Home Explore Help
Sign In
golang
/
nebula
mirror of https://github.com/slackhq/nebula
2
0
Fork 0
Files Issues 0 Wiki
Branch: botched-path
Branches Tags
nebula
/
udp
/
wireguard_conn_linux.go

wireguard_conn_linux.go 4.9 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226 
  1. //go:build linux && !android && !e2e_testing
    2. 

  2. 

  3. package udp
    4. 

  4. 

  5. import (
    6. 

  6. 	"errors"
    7. 

  7. 	"net"
    8. 

  8. 	"net/netip"
    9. 

  9. 	"sync"
    10. 

  10. 	"sync/atomic"
    11. 

  11. 

  12. 	"github.com/sirupsen/logrus"
    13. 

  13. 	"github.com/slackhq/nebula/config"
    14. 

  14. 	wgconn "github.com/slackhq/nebula/wgstack/conn"
    15. 

  15. )
    16. 

  16. 

  17. // WGConn adapts WireGuard's batched UDP bind implementation to Nebula's udp.Conn interface.
    18. 

  18. type WGConn struct {
    19. 

  19. 	l         *logrus.Logger
    20. 

  20. 	bind      *wgconn.StdNetBind
    21. 

  21. 	recvers   []wgconn.ReceiveFunc
    22. 

  22. 	batch     int
    23. 

  23. 	reqBatch  int
    24. 

  24. 	localIP   netip.Addr
    25. 

  25. 	localPort uint16
    26. 

  26. 	enableGSO bool
    27. 

  27. 	enableGRO bool
    28. 

  28. 	gsoMaxSeg int
    29. 

  29. 	closed    atomic.Bool
    30. 

  30. 	q         int
    31. 

  31. 	closeOnce sync.Once
    32. 

  32. }
    33. 

  33. 

  34. // NewWireguardListener creates a UDP listener backed by WireGuard's StdNetBind.
    35. 

  35. func NewWireguardListener(l *logrus.Logger, ip netip.Addr, port int, multi bool, batch int, q int) (Conn, error) {
    36. 

  36. 	bind := wgconn.NewStdNetBindForAddr(ip, multi, q)
    37. 

  37. 	recvers, actualPort, err := bind.Open(uint16(port))
    38. 

  38. 	if err != nil {
    39. 

  39. 		return nil, err
    40. 

  40. 	}
    41. 

  41. 	if batch <= 0 {
    42. 

  42. 		batch = bind.BatchSize()
    43. 

  43. 	} else if batch > bind.BatchSize() {
    44. 

  44. 		batch = bind.BatchSize()
    45. 

  45. 	}
    46. 

  46. 	return &WGConn{
    47. 

  47. 		l:         l,
    48. 

  48. 		bind:      bind,
    49. 

  49. 		recvers:   recvers,
    50. 

  50. 		batch:     batch,
    51. 

  51. 		reqBatch:  batch,
    52. 

  52. 		localIP:   ip,
    53. 

  53. 		localPort: actualPort,
    54. 

  54. 		q:         q,
    55. 

  55. 	}, nil
    56. 

  56. }
    57. 

  57. 

  58. func (c *WGConn) Rebind() error {
    59. 

  59. 	// WireGuard's bind does not support rebinding in place.
    60. 

  60. 	return nil
    61. 

  61. }
    62. 

  62. 

  63. func (c *WGConn) LocalAddr() (netip.AddrPort, error) {
    64. 

  64. 	if !c.localIP.IsValid() || c.localIP.IsUnspecified() {
    65. 

  65. 		// Fallback to wildcard IPv4 for display purposes.
    66. 

  66. 		return netip.AddrPortFrom(netip.IPv4Unspecified(), c.localPort), nil
    67. 

  67. 	}
    68. 

  68. 	return netip.AddrPortFrom(c.localIP, c.localPort), nil
    69. 

  69. }
    70. 

