TL;DR（总结）

Special thanks（特别感谢）

General advice on monitoring and tuning the Linux networking stack（监控和调优 Linux 网络栈的一般建议）

Overview（概述）

Detailed Look（详细分析）

Network Device Driver（网络设备驱动程序）

Initialization（初始化）

PCI initialization（PCI 初始化）

PCI configuration space

PCI configuration space is the underlying way that the Conventional PCI, PCI-X and PCI Express perform auto configuration of the cards inserted into their bus.

https://en.wikipedia.org/wiki/PCI_configuration_space#Standardized_registers

static DEFINE_PCI_DEVICE_TABLE(igb_pci_tbl) = {
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I354_BACKPLANE_1GBPS) },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I354_SGMII) },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I354_BACKPLANE_2_5GBPS) },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I211_COPPER), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_COPPER), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_FIBER), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_SERDES), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_SGMII), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_COPPER_FLASHLESS), board_82575 },
  { PCI_VDEVICE(INTEL, E1000_DEV_ID_I210_SERDES_FLASHLESS), board_82575 },

  /* ... */
};
MODULE_DEVICE_TABLE(pci, igb_pci_tbl);

static struct pci_driver igb_driver = {
  .name     = igb_driver_name,
  .id_table = igb_pci_tbl,
  .probe    = igb_probe,
  .remove   = igb_remove,

  /* ... */
};

PCI probe（PCI 探测）

err = pci_enable_device_mem(pdev);

/* ... */

err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64));

/* ... */

err = pci_request_selected_regions(pdev, pci_select_bars(pdev,
           IORESOURCE_MEM),
           igb_driver_name);

pci_enable_pcie_error_reporting(pdev);

pci_set_master(pdev);
pci_save_state(pdev);

More Linux PCI driver information（更多 Linux PCI 驱动程序信息）

Network device initialization（网络设备初始化）

struct net_device_ops

static int igb_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
{
  /* ... */

  netdev->netdev_ops = &igb_netdev_ops;

static const struct net_device_ops igb_netdev_ops = {
  .ndo_open               = igb_open,
  .ndo_stop               = igb_close,
  .ndo_start_xmit         = igb_xmit_frame,
  .ndo_get_stats64        = igb_get_stats64,
  .ndo_set_rx_mode        = igb_set_rx_mode,
  .ndo_set_mac_address    = igb_set_mac,
  .ndo_change_mtu         = igb_change_mtu,
  .ndo_do_ioctl           = igb_ioctl,

  /* ... */

ethtool registration（ethtool 注册）

static int igb_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
{
  /* ... */

  igb_set_ethtool_ops(netdev);

void igb_set_ethtool_ops(struct net_device *netdev)
{
  SET_ETHTOOL_OPS(netdev, &igb_ethtool_ops);
}

static const struct ethtool_ops igb_ethtool_ops = {
  .get_settings           = igb_get_settings,
  .set_settings           = igb_set_settings,
  .get_drvinfo            = igb_get_drvinfo,
  .get_regs_len           = igb_get_regs_len,
  .get_regs               = igb_get_regs,
  /* ... */

IRQs（中断）

NAPI

NAPI initialization in the igb driver（igb 驱动程序中的 NAPI 初始化）

static int igb_alloc_q_vector(struct igb_adapter *adapter,
                              int v_count, int v_idx,
                              int txr_count, int txr_idx,
                              int rxr_count, int rxr_idx)
{
  /* ... */

  /* allocate q_vector and rings */
  q_vector = kzalloc(size, GFP_KERNEL);
  if (!q_vector)
          return -ENOMEM;

  /* initialize NAPI */
  netif_napi_add(adapter->netdev, &q_vector->napi, igb_poll, 64);

  /* ... */

Bringing a network device up（启用网络设备）

Preparing to receive data from the network（准备从网络接收数据）

Enable NAPI（启用 NAPI）

for (i = 0; i < adapter->num_q_vectors; i++)
  napi_enable(&(adapter->q_vector[i]->napi));

Register an interrupt handler（注册中断处理程序）

static int igb_request_irq(struct igb_adapter *adapter)
{
  struct net_device *netdev = adapter->netdev;
  struct pci_dev *pdev = adapter->pdev;
  int err = 0;

  if (adapter->msix_entries) {
    err = igb_request_msix(adapter);
    if (!err)
      goto request_done;
    /* fall back to MSI */

    /* ... */
  }

  /* ... */

  if (adapter->flags & IGB_FLAG_HAS_MSI) {
    err = request_irq(pdev->irq, igb_intr_msi, 0,
          netdev->name, adapter);
    if (!err)
      goto request_done;

    /* fall back to legacy interrupts */

    /* ... */
  }

  err = request_irq(pdev->irq, igb_intr, IRQF_SHARED,
        netdev->name, adapter);

  if (err)
    dev_err(&pdev->dev, "Error %d getting interrupt\n", err);

request_done:
  return err;
}

Enable Interrupts（启用中断）

static void igb_irq_enable(struct igb_adapter *adapter)
{

  /* ... */

    wr32(E1000_IMS, IMS_ENABLE_MASK | E1000_IMS_DRSTA);
    wr32(E1000_IAM, IMS_ENABLE_MASK | E1000_IMS_DRSTA);

  /* ... */
}

The network device is now up（网络设备现已启动）

Monitoring network devices（监控网络设备）

Using ethtool -S（使用 ethtool -S）

$ sudo ethtool -S eth0
NIC statistics:
     rx_packets: 597028087
     tx_packets: 5924278060
     rx_bytes: 112643393747
     tx_bytes: 990080156714
     rx_broadcast: 96
     tx_broadcast: 116
     rx_multicast: 20294528
     ....

