mirror of
https://github.com/slackhq/nebula.git
synced 2025-11-22 00:15:37 +01:00
Compare commits
9 Commits
cross-stac
...
stinky
| Author | SHA1 | Date | |
|---|---|---|---|
|
703ac81fa6 | ||
|
|
469a5fc350 | ||
|
|
9e38065673 | ||
|
|
770147264d | ||
|
|
fa8c013b97 | ||
|
|
2710f2af06 | ||
|
|
ad6d3e6bac | ||
|
|
2b0aa74e85 | ||
|
|
b126d88963 |
@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
### Added
|
||||
|
||||
- Experimental Linux UDP offload support: enable `listen.enable_gso` and
|
||||
`listen.enable_gro` to activate UDP_SEGMENT batching and GRO receive
|
||||
splitting. Includes automatic capability probing, per-packet fallbacks, and
|
||||
runtime metrics/logs for visibility.
|
||||
|
||||
### Changed
|
||||
|
||||
- `default_local_cidr_any` now defaults to false, meaning that any firewall rule
|
||||
|
||||
@@ -29,6 +29,8 @@ type m = map[string]any
|
||||
|
||||
// newSimpleServer creates a nebula instance with many assumptions
|
||||
func newSimpleServer(v cert.Version, caCrt cert.Certificate, caKey []byte, name string, sVpnNetworks string, overrides m) (*nebula.Control, []netip.Prefix, netip.AddrPort, *config.C) {
|
||||
l := NewTestLogger()
|
||||
|
||||
var vpnNetworks []netip.Prefix
|
||||
for _, sn := range strings.Split(sVpnNetworks, ",") {
|
||||
vpnIpNet, err := netip.ParsePrefix(strings.TrimSpace(sn))
|
||||
@@ -54,25 +56,6 @@ func newSimpleServer(v cert.Version, caCrt cert.Certificate, caKey []byte, name
|
||||
budpIp[3] = 239
|
||||
udpAddr = netip.AddrPortFrom(netip.AddrFrom16(budpIp), 4242)
|
||||
}
|
||||
return newSimpleServerWithUdp(v, caCrt, caKey, name, sVpnNetworks, udpAddr, overrides)
|
||||
}
|
||||
|
||||
func newSimpleServerWithUdp(v cert.Version, caCrt cert.Certificate, caKey []byte, name string, sVpnNetworks string, udpAddr netip.AddrPort, overrides m) (*nebula.Control, []netip.Prefix, netip.AddrPort, *config.C) {
|
||||
l := NewTestLogger()
|
||||
|
||||
var vpnNetworks []netip.Prefix
|
||||
for _, sn := range strings.Split(sVpnNetworks, ",") {
|
||||
vpnIpNet, err := netip.ParsePrefix(strings.TrimSpace(sn))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
vpnNetworks = append(vpnNetworks, vpnIpNet)
|
||||
}
|
||||
|
||||
if len(vpnNetworks) == 0 {
|
||||
panic("no vpn networks")
|
||||
}
|
||||
|
||||
_, _, myPrivKey, myPEM := cert_test.NewTestCert(v, cert.Curve_CURVE25519, caCrt, caKey, name, time.Now(), time.Now().Add(5*time.Minute), vpnNetworks, nil, []string{})
|
||||
|
||||
caB, err := caCrt.MarshalPEM()
|
||||
|
||||
@@ -4,7 +4,6 @@
|
||||
package e2e
|
||||
|
||||
import (
|
||||
"net/netip"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
@@ -56,50 +55,3 @@ func TestDropInactiveTunnels(t *testing.T) {
|
||||
myControl.Stop()
|
||||
theirControl.Stop()
|
||||
}
|
||||
|
||||
func TestCrossStackRelaysWork(t *testing.T) {
|
||||
ca, _, caKey, _ := cert_test.NewTestCaCert(cert.Version2, cert.Curve_CURVE25519, time.Now(), time.Now().Add(10*time.Minute), nil, nil, []string{})
|
||||
myControl, myVpnIpNet, _, _ := newSimpleServer(cert.Version2, ca, caKey, "me ", "10.128.0.1/24,fc00::1/64", m{"relay": m{"use_relays": true}})
|
||||
relayControl, relayVpnIpNet, relayUdpAddr, _ := newSimpleServer(cert.Version2, ca, caKey, "relay ", "10.128.0.128/24,fc00::128/64", m{"relay": m{"am_relay": true}})
|
||||
theirUdp := netip.MustParseAddrPort("10.0.0.2:4242")
|
||||
theirControl, theirVpnIpNet, theirUdpAddr, _ := newSimpleServerWithUdp(cert.Version2, ca, caKey, "them ", "fc00::2/64", theirUdp, m{"relay": m{"use_relays": true}})
|
||||
|
||||
//myVpnV4 := myVpnIpNet[0]
|
||||
myVpnV6 := myVpnIpNet[1]
|
||||
relayVpnV4 := relayVpnIpNet[0]
|
||||
relayVpnV6 := relayVpnIpNet[1]
|
||||
theirVpnV6 := theirVpnIpNet[0]
|
||||
|
||||
// Teach my how to get to the relay and that their can be reached via the relay
|
||||
myControl.InjectLightHouseAddr(relayVpnV4.Addr(), relayUdpAddr)
|
||||
myControl.InjectLightHouseAddr(relayVpnV6.Addr(), relayUdpAddr)
|
||||
myControl.InjectRelays(theirVpnV6.Addr(), []netip.Addr{relayVpnV6.Addr()})
|
||||
relayControl.InjectLightHouseAddr(theirVpnV6.Addr(), theirUdpAddr)
|
||||
|
||||
// Build a router so we don't have to reason who gets which packet
|
||||
r := router.NewR(t, myControl, relayControl, theirControl)
|
||||
defer r.RenderFlow()
|
||||
|
||||
// Start the servers
|
||||
myControl.Start()
|
||||
relayControl.Start()
|
||||
theirControl.Start()
|
||||
|
||||
t.Log("Trigger a handshake from me to them via the relay")
|
||||
myControl.InjectTunUDPPacket(theirVpnV6.Addr(), 80, myVpnV6.Addr(), 80, []byte("Hi from me"))
|
||||
|
||||
p := r.RouteForAllUntilTxTun(theirControl)
|
||||
r.Log("Assert the tunnel works")
|
||||
assertUdpPacket(t, []byte("Hi from me"), p, myVpnV6.Addr(), theirVpnV6.Addr(), 80, 80)
|
||||
|
||||
t.Log("reply?")
