Merge branch 'main' into fix/pkg-loss

2026-04-22 02:06:39 +00:00 · 2025-09-03 16:01:50 +02:00
parent 990aa8f7cd 71e944fa57
commit 180b52ba26
872 changed files with 75638 additions and 22204 deletions
--- a/client/iface/wgproxy/ebpf/proxy.go
+++ b/client/iface/wgproxy/ebpf/proxy.go
@@ -15,6 +15,7 @@ import (
 	log "github.com/sirupsen/logrus"

 	nberrors "github.com/netbirdio/netbird/client/errors"
+	"github.com/netbirdio/netbird/client/iface/bufsize"
 	"github.com/netbirdio/netbird/client/iface/wgproxy/rawsocket"
 	"github.com/netbirdio/netbird/client/internal/ebpf"
 	ebpfMgr "github.com/netbirdio/netbird/client/internal/ebpf/manager"
@@ -32,6 +33,7 @@ var (
 // WGEBPFProxy definition for proxy with EBPF support
 type WGEBPFProxy struct {
 	localWGListenPort int
+	mtu               uint16

 	ebpfManager   ebpfMgr.Manager
 	turnConnStore map[uint16]net.Conn
@@ -46,10 +48,11 @@ type WGEBPFProxy struct {
 }

 // NewWGEBPFProxy create new WGEBPFProxy instance
-func NewWGEBPFProxy(wgPort int) *WGEBPFProxy {
+func NewWGEBPFProxy(wgPort int, mtu uint16) *WGEBPFProxy {
 	log.Debugf("instantiate ebpf proxy")
 	wgProxy := &WGEBPFProxy{
 		localWGListenPort: wgPort,
+		mtu:               mtu,
 		ebpfManager:       ebpf.GetEbpfManagerInstance(),
 		turnConnStore:     make(map[uint16]net.Conn),
 	}
@@ -141,7 +144,7 @@ func (p *WGEBPFProxy) Free() error {
 // proxyToRemote read messages from local WireGuard interface and forward it to remote conn
 // From this go routine has only one instance.
 func (p *WGEBPFProxy) proxyToRemote() {
-	buf := make([]byte, 1500)
+	buf := make([]byte, p.mtu+bufsize.WGBufferOverhead)
 	for p.ctx.Err() == nil {
 		if err := p.readAndForwardPacket(buf); err != nil {
 			if p.ctx.Err() != nil {
--- a/client/iface/wgproxy/ebpf/proxy_test.go
+++ b/client/iface/wgproxy/ebpf/proxy_test.go
@@ -7,7 +7,7 @@ import (
 )

 func TestWGEBPFProxy_connStore(t *testing.T) {
-	wgProxy := NewWGEBPFProxy(1)
+	wgProxy := NewWGEBPFProxy(1, 1280)

 	p, _ := wgProxy.storeTurnConn(nil)
 	if p != 1 {
@@ -27,7 +27,7 @@ func TestWGEBPFProxy_connStore(t *testing.T) {
 }

 func TestWGEBPFProxy_portCalculation_overflow(t *testing.T) {
-	wgProxy := NewWGEBPFProxy(1)
+	wgProxy := NewWGEBPFProxy(1, 1280)

 	_, _ = wgProxy.storeTurnConn(nil)
 	wgProxy.lastUsedPort = 65535
@@ -43,7 +43,7 @@ func TestWGEBPFProxy_portCalculation_overflow(t *testing.T) {
 }

 func TestWGEBPFProxy_portCalculation_maxConn(t *testing.T) {
-	wgProxy := NewWGEBPFProxy(1)
+	wgProxy := NewWGEBPFProxy(1, 1280)

 	for i := 0; i < 65535; i++ {
 		_, _ = wgProxy.storeTurnConn(nil)
--- a/client/iface/wgproxy/ebpf/wrapper.go
+++ b/client/iface/wgproxy/ebpf/wrapper.go
@@ -11,6 +11,9 @@ import (
 	"sync"

 	log "github.com/sirupsen/logrus"
+
+	"github.com/netbirdio/netbird/client/iface/bufsize"
+	"github.com/netbirdio/netbird/client/iface/wgproxy/listener"
 )

 // ProxyWrapper help to keep the remoteConn instance for net.Conn.Close function call
@@ -27,12 +30,15 @@ type ProxyWrapper struct {
 	paused     bool
 	pausedCond *sync.Cond
 	isStarted  bool
+
+	closeListener *listener.CloseListener
 }

 func NewProxyWrapper(proxy *WGEBPFProxy) *ProxyWrapper {
 	return &ProxyWrapper{
-		wgeBPFProxy: proxy,
-		pausedCond:  sync.NewCond(&sync.Mutex{}),
+		wgeBPFProxy:   proxy,
+		pausedCond:    sync.NewCond(&sync.Mutex{}),
+		closeListener: listener.NewCloseListener(),
 	}
 }
 func (p *ProxyWrapper) AddTurnConn(ctx context.Context, endpoint *net.UDPAddr, remoteConn net.Conn) error {
@@ -50,6 +56,10 @@ func (p *ProxyWrapper) EndpointAddr() *net.UDPAddr {
 	return p.wgRelayedEndpointAddr
 }

+func (p *ProxyWrapper) SetDisconnectListener(disconnected func()) {
+	p.closeListener.SetCloseListener(disconnected)
+}
+
 func (p *ProxyWrapper) Work() {
 	if p.remoteConn == nil {
 		return
@@ -99,6 +109,8 @@ func (p *ProxyWrapper) CloseConn() error {

 	p.cancel()

+	p.closeListener.SetCloseListener(nil)
+
 	p.pausedCond.L.Lock()
 	p.paused = false
 	p.pausedCond.L.Unlock()
@@ -113,7 +125,7 @@ func (p *ProxyWrapper) CloseConn() error {
 func (p *ProxyWrapper) proxyToLocal(ctx context.Context) {
 	defer p.wgeBPFProxy.removeTurnConn(uint16(p.wgRelayedEndpointAddr.Port))

-	buf := make([]byte, 1500)
+	buf := make([]byte, p.wgeBPFProxy.mtu+bufsize.WGBufferOverhead)
 	for {
 		n, err := p.readFromRemote(ctx, buf)
 		if err != nil {
@@ -143,6 +155,7 @@ func (p *ProxyWrapper) readFromRemote(ctx context.Context, buf []byte) (int, err
 		if ctx.Err() != nil {
 			return 0, ctx.Err()
 		}
+		p.closeListener.Notify()
 		if !errors.Is(err, io.EOF) {
 			log.Errorf("failed to read from turn conn (endpoint: :%d): %s", p.wgRelayedEndpointAddr.Port, err)
 		}