Skip to content

Commit

Permalink
Merge pull request #1073 from NordSecurity/revert-1058-protected_pinger
Browse files Browse the repository at this point in the history
Revert "LLT-5886: Protected RTT QoS pings"
  • Loading branch information
tomasz-grz authored Jan 23, 2025
2 parents dcfd87c + e6cc0dc commit cf173ca
Show file tree
Hide file tree
Showing 18 changed files with 51 additions and 225 deletions.
2 changes: 0 additions & 2 deletions .unreleased/LLT-5886_protected_pinger

This file was deleted.

17 changes: 1 addition & 16 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 0 additions & 2 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,6 @@ telio-task.workspace = true
telio-traversal.workspace = true
telio-utils.workspace = true
telio-wg.workspace = true
telio-pinger.workspace = true
once_cell.workspace = true
nat-detect.workspace = true
smart-default.workspace = true
Expand Down Expand Up @@ -200,7 +199,6 @@ telio-utils = { version = "0.1.0", path = "./crates/telio-utils" }
telio-wg = { version = "0.1.0", path = "./crates/telio-wg" }
telio-pq = { version = "0.1.0", path = "./crates/telio-pq" }
telio-pmtu = { version = "0.1.0", path = "./crates/telio-pmtu" }
telio-pinger = { version = "0.1.0", path = "./crates/telio-pinger" }

[profile.release]
opt-level = "s"
Expand Down
4 changes: 1 addition & 3 deletions crates/telio-nurse/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,10 @@ telio-proto.workspace = true
telio-task.workspace = true
telio-utils.workspace = true
telio-wg.workspace = true
telio-pinger.workspace = true
telio-sockets.workspace = true
once_cell.workspace = true

[dev-dependencies]
telio-sockets = { workspace = true, features = ["mockall"] }
telio-sockets.workspace = true
telio-wg = { workspace = true, features = ["mockall"] }
tokio = { workspace = true, features = ["net", "sync", "test-util"] }
telio-nurse = { workspace = true, features = ["mockall"] }
Expand Down
19 changes: 1 addition & 18 deletions crates/telio-nurse/src/nurse.rs
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ use std::sync::Arc;
use telio_crypto::{PublicKey, SecretKey};
use telio_lana::*;
use telio_model::event::Event;
use telio_sockets::SocketPool;
use telio_task::{
io::{chan, mc_chan, Chan, McChan},
task_exec, ExecError, Runtime, RuntimeExt, Task, WaitResponse,
Expand Down Expand Up @@ -61,20 +60,9 @@ impl Nurse {
io: NurseIo<'_>,
aggregator: Arc<ConnectivityDataAggregator>,
ipv6_enabled: bool,
socket_pool: Arc<SocketPool>,
) -> Self {
Self {
task: Task::start(
State::new(
public_key,
config,
io,
aggregator,
ipv6_enabled,
socket_pool,
)
.await,
),
task: Task::start(State::new(public_key, config, io, aggregator, ipv6_enabled).await),
}
}

Expand Down Expand Up @@ -132,9 +120,6 @@ impl State {
/// * `public_key` - Used for heartbeat requests.
/// * `config` - Contains configuration for heartbeats and QoS.
/// * `io` - Nurse io channels.
/// * `aggregator` - ConnectivityDataAggregator.
/// * `ipv6_enabled` - IPv6 support.
/// * `socket_pool` - SocketPool used to protect the sockets.
///
/// # Returns
///
Expand All @@ -145,7 +130,6 @@ impl State {
io: NurseIo<'_>,
aggregator: Arc<ConnectivityDataAggregator>,
ipv6_enabled: bool,
socket_pool: Arc<SocketPool>,
) -> Self {
let meshnet_id = Self::meshnet_id();
telio_log_debug!("Meshnet ID: {meshnet_id}");
Expand Down Expand Up @@ -197,7 +181,6 @@ impl State {
config_update_channel: config_update_channel.subscribe(),
},
ipv6_enabled,
socket_pool,
)))
} else {
None
Expand Down
24 changes: 6 additions & 18 deletions crates/telio-nurse/src/qos.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@ use telio_model::features::RttType;
use telio_task::{io::mc_chan, Runtime, RuntimeExt, WaitResponse};
use telio_wg::uapi::{AnalyticsEvent, PeerState};

use telio_pinger::{DualPingResults, Pinger};
use telio_sockets::SocketPool;
use telio_utils::{interval, telio_log_debug, telio_log_trace, DualTarget, IpStack};
use telio_utils::{
interval, telio_log_debug, telio_log_trace, DualPingResults, DualTarget, IpStack, Pinger,
};

use crate::{config::QoSConfig, data::MeshConfigUpdateEvent};

Expand Down Expand Up @@ -240,22 +240,15 @@ impl Analytics {
///
/// * `config` - Config for QoS component.
/// * `io` - Channel(s) for communicating with WireGuard.
/// * `ipv6_enabled` - IPv6 support.
/// * `socket_pool` - SocketPool used to protect the sockets.
///
/// # Returns
///
/// A new `Analytics` instance with the given configuration but with no nodes.
pub fn new(
config: QoSConfig,
io: Io,
ipv6_enabled: bool,
socket_pool: Arc<SocketPool>,
) -> Self {
pub fn new(config: QoSConfig, io: Io, ipv6_enabled: bool) -> Self {
let (ping_channel_tx, ping_channel_rx) = mpsc::channel(1);

let ping_backend = if config.rtt_types.contains(&RttType::Ping) {
Arc::new(Pinger::new(config.rtt_tries, ipv6_enabled, socket_pool).ok())
Arc::new(Pinger::new(config.rtt_tries, ipv6_enabled).ok())
} else {
Arc::new(None)
};
Expand Down Expand Up @@ -607,7 +600,6 @@ mod tests {
collections::HashSet,
net::{Ipv4Addr, Ipv6Addr},
};
use telio_sockets::protector::MockProtector;
use telio_task::{
io::{mc_chan::Tx, McChan},
task_exec, Task,
Expand Down Expand Up @@ -940,12 +932,8 @@ mod tests {
buckets: 5,
};

let mut protect = MockProtector::default();
protect.expect_make_internal().returning(|_| Ok(()));
let socket_pool = Arc::new(SocketPool::new(protect));

(
Analytics::new(config, io, true, socket_pool),
Analytics::new(config, io, true),
manual_trigger_channel.tx,
wg_channel.tx,
)
Expand Down
19 changes: 0 additions & 19 deletions crates/telio-pinger/Cargo.toml

This file was deleted.