|
||||
theirControl.InjectTunUDPPacket(myVpnV6.Addr(), 80, theirVpnV6.Addr(), 80, []byte("Hi from them"))
|
||||
p = r.RouteForAllUntilTxTun(myControl)
|
||||
assertUdpPacket(t, []byte("Hi from them"), p, theirVpnV6.Addr(), myVpnV6.Addr(), 80, 80)
|
||||
|
||||
r.RenderHostmaps("Final hostmaps", myControl, relayControl, theirControl)
|
||||
//t.Log("finish up")
|
||||
//myControl.Stop()
|
||||
//theirControl.Stop()
|
||||
//relayControl.Stop()
|
||||
}
|
||||
|
||||
@@ -392,7 +392,7 @@ func BenchmarkFirewallTable_match(b *testing.B) {
|
||||
c := &cert.CachedCertificate{
|
||||
Certificate: &dummyCert{
|
||||
name: "nope",
|
||||
networks: []netip.Prefix{netip.MustParsePrefix("fd99:99/128")},
|
||||
networks: []netip.Prefix{netip.MustParsePrefix("fd99::99/128")},
|
||||
},
|
||||
InvertedGroups: map[string]struct{}{"nope": {}},
|
||||
}
|
||||
|
||||
33
go.mod
33
go.mod
@@ -8,30 +8,30 @@ require (
|
||||
github.com/armon/go-radix v1.0.0
|
||||
github.com/cyberdelia/go-metrics-graphite v0.0.0-20161219230853-39f87cc3b432
|
||||
github.com/flynn/noise v1.1.0
|
||||
github.com/gaissmai/bart v0.20.4
|
||||
github.com/gaissmai/bart v0.25.0
|
||||
github.com/gogo/protobuf v1.3.2
|
||||
github.com/google/gopacket v1.1.19
|
||||
github.com/kardianos/service v1.2.2
|
||||
github.com/miekg/dns v1.1.65
|
||||
github.com/kardianos/service v1.2.4
|
||||
github.com/miekg/dns v1.1.68
|
||||
github.com/miekg/pkcs11 v1.1.2-0.20231115102856-9078ad6b9d4b
|
||||
github.com/nbrownus/go-metrics-prometheus v0.0.0-20210712211119-974a6260965f
|
||||
github.com/prometheus/client_golang v1.22.0
|
||||
github.com/prometheus/client_golang v1.23.2
|
||||
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
|
||||
github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6
|
||||
github.com/stretchr/testify v1.10.0
|
||||
github.com/stretchr/testify v1.11.1
|
||||
github.com/vishvananda/netlink v1.3.1
|
||||
golang.org/x/crypto v0.37.0
|
||||
golang.org/x/crypto v0.43.0
|
||||
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090
|
||||
golang.org/x/net v0.39.0
|
||||
golang.org/x/sync v0.13.0
|
||||
golang.org/x/sys v0.32.0
|
||||
golang.org/x/term v0.31.0
|
||||
golang.org/x/net v0.45.0
|
||||
golang.org/x/sync v0.17.0
|
||||
golang.org/x/sys v0.37.0
|
||||
golang.org/x/term v0.36.0
|
||||
golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2
|
||||
golang.zx2c4.com/wireguard v0.0.0-20230325221338-052af4a8072b
|
||||
golang.zx2c4.com/wireguard/windows v0.5.3
|
||||
google.golang.org/protobuf v1.36.6
|
||||
google.golang.org/protobuf v1.36.8
|
||||
gopkg.in/yaml.v3 v3.0.1
|
||||
gvisor.dev/gvisor v0.0.0-20240423190808-9d7a357edefe
|
||||
)
|
||||
@@ -43,11 +43,12 @@ require (
|
||||
github.com/google/btree v1.1.2 // indirect
|
||||
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/prometheus/client_model v0.6.1 // indirect
|
||||
github.com/prometheus/common v0.62.0 // indirect
|
||||
github.com/prometheus/procfs v0.15.1 // indirect
|
||||
github.com/prometheus/client_model v0.6.2 // indirect
|
||||
github.com/prometheus/common v0.66.1 // indirect
|
||||
github.com/prometheus/procfs v0.16.1 // indirect
|
||||
github.com/vishvananda/netns v0.0.5 // indirect
|
||||
golang.org/x/mod v0.23.0 // indirect
|
||||
go.yaml.in/yaml/v2 v2.4.2 // indirect
|
||||
golang.org/x/mod v0.24.0 // indirect
|
||||
golang.org/x/time v0.5.0 // indirect
|
||||
golang.org/x/tools v0.30.0 // indirect
|
||||
golang.org/x/tools v0.33.0 // indirect
|
||||
)
|
||||
|
||||
69
go.sum
69
go.sum
@@ -24,8 +24,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/flynn/noise v1.1.0 h1:KjPQoQCEFdZDiP03phOvGi11+SVVhBG2wOWAorLsstg=
|
||||
github.com/flynn/noise v1.1.0/go.mod h1:xbMo+0i6+IGbYdJhF31t2eR1BIU0CYc12+BNAKwUTag=
|
||||
github.com/gaissmai/bart v0.20.4 h1:Ik47r1fy3jRVU+1eYzKSW3ho2UgBVTVnUS8O993584U=
|
||||
github.com/gaissmai/bart v0.20.4/go.mod h1:cEed+ge8dalcbpi8wtS9x9m2hn/fNJH5suhdGQOHnYk=
|
||||
github.com/gaissmai/bart v0.25.0 h1:eqiokVPqM3F94vJ0bTHXHtH91S8zkKL+bKh+BsGOsJM=
|
||||
github.com/gaissmai/bart v0.25.0/go.mod h1:GREWQfTLRWz/c5FTOsIw+KkscuFkIV5t8Rp7Nd1Td5c=
|
||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
|
||||
@@ -64,8 +64,8 @@ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/
|
||||
github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
|
||||
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
|
||||
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
|
||||
github.com/kardianos/service v1.2.2 h1:ZvePhAHfvo0A7Mftk/tEzqEZ7Q4lgnR8sGz4xu1YX60=
|
||||
github.com/kardianos/service v1.2.2/go.mod h1:CIMRFEJVL+0DS1a3Nx06NaMn4Dz63Ng6O7dl0qH0zVM=
|
||||
github.com/kardianos/service v1.2.4 h1:XNlGtZOYNx2u91urOdg/Kfmc+gfmuIo1Dd3rEi2OgBk=
|
||||
github.com/kardianos/service v1.2.4/go.mod h1:E4V9ufUuY82F7Ztlu1eN9VXWIQxg8NoLQlmFe0MtrXc=
|
||||
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
|
||||
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
|
||||
github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
|
||||
@@ -83,8 +83,8 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
|
||||
github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
|
||||
github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
|
||||
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
|
||||
github.com/miekg/dns v1.1.65 h1:0+tIPHzUW0GCge7IiK3guGP57VAw7hoPDfApjkMD1Fc=
|
||||
github.com/miekg/dns v1.1.65/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck=
|
||||
github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA=
|
||||
github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps=
|
||||
github.com/miekg/pkcs11 v1.1.2-0.20231115102856-9078ad6b9d4b h1:J/AzCvg5z0Hn1rqZUJjpbzALUmkKX0Zwbc/i4fw7Sfk=
|
||||
github.com/miekg/pkcs11 v1.1.2-0.20231115102856-9078ad6b9d4b/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
|
||||
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
|
||||
@@ -106,24 +106,24 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP
|
||||
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
|
||||
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
|
||||
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
|
||||
github.com/prometheus/client_golang v1.22.0 h1:rb93p9lokFEsctTys46VnV1kLCDpVZ0a/Y92Vm0Zc6Q=
|
||||
github.com/prometheus/client_golang v1.22.0/go.mod h1:R7ljNsLXhuQXYZYtw6GAE9AZg8Y7vEW5scdCXrWRXC0=
|
||||
github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o=
|
||||
github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg=
|
||||
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
|
||||
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
|
||||
github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=
|
||||
github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=
|
||||
github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
|
||||
github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
|
||||
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
|
||||
github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
|
||||
github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
|
||||
github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ2Io=
|
||||
github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
|
||||
github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs=
|
||||
github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
|
||||
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
|
||||
github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
|
||||
github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
|
||||
github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
|
||||
github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
|
||||
github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
|
||||
github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
|
||||
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
|
||||
github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
|
||||
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
|
||||
@@ -143,29 +143,33 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
|
||||
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
|
||||
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
|
||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
|
||||
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
|
||||
github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
|
||||
github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
|
||||
github.com/vishvananda/netlink v1.3.1 h1:3AEMt62VKqz90r0tmNhog0r/PpWKmrEShJU0wJW6bV0=
|
||||
github.com/vishvananda/netlink v1.3.1/go.mod h1:ARtKouGSTGchR8aMwmkzC0qiNPrrWO5JS/XMVl45+b4=
|
||||
github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
|
||||
