rework Results.tex to include gVisor findings

Listings/hyprspace_dispatch.go

@@ -0,0 +1,26 @@
+} else if proto == 0x60 {
+    dstIP = net.IP(packet[24:40])
+    if node.cfg.BuiltinAddr6.Equal(dstIP) {
+        continue
+    } else if serviceNet.NetworkRange.Contains(dstIP) {
+        // Are you TCP because your protocol is 6, or is your
+        // protocol 6 because you are TCP?
+        if packet[6] == 0x06 {
+            port := uint16(packet[42])*256 + uint16(packet[43])
+            if serviceNet.EnsureListener([16]byte(packet[24:40]), port) {
+                count, err := (*serviceNet.Tun).Write([][]byte{packet}, 0)
+                if count == 0 || err != nil {
+                    logger.With(err).Error("Error writing to service-network tunnel")
+                }
+            }
+        }
+        continue
+    }
+}
+...
+// Check route table for destination address.
+route, found := node.cfg.FindRouteForIP(dstIP)
+if found {
+    dst = route.Target.ID
+    go node.sendPacket(dst, packet, plen)
+}

Listings/hyprspace_netstack.go

@@ -0,0 +1,21 @@
+// taken from https://git.zx2c4.com/wireguard-go/tree/tun/netstack/tun.go
+// rev 2b73054b299aec80cbb064954001810d30ee2e3c
+...
+func CreateNetTUN(localAddresses, dnsServers []netip.Addr, mtu int) (tun.Device, *Net, error) {
+    opts := stack.Options{
+        NetworkProtocols:   []stack.NetworkProtocolFactory{ipv4.NewProtocol, ipv6.NewProtocol},
+        TransportProtocols: []stack.TransportProtocolFactory{tcp.NewProtocol, udp.NewProtocol, icmp.NewProtocol6, icmp.NewProtocol4},
+        HandleLocal:        true,
+    }
+    dev := &netTun{
+        ep:             channel.New(1024, uint32(mtu), ""),
+        stack:          stack.New(opts),
+        ...
+    }
+    sackEnabledOpt := tcpip.TCPSACKEnabled(true) // TCP SACK is disabled by default
+    tcpipErr := dev.stack.SetTransportProtocolOption(tcp.ProtocolNumber, &sackEnabledOpt)
+    if tcpipErr != nil {
+        return nil, nil, fmt.Errorf("could not enable TCP SACK: %v", tcpipErr)
+    }
+    ...
+}

Listings/hyprspace_sendpacket.go

@@ -0,0 +1,31 @@
+type SharedStream struct {
+    Stream *network.Stream
+    Lock   *sync.Mutex
+}
+...
+// Inside the TUN-read loop:
+if found {
+    dst = route.Target.ID
+    go node.sendPacket(dst, packet, plen)
+}
+...
+func (node *Node) sendPacket(dst peer.ID, packet []byte, plen int) {
+    // Check if we already have an open connection to the destination peer.
+    ms, ok := node.activeStreams[dst]
+    if ok {
+        if func() bool {
+            ms.Lock.Lock()
+            defer ms.Lock.Unlock()
+            // Write out the packet's length to the libp2p stream to ensure
+            // we know the full size of the packet at the other end.
+            err := binary.Write(*ms.Stream, binary.LittleEndian, uint16(plen))
+            if err == nil {
+                // Write the packet out to the libp2p stream.
+                _, err = (*ms.Stream).Write(packet[:plen])
+                ...
+            }
+            ...
+        }() { return }
+    }
+    ...
+}

Listings/hyprspace_tun_linux.go

@@ -0,0 +1,15 @@
+// New creates and returns a new TUN interface for the application.
+func New(name string, opts ...Option) (*TUN, error) {
+    // Setup TUN Config
+    cfg := water.Config{
+        DeviceType: water.TUN,
+    }
+    cfg.Name = name
+
+    // Create Water Interface
+    iface, err := water.New(cfg)
+    if err != nil {
+        return nil, err
+    }
+    ...
+}

Listings/magicsock_buffer.go

@@ -0,0 +1,9 @@
+socketBufferSize = 7 << 20
+...
+forceErr, portableErr := sockopts.SetBufferSize(pconn, direction, socketBufferSize)
+if forceErr != nil {
+    logf("magicsock: [warning] failed to force-set UDP %v buffer size to %d: %v; using kernel default values (impacts throughput only)", direction, socketBufferSize, forceErr)
+}
+if portableErr != nil {
+    logf("magicsock: failed to set UDP %v buffer size to %d: %v", direction, socketBufferSize, portableErr)
+}

Listings/nixos_tailscale.nix

@@ -0,0 +1 @@
+''"FLAGS=--tun ${lib.escapeShellArg cfg.interfaceName} ${lib.concatStringsSep " " cfg.extraDaemonFlags}"''

Listings/rig_interface_name.nix

@@ -0,0 +1,10 @@
+let
+  interface = lib.substring 0 15 "ts-${instanceName}";
+in
+{
+  services.tailscale = {
+    enable = true;
+    # Use the interface name for the tunnel
+    interfaceName = interface;
+  };
+}