Using sysfs（使用 sysfs）

$ cat /sys/class/net/eth0/statistics/rx_dropped
2

Using /proc/net/dev（使用 /proc/net/dev）

$ cat /proc/net/dev
Inter-|   Receive                                                                                                               |  Transmit
 face |                   bytes         packets errs drop fifo frame compressed     multicast |                   bytes           packets errs drop fifo colls carrier compressed
  eth0:    110346752214   597737500     0      2    0        0                    0  20963860   990024805984 6066582604     0       0    0      0         0                    0
       lo: 428349463836 1579868535     0      0    0        0                    0                  0    428349463836  1579868535     0       0    0      0         0                    0

Tuning network devices（调整网络设备）

Check the number of RX queues being used（检查正在使用的 RX 队列数量）

$ sudo ethtool -l eth0
Channel parameters for eth0:
Pre-set maximums:
RX:   0
TX:   0
Other:    0
Combined: 8
Current hardware settings:
RX:   0
TX:   0
Other:    0
Combined: 4

$ sudo ethtool -l eth0
Channel parameters for eth0:
Cannot get device channel parameters
: Operation not supported

Adjusting the number of RX queues（调整 RX 队列数量）

$ sudo ethtool -L eth0 combined 8

$ sudo ethtool -L eth0 rx 8

Adjusting the size of the RX queues（调整 RX 队列大小）

$ sudo ethtool -g eth0
Ring parameters for eth0:
Pre-set maximums:
RX:   4096
RX Mini:  0
RX Jumbo: 0
TX:   4096
Current hardware settings:
RX:   512
RX Mini:  0
RX Jumbo: 0
TX:   512

$ sudo ethtool -G eth0 rx 4096

Adjusting the processing weight of RX queues（调整 RX 队列的处理权重）

$ sudo ethtool -x eth0
RX flow hash indirection table for eth3 with 2 RX ring(s):
0: 0 1 0 1 0 1 0 1
8: 0 1 0 1 0 1 0 1
16: 0 1 0 1 0 1 0 1
24: 0 1 0 1 0 1 0 1

$ sudo ethtool -X eth0 equal 2

$ sudo ethtool -X eth0 weight 6 2

Adjusting the rx hash fields for network flows（调整网络流的 rx 哈希字段）

$ sudo ethtool -n eth0 rx-flow-hash udp4
UDP over IPV4 flows use these fields for computing Hash flow key:
IP SA
IP DA

$ sudo ethtool -N eth0 rx-flow-hash udp4 sdfn

ntuple filtering for steering network flows（ntuple 过滤以引导网络流）

$ sudo ethtool -k eth0
Offload parameters for eth0:
...
ntuple-filters: off
receive-hashing: on

$ sudo ethtool -K eth0 ntuple on

$ sudo ethtool -u eth0
40 RX rings available
Total 0 rules

$ sudo ethtool -U eth0 flow-type tcp4 dst-port 80 action 2

SoftIRQs（软中断）

What is a softirq?（什么是软中断？）

ksoftirqd

static struct smp_hotplug_thread softirq_threads = {
  .store              = &ksoftirqd,
  .thread_should_run  = ksoftirqd_should_run,
  .thread_fn          = run_ksoftirqd,
  .thread_comm        = "ksoftirqd/%u",
};

static __init int spawn_ksoftirqd(void)
{
  register_cpu_notifier(&cpu_nfb);

  BUG_ON(smpboot_register_percpu_thread(&softirq_threads));

  return 0;
}
early_initcall(spawn_ksoftirqd);

__do_softirq

Monitoring（监控）

/proc/softirqs

$ cat /proc/softirqs
                    CPU0       CPU1       CPU2       CPU3
          HI:          0          0          0          0
       TIMER: 2831512516 1337085411 1103326083 1423923272
      NET_TX:   15774435     779806     733217     749512
      NET_RX: 1671622615 1257853535 2088429526 2674732223
       BLOCK: 1800253852    1466177    1791366     634534
BLOCK_IOPOLL:          0          0          0          0
     TASKLET:         25          0          0          0
       SCHED: 2642378225 1711756029  629040543  682215771
     HRTIMER:    2547911    2046898    1558136    1521176
         RCU: 2056528783 4231862865 3545088730  844379888

Linux network device subsystem（Linux 网络设备子系统）

Initialization of network device subsystem（网络设备子系统的初始化）

Initialization of struct softnet_data structures（struct softnet_data 结构的初始化）

Initialization of softirq handlers（软中断处理程序的初始化）

static int __init net_dev_init(void)
{
  /* ... */

  open_softirq(NET_TX_SOFTIRQ, net_tx_action);
  open_softirq(NET_RX_SOFTIRQ, net_rx_action);

 /* ... */
}

Data arrives（数据到达）

Interrupt handler（中断处理程序）

static irqreturn_t igb_msix_ring(int irq, void *data)
{
  struct igb_q_vector *q_vector = data;

  /* Write the ITR value calculated from the previous interrupt. */
  igb_write_itr(q_vector);

  napi_schedule(&q_vector->napi);

  return IRQ_HANDLED;
}

NAPI and napi_schedule

/**
 * __napi_schedule - schedule for receive
 * @n: entry to schedule
 *
 * The entry's receive function will be scheduled to run
 */
void __napi_schedule(struct napi_struct *n)
{
  unsigned long flags;

  local_irq_save(flags);
  ____napi_schedule(&__get_cpu_var(softnet_data), n);
  local_irq_restore(flags);
}
EXPORT_SYMBOL(__napi_schedule);

/* Called with irq disabled */
static inline void ____napi_schedule(struct softnet_data *sd,
                                     struct napi_struct *napi)
{
  list_add_tail(&napi->poll_list, &sd->poll_list);
  __raise_softirq_irqoff(NET_RX_SOFTIRQ);
}

1. The struct napi_struct handed up from the device driver’s interrupt handler code is added to the poll_list attached to the softnet_data structure associated with the current CPU.

