Re: Where are incoming packets timestamped at

[Luca Deri <deri () ntop org>]

Fabrizio
I don't know if it can help you. I have tested the cost of timestamping packets in kernel on Linux and I can tell you 
that that is very little. If I remember correctly suppose you are capturing 14.88 Mpps without timestamping packets, 
adding timestamp with gettimeofday you will decrease your capture performance of less than 0.5 Mpps. 

This said, like Guy said I don't see why you want to disable them. You can use different/imprecise timestamp such as 
Linux epoch, but if you need pcap I believe you will also need timestamps.

Cheers Luca

Sent from my iPad

On 19/ago/2011, at 18:17, Fabrizio Giordano <Fabrizio.Giordano () riverbed com> wrote:

> What I'm trying to do is to eliminate the timestamping time-overhead cos I need to test if that operation reduces 
> performance. Therefore I guess that what I have to do is to disable the code in af_packet.c *AND* the code in 
> core/dev.c, right?
> Thank you very much!
>
> -----Original Message-----
> From: tcpdump-workers-owner () lists tcpdump org [mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Guy 
> Harris
> Sent: Thursday, August 18, 2011 5:47 PM
> To: tcpdump-workers () lists tcpdump org
> Subject: Re: [tcpdump-workers] Where are incoming packets timestamped at
>
>
> On Aug 18, 2011, at 2:04 PM, Fabrizio Giordano wrote:
>
> > Disabling net_timestamp() in net/core/dev.c was one of the first things I tried, among with disabling other 
> > "get_timestamp"-like functions. But apparently that's not where packes get timestamped.
>
> It is, but it's not the *only* place where they get timestamped.
>
> > Nuno's suggestion turned out to be what I was looking for. Packets are actually timestamped in the function 
> > tpacket_rcv in net/packet/af_packet.c
>
> No, the place where packets get timestamped *if they don't already have a time stamp* is there.
>
> The code, at least in my 2.6.32.4 source, is:
>
>                if (skb->tstamp.tv64)
>                        tv = ktime_to_timeval(skb->tstamp);
>                else
>                        do_gettimeofday(&tv);
>                h.h1->tp_sec = tv.tv_sec;
>                h.h1->tp_usec = tv.tv_usec;
>
> and
>
>                if (skb->tstamp.tv64)
>                        ts = ktime_to_timespec(skb->tstamp);
>                else
>                        getnstimeofday(&ts);
>                h.h2->tp_sec = ts.tv_sec;
>                h.h2->tp_nsec = ts.tv_nsec;
>
> If the packet has already been given a time stamp, skb->tstamp.tv64 will be non-zero, and it'll call 
> ktime_to_timeval(skb->tstamp) to convert that time stamp to a "struct timeval" or call ktime_to_timespec() to convert 
> it to a "struct timespec" and use that for the time stamp.
>
> If your goal is to avoid all time stamping of packets, it's *necessary* to eliminate that code, but it's not 
> *sufficient* to eliminate that code.  If you're just trying to throw away the time stamp information that lower-level 
> code has already added to the packet, it's sufficient to eliminate that code, but I don't see what the *point* of 
> doing so is - it's not as if it's going to keep the system from spending time to read the system clock for every 
> packet.
>
> What is it you're trying to do here?-
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.