evan/protomask
1
Fork 0
Code

Speed optimizations

Browse Source
This commit is contained in:
Evan Pratten 2023-07-17 19:51:59 -04:00
parent 2d5551ea03
commit 5f5b825676
6 changed files with 78 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile
View File

@ -3,3 +3,7 @@ SRC=$(wildcard src/*.rs) $(wildcard src/**/*.rs) $(wildcard src/**/**/*.rs) Carg
target/debug/protomask: $(SRC) target/debug/protomask: $(SRC)
cross build --target x86_64-unknown-linux-musl cross build --target x86_64-unknown-linux-musl
sudo setcap cap_net_admin=eip $@ sudo setcap cap_net_admin=eip $@
target/release/protomask: $(SRC)
cross build --target x86_64-unknown-linux-musl --release
sudo setcap cap_net_admin=eip $@

1
src/lib.rs
View File

@ -1,3 +1,4 @@
#![deny(unsafe_code)] #![deny(unsafe_code)]
pub mod nat; pub mod nat;
mod logging;

58
src/logging.rs Normal file
View File

@ -0,0 +1,58 @@
use std::sync::OnceLock;
use colored::Colorize;
/// A global variable that is used to early-kill attempts to write debug logs if debug logging is disabled
pub static DEBUG_ENABLED: OnceLock<bool> = OnceLock::new();
/// A macro that can completely skip the debug step if debug logging is disabled
#[macro_export]
macro_rules! debug {
($($arg:tt)*) => {
if *$crate::logging::DEBUG_ENABLED.get().unwrap_or(&false) {
log::debug!($($arg)*);
}
};
}
/// Enable the logger
#[allow(dead_code)]
pub fn enable_logger(verbose: bool) {
fern::Dispatch::new()
.format(move |out, message, record| {
out.finish(format_args!(
"{}: {}",
format!(
"{}{}",
// Level messages are padded to keep the output looking somewhat sane
match record.level() {
log::Level::Error => "ERROR".red().bold().to_string(),
log::Level::Warn => "WARN ".yellow().bold().to_string(),
log::Level::Info => "INFO ".green().bold().to_string(),
log::Level::Debug => "DEBUG".bright_blue().bold().to_string(),
log::Level::Trace => "TRACE".bright_white().bold().to_string(),
},
// Only show the outer package name if verbose logging is enabled (otherwise nothing)
match verbose {
true => format!(" [{}]", record.target().split("::").nth(0).unwrap()),
false => String::new(),
}
.bright_black()
),
message
))
})
.level(match verbose {
true => log::LevelFilter::Debug,
false => log::LevelFilter::Info,
})
.chain(std::io::stdout())
.apply()
.unwrap();
if verbose {
log::debug!("Verbose logging enabled");
}
// Set the global debug enabled variable
DEBUG_ENABLED.set(verbose).unwrap();
}

39
src/main.rs
View File

@ -1,11 +1,12 @@
use clap::Parser; use clap::Parser;
use colored::Colorize;
use config::Config; use config::Config;
use logging::enable_logger;
use nat::Nat64; use nat::Nat64;
mod cli; mod cli;
mod config; mod config;
mod nat; mod nat;
mod logging;
#[tokio::main] #[tokio::main]
pub async fn main() { pub async fn main() {
@ -13,41 +14,7 @@ pub async fn main() {
let args = cli::Args::parse(); let args = cli::Args::parse();
// Set up logging // Set up logging
let log_verbose = args.verbose; enable_logger(args.verbose);
fern::Dispatch::new()
.format(move |out, message, record| {
out.finish(format_args!(
"{}: {}",
format!(
"{}{}",
// Level messages are padded to keep the output looking somewhat sane
match record.level() {
log::Level::Error => "ERROR".red().bold().to_string(),
log::Level::Warn => "WARN ".yellow().bold().to_string(),
log::Level::Info => "INFO ".green().bold().to_string(),
log::Level::Debug => "DEBUG".bright_blue().bold().to_string(),
log::Level::Trace => "TRACE".bright_white().bold().to_string(),
},
// Only show the outer package name if verbose logging is enabled (otherwise nothing)
match log_verbose {
true => format!(" [{}]", record.target().split("::").nth(0).unwrap()),
false => String::new(),
}
.bright_black()
),
message
))
})
.level(match args.verbose {
true => log::LevelFilter::Debug,
false => log::LevelFilter::Info,
})
.chain(std::io::stdout())
.apply()
.unwrap();
if args.verbose {
log::debug!("Verbose logging enabled");
}
// If the binary was built with profiling support, enable it // If the binary was built with profiling support, enable it
#[cfg(feature = "enable-profiling")] #[cfg(feature = "enable-profiling")]

