Why is PFE useful on Linux?

Question asked by Henry Choi on Oct 6, 2019
Latest reply on Oct 9, 2019 by Henry Choi
While trying to make a fast firewall/router, I stumbled on FRWY-LS1012A board, and brought up Ubuntu on it (following the getting started guide); currently struggling my way through understanding the Linux nftable, but still have an uneasy feeling that I just don't understand how this is supposed to work.  Initially, I thought that the PFE will offload the packet forwarding, so I just rolled the dice and decided to play around with the eval board.  But I've read the "Packet Forwarding Engine (PFE) Ethernet Ports Setting up on LS1012A Platform" document several times now, and I just don't see where such hardware acceleration can take place, because the Linux iptable/nftable runs on the CPU.  Chapter 14 of the LS1012A reference manual explains that such HW acceleration features ARE built into the PFW, but the above architecture document does not explain how/if the HW features are enabled by Linux PFE driver.


I would greatly appreciate a pointer to the driver source code, and further guidance on configuring the firewall/router to unleash the PFE HW capability.