1 change: 0 additions & 1 deletion crates/telio-sockets/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ parking_lot.workspace = true
socket2.workspace = true
thiserror.workspace = true
tokio = { workspace = true, features = ["full"] }
mockall = { workspace = true, optional = true }

telio-utils.workspace = true
once_cell.workspace = true
Expand Down
30 changes: 0 additions & 30 deletions crates/telio-sockets/src/protector.rs
Original file line number Diff line number Diff line change
@@ -1,13 +1,3 @@
//! Provides cross-platform abstractions for managing socket-level protection
//!
//! Operations like binding to an external or internal interface, applying firewall marks,
//! watching for default interface and route changes, etc.
//!
//! Some methods are no_op on specific platforms:
//! - [`Protector::set_fwmark`] on macOS and Windows since they don't have iptables.
//! - [`Protector::set_tunnel_interface`] on Linux since firewall marks are used to route packets.
//! - [`Protector::make_internal`] on Linux and Windows since the sockets by default are bound to the tunnel interface.
use std::{io, panic::RefUnwindSafe, sync::Arc};

use crate::native::NativeSocket;
Expand All @@ -28,39 +18,22 @@ pub mod platform;
#[path = "protector/unsupported.rs"]
pub mod platform;

/// Re-export the implementation for the current platform.
pub use platform::NativeProtector;

/// Alias for a closure that accepts a native socket.
///
/// Used as a callback in the [`make_external_protector`] function.
pub type Protect = Arc<dyn Fn(NativeSocket) + Send + Sync + RefUnwindSafe + 'static>;

/// A trait describing common operations on a socket.
///
/// Used to manage binding, automatic re-binding and routing rules on various platforms.
/// Some of the methods are no-op on specific platforms.
#[cfg_attr(any(test, feature = "mockall"), mockall::automock)]
pub trait Protector: Send + Sync {
/// Configure the provided socket to send packets externally (outside of the tunnel).
fn make_external(&self, socket: NativeSocket) -> io::Result<()>;

/// Configure the provided socket to send packets internally (inside of the tunnel).
fn make_internal(&self, socket: NativeSocket) -> io::Result<()>;

/// Clean up any references associated with the given socket.
fn clean(&self, socket: NativeSocket);

/// Update the firewall mark for this socket used in iptables and routing rules.
fn set_fwmark(&self, fwmark: u32);

/// Update the tunnel interface identifier to be applied when making the socket internal.
fn set_tunnel_interface(&self, interface: u64);
}

/// A blanket implementation of `Arc<Protector>`.
///
/// Used to call [`Protector`] methods directly without having to dereference.
impl<T: Protector + ?Sized> Protector for Arc<T> {
fn make_external(&self, socket: NativeSocket) -> io::Result<()> {
self.as_ref().make_external(socket)
Expand All @@ -83,9 +56,6 @@ impl<T: Protector + ?Sized> Protector for Arc<T> {
}
}

/// Construct a [`Protector`] instance that applies a closure.
///
/// The closure is called only during [`Protector::make_external`], all other methods are no-op.
pub fn make_external_protector(protect: Protect) -> Arc<(dyn Protector + 'static)> {
struct ProtectorMakeExternalCb(Protect);
impl Protector for ProtectorMakeExternalCb {
Expand Down
17 changes: 13 additions & 4 deletions crates/telio-sockets/src/socket_pool.rs
Original file line number Diff line number Diff line change
Expand Up @@ -235,17 +235,26 @@ mod tests {
sync::Mutex,
};

use mockall::mock;
use rstest::rstest;

use crate::{
protector::{make_external_protector, MockProtector},
Protect,
};
use crate::{native::NativeSocket, protector::make_external_protector, Protect};

use super::*;

const PACKET: [u8; 8] = *b"libtelio";

mock! {
Protector {}
impl Protector for Protector {
fn make_external(&self, socket: NativeSocket) -> io::Result<()>;
fn clean(&self, socket: NativeSocket);
fn set_fwmark(&self, fwmark: u32);
fn set_tunnel_interface(&self, interface: u64);
fn make_internal(&self, interface: NativeSocket) -> Result<(), std::io::Error>;
}
}

#[tokio::test]
async fn test_external_drops_protector() {
let mut protect = MockProtector::default();
Expand Down
1 change: 1 addition & 0 deletions crates/telio-utils/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ serde.workspace = true
smart-default.workspace = true
sn_fake_clock = { workspace = true, optional = true }
socket2.workspace = true
surge-ping.workspace = true
thiserror.workspace = true
tokio = { workspace = true, features = ["time"] }
tracing.workspace = true
Expand Down
4 changes: 4 additions & 0 deletions crates/telio-utils/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,10 @@ pub use interval::*;
pub mod ip_stack;
pub use ip_stack::*;

/// Basic ICMP Pinger
pub mod pinger;
pub use pinger::*;

/// Testing tools
pub mod test;

Expand Down
Loading

0 comments on commit cf173ca

Please sign in to comment.