可以很轻松地把内核网络栈直接拿到用户态运行,创意很好,可以结合用户态工具轻松配制若干变种VPN 。
但是运用到生产环境有如下问题
Main "architectural" issue: when attempting to run the kernel code in the user space, namely the need to preserve many "kernel" assumptions since the kernel code was meant to run in the kernel environment.
Assumptions: the existence of a kernel stack, the host vs the "kernel" threads, the kernel scheduler and how it conflicts with the host scheduler, IRQ handling and its various optimization,..., etc.
Preserving these assumptions, although allowing one to avoid changes to the generic kernel code, has resulted in significant performance overhead for LKL.
Limitations: linkage issue with the kernel code resulting in address collision with shared library objects, no SMP support, the complexity of allowing it seems to approach that of providing a fully virtualized environment for the kernel.
结论是 LKL 不一定比完全虚拟机好。
https://lwn.net/Articles/662953/ http://netdevconf.org/1.2/session.html?jerry-chu
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.