Re: UDP packet handling weird behaviour of various operating systems

From: aland@striker.ottawa.on.ca
Date: 07/27/01


To: Michal Zalewski <lcamtuf@gis.net>
Subject: Re: UDP packet handling weird behaviour of various operating systems 
Date: Fri, 27 Jul 2001 10:53:25 -0400
From: aland@striker.ottawa.on.ca
Message-Id: <E15Q8zW-0006gF-00@giles.striker.ottawa.on.ca>

Michal Zalewski <lcamtuf@gis.net> wrote:
> Try the same via loopback device - should not work. I believe this is not
> Linux kernel UDP handling problem. It might be, as suggested, but
> something between hardware and software, instead (like "IRQ congestion"),
> and probably should work for everything - TCP, ICMP?

  At the last Linux Kernel Summit, Jamal Hadi Salim had a proposal for
speeding up packet handling in the 2.5 kernel. The issue is currently
that each packet coming into a network interface triggers an
interrupt. It's the interrupt servicing overhead that is slowing the
machine.

  The proposal for 2.5 was to disable interrupts on an interface after
the first packet, and use other methods for noticing and grabbing the
later packets. There are other operating systems (QNX, etc) that do
this already.

  Jamal's tests showed that removing this overhead drastically sped up
the network response, and removed much of the CPU overhead.

> Of course I can be wrong - all I say is that I was not able to
> reproduce this behavior in my test network, maybe because it is 10
> Mbit,

  Implementations which appear to work under small loads may not scale
to higher loads.

  Alan DeKok.



Relevant Pages

  • Re: UDP packet handling weird behaviour of various operating systems
    ... UDP packet handling weird behaviour of various operating systems ... coming in so fast that the interrupt handler is consuming all your time. ...
    (Bugtraq)
  • RE: IM driver and loopback
    ... So it seems that described packet handling is sufficient for loopbacking ... Is flags handling described above sufficient to loopback sent packet, ...
    (microsoft.public.development.device.drivers)
  • RE: More information regarding Etherleak
    ... > I audited our system running under various operating systems. ... I have just tested a HP JetDirect J6035A by pinging with the 1-byte method ... On another note, in CERT's information, they include a statement from Cisco ... A packet typical of those I have logged ...
    (Bugtraq)
  • Re: Block martians with source address 127.0.0.1
    ... > The kernel on the firewall logs these packets as martians ... and ONLY THE FIRST RULE THAT MATCHES IS APPLIED to a packet. ... operating systems and network security. ...
    (Focus-Linux)
  • interface records errors
    ... error for every RX packet. ... UDP communication is impossible, and TCP really slow. ... Please do not send copies of list mail to me; ... micro$oft is to operating systems & security ...
    (Debian-User)