dswd
/
vpncloud
mirror of https://github.com/dswd/vpncloud.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Testing error cases too, updated performance

This commit is contained in:
Dennis Schwerdel 2015-11-29 23:23:39 +01:00
parent 1d82c2b017
commit 03793052a3
4 changed files with 72 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
performance.md
View File

@ -8,12 +8,14 @@ Sender node:
* 8 GiB Ram * 8 GiB Ram
* Intel 82579LM Gigabit Network * Intel 82579LM Gigabit Network
* Ubuntu 14.04 (Kernel 3.13.0-65-generic) * Ubuntu 14.04 (Kernel 3.13.0-65-generic)
* Libsodium 1.0.7
Receiver node: Receiver node:
* Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz * Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
* 16 GiB Ram * 16 GiB Ram
* Realtek RTL8111/8168/8411 Gigabit Network * Realtek RTL8111/8168/8411 Gigabit Network
* Ubuntu 14.04 (Kernel 3.13.0-63-generic) * Ubuntu 14.04 (Kernel 3.13.0-63-generic)
* Libsodium 1.0.7
VpnCloud version: `VpnCloud v0.2.0 (with crypto support, protocol version 1)` VpnCloud version: `VpnCloud v0.2.0 (with crypto support, protocol version 1)`
@ -54,7 +56,7 @@ The test is run in 3 steps:
| -------------------- | ------------- | -------------------- | | -------------------- | ------------- | -------------------- |
| Without VpnCloud | 926 Mbits/sec | - | | Without VpnCloud | 926 Mbits/sec | - |
| Unencrypted VpnCloud | 873 Mbits/sec | 80% / 95% | | Unencrypted VpnCloud | 873 Mbits/sec | 80% / 95% |
| Encrypted VpnCloud | 635 Mbits/sec | 100% | | Encrypted VpnCloud | 770 Mbits/sec | 100% |
### Latency ### Latency
@ -73,13 +75,13 @@ assumed to be half of the RTT.
| Without VpnCloud | 158 µs | 165 µs | 178 µs | | Without VpnCloud | 158 µs | 165 µs | 178 µs |
| Unencrypted VpnCloud | 210 µs | 216 µs | 237 µs | | Unencrypted VpnCloud | 210 µs | 216 µs | 237 µs |
| Difference | +52 µs | +51 µs | +59 µs | | Difference | +52 µs | +51 µs | +59 µs |
| Encrypted VpnCloud | 225 µs | 252 µs | 262 µs | | Encrypted VpnCloud | 218 µs | 230 µs | 257 µs |
| Difference | +15 µs | +36 µs | +25 µs | | Difference | +8 µs | +14 µs | +20 µs |
### Conclusion ### Conclusion
* VpnCloud achieves over 850 MBit/s with default MTU settings. * VpnCloud achieves over 850 MBit/s with default MTU settings.
* In encrypted mode, VpnCloud reaches over 600 MBit/s with default MTU settings. * In encrypted mode, VpnCloud reaches over 750 MBit/s with default MTU settings.
* VpnCloud adds about 60µs to the latency. * VpnCloud adds about 60µs to the latency.
* Encryption adds an additional latency between 10µs and 35µs depending on the packet size. * Encryption adds an additional latency up to 20µs depending on the packet size.

1
src/ethernet.rs
View File

@ -4,7 +4,6 @@ use std::collections::HashMap;
use super::types::{Error, Table, Protocol, Address}; use super::types::{Error, Table, Protocol, Address};
use super::util::{now, Time, Duration}; use super::util::{now, Time, Duration};
#[derive(PartialEq)]
pub struct Frame; pub struct Frame;
impl Protocol for Frame { impl Protocol for Frame {

6
src/ip.rs
View File

@ -16,11 +16,17 @@ impl Protocol for Packet {
let version = data[0] >> 4; let version = data[0] >> 4;
match version { match version {
4 => { 4 => {
if data.len() < 20 {
return Err(Error::ParseError("Truncated IPv4 header"));
}
let src = try!(Address::read_from_fixed(&data[12..], 4)); let src = try!(Address::read_from_fixed(&data[12..], 4));
let dst = try!(Address::read_from_fixed(&data[16..], 4)); let dst = try!(Address::read_from_fixed(&data[16..], 4));
Ok((src, dst)) Ok((src, dst))
}, },
6 => { 6 => {
if data.len() < 40 {
return Err(Error::ParseError("Truncated IPv6 header"));
}
let src = try!(Address::read_from_fixed(&data[8..], 16)); let src = try!(Address::read_from_fixed(&data[8..], 16));
let dst = try!(Address::read_from_fixed(&data[24..], 16)); let dst = try!(Address::read_from_fixed(&data[24..], 16));
Ok((src, dst)) Ok((src, dst))