14
src/nat/mod.rs
View File

@ -76,7 +76,7 @@ impl Nat64 {
match self.interface.recv(&mut buffer) { match self.interface.recv(&mut buffer) {
Ok(packet_len) => { Ok(packet_len) => {
// Parse in to a more friendly format // Parse in to a more friendly format
log::debug!("--- NEW PACKET ---"); crate::debug!("--- NEW PACKET ---");
match IpPacket::new(&buffer[..packet_len]) { match IpPacket::new(&buffer[..packet_len]) {
// Try to process the packet // Try to process the packet
Ok(inbound_packet) => match self.process_packet(inbound_packet).await { Ok(inbound_packet) => match self.process_packet(inbound_packet).await {
@ -84,11 +84,11 @@ impl Nat64 {
// If data is returned, send it back out the interface // If data is returned, send it back out the interface
Some(outbound_packet) => { Some(outbound_packet) => {
let packet_bytes = outbound_packet.to_bytes(); let packet_bytes = outbound_packet.to_bytes();
log::debug!( crate::debug!(
"Outbound packet next header: {}", "Outbound packet next header: {}",
outbound_packet.get_next_header().0 outbound_packet.get_next_header().0
); );
log::debug!("Sending packet: {:?}", packet_bytes); crate::debug!("Sending packet: {:?}", packet_bytes);
self.interface.send(&packet_bytes).unwrap(); self.interface.send(&packet_bytes).unwrap();
} }
// Otherwise, we can assume that the packet was dealt with, and can move on // Otherwise, we can assume that the packet was dealt with, and can move on
@ -98,7 +98,7 @@ impl Nat64 {
// Some errors are non-critical as far as this loop is concerned // Some errors are non-critical as far as this loop is concerned
Err(error) => match error { Err(error) => match error {
Nat64Error::TableError(TableError::NoIpv6Mapping(address)) => { Nat64Error::TableError(TableError::NoIpv6Mapping(address)) => {
log::debug!("No IPv6 mapping for {}", address); crate::debug!("No IPv6 mapping for {}", address);
} }
error => { error => {
return Err(error); return Err(error);
@ -130,7 +130,7 @@ impl Nat64 {
IpAddr::V4(ipv4_addr) => !self.table.is_address_within_pool(&ipv4_addr), IpAddr::V4(ipv4_addr) => !self.table.is_address_within_pool(&ipv4_addr),
IpAddr::V6(ipv6_addr) => !self.ipv6_nat_prefix.contains(&ipv6_addr), IpAddr::V6(ipv6_addr) => !self.ipv6_nat_prefix.contains(&ipv6_addr),
} { } {
log::debug!( crate::debug!(
"Packet destination {} is not within the NAT64 prefix or IPv4 pool", "Packet destination {} is not within the NAT64 prefix or IPv4 pool",
packet.get_destination(), packet.get_destination(),
); );
@ -148,12 +148,12 @@ impl Nat64 {
.calculate_xlat_addr(&destination, &self.ipv6_nat_prefix)?; .calculate_xlat_addr(&destination, &self.ipv6_nat_prefix)?;
// Log information about the packet // Log information about the packet
log::debug!( crate::debug!(
"Received packet traveling from {} to {}", "Received packet traveling from {} to {}",
source, source,
destination destination
); );
log::debug!( crate::debug!(
"New path shall become: {} -> {}", "New path shall become: {} -> {}",
new_source, new_source,
new_destination new_destination

