Skip to content

v0.5.0

Latest

Choose a tag to compare

@achetronic achetronic released this 24 Jun 17:57
701a60f

Host-level performance tuning for the VPS data path.

Breaking changes

  • Boot service renamed wg-relay.service to tunnel-boot.service, since it now reapplies the whole node config on boot, not just WireGuard. The WireGuard interface stays wg-relay.

Features

  • New spec.host block to tune the VPS kernel and NIC, separate from the Envoy proxy config:
    • kernelMaxSocketBufferBytes (default 25MB): raises the kernel socket buffer ceiling and sets SO_RCVBUF/SO_SNDBUF on the UDP listeners. UDP needs this set explicitly; TCP keeps autotuning.
    • disableNicOffloads (default false): turns GRO/GSO off on the underlay NIC for encapsulated UDP (tunnel-in-tunnel), where receive coalescing corrupts datagram boundaries. The interface is detected automatically.
  • enable_reuse_port on all Envoy listeners so they spread across worker threads.

Changes

  • Removed prefer_gro from the Envoy UDP listeners; GRO is left to the OS, or turned off at the NIC via disableNicOffloads.
  • NIC offloads are applied natively without ethtool on the VPS, the same way WireGuard and nftables are handled.
  • New dependency: github.com/safchain/ethtool (Apache-2.0).