6 个版本 (重大更改)
| 0.6.1 | 2023 年 7 月 1 日 |
|---|---|
| 0.6.0 | 2023 年 6 月 7 日 |
| 0.5.1 | 2023 年 4 月 14 日 |
| 0.3.0 | 2023 年 1 月 5 日 |
| 0.1.0 | 2022 年 12 月 30 日 |
#1405 在 网络编程
每月 47 次下载
135KB
3K SLoC
Tonel
支持 TUN 接口的快速网络层 3 传输的多流 UDP over TCP 隧道器。
目录
概述
Tonel 是一种允许通过多个 TCP 连接传输 UDP 数据包的工具。它旨在最大限度地提高性能并最小化为此目的所需的处理和封装量。
Tonel 通常用于 UDP 受限或速度降低,但 TCP 允许的情况。其 TCP 栈设计为通过许多有状态和无状态的 L3/L4 防火墙和 NAT 设备。使用 Tonel 的一个优点是,它避免了使用 TCP 上的 UDP 时可能降低性能的常见问题,例如重传和流量控制。尽管在防火墙和 NAT 设备中表现为 TCP 连接,但 Tonel 仍然保持了底层 UDP 特性,包括乱序交付。
功能
| 功能 | Tonel |
|---|---|
| 闪电般快速 | ✅ |
| 每个客户端的多流 TCP 和 UDP 连接 | ✅ |
| 任意的 TCP 握手内容 | ✅ |
| 多线程和并发 | ✅ |
| 多个 TCP 队列 | ✅ |
| 加密 | ✅ |
| IPv6 | ✅ |
| 隧道 MTU 额外开销 | 仅需要 IPv4/IPv6 报头 |
| 层 3 模式 | TUN 接口 |
| 跨平台 | Linux 和 macOS |
用法
IP、端口和域名仅为示例。支持 IPv4 和 IPv6。对于全局监听 IPv4,请使用 0.0.0.0,对于 IPv6,请使用 [::]。
以下是一个配置示例
UDP traffic <==> Tonel Client <==> <Tonel TCP traffic> <==> Tonel Server <==> UDP traffic
| |
| |
listen: 127.0.0.1:1111 listen: 127.0.0.1:2222
remote: 127.0.0.1:2222 remote: 127.0.0.1:3333
注意:请务必通过在每个二进制文件上提供-h选项来查阅Tonel文档,以查看完整的用法说明。
客户端
首先,安装Tonel客户端或使用来自发布版的最新预构建二进制文件。
cargo install tonel --bin tonels
# If you want faster memory allocator, you can use jemalloc (alloc-jem) or mimalloc (alloc-mi) feature like below:
cargo install tonel --bin tonels --features='default,alloc-mi'
现在,启动Tonel以监听UDP端口1111并将udp数据包通过TCP转发到127.0.0.1:2222 Tonel服务器目标。我们假设您的网络接口为eth0。
# If you want to run tonelc root-less (linux only), use the following command:
sudo setcap cap_net_admin=+pe tonelc
sudo tonelc --local 127.0.0.1:1111 --remote 127.0.0.1:2222 --auto-rule eth0
服务器
首先,安装Tonel服务器或使用来自发布版的最新预构建二进制文件。
cargo install tonel --bin tonels
# If you want faster memory allocator, you can use jemalloc (alloc-jem) or mimalloc (alloc-mi) feature like below:
cargo install tonel --bin tonelc --features='default,alloc-mi'
现在,启动Tonel以监听TCP端口2222并将udp数据包转发到127.0.0.1:3333远程目标。我们假设您的网络接口为eth0。
# If you want to run tonels root-less (linux only), use the following command:
sudo setcap cap_net_admin=+pe tonels
sudo tonels --local 2222 --remote 127.0.0.1:3333 --auto-rule eth0
MTU 额外开销
Tonel的目标是尽量减少隧道开销。以下是一个与使用IPv4的标准UDP数据包相比的示例
标准UDP数据包: 20字节IP头部 + 8字节UDP头部 = 28字节
Tonel TCP数据包: 20字节IP头部 + 20字节TCP头部 = 40字节
注意: Tonel两端的UDP应用程序必须调整它们的MTU,并在IPv4上至少减少12字节或在IPv6上至少减少32字节。
WireGuard 的 MTU 计算
如果您正在使用Tonel从WireGuard®隧道UDP数据包,以下是一些确定WireGuard接口适当MTU的指南。
WireGuard MTU = Interface MTU - IPv4 header (20 bytes) - TCP header (20 bytes) - WireGuard overhead (32 bytes)
或者
WireGuard MTU = Interface MTU - IPv6 header (40 bytes) - TCP header (20 bytes) - WireGuard overhead (32 bytes)
例如,如果您使用的是MTU为1500字节的以太网接口,WireGuard接口MTU应设置如下
IPv4: 1500 - 20 - 20 - 32 = 1428字节
IPv6: 1500 - 40 - 20 - 32 = 1408字节
结果Tonel TCP数据包的大小为1500字节,不超过1500字节的接口MTU。
将MTU进一步降低以避免数据包丢失,并在两端应用相同的MTU是一个好习惯。
兼容性
目前,Tonel适用于Linux和MacOS。计划使其适用于更多平台。欢迎贡献力量。
客户端命令行选项
Usage: tonelc [OPTIONS] --local <IP:PORT> --remote <IP or HOST NAME:PORT>
Options:
-l, --local <IP:PORT> Sets the IP and port where Tonel Client listens for incoming UDP datagrams,
IPv6 address need to be specified as: "[IPv6]:PORT"
-r, --remote <IP or HOST NAME:PORT> Sets the address or host name and port where Tonel Client connects to Tonel Server,
IPv6 address need to be specified as: "[IPv6]:PORT"
--tun-local <IP> Sets the Tun interface IPv4 local address (O/S's end) [default: 192.168.200.1]
--tun-peer <IP> Sets the Tun interface IPv4 destination (peer) address (Tonel Client's end).