10
src/nat/xlat/icmp.rs
View File

@ -144,7 +144,7 @@ pub fn translate_icmp_4_to_6(
// if the original payload's next header is ICMP, we need to translated the inner payload's ICMP type // if the original payload's next header is ICMP, we need to translated the inner payload's ICMP type
if original_payload.get_next_level_protocol() == IpNextHeaderProtocols::Icmp { if original_payload.get_next_level_protocol() == IpNextHeaderProtocols::Icmp {
log::debug!("Time Exceeded packet contains another ICMP packet.. Translating"); crate::debug!("Time Exceeded packet contains another ICMP packet.. Translating");
if let Some((icmpv6_type, icmpv6_code)) = translate_type_and_code_4_to_6( if let Some((icmpv6_type, icmpv6_code)) = translate_type_and_code_4_to_6(
IcmpType(original_payload_inner[0]), IcmpType(original_payload_inner[0]),
IcmpCode(original_payload_inner[1]), IcmpCode(original_payload_inner[1]),
@ -157,7 +157,7 @@ pub fn translate_icmp_4_to_6(
&original_payload_inner[4..] &original_payload_inner[4..]
); );
original_payload_inner = inner_icmpv6.packet().to_vec(); original_payload_inner = inner_icmpv6.packet().to_vec();
log::debug!( crate::debug!(
"Translated inner ICMPv6 packet: {:?}", "Translated inner ICMPv6 packet: {:?}",
original_payload_inner original_payload_inner
); );
@ -194,7 +194,7 @@ pub fn translate_icmp_4_to_6(
output.set_icmpv6_code(icmpv6_code); output.set_icmpv6_code(icmpv6_code);
// Set the payload // Set the payload
log::debug!("Setting ICMPv6 payload: {:?}", output_payload); crate::debug!("Setting ICMPv6 payload: {:?}", output_payload);
output.set_payload(&output_payload); output.set_payload(&output_payload);
// Calculate the checksum // Calculate the checksum
@ -256,7 +256,7 @@ pub fn translate_icmp_6_to_4(
// if the original payload's next header is ICMPv6, we need to translated the inner payload's ICMPv6 type // if the original payload's next header is ICMPv6, we need to translated the inner payload's ICMPv6 type
if original_payload.get_next_header() == IpNextHeaderProtocols::Icmpv6 { if original_payload.get_next_header() == IpNextHeaderProtocols::Icmpv6 {
log::debug!("Time Exceeded packet contains another ICMPv6 packet.. Translating"); crate::debug!("Time Exceeded packet contains another ICMPv6 packet.. Translating");
if let Some((icmp_type, icmp_code)) = translate_type_and_code_6_to_4( if let Some((icmp_type, icmp_code)) = translate_type_and_code_6_to_4(
Icmpv6Type(original_payload_inner[0]), Icmpv6Type(original_payload_inner[0]),
Icmpv6Code(original_payload_inner[1]), Icmpv6Code(original_payload_inner[1]),
@ -264,7 +264,7 @@ pub fn translate_icmp_6_to_4(
let inner_icmp = let inner_icmp =
icmp_packet!(icmp_type, icmp_code, &original_payload_inner[8..]); icmp_packet!(icmp_type, icmp_code, &original_payload_inner[8..]);
original_payload_inner = inner_icmp.packet().to_vec(); original_payload_inner = inner_icmp.packet().to_vec();
log::debug!("Translated inner ICMP packet: {:?}", original_payload_inner); crate::debug!("Translated inner ICMP packet: {:?}", original_payload_inner);
} }
} }