Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 1,488 total)
  • Author
    Posts
  • in reply to: A network scenario using winpkfilter #14004
    Vadim Smirnov
    Keymaster

      Your logic, while different in implementation, resembles the way SOCKS5 handles UDP ASSOCIATE and generally looks okay. It follows a similar encapsulation approach: sending metadata to a proxy server, receiving a token, and prepending that token to future packets.

      It does have similar limitations, particularly:

      1. MTU constraints – As you noted, prepending a 32-byte token reduces the usable payload size, which can lead to issues with packets near the 1500-byte MTU threshold. This is a common limitation in encapsulation-based proxy schemes.

      2. Race condition on registration – Instead of skipping and passing packets until the proxy replies with the token, consider queuing outgoing packets per destination and only releasing them once authorization is complete and the token is available. This would reduce packet loss and make the logic cleaner.

      Overall, the approach is valid for certain scenarios, just be mindful of these trade-offs.

      Vadim Smirnov
      Keymaster

        Thank you for the update — I’m glad to hear that the integration is running stably and that you’ve already achieved a noticeable reduction in CPU usage.

        Performance tuning is a nuanced and context-dependent task. To explore further optimization opportunities, I would recommend using a tool like the Visual Studio Profiler to analyze where the application is spending the most CPU time. This will provide valuable insights into any remaining bottlenecks that could be addressed.

        That said, if the goal is to reduce CPU usage to near-zero levels, it’s worth noting that some processing overhead is inevitable — even with relatively modest network loads such as 20Mbps uplink and 30Mbps downlink. Still, profiling should give us a clear picture of what’s realistically achievable in your setup.

        in reply to: Specify wiresock interface type on connection #13993
        Vadim Smirnov
        Keymaster

          Packet retransmissions, lost packets, and significant delays on the WireSock interface are clear signs of an issue affecting performance. Since WireSock itself does not introduce artificial delays or excessive packet processing overhead, I suspect that some external network component is interfering with its operation.

          Packet reordering and loss at this scale can be caused by third-party network software (such as antivirus, firewall, or another filtering driver) that intercepts traffic before it reaches WireSock. This can disrupt the expected flow, leading to degraded speeds.

          To investigate, I recommend:

          • Testing on a clean machine with a well-known WireGuard profile (e.g., Cloudflare Warp) to rule out external software conflicts.
          • Testing against Cloudflare Warp to ensure that the issue is not related to the server side of your current WireGuard configuration.
          • Temporarily disabling any third-party security software or VPN-related network filtering drivers to see if performance improves.
          • Monitoring CPU and network adapter utilization to ensure that the system isn’t bottlenecked at the hardware or driver level.

          If you can gather more details from these tests, it will help narrow down the issue. Let me know what you find!

          in reply to: Major packet loss and whole network latency issues #13992
          Vadim Smirnov
          Keymaster

            Packet reordering is a bad sign, as it significantly impacts performance, leading to unnecessary retransmissions and degraded throughput. If you’re seeing frequent out-of-order packets and retransmissions in Wireshark logs, it suggests that something in your network stack is interfering with WireSock’s packet flow.

            Since there are no signs of IP fragmentation, I suspect that some network component—such as an antivirus, a firewall, or another network filtering driver—is manipulating packets before they reach WireSock. This interference could be introducing delays or reordering packets, leading to the performance drop you’re experiencing.

            I recommend testing WireSock on a clean machine with a well-known WireGuard profile (e.g., Cloudflare Warp) and temporarily disabling any third-party network-related software to isolate the cause. Let me know what you find, and I’d be happy to help troubleshoot further.

            in reply to: Wiresock poor performance #13991
            Vadim Smirnov
            Keymaster

              Yes, I’ve tested WireSock on a 10Gbps connection, and it has demonstrated decent performance, even outperforming the official WireGuard client in my tests.

              Regarding high-load traffic, while WireSock processes packets before forwarding them to WireGuard, it is designed for efficiency. In practice, it handles substantial traffic loads well without becoming a bottleneck.

              However, I recommend testing WireSock on a clean machine with a well-known WireGuard profile—such as Cloudflare Warp—to rule out any potential software conflicts at the low network level that might impact performance.

              in reply to: Wiresock poor performance #13984
              Vadim Smirnov
              Keymaster

                WireSock CLI includes a built-in feature for capturing traffic and saving it as PCAP files.

                Certain components of WireSock are open source, such as BoringTun and NDISAPI, while others are proprietary but available for commercial licensing.

                in reply to: Wiresock poor performance #13981
                Vadim Smirnov
                Keymaster

                  Normally, you would see the errors in the log. However, please avoid using debug logging during performance measurements.

                  in reply to: Wiresock poor performance #13978
                  Vadim Smirnov
                  Keymaster

                    I have a 400/400 Mbps connection. Here are the test results using WireSock with a Cloudflare Warp configuration and an MTU set to 1280:

                    WireSock Virtual Adapter Mode
                    WireSock Transparent Mode

                    I recommend checking your MTU settings. Unlike the official WireGuard client for Windows, WireSock does not defragment fragmented WireGuard UDP packets for performance reasons. Therefore, it is crucial to use an appropriate MTU to avoid connectivity issues.