github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
|
||||
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
|
||||
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
|
||||
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
|
||||
go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
|
||||
go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
|
||||
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
|
||||
golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
|
||||
golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
|
||||
golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
|
||||
golang.org/x/crypto v0.43.0 h1:dduJYIi3A3KOfdGOHX8AVZ/jGiyPa3IbBozJ5kNuE04=
|
||||
golang.org/x/crypto v0.43.0/go.mod h1:BFbav4mRNlXJL4wNeejLpWxB7wMbc79PdRGhWKncxR0=
|
||||
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090 h1:Di6/M8l0O2lCLc6VVRWhgCiApHV8MnQurBnFSHsQtNY=
|
||||
golang.org/x/exp v0.0.0-20230725093048-515e97ebf090/go.mod h1:FXUEEKJgO7OQYeo8N01OfiKP8RXMtf6e8aTskBGqWdc=
|
||||
golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
|
||||
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
|
||||
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM=
|
||||
golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
|
||||
golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
|
||||
golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
@@ -176,8 +180,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
|
||||
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
|
||||
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
|
||||
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
|
||||
golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
|
||||
golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
|
||||
golang.org/x/net v0.45.0 h1:RLBg5JKixCy82FtLJpeNlVM0nrSqpCRYzVU1n8kj0tM=
|
||||
golang.org/x/net v0.45.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
@@ -185,8 +189,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
|
||||
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
|
||||
golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
||||
golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
|
||||
golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
|
||||
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
@@ -197,18 +201,17 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
|
||||
golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201015000850-e3ed0017c211/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
|
||||
golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
||||
golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
|
||||
golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.31.0 h1:erwDkOK1Msy6offm1mOgvspSkslFnIGsFnxOKoufg3o=
|
||||
golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
|
||||
golang.org/x/term v0.36.0 h1:zMPR+aF8gfksFprF/Nc/rd1wRS1EI6nDBGyWAvDzx2Q=
|
||||
golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
|
||||
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
@@ -219,8 +222,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
|
||||
golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
|
||||
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
|
||||
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
|
||||
golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY=
|
||||
golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY=
|
||||
golang.org/x/tools v0.33.0 h1:4qz2S3zmRxbGIhDIAgjxvFutSvH5EfnsYrRBj0UI0bc=
|
||||
golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
@@ -239,8 +242,8 @@ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miE
|
||||
google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
|
||||
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
|
||||
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
|
||||
google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
|
||||
google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
|
||||
google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc=
|
||||
google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
|
||||
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
|
||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
|
||||
|
||||
@@ -292,7 +292,6 @@ func (hm *HandshakeManager) handleOutbound(vpnIp netip.Addr, lighthouseTriggered
|
||||
idx, err := AddRelay(hm.l, relayHostInfo, hm.mainHostMap, vpnIp, nil, TerminalType, Requested)
|
||||
if err != nil {
|
||||
hostinfo.logger(hm.l).WithField("relay", relay.String()).WithError(err).Info("Failed to add relay to hostmap")
|
||||
continue
|
||||
}
|
||||
|
||||
m := NebulaControl{
|
||||
@@ -302,25 +301,37 @@ func (hm *HandshakeManager) handleOutbound(vpnIp netip.Addr, lighthouseTriggered
|
||||
|
||||
switch relayHostInfo.GetCert().Certificate.Version() {
|
||||
case cert.Version1:
|
||||
err = buildRelayInfoCertV1(&m, hm.f.myVpnNetworks, vpnIp)
|
||||
if !hm.f.myVpnAddrs[0].Is4() {
|
||||
hostinfo.logger(hm.l).Error("can not establish v1 relay with a v6 network because the relay is not running a current nebula version")
|
||||
continue
|
||||
}
|
||||
|
||||
if !vpnIp.Is4() {
|
||||
hostinfo.logger(hm.l).Error("can not establish v1 relay with a v6 remote network because the relay is not running a current nebula version")
|
||||
continue
|
||||
}
|
||||
|
||||
b := hm.f.myVpnAddrs[0].As4()
|
||||
m.OldRelayFromAddr = binary.BigEndian.Uint32(b[:])
|
||||
b = vpnIp.As4()
|
||||
m.OldRelayToAddr = binary.BigEndian.Uint32(b[:])
|
||||
case cert.Version2:
|
||||
err = buildRelayInfoCertV2(&m, hm.f.myVpnNetworks, vpnIp)
|
||||
m.RelayFromAddr = netAddrToProtoAddr(hm.f.myVpnAddrs[0])
|
||||
m.RelayToAddr = netAddrToProtoAddr(vpnIp)
|
||||
default:
|
||||
err = errors.New("unknown certificate version found while creating relay")
|
||||
}
|
||||
if err != nil {
|
||||
hostinfo.logger(hm.l).WithError(err).Error("Refusing to relay")
|
||||
hostinfo.logger(hm.l).Error("Unknown certificate version found while creating relay")
|
||||
continue
|
||||
}
|
||||
|
||||
msg, err := m.Marshal()
|
||||
if err != nil {
|
||||
hostinfo.logger(hm.l).WithError(err).
|
||||
hostinfo.logger(hm.l).
|
||||
WithError(err).
|
||||
Error("Failed to marshal Control message to create relay")
|
||||
} else {
|
||||
hm.f.SendMessageToHostInfo(header.Control, 0, relayHostInfo, msg, make([]byte, 12), make([]byte, mtu))
|
||||
hm.l.WithFields(logrus.Fields{
|
||||
"relayFrom": m.GetRelayFrom(),
|
||||
"relayFrom": hm.f.myVpnAddrs[0],
|
||||
"relayTo": vpnIp,
|
||||
"initiatorRelayIndex": idx,
|
||||
"relay": relay}).
|
||||
@@ -346,27 +357,39 @@ func (hm *HandshakeManager) handleOutbound(vpnIp netip.Addr, lighthouseTriggered
|
||||
InitiatorRelayIndex: existingRelay.LocalIndex,
|
||||
}
|
||||
|
||||
var err error
|
||||
switch relayHostInfo.GetCert().Certificate.Version() {
|
||||
case cert.Version1:
|
||||
err = buildRelayInfoCertV1(&m, hm.f.myVpnNetworks, vpnIp)
|
||||
if !hm.f.myVpnAddrs[0].Is4() {
|
||||
hostinfo.logger(hm.l).Error("can not establish v1 relay with a v6 network because the relay is not running a current nebula version")
|
||||
continue
|
||||
}
|
||||
|
||||
if !vpnIp.Is4() {
|
||||
hostinfo.logger(hm.l).Error("can not establish v1 relay with a v6 remote network because the relay is not running a current nebula version")
|
||||
continue
|
||||
}
|
||||
|
||||
b := hm.f.myVpnAddrs[0].As4()
|
||||
m.OldRelayFromAddr = binary.BigEndian.Uint32(b[:])
|
||||
b = vpnIp.As4()
|
||||
m.OldRelayToAddr = binary.BigEndian.Uint32(b[:])
|
||||
case cert.Version2:
|
||||
err = buildRelayInfoCertV2(&m, hm.f.myVpnNetworks, vpnIp)
|
||||
m.RelayFromAddr = netAddrToProtoAddr(hm.f.myVpnAddrs[0])
|
||||
m.RelayToAddr = netAddrToProtoAddr(vpnIp)
|
||||
default:
|
||||
err = errors.New("unknown certificate version found while creating relay")
|
||||
}
|
||||
if err != nil {
|
||||
hostinfo.logger(hm.l).WithError(err).Error("Refusing to relay")
|
||||
hostinfo.logger(hm.l).Error("Unknown certificate version found while creating relay")
|
||||
continue
|
||||
}
|
||||
msg, err := m.Marshal()
|
||||
if err != nil {
|
||||
hostinfo.logger(hm.l).WithError(err).Error("Failed to marshal Control message to create relay")
|
||||
hostinfo.logger(hm.l).
|
||||
WithError(err).
|
||||
Error("Failed to marshal Control message to create relay")
|
||||
} else {
|
||||
// This must send over the hostinfo, not over hm.Hosts[ip]
|
||||
hm.f.SendMessageToHostInfo(header.Control, 0, relayHostInfo, msg, make([]byte, 12), make([]byte, mtu))
|
||||
hm.l.WithFields(logrus.Fields{
|
||||
"relayFrom": m.GetRelayFrom(),
|
||||
"relayFrom": hm.f.myVpnAddrs[0],
|
||||
"relayTo": vpnIp,
|
||||
"initiatorRelayIndex": existingRelay.LocalIndex,
|
||||
"relay": relay}).
