2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2021-10-21 18:12:51 +01:00
|
|
|
|
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bufio"
|
|
|
|
"expvar"
|
|
|
|
"log"
|
|
|
|
"net/http"
|
|
|
|
"strings"
|
|
|
|
|
2024-08-09 20:32:24 +01:00
|
|
|
"github.com/coder/websocket"
|
2021-10-21 18:12:51 +01:00
|
|
|
"tailscale.com/derp"
|
2022-10-18 22:20:43 +01:00
|
|
|
"tailscale.com/net/wsconn"
|
2021-10-21 18:12:51 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
var counterWebSocketAccepts = expvar.NewInt("derp_websocket_accepts")
|
|
|
|
|
|
|
|
// addWebSocketSupport returns a Handle wrapping base that adds WebSocket server support.
|
|
|
|
func addWebSocketSupport(s *derp.Server, base http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
up := strings.ToLower(r.Header.Get("Upgrade"))
|
|
|
|
|
|
|
|
// Very early versions of Tailscale set "Upgrade: WebSocket" but didn't actually
|
2022-09-25 19:29:55 +01:00
|
|
|
// speak WebSockets (they still assumed DERP's binary framing). So to distinguish
|
2021-10-21 18:12:51 +01:00
|
|
|
// clients that actually want WebSockets, look for an explicit "derp" subprotocol.
|
|
|
|
if up != "websocket" || !strings.Contains(r.Header.Get("Sec-Websocket-Protocol"), "derp") {
|
|
|
|
base.ServeHTTP(w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
c, err := websocket.Accept(w, r, &websocket.AcceptOptions{
|
|
|
|
Subprotocols: []string{"derp"},
|
|
|
|
OriginPatterns: []string{"*"},
|
2022-09-15 23:13:58 +01:00
|
|
|
// Disable compression because we transmit WireGuard messages that
|
|
|
|
// are not compressible.
|
|
|
|
// Additionally, Safari has a broken implementation of compression
|
|
|
|
// (see https://github.com/nhooyr/websocket/issues/218) that makes
|
|
|
|
// enabling it actively harmful.
|
|
|
|
CompressionMode: websocket.CompressionDisabled,
|
2021-10-21 18:12:51 +01:00
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("websocket.Accept: %v", err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
defer c.Close(websocket.StatusInternalError, "closing")
|
|
|
|
if c.Subprotocol() != "derp" {
|
|
|
|
c.Close(websocket.StatusPolicyViolation, "client must speak the derp subprotocol")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
counterWebSocketAccepts.Add(1)
|
2023-08-30 00:27:30 +01:00
|
|
|
wc := wsconn.NetConn(r.Context(), c, websocket.MessageBinary, r.RemoteAddr)
|
2021-10-21 18:12:51 +01:00
|
|
|
brw := bufio.NewReadWriter(bufio.NewReader(wc), bufio.NewWriter(wc))
|
2022-07-18 23:43:03 +01:00
|
|
|
s.Accept(r.Context(), wc, brw, r.RemoteAddr)
|
2021-10-21 18:12:51 +01:00
|
|
|
})
|
|
|
|
}
|