-
Notifications
You must be signed in to change notification settings - Fork 988
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support UDP/TCP port fowarding to a host without setting up a tun #1179
Open
cre4ture
wants to merge
35
commits into
slackhq:master
Choose a base branch
from
cre4ture:feature/try_with_gvisor_stack
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+2,334
−181
Open
Changes from 27 commits
Commits
Show all changes
35 commits
Select commit
Hold shift + click to select a range
f119439
performance impr.: avoid repeated allocation of "lastTick" on heap
cre4ture 6eaf418
support unsafe_routes for use with port_forwarding and user_tun
cre4ture 2388e2c
performance 3: avoid repeated allocation of []byte{1} on heap
cre4ture aa41526
performance4: use buffer.view based channels instead of pipe
cre4ture c245a30
Add script for speedtesting port forwarding
akernet ed937ab
Revert "Add script for speedtesting port forwarding"
cre4ture 48745eb
modified and extended speedtest
cre4ture c516383
add automated functional tests for port forwarding
cre4ture 067410f
TCP/UDP port fwd. for disabled tun with config reload support
cre4ture ea77cde
fix fmt
cre4ture ac016c9
try to fix instability of the service level tests
cre4ture a678cff
lets see if randomization of the port helps
cre4ture 9d60a1b
avoid panic due to writing to closed channel
cre4ture bd55362
extend validity time range to avoid race conditions in CI
cre4ture a9b0b1d
ensure that node certs lifetime doesn't outlife ca cert lifetime
cre4ture d22fe21
consider injected name for certificate configuration
cre4ture 670b3ab
try to unique node names in tests
cre4ture 6d03850
add name of the test to the certificate
cre4ture 3fd775b
add logging prefix to differentiate the output in a test with 2 services
cre4ture 99b11b3
tests: check for clean service shutdown and improve logging
cre4ture ca43832
try to make it more stable by using channels and waitgroups
cre4ture 12a0dd8
improve stopping logic for UserDevice
cre4ture b1ea9f5
improving test code to get stability improved - still fails with stress
cre4ture 352f74f
Merge remote-tracking branch 'origin/master' into feature/try_with_gv…
cre4ture 84d1a26
fix issue with survival of nebula service from previous testrun
cre4ture ad2dbdc
require instead of assert; fix missing close connectons in one test
cre4ture fa7d120
service: fix missing destruction of ipstack
cre4ture e6bcba2
add comment to "unsafe_routes" initialisation
cre4ture f908c10
add comment to performance improvement in user-tun
cre4ture ba8a037
add missing error handling when calling fwd factorie functions
cre4ture ba7880a
remove all sleeps in tests - no need for them
cre4ture 39d8332
nitpick: use atomic bool instead of bool for usynced thread access
cre4ture cd510b3
fix race condition where "CloseAndZero" is executed while still used
cre4ture c2e4dd9
fix the closing of the linux udp reading loop using Shutdown
cre4ture 03630fb
Merge remote-tracking branch 'origin/master' into feature/try_with_gv…
cre4ture File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
*.out | ||
*.crt | ||
*.key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
# Userspace port forwarding | ||
A simple speedtest for userspace port forwarding that can run without root access. | ||
|
||
## A side | ||
Nebula running at port 10000, forwarding inbound TCP connections on port 5201 to 127.0.0.1:15001. | ||
|
||
