net/tstun: instrument Wrapper with statistics gathering (#5847)

If Wrapper.StatisticsEnable is enabled,
then per-connection counters are maintained.
If enabled, Wrapper.StatisticsExtract must be periodically called
otherwise there is unbounded memory growth.

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
This commit is contained in:
Joe Tsai 2022-10-05 12:24:30 -07:00 committed by GitHub
parent a37ee8483f
commit 24ebf161e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 58 additions and 0 deletions

View File

@ -240,6 +240,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/net/tsdial from tailscale.com/control/controlclient+
💣 tailscale.com/net/tshttpproxy from tailscale.com/control/controlclient+
tailscale.com/net/tstun from tailscale.com/net/dns+
tailscale.com/net/tunstats from tailscale.com/net/tstun
tailscale.com/paths from tailscale.com/ipn/ipnlocal+
tailscale.com/portlist from tailscale.com/ipn/ipnlocal
tailscale.com/safesocket from tailscale.com/client/tailscale+

View File

@ -22,8 +22,10 @@ import (
"golang.zx2c4.com/wireguard/tun"
"gvisor.dev/gvisor/pkg/tcpip/stack"
"tailscale.com/disco"
"tailscale.com/net/flowtrack"
"tailscale.com/net/packet"
"tailscale.com/net/tsaddr"
"tailscale.com/net/tunstats"
"tailscale.com/syncs"
"tailscale.com/tstime/mono"
"tailscale.com/types/ipproto"
@ -166,6 +168,12 @@ type Wrapper struct {
// disableTSMPRejected disables TSMP rejected responses. For tests.
disableTSMPRejected bool
// stats maintains per-connection counters.
stats struct {
enabled atomic.Bool
tunstats.Statistics
}
}
// tunReadResult is the result of a TUN read, or an injected result pretending to be a TUN read.
@ -560,6 +568,9 @@ func (t *Wrapper) Read(buf []byte, offset int) (int, error) {
}
}
if t.stats.enabled.Load() {
t.stats.UpdateTx(buf[offset:][:n])
}
t.noteActivity()
return n, nil
}
@ -690,6 +701,9 @@ func (t *Wrapper) Write(buf []byte, offset int) (int, error) {
}
func (t *Wrapper) tdevWrite(buf []byte, offset int) (int, error) {
if t.stats.enabled.Load() {
t.stats.UpdateRx(buf[offset:])
}
if t.isTAP {
return t.tapWrite(buf, offset)
}
@ -829,6 +843,18 @@ func (t *Wrapper) Unwrap() tun.Device {
return t.tdev
}
// StatisticsEnable enables per-connections packet counters.
// StatisticsExtract must be called periodically to avoid unbounded memory use.
func (t *Wrapper) StatisticsEnable(enable bool) {
t.stats.enabled.Store(enable)
}
// StatisticsExtract extracts and resets the counters for all active connections.
// It must be called periodically otherwise the memory used is unbounded.
func (t *Wrapper) StatisticsExtract() map[flowtrack.Tuple]tunstats.Counts {
return t.stats.Extract()
}
var (
metricPacketIn = clientmetric.NewCounter("tstun_in_from_wg")
metricPacketInDrop = clientmetric.NewCounter("tstun_in_from_wg_drop")

View File

@ -9,6 +9,7 @@ import (
"encoding/binary"
"fmt"
"net/netip"
"reflect"
"strconv"
"strings"
"testing"
@ -18,8 +19,10 @@ import (
"go4.org/netipx"
"golang.zx2c4.com/wireguard/tun/tuntest"
"tailscale.com/disco"
"tailscale.com/net/flowtrack"
"tailscale.com/net/netaddr"
"tailscale.com/net/packet"
"tailscale.com/net/tunstats"
"tailscale.com/tstest"
"tailscale.com/tstime/mono"
"tailscale.com/types/ipproto"
@ -281,6 +284,11 @@ func TestWriteAndInject(t *testing.T) {
t.Errorf("%s not received", packet)
}
}
// Statistics gathering is disabled by default.
if stats := tun.StatisticsExtract(); len(stats) > 0 {
t.Errorf("tun.StatisticsExtract = %v, want {}", stats)
}
}
func TestFilter(t *testing.T) {
@ -329,12 +337,17 @@ func TestFilter(t *testing.T) {
}()
var buf [MaxPacketSize]byte
tun.StatisticsEnable(true)
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
var n int
var err error
var filtered bool
if stats := tun.StatisticsExtract(); len(stats) > 0 {
t.Errorf("tun.StatisticsExtract = %v, want {}", stats)
}
if tt.dir == in {
// Use the side effect of updating the last
// activity atomic to determine whether the
@ -364,6 +377,24 @@ func TestFilter(t *testing.T) {
t.Errorf("got accept; want drop")
}
}
got := tun.StatisticsExtract()
want := map[flowtrack.Tuple]tunstats.Counts{}
if !tt.drop {
var p packet.Parsed
p.Decode(tt.data)
switch tt.dir {
case in:
tuple := flowtrack.Tuple{Proto: ipproto.UDP, Src: p.Dst, Dst: p.Src}
want[tuple] = tunstats.Counts{RxPackets: 1, RxBytes: uint64(len(tt.data))}
case out:
tuple := flowtrack.Tuple{Proto: ipproto.UDP, Src: p.Src, Dst: p.Dst}
want[tuple] = tunstats.Counts{TxPackets: 1, TxBytes: uint64(len(tt.data))}
}
}
if !reflect.DeepEqual(got, want) {
t.Errorf("tun.StatisticsExtract = %v, want %v", got, want)
}
})
}
}