1. What is the difference between user space and kernel space? DPDK is in user space. Why user space and not kernel space?
2. Netmap can run in user space and on 'kernel clients'. Does this just mean that it can also run on hardware like a network adapter? If not, what 'space' would you call something that runs on the network adapter?
3. If you wanted to build an anti-dos firewall or some sort of tunnel that can do deep packet inspection and block or tunnel traffic accordingly, could you achieve this with netmap alone, or would you also have to use something like netmap and dpdk? I understand that there might be reason to use one for one reason and the other at the same time for other reasons.
4. hping3 can be used to send millions of packets per second to an endpoint. If you had a server at one hosting provider like aws and used hping3 flood mode on a server at Vultr let's say, do the packets have to be larger than 64 bytes? What's the smallest packet someone could send to launch a DDoS attack on a server on the internet? Does it depend on whether or not its IP, UDP or TCP? From what I can tell, the packet won't deliver over the internet unless it's 64 bytes or larger, but I may be wrong, and I don't have the resources to test it at this time. Maybe in a month or two, I will.
hping3 says "
-d --data data size
Set packet body size. Warning, using --data 40 hping3 will not generate 0 byte packets but protocol_header+40 bytes. hping3 will display packet size information as first line output, like this: HPING www.yahoo.com (ppp0 204.71.200.67): NO FLAGS are set, 40 headers + 40 data bytes"
Thanks!
2. Netmap can run in user space and on 'kernel clients'. Does this just mean that it can also run on hardware like a network adapter? If not, what 'space' would you call something that runs on the network adapter?
3. If you wanted to build an anti-dos firewall or some sort of tunnel that can do deep packet inspection and block or tunnel traffic accordingly, could you achieve this with netmap alone, or would you also have to use something like netmap and dpdk? I understand that there might be reason to use one for one reason and the other at the same time for other reasons.
4. hping3 can be used to send millions of packets per second to an endpoint. If you had a server at one hosting provider like aws and used hping3 flood mode on a server at Vultr let's say, do the packets have to be larger than 64 bytes? What's the smallest packet someone could send to launch a DDoS attack on a server on the internet? Does it depend on whether or not its IP, UDP or TCP? From what I can tell, the packet won't deliver over the internet unless it's 64 bytes or larger, but I may be wrong, and I don't have the resources to test it at this time. Maybe in a month or two, I will.
hping3 says "
-d --data data size
Set packet body size. Warning, using --data 40 hping3 will not generate 0 byte packets but protocol_header+40 bytes. hping3 will display packet size information as first line output, like this: HPING www.yahoo.com (ppp0 204.71.200.67): NO FLAGS are set, 40 headers + 40 data bytes"
Thanks!