2. 从设备驱动程序的中断处理程序代码传递上来的struct napi_struct被添加到与当前 CPU 相关联的softnet_data结构的poll_list中。

3. __raise_softirq_irqoff is used to “raise” (or trigger) a NET_RX_SOFTIRQ softirq. This will cause the net_rx_action registered during the network device subsystem initialization to be executed, if it’s not currently being executed.

4. 使用__raise_softirq_irqoff “触发”（或调用）一个NET_RX_SOFTIRQ软中断。这将导致在网络设备子系统初始化期间注册的net_rx_action被执行（前提是它当前没有正在执行）。

A note about CPU and network data processing（关于 CPU 和网络数据处理的说明）

Monitoring network data arrival（监控网络数据到达）

$ cat /proc/interrupts
            CPU0       CPU1       CPU2       CPU3
   0:         46          0          0          0 IR-IO-APIC-edge      timer
   1:          3          0          0          0 IR-IO-APIC-edge      i8042
  30: 3361234770          0          0          0 IR-IO-APIC-fasteoi   aacraid
  64:          0          0          0          0 DMAR_MSI-edge      dmar0
  65:          1          0          0          0 IR-PCI-MSI-edge      eth0
  66:  863649703          0          0          0 IR-PCI-MSI-edge      eth0-TxRx-0
  67:  986285573          0          0          0 IR-PCI-MSI-edge      eth0-TxRx-1
  68:         45          0          0          0 IR-PCI-MSI-edge      eth0-TxRx-2
  69:        394          0          0          0 IR-PCI-MSI-edge      eth0-TxRx-3
 NMI:    9729927    4008190    3068645    3375402  Non-maskable interrupts
 LOC: 2913290785 1585321306 1495872829 1803524526  Local timer interrupts

Tuning network data arrival（调整网络数据到达）

Interrupt coalescing（中断合并）

$ sudo ethtool -c eth0
Coalesce parameters for eth0:
Adaptive RX: off  TX: off
stats-block-usecs: 0
sample-interval: 0
pkt-rate-low: 0
pkt-rate-high: 0
...

$ sudo ethtool -C eth0 adaptive-rx on

• rx-usecs: How many usecs to delay an RX interrupt after a packet arrives.

• rx-frames: Maximum number of data frames to receive before an RX interrupt.

• rx-usecs-irq: How many usecs to delay an RX interrupt while an interrupt is being serviced by the host.

• rx-frames-irq: Maximum number of data frames to receive before an RX interrupt is generated while the system is servicing an interrupt.

• rx-usecs：数据包到达后，延迟 RX 中断的微秒数。

• rx-frames：在产生 RX 中断之前，接收的数据帧的最大数量。

• rx-usecs-irq：在主机处理中断时，延迟 RX 中断的微秒数。

• rx-frames-irq：在系统处理中断时，产生 RX 中断之前，接收的数据帧的最大数量。

Adjusting IRQ affinities（调整 IRQ 亲和力）

$ sudo bash -c 'echo 1 > /proc/irq/8/smp_affinity'

Network data processing begins（网络数据处理开始）

net_rx_action processing loop（net_rx_action 处理循环）

1. By keeping track of a work budget (which can be adjusted), and

2. Checking the elapsed time

• 跟踪一个工作budget（可以调整）。

• 检查经过的时间。在net/core/dev.c中：

  while (!list_empty(&sd->poll_list)) {
    struct napi_struct *n;
    int work, weight;

    /* If softirq window is exhausted then punt.
     * Allow this to run for 2 jiffies since which will allow
     * an average latency of 1.5/HZ.
     */
    if (unlikely(budget <= 0 || time_after_eq(jiffies, time_limit)))
      goto softnet_break;

NAPI poll function and weight（NAPI poll 函数和 weight）

  /* initialize NAPI */
  netif_napi_add(adapter->netdev, &q_vector->napi, igb_poll, 64);

weight = n->weight;

work = 0;
if (test_bit(NAPI_STATE_SCHED, &n->state)) {
        work = n->poll(n, weight);
        trace_napi_poll(n);
}

WARN_ON_ONCE(work > weight);

budget -= work;

1. You are using a weight of 64 from your driver (all drivers were hardcoded with this value in Linux 3.13.0), and

2. You have your budget set to the default of 300

1. The igb_poll function was called at most 5 times (less if no data to process as we’ll see next), OR

2. At least 2 jiffies of time have elapsed.

• 你使用的驱动程序中的权重为 64（在 Linux 3.13.0 中，所有驱动程序都将此值硬编码为此）。

• 你的budget设置为默认的 300。

• igb_poll函数最多被调用 5 次（如果没有数据要处理，调用次数会更少，我们接下来会看到）。

• 至少经过了 2 个 jiffies 的时间。

The NAPI / network device driver contract（NAPI / 网络设备驱动程序约定）

• If a driver’s poll function consumes its entire weight (which is hardcoded to 64) it must NOT modify NAPI state. The net_rx_action loop will take over.

• If a driver’s poll function does NOT consume its entire weight, it must disable NAPI. NAPI will be re-enabled next time an IRQ is received and the driver’s IRQ handler calls napi_schedule.

