were recently some posts made with patches
>to optimize the allocation of kernel memory for packets sent using a tap
>device, which are in the mailing list archives (not sure if they were
>merged yet).
>
>Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
>robert@fledge.watson.org Principal Research Scientist, McAfee Research
>
>
>_______________________________________________
>freebsd-net@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-net
>To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
>

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Robert Watson: "Re: How can I create and use a Tap device"
• In reply to: Robert Watson: "Re: How can I create and use a Tap device"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: How can I create and use a Tap device ... Read ethernet frames -- you'll get one per read, ... Every packet is copied to user space, and/or from user space, so you get ... For prototyping or light-weight stuff, tap is a great tool, but to improve ... (freebsd-net) Re: Load balanced routers and IDS ... >> Install 2 NetOptics Taps on the inside of both firewalls. ... >> Then plug in your snort box to the hub. ... That means that if you receive a packet on both ... tap, and smash them together on the hub, resulting in a collision. ... (Focus-IDS) RE: Ethernet tap vs. spanned port ... "Tap A" copies packets that go from A to B only, ... The Tap always mirrors the full packet, it is a layer-1 device only ... previously had the SNORT box on a spanned port on a Cisco 3500 switch. ... I then had both IDS running off of the same Ethernet tap with the ... (Focus-IDS) Re: Ethernet tap vs. spanned port ... not the tap port or the OS. ... >a SNORT IDS running on RedHat 7.3 on a Finisar Systems UTP Ethernet tap ... their sensor picked up the full packet ... (Focus-IDS) Re: How can I create and use a Tap device ... > I need a virtual ethernet device, can I use tap for that? ... BMS ... To unsubscribe, ... (freebsd-net)