|
||||
@@ -701,32 +724,3 @@ func generateIndex(l *logrus.Logger) (uint32, error) {
|
||||
func hsTimeout(tries int64, interval time.Duration) time.Duration {
|
||||
return time.Duration(tries / 2 * ((2 * int64(interval)) + (tries-1)*int64(interval)))
|
||||
}
|
||||
|
||||
var errNoRelayTooOld = errors.New("can not establish v1 relay with a v6 network because the relay is not running a current nebula version")
|
||||
|
||||
func buildRelayInfoCertV1(m *NebulaControl, myVpnNetworks []netip.Prefix, peerVpnIp netip.Addr) error {
|
||||
relayFrom := myVpnNetworks[0].Addr()
|
||||
if !relayFrom.Is4() {
|
||||
return errNoRelayTooOld
|
||||
}
|
||||
if !peerVpnIp.Is4() {
|
||||
return errNoRelayTooOld
|
||||
}
|
||||
|
||||
b := relayFrom.As4()
|
||||
m.OldRelayFromAddr = binary.BigEndian.Uint32(b[:])
|
||||
b = peerVpnIp.As4()
|
||||
m.OldRelayToAddr = binary.BigEndian.Uint32(b[:])
|
||||
return nil
|
||||
}
|
||||
|
||||
func buildRelayInfoCertV2(m *NebulaControl, myVpnNetworks []netip.Prefix, peerVpnIp netip.Addr) error {
|
||||
for i := range myVpnNetworks {
|
||||
if myVpnNetworks[i].Contains(peerVpnIp) {
|
||||
m.RelayFromAddr = netAddrToProtoAddr(myVpnNetworks[i].Addr())
|
||||
m.RelayToAddr = netAddrToProtoAddr(peerVpnIp)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return errors.New("cannot establish relay, no networks in common")
|
||||
}
|
||||
|
||||
@@ -512,16 +512,13 @@ func (hm *HostMap) QueryVpnAddr(vpnIp netip.Addr) *HostInfo {
|
||||
return hm.queryVpnAddr(vpnIp, nil)
|
||||
}
|
||||
|
||||
var errUnableToFindHost = errors.New("unable to find host")
|
||||
var errUnableToFindHostWithRelay = errors.New("unable to find host with relay")
|
||||
|
||||
func (hm *HostMap) QueryVpnAddrsRelayFor(targetIps []netip.Addr, relayHostIp netip.Addr) (*HostInfo, *Relay, error) {
|
||||
hm.RLock()
|
||||
defer hm.RUnlock()
|
||||
|
||||
h, ok := hm.Hosts[relayHostIp]
|
||||
if !ok {
|
||||
return nil, nil, errUnableToFindHost
|
||||
return nil, nil, errors.New("unable to find host")
|
||||
}
|
||||
|
||||
for h != nil {
|
||||
@@ -534,7 +531,7 @@ func (hm *HostMap) QueryVpnAddrsRelayFor(targetIps []netip.Addr, relayHostIp net
|
||||
h = h.next
|
||||
}
|
||||
|
||||
return nil, nil, errUnableToFindHostWithRelay
|
||||
return nil, nil, errors.New("unable to find host with relay")
|
||||
}
|
||||
|
||||
func (hm *HostMap) unlockedDisestablishVpnAddrRelayFor(hi *HostInfo) {
|
||||
|
||||
@@ -1425,7 +1425,7 @@ func (d *NebulaMetaDetails) GetRelays() []netip.Addr {
|
||||
return relays
|
||||
}
|
||||
|
||||
// findNetworkUnion returns the first netip.Addr of addrs contained in the list of provided netip.Prefix, if able
|
||||
// FindNetworkUnion returns the first netip.Addr contained in the list of provided netip.Prefix, if able
|
||||
func findNetworkUnion(prefixes []netip.Prefix, addrs []netip.Addr) (netip.Addr, bool) {
|
||||
for i := range prefixes {
|
||||
for j := range addrs {
|
||||
@@ -1450,13 +1450,3 @@ func (d *NebulaMetaDetails) GetVpnAddrAndVersion() (netip.Addr, cert.Version, er
|
||||
return netip.Addr{}, cert.Version1, ErrBadDetailsVpnAddr
|
||||
}
|
||||
}
|
||||
|
||||
func (d *NebulaControl) GetRelayFrom() netip.Addr {
|
||||
if d.OldRelayFromAddr != 0 {
|
||||
b := [4]byte{}
|
||||
binary.BigEndian.PutUint32(b[:], d.OldRelayFromAddr)
|
||||
return netip.AddrFrom4(b)
|
||||
} else {
|
||||
return protoAddrToNetAddr(d.RelayFromAddr)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -155,8 +155,6 @@ func (rm *relayManager) handleCreateRelayResponse(v cert.Version, h *HostInfo, f
|
||||
"vpnAddrs": h.vpnAddrs}).
|
||||
Info("handleCreateRelayResponse")
|
||||
|
||||
//peer == relayFrom
|
||||
//target == relayTo
|
||||
target := m.RelayToAddr
|
||||
targetAddr := protoAddrToNetAddr(target)
|
||||
|
||||
@@ -192,12 +190,11 @@ func (rm *relayManager) handleCreateRelayResponse(v cert.Version, h *HostInfo, f
|
||||
InitiatorRelayIndex: peerRelay.RemoteIndex,
|
||||
}
|
||||
|
||||
relayFrom := h.vpnAddrs[0]
|
||||
if v == cert.Version1 {
|
||||
peer := peerHostInfo.vpnAddrs[0]
|
||||
if !peer.Is4() {
|
||||
rm.l.WithField("relayFrom", peer).
|
||||
WithField("relayTo", targetAddr).
|
||||
WithField("relayTo", target).
|
||||
WithField("initiatorRelayIndex", resp.InitiatorRelayIndex).
|
||||
WithField("responderRelayIndex", resp.ResponderRelayIndex).
|
||||
WithField("vpnAddrs", peerHostInfo.vpnAddrs).
|
||||
@@ -210,22 +207,7 @@ func (rm *relayManager) handleCreateRelayResponse(v cert.Version, h *HostInfo, f
|
||||
b = targetAddr.As4()
|
||||
resp.OldRelayToAddr = binary.BigEndian.Uint32(b[:])
|
||||
} else {
|
||||
ok = false
|
||||
peerNetworks := h.GetCert().Certificate.Networks()
|
||||
for i := range peerNetworks {
|
||||
if peerNetworks[i].Contains(targetAddr) {
|
||||
relayFrom = peerNetworks[i].Addr()
|
||||
ok = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !ok {
|
||||
rm.l.WithFields(logrus.Fields{"from": f.myVpnNetworks, "to": targetAddr}).
|
||||
Error("cannot establish relay, no networks in common")
|
||||
return
|
||||
}
|
||||
|
||||
resp.RelayFromAddr = netAddrToProtoAddr(relayFrom)
|
||||
resp.RelayFromAddr = netAddrToProtoAddr(peerHostInfo.vpnAddrs[0])
|
||||
resp.RelayToAddr = target
|
||||
}
|
||||
|
||||
@@ -236,8 +218,8 @@ func (rm *relayManager) handleCreateRelayResponse(v cert.Version, h *HostInfo, f
|
||||
} else {
|
||||
f.SendMessageToHostInfo(header.Control, 0, peerHostInfo, msg, make([]byte, 12), make([]byte, mtu))
|
||||
rm.l.WithFields(logrus.Fields{
|
||||
"relayFrom": relayFrom,
|
||||
"relayTo": targetAddr,
|
||||
"relayFrom": resp.RelayFromAddr,
|
||||
"relayTo": resp.RelayToAddr,
|
||||
"initiatorRelayIndex": resp.InitiatorRelayIndex,
|
||||
"responderRelayIndex": resp.ResponderRelayIndex,
|
||||
"vpnAddrs": peerHostInfo.vpnAddrs}).
|
||||
@@ -331,7 +313,8 @@ func (rm *relayManager) handleCreateRelayRequest(v cert.Version, h *HostInfo, f
|
||||
|
||||
msg, err := resp.Marshal()
|
||||
if err != nil {
|
||||
logMsg.WithError(err).Error("relayManager Failed to marshal Control CreateRelayResponse message to create relay")
|
||||
logMsg.
|
||||
WithError(err).Error("relayManager Failed to marshal Control CreateRelayResponse message to create relay")
|
||||
} else {
|
||||
f.SendMessageToHostInfo(header.Control, 0, h, msg, make([]byte, 12), make([]byte, mtu))
|
||||
rm.l.WithFields(logrus.Fields{
|
||||
@@ -377,10 +360,10 @@ func (rm *relayManager) handleCreateRelayRequest(v cert.Version, h *HostInfo, f
|
||||
Type: NebulaControl_CreateRelayRequest,
|
||||
InitiatorRelayIndex: index,
|
||||
}
|
||||
relayFrom := h.vpnAddrs[0]
|
||||
|
||||
if v == cert.Version1 {
|
||||
if !relayFrom.Is4() {
|
||||
rm.l.WithField("relayFrom", relayFrom).
|
||||
if !h.vpnAddrs[0].Is4() {
|
||||
rm.l.WithField("relayFrom", h.vpnAddrs[0]).
|
||||
WithField("relayTo", target).
|
||||
WithField("initiatorRelayIndex", req.InitiatorRelayIndex).
|
||||
WithField("responderRelayIndex", req.ResponderRelayIndex).
|
||||
@@ -389,37 +372,23 @@ func (rm *relayManager) handleCreateRelayRequest(v cert.Version, h *HostInfo, f
|
||||
return
|
||||
}
|
||||
|
||||
b := relayFrom.As4()
|
||||
b := h.vpnAddrs[0].As4()
|
||||
req.OldRelayFromAddr = binary.BigEndian.Uint32(b[:])
|
||||
b = target.As4()
|
||||
req.OldRelayToAddr = binary.BigEndian.Uint32(b[:])
|
||||
} else {
|
||||
ok = false
|
||||
peerNetworks := h.GetCert().Certificate.Networks()
|
||||
for i := range peerNetworks {
|
||||
if peerNetworks[i].Contains(target) {
|
||||
relayFrom = peerNetworks[i].Addr()
|
||||
ok = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if !ok {
|
||||
rm.l.WithFields(logrus.Fields{"from": f.myVpnNetworks, "to": target}).
|
||||
Error("cannot establish relay, no networks in common")
|
||||
return
|
||||
}
|
||||
|
||||
req.RelayFromAddr = netAddrToProtoAddr(relayFrom)
|
||||
req.RelayFromAddr = netAddrToProtoAddr(h.vpnAddrs[0])
|
||||
req.RelayToAddr = netAddrToProtoAddr(target)
|
||||
}
|
||||
|
||||
msg, err := req.Marshal()
|
||||
if err != nil {
|
||||
logMsg.WithError(err).Error("relayManager Failed to marshal Control message to create relay")
|
||||
logMsg.
