
Network Stack Specialization for Performance [pdf] - adamnemecek
http://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/201408-sigcomm2014-specialization.pdf
======
pixl97
This concerns me...

>Finally, we evaluated whether Sandstorm handles high packet loss correctly.
With 80 simultaneous clients and 1% packet loss, as expected, throughput
plummets. FreeBSD achieves approximately 640Mb/s and Sandstorm roughly 25%
less. This is not fundamental, but due to FreeBSD’s more fine-grained
retransmit timer and its use of NewReno congestion control rather than Reno,
which could also be implemented in Sandstorm.

Which tells me an attacker can disable your infrastructure more easily with
the high performance custom stack by sending specialized malformed data. If
you're even thinking about putting a custom stack on the net, its worst
possible performance should be the same as low performance stack you're
replacing it with.

An attacker always targets the weakest point.

~~~
kev009
Sorry but that's a pretty pedantic takeaway. This is high quality academic
research at the forefront of CS/Systems Research, not a fancy bubbly website
mandating you stop using nginx right now and switch to sandstorm. A "real"
system would conceivably converge to be as good as kernel stack, and there are
already projects like
[https://github.com/pkelsey/libuinet](https://github.com/pkelsey/libuinet) and
[https://github.com/rumpkernel/netmap-
rumptcpip](https://github.com/rumpkernel/netmap-rumptcpip) where you can share
kernel code.

