2023-01-27 21:37:20 +00:00
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
2020-02-05 22:16:58 +00:00
// Package magicsock implements a socket that can change its communication path while
// in use, actively searching for the best way to communicate.
package magicsock
import (
2020-05-31 23:29:04 +01:00
"bufio"
2023-02-08 23:48:27 +00:00
"bytes"
2020-02-05 22:16:58 +00:00
"context"
2020-07-01 20:56:17 +01:00
crand "crypto/rand"
2020-02-05 22:16:58 +00:00
"encoding/binary"
2020-02-18 21:32:04 +00:00
"errors"
2020-02-05 22:16:58 +00:00
"fmt"
2020-03-04 06:21:56 +00:00
"hash/fnv"
2022-08-29 15:57:54 +01:00
"io"
2020-07-03 19:06:33 +01:00
"math"
2020-03-04 06:21:56 +00:00
"math/rand"
2020-02-05 22:16:58 +00:00
"net"
2022-03-15 22:33:06 +00:00
"net/netip"
2020-05-17 17:51:38 +01:00
"reflect"
2021-10-20 20:14:19 +01:00
"runtime"
2020-03-23 21:12:23 +00:00
"sort"
2020-02-21 22:01:51 +00:00
"strconv"
2020-02-05 22:16:58 +00:00
"strings"
"sync"
2020-02-18 16:57:11 +00:00
"sync/atomic"
2020-02-05 22:16:58 +00:00
"time"
2022-12-09 23:12:20 +00:00
"github.com/tailscale/wireguard-go/conn"
2021-10-28 19:07:25 +01:00
"go4.org/mem"
2023-07-06 19:11:21 +01:00
"golang.org/x/exp/maps"
2022-12-09 01:58:14 +00:00
"golang.org/x/net/ipv4"
"golang.org/x/net/ipv6"
2020-06-25 19:04:52 +01:00
"tailscale.com/control/controlclient"
2020-02-21 03:10:54 +00:00
"tailscale.com/derp"
2020-02-05 22:16:58 +00:00
"tailscale.com/derp/derphttp"
2020-06-30 20:22:42 +01:00
"tailscale.com/disco"
2022-12-21 03:29:25 +00:00
"tailscale.com/envknob"
2021-02-25 05:29:51 +00:00
"tailscale.com/health"
2022-12-20 18:17:21 +00:00
"tailscale.com/hostinfo"
2020-03-26 05:57:46 +00:00
"tailscale.com/ipn/ipnstate"
2020-10-19 23:11:40 +01:00
"tailscale.com/logtail/backoff"
2022-11-28 23:59:33 +00:00
"tailscale.com/net/connstats"
2020-03-05 18:29:19 +00:00
"tailscale.com/net/dnscache"
2020-03-10 18:02:30 +00:00
"tailscale.com/net/interfaces"
2023-04-15 21:08:16 +01:00
"tailscale.com/net/netaddr"
2020-05-25 17:15:50 +01:00
"tailscale.com/net/netcheck"
2021-12-30 19:11:50 +00:00
"tailscale.com/net/neterror"
2023-04-18 22:26:58 +01:00
"tailscale.com/net/netmon"
2020-05-28 23:27:04 +01:00
"tailscale.com/net/netns"
2023-03-30 20:39:39 +01:00
"tailscale.com/net/packet"
2023-05-03 01:49:56 +01:00
"tailscale.com/net/ping"
2021-02-20 06:15:41 +00:00
"tailscale.com/net/portmapper"
2023-02-03 20:07:58 +00:00
"tailscale.com/net/sockstats"
2020-05-25 17:15:50 +01:00
"tailscale.com/net/stun"
2021-12-29 02:01:50 +00:00
"tailscale.com/net/tsaddr"
2020-03-12 18:16:54 +00:00
"tailscale.com/syncs"
2020-03-04 06:21:56 +00:00
"tailscale.com/tailcfg"
2021-01-20 17:52:24 +00:00
"tailscale.com/tstime"
2021-07-21 19:04:36 +01:00
"tailscale.com/tstime/mono"
2020-02-17 21:52:11 +00:00
"tailscale.com/types/key"
2023-05-03 01:49:56 +01:00
"tailscale.com/types/lazy"
2020-03-04 06:21:56 +00:00
"tailscale.com/types/logger"
2021-02-05 23:44:46 +00:00
"tailscale.com/types/netmap"
2020-07-10 22:26:04 +01:00
"tailscale.com/types/nettype"
2020-12-14 02:51:24 +00:00
"tailscale.com/util/clientmetric"
2022-04-22 04:25:24 +01:00
"tailscale.com/util/mak"
2023-02-21 20:57:08 +00:00
"tailscale.com/util/ringbuffer"
2023-04-14 21:37:10 +01:00
"tailscale.com/util/set"
2023-04-03 21:08:29 +01:00
"tailscale.com/util/sysresources"
2021-04-27 22:40:29 +01:00
"tailscale.com/util/uniq"
2020-03-02 20:37:52 +00:00
"tailscale.com/version"
2023-02-08 23:48:27 +00:00
"tailscale.com/wgengine/capture"
2020-02-05 22:16:58 +00:00
)
2022-08-29 15:57:54 +01:00
const (
// These are disco.Magic in big-endian form, 4 then 2 bytes. The
// BPF filters need the magic in this format to match on it. Used
// only in magicsock_linux.go, but defined here so that the test
// which verifies this is the correct magic doesn't also need a
// _linux variant.