|
||||
WithError(err).Error("relayManager Failed to marshal Control message to create relay")
|
||||
} else {
|
||||
f.SendMessageToHostInfo(header.Control, 0, peer, msg, make([]byte, 12), make([]byte, mtu))
|
||||
rm.l.WithFields(logrus.Fields{
|
||||
"relayFrom": relayFrom,
|
||||
"relayFrom": h.vpnAddrs[0],
|
||||
"relayTo": target,
|
||||
"initiatorRelayIndex": req.InitiatorRelayIndex,
|
||||
"responderRelayIndex": req.ResponderRelayIndex,
|
||||
@@ -432,7 +401,8 @@ func (rm *relayManager) handleCreateRelayRequest(v cert.Version, h *HostInfo, f
|
||||
if !ok {
|
||||
_, err := AddRelay(rm.l, h, f.hostMap, target, &m.InitiatorRelayIndex, ForwardingType, PeerRequested)
|
||||
if err != nil {
|
||||
logMsg.WithError(err).Error("relayManager Failed to allocate a local index for relay")
|
||||
logMsg.
|
||||
WithError(err).Error("relayManager Failed to allocate a local index for relay")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
17
udp/msghdr_helper_linux_32.go
Normal file
17
udp/msghdr_helper_linux_32.go
Normal file
@@ -0,0 +1,17 @@
|
||||
//go:build linux && (386 || amd64p32 || arm || mips || mipsle) && !android && !e2e_testing
|
||||
// +build linux
|
||||
// +build 386 amd64p32 arm mips mipsle
|
||||
// +build !android
|
||||
// +build !e2e_testing
|
||||
|
||||
package udp
|
||||
|
||||
import "golang.org/x/sys/unix"
|
||||
|
||||
func controllen(n int) uint32 {
|
||||
return uint32(n)
|
||||
}
|
||||
|
||||
func setCmsgLen(h *unix.Cmsghdr, n int) {
|
||||
h.Len = uint32(unix.CmsgLen(n))
|
||||
}
|
||||
17
udp/msghdr_helper_linux_64.go
Normal file
17
udp/msghdr_helper_linux_64.go
Normal file
@@ -0,0 +1,17 @@
|
||||
//go:build linux && (amd64 || arm64 || ppc64 || ppc64le || mips64 || mips64le || s390x || riscv64 || loong64) && !android && !e2e_testing
|
||||
// +build linux
|
||||
// +build amd64 arm64 ppc64 ppc64le mips64 mips64le s390x riscv64 loong64
|
||||
// +build !android
|
||||
// +build !e2e_testing
|
||||
|
||||
package udp
|
||||
|
||||
import "golang.org/x/sys/unix"
|
||||
|
||||
func controllen(n int) uint64 {
|
||||
return uint64(n)
|
||||
}
|
||||
|
||||
func setCmsgLen(h *unix.Cmsghdr, n int) {
|
||||
h.Len = uint64(unix.CmsgLen(n))
|
||||
}
|
||||
595
udp/udp_linux.go
595
udp/udp_linux.go
@@ -5,10 +5,14 @@ package udp
|
||||
|
||||
import (
|
||||
"encoding/binary"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/netip"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
"syscall"
|
||||
"time"
|
||||
"unsafe"
|
||||
|
||||
"github.com/rcrowley/go-metrics"
|
||||
@@ -17,11 +21,38 @@ import (
|
||||
"golang.org/x/sys/unix"
|
||||
)
|
||||
|
||||
const (
|
||||
defaultGSOMaxSegments = 64
|
||||
defaultGSOMaxBytes = 64000
|
||||
defaultGROReadBufferSize = 2 * defaultGSOMaxBytes
|
||||
defaultGSOFlushTimeout = 100 * time.Microsecond
|
||||
)
|
||||
|
||||
type StdConn struct {
|
||||
sysFd int
|
||||
isV4 bool
|
||||
l *logrus.Logger
|
||||
batch int
|
||||
|
||||
enableGRO bool
|
||||
enableGSO bool
|
||||
|
||||
controlLen atomic.Int32
|
||||
|
||||
gsoMu sync.Mutex
|
||||
gsoPendingBuf []byte
|
||||
gsoPendingSegments int
|
||||
gsoPendingAddr netip.AddrPort
|
||||
gsoPendingSegSize int
|
||||
gsoMaxSegments int
|
||||
gsoMaxBytes int
|
||||
gsoFlushTimeout time.Duration
|
||||
gsoFlushTimer *time.Timer
|
||||
gsoControlBuf []byte
|
||||
|
||||
gsoBatches metrics.Counter
|
||||
gsoSegments metrics.Counter
|
||||
groSegments metrics.Counter
|
||||
}
|
||||
|
||||
func maybeIPV4(ip net.IP) (net.IP, bool) {
|
||||
@@ -69,7 +100,18 @@ func NewListener(l *logrus.Logger, ip netip.Addr, port int, multi bool, batch in
|
||||
return nil, fmt.Errorf("unable to bind to socket: %s", err)
|
||||
}
|
||||
|
||||
return &StdConn{sysFd: fd, isV4: ip.Is4(), l: l, batch: batch}, err
|
||||
return &StdConn{
|
||||
sysFd: fd,
|
||||
isV4: ip.Is4(),
|
||||
l: l,
|
||||
batch: batch,
|
||||
gsoMaxSegments: defaultGSOMaxSegments,
|
||||
gsoMaxBytes: defaultGSOMaxBytes,
|
||||
gsoFlushTimeout: defaultGSOFlushTimeout,
|
||||
gsoBatches: metrics.GetOrRegisterCounter("udp.gso.batches", nil),
|
||||
gsoSegments: metrics.GetOrRegisterCounter("udp.gso.segments", nil),
|
||||
groSegments: metrics.GetOrRegisterCounter("udp.gro.segments", nil),
|
||||
}, err
|
||||
}
|
||||
|
||||
func (u *StdConn) Rebind() error {
|
||||
@@ -121,13 +163,27 @@ func (u *StdConn) LocalAddr() (netip.AddrPort, error) {
|
||||
func (u *StdConn) ListenOut(r EncReader) {
|
||||
var ip netip.Addr
|
||||
|
||||
msgs, buffers, names := u.PrepareRawMessages(u.batch)
|
||||
msgs, buffers, names, controls := u.PrepareRawMessages(u.batch)
|
||||
read := u.ReadMulti
|
||||
if u.batch == 1 {
|
||||
read = u.ReadSingle
|
||||
}
|
||||
|
||||
for {
|
||||
//desiredControl := int(u.controlLen.Load())
|
||||
//hasControl := len(controls) > 0
|
||||
//if (desiredControl > 0) != hasControl || (desiredControl > 0 && hasControl && len(controls[0]) != desiredControl) {
|
||||
// msgs, buffers, names, controls = u.PrepareRawMessages(u.batch)
|
||||
// hasControl = len(controls) > 0
|
||||
//}
|
||||
//
|
||||
for i := range msgs {
|
||||
if len(controls) <= i || len(controls[i]) == 0 {
|
||||
continue
|
||||
}
|
||||
msgs[i].Hdr.Controllen = controllen(len(controls[i]))
|
||||
}
|
||||
|
||||
n, err := read(msgs)
|
||||
if err != nil {
|
||||
u.l.WithError(err).Debug("udp socket is closed, exiting read loop")
|
||||
@@ -135,13 +191,38 @@ func (u *StdConn) ListenOut(r EncReader) {
|
||||
}
|
||||
|
||||
for i := 0; i < n; i++ {
|
||||
payloadLen := int(msgs[i].Len)
|
||||
if payloadLen == 0 {
|
||||
continue
|
||||
}
|
||||
|
||||
// Its ok to skip the ok check here, the slicing is the only error that can occur and it will panic
|
||||
if u.isV4 {
|
||||
ip, _ = netip.AddrFromSlice(names[i][4:8])
|
||||
} else {
|
||||
ip, _ = netip.AddrFromSlice(names[i][8:24])
|
||||
}
|
||||
r(netip.AddrPortFrom(ip.Unmap(), binary.BigEndian.Uint16(names[i][2:4])), buffers[i][:msgs[i].Len])
|
||||
addr := netip.AddrPortFrom(ip.Unmap(), binary.BigEndian.Uint16(names[i][2:4]))
|
||||
|
||||
if len(controls) > i && len(controls[i]) > 0 {
|
||||
if segSize, segCount := u.parseGROSegment(&msgs[i], controls[i]); segSize > 0 && segSize < payloadLen {
|
||||
if u.emitSegments(r, addr, buffers[i][:payloadLen], segSize, segCount) {
|
||||
continue
|
||||
}
|
||||
if segCount > 1 {
|
||||
u.l.WithFields(logrus.Fields{
|
||||
"tag": "gro-debug",
|
||||
"stage": "listen_out",
|
||||
"reason": "emit_failed",
|
||||
"payload_len": payloadLen,
|
||||
"seg_size": segSize,
|
||||
"seg_count": segCount,
|
||||
}).Debug("gro-debug fallback to single packet")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
r(addr, buffers[i][:payloadLen])
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -188,6 +269,13 @@ func (u *StdConn) ReadMulti(msgs []rawMessage) (int, error) {
|
||||
}
|
||||
|
||||
func (u *StdConn) WriteTo(b []byte, ip netip.AddrPort) error {
|
||||
if u.enableGSO {
|
||||
if err := u.writeToGSO(b, ip); err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
if u.isV4 {
|
||||
return u.writeTo4(b, ip)
|
||||
}
|
||||
@@ -248,6 +336,494 @@ func (u *StdConn) writeTo4(b []byte, ip netip.AddrPort) error {
|
||||
}
|
||||
}
|
||||
|
||||
func (u *StdConn) writeToGSO(b []byte, addr netip.AddrPort) error {
|
||||
if len(b) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
if !addr.IsValid() {
|
||||
return u.directWrite(b, addr)
|
||||
}
|
||||
|
||||
u.gsoMu.Lock()
|
||||
defer u.gsoMu.Unlock()
|
||||
|
||||
if cap(u.gsoPendingBuf) < u.gsoMaxBytes { //I feel like this is bad?