• 如果驱动程序的poll函数消耗了其全部权重（硬编码为 64），它不能修改 NAPI 状态，net_rx_action循环将接管。

• 如果驱动程序的poll函数没有消耗其全部权重，它必须禁用 NAPI。下次接收到 IRQ 并且驱动程序的 IRQ 处理程序调用napi_schedule时，NAPI 将重新启用。

Finishing the net_rx_action loop（完成 net_rx_action 循环）

/* Drivers must not modify the NAPI state if they
 * consume the entire weight.  In such cases this code
 * still "owns" the NAPI instance and therefore can
 * move the instance around on the list at-will.
 */
if (unlikely(work == weight)) {
  if (unlikely(napi_disable_pending(n))) {
    local_irq_enable();
    napi_complete(n);
    local_irq_disable();
  } else {
    if (n->gro_list) {
      /* flush too old packets
       * If HZ < 1000, flush all packets.
       */
      local_irq_enable();
      napi_gro_flush(n, HZ >= 1000);
      local_irq_disable();
    }
    list_move_tail(&n->poll_list, &sd->poll_list);
  }
}

1. The network device should be shutdown (e.g. because the user ran ifconfig eth0 down),
1. 网络设备应该关闭（例如，因为用户运行了ifconfig eth0 down命令）。

2. If the device is not being shutdown, check if there’s a generic receive offload (GRO) list. If the timer tick rate is >= 1000, all GRO’d network flows that were recently updated will be flushed. We’ll dig into GRO in detail later. Move the NAPI structure to the end of the list for this CPU so the next iteration of the loop will get the next NAPI structure registered.
1. 如果设备没有关闭，检查是否有通用接收卸载（GRO）列表。如果定时器滴答率<1000，所有最近更新的GRO网络流将被刷新。我们稍后会深入研究GRO。将NAPI结构移动到该CPU列表的末尾，以便循环的下一次迭代可以获取注册的下一个NAPI结构。

Exiting the loop when limits are reached（达到限制时退出循环）

• The poll list registered for this CPU has no more NAPI structures (!list_empty(&sd->poll_list)), or
• 为该CPU注册的轮询列表中没有更多NAPI结构（!list_empty(&sd->poll_list)）。

• The remaining budget is <= 0, or
• 剩余预算<= 0。

• The time limit of 2 jiffies has been reached
• 达到 2 个 jiffies 的时间限制。

/* If softirq window is exhausted then punt.
 * Allow this to run for 2 jiffies since which will allow
 * an average latency of 1.5/HZ.
 */
if (unlikely(budget <= 0 || time_after_eq(jiffies, time_limit)))
  goto softnet_break;

softnet_break:
  sd->time_squeeze++;
  __raise_softirq_irqoff(NET_RX_SOFTIRQ);
  goto out;

NAPI poll

igb_poll

/**
 *  igb_poll - NAPI Rx polling callback, NAPI Rx轮询回调函数
 *  @napi: napi polling structure, napi轮询结构
 *  @budget: count of how many packets we should handle, 我们应该处理的数据包数量
 **/
static int igb_poll(struct napi_struct *napi, int budget)
{
        struct igb_q_vector *q_vector = container_of(napi,
                                                     struct igb_q_vector,
                                                     napi);
        bool clean_complete = true;

#ifdef CONFIG_IGB_DCA
        if (q_vector->adapter->flags & IGB_FLAG_DCA_ENABLED)
                igb_update_dca(q_vector);
#endif

        /* ... */

        if (q_vector->rx.ring)
                clean_complete &= igb_clean_rx_irq(q_vector, budget);

        /* If all work not completed, return budget and keep polling */
        if (!clean_complete)
                return budget;

        /* If not enough Rx work done, exit the polling mode */
        napi_complete(napi);
        igb_ring_irq_enable(q_vector);

        return 0;
}

• If Direct Cache Access (DCA) support is enabled in the kernel, the CPU cache is warmed so that accesses to the RX ring will hit CPU cache. You can read more about DCA in the Extras section at the end of this blog post.

• 如果内核中启用了直接缓存访问（DCA）支持，CPU 缓存将被预热，以便对 RX 环的访问能够命中 CPU 缓存。你可以在本文末尾的 “其他内容” 部分中阅读更多关于 DCA 的信息。

• Next, igb_clean_rx_irq is called which does the heavy lifting, as we’ll see next.

• 接下来，调用igb_clean_rx_irq函数，它将完成主要的工作，我们接下来会看到。

• Next, clean_complete is checked to determine if there was still more work that could have been done. If so, the budget (remember, this was hardcoded to 64) is returned. As we saw earlier, net_rx_action will move this NAPI structure to the end of the poll list.

• 然后，检查clean_complete以确定是否还有更多工作可以做。如果是这样，返回budget（请记住，在上面的代码中，它被硬编码为 64）。正如我们之前看到的，net_rx_action将把这个 NAPI 结构移动到轮询列表的末尾。

• Otherwise, the driver turns off NAPI by calling napi_complete and re-enables interrupts by calling igb_ring_irq_enable. The next interrupt that arrives will re-enable NAPI.

• 否则，驱动程序通过调用napi_complete关闭 NAPI，并通过调用igb_ring_irq_enable重新启用中断。下一个到达的中断将重新启用 NAPI。

1. Allocates additional buffers for receiving data as used buffers are cleaned out. Additional buffers are added IGB_RX_BUFFER_WRITE (16) at a time.
1. 当清理已使用的缓冲区时，为接收数据分配额外的缓冲区。每次以IGB_RX_BUFFER_WRITE（16）为单位添加额外的缓冲区。

2. Fetch a buffer from the RX queue and store it in an skb structure.
1. 从 RX 队列中获取一个缓冲区，并将其存储在一个skb结构中。

3. Check if the buffer is an “End of Packet” buffer. If so, continue processing. Otherwise, continue fetching additional buffers from the RX queue, adding them to the skb. This is necessary if a received data frame is larger than the buffer size.
1. 检查该缓冲区是否为 “数据包结束” 缓冲区。如果是，则继续处理；否则，继续从 RX 队列中获取更多缓冲区，并将它们添加到skb中。如果接收到的数据帧大于缓冲区大小，这是必要的操作。

