-
Notifications
You must be signed in to change notification settings - Fork 323
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Implement eBPF/XDP offload for UDP channel data
Co-authored-by: Gabor Retvari <retvari@tmit.bme.hu>
- Loading branch information
1 parent
1f1673d
commit 09b48ae
Showing
26 changed files
with
2,336 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly> | ||
# SPDX-License-Identifier: MIT | ||
|
||
GO=go | ||
CLANG_FORMAT=clang-format | ||
|
||
default: build | ||
|
||
build: generate | ||
|
||
fetch-libbpf-headers: | ||
@if ! find internal/offload/xdp/headers/bpf_* >/dev/null 2>&1; then\ | ||
cd internal/offload/xdp/headers && \ | ||
./fetch-libbpf-headers.sh;\ | ||
fi | ||
|
||
generate: fetch-libbpf-headers | ||
cd internal/offload/xdp/ && \ | ||
$(GO) generate | ||
|
||
format-offload: | ||
$(CLANG_FORMAT) -i --style=file internal/offload/xdp/xdp.c | ||
|
||
clean-offload: | ||
rm -vf internal/offload/xdp/bpf_bpfe*.o | ||
rm -vf internal/offload/xdp/bpf_bpfe*.go | ||
|
||
purge-offload: clean-offload | ||
rm -vf internal/offload/xdp/headers/bpf_* | ||
|
||
test: | ||
go test -v | ||
|
||
bench: build | ||
go test -bench=. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly> | ||
# SPDX-License-Identifier: MIT | ||
|
||
##### builder | ||
FROM golang:alpine as builder | ||
|
||
ARG VERSION=master | ||
|
||
RUN apk update && \ | ||
apk upgrade && \ | ||
apk add --no-cache \ | ||
clang \ | ||
llvm \ | ||
linux-headers \ | ||
bsd-compat-headers \ | ||
musl-dev \ | ||
make \ | ||
git \ | ||
bash \ | ||
curl \ | ||
tar | ||
|
||
|
||
WORKDIR /build | ||
# Clone Source using GIT | ||
#RUN git clone --branch=$VERSION --depth=1 https://github.com/pion/turn.git turn && rm -rf turn/.git | ||
RUN git clone --branch=server-ebpf-offload --depth=1 https://github.com/l7mp/turn.git turn && rm -rf turn/.git | ||
|
||
WORKDIR /build/turn | ||
|
||
#RUN rm internal/offload/xdp/*.o | ||
RUN make | ||
|
||
WORKDIR /build/turn/examples/turn-server/xdp | ||
|
||
# Download all the dependencies | ||
# RUN go get -d -v ./... | ||
|
||
|
||
|
||
# Build static binary | ||
RUN CGO_ENABLED=0 go build -trimpath -ldflags="-w -s" -o turn-server main.go | ||
|
||
##### main | ||
FROM alpine | ||
|
||
ARG BUILD_DATE | ||
ARG VCS_REF | ||
ARG VERSION=master | ||
|
||
LABEL org.label-schema.build-date="${BUILD_DATE}" \ | ||
org.label-schema.name="pion-turn" \ | ||
org.label-schema.description="A toolkit for building TURN clients and servers in Go" \ | ||
org.label-schema.usage="https://github.com/pion/turn#readme" \ | ||
org.label-schema.vcs-ref="${VCS_REF}" \ | ||
org.label-schema.vcs-url="https://github.com/pion/turn" \ | ||
org.label-schema.vendor="Sean-Der" \ | ||
org.label-schema.version="${VERSION}" \ | ||
maintainer="https://github.com/pion" | ||
|
||
ENV REALM localhost | ||
ENV USERS username=password | ||
ENV UDP_PORT 3478 | ||
ENV PUBLIC_IP 127.0.0.1 | ||
|
||
EXPOSE 3478 | ||
#EXPOSE 49152:65535/tcp | ||
#EXPOSE 49152:65535/udp | ||
|
||
USER nobody | ||
|
||
# Copy the executable | ||
COPY --from=builder /build/turn/examples/turn-server/xdp/turn-server /usr/bin/ | ||
|
||
# Run the executable | ||
CMD turn-server -public-ip $PUBLIC_IP -users $USERS -realm $REALM -port $UDP_PORT | ||
|
||
# docker build -t pion-turn -f Dockerfile . | ||
# docker run --rm --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --cap-add=BPF --privileged -e REALM="localhost" -e USERS="username=password" -e UDP_PORT="3478" -e PUBLIC_IP="127.0.0.1" -p 3478:3478 pion-turn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly> | ||
# SPDX-License-Identifier: MIT | ||
|
||
version: "3.1" | ||
|
||
services: | ||
pion-turn: | ||
container_name: "pion-turn" | ||
image: pion-turn:${VERSION:-latest} | ||
build: | ||
context: ./ | ||
stdin_open: true | ||
environment: | ||
- VERSION=${PION_TURN_VERSION:-master} | ||
- REALM=${PION_TURN_REALM:-localhost} | ||
- USERS=${PION_TURN_USERS:-username=password} | ||
- PUBLIC_IP=${PION_TURN_PUBLIC_IP:-127.0.0.1} | ||