discoMagic1 = 0x5453f09f
discoMagic2 = 0x92ac
2022-09-26 23:49:59 +01:00
// UDP socket read/write buffer size (7MB). The value of 7MB is chosen as it
// is the max supported by a default configuration of macOS. Some platforms
// will silently clamp the value.
socketBufferSize = 7 << 20
2022-08-29 15:57:54 +01:00
)
2020-08-17 20:56:17 +01:00
// useDerpRoute reports whether magicsock should enable the DERP
// return path optimization (Issue 150).
func useDerpRoute ( ) bool {
2022-09-14 20:49:39 +01:00
if b , ok := debugUseDerpRoute ( ) . Get ( ) ; ok {
2022-01-24 18:52:57 +00:00
return b
2020-08-17 20:56:17 +01:00
}
ob := controlclient . DERPRouteFlag ( )
if v , ok := ob . Get ( ) ; ok {
return v
}
2022-01-13 21:56:40 +00:00
return true // as of 1.21.x
2020-08-17 20:56:17 +01:00
}
2021-08-26 03:39:20 +01:00
// peerInfo is all the information magicsock tracks about a particular
// peer.
type peerInfo struct {
2021-10-18 18:22:56 +01:00
ep * endpoint // always non-nil.
2021-08-26 03:39:20 +01:00
// ipPorts is an inverted version of peerMap.byIPPort (below), so
// that when we're deleting this node, we can rapidly find out the
// keys that need deleting from peerMap.byIPPort without having to
// iterate over every IPPort known for any peer.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
ipPorts map [ netip . AddrPort ] bool
2021-08-26 03:39:20 +01:00
}
2021-10-18 18:22:56 +01:00
func newPeerInfo ( ep * endpoint ) * peerInfo {
2021-08-26 03:39:20 +01:00
return & peerInfo {
2021-10-18 18:22:56 +01:00
ep : ep ,
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
ipPorts : map [ netip . AddrPort ] bool { } ,
2021-08-26 03:39:20 +01:00
}
}
// peerMap is an index of peerInfos by node (WireGuard) key, disco
// key, and discovered ip:port endpoints.
//
// Doesn't do any locking, all access must be done with Conn.mu held.
type peerMap struct {
2021-11-02 00:53:40 +00:00
byNodeKey map [ key . NodePublic ] * peerInfo
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
byIPPort map [ netip . AddrPort ] * peerInfo
2021-10-17 19:31:21 +01:00
2021-11-10 20:18:13 +00:00
// nodesOfDisco contains the set of nodes that are using a
2021-10-17 19:31:21 +01:00
// DiscoKey. Usually those sets will be just one node.
2021-11-02 00:53:40 +00:00
nodesOfDisco map [ key . DiscoPublic ] map [ key . NodePublic ] bool
2021-08-26 03:39:20 +01:00
}
func newPeerMap ( ) peerMap {
return peerMap {
2021-11-02 00:53:40 +00:00
byNodeKey : map [ key . NodePublic ] * peerInfo { } ,
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
byIPPort : map [ netip . AddrPort ] * peerInfo { } ,
2021-11-02 00:53:40 +00:00
nodesOfDisco : map [ key . DiscoPublic ] map [ key . NodePublic ] bool { } ,
2021-08-26 03:39:20 +01:00
}
}
// nodeCount returns the number of nodes currently in m.
func ( m * peerMap ) nodeCount ( ) int {
return len ( m . byNodeKey )
}
2021-10-15 22:40:49 +01:00
// anyEndpointForDiscoKey reports whether there exists any
// peers in the netmap with dk as their DiscoKey.
2021-10-29 22:27:29 +01:00
func ( m * peerMap ) anyEndpointForDiscoKey ( dk key . DiscoPublic ) bool {
2021-10-18 23:31:08 +01:00
return len ( m . nodesOfDisco [ dk ] ) > 0
2021-10-15 22:40:49 +01:00
}
2021-08-26 06:20:31 +01:00
// endpointForNodeKey returns the endpoint for nk, or nil if
2021-08-26 03:39:20 +01:00
// nk is not known to us.