  70. 

  71. func (c *WGConn) listen(fn wgconn.ReceiveFunc, r EncReader) {
    72. 

  72. 	batchSize := c.batch
    73. 

  73. 	packets := make([][]byte, batchSize)
    74. 

  74. 	for i := range packets {
    75. 

  75. 		packets[i] = make([]byte, 0xffff)
    76. 

  76. 	}
    77. 

  77. 	sizes := make([]int, batchSize)
    78. 

  78. 	endpoints := make([]wgconn.Endpoint, batchSize)
    79. 

  79. 

  80. 	for {
    81. 

  81. 		if c.closed.Load() {
    82. 

  82. 			return
    83. 

  83. 		}
    84. 

  84. 		n, err := fn(packets, sizes, endpoints)
    85. 

  85. 		if err != nil {
    86. 

  86. 			if errors.Is(err, net.ErrClosed) {
    87. 

  87. 				return
    88. 

  88. 			}
    89. 

  89. 			if c.l != nil {
    90. 

  90. 				c.l.WithError(err).Debug("wireguard UDP listener receive error")
    91. 

  91. 			}
    92. 

  92. 			continue
    93. 

  93. 		}
    94. 

  94. 		for i := 0; i < n; i++ {
    95. 

  95. 			if sizes[i] == 0 {
    96. 

  96. 				continue
    97. 

  97. 			}
    98. 

  98. 			stdEp, ok := endpoints[i].(*wgconn.StdNetEndpoint)
    99. 

  99. 			if !ok {
    100. 

  100. 				if c.l != nil {
    101. 

  101. 					c.l.Warn("wireguard UDP listener received unexpected endpoint type")
    102. 

  102. 				}
    103. 

  103. 				continue
    104. 

  104. 			}
    105. 

  105. 			addr := stdEp.AddrPort
    106. 

  106. 			r(addr, packets[i][:sizes[i]])
    107. 

  107. 			endpoints[i] = nil
    108. 

  108. 		}
    109. 

  109. 	}
    110. 

  110. }
    111. 

  111. 

  112. func (c *WGConn) ListenOut(r EncReader) {
    113. 

  113. 	for _, fn := range c.recvers {
    114. 

  114. 		go c.listen(fn, r)
    115. 

  115. 	}
    116. 

  116. }
    117. 

  117. 

  118. func (c *WGConn) WriteTo(b []byte, addr netip.AddrPort) error {
    119. 

  119. 	if len(b) == 0 {
    120. 

  120. 		return nil
    121. 

  121. 	}
    122. 

  122. 	if c.closed.Load() {
    123. 

  123. 		return net.ErrClosed
    124. 

  124. 	}
    125. 

  125. 	ep := &wgconn.StdNetEndpoint{AddrPort: addr}
    126. 

  126. 	return c.bind.Send([][]byte{b}, ep)
    127. 

  127. }
    128. 

  128. 

  129. func (c *WGConn) WriteBatch(datagrams []Datagram) error {
    130. 

  130. 	if len(datagrams) == 0 {
    131. 

  131. 		return nil
    132. 

  132. 	}
    133. 

  133. 	if c.closed.Load() {
    134. 

  134. 		return net.ErrClosed
    135. 

  135. 	}
    136. 

  136. 	max := c.batch
    137. 

  137. 	if max <= 0 {
    138. 

  138. 		max = len(datagrams)
    139. 

  139. 		if max == 0 {
    140. 

  140. 			max = 1
    141. 

  141. 		}
    142. 

  142. 	}
    143. 

  143. 	bufs := make([][]byte, 0, max)
    144. 

  144. 	var (
    145. 

  145. 		current  netip.AddrPort
    146. 

  146. 		endpoint *wgconn.StdNetEndpoint
    147. 

  147. 		haveAddr bool
    148. 

  148. 	)
    149. 

  149. 	flush := func() error {
    150. 