|
||||
u.gsoPendingBuf = make([]byte, 0, u.gsoMaxBytes)
|
||||
}
|
||||
|
||||
if u.gsoPendingSegments > 0 && u.gsoPendingAddr != addr {
|
||||
if err := u.flushPendingLocked(); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if len(b) > u.gsoMaxBytes || u.gsoMaxSegments <= 1 {
|
||||
if err := u.flushPendingLocked(); err != nil {
|
||||
return err
|
||||
}
|
||||
return u.directWrite(b, addr)
|
||||
}
|
||||
|
||||
if u.gsoPendingSegments == 0 {
|
||||
u.gsoPendingAddr = addr
|
||||
u.gsoPendingSegSize = len(b)
|
||||
} else {
|
||||
if len(b) > u.gsoPendingSegSize {
|
||||
if err := u.flushPendingLocked(); err != nil {
|
||||
return err
|
||||
}
|
||||
u.gsoPendingAddr = addr
|
||||
u.gsoPendingSegSize = len(b)
|
||||
} else if len(b) < u.gsoPendingSegSize {
|
||||
if err := u.flushPendingLocked(); err != nil {
|
||||
return err
|
||||
}
|
||||
u.gsoPendingAddr = addr
|
||||
u.gsoPendingSegSize = len(b)
|
||||
}
|
||||
}
|
||||
|
||||
inBuf := len(u.gsoPendingBuf) + len(b)
|
||||
if len(u.gsoPendingBuf)+len(b) > u.gsoMaxBytes {
|
||||
if err := u.flushPendingLocked(); err != nil {
|
||||
return err
|
||||
}
|
||||
u.gsoPendingAddr = addr
|
||||
u.gsoPendingSegSize = len(b)
|
||||
}
|
||||
|
||||
u.gsoPendingBuf = append(u.gsoPendingBuf, b...)
|
||||
u.gsoPendingSegments++
|
||||
|
||||
if u.gsoPendingSegments >= u.gsoMaxSegments {
|
||||
return u.flushPendingLocked()
|
||||
}
|
||||
|
||||
if u.gsoFlushTimeout <= 0 {
|
||||
return u.flushPendingLocked()
|
||||
}
|
||||
|
||||
u.scheduleFlushLocked(inBuf)
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *StdConn) flushPendingLocked() error {
|
||||
if u.gsoPendingSegments == 0 {
|
||||
u.stopFlushTimerLocked()
|
||||
return nil
|
||||
}
|
||||
|
||||
buf := u.gsoPendingBuf[:len(u.gsoPendingBuf)]
|
||||
addr := u.gsoPendingAddr
|
||||
segSize := u.gsoPendingSegSize
|
||||
segments := u.gsoPendingSegments
|
||||
|
||||
u.stopFlushTimerLocked()
|
||||
|
||||
var err error
|
||||
if segments <= 1 || !u.enableGSO {
|
||||
err = u.directWrite(buf, addr)
|
||||
} else {
|
||||
err = u.sendSegmentedLocked(buf, addr, segSize)
|
||||
if err != nil && (errors.Is(err, unix.EOPNOTSUPP) || errors.Is(err, unix.ENOTSUP)) {
|
||||
u.enableGSO = false
|
||||
u.l.WithError(err).Warn("UDP GSO not supported, disabling")
|
||||
err = u.sendSequentialLocked(buf, addr, segSize)
|
||||
}
|
||||
}
|
||||
|
||||
if err == nil && segments > 1 && u.enableGSO {
|
||||
if u.gsoBatches != nil {
|
||||
u.gsoBatches.Inc(1)
|
||||
}
|
||||
if u.gsoSegments != nil {
|
||||
u.gsoSegments.Inc(int64(segments))
|
||||
}
|
||||
}
|
||||
|
||||
u.gsoPendingBuf = u.gsoPendingBuf[:0]
|
||||
u.gsoPendingSegments = 0
|
||||
u.gsoPendingSegSize = 0
|
||||
u.gsoPendingAddr = netip.AddrPort{}
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func (u *StdConn) sendSegmentedLocked(buf []byte, addr netip.AddrPort, segSize int) error {
|
||||
if len(buf) == 0 {
|
||||
return nil
|
||||
}
|
||||
if segSize <= 0 {
|
||||
segSize = len(buf)
|
||||
}
|
||||
|
||||
if len(u.gsoControlBuf) < unix.CmsgSpace(2) {
|
||||
u.gsoControlBuf = make([]byte, unix.CmsgSpace(2))
|
||||
}
|
||||
control := u.gsoControlBuf[:unix.CmsgSpace(2)]
|
||||
for i := range control {
|
||||
control[i] = 0
|
||||
}
|
||||
|
||||
hdr := (*unix.Cmsghdr)(unsafe.Pointer(&control[0]))
|
||||
setCmsgLen(hdr, 2)
|
||||
hdr.Level = unix.SOL_UDP
|
||||
hdr.Type = unix.UDP_SEGMENT
|
||||
|
||||
dataOff := unix.CmsgLen(0)
|
||||
binary.NativeEndian.PutUint16(control[dataOff:dataOff+2], uint16(segSize))
|
||||
|
||||
var sa unix.Sockaddr
|
||||
if u.isV4 {
|
||||
sa4 := &unix.SockaddrInet4{Port: int(addr.Port())}
|
||||
sa4.Addr = addr.Addr().As4()
|
||||
sa = sa4
|
||||
} else {
|
||||
sa6 := &unix.SockaddrInet6{Port: int(addr.Port())}
|
||||
sa6.Addr = addr.Addr().As16()
|
||||
sa = sa6
|
||||
}
|
||||
|
||||
for {
|
||||
n, err := unix.SendmsgN(u.sysFd, buf, control[:unix.CmsgSpace(2)], sa, 0)
|
||||
if err != nil {
|
||||
if err == unix.EINTR {
|
||||
continue
|
||||
}
|
||||
return &net.OpError{Op: "sendmsg", Err: err}
|
||||
}
|
||||
if n != len(buf) {
|
||||
return &net.OpError{Op: "sendmsg", Err: unix.EIO}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func (u *StdConn) sendSequentialLocked(buf []byte, addr netip.AddrPort, segSize int) error {
|
||||
if len(buf) == 0 {
|
||||
return nil
|
||||
}
|
||||
if segSize <= 0 {
|
||||
segSize = len(buf)
|
||||
}
|
||||
|
||||
for offset := 0; offset < len(buf); offset += segSize {
|
||||
end := offset + segSize
|
||||
if end > len(buf) {
|
||||
end = len(buf)
|
||||
}
|
||||
var err error
|
||||
if u.isV4 {
|
||||
err = u.writeTo4(buf[offset:end], addr)
|
||||
} else {
|
||||
err = u.writeTo6(buf[offset:end], addr)
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if end == len(buf) {
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (u *StdConn) scheduleFlushLocked(inBuf int) {
|
||||
if u.gsoFlushTimeout <= 0 {
|
||||
_ = u.flushPendingLocked()
|
||||
return
|
||||
}
|
||||
|
||||
t := u.gsoFlushTimeout
|
||||
if inBuf > u.gsoMaxBytes/2 {
|
||||
t = t / 2
|
||||
}
|
||||
|
||||
if u.gsoFlushTimer == nil {
|
||||
u.gsoFlushTimer = time.AfterFunc(t, u.flushTimerHandler)
|
||||
return
|
||||
}
|
||||
if !u.gsoFlushTimer.Stop() {
|
||||
// timer already fired or running; allow handler to exit if no data
|
||||
}
|
||||
u.gsoFlushTimer.Reset(t)
|
||||
}
|
||||
|
||||
func (u *StdConn) stopFlushTimerLocked() {
|
||||
if u.gsoFlushTimer != nil {
|
||||
u.gsoFlushTimer.Stop()
|
||||
}
|
||||
}
|
||||
|
||||
func (u *StdConn) flushTimerHandler() {
|
||||
//u.l.Warn("timer hit")
|
||||
u.gsoMu.Lock()
|
||||
defer u.gsoMu.Unlock()
|
||||
|
||||
if u.gsoPendingSegments == 0 {
|
||||
return
|
||||
}
|
||||
|
||||
if err := u.flushPendingLocked(); err != nil {
|
||||
u.l.WithError(err).Warn("Failed to flush GSO batch")
|
||||
}
|
||||
}
|
||||
|