4. Verify that the layout and headers of the data are correct.
1. 验证数据的布局和头部是否正确。

5. The number of bytes processed statistic counter is increased by skb->len.
1. 将处理的字节数统计计数器增加skb->len。

6. Set the hash, checksum, timestamp, VLAN id, and protocol fields of the skb. The hash, checksum, timestamp, and VLAN id are provided by the hardware. If the hardware is signaling a checksum error, the csum_error statistic is incremented. If the checksum succeeded and the data is UDP or TCP data, the skb is marked as CHECKSUM_UNNECESSARY. If the checksum failed, the protocol stacks are left to deal with this packet. The protocol is computed with a call to eth_type_trans and stored in the skb struct.
1. 设置skb的哈希、校验和、时间戳、VLAN ID 和协议字段。哈希、校验和、时间戳和 VLAN ID 由硬件提供。如果硬件检测到校验和错误，csum_error统计信息将增加。如果校验和成功，并且数据是 UDP 或 TCP 数据，则将skb标记为CHECKSUM_UNNECESSARY。如果校验和失败，协议栈将负责处理这个数据包。通过调用eth_type_trans计算协议，并将其存储在skb结构中。

7. The constructed skb is handed up the network stack with a call to napi_gro_receive.
1. 通过调用napi_gro_receive将构造好的skb传递到网络栈中。

8. The number of packets processed statistics counter is incremented.
1. 增加处理的数据包数量统计计数器。

9. The loop continues until the number of packets processed reaches the budget.
1. 循环继续，直到处理的数据包数量达到预算。

Monitoring network data processing(监控网络数据处理)

  seq_printf(seq,
       "%08x %08x %08x %08x %08x %08x %08x %08x %08x %08x %08x\n",
       sd->processed, sd->dropped, sd->time_squeeze, 0,
       0, 0, 0, 0, /* was fastroute */
       sd->cpu_collision, sd->received_rps, flow_limit_count);

$ cat /proc/net/softnet_stat
6dcad223 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000
6f0e1565 00000000 00000002 00000000 00000000 00000000 00000000 00000000 00000000 00000000
660774ec 00000000 00000003 00000000 00000000 00000000 00000000 00000000 00000000 00000000
61c99331 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
6794b1b3 00000000 00000005 00000000 00000000 00000000 00000000 00000000 00000000 00000000
6488cb92 00000000 00000001 00000000 00000000 00000000 00000000 00000000 00000000 00000000

• Each line of /proc/net/softnet_stat corresponds to a struct softnet_data structure, of which there is 1 per CPU.

• /proc/net/softnet_stat的每一行对应一个struct softnet_data结构，每个 CPU 有一个这样的结构。

• The values are separated by a single space and are displayed in hexadecimal

• 值之间用单个空格分隔，并以十六进制显示。

• The first value, sd->processed, is the number of network frames processed. This can be more than the total number of network frames received if you are using ethernet bonding. There are cases where the ethernet bonding driver will trigger network data to be re-processed, which would increment the sd->processed count more than once for the same packet.

• 第一个值sd->processed是处理的网络帧数。如果你使用以太网绑定，这个值可能会大于接收的网络帧总数。在某些情况下，以太网绑定驱动程序会触发网络数据重新处理，这会使sd->processed计数对同一个数据包增加多次。

• The second value, sd->dropped, is the number of network frames dropped because there was no room on the processing queue. More on this later.

• 第二个值sd->dropped是由于处理队列中没有空间而丢弃的网络帧数。稍后会详细介绍。

• The third value, sd->time_squeeze, is (as we saw) the number of times the net_rx_action loop terminated because the budget was consumed or the time limit was reached, but more work could have been. Increasing the budget as explained earlier can help reduce this.

• 第三个值sd->time_squeeze（如我们所见）是net_rx_action循环因预算耗尽或达到时间限制而终止，但还有更多工作可做的次数。如前所述，增加budget可以帮助减少这个值。

• The next 5 values are always 0.

• 接下来的 5 个值始终为 0。

• The ninth value, sd->cpu_collision, is a count of the number of times a collision occurred when trying to obtain a device lock when transmitting packets. This article is about receive, so this statistic will not be seen below.

• 第九个值sd->cpu_collision是在传输数据包时尝试获取设备锁时发生冲突的次数。本文是关于接收的，所以下面不会看到这个统计信息。

• The tenth value, sd->received_rps, is a count of the number of times this CPU has been woken up to process packets via an Inter-processor Interrupt

• 第十个值sd->received_rps是这个 CPU 通过处理器间中断被唤醒以处理数据包的次数。

• The last value, flow_limit_count, is a count of the number of times the flow limit has been reached. Flow limiting is an optional Receive Packet Steering feature that will be examined shortly.

• 最后一个值flow_limit_count是达到流量限制的次数。流量限制是接收数据包导向的一个可选功能，稍后将进行研究。

Tuning network data processing(调整网络数据处理)

$ sudo sysctl -w net.core.netdev_budget=600

Generic Receive Offloading (GRO)(通用接收卸载（GRO）)

Tuning: Adjusting GRO settings with ethtool(调整：使用 ethtool 调整 GRO 设置)

$ ethtool -k eth0 | grep generic-receive-offload
generic-receive-offload: on

$ sudo ethtool -K eth0 gro on

napi_gro_receive

dev_gro_receive

list_for_each_entry_rcu(ptype, head, list) {
  if (ptype->type != type || !ptype->callbacks.gro_receive)
    continue;

  skb_set_network_header(skb, skb_gro_offset(skb));
  skb_reset_mac_len(skb);
  NAPI_GRO_CB(skb)->same_flow = 0;
  NAPI_GRO_CB(skb)->flush = 0;
  NAPI_GRO_CB(skb)->free = 0;

  pp = ptype->callbacks.gro_receive(&napi->gro_list, skb);
  break;
}

if (pp) {
  struct sk_buff *nskb = *pp;