  150. 		if len(bufs) == 0 || endpoint == nil {
    151. 

  151. 			bufs = bufs[:0]
    152. 

  152. 			return nil
    153. 

  153. 		}
    154. 

  154. 		err := c.bind.Send(bufs, endpoint)
    155. 

  155. 		bufs = bufs[:0]
    156. 

  156. 		return err
    157. 

  157. 	}
    158. 

  158. 

  159. 	for _, d := range datagrams {
    160. 

  160. 		if len(d.Payload) == 0 || !d.Addr.IsValid() {
    161. 

  161. 			continue
    162. 

  162. 		}
    163. 

  163. 		if !haveAddr || d.Addr != current {
    164. 

  164. 			if err := flush(); err != nil {
    165. 

  165. 				return err
    166. 

  166. 			}
    167. 

  167. 			current = d.Addr
    168. 

  168. 			endpoint = &wgconn.StdNetEndpoint{AddrPort: current}
    169. 

  169. 			haveAddr = true
    170. 

  170. 		}
    171. 

  171. 		bufs = append(bufs, d.Payload)
    172. 

  172. 		if len(bufs) >= max {
    173. 

  173. 			if err := flush(); err != nil {
    174. 

  174. 				return err
    175. 

  175. 			}
    176. 

  176. 		}
    177. 

  177. 	}
    178. 

  178. 	return flush()
    179. 

  179. }
    180. 

  180. 

  181. func (c *WGConn) ConfigureOffload(enableGSO, enableGRO bool, maxSegments int) {
    182. 

  182. 	c.enableGSO = enableGSO
    183. 

  183. 	c.enableGRO = enableGRO
    184. 

  184. 	if maxSegments <= 0 {
    185. 

  185. 		maxSegments = 1
    186. 

  186. 	} else if maxSegments > wgconn.IdealBatchSize {
    187. 

  187. 		maxSegments = wgconn.IdealBatchSize
    188. 

  188. 	}
    189. 

  189. 	c.gsoMaxSeg = maxSegments
    190. 

  190. 

  191. 	effectiveBatch := c.reqBatch
    192. 

  192. 	if enableGSO && c.bind != nil {
    193. 

  193. 		bindBatch := c.bind.BatchSize()
    194. 

  194. 		if effectiveBatch < bindBatch {
    195. 

  195. 			if c.l != nil {
    196. 

  196. 				c.l.WithFields(logrus.Fields{
    197. 

  197. 					"requested": c.reqBatch,
    198. 

  198. 					"effective": bindBatch,
    199. 

  199. 				}).Warn("listen.batch below wireguard minimum; using bind batch size for UDP GSO support")
    200. 

  200. 			}
    201. 

  201. 			effectiveBatch = bindBatch
    202. 

  202. 		}
    203. 

  203. 	}
    204. 

  204. 	c.batch = effectiveBatch
    205. 

  205. 

  206. 	if c.l != nil {
    207. 

  207. 		c.l.WithFields(logrus.Fields{
    208. 

  208. 			"enableGSO":      enableGSO,
    209. 

  209. 			"enableGRO":      enableGRO,
    210. 

  210. 			"gsoMaxSegments": maxSegments,
    211. 

  211. 		}).Debug("configured wireguard UDP offload")
    212. 

  212. 	}
    213. 

  213. }
    214. 

  214. 

  215. func (c *WGConn) ReloadConfig(*config.C) {
    216. 

  216. 	// WireGuard bind currently does not expose runtime configuration knobs.
    217. 

  217. }
    218. 

  218. 

  219. func (c *WGConn) Close() error {
    220. 

  220. 	var err error
    221. 

  221. 	c.closeOnce.Do(func() {
    222. 

  222. 		c.closed.Store(true)
    223. 

  223. 		err = c.bind.Close()
    224. 

  224. 	})
    225. 

  225. 	return err
    226. 

  226. }
    227.