Git Product home page Git Product logo

gfcptun's Introduction

gfcptun

GRC Maintainability

gfcptun: A fast and low-latency connection tunnel using GFCP over UDP.

Basic gfcptun/GFCP recommendations

net.core.rmem_max=26214400       # Tune for BDP (bandwidth delay product)
net.core.rmem_default=26214400
net.core.wmem_max=26214400
net.core.wmem_default=26214400
net.core.netdev_max_backlog=2048 # (Adjust proportional to receive window)
  • Increase buffering for high-speed local links to 16MiB or more, example:
-sockbuf 16777217

Process invocation examples

client -r "IN:4321" -l ":8765" -mode fast3 -nocomp -autoexpire 900 -sockbuf 33554434 -dscp 46
server -t "OUT:8765" -l ":4321" -mode fast3 -nocomp -sockbuf 33554434 -dscp 46

  • Application → Out (8765/TCP) → Internet → In (4321/UDP) → Server (8765/TCP)

    • Other useful parameters: -mode fast3 -ds 10 -ps 3, etc.

Tuning for increased total throughput

  • To tune, increase -rcvwnd on client, and -sndwnd on server, in unison.

    • The minimum window size will dictate the maximum link throughput: ( 'Wnd' * ( 'MTU' / 'RTT' ) )

    • MTU should be set by -mtu parameter and never exceed the MTU of the physical interface. For DC/high-speed local links w/jumbo framing, using an MTU of 9000-9702 is highly recommended.

Tuning for reduced overall latency

  • Adjust the retransmission algorithm aggressiveness:

    • fast3 fast2 fast normal default

Avoiding N 1 multiplexing head-of-line blocking behavior

  • Raise -smuxbuf to 16MiB (or more), however, the actual value to use depends on link congestion as well as available contiguous system memory.

  • SMUXv2 can be used to limit per-stream memory usage. Enable with -smuxver 2, and then tune with -streambuf (size in bytes).

    • Example: -smuxver 2 -streambuf 8388608 for an 8MiB buffer (per stream).

  • Start tuning by limiting the stream buffer on the receiving side of the link.

    • Back-pressure should trigger existing congestion control mechanisms, providing practical rate limiting to prevent the exhaustion of upstream capacity and also avoiding downlink starvation (bufferbloat scenario).

  • SMUXv2 configuration is not negotiated, so must be set manually on both sides of the GFCP link.

Memory consumption control

  • GOGC runtime environment variable tuning recommendation:

    • 10-20 for low-memory systems and embedded devices

    • 120-150 (or higher) for dedicated servers

  • Notes regarding (GF)SMUX(v1/v2) tuning:

    • Primary memory allocation is done from a buffer pool (xmit.Buf), in the GFCP layer. When allocating, a fixed-size buffer, determined by the MtuLimit, will be returned. From there, the rx queue, tx queue, and, fec queue will be allocated, and will return the allocation to the buffer pool after use.

  • The buffer pool mechanism maintains a high watermark for in-flight objects from the pool to survive periodic runtime garbage collection.

  • Memory will be returned to the system by the Go runtime when idle. Variables that can be used for tuning this are -sndwnd,-rcvwnd,-ds, and -ps.

    • These parameters affect the high watermark - the larger the value, the higher the total memory consumption can be at any given moment.

  • The -smuxbuf setting and GOMAXPROCS variable can be used to tune the balance between the concurrency limit and overall resource usage.

    • Increasing -smuxbuf will increase the practical concurrency limit, however, the -smuxbuf value is not linerally proprotional to the concurrency handling maximum because Go runtime's garbage collection is, for practical purposes, non-deterministic.

    • Only empirical testing can provide the feedback required for real-world link tuning and optimization.

Link compression

  • Optional compression (using Snappy) is supported.

  • Compression saves bandwidth on redundant, low-entropy data, but will increase overhead (and CPU usage) in all other cases.

    • Compression is enabled by default: use -nocomp to disable.

      • Both ends of the link must use the same compression setting.

GFCP SNSI monitoring

  • Upon receiving a USR1 signal, detailed link information will be displayed.

Low-level GFCP tuning

  • Example: -mode manual -nodelay 1 -interval 20 -resend 2 -nc 1

Availability

gfcptun's People

Contributors

codacy-badger avatar deepsource-autofix[bot] avatar deepsourcebot avatar dependabot[bot] avatar haraldnordgren avatar imcotton avatar jiangtiandao avatar johnsonjh avatar lgtm-migrator avatar mateomartin1998 avatar mend-bolt-for-github[bot] avatar mitnk avatar monkeywithacupcake avatar networkextension avatar renovate-bot avatar renovate[bot] avatar repo-ranger[bot] avatar restyled-commits avatar tete1030 avatar xtaci avatar yiffyi avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

tunwq ajunlonglive lgtm-migrator

gfcptun's Issues

(GSC-G302) Poor file permissions used when creation file or using chmod

Description

Excessive permissions granted to a file/directory. This warning is triggered whenever a permission greater than 0600 is granted. In general, all security rules follow the principle of least privilege, except when the file being created needs to be accessed by anyone other than the user creating it.

Occurrences

There are 3 occurrences of this issue in the repository.

