rework Results.tex to include gVisor findings
This commit is contained in:
+1172
-573
File diff suppressed because it is too large
Load Diff
Binary file not shown.
|
Before Width: | Height: | Size: 49 KiB After Width: | Height: | Size: 73 KiB |
@@ -0,0 +1,26 @@
|
||||
} else if proto == 0x60 {
|
||||
dstIP = net.IP(packet[24:40])
|
||||
if node.cfg.BuiltinAddr6.Equal(dstIP) {
|
||||
continue
|
||||
} else if serviceNet.NetworkRange.Contains(dstIP) {
|
||||
// Are you TCP because your protocol is 6, or is your
|
||||
// protocol 6 because you are TCP?
|
||||
if packet[6] == 0x06 {
|
||||
port := uint16(packet[42])*256 + uint16(packet[43])
|
||||
if serviceNet.EnsureListener([16]byte(packet[24:40]), port) {
|
||||
count, err := (*serviceNet.Tun).Write([][]byte{packet}, 0)
|
||||
if count == 0 || err != nil {
|
||||
logger.With(err).Error("Error writing to service-network tunnel")
|
||||
}
|
||||
}
|
||||
}
|
||||
continue
|
||||
}
|
||||
}
|
||||
...
|
||||
// Check route table for destination address.
|
||||
route, found := node.cfg.FindRouteForIP(dstIP)
|
||||
if found {
|
||||
dst = route.Target.ID
|
||||
go node.sendPacket(dst, packet, plen)
|
||||
}
|
||||
@@ -0,0 +1,21 @@
|
||||
// taken from https://git.zx2c4.com/wireguard-go/tree/tun/netstack/tun.go
|
||||
// rev 2b73054b299aec80cbb064954001810d30ee2e3c
|
||||
...
|
||||
func CreateNetTUN(localAddresses, dnsServers []netip.Addr, mtu int) (tun.Device, *Net, error) {
|
||||
opts := stack.Options{
|
||||
NetworkProtocols: []stack.NetworkProtocolFactory{ipv4.NewProtocol, ipv6.NewProtocol},
|
||||
TransportProtocols: []stack.TransportProtocolFactory{tcp.NewProtocol, udp.NewProtocol, icmp.NewProtocol6, icmp.NewProtocol4},
|
||||
HandleLocal: true,
|
||||
}
|
||||
dev := &netTun{
|
||||
ep: channel.New(1024, uint32(mtu), ""),
|
||||
stack: stack.New(opts),
|
||||
...
|
||||
}
|
||||
sackEnabledOpt := tcpip.TCPSACKEnabled(true) // TCP SACK is disabled by default
|
||||
tcpipErr := dev.stack.SetTransportProtocolOption(tcp.ProtocolNumber, &sackEnabledOpt)
|
||||
if tcpipErr != nil {
|
||||
return nil, nil, fmt.Errorf("could not enable TCP SACK: %v", tcpipErr)
|
||||
}
|
||||
...
|
||||
}
|
||||
@@ -0,0 +1,31 @@
|
||||
type SharedStream struct {
|
||||
Stream *network.Stream
|
||||
Lock *sync.Mutex
|
||||
}
|
||||
...
|
||||
// Inside the TUN-read loop:
|
||||
if found {
|
||||
dst = route.Target.ID
|
||||
go node.sendPacket(dst, packet, plen)
|
||||
}
|
||||
...
|
||||
func (node *Node) sendPacket(dst peer.ID, packet []byte, plen int) {
|
||||
// Check if we already have an open connection to the destination peer.
|
||||
ms, ok := node.activeStreams[dst]
|
||||
if ok {
|
||||
if func() bool {
|
||||
ms.Lock.Lock()
|
||||
defer ms.Lock.Unlock()
|
||||
// Write out the packet's length to the libp2p stream to ensure
|
||||
// we know the full size of the packet at the other end.
|
||||
err := binary.Write(*ms.Stream, binary.LittleEndian, uint16(plen))
|
||||
if err == nil {
|
||||
// Write the packet out to the libp2p stream.
|
||||
_, err = (*ms.Stream).Write(packet[:plen])
|
||||
...
