Designing Tinc with Threads and Groups
Guus Sliepen
guus at sliepen.eu.org
Thu Jan 20 15:56:43 CET 2005
On Sun, Jan 16, 2005 at 03:33:13PM -0500, lonnie at outstep.com wrote:
> I have been trying to get a feel for the Tinc sources because I would like
> to see about developing a version of Tinc that uses threads and also
> incorporated the idea of groups so that when a user starts up their daemon
> they can join one or more groups.
>
> I know that you can establish multiple "networks" on a single daemon, but
> from what I understand, you also have to have multiple TAP devices as
> well. Could be wrong here.
Currently tinc is designed for one "network" and one TAP device per
daemon. You could indeed create a daemon that could connect to multiple
networks and use only a single TAP device, or that connects to a single
network and splits traffic over multiple TAP devices, or anything
inbetween. But if you have multiple groups which, I assume, have no
trust relationships with eachother, it would be a security risk to let a
single daemon connect to more than one of them at the same time; either
a bug in the software could cause packets from one group to go to
another, or a mistake in the configuration could connect two groups
together. If you'd ask any security expert[1] they'd tell you it would
be a bad idea.
About threads: it could help in some situations (authenticating new
connections is something that takes a considerably amount of time that
introduces delays in normal packet processing), but on the other hand
you have locking to think of and the cost of starting/stopping threads
(which is very cheap on Linux with NPTL, but could be expensive on other
OSs). So, is the added complexity really worth any gain you would get?
[1] Except Peter Gutmann, he will hit you with penis-shaped soundwaves.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at sliepen.eu.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://brouwer.uvt.nl/pipermail/tinc/attachments/20050120/3533d33a/attachment.pgp
More information about the tinc
mailing list