|
From: | zhengda |
Subject: | Re: GSoC: the plan for the project network virtualization |
Date: | Mon, 30 Jun 2008 16:44:36 +0200 |
User-agent: | Thunderbird 2.0.0.14 (X11/20080421) |
olafBuddenhagen@gmx.net wrote:
I think it's quite similar as I said before. Maybe I used some words that made you confused. I said the multiplexer (or the hypervisor, I'm not very sensitive to the name:-) can have multiple interfaces and there was a "filter" behind every interface. The filter here actually means the BPF implementation (maybe this confused you). But I didn't think about who gave the filter rules. At the beginning, I thought the rules associated with an interface could apply to all clients connected to the interface, so the rules might be from the user who creates the interface. But as you said, every client can give its own rules and the rule can be from the pfinet server and even the filter translator.Last time on IRC, if I understand it correctly, you said the optimization is to make all packets go through the kernel, and the kernel dispatches the packet with the BPF.Not quite. The idea was that if you have a multiplexer sitting directly on the kernel interface, it could just upload the rules to the kernel, instead of running the BPF implementation itself. But that is only a minor additional optimization in a specific situation. The main idea was that if we have filter translators sitting on a multiplexer, the filter rules could be combined with the user-supplied rules and all be handled in the multiplexer's BPF implementation, rather than actually filtering them twice..
Zheng Da
[Prev in Thread] | Current Thread | [Next in Thread] |