[client] Eliminate UDP proxy in user-space mode (#2712)

In the case of user space WireGuard mode, use in-memory proxy between the TURN/Relay connection and the WireGuard Bind. We keep the UDP proxy and eBPF proxy for kernel mode. The key change is the new wgproxy/bind and the iface/bind/ice_bind changes. Everything else is just to fulfill the dependencies.
2026-04-16 07:16:38 +00:00 · 2024-10-22 20:53:14 +02:00
parent 0106a95f7a
commit 30ebcf38c7
50 changed files with 1129 additions and 553 deletions
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -17,8 +17,8 @@ import (

 	"github.com/netbirdio/netbird/client/iface"
 	"github.com/netbirdio/netbird/client/iface/configurer"
+	"github.com/netbirdio/netbird/client/iface/wgproxy"
 	"github.com/netbirdio/netbird/client/internal/stdnet"
-	"github.com/netbirdio/netbird/client/internal/wgproxy"
 	relayClient "github.com/netbirdio/netbird/relay/client"
 	"github.com/netbirdio/netbird/route"
 	nbnet "github.com/netbirdio/netbird/util/net"
@@ -81,11 +81,10 @@ type Conn struct {
 	ctxCancel      context.CancelFunc
 	config         ConnConfig
 	statusRecorder *Status
-	wgProxyFactory *wgproxy.Factory
 	signaler       *Signaler
-	iFaceDiscover  stdnet.ExternalIFaceDiscover
 	relayManager   *relayClient.Manager
-	allowedIPsIP   string
+	allowedIP      net.IP
+	allowedNet     string
 	handshaker     *Handshaker

 	onConnected    func(remoteWireGuardKey string, remoteRosenpassPubKey []byte, wireGuardIP string, remoteRosenpassAddr string)
@@ -116,8 +115,8 @@ type Conn struct {

 // NewConn creates a new not opened Conn to the remote peer.
 // To establish a connection run Conn.Open
-func NewConn(engineCtx context.Context, config ConnConfig, statusRecorder *Status, wgProxyFactory *wgproxy.Factory, signaler *Signaler, iFaceDiscover stdnet.ExternalIFaceDiscover, relayManager *relayClient.Manager) (*Conn, error) {
-	_, allowedIPsIP, err := net.ParseCIDR(config.WgConfig.AllowedIps)
+func NewConn(engineCtx context.Context, config ConnConfig, statusRecorder *Status, signaler *Signaler, iFaceDiscover stdnet.ExternalIFaceDiscover, relayManager *relayClient.Manager) (*Conn, error) {
+	allowedIP, allowedNet, err := net.ParseCIDR(config.WgConfig.AllowedIps)
 	if err != nil {
 		log.Errorf("failed to parse allowedIPS: %v", err)
 		return nil, err
@@ -127,19 +126,17 @@ func NewConn(engineCtx context.Context, config ConnConfig, statusRecorder *Statu
 	connLog := log.WithField("peer", config.Key)

 	var conn = &Conn{
-		log:            connLog,
-		ctx:            ctx,
-		ctxCancel:      ctxCancel,
-		config:         config,
-		statusRecorder: statusRecorder,
-		wgProxyFactory: wgProxyFactory,
-		signaler:       signaler,
-		iFaceDiscover:  iFaceDiscover,
-		relayManager:   relayManager,
-		allowedIPsIP:   allowedIPsIP.String(),
-		statusRelay:    NewAtomicConnStatus(),
-		statusICE:      NewAtomicConnStatus(),
-
+		log:               connLog,
+		ctx:               ctx,
+		ctxCancel:         ctxCancel,
+		config:            config,
+		statusRecorder:    statusRecorder,
+		signaler:          signaler,
+		relayManager:      relayManager,
+		allowedIP:         allowedIP,
+		allowedNet:        allowedNet.String(),
+		statusRelay:       NewAtomicConnStatus(),
+		statusICE:         NewAtomicConnStatus(),
 		iCEDisconnected:   make(chan bool, 1),
 		relayDisconnected: make(chan bool, 1),
 	}
@@ -692,7 +689,7 @@ func (conn *Conn) doOnConnected(remoteRosenpassPubKey []byte, remoteRosenpassAdd
 	}

 	if conn.onConnected != nil {
-		conn.onConnected(conn.config.Key, remoteRosenpassPubKey, conn.allowedIPsIP, remoteRosenpassAddr)
+		conn.onConnected(conn.config.Key, remoteRosenpassPubKey, conn.allowedNet, remoteRosenpassAddr)
 	}
 }

@@ -783,8 +780,13 @@ func (conn *Conn) freeUpConnID() {

 func (conn *Conn) newProxy(remoteConn net.Conn) (wgproxy.Proxy, error) {
 	conn.log.Debugf("setup proxied WireGuard connection")
-	wgProxy := conn.wgProxyFactory.GetProxy()
-	if err := wgProxy.AddTurnConn(conn.ctx, remoteConn); err != nil {
+	udpAddr := &net.UDPAddr{
+		IP:   conn.allowedIP,
+		Port: conn.config.WgConfig.WgListenPort,
+	}
+
+	wgProxy := conn.config.WgConfig.WgInterface.GetProxy()
+	if err := wgProxy.AddTurnConn(conn.ctx, udpAddr, remoteConn); err != nil {
 		conn.log.Errorf("failed to add turn net.Conn to local proxy: %v", err)
 		return nil, err
 	}