When passing authenticated traffic, I have noticed the chilli process consumes a significant amount of CPU usage even when using the kernel module.
Thinking about it, coova is still capturing all packets on the dhcpif if it's authenticated or not, it's just not forwarding them when the kernel module is used.
Thinking about it, could nfqueue be used in conjunction with the kernel module to cause cause only unauthenticated (and I guess DHCP packets) to be passed to the userland process? Ie doing the filtering in kernel rather than copying everything to userland and filtering there.
Another option could be to use iptables PBR to send unauthenticated traffic in to say the tun0 interface (or another tun interface) and have coova ignore the dhcpif entirely. Incidently this is actually how I run the kmod which avoids the need to NAT the packets.
On a related note, there seems to be a number of relatively undocumented features surrounding how packets get to userland, poll/nfqueue/pcap/mmap, some better documentation on the pros and cons of each of those could be useful in this situation as well.
shkrid
commented
8 years ago
When passing authenticated traffic, I have noticed the chilli process consumes a significant amount of CPU usage even when using the kernel module.
Thinking about it, coova is still capturing all packets on the dhcpif if it's authenticated or not, it's just not forwarding them when the kernel module is used.
Thinking about it, could nfqueue be used in conjunction with the kernel module to cause cause only unauthenticated (and I guess DHCP packets) to be passed to the userland process? Ie doing the filtering in kernel rather than copying everything to userland and filtering there.
Another option could be to use iptables PBR to send unauthenticated traffic in to say the tun0 interface (or another tun interface) and have coova ignore the dhcpif entirely. Incidently this is actually how I run the kmod which avoids the need to NAT the packets.
On a related note, there seems to be a number of relatively undocumented features surrounding how packets get to userland, poll/nfqueue/pcap/mmap, some better documentation on the pros and cons of each of those could be useful in this situation as well.