khttpd

Dmitri Nikulin dnikulin at gmail.com
Tue Jun 6 23:24:40 PDT 2006 

On 6/7/06, TongKe Xue <xue at xxxxxxxxxxxxxxx> wrote:
Hey,

   I'm new to DragonFly BSD; a search for "khttpd" on the dragonfly bsd
email archives brings up nothing. I was wondering:
   (1) Is there something like this in dragonfly bsd?
   (2) Is there plans for something like this in dragonfly bsd?
   (3) Or does dragonfly bsd have some ultra cool arch that makes stuff
like khttpd not useful?
Reasons against a kernel httpd:

- Security
- Maintenance
- Stability (bug in khttpd -> bug in entire kernel)
- Portability (little value in a httpd only usable on one kernel in
the whole world)
- Configuration (need a LOT of sysctls, system calls or ioctl hacks to
configure and monitor such a thing)
- Cleanliness (it's generally a tragic mess to do high-level file
operations in a kernel)
- Duplication (you'd need to move a lot of libc and other code into
the kernel where it doesn't belong)
- DragonFly inherited "Accept Filters" from FreeBSD, which at least
reduces the need for invalid requests to enter userland. The value of
a khttpd is therefore nerfed.
- It'd be useless (if you want to do CGI you'll end up with the same
performance handicap of userland)
Reasons for a kernel httpd:

- Performance (not that much, I've never heard of user<->kernel
interaction being the bottleneck in a web server system)
- ...
If you want, you can write one, but I can't imagine ANY BSD project
would give it a serious consideration to inclusion. Moving user
software into the kernel is precisely what kills projects like Linux
and Windows, making them unmaintainable, insecure wrecks which require
more man-hours to maintain than the entire construction of Rome.
Linux has other similar failures, too, like an in-kernel transparent
set of proxies for FTP, IRC, and more. The mess within is not even
worth discussing.
So in answer, I guess, a khttpd is not very useful to begin with, and
in fact extremely dangerous overall. The slight gain to performance is
negligable, and people seem willing to take the cost anyway, since
popular stacks like LAMP require not only user-kernel interaction but
user-kernel-user in the form of loopback sockets between the
CGI/PHP/whatever and the MySQL daemon (which is its own entire set of
engineering failures).
 -- Dmitri Nikulin

More information about the Kernel mailing list