- UDP_PORT=${PION_TURN_UDP_PORT:-3478} | ||
network_mode: host | ||
ports: | ||
# STUN | ||
- "${PION_TURN_UDP_PORT:-3478}:${PION_TURN_UDP_PORT:-3478}" | ||
# TURN | ||
- "49152-65535:49152-65535" | ||
cap_add: | ||
- NET_ADMIN | ||
- SYS_ADMIN | ||
- NET_RAW |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
// SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly> | ||
// SPDX-License-Identifier: MIT | ||
|
||
// Package main implements a simple TURN server with XDP offload | ||
package main | ||
|
||
import ( | ||
"flag" | ||
"log" | ||
"net" | ||
"os" | ||
"os/signal" | ||
"regexp" | ||
"strconv" | ||
"syscall" | ||
|
||
"github.com/pion/logging" | ||
"github.com/pion/turn/v3" | ||
) | ||
|
||
func main() { | ||
publicIP := flag.String("public-ip", "", "IP Address that TURN can be contacted by.") | ||
port := flag.Int("port", 3478, "Listening port.") | ||
users := flag.String("users", "", "List of username and password (e.g. \"user=pass,user=pass\")") | ||
realm := flag.String("realm", "pion.ly", "Realm (defaults to \"pion.ly\")") | ||
flag.Parse() | ||
|
||
if len(*publicIP) == 0 { | ||
log.Fatalf("'public-ip' is required") | ||
} else if len(*users) == 0 { | ||
log.Fatalf("'users' is required") | ||
} | ||
|
||
// Create a UDP listener to pass into pion/turn | ||
// pion/turn itself doesn't allocate any UDP sockets, but lets the user pass them in | ||
// this allows us to add logging, storage or modify inbound/outbound traffic | ||
udpListener, err := net.ListenPacket("udp4", "0.0.0.0:"+strconv.Itoa(*port)) | ||
if err != nil { | ||
log.Panicf("Failed to create TURN server listener: %s", err) | ||
} | ||
|
||
// Cache -users flag for easy lookup later | ||
// If passwords are stored they should be saved to your DB hashed using turn.GenerateAuthKey | ||
usersMap := map[string][]byte{} | ||
for _, kv := range regexp.MustCompile(`(\w+)=(\w+)`).FindAllStringSubmatch(*users, -1) { | ||
usersMap[kv[1]] = turn.GenerateAuthKey(kv[1], *realm, kv[2]) | ||
} | ||
|
||
// Init the XDP offload engine | ||
loggerFactory := logging.NewDefaultLoggerFactory() | ||
err = turn.InitOffload(turn.OffloadConfig{Log: loggerFactory.NewLogger("offload")}) | ||
if err != nil { | ||
log.Fatalf("Failed to init offload engine: %s", err) | ||
} | ||
defer turn.ShutdownOffload() | ||
|
||
s, err := turn.NewServer(turn.ServerConfig{ | ||
Realm: *realm, | ||
// Set AuthHandler callback | ||
// This is called every time a user tries to authenticate with the TURN server | ||
// Return the key for that user, or false when no user is found | ||
AuthHandler: func(username string, realm string, srcAddr net.Addr) ([]byte, bool) { | ||
if key, ok := usersMap[username]; ok { | ||
return key, true | ||
} | ||
return nil, false | ||
}, | ||
// PacketConnConfigs is a list of UDP Listeners and the configuration around them | ||
PacketConnConfigs: []turn.PacketConnConfig{ | ||
{ | ||
PacketConn: udpListener, | ||
RelayAddressGenerator: &turn.RelayAddressGeneratorStatic{ | ||
RelayAddress: net.ParseIP(*publicIP), // Claim that we are listening on IP passed by user (This should be your Public IP) | ||
Address: "0.0.0.0", // But actually be listening on every interface | ||
}, | ||
}, | ||
}, | ||
}) | ||
if err != nil { | ||
log.Panic(err) | ||
} | ||
|
||
// Block until user sends SIGINT or SIGTERM | ||
sigs := make(chan os.Signal, 1) | ||
signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM) | ||
<-sigs | ||
|
||
if err = s.Close(); err != nil { | ||
log.Panic(err) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
// SPDX-FileCopyrightText: 2023 The Pion community <https://pion.ly> | ||
// SPDX-License-Identifier: MIT | ||
|
||
package offload | ||
|
||
import "errors" | ||
|
||
var ( | ||
errUnsupportedProtocol = errors.New("offload: protocol not supported") | ||
errXDPAlreadyInitialized = errors.New("offload: XDP engine is already initialized") | ||
errXDPLocalRedirectProhibited = errors.New("offload: XDP local redirect not allowed") | ||
) |
Oops, something went wrong.