jeff

metric for measuring perf improvement: ratio of cumulative cpu usage across workers to cpu usage in the omq proxy thread. higher ratio is better.

@jagerman please test this on testnet. make sure to measure for perf before and after flipping.

it has a noticeable improvement on exit.loki. less context switches, lower system load average and higher throughput.    i'll test it on my service node...

getting this into a point release would probably speed the network up a bit.

> how would per-application routing be done ? I've tried a few and they seem like hacks. in the proposed setup, it'd be nftables rules + run application as a...

> Is it possible that a process changes its GID so that it leaks the traffic only if a process can `setgid` / `setegid`

`setgid` is as restricted as `setuid`, if it can call that it very likely can become root which is game over anyways.

> How about setting up a netns and running firefox in firejail ? It sounds more secure to me. (nftables seemed to leak traffic for me when interface down or...

> how do you think of [portmaster](https://github.com/safing/portmaster/issues/1153). it seems to do selective routing i like their ui but i know nothing of their internals

stream isolation would be for .loki and .snode using ipv6 flow labels, it should be in with #2119