https://lwn.net/Articles/719850/ This is a special feed containing comments posted to the individual LWN article titled "New approaches to network fast paths". en-us Fri, 10 Oct 2025 16:44:34 +0000 Fri, 10 Oct 2025 16:44:34 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net https://lwn.net/Articles/721187/ https://lwn.net/Articles/721187/ Wol <div class="FormattedComment"> This seems a good fix to me for the problem (mentioned elsewhere) that "more and more stuff gets crammed into the fast path until the fast path becomes the new slow path".<br> <p> Have something like this, which by default does nothing. Then it's up to the user to put stuff into it, with the constraint that if too much goes in, packets get dropped at random because the buffers fill. Probably the main use of this would be to fight DDoS, because there you don't really care. By killing bad packets as fast as you can, you increase the chances of the good packets getting through, and you rely on TCP to cope with the packets you didn't intend to drop.<br> <p> But the devs no longer need to worry about "the fast path becoming the slow path" - this would definitely be for sysadmins to tweak with the simple constraint that you can have heavy traffic, or complex rules, but if you have both then packets will start getting dropped at random. Their pick.<br> <p> Cheers,<br> Wol<br> </div> Thu, 27 Apr 2017 15:31:34 +0000 https://lwn.net/Articles/720489/ https://lwn.net/Articles/720489/ Trou.fr <div class="FormattedComment"> Adding a full TLS stack and HTTP in the kernel, what could possibly go wrong ? It's just a huge attack surface reachable from outside.<br> </div> Thu, 20 Apr 2017 11:31:30 +0000 https://lwn.net/Articles/720129/ https://lwn.net/Articles/720129/ jhoblitt <div class="FormattedComment"> Should that be...<br> <p> The micro-kernel debate is being updated for the network-centric world.<br> The micro-kernel debate is being updated for the network-centric world.<br> The micro-kernel debate is being updated for the network-centric world.<br> The micro-kernel debate is being updated for the network-centric world.<br> <p> </div> Sat, 15 Apr 2017 14:50:19 +0000 https://lwn.net/Articles/720111/ https://lwn.net/Articles/720111/ zenaan <div class="FormattedComment"> Indeed - in kernal HURD multi-server module anyone?<br> </div> Sat, 15 Apr 2017 00:15:18 +0000 https://lwn.net/Articles/720049/ https://lwn.net/Articles/720049/ niner <div class="FormattedComment"> Because they want to filter TLS traffic before it hits the costly path through user space.<br> </div> Fri, 14 Apr 2017 11:01:55 +0000 https://lwn.net/Articles/720041/ https://lwn.net/Articles/720041/ mokki <div class="FormattedComment"> Why not instead copy and extend what FreeBSD has done:<br> 1) TLS handshake is done normally in user space<br> 2) user space uploads the encryption and/or decryption keys to kernel<br> 3) kernel does the encryption/decryption in place<br> 4) socket is now essentially TCP for both kernel and userspace uses<br> <p> FreeBSD supports the above for now only for sendfile, where there are obvious performance benefits compared to userspace reading file, encrypting it and sending over socket.<br> <p> Kernel already has the required code to do the encryption/decryption while the TLS handshakes, certificates and other policies are better handled in user space. Kernel also has better HW crypto accelerator support and possibility to do zero-copy operations.<br> <p> I can also envision a systemwide TLS handshake daemon that could be enabled with socket option. Much easier than current distro work to patch tls libraries written for multiple languages to honour a system wide configuration. It would also be much easier to update single hanshake daemon to support next TLS version or fix bugs.<br> </div> Fri, 14 Apr 2017 09:50:27 +0000 https://lwn.net/Articles/720016/ https://lwn.net/Articles/720016/ ejr <div class="FormattedComment"> The micro-kernel debate is being updated for the network-centric world.<br> </div> Thu, 13 Apr 2017 22:28:18 +0000