65
src/tests.rs
View File

@ -9,7 +9,7 @@ use super::crypto::Crypto;
#[test] #[test]
fn encode_message_packet() { fn udpmessage_packet() {
let mut options = Options::default(); let mut options = Options::default();
let mut crypto = Crypto::None; let mut crypto = Crypto::None;
let payload = [1,2,3,4,5]; let payload = [1,2,3,4,5];
@ -25,7 +25,7 @@ fn encode_message_packet() {
#[cfg(feature = "crypto")] #[cfg(feature = "crypto")]
#[test] #[test]
fn encode_message_encrypted() { fn udpmessage_encrypted() {
let mut options = Options::default(); let mut options = Options::default();
let mut crypto = Crypto::from_shared_key("test"); let mut crypto = Crypto::from_shared_key("test");
let payload = [1,2,3,4,5]; let payload = [1,2,3,4,5];
@ -40,7 +40,7 @@ fn encode_message_encrypted() {
} }
#[test] #[test]
fn encode_message_peers() { fn udpmessage_peers() {
use std::str::FromStr; use std::str::FromStr;
let mut options = Options::default(); let mut options = Options::default();
let mut crypto = Crypto::None; let mut crypto = Crypto::None;
@ -59,7 +59,7 @@ fn encode_message_peers() {
} }
#[test] #[test]
fn encode_option_network_id() { fn udpmessage_option_network_id() {
let mut options = Options::default(); let mut options = Options::default();
options.network_id = Some(134); options.network_id = Some(134);
let mut crypto = Crypto::None; let mut crypto = Crypto::None;
@ -74,7 +74,7 @@ fn encode_option_network_id() {
} }
#[test] #[test]
fn encode_message_init() { fn udpmessage_init() {
use super::types::Address; use super::types::Address;
let mut options = Options::default(); let mut options = Options::default();
let mut crypto = Crypto::None; let mut crypto = Crypto::None;
@ -91,7 +91,7 @@ fn encode_message_init() {
} }
#[test] #[test]
fn encode_message_close() { fn udpmessage_close() {
let mut options = Options::default(); let mut options = Options::default();
let mut crypto = Crypto::None; let mut crypto = Crypto::None;
let msg = Message::Close; let msg = Message::Close;
@ -104,6 +104,34 @@ fn encode_message_close() {
assert_eq!(msg, msg2); assert_eq!(msg, msg2);
} }
#[test]
fn udpmessage_invalid() {
let mut crypto = Crypto::None;
assert!(decode(&mut [0x76,0x70,0x6e,1,0,0,0,0], &mut crypto).is_ok());
// too short
assert!(decode(&mut [], &mut crypto).is_err());
// invalid protocol
assert!(decode(&mut [0,1,2,0,0,0,0,0], &mut crypto).is_err());
// invalid version
assert!(decode(&mut [0x76,0x70,0x6e,0xaa,0,0,0,0], &mut crypto).is_err());
// invalid crypto
assert!(decode(&mut [0x76,0x70,0x6e,1,0xaa,0,0,0], &mut crypto).is_err());
// invalid msg type
assert!(decode(&mut [0x76,0x70,0x6e,1,0,0,0,0xaa], &mut crypto).is_err());
// truncated options
assert!(decode(&mut [0x76,0x70,0x6e,1,0,0,1,0], &mut crypto).is_err());
}
#[cfg(feature = "crypto")]
#[test]
fn udpmessage_invalid_crypto() {
let mut options = Options::default();
let mut crypto = Crypto::from_shared_key("test");
// truncated crypto
assert!(decode(&mut [0x76,0x70,0x6e,1,1,0,0,0], &mut crypto).is_err());
}
#[test] #[test]
fn decode_frame_without_vlan() { fn decode_frame_without_vlan() {
let data = [6,5,4,3,2,1,1,2,3,4,5,6,1,2,3,4,5,6,7,8]; let data = [6,5,4,3,2,1,1,2,3,4,5,6,1,2,3,4,5,6,7,8];
@ -120,6 +148,16 @@ fn decode_frame_with_vlan() {
assert_eq!(dst, Address{data: [4,210,6,5,4,3,2,1,0,0,0,0,0,0,0,0], len: 8}); assert_eq!(dst, Address{data: [4,210,6,5,4,3,2,1,0,0,0,0,0,0,0,0], len: 8});
} }
#[test]
fn decode_invalid_frame() {
assert!(Frame::parse(&[6,5,4,3,2,1,1,2,3,4,5,6,1,2,3,4,5,6,7,8]).is_ok());
// truncated frame
assert!(Frame::parse(&[]).is_err());
// truncated vlan frame
assert!(Frame::parse(&[6,5,4,3,2,1,1,2,3,4,5,6,0x81,0x00]).is_err());
}
#[test] #[test]
fn decode_ipv4_packet() { fn decode_ipv4_packet() {
let data = [0x40,0,0,0,0,0,0,0,0,0,0,0,192,168,1,1,192,168,1,2]; let data = [0x40,0,0,0,0,0,0,0,0,0,0,0,192,168,1,1,192,168,1,2];
@ -136,6 +174,21 @@ fn decode_ipv6_packet() {
assert_eq!(dst, Address{data: [0,9,8,7,6,5,4,3,2,1,6,5,4,3,2,1], len: 16}); assert_eq!(dst, Address{data: [0,9,8,7,6,5,4,3,2,1,6,5,4,3,2,1], len: 16});
} }
#[test]
fn decode_invalid_packet() {
assert!(Packet::parse(&[0x40,0,0,0,0,0,0,0,0,0,0,0,192,168,1,1,192,168,1,2]).is_ok());
assert!(Packet::parse(&[0x60,0,0,0,0,0,0,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,0,9,8,7,6,5,4,3,2,1,6,5,4,3,2,1]).is_ok());
// no data
assert!(Packet::parse(&[]).is_err());
// wrong version
assert!(Packet::parse(&[0x20]).is_err());
// truncated ipv4
assert!(Packet::parse(&[0x40,0,0,0,0,0,0,0,0,0,0,0,192,168,1,1,192,168,1]).is_err());
// truncated ipv6
assert!(Packet::parse(&[0x60,0,0,0,0,0,0,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,0,9,8,7,6,5,4,3,2,1,6,5,4,3,2]).is_err());
}
#[test] #[test]
fn switch() { fn switch() {
let mut table = SwitchTable::new(10); let mut table = SwitchTable::new(10);