Proxy: TUN: Unify Darwin/Windows endpoint, which are now extremely similar, into one GVisorEndpoint.

Making darwin/windows tun implement GVisorDevice with simple readpacket/writepacket methods that GVisorEndpoint untilise

Author: Owersun

proxy/tun/stack_gvisor_endpoint.go

@@ -0,0 +1,155 @@
+package tun
+
+import (
+	"context"
+	"errors"
+
+	"gvisor.dev/gvisor/pkg/tcpip"
+	"gvisor.dev/gvisor/pkg/tcpip/header"
+	"gvisor.dev/gvisor/pkg/tcpip/stack"
+)
+
+var ErrQueueEmpty = errors.New("queue is empty")
+
+type GVisorDevice interface {
+	WritePacket(packet *stack.PacketBuffer) tcpip.Error
+	ReadPacket() (byte, *stack.PacketBuffer, error)
+	Wait()
+}
+
+// LinkEndpoint implements GVisor stack.LinkEndpoint
+var _ stack.LinkEndpoint = (*LinkEndpoint)(nil)
+
+type LinkEndpoint struct {
+	deviceMTU        uint32
+	device           GVisorDevice
+	dispatcherCancel context.CancelFunc
+}
+
+func (e *LinkEndpoint) MTU() uint32 {
+	return e.deviceMTU
+}
+
+func (e *LinkEndpoint) SetMTU(_ uint32) {
+	// not Implemented, as it is not expected GVisor will be asking tun device to be modified
+}
+
+func (e *LinkEndpoint) MaxHeaderLength() uint16 {
+	return 0
+}
+
+func (e *LinkEndpoint) LinkAddress() tcpip.LinkAddress {
+	return ""
+}
+
+func (e *LinkEndpoint) SetLinkAddress(_ tcpip.LinkAddress) {
+	// not Implemented, as it is not expected GVisor will be asking tun device to be modified
+}
+
+func (e *LinkEndpoint) Capabilities() stack.LinkEndpointCapabilities {
+	return stack.CapabilityRXChecksumOffload
+}
+
+func (e *LinkEndpoint) Attach(dispatcher stack.NetworkDispatcher) {
+	if e.dispatcherCancel != nil {
+		e.dispatcherCancel()
+		e.dispatcherCancel = nil
+	}
+
+	if dispatcher != nil {
+		ctx, cancel := context.WithCancel(context.Background())
+		go e.dispatchLoop(ctx, dispatcher)
+		e.dispatcherCancel = cancel
+	}
+}
+
+func (e *LinkEndpoint) IsAttached() bool {
+	return e.dispatcherCancel != nil
+}
+
+func (e *LinkEndpoint) Wait() {
+
+}
+
+func (e *LinkEndpoint) ARPHardwareType() header.ARPHardwareType {
+	return header.ARPHardwareNone
+}
+
+func (e *LinkEndpoint) AddHeader(buffer *stack.PacketBuffer) {
+	// tun interface doesn't have link layer header, it will be added by the OS
+}
+
+func (e *LinkEndpoint) ParseHeader(ptr *stack.PacketBuffer) bool {
+	return true
+}
+
+func (e *LinkEndpoint) Close() {
+	if e.dispatcherCancel != nil {
+		e.dispatcherCancel()
+		e.dispatcherCancel = nil
+	}
+}
+
+func (e *LinkEndpoint) SetOnCloseAction(_ func()) {
+
+}
+
+func (e *LinkEndpoint) WritePackets(packetBufferList stack.PacketBufferList) (int, tcpip.Error) {
+	var n int
+	var err tcpip.Error
+
+	for _, packetBuffer := range packetBufferList.AsSlice() {
+		err = e.device.WritePacket(packetBuffer)
+		if err != nil {
+			return n, &tcpip.ErrAborted{}
+		}
+		n++
+	}
+
+	return n, nil
+}
+
+func (e *LinkEndpoint) dispatchLoop(ctx context.Context, dispatcher stack.NetworkDispatcher) {
+	var networkProtocolNumber tcpip.NetworkProtocolNumber
+	var version byte
+	var packet *stack.PacketBuffer
+	var err error
+
+	for {
+		select {
+		case <-ctx.Done():
+			return
+		default:
+			version, packet, err = e.device.ReadPacket()
+			// on "queue empty", ask device to yield slightly and continue
+			if errors.Is(err, ErrQueueEmpty) {
+				e.device.Wait()
+				continue
+			}
+			// stop dispatcher loop on any other interface failure
+			if err != nil {
+				e.Attach(nil)
+				return
+			}
+
+			// extract network protocol number from the packet first byte
+			// (which is returned separately, since it is so incredibly hard to extract one byte from
+			// stack.PacketBuffer without additional memory allocation and full copying it back and forth)
+			switch version {
+			case 4:
+				networkProtocolNumber = header.IPv4ProtocolNumber
+			case 6:
+				networkProtocolNumber = header.IPv6ProtocolNumber
+			default:
+				// discard unknown network protocol packet
+				packet.DecRef()
+				continue
+			}
+
+			// dispatch the buffer to the stack
+			dispatcher.DeliverNetworkPacket(networkProtocolNumber, packet)
+			// signal the buffer that it can be released
+			packet.DecRef()
+		}
+	}
+}

proxy/tun/tun_darwin.go

@@ -11,14 +11,18 @@ import (
 	"syscall"
 	"unsafe"
 