||||
func (u *StdConn) directWrite(b []byte, addr netip.AddrPort) error {
|
||||
if u.isV4 {
|
||||
return u.writeTo4(b, addr)
|
||||
}
|
||||
return u.writeTo6(b, addr)
|
||||
}
|
||||
|
||||
func (u *StdConn) emitSegments(r EncReader, addr netip.AddrPort, payload []byte, segSize, segCount int) bool {
|
||||
if segSize <= 0 || segSize >= len(payload) {
|
||||
if u.l.Level >= logrus.DebugLevel {
|
||||
u.l.WithFields(logrus.Fields{
|
||||
"tag": "gro-debug",
|
||||
"stage": "emit",
|
||||
"reason": "invalid_seg_size",
|
||||
"payload_len": len(payload),
|
||||
"seg_size": segSize,
|
||||
"seg_count": segCount,
|
||||
}).Debug("gro-debug skip emit")
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
totalLen := len(payload)
|
||||
if segCount <= 0 {
|
||||
segCount = (totalLen + segSize - 1) / segSize
|
||||
}
|
||||
if segCount <= 1 {
|
||||
if u.l.Level >= logrus.DebugLevel {
|
||||
u.l.WithFields(logrus.Fields{
|
||||
"tag": "gro-debug",
|
||||
"stage": "emit",
|
||||
"reason": "single_segment",
|
||||
"payload_len": totalLen,
|
||||
"seg_size": segSize,
|
||||
"seg_count": segCount,
|
||||
}).Debug("gro-debug skip emit")
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
//segments := make([][]byte, 0, segCount)
|
||||
start := 0
|
||||
//var firstHeader header.H
|
||||
//firstParsed := false
|
||||
//var firstCounter uint64
|
||||
//var firstRemote uint32
|
||||
numSegments := 0
|
||||
//for start < totalLen && len(segments) < segCount {
|
||||
for start < totalLen && numSegments < segCount {
|
||||
end := start + segSize
|
||||
if end > totalLen {
|
||||
end = totalLen
|
||||
}
|
||||
|
||||
//segment := append([]byte(nil), payload[start:end]...)
|
||||
//q := numSegments % 4 //TODO
|
||||
r(addr, payload[start:end])
|
||||
numSegments++
|
||||
//segments = append(segments, segment)
|
||||
start = end
|
||||
|
||||
//if !firstParsed {
|
||||
// if err := firstHeader.Parse(segment); err == nil {
|
||||
// firstParsed = true
|
||||
// firstCounter = firstHeader.MessageCounter
|
||||
// firstRemote = firstHeader.RemoteIndex
|
||||
// } else if u.l.IsLevelEnabled(logrus.DebugLevel) {
|
||||
// u.l.WithFields(logrus.Fields{
|
||||
// "tag": "gro-debug",
|
||||
// "stage": "emit",
|
||||
// "event": "parse_fail",
|
||||
// "seg_index": len(segments) - 1,
|
||||
// "seg_size": segSize,
|
||||
// "seg_count": segCount,
|
||||
// "payload_len": totalLen,
|
||||
// "err": err,
|
||||
// }).Debug("gro-debug segment parse failed")
|
||||
// }
|
||||
//}
|
||||
}
|
||||
|
||||
//for idx, segment := range segments {
|
||||
// r(addr, segment)
|
||||
//if idx == len(segments)-1 && len(segment) < segSize && u.l.IsLevelEnabled(logrus.DebugLevel) {
|
||||
// var tail header.H
|
||||
// if err := tail.Parse(segment); err == nil {
|
||||
// u.l.WithFields(logrus.Fields{
|
||||
// "tag": "gro-debug",
|
||||
// "stage": "emit",
|
||||
// "event": "tail_segment",
|
||||
// "segment_len": len(segment),
|
||||
// "remote_index": tail.RemoteIndex,
|
||||
// "message_counter": tail.MessageCounter,
|
||||
// }).Debug("gro-debug tail segment metadata")
|
||||
// } else {
|
||||
// u.l.WithError(err).Warn("Failed to parse tail segment")
|
||||
// }
|
||||
//}
|
||||
//}
|
||||
|
||||
if u.groSegments != nil {
|
||||
//u.groSegments.Inc(int64(len(segments)))
|
||||
u.groSegments.Inc(int64(numSegments))
|
||||
}
|
||||
|
||||
//if len(segments) > 0 {
|
||||
// lastLen := len(segments[len(segments)-1])
|
||||
// if u.l.IsLevelEnabled(logrus.DebugLevel) {
|
||||
// u.l.WithFields(logrus.Fields{
|
||||
// "tag": "gro-debug",
|
||||
// "stage": "emit",
|
||||
// "event": "success",
|
||||
// "payload_len": totalLen,
|
||||
// "seg_size": segSize,
|
||||
// "seg_count": segCount,
|
||||
// "actual_segs": len(segments),
|
||||
// "last_seg_len": lastLen,
|
||||
// "addr": addr.String(),
|
||||
// "first_remote": firstRemote,
|
||||
// "first_counter": firstCounter,
|
||||
// }).Debug("gro-debug emit")
|
||||
// }
|
||||
//}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func (u *StdConn) parseGROSegment(msg *rawMessage, control []byte) (int, int) {
|
||||
ctrlLen := int(msg.Hdr.Controllen)
|
||||
if ctrlLen <= 0 {
|
||||
return 0, 0
|
||||
}
|
||||
if ctrlLen > len(control) {
|
||||
ctrlLen = len(control)
|
||||
}
|
||||
|
||||
cmsgs, err := unix.ParseSocketControlMessage(control[:ctrlLen])
|
||||
if err != nil {
|
||||
u.l.WithError(err).Debug("failed to parse UDP GRO control message")
|
||||
return 0, 0
|
||||
}
|
||||
|
||||
for _, c := range cmsgs {
|
||||
if c.Header.Level == unix.SOL_UDP && c.Header.Type == unix.UDP_GRO && len(c.Data) >= 2 {
|
||||
segSize := int(binary.NativeEndian.Uint16(c.Data[:2]))
|
||||
segCount := 0
|
||||
if len(c.Data) >= 4 {
|
||||
segCount = int(binary.NativeEndian.Uint16(c.Data[2:4]))
|
||||
}
|
||||
if u.l.Level >= logrus.DebugLevel {
|
||||
u.l.WithFields(logrus.Fields{
|
||||
"tag": "gro-debug",
|
||||
"stage": "parse",
|
||||
"seg_size": segSize,
|
||||
"seg_count": segCount,
|
||||
}).Debug("gro-debug control parsed")
|
||||
}
|
||||
return segSize, segCount
|
||||
}
|
||||
}
|
||||
|
||||
return 0, 0
|
||||
}
|
||||
|
||||
func (u *StdConn) configureGRO(enable bool) {
|
||||
if enable == u.enableGRO {
|
||||
if enable {
|
||||
u.controlLen.Store(int32(unix.CmsgSpace(2)))
|
||||
} else {
|
||||
u.controlLen.Store(0)
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
if enable {
|
||||
if err := unix.SetsockoptInt(u.sysFd, unix.SOL_UDP, unix.UDP_GRO, 1); err != nil {
|
||||
u.l.WithError(err).Warn("Failed to enable UDP GRO")
|
||||
u.enableGRO = false
|
||||
u.controlLen.Store(0)
|
||||
return
|
||||
}
|
||||
u.enableGRO = true
|
||||
u.controlLen.Store(int32(unix.CmsgSpace(2)))
|
||||
u.l.Info("UDP GRO enabled")
|
||||
} else {
|
||||
if u.enableGRO {
|
||||
if err := unix.SetsockoptInt(u.sysFd, unix.SOL_UDP, unix.UDP_GRO, 0); err != nil {
|
||||
