On Sat, 3 Sep 2005, Gervasio Bernal wrote: > Lars Gullik Bjønnes <larsbj <at> gullik.net> writes: > > > > > Gervasio Bernal <gervasiobernal <at> speedy.com.ar> writes: > > > > | First of all, I will explain what we are trying to develop. Basically, > > our > idea > > | is to make OpenVPN works at kernel level, not at user level, and use the > linux > > | cryptoapi instead of openssl. > > > > Just a question. > > > > Why do you want to do this? Performance or something else? > > > > To me running in userspace is one of the really good things about > > OpenVPN. > > > > You are right!, running in userspace is a great thing because it facilitates > the > portability, but you lose performance. Obviously, if we run it at kernel > level > we will lose that portability, but we will win performance.
You also lose the security of running the OpenVPN process outside the kernel as user/group nobody and chrooted to a sandbox. If someone finds a remote code injection vulnerability, you are much worse off than you would be if you were running as an unprivileged process, chrooted to a sandbox, because now every remote compromise is a full root compromise. There are also stability issues -- what if there is a crash or assertion failure? Running in kernel space, you will bring down the entire machine. When alpha & beta testing new features, it's important to be able to convince users to test the new code, to help stabilize it. People are going to be less likely to test code that might crash their whole machine as opposed to code which will only bring down a single process. As far as performance is concerned, you will gain the time it normally takes to switch between user and kernel space. But this time may be small in relation to the much higher cost of crypto operations. The big question in my mind is whether this possibly small increase in performance will justify the loss of portability, and some level of stability and security. James