  *pp = nskb->next;
  nskb->next = NULL;
  napi_gro_complete(nskb);
  napi->gro_count--;
}

if (NAPI_GRO_CB(skb)->flush || napi->gro_count >= MAX_GRO_SKBS)
  goto normal;

napi->gro_count++;
NAPI_GRO_CB(skb)->count = 1;
NAPI_GRO_CB(skb)->age = jiffies;
skb_shinfo(skb)->gso_size = skb_gro_len(skb);
skb->next = napi->gro_list;
napi->gro_list = skb;
ret = GRO_HELD;

napi_skb_finish

Receive Packet Steering (RPS)(接收数据包导向（RPS）)

Tuning: Enabling RPS

Receive Flow Steering (RFS)

Tuning: Enabling RFS

$ sudo sysctl -w net.core.rps_sock_flow_entries=32768

$ sudo bash -c 'echo 2048 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt'

Hardware accelerated Receive Flow Steering (aRFS)

Tuning: Enabling accelerated RFS (aRFS)

1. Have RPS enabled and configured.

2. Have RFS enabled and configured.

3. Your kernel has CONFIG_RFS_ACCEL enabled at compile time. The Ubuntu kernel 3.13.0 does.

4. Have ntuple support enabled for the device, as described previously. You can use ethtool to verify that ntuple support is enabled for the device.

5. Configure your IRQ settings to ensure each RX queue is handled by one of your desired network processing CPUs.

Moving up the network stack with netif_receive_skb

• napi_skb_finish if the packet is not going to be merged to an existing GRO’d flow, OR

• napi_gro_complete if the protocol layers indicated that it’s time to flush the flow, OR

Easy to use Maven repositories, free.

Tuning: RX packet timestamping

$ sudo sysctl -w net.core.netdev_tstamp_prequeue=0

netif_receive_skb

Without RPS (default setting)

With RPS enabled

cpu = get_rps_cpu(skb->dev, skb, &rflow);

if (cpu >= 0) {
  ret = enqueue_to_backlog(skb, cpu, &rflow->last_qtail);
  rcu_read_unlock();
  return ret;
}

enqueue_to_backlog

qlen = skb_queue_len(&sd->input_pkt_queue);
if (qlen <= netdev_max_backlog && !skb_flow_limit(skb, qlen)) {

• If the queue is empty: check if NAPI has been started on the remote CPU. If not, check if an IPI is queued to be sent. If not, queue one and start the NAPI processing loop by calling ____napi_schedule. Proceed to queuing the data.

• If the queue is not empty, or the previously described operation has completed, enqueue the data.

  if (skb_queue_len(&sd->input_pkt_queue)) {
enqueue:
         __skb_queue_tail(&sd->input_pkt_queue, skb);
         input_queue_tail_incr_save(sd, qtail);
         rps_unlock(sd);
         local_irq_restore(flags);
         return NET_RX_SUCCESS;
 }

 /* Schedule NAPI for backlog device
  * We can use non atomic operation since we own the queue lock
  */
 if (!__test_and_set_bit(NAPI_STATE_SCHED, &sd->backlog.state)) {
         if (!rps_ipi_queued(sd))
                 ____napi_schedule(sd, &sd->backlog);
 }
 goto enqueue;

Flow limits

if (qlen <= netdev_max_backlog && !skb_flow_limit(skb, qlen)) {

Monitoring: Monitor drops due to full input_pkt_queue or flow limit

Tuning

$ sudo sysctl -w net.core.netdev_max_backlog=3000

$ sudo sysctl -w net.core.dev_weight=600

$ sudo sysctl -w net.core.flow_limit_table_len=8192

backlog queue NAPI poller

sd->backlog.poll = process_backlog;
sd->backlog.weight = weight_p;
sd->backlog.gro_list = NULL;
sd->backlog.gro_count = 0;

process_backlog

__netif_receive_skb_core delivers data to packet taps and protocol layers

Packet tap delivery

list_for_each_entry_rcu(ptype, &ptype_all, list) {
  if (!ptype->dev || ptype->dev == skb->dev) {
    if (pt_prev)
      ret = deliver_skb(skb, pt_prev, orig_dev);
    pt_prev = ptype;
  }
}

Protocol layer delivery

type = skb->protocol;
list_for_each_entry_rcu(ptype,
                &ptype_base[ntohs(type) & PTYPE_HASH_MASK], list) {
        if (ptype->type == type &&
            (ptype->dev == null_or_dev || ptype->dev == skb->dev ||
             ptype->dev == orig_dev)) {
                if (pt_prev)
                        ret = deliver_skb(skb, pt_prev, orig_dev);
                pt_prev = ptype;
        }
}

struct list_head ptype_base[PTYPE_HASH_SIZE] __read_mostly;

static inline struct list_head *ptype_head(const struct packet_type *pt)
{
        if (pt->type == htons(ETH_P_ALL))
                return &ptype_all;
        else
                return &ptype_base[ntohs(pt->type) & PTYPE_HASH_MASK];
}

Protocol layer registration

IP protocol layer

dev_add_pack(&ip_packet_type);

static struct packet_type ip_packet_type __read_mostly = {
        .type = cpu_to_be16(ETH_P_IP),
        .func = ip_rcv,
};

ip_rcv

return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, dev, NULL, ip_rcv_finish);

netfilter and iptables

ip_rcv_finish

if (sysctl_ip_early_demux && !skb_dst(skb) && skb->sk == NULL) {
  const struct net_protocol *ipprot;
  int protocol = iph->protocol;

  ipprot = rcu_dereference(inet_protos[protocol]);
  if (ipprot && ipprot->early_demux) {
    ipprot->early_demux(skb);
    /* must reload iph, skb->head might have changed */
    iph = ip_hdr(skb);
  }
}

$ sudo sysctl -w net.ipv4.ip_early_demux=0

ip_local_deliver

1. Calls to ip_rcv do some initial bookkeeping.

2. Packet is handed off to netfilter for processing, with a pointer to a callback to be executed when processing finishes.

