From: Victor Stewart > Sent: 07 June 2021 19:51 ... > coincidentally i'm tossing around in my mind at the moment an idea for > offloading > the PING/PONG of a QUIC server/client into the kernel via eBPF. > > problem being, being that QUIC is userspace run transport and that NAT-ed UDP > mappings can't be expected to stay open longer than 30 seconds, QUIC > applications > bare a large cost of context switching wake-up to conduct connection lifetime > maintenance... especially when managing a large number of mostly idle long lived > connections. so offloading this maintenance service into the kernel > would be a great > efficiency boon. > > the main impediment is that access to the kernel crypto libraries > isn't currently possible > from eBPF. that said, connection wide crypto offload into the NIC is a > frequently mentioned > subject in QUIC circles, so one could argue better to allocate the > time to NIC crypto offload > and then simply conduct this PING/PONG offload in plain text. Hmmmm... a good example of how not to type emails. Thought, does the UDP tx needed to keep the NAT tables active need to be encrypted? A single byte UDP packet would do the trick. You just need something the remote system is designed to ignore. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
