rework Results.tex to include gVisor findings

Listings/hyprspace_dispatch.go

@@ -0,0 +1,26 @@
+} else if proto == 0x60 {
+    dstIP = net.IP(packet[24:40])
+    if node.cfg.BuiltinAddr6.Equal(dstIP) {
+        continue
+    } else if serviceNet.NetworkRange.Contains(dstIP) {
+        // Are you TCP because your protocol is 6, or is your
+        // protocol 6 because you are TCP?
+        if packet[6] == 0x06 {
+            port := uint16(packet[42])*256 + uint16(packet[43])
+            if serviceNet.EnsureListener([16]byte(packet[24:40]), port) {
+                count, err := (*serviceNet.Tun).Write([][]byte{packet}, 0)
+                if count == 0 || err != nil {
+                    logger.With(err).Error("Error writing to service-network tunnel")
+                }
+            }
+        }
+        continue
+    }
+}
+...
+// Check route table for destination address.
+route, found := node.cfg.FindRouteForIP(dstIP)
+if found {
+    dst = route.Target.ID
+    go node.sendPacket(dst, packet, plen)
+}

Listings/hyprspace_netstack.go

@@ -0,0 +1,21 @@
+// taken from https://git.zx2c4.com/wireguard-go/tree/tun/netstack/tun.go
+// rev 2b73054b299aec80cbb064954001810d30ee2e3c
+...
+func CreateNetTUN(localAddresses, dnsServers []netip.Addr, mtu int) (tun.Device, *Net, error) {
+    opts := stack.Options{
+        NetworkProtocols:   []stack.NetworkProtocolFactory{ipv4.NewProtocol, ipv6.NewProtocol},
+        TransportProtocols: []stack.TransportProtocolFactory{tcp.NewProtocol, udp.NewProtocol, icmp.NewProtocol6, icmp.NewProtocol4},
+        HandleLocal:        true,
+    }
+    dev := &netTun{
+        ep:             channel.New(1024, uint32(mtu), ""),
+        stack:          stack.New(opts),
+        ...
+    }
+    sackEnabledOpt := tcpip.TCPSACKEnabled(true) // TCP SACK is disabled by default
+    tcpipErr := dev.stack.SetTransportProtocolOption(tcp.ProtocolNumber, &sackEnabledOpt)
+    if tcpipErr != nil {
+        return nil, nil, fmt.Errorf("could not enable TCP SACK: %v", tcpipErr)
+    }
+    ...
+}

Listings/hyprspace_sendpacket.go

@@ -0,0 +1,31 @@
+type SharedStream struct {
+    Stream *network.Stream
+    Lock   *sync.Mutex
+}
+...
+// Inside the TUN-read loop:
+if found {
+    dst = route.Target.ID
+    go node.sendPacket(dst, packet, plen)
+}
+...
+func (node *Node) sendPacket(dst peer.ID, packet []byte, plen int) {
+    // Check if we already have an open connection to the destination peer.
+    ms, ok := node.activeStreams[dst]
+    if ok {
+        if func() bool {
+            ms.Lock.Lock()
+            defer ms.Lock.Unlock()
+            // Write out the packet's length to the libp2p stream to ensure
+            // we know the full size of the packet at the other end.
+            err := binary.Write(*ms.Stream, binary.LittleEndian, uint16(plen))
+            if err == nil {
+                // Write the packet out to the libp2p stream.
+                _, err = (*ms.Stream).Write(packet[:plen])
+                ...
+            }
+            ...
+        }() { return }
+    }
+    ...
+}

Listings/hyprspace_tun_linux.go

@@ -0,0 +1,15 @@
+// New creates and returns a new TUN interface for the application.
+func New(name string, opts ...Option) (*TUN, error) {
+    // Setup TUN Config
+    cfg := water.Config{
+        DeviceType: water.TUN,
+    }
+    cfg.Name = name
+
+    // Create Water Interface
+    iface, err := water.New(cfg)
+    if err != nil {
+        return nil, err
+    }
+    ...
+}

Listings/magicsock_buffer.go

@@ -0,0 +1,9 @@
+socketBufferSize = 7 << 20
+...
+forceErr, portableErr := sockopts.SetBufferSize(pconn, direction, socketBufferSize)
+if forceErr != nil {
+    logf("magicsock: [warning] failed to force-set UDP %v buffer size to %d: %v; using kernel default values (impacts throughput only)", direction, socketBufferSize, forceErr)
+}
+if portableErr != nil {
+    logf("magicsock: failed to set UDP %v buffer size to %d: %v", direction, socketBufferSize, portableErr)
+}

Listings/nixos_tailscale.nix

@@ -0,0 +1 @@
+''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName} ${lib.concatStringsSep " " cfg.extraDaemonFlags}"''

Listings/rig_interface_name.nix

@@ -0,0 +1,10 @@
+let
+  interface = lib.substring 0 15 "ts-${instanceName}";
+in
+{
+  services.tailscale = {
+    enable = true;
+    # Use the interface name for the tunnel
+    interfaceName = interface;
+  };
+}

Listings/tailscale_netstack_overrides.go

@@ -0,0 +1,28 @@
+// values are biased towards higher throughput on high bandwidth-delay
+// product paths, except on memory-constrained platforms.
+tcpRXBufOpt := tcpip.TCPReceiveBufferSizeRangeOption{
+    ...
+    Max: tcpRXBufMaxSize,
+}
+tcpipErr := ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &tcpRXBufOpt)
+...
+tcpTXBufOpt := tcpip.TCPSendBufferSizeRangeOption{
+    ...
+    Max: tcpTXBufMaxSize,
+}
+tcpipErr = ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &tcpTXBufOpt)
+...
+sackEnabledOpt := tcpip.TCPSACKEnabled(true) // TCP SACK is disabled by default
+tcpipErr := ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &sackEnabledOpt)
+...
+// See https://github.com/tailscale/tailscale/issues/9707
+// gVisor's RACK performs poorly. ACKs do not appear to be handled in a
+// timely manner, leading to spurious retransmissions and a reduced
+// congestion window.
+tcpRecoveryOpt := tcpip.TCPRecovery(0)
+tcpipErr = ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &tcpRecoveryOpt)
+...
+// gVisor defaults to reno at the time of writing. We explicitly set reno
+// See https://github.com/google/gvisor/issues/11632
+renoOpt := tcpip.CongestionControlOption("reno")
+tcpipErr = ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &renoOpt)

Listings/tstun_gro.go

@@ -0,0 +1,22 @@
+// SetLinkFeaturesPostUp configures link features on t based on select TS_TUN_
+// environment variables and OS feature tests. Callers should ensure t is
+// up prior to calling, otherwise OS feature tests may be inconclusive.
+func (t *Wrapper) SetLinkFeaturesPostUp() {
+    if t.isTAP || runtime.GOOS == "android" {
+        return
+    }
+    if groDev, ok := t.tdev.(tun.GRODevice); ok {
+        if envknob.Bool("TS_TUN_DISABLE_UDP_GRO") {
+            groDev.DisableUDPGRO()
+        }
+        if envknob.Bool("TS_TUN_DISABLE_TCP_GRO") {
+            groDev.DisableTCPGRO()
+        }
+        err := probeTCPGRO(groDev)
+        if errors.Is(err, unix.EINVAL) {
+            groDev.DisableTCPGRO()
+            groDev.DisableUDPGRO()
+            t.logf("disabled TUN TCP & UDP GRO due to GRO probe error: %v", err)
+        }
+    }
+}