Changes between Version 10 and Version 11 of DataChannelOffload
- Timestamp:
- 01/16/22 21:32:26 (3 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DataChannelOffload
v10 v11 23 23 === Introducing DCO 24 24 To overcome the limitations described in the section above we have developed ''ovpn-dco'', a Linux kernel module designed to work back-to-back with the OpenVPN userspace software. 25 When a VPN connection is established, being it on a client, on a server or on a p2p instance, the userspace process will first perform the usual handshake and will then pass the data channel parameters to ovpn-dco , so that it can take over from there. At this point, data packets are all handled in kernelspace and are never sent up to the userspace process.25 When a VPN connection is established, being it on a client, on a server or on a p2p instance, the userspace process will first perform the usual handshake and will then pass the data channel parameters to ovpn-dco using its ''NetLink'' interface, so that it can take over from there. At this point, data packets are all handled in kernelspace and are never sent up to the userspace process. 26 26 27 27 The picture below helps to visualize the difference with to the basic scenario shown above: 28 28 29 {image here} 29 [[Image(dco.png)]] 30 30 31 Context switch istherefore reduced to the minimum and packet processing can take advantage of the kernel concurrency model.32 The two main OpenVPN functions, crypto and routing, are implemented using the kernelprovided API.31 Context switches are therefore reduced to the minimum and packet processing can take advantage of the kernel concurrency model. 32 The two main OpenVPN functions, crypto and routing, are now implemented in kernel using the provided API. 33 33 For what concerns routing, the system routing table is directly used to understand if packets have to be re-routed directly to another peer (i.e. client-to-client mode), without the need to ask the userspace process at all. 34 34