You will need to setup SNAT/MASQUERADE rules on your Internet facing interface
in order for Tonel Client to connect to Tonel Server [default: 192.168.200.2]
-4, --ipv4-only Only use IPv4 address when connecting to remote
--tun-local6 <IP> Sets the Tun interface IPv6 local address (O/S's end) [default: fcc8::1]
--tun-peer6 <IP> Sets the Tun interface IPv6 destination (peer) address (Tonel Client's end).
You will need to setup SNAT/MASQUERADE rules on your Internet facing interface
in order for Tonel Client to connect to Tonel Server [default: fcc8::2]
--handshake-packet <PATH> Specify a file, which, after TCP handshake, its content will be sent as the
first data packet to the server.
Note: ensure this file's size does not exceed the MTU of the outgoing interface.
The content is always sent out in a single packet and will not be further segmented
--tcp-connections <number> The number of TCP connections per each client. [default: 1]
--udp-connections <number> The number of UDP connections per each client. [default: 1]
--tun-queues <number> The number of queues for TUN interface. Default is
set to 1. The platform should support multiple queues feature. [default: 1]
--encryption <encryption> Specify an encryption algorithm for using in TCP connections.
Server and client should use the same encryption.
Currently XOR is only supported and the format should be 'xor:key'.
--auto-rule <interface-name> Automatically adds and removes required firewall and sysctl rules.
The argument needs the name of an active network interface
that the firewall will route the traffic over it. (e.g. eth0)
-d, --daemonize Start the process as a daemon.
--log-output <path> Log output path. Default is stderr.
--log-level <level> Log output level. It could be one of the following:
off, error, warn, info, debug, trace. [default: info]
--tun <tunX|fd> Sets the Tun interface name and if it is absent, the OS
will pick the next available name.
You can also create your TUN device and
pass the int32 file descriptor to this switch.
-h, --help Print help
-V, --version Print version
服务器命令行选项
Usage: tonels [OPTIONS] --local <PORT> --remote <IP or HOST NAME:PORT>
Options:
-l, --local <PORT> Sets the port where Tonel Server listens for incoming Tonel Client TCP connections
-r, --remote <IP or HOST NAME:PORT> Sets the address or host name and port where Tonel Server forwards UDP packets to,
IPv6 address need to be specified as: "[IPv6]:PORT"
--tun <tunX|fd> Sets the Tun interface name and if it is absent, the OS
will pick the next available name.
You can also create your TUN device and
pass the int32 file descriptor to this switch.
--tun-local <IP> Sets the Tun interface local address (O/S's end) [default: 192.168.201.1]
--tun-peer <IP> Sets the Tun interface destination (peer) address (Tonel Server's end).
You will need to setup DNAT rules to this address in order for Tonel Server
to accept TCP traffic from Tonel Client [default: 192.168.201.2]
-4, --ipv4-only Do not assign IPv6 addresses to Tun interface
--tun-local6 <IP> Sets the Tun interface IPv6 local address (O/S's end) [default: fcc9::1]
--tun-peer6 <IP> Sets the Tun interface IPv6 destination (peer) address (Tonel Client's end).
You will need to setup SNAT/MASQUERADE rules on your Internet facing interface
in order for Tonel Client to connect to Tonel Server [default: fcc9::2]
--handshake-packet <PATH> Specify a file, which, after TCP handshake, its content will be sent as the
first data packet to the client.
Note: ensure this file's size does not exceed the MTU of the outgoing interface.
The content is always sent out in a single packet and will not be further segmented
--encryption <encryption> Specify an encryption algorithm for using in TCP connections.
Server and client should use the same encryption.
Currently XOR is only supported and the format should be 'xor:key'.
--udp-connections <number> The number of UDP connections per each client. [default: 1]
--tun-queues <number> The number of queues for TUN interface. Default is
set to 1. The platform should support multiple queues feature. [default: 1]
--auto-rule <interface-name> Automatically adds and removes required firewall and sysctl rules.
The argument needs the name of an active network interface
that the firewall will route the traffic over it. (e.g. eth0)
-d, --daemonize Start the process as a daemon.
--log-output <log_output> Log output path.
--log-level <log_level> Log output level. It could be one of the following:
off, error, warn, info, debug, trace. [default: info]
-h, --help Print help
-V, --version Print version
许可证
有关详细信息,请参阅LICENSE。
依赖项
~11–25MB
~321K SLoC