mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 19:45:35 +00:00
33b2f30cea
Right now, filtering and packet injection in wgengine depend on a patch to wireguard-go that probably isn't suitable for upstreaming. This need not be the case: wireguard-go/tun.Device is an interface. For example, faketun.go implements it to mock a TUN device for testing. This patch implements the same interface to provide filtering and packet injection at the tunnel device level, at which point the wireguard-go patch should no longer be necessary. This patch has the following performance impact on i7-7500U @ 2.70GHz, tested in the following namespace configuration: ┌────────────────┐ ┌─────────────────────────────────┐ ┌────────────────┐ │ $ns1 │ │ $ns0 │ │ $ns2 │ │ client0 │ │ tailcontrol, logcatcher │ │ client1 │ │ ┌─────┐ │ │ ┌──────┐ ┌──────┐ │ │ ┌─────┐ │ │ │vethc│───────┼────┼──│vethrc│ │vethrs│──────┼─────┼──│veths│ │ │ ├─────┴─────┐ │ │ ├──────┴────┐ ├──────┴────┐ │ │ ├─────┴─────┐ │ │ │10.0.0.2/24│ │ │ │10.0.0.1/24│ │10.0.1.1/24│ │ │ │10.0.1.2/24│ │ │ └───────────┘ │ │ └───────────┘ └───────────┘ │ │ └───────────┘ │ └────────────────┘ └─────────────────────────────────┘ └────────────────┘ Before: --------------------------------------------------- | TCP send | UDP send | |------------------------|------------------------| | 557.0 (±8.5) Mbits/sec | 3.03 (±0.02) Gbits/sec | --------------------------------------------------- After: --------------------------------------------------- | TCP send | UDP send | |------------------------|------------------------| | 544.8 (±1.6) Mbits/sec | 3.13 (±0.02) Gbits/sec | --------------------------------------------------- The impact on receive performance is similar. Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
65 lines
1.4 KiB
Go
65 lines
1.4 KiB
Go
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package tstun
|
|
|
|
import (
|
|
"io"
|
|
"os"
|
|
|
|
"github.com/tailscale/wireguard-go/tun"
|
|
)
|
|
|
|
type fakeTUN struct {
|
|
datachan chan []byte
|
|
evchan chan tun.Event
|
|
closechan chan struct{}
|
|
}
|
|
|
|
// NewFakeTUN returns a fake TUN device that does not depend on the
|
|
// operating system or any special permissions.
|
|
// It primarily exists for testing.
|
|
func NewFakeTUN() tun.Device {
|
|
return &fakeTUN{
|
|
datachan: make(chan []byte),
|
|
evchan: make(chan tun.Event),
|
|
closechan: make(chan struct{}),
|
|
}
|
|
}
|
|
|
|
func (t *fakeTUN) File() *os.File {
|
|
panic("fakeTUN.File() called, which makes no sense")
|
|
}
|
|
|
|
func (t *fakeTUN) Close() error {
|
|
close(t.closechan)
|
|
close(t.datachan)
|
|
close(t.evchan)
|
|
return nil
|
|
}
|
|
|
|
func (t *fakeTUN) Read(out []byte, offset int) (int, error) {
|
|
select {
|
|
case <-t.closechan:
|
|
return 0, io.EOF
|
|
case b := <-t.datachan:
|
|
copy(out[offset:offset+len(b)], b)
|
|
return len(b), nil
|
|
}
|
|
}
|
|
|
|
func (t *fakeTUN) Write(b []byte, n int) (int, error) {
|
|
select {
|
|
case <-t.closechan:
|
|
return 0, ErrClosed
|
|
case t.datachan <- b[n:]:
|
|
return len(b), nil
|
|
}
|
|
}
|
|
|
|
func (t *fakeTUN) Flush() error { return nil }
|
|
func (t *fakeTUN) MTU() (int, error) { return 1500, nil }
|
|
func (t *fakeTUN) Name() (string, error) { return "FakeTUN", nil }
|
|
func (t *fakeTUN) Events() chan tun.Event { return t.evchan }
|