                    Vadim Smirnov
                    Keymaster

                      Thank you for pointing that out. I made an incorrect assumption about the parameters, but I believe you understood the main idea correctly—when there are no packets to read, the packet events should be reset, and the thread should wait on them. I appreciate the clarification!

                      Vadim Smirnov
                      Keymaster

                        The high CPU usage is likely due to the fact that the packet event is never reset. This causes the thread to continuously poll the driver without pausing.

                        Solution:
                        You need to reset the AutoResetEvent or ManualResetEvent in waitHandlesManualResetEvents after processing packets. This ensures the thread properly waits for new packets instead of running in a tight loop.

                        Fixed Code:

                        
                        private static unsafe void PassThruUnsortedThread
                        (
                            NdisApi filter,
                            WaitHandle[] waitHandles,
                            IReadOnlyList<AutoResetEvent> waitHandlesManualResetEvents)
                        {
                            const int bufferSize = 32;
                            var buffers = new IntPtr[bufferSize];
                        
                            for (int i = 0; i < buffers.Length; i++)
                            {
                                buffers[i] = (IntPtr)filter.CreateIntermediateBuffer();
                            }
                        
                            while (true)
                            {
                                int eventIndex = WaitHandle.WaitAny(waitHandles);  // Wait for an event to be signaled
                        
                                uint packetsSuccess = 0;
                        
                                while (filter.ReadPacketsUnsorted(buffers, bufferSize, ref packetsSuccess))
                                {
                                    for (int i = 0; i < packetsSuccess; i++)
                                    {
                                        EthernetPacket ethPacket = buffers[i].GetEthernetPacket(filter);
                                        if (ethPacket.PayloadPacket is IPv4Packet iPv4Packet)
                                        {
                                            if (iPv4Packet.PayloadPacket is TcpPacket tcpPacket)
                                            {
                                                // Console.WriteLine($”{iPv4Packet.SourceAddress}:{tcpPacket.SourcePort} -> {iPv4Packet.DestinationAddress}:{tcpPacket.DestinationPort}.”);
                                            }
                                        }
                                    }
                        
                                    if (packetsSuccess > 0)
                                    {
                                        filter.SendPacketsUnsorted(buffers, packetsSuccess, out uint numPacketsSuccess);
                                    }
                                }
                        
                                // Reset the event to allow proper waiting
                                if (eventIndex >= 0 && eventIndex < waitHandlesManualResetEvents.Count)
                                {
                                    waitHandlesManualResetEvents[eventIndex].Reset();
                                }
                            }
                        }
                        

                        Explanation:

                        • Wait for an event: WaitHandle.WaitAny(waitHandles); ensures the thread only runs when a packet event is signaled.
                        • Process packets normally: The loop reads packets, processes them, and sends them back.
                        • Reset the event: After processing packets, waitHandlesManualResetEvents[eventIndex].Reset(); is called to prevent continuous polling.

                        This should significantly reduce CPU usage.

                        in reply to: local devices become unreacheable after some time #13970
                        Vadim Smirnov
                        Keymaster

                          Great! Thank you for the update! 👍

                          in reply to: amneziawg support #13963
                          Vadim Smirnov
                          Keymaster

                            I’m excited to announce that AmneziaWG support is now available in WireSock Secure Connect v2.1.4!

                            🔗 Download WireSock Secure Connect

                            in reply to: [Wiresock] Bugs and Feature Requests #13959
                            Vadim Smirnov
                            Keymaster

                              Thank you for your message! Let me clarify a few points:

                              Interface Name in Commands
                              Instead of using the placeholder %i, you can safely rely on the WIRESOCK_TUNNEL_NAME environment variable in your scripts and commands. This variable provides the actual Wiresock tunnel name at runtime, ensuring proper command execution.

                              Table = off Setting
                              Currently, Table = off is not supported by Wiresock. Could you let us know where you found this setting mentioned in the Wiresock documentation? If it’s listed somewhere, we’d like to correct that reference to prevent confusion.

                              If you have any additional questions or need further assistance, feel free to let me know!

                              in reply to: WinPkFilter 3.6 API documentation #13953
                              Vadim Smirnov
                              Keymaster

                                I apologize for not being able to update the documentation sooner—these past months have been incredibly busy. The key difference between versions 3.4 and 3.6 lies in the subset of extensions to the Static Filters API. These include the following new functions:

                                • AddStaticFilterFront
                                • AddStaticFilterBack
                                • InsertStaticFilter
                                • RemoveStaticFilter
                                • ResetPacketFilterTable
                                • EnablePacketFilterCache
                                • DisablePacketFilterCache
                                • EnablePacketFragmentCache
                                • DisablePacketFragmentCache

                                All these functions are documented inline in ndisapi.cpp. I will update the online documentation as soon as I have time.

                                in reply to: WireSock DNS is going over VPN (bug?) #13949
                                Vadim Smirnov
                                Keymaster

                                  All DNS requests on Windows are resolved within the DNSCACHE process, making it impossible to identify the originating application.

                                Viewing 15 posts - 1 through 15 (of 1,488 total)