3. ip_rcv_finish is the callback which finished processing and continued working toward pushing the packet up the networking stack.

/*
 *      Deliver IP Packets to the higher protocol layers.
 */
int ip_local_deliver(struct sk_buff *skb)
{
        /*
         *      Reassemble IP fragments.
         */

        if (ip_is_fragment(ip_hdr(skb))) {
                if (ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER))
                        return 0;
        }

        return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN, skb, skb->dev, NULL,
                       ip_local_deliver_finish);
}

ip_local_deliver_finish

Monitoring: IP protocol layer statistics

$ cat /proc/net/snmp
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates
Ip:                   1           64 25922988125                0                    0             15771700                            0           0 25898327616 22789396404 12987882                    51
                       1       10129840     2196520                  1              0              0                    0
...

enum
{
  IPSTATS_MIB_NUM = 0,
/* frequently written fields in fast path, kept in same cache line */
  IPSTATS_MIB_INPKTS,     /* InReceives */
  IPSTATS_MIB_INOCTETS,     /* InOctets */
  IPSTATS_MIB_INDELIVERS,     /* InDelivers */
  IPSTATS_MIB_OUTFORWDATAGRAMS,   /* OutForwDatagrams */
  IPSTATS_MIB_OUTPKTS,      /* OutRequests */
  IPSTATS_MIB_OUTOCTETS,      /* OutOctets */

  /* ... */

$ cat /proc/net/netstat | grep IpExt
IpExt: InNoRoutes InTruncatedPkts InMcastPkts OutMcastPkts InBcastPkts OutBcastPkts InOctets OutOctets InMcastOctets OutMcastOctets InBcastOctets OutBcastOctets InCsumErrors InNoECTPkts InECT0Pktsu InCEPkts
IpExt: 0 0 0 0 277959 0 14568040307695 32991309088496 0 0 58649349 0 0 0 0 0

• InReceives: The total number of IP packets that reached ip_rcv before any data integrity checks.

• InHdrErrors: Total number of IP packets with corrupted headers. The header was too short, too long, non-existent, had the wrong IP protocol version number, etc.

• InAddrErrors: Total number of IP packets where the host was unreachable.

• ForwDatagrams: Total number of IP packets that have been forwarded.

• InUnknownProtos: Total number of IP packets with unknown or unsupported protocol specified in the header.

• InDiscards: Total number of IP packets discarded due to memory allocation failure or checksum failure when packets are trimmed.

• InDelivers: Total number of IP packets successfully delivered to higher protocol layers. Keep in mind that those protocol layers may drop data even if the IP layer does not.

• InCsumErrors: Total number of IP Packets with checksum errors.

Higher level protocol registration

static const struct net_protocol tcp_protocol = {
        .early_demux    =       tcp_v4_early_demux,
        .handler        =       tcp_v4_rcv,
        .err_handler    =       tcp_v4_err,
        .no_policy      =       1,
        .netns_ok       =       1,
};

static const struct net_protocol udp_protocol = {
        .early_demux =  udp_v4_early_demux,
        .handler =      udp_rcv,
        .err_handler =  udp_err,
        .no_policy =    1,
        .netns_ok =     1,
};

static const struct net_protocol icmp_protocol = {
        .handler =      icmp_rcv,
        .err_handler =  icmp_err,
        .no_policy =    1,
        .netns_ok =     1,
};

 /*
  *      Add all the base protocols.
  */

 if (inet_add_protocol(&icmp_protocol, IPPROTO_ICMP) < 0)
         pr_crit("%s: Cannot add ICMP protocol\n", __func__);
 if (inet_add_protocol(&udp_protocol, IPPROTO_UDP) < 0)
         pr_crit("%s: Cannot add UDP protocol\n", __func__);
 if (inet_add_protocol(&tcp_protocol, IPPROTO_TCP) < 0)
         pr_crit("%s: Cannot add TCP protocol\n", __func__);

UDP protocol layer

udp_rcv

__udp4_lib_rcv

sk = skb_steal_sock(skb);
if (sk) {
  struct dst_entry *dst = skb_dst(skb);
  int ret;

  if (unlikely(sk->sk_rx_dst != dst))
    udp_sk_rx_dst_set(sk, dst);

  ret = udp_queue_rcv_skb(sk, skb);
  sock_put(sk);
  /* a return value > 0 means to resubmit the input, but
   * it wants the return to be -protocol, or 0
   */
  if (ret > 0)
    return -ret;
  return 0;
} else {

ret = udp_queue_rcv_skb(sk, skb);
sock_put(sk);

/* No socket. Drop packet silently, if checksum is wrong */
if (udp_lib_checksum_complete(skb))
        goto csum_error;

UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);

/*
 * Hmm.  We got an UDP packet to a port to which we
 * don't wanna listen.  Ignore it.
 */
kfree_skb(skb);
return 0;

udp_queue_rcv_skb

1. Determine if the socket associated with the datagram is an encapsulation socket. If so, pass the packet up to that layer’s handler function before proceeding.

