[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comments on ESP and AH IPSEC drafts.
In message <19960926144401adams@161.44.128.127>, Rob Adams writes:
> I would like to suggest placing the Payload Type, Pad Length and padding
> fields before the payload data. Stop laughing. After having implemented
> this, I can say that it would be a heck of a lot more efficient and
> therefore, perform better, if I didn't have to walk an MBUF chain twice to
> remove padding.
Ah, there's the problem; you're using MBUFs. :-) IME, when using MBUFs there
are much worse performance problems than 'walking the chain twice' to remove
the padding. Get yourself an MBUF-less kernel...
> Since the padding could be
> spread out of a variable number of buffers behind you, you have to start at
> the head again and walk down until you find the buffer containing
> packet[length-pad], and free from there.
If your network device drivers are at all sensible, you'll be receiving
(almost) all packets in single MBUFs. optimize for that case, and
special-case the process for badly formed packets; you'll get all the
performance you need without changing the transforms.
Padding at the end greatly assists hardware implementations on the
transmitting side. Since data buffers are usually front-aligned by the
networking code, you can simply pad/type, and then pass the entire (aligned)
buffer to the hardware.
--
C. Harald Koch | Senior System Developer, BorderWare Firewall Server
chk@border.com | Secure Computing Canada Ltd.
+1 416 368 7157 (voice) | 20 Toronto Street, Suite 400, Toronto ON M5C 2B8
+1 416 368 7789 (fax) | Madness takes its toll. Please have exact change.
References: