Description
The virtio network device emulation implementation in Firecracker is currently using an intermediate buffer to build the TX packet from the guest virtqueue descriptors and then calls write() on the host tap to send this packet (see NetEpollHandler::process_tx() in devices/src/virtio/net.rs).
When doing write(), the data is again copied in the kernel from the userspace Firecracker intermediate buffer to the kernel tap buffers.
An alternative is to use a scatter-gather IO system call like writev() which would take a list of memory addresses for the packet parts (in this case the addresses of the data portion of the virtqueue descriptors), thus avoiding the intermediate buffer and avoiding an extra step of moving the full packet around in memory.
See https://www.gnu.org/software/libc/manual/html_node/Scatter_002dGather.html