|
||||
}
|
||||
...
|
||||
}() { return }
|
||||
}
|
||||
...
|
||||
}
|
||||
@@ -0,0 +1,15 @@
|
||||
// New creates and returns a new TUN interface for the application.
|
||||
func New(name string, opts ...Option) (*TUN, error) {
|
||||
// Setup TUN Config
|
||||
cfg := water.Config{
|
||||
DeviceType: water.TUN,
|
||||
}
|
||||
cfg.Name = name
|
||||
|
||||
// Create Water Interface
|
||||
iface, err := water.New(cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
...
|
||||
}
|
||||
@@ -0,0 +1,9 @@
|
||||
socketBufferSize = 7 << 20
|
||||
...
|
||||
forceErr, portableErr := sockopts.SetBufferSize(pconn, direction, socketBufferSize)
|
||||
if forceErr != nil {
|
||||
logf("magicsock: [warning] failed to force-set UDP %v buffer size to %d: %v; using kernel default values (impacts throughput only)", direction, socketBufferSize, forceErr)
|
||||
}
|
||||
if portableErr != nil {
|
||||
logf("magicsock: failed to set UDP %v buffer size to %d: %v", direction, socketBufferSize, portableErr)
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName} ${lib.concatStringsSep " " cfg.extraDaemonFlags}"''
|
||||
@@ -0,0 +1,10 @@
|
||||
let
|
||||
interface = lib.substring 0 15 "ts-${instanceName}";
|
||||
in
|
||||
{
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
# Use the interface name for the tunnel
|
||||
interfaceName = interface;
|
||||
};
|
||||
}
|
||||
@@ -0,0 +1,28 @@
|
||||
// values are biased towards higher throughput on high bandwidth-delay
|
||||
// product paths, except on memory-constrained platforms.
|
||||
tcpRXBufOpt := tcpip.TCPReceiveBufferSizeRangeOption{
|
||||
...
|
||||
Max: tcpRXBufMaxSize,
|
||||
}
|
||||
tcpipErr := ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &tcpRXBufOpt)
|
||||
...
|
||||
tcpTXBufOpt := tcpip.TCPSendBufferSizeRangeOption{
|
||||
...
|
||||
Max: tcpTXBufMaxSize,
|
||||
}
|
||||
tcpipErr = ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &tcpTXBufOpt)
|
||||
...
|
||||
sackEnabledOpt := tcpip.TCPSACKEnabled(true) // TCP SACK is disabled by default
|
||||
tcpipErr := ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &sackEnabledOpt)
|
||||
...
|
||||
// See https://github.com/tailscale/tailscale/issues/9707
|
||||
// gVisor's RACK performs poorly. ACKs do not appear to be handled in a
|
||||
// timely manner, leading to spurious retransmissions and a reduced
|
||||
// congestion window.
|
||||
tcpRecoveryOpt := tcpip.TCPRecovery(0)
|
||||
tcpipErr = ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &tcpRecoveryOpt)
|
||||
...
|
||||
// gVisor defaults to reno at the time of writing. We explicitly set reno
|
||||
// See https://github.com/google/gvisor/issues/11632
|
||||
renoOpt := tcpip.CongestionControlOption("reno")
|
||||
tcpipErr = ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &renoOpt)
|
||||
@@ -0,0 +1,22 @@
|
||||
// SetLinkFeaturesPostUp configures link features on t based on select TS_TUN_
|
||||
// environment variables and OS feature tests. Callers should ensure t is
|
||||
// up prior to calling, otherwise OS feature tests may be inconclusive.
