Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It is still quite expensive, the kernel module is still faster. Performance depends a lot on your kernel version and network card. We measured anywhere from 20% to 40% advantage to kernel module. But we are working on additional performance features, such as using send/recvmmsg and raw sockets.



Thankyou, that is even better than what I would expect. I have been trying to tune around similar issues in tinc-vpn which also runs in user space and depends on newer kernels and code changes to work around.


Look at curvetun, the author used some tricks to boost the speed (PF_RING I think).


Why not use XDP?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: