lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
tailscale/ipn
History
Dmytro Shynkevych 33b2f30cea
wgengine: wrap tun.Device to support filtering and packet injection (#358) 
Right now, filtering and packet injection in wgengine depend
on a patch to wireguard-go that probably isn't suitable for upstreaming.

This need not be the case: wireguard-go/tun.Device is an interface.
For example, faketun.go implements it to mock a TUN device for testing.

This patch implements the same interface to provide filtering
and packet injection at the tunnel device level,
at which point the wireguard-go patch should no longer be necessary.

This patch has the following performance impact on i7-7500U @ 2.70GHz,
tested in the following namespace configuration:
┌────────────────┐    ┌─────────────────────────────────┐     ┌────────────────┐
│      $ns1      │    │               $ns0              │     │      $ns2      │
│    client0     │    │      tailcontrol, logcatcher    │     │     client1    │
│  ┌─────┐       │    │  ┌──────┐         ┌──────┐      │     │  ┌─────┐       │
│  │vethc│───────┼────┼──│vethrc│         │vethrs│──────┼─────┼──│veths│       │
│  ├─────┴─────┐ │    │  ├──────┴────┐    ├──────┴────┐ │     │  ├─────┴─────┐ │
│  │10.0.0.2/24│ │    │  │10.0.0.1/24│    │10.0.1.1/24│ │     │  │10.0.1.2/24│ │
│  └───────────┘ │    │  └───────────┘    └───────────┘ │     │  └───────────┘ │
└────────────────┘    └─────────────────────────────────┘     └────────────────┘
Before:
---------------------------------------------------
| TCP send               | UDP send               |
|------------------------|------------------------|
| 557.0 (±8.5) Mbits/sec | 3.03 (±0.02) Gbits/sec |
---------------------------------------------------
After:
---------------------------------------------------
| TCP send               | UDP send               |
|------------------------|------------------------|
| 544.8 (±1.6) Mbits/sec | 3.13 (±0.02) Gbits/sec |
---------------------------------------------------
The impact on receive performance is similar.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
 		2020-05-13 09:16:17 -04:00
..
ipnserver Implement rate limiting on log messages (#356) 2020-05-08 13:21:36 -06:00
ipnstate ipn/ipnstate: improve HTML output 2020-05-08 14:29:42 -07:00
policy ipn, ipn/policy: filter portlist to a short list of "interesting" ports 2020-04-01 10:03:44 -07:00
backend.go ipn, wgengine/filter: remove exported type aliases 2020-05-11 07:19:17 -07:00
doc.go Move Linux client & common packages into a public repo. 2020-02-09 09:32:57 -08:00
e2e_test.go wgengine: wrap tun.Device to support filtering and packet injection (#358) 2020-05-13 09:16:17 -04:00
fake_test.go ipn, wgengine/filter: remove exported type aliases 2020-05-11 07:19:17 -07:00
handle.go ipn, wgengine/filter: remove exported type aliases 2020-05-11 07:19:17 -07:00
local.go wgengine/router: rename config.Settings to config.Config, make pointer. 2020-05-12 15:58:33 -07:00
message.go ipn: add AllowVersionSkew bool to Notify & Message 2020-05-09 13:51:48 -07:00
message_test.go tstest: rename from testy. 2020-04-28 20:45:12 -07:00
prefs.go wgengine/router: add a setting to disable SNAT for subnet routes. 2020-05-11 20:17:13 +00:00
prefs_test.go wgengine/router: add a setting to disable SNAT for subnet routes. 2020-05-11 20:17:13 +00:00
store.go ipn: have NewFileStore try to create directories as needed 2020-03-03 11:51:44 -08:00
store_test.go Introduce a state store to LocalBackend. 2020-02-13 19:26:53 -08:00