mirror of
				https://github.com/tailscale/tailscale.git
				synced 2025-10-25 02:02:51 +00:00 
			
		
		
		
	wgengine: wrap tun.Device to support filtering and packet injection (#358)
Right now, filtering and packet injection in wgengine depend on a patch to wireguard-go that probably isn't suitable for upstreaming. This need not be the case: wireguard-go/tun.Device is an interface. For example, faketun.go implements it to mock a TUN device for testing. This patch implements the same interface to provide filtering and packet injection at the tunnel device level, at which point the wireguard-go patch should no longer be necessary. This patch has the following performance impact on i7-7500U @ 2.70GHz, tested in the following namespace configuration: ┌────────────────┐ ┌─────────────────────────────────┐ ┌────────────────┐ │ $ns1 │ │ $ns0 │ │ $ns2 │ │ client0 │ │ tailcontrol, logcatcher │ │ client1 │ │ ┌─────┐ │ │ ┌──────┐ ┌──────┐ │ │ ┌─────┐ │ │ │vethc│───────┼────┼──│vethrc│ │vethrs│──────┼─────┼──│veths│ │ │ ├─────┴─────┐ │ │ ├──────┴────┐ ├──────┴────┐ │ │ ├─────┴─────┐ │ │ │10.0.0.2/24│ │ │ │10.0.0.1/24│ │10.0.1.1/24│ │ │ │10.0.1.2/24│ │ │ └───────────┘ │ │ └───────────┘ └───────────┘ │ │ └───────────┘ │ └────────────────┘ └─────────────────────────────────┘ └────────────────┘ Before: --------------------------------------------------- | TCP send | UDP send | |------------------------|------------------------| | 557.0 (±8.5) Mbits/sec | 3.03 (±0.02) Gbits/sec | --------------------------------------------------- After: --------------------------------------------------- | TCP send | UDP send | |------------------------|------------------------| | 544.8 (±1.6) Mbits/sec | 3.13 (±0.02) Gbits/sec | --------------------------------------------------- The impact on receive performance is similar. Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
This commit is contained in:
		 Dmytro Shynkevych
					Dmytro Shynkevych
				
			
				
					committed by
					
						 GitHub
						GitHub
					
				
			
			
				
	
			
			
			 GitHub
						GitHub
					
				
			
						parent
						
							9ccbcda612
						
					
				
				
					commit
					33b2f30cea
				
			
							
								
								
									
										64
									
								
								wgengine/tstun/faketun.go
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										64
									
								
								wgengine/tstun/faketun.go
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,64 @@ | ||||
| // Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| package tstun | ||||
|  | ||||
| import ( | ||||
| 	"io" | ||||
| 	"os" | ||||
|  | ||||
| 	"github.com/tailscale/wireguard-go/tun" | ||||
| ) | ||||
|  | ||||
| type fakeTUN struct { | ||||
| 	datachan  chan []byte | ||||
| 	evchan    chan tun.Event | ||||
| 	closechan chan struct{} | ||||
| } | ||||
|  | ||||
| // NewFakeTUN returns a fake TUN device that does not depend on the | ||||
| // operating system or any special permissions. | ||||
| // It primarily exists for testing. | ||||
| func NewFakeTUN() tun.Device { | ||||
| 	return &fakeTUN{ | ||||
| 		datachan:  make(chan []byte), | ||||
| 		evchan:    make(chan tun.Event), | ||||
| 		closechan: make(chan struct{}), | ||||
| 	} | ||||
| } | ||||
|  | ||||
| func (t *fakeTUN) File() *os.File { | ||||
| 	panic("fakeTUN.File() called, which makes no sense") | ||||
| } | ||||
|  | ||||
| func (t *fakeTUN) Close() error { | ||||
| 	close(t.closechan) | ||||
| 	close(t.datachan) | ||||
| 	close(t.evchan) | ||||
| 	return nil | ||||
| } | ||||
|  | ||||
| func (t *fakeTUN) Read(out []byte, offset int) (int, error) { | ||||
| 	select { | ||||
| 	case <-t.closechan: | ||||
| 		return 0, io.EOF | ||||
| 	case b := <-t.datachan: | ||||
| 		copy(out[offset:offset+len(b)], b) | ||||
| 		return len(b), nil | ||||
| 	} | ||||
| } | ||||
|  | ||||
| func (t *fakeTUN) Write(b []byte, n int) (int, error) { | ||||
| 	select { | ||||
| 	case <-t.closechan: | ||||
| 		return 0, ErrClosed | ||||
| 	case t.datachan <- b[n:]: | ||||
| 		return len(b), nil | ||||
| 	} | ||||
| } | ||||
|  | ||||
| func (t *fakeTUN) Flush() error           { return nil } | ||||
| func (t *fakeTUN) MTU() (int, error)      { return 1500, nil } | ||||
| func (t *fakeTUN) Name() (string, error)  { return "FakeTUN", nil } | ||||
| func (t *fakeTUN) Events() chan tun.Event { return t.evchan } | ||||
		Reference in New Issue
	
	Block a user