multiple wireguard interface and kworker ressources
Jason A. Donenfeld
Jason at zx2c4.com
Tue Jun 13 23:47:20 CEST 2017
Hi Nicolas,
It looks to me like some resources are indeed expended in adding those
interfaces. Not that much that would be problematic -- are you seeing
a problematic case? -- but still a non-trivial amount.
I tracked it down to WireGuard's instantiation of xt_hashlimit, which
does some ugly vmalloc, and it's call into the power state
notification system, which uses a naive O(n) algorithm for insertion.
I might have a way of amortizing on module insertion, which would
speed things up. But I wonder -- what is the practical detriment of
spending a few extra cycles on `ip link add`? What's your use case
where this would actually be a problem?
Thanks,
Jason
More information about the WireGuard
mailing list