## B side | ||
Nebula running at port 10001, forwarding outbound TCP connections from 127.0.0.1:15002 to port 5201 of the A side. | ||
|
||
## Speedtest | ||
|
||
┌──────────────────────┐:10001 :10002┌──────────────────────┐ | ||
│ Nebula A side ├─────────────────┤ Nebula B side │ | ||
│ │ │ │ | ||
│ 192.168.100.1 │ TCP 5201 │ 192.168.100.2 │ | ||
│ ┌───────────┼─────────────────┼──────────┐ │ | ||
│ │ ├─────────────────┤ │ │ | ||
└──────────▼───────────┘ └──────────▲───────────┘ | ||
│ │ 127.0.0.1:15002 | ||
│ │ | ||
┌──────────▼───────────┐ ┌──────────┴───────────┐ | ||
│ │ │ │ | ||
│ │ │ │ | ||
│ iperf3 -s -p 15001 │ │ iperf3 -c -p 15001 │ | ||
│ │ │ │ | ||
│ │ │ │ | ||
└──────────────────────┘ └──────────────────────┘ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
pki: | ||
ca: ca.crt | ||
cert: a.crt | ||
key: a.key | ||
|
||
static_host_map: | ||
"192.168.100.2": ["127.0.0.1:10002"] | ||
|
||
logging: | ||
level: info | ||
|
||
listen: | ||
host: 127.0.0.1 | ||
port: 10001 | ||
|
||
port_forwarding: | ||
enable_without_rules: true | ||
inbound: | ||
- listen_port: 5201 | ||
dial_address: "127.0.0.1:15001" | ||
protocols: [tcp, udp] | ||
|
||
tun: | ||
disabled: true | ||
mtu: 1300 | ||
|
||
firewall: | ||
outbound: | ||
- port: any | ||
proto: udp | ||
host: any | ||
inbound: | ||
- port: 5201 | ||
proto: any | ||
host: any |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
pki: | ||
ca: ca.crt | ||
cert: b.crt | ||
key: b.key | ||
|
||
static_host_map: | ||
"192.168.100.1": ["127.0.0.1:10001"] | ||
|
||
logging: | ||
level: info | ||
|
||
listen: | ||
host: 127.0.0.1 | ||
port: 10002 | ||
|
||
port_forwarding: | ||
enable_without_rules: true | ||
outbound: | ||
- listen_address: "127.0.0.1:15002" | ||
dial_address: "192.168.100.1:5201" | ||
protocols: [tcp, udp] | ||
|
||
tun: | ||
disabled: true | ||
mtu: 1300 | ||
|
||
firewall: | ||
outbound: | ||
- port: any | ||
proto: udp | ||
host: any | ||
- port: 5201 | ||
proto: any | ||
host: any |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/bin/bash | ||
|
||
../../nebula-cert ca -name "E2E test CA" | ||
../../nebula-cert sign -name "A" -ip "192.168.100.1/24" -out-crt a.crt -out-key a.key | ||
../../nebula-cert sign -name "B" -ip "192.168.100.2/24" -out-crt b.crt -out-key b.key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/bin/bash | ||
|
||
cd "$(dirname "$0")" | ||
|
||
if ! test -f ca.key; then | ||
echo "Generating new test certificates" | ||
./generate_certificates.sh | ||
fi | ||
|
||
../../nebula -config "$(pwd)/a_config.yml" &>a.out & | ||
A_PID=$! | ||
../../nebula -config "$(pwd)/b_config.yml" &>b.out & | ||
B_PID=$! | ||
|
||
iperf3 -s -p 15001 & | ||
IPERF_SERVER_PID=$! | ||
|
||
sleep 1 | ||
iperf3 -c 127.0.0.1 -p 15002 -P 10 "$@" | ||
|
||
# Cleanup | ||
kill $IPERF_SERVER_PID $A_PID $B_PID | ||
|
||
# wait for shutdown logs are written to files | ||
sleep 1 | ||
|
||
echo "##########################################" | ||
echo "A side logs:" | ||
echo "##########################################" | ||
cat a.out | ||
|
||
echo "##########################################" | ||
echo "B side logs:" | ||
echo "##########################################" | ||
cat b.out | ||
rm a.out b.out |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/bin/bash | ||
|
||
cd "$(dirname "$0")" | ||
|
||
./speedtest.sh --udp --bidir --bitrate=100MiB "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would suggest moving this to a separate PR since it affects normal configs too