GSoC 2018 – Kernel-space SOCKS proxy for Linux

Background

Welcome! I’m Ferenc Fejes from University of Debrecen, Hungary. In 2017 I did my first GSoC project with my mentors Benjamin Henrion and Claudio Pisa. You can find all of my post from the project on this link here: https://blog.freifunk.net/tag/mptcp+lede/
In a nutshell it was an experiment to create a test-bed for aggregating the speed of multiple Wi-Fi links in transport layer with MPTCP. We succeeded, I also provided a detailed tutorial with the method for reproducing the experiment in home. I did not expected too much enquiry about the project but after the blogposts and an OpenWRT summit workshop, I received lots of emails and messages – many experimenter interested about the project which is a great honor of me. In China, where the router proxyfication is necessary because of the great firewall, many people applied the method of my GSoC 2017 project outcome. (Cont.)

The current project

Also many people asked me: “Why the speed of the proxy is so slow?”. This is completely fair question because I also experienced big performance drop with my proxy. Without proxy one of my router is capable to route and NAT packets with ~700-800 Mbps throughput, but after the proxyfication the throughput drops down to ~100-150 Mbps. It’s a pretty big performance penalty. After some debug it turned out that the CPU do lots of I/O with copying the packets from kernel-space memory to user-space memory back and forth.  I created a small figure to illustrate this (in reality its a little bit different but this is a simplified version).


My current GSoC project goal is find a way to accelerate the proxy to near-routing and NAT-ing performance with some kernel-space offload or SOCKS implementation. There is multiple existing method, like vmsplice which is a good approach to do that or recent TCP Zero-copy kernel extension. I will measure the performance of these methods before I implement my approach.

The plan

  1. Try out existing solutions and measure the performance of them. Create a testbed for fast testing and kernel related development.
  2. Try to minimalize the amount of user-space syscalls and context switches also packet copies between kernel and user-space.
  3. Implement a solution in an existing SOCKS proxy of implement a new one with the fast proxy operation.
  4. Verify the performance improvement of the operation with different router boards.

Leave a Reply

Your email address will not be published. Required fields are marked *