2. Determine if the datagram is a UDP-Lite datagram and do some integrity checks.

3. Verify the UDP checksum of the datagram and drop it if the checksum fails.

if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf))
  goto drop;

sk_rcvqueues_full

/*
 * Take into account size of receive queue and backlog queue
 * Do not take into account this skb truesize,
 * to allow even a single big packet to come.
 */
static inline bool sk_rcvqueues_full(const struct sock *sk, const struct sk_buff *skb,
                                     unsigned int limit)
{
        unsigned int qsize = sk->sk_backlog.len + atomic_read(&sk->sk_rmem_alloc);

        return qsize > limit;
}

$ sudo sysctl -w net.core.rmem_max=8388608

$ sudo sysctl -w net.core.rmem_default=8388608

udp_queue_rcv_skb

bh_lock_sock(sk);
if (!sock_owned_by_user(sk))
  rc = __udp_queue_rcv_skb(sk, skb);
else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) {
  bh_unlock_sock(sk);
  goto drop;
}
bh_unlock_sock(sk);

return rc;

__udp_queue_rcv_skb

rc = sock_queue_rcv_skb(sk, skb);
if (rc < 0) {
  int is_udplite = IS_UDPLITE(sk);

  /* Note that an ENOMEM error is charged twice */
  if (rc == -ENOMEM)
    UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,is_udplite);

  UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
  kfree_skb(skb);
  trace_udp_fail_queue_rcv_skb(rc, sk);
  return -1;
}

Monitoring: UDP protocol layer statistics

• /proc/net/snmp

• /proc/net/udp

$ cat /proc/net/snmp | grep Udp\:
Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors
Udp: 16314 0 0 17161 0 0

• InDatagrams: Incremented when recvmsg was used by a userland program to read datagram. Also incremented when a UDP packet is encapsulated and sent back for processing.

• NoPorts: Incremented when UDP packets arrive destined for a port where no program is listening.

• InErrors: Incremented in several cases: no memory in the receive queue, when a bad checksum is seen, and if sk_add_backlog fails to add the datagram.

• OutDatagrams: Incremented when a UDP packet is handed down without error to the IP protocol layer to be sent.

• RcvbufErrors: Incremented when sock_queue_rcv_skb reports that no memory is available; this happens if sk->sk_rmem_alloc is greater than or equal to sk->sk_rcvbuf.

• SndbufErrors: Incremented if the IP protocol layer reported an error when trying to send the packet and no error queue has been setup. Also incremented if no send queue space or kernel memory are available.

• InCsumErrors: Incremented when a UDP checksum failure is detected. Note that in all cases I could find, InCsumErrors is incrememnted at the same time as InErrors. Thus, InErrors - InCsumErros should yield the count of memory related errors on the receive side.

$ cat /proc/net/udp
  sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode ref pointer drops
  515: 00000000:B346 00000000:0000 07 00000000:00000000 00:00000000 00000000   104        0 7518 2 0000000000000000 0
  558: 00000000:0371 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 7408 2 0000000000000000 0
  588: 0100007F:038F 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 7511 2 0000000000000000 0
  769: 00000000:0044 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 7673 2 0000000000000000 0
  812: 00000000:006F 00000000:0000 07 00000000:00000000 00:00000000 00000000     0        0 7407 2 0000000000000000 0

• sl: Kernel hash slot for the socket

• local_address: Hexadecimal local address of the socket and port number, separated by :.

• rem_address: Hexadecimal remote address of the socket and port number, separated by :.

• st: The state of the socket. Oddly enough, the UDP protocol layer seems to use some TCP socket states. In the example above, 7 is TCP_CLOSE.

• tx_queue: The amount of memory allocated in the kernel for outgoing UDP datagrams.

• rx_queue: The amount of memory allocated in the kernel for incoming UDP datagrams.

• tr, tm->when, retrnsmt: These fields are unused by the UDP protocol layer.

• uid: The effective user id of the user who created this socket.

• timeout: Unused by the UDP protocol layer.

• inode: The inode number corresponding to this socket. You can use this to help you determine which user process has this socket open. Check /proc/[pid]/fd, which will contain symlinks to socket[:inode].

• ref: The current reference count for the socket.

• pointer: The memory address in the kernel of the struct sock.

• drops: The number of datagram drops associated with this socket. Note that this does not include any drops related to sending datagrams (on corked UDP sockets or otherwise); this is only incremented in receive paths as of the kernel version examined by this blog post.

Queuing data to a socket

1. The socket’s allocated memory is checked to determine if it has exceeded the receive buffer size. If so, the drop count for the socket is incremented.

2. Next sk_filter is used to process any Berkeley Packet Filter filters that have been applied to the socket.

3. sk_rmem_schedule is run to ensure sufficient receive buffer space exists to accept this datagram.

4. Next the size of the datagram is charged to the socket with a call to skb_set_owner_r. This increments sk->sk_rmem_alloc.

5. The data is added to the queue with a call to __skb_queue_tail.

6. Finally, any processes waiting on data to arrive in the socket are notified with a call to the sk_data_ready notification handler function.

Extras

Timestamping

$ sudo ethtool -T eth0
Time stamping parameters for eth0:
Capabilities:
  software-transmit     (SOF_TIMESTAMPING_TX_SOFTWARE)
  software-receive      (SOF_TIMESTAMPING_RX_SOFTWARE)
  software-system-clock (SOF_TIMESTAMPING_SOFTWARE)
PTP Hardware Clock: none
Hardware Transmit Timestamp Modes: none
Hardware Receive Filter Modes: none

Busy polling for low latency sockets

Netpoll: support for networking in critical contexts

static int __netif_receive_skb_core(struct sk_buff *skb, bool pfmemalloc)
{

  /* ... */

  /* if we've gotten here through NAPI, check netpoll */
  if (netpoll_receive_skb(skb))
    goto out;

  /* ... */
}

SO_INCOMING_CPU

DMA Engines

Intel’s I/O Acceleration Technology (IOAT)

Create a secure APT repository in less than 10 seconds, free.

$ cat /sys/class/dma/dma0chan0/memcpy_count
123205655

$ cat /sys/class/dma/dma0chan0/bytes_transferred
131791916307

$ sudo sysctl -w net.ipv4.tcp_dma_copybreak=2048

Conclusion