Initial working source caching

This commit is contained in:
Mathias Hall-Andersen 2017-11-14 16:27:53 +01:00
parent 566269275e
commit 69fe86edf0
6 changed files with 63 additions and 54 deletions

View File

@ -2,6 +2,8 @@ package main
import ( import (
"errors" "errors"
"golang.org/x/net/ipv4"
"golang.org/x/net/ipv6"
"net" "net"
) )
@ -42,7 +44,6 @@ func unsafeCloseUDPListener(device *Device) error {
if netc.bind != nil { if netc.bind != nil {
err = netc.bind.Close() err = netc.bind.Close()
netc.bind = nil netc.bind = nil
netc.update.Add(1)
} }
return err return err
} }
@ -68,6 +69,8 @@ func UpdateUDPListener(device *Device) error {
if device.tun.isUp.Get() { if device.tun.isUp.Get() {
device.log.Debug.Println("UDP bind updating")
// bind to new port // bind to new port
var err error var err error
@ -94,8 +97,10 @@ func UpdateUDPListener(device *Device) error {
// decrease waitgroup to 0 // decrease waitgroup to 0
go device.RoutineReceiveIncomming(ipv4.Version, netc.bind)
go device.RoutineReceiveIncomming(ipv6.Version, netc.bind)
device.log.Debug.Println("UDP bind has been updated") device.log.Debug.Println("UDP bind has been updated")
netc.update.Done()
} }
return nil return nil

View File

@ -1,8 +1,6 @@
package main package main
import ( import (
"golang.org/x/net/ipv4"
"golang.org/x/net/ipv6"
"runtime" "runtime"
"sync" "sync"
"sync/atomic" "sync/atomic"
@ -26,7 +24,6 @@ type Device struct {
bind UDPBind // bind interface bind UDPBind // bind interface
port uint16 // listening port port uint16 // listening port
fwmark uint32 // mark value (0 = disabled) fwmark uint32 // mark value (0 = disabled)
update sync.WaitGroup // the bind was updated (acting as a barrier)
} }
mutex sync.RWMutex mutex sync.RWMutex
privateKey NoisePrivateKey privateKey NoisePrivateKey
@ -167,7 +164,6 @@ func NewDevice(tun TUNDevice, logLevel int) *Device {
device.net.port = 0 device.net.port = 0
device.net.bind = nil device.net.bind = nil
device.net.update.Add(1)
// start workers // start workers
@ -179,8 +175,6 @@ func NewDevice(tun TUNDevice, logLevel int) *Device {
go device.RoutineReadFromTUN() go device.RoutineReadFromTUN()
go device.RoutineTUNEventReader() go device.RoutineTUNEventReader()
go device.ratelimiter.RoutineGarbageCollector(device.signal.stop) go device.ratelimiter.RoutineGarbageCollector(device.signal.stop)
go device.RoutineReceiveIncomming(ipv4.Version)
go device.RoutineReceiveIncomming(ipv6.Version)
return device return device
} }

View File

@ -14,6 +14,7 @@ func printUsage() {
} }
func main() { func main() {
// parse arguments // parse arguments
var foreground bool var foreground bool

View File

@ -26,6 +26,7 @@ type QueueInboundElement struct {
packet []byte packet []byte
counter uint64 counter uint64
keyPair *KeyPair keyPair *KeyPair
endpoint Endpoint
} }
func (elem *QueueInboundElement) Drop() { func (elem *QueueInboundElement) Drop() {
@ -92,25 +93,13 @@ func (device *Device) addToHandshakeQueue(
} }
} }
func (device *Device) RoutineReceiveIncomming(IPVersion int) { func (device *Device) RoutineReceiveIncomming(IP int, bind UDPBind) {
logDebug := device.log.Debug logDebug := device.log.Debug
logDebug.Println("Routine, receive incomming, IP version:", IPVersion) logDebug.Println("Routine, receive incomming, IP version:", IP)
for { for {
// wait for bind
logDebug.Println("Waiting for UDP socket, IP version:", IPVersion)
device.net.update.Wait()
device.net.mutex.RLock()
bind := device.net.bind
device.net.mutex.RUnlock()
if bind == nil {
continue
}
// receive datagrams until conn is closed // receive datagrams until conn is closed
buffer := device.GetMessageBuffer() buffer := device.GetMessageBuffer()
@ -124,7 +113,7 @@ func (device *Device) RoutineReceiveIncomming(IPVersion int) {
var endpoint Endpoint var endpoint Endpoint
switch IPVersion { switch IP {
case ipv4.Version: case ipv4.Version:
size, err = bind.ReceiveIPv4(buffer[:], &endpoint) size, err = bind.ReceiveIPv4(buffer[:], &endpoint)
case ipv6.Version: case ipv6.Version:
@ -185,6 +174,7 @@ func (device *Device) RoutineReceiveIncomming(IPVersion int) {
buffer: buffer, buffer: buffer,
keyPair: keyPair, keyPair: keyPair,
dropped: AtomicFalse, dropped: AtomicFalse,
endpoint: endpoint,
} }
elem.mutex.Lock() elem.mutex.Lock()
@ -396,7 +386,6 @@ func (device *Device) RoutineHandshake() {
peer.TimerAnyAuthenticatedPacketReceived() peer.TimerAnyAuthenticatedPacketReceived()
// update endpoint // update endpoint
// TODO: Discover destination address also, only update on change
peer.mutex.Lock() peer.mutex.Lock()
peer.endpoint.set = true peer.endpoint.set = true
@ -453,6 +442,13 @@ func (device *Device) RoutineHandshake() {
continue continue
} }
// update endpoint
peer.mutex.Lock()
peer.endpoint.set = true
peer.endpoint.value = elem.endpoint
peer.mutex.Unlock()
logDebug.Println("Received handshake initation from", peer) logDebug.Println("Received handshake initation from", peer)
peer.TimerEphemeralKeyCreated() peer.TimerEphemeralKeyCreated()
@ -521,6 +517,13 @@ func (peer *Peer) RoutineSequentialReceiver() {
} }
kp.mutex.Unlock() kp.mutex.Unlock()
// update endpoint
peer.mutex.Lock()
peer.endpoint.set = true
peer.endpoint.value = elem.endpoint
peer.mutex.Unlock()
// check for keep-alive // check for keep-alive
if len(elem.packet) == 0 { if len(elem.packet) == 0 {
@ -552,7 +555,8 @@ func (peer *Peer) RoutineSequentialReceiver() {
src := elem.packet[IPv4offsetSrc : IPv4offsetSrc+net.IPv4len] src := elem.packet[IPv4offsetSrc : IPv4offsetSrc+net.IPv4len]
if device.routingTable.LookupIPv4(src) != peer { if device.routingTable.LookupIPv4(src) != peer {
logInfo.Println("Packet with unallowed source IP from", peer.String()) logInfo.Println(src)
logInfo.Println("Packet with unallowed source IPv4 from", peer.String())
continue continue
} }
@ -577,7 +581,8 @@ func (peer *Peer) RoutineSequentialReceiver() {
src := elem.packet[IPv6offsetSrc : IPv6offsetSrc+net.IPv6len] src := elem.packet[IPv6offsetSrc : IPv6offsetSrc+net.IPv6len]
if device.routingTable.LookupIPv6(src) != peer { if device.routingTable.LookupIPv6(src) != peer {
logInfo.Println("Packet with unallowed source IP from", peer.String()) logInfo.Println(src)
logInfo.Println("Packet with unallowed source IPv6 from", peer.String())
continue continue
} }