+	"github.com/xtls/xray-core/common/buf"
 	"golang.org/x/sys/unix"
+	"gvisor.dev/gvisor/pkg/buffer"
+	"gvisor.dev/gvisor/pkg/tcpip"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
 )
 
 const (
 	utunControlName = "com.apple.net.utun_control"
 	sysprotoControl = 2
 	gateway         = "169.254.10.1/30"
+	utunHeaderSize  = 4
 )
 
 const (
@@ -28,13 +32,17 @@ const (
 	ND6_INFINITE_LIFETIME = 0xFFFFFFFF // netinet6/nd6.h
 )
 
+//go:linkname procyield runtime.procyield
+func procyield(cycles uint32)
+
 type DarwinTun struct {
 	tunFile *os.File
 	options TunOptions
 }
 
 var _ Tun = (*DarwinTun)(nil)
 var _ GVisorTun = (*DarwinTun)(nil)
+var _ GVisorDevice = (*DarwinTun)(nil)
 
 func NewTun(options TunOptions) (Tun, error) {
 	tunFile, err := open(options.Name)
@@ -62,8 +70,82 @@ func (t *DarwinTun) Close() error {
 	return t.tunFile.Close()
 }
 
+// WritePacket implements GVisorDevice method to write one packet to the tun device
+func (t *DarwinTun) WritePacket(packet *stack.PacketBuffer) tcpip.Error {
+	// request memory to write from reusable buffer pool
+	b := buf.NewWithSize(int32(t.options.MTU) + utunHeaderSize)
+	defer b.Release()
+
+	// prepare Darwin specific packet header
+	_, _ = b.Write([]byte{0x0, 0x0, 0x0, 0x0})
+	// copy the bytes of slices that compose the packet into the allocated buffer
+	for _, packetElement := range packet.AsSlices() {
+		_, _ = b.Write(packetElement)
+	}
+	// fill Darwin specific header from the first raw packet byte, that we can access now
+	var family byte
+	switch b.Byte(4) >> 4 {
+	case 4:
+		family = unix.AF_INET
+	case 6:
+		family = unix.AF_INET6
+	default:
+		return &tcpip.ErrAborted{}
+	}
+	b.SetByte(3, family)
+
+	if _, err := t.tunFile.Write(b.Bytes()); err != nil {
+		if errors.Is(err, unix.EAGAIN) {
+			return &tcpip.ErrWouldBlock{}
+		}
+		return &tcpip.ErrAborted{}
+	}
+	return nil
+}
+
+// ReadPacket implements GVisorDevice method to read one packet from the tun device
+// It is expected that the method will not block, rather return ErrQueueEmpty when there is nothing on the line,
+// which will make the stack call Wait which should implement desired push-back
+func (t *DarwinTun) ReadPacket() (byte, *stack.PacketBuffer, error) {
+	// request memory to write from reusable buffer pool
+	b := buf.NewWithSize(int32(t.options.MTU) + utunHeaderSize)
+
+	// read the bytes to the interface file
+	n, err := b.ReadFrom(t.tunFile)
+	if errors.Is(err, unix.EAGAIN) || errors.Is(err, unix.EINTR) {
+		b.Release()
+		return 0, nil, ErrQueueEmpty
+	}
+	if err != nil {
+		b.Release()
+		return 0, nil, err
+	}
+
+	// discard empty or sub-empty packets
+	if n <= utunHeaderSize {
+		b.Release()
+		return 0, nil, ErrQueueEmpty
+	}
+
+	// network protocol version from first byte of the raw packet, the one that follows Darwin specific header
+	version := b.Byte(utunHeaderSize) >> 4
+	packetBuffer := buffer.MakeWithData(b.BytesFrom(utunHeaderSize))
+	return version, stack.NewPacketBuffer(stack.PacketBufferOptions{
+		Payload:           packetBuffer,
+		IsForwardedPacket: true,
+		OnRelease: func() {
+			b.Release()
+		},
+	}), nil
+}
+
+// Wait some cpu cycles
+func (t *DarwinTun) Wait() {
+	procyield(1)
+}
+
 func (t *DarwinTun) newEndpoint() (stack.LinkEndpoint, error) {
-	return &DarwinEndpoint{tun: t}, nil
+	return &LinkEndpoint{deviceMTU: t.options.MTU, device: t}, nil
 }
 
 // open the interface, by creating new utunN if in the system and returning its file descriptor