-
- Downloads
Initial vhost-net support
We spend a lot of CPU time copying packets between kernel and userspace. Eventually we want to implement a completely in-kernel data path. It isn't even that hard, now that most of the functionality we need from the kernel is there and it's mostly just a case of fitting it together. In the meantime, though, there are a few things we can do even on today's released kernels. For a start, we can use vhost-net to avoid having to do the read()/write() on the tun device in our mainloop. Ultimately, it ends up being done by a kernel thread instead; it doesn't really go away. But that should at least give us a performance win which would compare with a decent threading model, while allowing OpenConnect to remain naïvely single-threaded and lock-free. We have to carefully pick a configuration for vhost-net which actually works, since it's fairly hosed for IFF_TUN support: https://lore.kernel.org/netdev/2433592d2b26deec33336dd3e83acfd273b0cf30.camel@infradead.org/T/ But by limiting the sndbuf (which disables XDP, sadly) and by requesting a virtio header that we don't actually want, we *can* make it work even with today's production kernels. Thanks to Eugenio Pérez Martín >eperezma@redhat.com> for his blog at https://www.redhat.com/en/blog/virtqueues-and-virtio-ring-how-data-travels and for lots more help and guidance as I floundered around trying to make this work. Disabled by default for now until/unless we are sure it really gives us a win. Signed-off-by:David Woodhouse <dwmw2@infradead.org>
Showing
- Makefile.am 5 additions, 1 deletionMakefile.am
- configure.ac 34 additions, 0 deletionsconfigure.ac
- dtls.c 4 additions, 0 deletionsdtls.c
- library.c 3 additions, 0 deletionslibrary.c
- mainloop.c 13 additions, 3 deletionsmainloop.c
- openconnect-internal.h 30 additions, 1 deletionopenconnect-internal.h
- tun.c 12 additions, 3 deletionstun.c
- vhost.c 444 additions, 0 deletionsvhost.c
Loading
Please register or sign in to comment