On Wed, Aug 6, 2014 at 7:12 AM, David Sommerseth
<[email protected]> wrote:
>
> With this in mind, it does make sense to split out the asymmetric
> encryption phases to a separate core, which can allow other symmetric
> encrypted traffic to flow more freely.
>
> But, this is just splitting stuff into 2 threads. Any modern
> computers doesn't really have that *few* CPU cores. (Even cellphones
> seems to have at least 4 cores these days). So even though the
> benefit of using 2 threads will be noticed, it can be done better.
Every time I've seen a project that wasn't written to be thread-safe
in the first place converted to use threads, it seems like it takes
about 10 years for all of the bugs to be shaken out.
> What *if* there are 3 "thread groups"? One of these groups is a
> single thread which is a SSL state manager. It keeps tracks of all
> keys being used, and which state each client is in. Then there is a
> "thread group" with symmetric encryption work, which basically does
> the real tunnelling and takes care of the network traffic flow. But
> it receives the keying material from the SSL state manager thread.
> And then last "thread group" is the one taking care of asymmetric
> encryption and the key negotiations.
I agree that threads could be more efficient, but I think there would
be low-hanging fruit from just forking a pool of worker processes
connected with sockets and having the main process hand off the slow
part of the rekeying jobs off instead of backing up the main loop.
> But! This is going to be a h*** of a lot of work. And almost
> everything regarding the event management/scheduler and SSL code in
> OpenVPN will be completely rewritten. In addition, it'll be a lot of
> fun with the plug-ins and script support.
I think you'd just have to add some plumbing to the existing code to
talk to the forked instances. And with no worries about accidentally
shared variables.
--
Les Mikesell
[email protected]
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