View File

@ -28,7 +28,7 @@ netns0="wg-test-$$-0"
netns1="wg-test-$$-1" netns1="wg-test-$$-1"
netns2="wg-test-$$-2" netns2="wg-test-$$-2"
program="../wireguard-go" program="../wireguard-go"
export LOG_LEVEL="error" export LOG_LEVEL="debug"
pretty() { echo -e "\x1b[32m\x1b[1m[+] ${1:+NS$1: }${2}\x1b[0m" >&3; } pretty() { echo -e "\x1b[32m\x1b[1m[+] ${1:+NS$1: }${2}\x1b[0m" >&3; }
pp() { pretty "" "$*"; "$@"; } pp() { pretty "" "$*"; "$@"; }
@ -147,6 +147,8 @@ tests() {
n1 iperf3 -Z -n 1G -b 0 -u -c fd00::2 n1 iperf3 -Z -n 1G -b 0 -u -c fd00::2
} }
echo "4"
[[ $(ip1 link show dev wg1) =~ mtu\ ([0-9]+) ]] && orig_mtu="${BASH_REMATCH[1]}" [[ $(ip1 link show dev wg1) =~ mtu\ ([0-9]+) ]] && orig_mtu="${BASH_REMATCH[1]}"
big_mtu=$(( 34816 - 1500 + $orig_mtu )) big_mtu=$(( 34816 - 1500 + $orig_mtu ))
@ -185,7 +187,7 @@ ip0 -4 addr del 127.0.0.1/8 dev lo
ip0 -4 addr add 127.212.121.99/8 dev lo ip0 -4 addr add 127.212.121.99/8 dev lo
n0 wg set wg1 listen-port 9999 n0 wg set wg1 listen-port 9999
n0 wg set wg1 peer "$pub2" endpoint 127.0.0.1:20000 n0 wg set wg1 peer "$pub2" endpoint 127.0.0.1:20000
n1 ping6 -W 1 -c 1 fd00::20000 n1 ping6 -W 1 -c 1 fd00::2
[[ $(n2 wg show wg2 endpoints) == "$pub1 127.212.121.99:9999" ]] [[ $(n2 wg show wg2 endpoints) == "$pub1 127.212.121.99:9999" ]]
# Test using IPv6 that roaming works # Test using IPv6 that roaming works
@ -232,8 +234,9 @@ ip2 link del wg2
# ip1 link add dev wg1 type wireguard # ip1 link add dev wg1 type wireguard
# ip2 link add dev wg1 type wireguard # ip2 link add dev wg1 type wireguard
n1 $program wg1 n1 $program -f wg1 &
n2 $program wg2 n2 $program -f wg2 &
sleep 5
configure_peers configure_peers
@ -288,8 +291,9 @@ ip2 link del wg2
# ip1 link add dev wg1 type wireguard # ip1 link add dev wg1 type wireguard
# ip2 link add dev wg1 type wireguard # ip2 link add dev wg1 type wireguard
n1 $program wg1 n1 $program -f wg1 &
n2 $program wg1 n2 $program -f wg2 &
sleep 5
configure_peers configure_peers
@ -350,3 +354,4 @@ n2 ping -W 1 -c 1 192.168.241.1
ip1 link del veth1 ip1 link del veth1
ip1 link del wg1 ip1 link del wg1
ip2 link del wg2 ip2 link del wg2
echo "done"

View File

@ -248,7 +248,6 @@ func ipcSetOperation(device *Device, socket *bufio.ReadWriter) *IPCError {
peer.mutex.Lock() peer.mutex.Lock()
err := peer.endpoint.value.SetDst(value) err := peer.endpoint.value.SetDst(value)
fmt.Println(peer.endpoint.value.DstToString(), err)
peer.endpoint.set = (err == nil) peer.endpoint.set = (err == nil)
peer.mutex.Unlock() peer.mutex.Unlock()
if err != nil { if err != nil {