Listings/tailscale_netstack_overrides.go

@@ -0,0 +1,28 @@
+// values are biased towards higher throughput on high bandwidth-delay
+// product paths, except on memory-constrained platforms.
+tcpRXBufOpt := tcpip.TCPReceiveBufferSizeRangeOption{
+    ...
+    Max: tcpRXBufMaxSize,
+}
+tcpipErr := ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &tcpRXBufOpt)
+...
+tcpTXBufOpt := tcpip.TCPSendBufferSizeRangeOption{
+    ...
+    Max: tcpTXBufMaxSize,
+}
+tcpipErr = ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &tcpTXBufOpt)
+...
+sackEnabledOpt := tcpip.TCPSACKEnabled(true) // TCP SACK is disabled by default
+tcpipErr := ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &sackEnabledOpt)
+...
+// See https://github.com/tailscale/tailscale/issues/9707
+// gVisor's RACK performs poorly. ACKs do not appear to be handled in a
+// timely manner, leading to spurious retransmissions and a reduced
+// congestion window.
+tcpRecoveryOpt := tcpip.TCPRecovery(0)
+tcpipErr = ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &tcpRecoveryOpt)
+...
+// gVisor defaults to reno at the time of writing. We explicitly set reno
+// See https://github.com/google/gvisor/issues/11632
+renoOpt := tcpip.CongestionControlOption("reno")
+tcpipErr = ipstack.SetTransportProtocolOption(tcp.ProtocolNumber, &renoOpt)

Listings/tstun_gro.go

@@ -0,0 +1,22 @@
+// SetLinkFeaturesPostUp configures link features on t based on select TS_TUN_
+// environment variables and OS feature tests. Callers should ensure t is
+// up prior to calling, otherwise OS feature tests may be inconclusive.
+func (t *Wrapper) SetLinkFeaturesPostUp() {
+    if t.isTAP || runtime.GOOS == "android" {
+        return
+    }
+    if groDev, ok := t.tdev.(tun.GRODevice); ok {
+        if envknob.Bool("TS_TUN_DISABLE_UDP_GRO") {
+            groDev.DisableUDPGRO()
+        }
+        if envknob.Bool("TS_TUN_DISABLE_TCP_GRO") {
+            groDev.DisableTCPGRO()
+        }
+        err := probeTCPGRO(groDev)
+        if errors.Is(err, unix.EINVAL) {
+            groDev.DisableTCPGRO()
+            groDev.DisableUDPGRO()
+            t.logf("disabled TUN TCP & UDP GRO due to GRO probe error: %v", err)
+        }
+    }
+}

_typos.toml

@@ -4,7 +4,7 @@ extend-exclude = [
 	"**/value",
 	"**.rev",
 	"**/facter-report.nix",
-	"Chapters/Zusammenfassung.tex",
+	"**/Zusammenfassung.tex",
 	"**/key.json",
 	"pkgs/clan-cli/clan_lib/machines/test_suggestions.py",
 ]

main.tex

@@ -62,6 +62,55 @@
 \usepackage{tikz}
 \usetikzlibrary{shapes.geometric}
 \usepackage[edges]{forest}
+\usepackage{listings} % Source code listings for evidence snippets
+% Syntax-highlighting colors (xcolor is already loaded by the class file)
+\definecolor{lstKeyword}{HTML}{0B5FA5}
+\definecolor{lstComment}{HTML}{4B7B4D}
+\definecolor{lstString}{HTML}{A31515}
+\definecolor{lstNumber}{HTML}{707070}
+\definecolor{lstBackground}{HTML}{F7F7F7}
+\definecolor{lstFrame}{HTML}{C8C8C8}
+\lstset{
+  basicstyle=\ttfamily\footnotesize,
+  keywordstyle=\color{lstKeyword}\bfseries,
+  commentstyle=\color{lstComment}\itshape,
+  stringstyle=\color{lstString},
+  numberstyle=\tiny\color{lstNumber},
+  identifierstyle=\color{black},
+  backgroundcolor=\color{lstBackground},
+  rulecolor=\color{lstFrame},
+  breaklines=true,
+  breakatwhitespace=false,
+  columns=fullflexible,
+  keepspaces=true,
+  showstringspaces=false,
+  frame=single,
+  framerule=0.4pt,
+  xleftmargin=0.5em,
+  xrightmargin=0.5em,
+  aboveskip=0.6em,
+  belowskip=0.6em,
+  captionpos=b,
+}
+\lstdefinelanguage{Nix}{
+  morekeywords={with,let,in,inherit,rec,if,then,else,import,true,false,null},
+  morecomment=[l]{\#},
+  morestring=[b]",
+  sensitive=true,
+}
+\lstdefinelanguage{Go}{
+  morekeywords={break,case,chan,const,continue,default,defer,else,fallthrough,
+    for,func,go,goto,if,import,interface,map,package,range,return,select,
+    struct,switch,type,var,bool,byte,complex64,complex128,error,float32,
+    float64,int,int8,int16,int32,int64,rune,string,uint,uint8,uint16,uint32,
+    uint64,uintptr,true,false,iota,nil,append,cap,close,complex,copy,delete,
+  imag,len,make,new,panic,print,println,real,recover},
+  morecomment=[l]{//},
+  morecomment=[s]{/*}{*/},
+  morestring=[b]",
+  morestring=[b]`,
+  sensitive=true,
+}
 
 \usepackage[backend=bibtex,style=numeric,natbib=true]{biblatex} %
 % Use the bibtex backend with the authoryear citation style (which

treefmt.nix

@@ -18,6 +18,7 @@
         settings.global.excludes = [
           "AI_Data/**"
           "Figures/**"
+          "Chapters/Zusammenfassung.tex"
         ];
 
         programs.typos = {