u.l.WithError(err).Warn("Failed to disable UDP GRO")
|
||||
}
|
||||
}
|
||||
u.enableGRO = false
|
||||
u.controlLen.Store(0)
|
||||
}
|
||||
}
|
||||
|
||||
func (u *StdConn) configureGSO(enable bool, c *config.C) {
|
||||
u.gsoMu.Lock()
|
||||
defer u.gsoMu.Unlock()
|
||||
|
||||
if !enable {
|
||||
if u.enableGSO {
|
||||
if err := u.flushPendingLocked(); err != nil {
|
||||
u.l.WithError(err).Warn("Failed to flush GSO buffers while disabling")
|
||||
}
|
||||
u.enableGSO = false
|
||||
if u.gsoFlushTimer != nil {
|
||||
u.gsoFlushTimer.Stop()
|
||||
}
|
||||
u.l.Info("UDP GSO disabled")
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
maxSegments := c.GetInt("listen.gso_max_segments", defaultGSOMaxSegments)
|
||||
if maxSegments < 2 {
|
||||
maxSegments = 2
|
||||
}
|
||||
|
||||
maxBytes := c.GetInt("listen.gso_max_bytes", 0)
|
||||
if maxBytes <= 0 {
|
||||
maxBytes = defaultGSOMaxBytes
|
||||
}
|
||||
if maxBytes < MTU {
|
||||
maxBytes = MTU
|
||||
}
|
||||
|
||||
flushTimeout := c.GetDuration("listen.gso_flush_timeout", defaultGSOFlushTimeout)
|
||||
if flushTimeout < 0 {
|
||||
flushTimeout = 0
|
||||
}
|
||||
|
||||
u.enableGSO = true
|
||||
u.gsoMaxSegments = maxSegments
|
||||
u.gsoMaxBytes = maxBytes
|
||||
u.gsoFlushTimeout = flushTimeout
|
||||
|
||||
if cap(u.gsoPendingBuf) < u.gsoMaxBytes {
|
||||
u.gsoPendingBuf = make([]byte, 0, u.gsoMaxBytes)
|
||||
} else {
|
||||
u.gsoPendingBuf = u.gsoPendingBuf[:0]
|
||||
}
|
||||
|
||||
if len(u.gsoControlBuf) < unix.CmsgSpace(2) {
|
||||
u.gsoControlBuf = make([]byte, unix.CmsgSpace(2))
|
||||
}
|
||||
|
||||
u.l.WithFields(logrus.Fields{
|
||||
"segments": u.gsoMaxSegments,
|
||||
"bytes": u.gsoMaxBytes,
|
||||
"flush_timeout": u.gsoFlushTimeout,
|
||||
}).Info("UDP GSO configured")
|
||||
}
|
||||
|
||||
func (u *StdConn) ReloadConfig(c *config.C) {
|
||||
b := c.GetInt("listen.read_buffer", 0)
|
||||
if b > 0 {
|
||||
@@ -294,6 +870,9 @@ func (u *StdConn) ReloadConfig(c *config.C) {
|
||||
u.l.WithError(err).Error("Failed to set listen.so_mark")
|
||||
}
|
||||
}
|
||||
|
||||
u.configureGRO(c.GetBool("listen.enable_gro", false))
|
||||
u.configureGSO(c.GetBool("listen.enable_gso", false), c)
|
||||
}
|
||||
|
||||
func (u *StdConn) getMemInfo(meminfo *[unix.SK_MEMINFO_VARS]uint32) error {
|
||||
@@ -306,7 +885,15 @@ func (u *StdConn) getMemInfo(meminfo *[unix.SK_MEMINFO_VARS]uint32) error {
|
||||
}
|
||||
|
||||
func (u *StdConn) Close() error {
|
||||
return syscall.Close(u.sysFd)
|
||||
u.gsoMu.Lock()
|
||||
flushErr := u.flushPendingLocked()
|
||||
u.gsoMu.Unlock()
|
||||
|
||||
closeErr := syscall.Close(u.sysFd)
|
||||
if flushErr != nil {
|
||||
return flushErr
|
||||
}
|
||||
return closeErr
|
||||
}
|
||||
|
||||
func NewUDPStatsEmitter(udpConns []Conn) func() {
|
||||
|
||||
@@ -30,13 +30,24 @@ type rawMessage struct {
|
||||
Len uint32
|
||||
}
|
||||
|
||||
func (u *StdConn) PrepareRawMessages(n int) ([]rawMessage, [][]byte, [][]byte) {
|
||||
func (u *StdConn) PrepareRawMessages(n int) ([]rawMessage, [][]byte, [][]byte, [][]byte) {
|
||||
controlLen := int(u.controlLen.Load())
|
||||
|
||||
msgs := make([]rawMessage, n)
|
||||
buffers := make([][]byte, n)
|
||||
names := make([][]byte, n)
|
||||
|
||||
var controls [][]byte
|
||||
if controlLen > 0 {
|
||||
controls = make([][]byte, n)
|
||||
}
|
||||
|
||||
for i := range msgs {
|
||||
buffers[i] = make([]byte, MTU)
|
||||
size := MTU
|
||||
if defaultGROReadBufferSize > size {
|
||||
size = defaultGROReadBufferSize
|
||||
}
|
||||
buffers[i] = make([]byte, size)
|
||||
names[i] = make([]byte, unix.SizeofSockaddrInet6)
|
||||
|
||||
vs := []iovec{
|
||||
@@ -48,7 +59,16 @@ func (u *StdConn) PrepareRawMessages(n int) ([]rawMessage, [][]byte, [][]byte) {
|
||||
|
||||
msgs[i].Hdr.Name = &names[i][0]
|
||||
msgs[i].Hdr.Namelen = uint32(len(names[i]))
|
||||
|
||||
if controlLen > 0 {
|
||||
controls[i] = make([]byte, controlLen)
|
||||
msgs[i].Hdr.Control = &controls[i][0]
|
||||
msgs[i].Hdr.Controllen = controllen(len(controls[i]))
|
||||
} else {
|
||||
msgs[i].Hdr.Control = nil
|
||||
msgs[i].Hdr.Controllen = controllen(0)
|
||||
}
|
||||
}
|
||||
|
||||
return msgs, buffers, names
|
||||
return msgs, buffers, names, controls
|
||||
}
|
||||
|
||||
@@ -33,25 +33,43 @@ type rawMessage struct {
|
||||
Pad0 [4]byte
|
||||
}
|
||||
|
||||
func (u *StdConn) PrepareRawMessages(n int) ([]rawMessage, [][]byte, [][]byte) {
|
||||
func (u *StdConn) PrepareRawMessages(n int) ([]rawMessage, [][]byte, [][]byte, [][]byte) {
|
||||
controlLen := int(u.controlLen.Load())
|
||||
|
||||
msgs := make([]rawMessage, n)
|
||||
buffers := make([][]byte, n)
|
||||
names := make([][]byte, n)
|
||||
|
||||
var controls [][]byte
|
||||
if controlLen > 0 {
|
||||
controls = make([][]byte, n)
|
||||
}
|
||||
|
||||
for i := range msgs {
|
||||
buffers[i] = make([]byte, MTU)
|
||||
size := MTU
|
||||
if defaultGROReadBufferSize > size {
|
||||
size = defaultGROReadBufferSize
|
||||
}
|
||||
buffers[i] = make([]byte, size)
|
||||
names[i] = make([]byte, unix.SizeofSockaddrInet6)
|
||||
|
||||
vs := []iovec{
|
||||
{Base: &buffers[i][0], Len: uint64(len(buffers[i]))},
|
||||
}
|
||||
vs := []iovec{{Base: &buffers[i][0], Len: uint64(len(buffers[i]))}}
|
||||
|
||||
msgs[i].Hdr.Iov = &vs[0]
|
||||
msgs[i].Hdr.Iovlen = uint64(len(vs))
|
||||
|
||||
msgs[i].Hdr.Name = &names[i][0]
|
||||
msgs[i].Hdr.Namelen = uint32(len(names[i]))
|
||||
|
||||
if controlLen > 0 {
|
||||
controls[i] = make([]byte, controlLen)
|
||||
msgs[i].Hdr.Control = &controls[i][0]
|
||||
msgs[i].Hdr.Controllen = controllen(len(controls[i]))
|
||||
} else {
|
||||
msgs[i].Hdr.Control = nil
|
||||
msgs[i].Hdr.Controllen = controllen(0)
|
||||
}
|
||||
}
|
||||
|
||||
return msgs, buffers, names
|
||||
return msgs, buffers, names, controls
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user