mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 03:25:35 +00:00
33b2f30cea
Right now, filtering and packet injection in wgengine depend on a patch to wireguard-go that probably isn't suitable for upstreaming. This need not be the case: wireguard-go/tun.Device is an interface. For example, faketun.go implements it to mock a TUN device for testing. This patch implements the same interface to provide filtering and packet injection at the tunnel device level, at which point the wireguard-go patch should no longer be necessary. This patch has the following performance impact on i7-7500U @ 2.70GHz, tested in the following namespace configuration: ┌────────────────┐ ┌─────────────────────────────────┐ ┌────────────────┐ │ $ns1 │ │ $ns0 │ │ $ns2 │ │ client0 │ │ tailcontrol, logcatcher │ │ client1 │ │ ┌─────┐ │ │ ┌──────┐ ┌──────┐ │ │ ┌─────┐ │ │ │vethc│───────┼────┼──│vethrc│ │vethrs│──────┼─────┼──│veths│ │ │ ├─────┴─────┐ │ │ ├──────┴────┐ ├──────┴────┐ │ │ ├─────┴─────┐ │ │ │10.0.0.2/24│ │ │ │10.0.0.1/24│ │10.0.1.1/24│ │ │ │10.0.1.2/24│ │ │ └───────────┘ │ │ └───────────┘ └───────────┘ │ │ └───────────┘ │ └────────────────┘ └─────────────────────────────────┘ └────────────────┘ Before: --------------------------------------------------- | TCP send | UDP send | |------------------------|------------------------| | 557.0 (±8.5) Mbits/sec | 3.03 (±0.02) Gbits/sec | --------------------------------------------------- After: --------------------------------------------------- | TCP send | UDP send | |------------------------|------------------------| | 544.8 (±1.6) Mbits/sec | 3.13 (±0.02) Gbits/sec | --------------------------------------------------- The impact on receive performance is similar. Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
75 lines
1.8 KiB
Go
75 lines
1.8 KiB
Go
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package wgengine
|
|
|
|
import (
|
|
"bytes"
|
|
"fmt"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"tailscale.com/wgengine/router"
|
|
"tailscale.com/wgengine/tstun"
|
|
)
|
|
|
|
func TestWatchdog(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
t.Run("default watchdog does not fire", func(t *testing.T) {
|
|
t.Parallel()
|
|
tun := tstun.WrapTUN(t.Logf, tstun.NewFakeTUN())
|
|
e, err := NewUserspaceEngineAdvanced(t.Logf, tun, router.NewFake, 0)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
e = NewWatchdog(e)
|
|
e.(*watchdogEngine).maxWait = 150 * time.Millisecond
|
|
|
|
e.RequestStatus()
|
|
e.RequestStatus()
|
|
e.RequestStatus()
|
|
e.Close()
|
|
})
|
|
|
|
t.Run("watchdog fires on blocked getStatus", func(t *testing.T) {
|
|
t.Parallel()
|
|
tun := tstun.WrapTUN(t.Logf, tstun.NewFakeTUN())
|
|
e, err := NewUserspaceEngineAdvanced(t.Logf, tun, router.NewFake, 0)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
usEngine := e.(*userspaceEngine)
|
|
e = NewWatchdog(e)
|
|
wdEngine := e.(*watchdogEngine)
|
|
wdEngine.maxWait = 100 * time.Millisecond
|
|
|
|
logBuf := new(bytes.Buffer)
|
|
fatalCalled := make(chan struct{})
|
|
wdEngine.logf = func(format string, args ...interface{}) {
|
|
fmt.Fprintf(logBuf, format+"\n", args...)
|
|
}
|
|
wdEngine.fatalf = func(format string, args ...interface{}) {
|
|
t.Logf("FATAL: %s", fmt.Sprintf(format, args...))
|
|
fatalCalled <- struct{}{}
|
|
}
|
|
|
|
usEngine.wgLock.Lock() // blocks getStatus so the watchdog will fire
|
|
|
|
go e.RequestStatus()
|
|
|
|
select {
|
|
case <-fatalCalled:
|
|
if !strings.Contains(logBuf.String(), "goroutine profile: total ") {
|
|
t.Errorf("fatal called without watchdog stacks, got: %s", logBuf.String())
|
|
}
|
|
// expected
|
|
case <-time.After(3 * time.Second):
|
|
t.Fatalf("watchdog failed to fire")
|
|
}
|
|
})
|
|
}
|