|
||||
func (t *Wrapper) SetLinkFeaturesPostUp() {
|
||||
if t.isTAP || runtime.GOOS == "android" {
|
||||
return
|
||||
}
|
||||
if groDev, ok := t.tdev.(tun.GRODevice); ok {
|
||||
if envknob.Bool("TS_TUN_DISABLE_UDP_GRO") {
|
||||
groDev.DisableUDPGRO()
|
||||
}
|
||||
if envknob.Bool("TS_TUN_DISABLE_TCP_GRO") {
|
||||
groDev.DisableTCPGRO()
|
||||
}
|
||||
err := probeTCPGRO(groDev)
|
||||
if errors.Is(err, unix.EINVAL) {
|
||||
groDev.DisableTCPGRO()
|
||||
groDev.DisableUDPGRO()
|
||||
t.logf("disabled TUN TCP & UDP GRO due to GRO probe error: %v", err)
|
||||
}
|
||||
}
|
||||
}
|
||||
+1
-1
@@ -4,7 +4,7 @@ extend-exclude = [
|
||||
"**/value",
|
||||
"**.rev",
|
||||
"**/facter-report.nix",
|
||||
"Chapters/Zusammenfassung.tex",
|
||||
"**/Zusammenfassung.tex",
|
||||
"**/key.json",
|
||||
"pkgs/clan-cli/clan_lib/machines/test_suggestions.py",
|
||||
]
|
||||
|
||||
@@ -62,6 +62,55 @@
|
||||
\usepackage{tikz}
|
||||
\usetikzlibrary{shapes.geometric}
|
||||
\usepackage[edges]{forest}
|
||||
\usepackage{listings} % Source code listings for evidence snippets
|
||||
% Syntax-highlighting colors (xcolor is already loaded by the class file)
|
||||
\definecolor{lstKeyword}{HTML}{0B5FA5}
|
||||
\definecolor{lstComment}{HTML}{4B7B4D}
|
||||
\definecolor{lstString}{HTML}{A31515}
|
||||
\definecolor{lstNumber}{HTML}{707070}
|
||||
\definecolor{lstBackground}{HTML}{F7F7F7}
|
||||
\definecolor{lstFrame}{HTML}{C8C8C8}
|
||||
\lstset{
|
||||
basicstyle=\ttfamily\footnotesize,
|
||||
keywordstyle=\color{lstKeyword}\bfseries,
|
||||
commentstyle=\color{lstComment}\itshape,
|
||||
stringstyle=\color{lstString},
|
||||
numberstyle=\tiny\color{lstNumber},
|
||||
identifierstyle=\color{black},
|
||||
backgroundcolor=\color{lstBackground},
|
||||
rulecolor=\color{lstFrame},
|
||||
breaklines=true,
|
||||
breakatwhitespace=false,
|
||||
columns=fullflexible,
|
||||
keepspaces=true,
|
||||
showstringspaces=false,
|
||||
frame=single,
|
||||
framerule=0.4pt,
|
||||
xleftmargin=0.5em,
|
||||
xrightmargin=0.5em,
|
||||
aboveskip=0.6em,
|
||||
belowskip=0.6em,
|
||||
captionpos=b,
|
||||
}
|
||||
\lstdefinelanguage{Nix}{
|
||||
morekeywords={with,let,in,inherit,rec,if,then,else,import,true,false,null},
|
||||
morecomment=[l]{\#},
|
||||
morestring=[b]",
|
||||
sensitive=true,
|
||||
}
|
||||
\lstdefinelanguage{Go}{
|
||||
morekeywords={break,case,chan,const,continue,default,defer,else,fallthrough,
|
||||
for,func,go,goto,if,import,interface,map,package,range,return,select,
|
||||
struct,switch,type,var,bool,byte,complex64,complex128,error,float32,
|
||||
float64,int,int8,int16,int32,int64,rune,string,uint,uint8,uint16,uint32,
|
||||
uint64,uintptr,true,false,iota,nil,append,cap,close,complex,copy,delete,
|
||||
imag,len,make,new,panic,print,println,real,recover},
|
||||
morecomment=[l]{//},
|
||||
morecomment=[s]{/*}{*/},
|
||||
morestring=[b]",
|
||||
morestring=[b]`,
|
||||
sensitive=true,
|
||||
}
|
||||
|
||||
\usepackage[backend=bibtex,style=numeric,natbib=true]{biblatex} %
|
||||
% Use the bibtex backend with the authoryear citation style (which
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
settings.global.excludes = [
|
||||
"AI_Data/**"
|
||||
"Figures/**"
|
||||
"Chapters/Zusammenfassung.tex"
|
||||
];
|
||||
|
||||
programs.typos = {
|
||||
|
||||
Reference in New Issue
Block a user