See all occurrences on DeepSource → deepsource.io/gh/johnsonjh/gfcptun/issue/GSC-G302/occurrences/

(SCC-S1000) Use plain channel send or receive

Description

Select statements with a single case can be replaced with a simple send or receive. If you intend to handle the case when there is no value received from channel, add a default case to make the select statement non-blocking. Bad pattern: ```go select { case x := <-ch: fmt.Println(x) …

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → deepsource.io/gh/johnsonjh/gfcptun/issue/SCC-S1000/occurrences/

CVE-2022-30633 (High) detected in golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b - autoclosed

CVE-2022-30633 - High Severity Vulnerability

Vulnerable Library - golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b

Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.0.0-20220403103023-749bd193bc2b.zip

Dependency Hierarchy:

  • github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
    • golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b (Vulnerable Library)

Found in HEAD commit: 7954dc36e78dd60323087cd10fee1ff24eec0ceb

Found in base branch: master

Vulnerability Details

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

Publish Date: 2022-08-10

URL: CVE-2022-30633

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security-tracker.debian.org/tracker/CVE-2022-30633

Release Date: 2022-05-13

Fix Resolution: go1.17.12,go1.18.4

Step up your Open Source Security Game with Mend here

CVE-2022-27664 (High) detected in golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b - autoclosed

CVE-2022-27664 - High Severity Vulnerability

Vulnerable Library - golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b

Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.0.0-20220403103023-749bd193bc2b.zip

Dependency Hierarchy:

  • github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
    • golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b (Vulnerable Library)

Found in HEAD commit: 92499f5b3359bc1077fbfdd891f56772a910efce

Found in base branch: master

Vulnerability Details

In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.

Publish Date: 2022-09-06

URL: CVE-2022-27664

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

github-actions
.github/workflows/codeql.yml
  • actions/checkout v4
  • github/codeql-action v3
  • github/codeql-action v3
  • github/codeql-action v3
gomod
go.mod
  • go 1.19
  • github.com/golang/snappy v0.0.4
  • github.com/johnsonjh/gfcp v0.0.0-20231013201942-fd2b45bc6408@fd2b45bc6408
  • github.com/johnsonjh/gfsmux v0.0.0-20231214183936-d9f3e24a74d6@d9f3e24a74d6
  • github.com/pkg/errors v0.9.2-0.20201214064552-5dd12d0cfe7f@5dd12d0cfe7f
  • github.com/urfave/cli/v2 v2.27.1
  • github.com/urfave/cli/v2 v2.27.1
  • github.com/xtaci/tcpraw v1.2.25
  • Check this box to trigger a request for Renovate to run again on this repository

CVE-2022-29526 (Medium) detected in golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb - autoclosed

CVE-2022-29526 - Medium Severity Vulnerability

Vulnerable Library - golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb

Library home page: https://proxy.golang.org/golang.org/x/sys/@v/v0.0.0-20220403205710-6acee93ad0eb.zip

Dependency Hierarchy:

  • github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
    • golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b
      • golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb (Vulnerable Library)

Found in HEAD commit: 7954dc36e78dd60323087cd10fee1ff24eec0ceb

Found in base branch: master

Vulnerability Details

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Publish Date: 2022-06-23

URL: CVE-2022-29526

CVSS 3 Score Details (5.3)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: None
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security-tracker.debian.org/tracker/CVE-2022-29526

Release Date: 2022-06-23

Fix Resolution: go1.17.10,go1.18.2,go1.19

Step up your Open Source Security Game with Mend here

CVE-2022-41717 (Medium) detected in golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb - autoclosed

CVE-2022-41717 - Medium Severity Vulnerability

Vulnerable Library - golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb

Library home page: https://proxy.golang.org/golang.org/x/sys/@v/v0.0.0-20220403205710-6acee93ad0eb.zip

Dependency Hierarchy:

  • github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
    • golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b
      • golang.org/x/sys-v0.0.0-20220403205710-6acee93ad0eb (Vulnerable Library)

Found in HEAD commit: 7954dc36e78dd60323087cd10fee1ff24eec0ceb

Found in base branch: master

Vulnerability Details

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Publish Date: 2022-12-08

URL: CVE-2022-41717

CVSS 3 Score Details (5.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-12-08

Fix Resolution: go1.19.4

Step up your Open Source Security Game with Mend here

CVE-2022-28131 (High) detected in golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b - autoclosed

CVE-2022-28131 - High Severity Vulnerability

Vulnerable Library - golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b

Library home page: https://proxy.golang.org/golang.org/x/net/@v/v0.0.0-20220403103023-749bd193bc2b.zip

Dependency Hierarchy:

  • github.com/johnsonjh/gfcp-v0.0.0-20220412142542-7d928d68853f (Root Library)
    • golang.org/x/net-v0.0.0-20220403103023-749bd193bc2b (Vulnerable Library)

Found in HEAD commit: 7954dc36e78dd60323087cd10fee1ff24eec0ceb

Found in base branch: master

Vulnerability Details

In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document.

Publish Date: 2022-08-10

URL: CVE-2022-28131

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security-tracker.debian.org/tracker/CVE-2022-28131

Release Date: 2022-03-29

Fix Resolution: go1.17.12,go1.18.4

Step up your Open Source Security Game with Mend here

(SCC-S1000) Use plain channel send or receive

Description

Select statements with a single case can be replaced with a simple send or receive. If you intend to handle the case when there is no value received from channel, add a default case to make the select statement non-blocking. Bad pattern: ```go select { case x := <-ch: fmt.Println(x) …

Occurrences

There is 1 occurrence of this issue in the repository.

See all occurrences on DeepSource → deepsource.io/gh/johnsonjh/gfcptun/issue/SCC-S1000/occurrences/

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.