kHTTPd, a Kernel-Based Web Server

Moshe Bar

Issue #76, August 2000

Linux kernel developers realized that a kernel-based web server was needed.

Web servers have become an important part of today's infrastructure for business, trading, entertainment and information. Some of the Web's sites take millions of hits every day, or even every hour. It is only natural that computer science researchers soon began wondering how to make web servers faster, more resource-efficient and fail-safe.

The search for more speed triggered a whole new area of operating system theory research, that of execution path analysis. The author of this article, while a Ph.D. student, researched this topic at length studying the Apache server. One of the most interesting discoveries was that for static pages, more than 80 percent of the instructions are actually executed in kernel space (protected mode). This has some serious implications.

First, as we learned in the previous three columns, the only way to enter kernel space for a user program such as Apache is to execute a system call. System calls are expensive because they involve complex checks and search many kernel tables.

Also, switching from user space and back often flushes the on-processor TLB (Translation Lookaside Buffer) cache as well as primary and secondary cache entries.

As a consequence, Linux kernel developers realized that a kernel-based web server was needed. Such a kernel-space web server would not incur the costs involved in switching back and forth to and from protected mode.

Just such a kernel-space web server, called kHTTPd, was implemented in Linux kernel versions 2.3.x and 2.4. kHTTPd is different from other kernel web servers in that it runs from within the Linux kernel as a module (device driver).

kHTTPd handles only static (file-based) web pages, and passes all requests for non-static information to a regular user-space web server such as Apache or Zeus. Static web pages, while not complex to serve, are nevertheless very important. This is because virtually all images are static, as are a large portion of HTML pages. A “regular” web server adds little value for static pages; it is simply a “copy file to network” operation. The Linux kernel is very good at this; the NFS (network file system) dæmon, for example, also runs in the kernel.

“Accelerating” the simple case of serving static pages within the kernel leaves user-space dæmons free to do what they are very good at: generating user-specific, dynamic content. A user-space web server such as Apache, typically loaded with many features and many execution paths, can't be as fast as kHTTPd. There are, however, a few web servers that are as simple as kHTTPd but implemented in user space, so they are not expensive consumers of processor cycles, even compared with kHTTPd.

kHTTPd is very simple; it can't handle dynamic content. So, it proxies all requests for those directories you configure via the sysctl called “dynamic” to a fully functional user-space web server such as Apache. It's a global win, though, since most of the transfers of a common web server are images, which are definitely static.

kHTTPd is actually not much different from a normal http dæmon in principle. The main difference is that it bypasses the syscall layer. Normally, an http server contains code like this:

socket(..)
bind(..)
listen(..)
accept(..)

and each call has to enter the kernel, look up kernel structures as function(s) of the parameter(s) passed, return information to user space, etc.

Being a kernel dæmon itself, kHTTPd interfaces directly with the internal kernel structures and system calls involved and so avoids the user-kernel interaction completely. Also, because it's a kernel dæmon, it avoids switch_mm and TLB flushes. Last but not least, it avoids all enter/exit kernel overhead.

There are not many data structures for kHTTPd. They are in net/kHTTPd/structure.h.

The first is a per-connection structure. The second is a per-kHTTPd-thread structure by which many http_requests can be queued.

Listing 1. /proc/sys/net/khttpd/structure.h

kHTTPd can be compiled as a loadable module, or linked statically into the kernel. Linking statically into the kernel will provide better performance, because it will be allocated in a more efficient and TLB-persistent page-table mapping.

Configuring kHTTPd

Control of kHTTPD is performed via the /proc filesystem at /proc/sys/net/khttpd. Table 1 shows the sysctl parameters which can be set, along with a description of each (from the docs).

Table 1. Parameters Configurable through /proc/sys/net/khttpd

Conclusions

kHTTPd might be a viable solution for web sites with high traffic and mostly static web pages. Using kHTTPd is very easy, and tests with this setup have shown a dramatic increase in throughput compared to standard user space web servers. The code itself has proven very stable and safe. Once again, Linux is a technology leader. Right on!

email: mbar@cmp.com

Moshe Bar (mbar@cmp.com) is an Israeli system administrator and OS researcher, who started learning UNIX on a PDP-11 with AT&T Unix Release 6 back in 1981. He holds an M.Sc. in Computer Science. Visit Moshe's web site at http://www.moelabs.com/.