Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add gvisor based service library #965

Merged
merged 4 commits into from
Nov 21, 2023
Merged

add gvisor based service library #965

merged 4 commits into from
Nov 21, 2023

Conversation

d4l3k
Copy link
Contributor

@d4l3k d4l3k commented Sep 3, 2023
edited
Loading

This adds a gvisor based service library which allows for using a user space TCP stack instead of a native tun device.

This is an initial implementation and only handles TCP and ipv4 connections. This implementation is a bit rough so feedback is welcome 🙂

This refactors the Main function to take in a DeviceFactory -- so any users that require tunFd need to use NewFdDeviceFromConfig(tunFd) as the factory instead

See examples/go_service/main.go for how this might be used

Test plan:

$ go test ./service

Manual

$ go run ./examples/go_service
$ socat 192.168.100.2 -
hello world
asdf
echo: "asdf"
duck
echo: "duck"

@salesforce-cla
Copy link

salesforce-cla bot commented Sep 3, 2023

Thanks for the contribution! Before we can merge this, we need @d4l3k to sign the Salesforce Inc. Contributor License Agreement.

@d4l3k d4l3k force-pushed the master branch 2 times, most recently from 41cfc97 to b1fce0c Compare September 3, 2023 07:48
@d4l3k d4l3k marked this pull request as ready for review September 3, 2023 07:49
@d4l3k d4l3k force-pushed the master branch 2 times, most recently from c7cfed0 to 2cde07c Compare September 7, 2023 04:06
@wadey wadey added the NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made. label Sep 7, 2023
@wadey wadey added this to the v1.8.0 milestone Sep 7, 2023
brad-defined
brad-defined reviewed Oct 27, 2023
View reviewed changes
Copy link
Collaborator

@brad-defined brad-defined left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only a couple minor comments from what I saw. I think we can land this PR and update it as needed with future PRs.

Other thoughts (which I don't think should be required for the PR to land)

  • It'd be fun to write some performance tests
  • I expect the io.Pipe used doesn't scale up, but this can be updated in a future PR (along with performance tests that can verify or disprove my suspicion.)

service/service.go Outdated Show resolved Hide resolved
service/service.go Show resolved Hide resolved
@d4l3k d4l3k requested a review from brad-defined October 31, 2023 01:42
@brad-defined
Copy link
Collaborator

I'm OK with this landing. It adds some nice, useful functionality, modifies the Main() interface a little, and doesn't appear to me to add any interfaces that we can't live with going forward.

Will see if @wadey or @nbrownus have any thoughts on it.

@brad-defined
Copy link
Collaborator

Error: service/service.go:111:10: undefined: context.AfterFunc

My bad...apparently context.AfterFunc in go 1.21.0, but Nebula isn't on that golang version yet; it reduces Windows supported O/S's. Sorry! Will need to implement that functionality without that context function...

brad-defined
brad-defined reviewed Nov 15, 2023
View reviewed changes
service/service.go Outdated Show resolved Hide resolved
@brad-defined
Update service/service.go
a03c16f 
AfterFunc() introduced in a future Go version
@johnmaguire
Copy link
Collaborator

I believe this PR would close #538.

@brad-defined brad-defined merged commit 1083279 into slackhq:master Nov 21, 2023
7 checks passed
This was referenced Mar 13, 2024
Closed
Closed
@maggie44
Copy link

I'm curious to try this out, but would be helpful to know the current state of play. It says only handles TCP and ipv4 connections, presumably referring to between hosts? I think ipv4 is only supported between hosts anyway? So the main difference right now it is doesn't support UDP connections between hosts?

Then it's just a question of performance pending benchmarks?

@d4l3k
Copy link
Contributor Author

d4l3k commented May 13, 2024

@maggie44 I'm currently using this for my own (limited) use and it's been working just fine. You're right that ipv6 isn't supported by Nebula currently so that's just behavior as usual so just UDP isn't supported.

I've been using this for SSH and HTTP connections without any issues

@cre4ture cre4ture mentioned this pull request Jul 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brad-defined brad-defined brad-defined approved these changes

Assignees
No one assigned
Labels
cla:signed NeedsDecision Feedback is required from experts, contributors, and/or the community before a change can be made.
Projects
None yet
Milestone
v1.8.0
Development

Successfully merging this pull request may close these issues.
5 participants
@d4l3k @brad-defined @johnmaguire @maggie44 @wadey