2021-11-02 00:53:40 +00:00
func ( m * peerMap ) endpointForNodeKey ( nk key . NodePublic ) ( ep * endpoint , ok bool ) {
2021-08-26 03:39:20 +01:00
if nk . IsZero ( ) {
return nil , false
}
2021-10-18 22:27:39 +01:00
if info , ok := m . byNodeKey [ nk ] ; ok {
2021-08-26 03:39:20 +01:00
return info . ep , true
}
return nil , false
}
2021-08-26 06:20:31 +01:00
// endpointForIPPort returns the endpoint for the peer we
2021-08-26 03:39:20 +01:00
// believe to be at ipp, or nil if we don't know of any such peer.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( m * peerMap ) endpointForIPPort ( ipp netip . AddrPort ) ( ep * endpoint , ok bool ) {
2021-10-18 22:27:39 +01:00
if info , ok := m . byIPPort [ ipp ] ; ok {
2021-08-26 03:39:20 +01:00
return info . ep , true
}
return nil , false
}
2021-10-16 06:25:29 +01:00
// forEachEndpoint invokes f on every endpoint in m.
func ( m * peerMap ) forEachEndpoint ( f func ( ep * endpoint ) ) {
2021-08-26 03:39:20 +01:00
for _ , pi := range m . byNodeKey {
2021-10-18 22:27:39 +01:00
f ( pi . ep )
2021-08-26 03:39:20 +01:00
}
}
2023-01-28 05:04:32 +00:00
// forEachEndpointWithDiscoKey invokes f on every endpoint in m that has the
// provided DiscoKey until f returns false or there are no endpoints left to
// iterate.
func ( m * peerMap ) forEachEndpointWithDiscoKey ( dk key . DiscoPublic , f func ( * endpoint ) ( keepGoing bool ) ) {
2021-10-18 22:38:03 +01:00
for nk := range m . nodesOfDisco [ dk ] {
pi , ok := m . byNodeKey [ nk ]
if ! ok {
// Unexpected. Data structures would have to
// be out of sync. But we don't have a logger
// here to log [unexpected], so just skip.
// Maybe log later once peerMap is merged back
// into Conn.
continue
2021-10-16 05:44:52 +01:00
}
2023-01-28 05:04:32 +00:00
if ! f ( pi . ep ) {
return
}
2021-10-16 05:44:52 +01:00
}
}
2021-10-16 06:25:29 +01:00
// upsertEndpoint stores endpoint in the peerInfo for
2021-08-26 03:39:20 +01:00
// ep.publicKey, and updates indexes. m must already have a
// tailcfg.Node for ep.publicKey.
2021-11-10 22:03:47 +00:00
func ( m * peerMap ) upsertEndpoint ( ep * endpoint , oldDiscoKey key . DiscoPublic ) {
2021-11-11 02:20:41 +00:00
if m . byNodeKey [ ep . publicKey ] == nil {
m . byNodeKey [ ep . publicKey ] = newPeerInfo ( ep )
}
2023-04-08 23:36:47 +01:00
epDisco := ep . disco . Load ( )
if epDisco == nil || oldDiscoKey != epDisco . key {
2021-11-11 02:20:41 +00:00
delete ( m . nodesOfDisco [ oldDiscoKey ] , ep . publicKey )
2021-10-17 19:31:21 +01:00
}
2023-05-03 01:49:56 +01:00
if ep . isWireguardOnly {
// If the peer is a WireGuard only peer, add all of its endpoints.
// TODO(raggi,catzkorn): this could mean that if a "isWireguardOnly"
// peer has, say, 192.168.0.2 and so does a tailscale peer, the
// wireguard one will win. That may not be the outcome that we want -
// perhaps we should prefer bestAddr.AddrPort if it is set?
// see tailscale/tailscale#7994
for ipp := range ep . endpointState {
m . setNodeKeyForIPPort ( ipp , ep . publicKey )
2023-04-06 01:28:28 +01:00
}
2023-04-08 23:36:47 +01:00
return
}
set := m . nodesOfDisco [ epDisco . key ]
2022-11-18 20:43:09 +00:00
if set == nil {
set = map [ key . NodePublic ] bool { }
2023-04-08 23:36:47 +01:00
m . nodesOfDisco [ epDisco . key ] = set
2021-08-26 03:39:20 +01:00
}
2022-11-18 20:43:09 +00:00
set [ ep . publicKey ] = true
2021-08-26 03:39:20 +01:00
}
2021-10-18 21:29:09 +01:00
// setNodeKeyForIPPort makes future peer lookups by ipp return the
// same endpoint as a lookup by nk.
//
// This should only be called with a fully verified mapping of ipp to
// nk, because calling this function defines the endpoint we hand to
// WireGuard for packets received from ipp.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( m * peerMap ) setNodeKeyForIPPort ( ipp netip . AddrPort , nk key . NodePublic ) {
2021-08-26 03:39:20 +01:00
if pi := m . byIPPort [ ipp ] ; pi != nil {
delete ( pi . ipPorts , ipp )
delete ( m . byIPPort , ipp )
}
2021-10-18 21:29:09 +01:00
if pi , ok := m . byNodeKey [ nk ] ; ok {
2021-08-26 03:39:20 +01:00
pi . ipPorts [ ipp ] = true
m . byIPPort [ ipp ] = pi
}
}
2021-10-16 06:25:29 +01:00
// deleteEndpoint deletes the peerInfo associated with ep, and
2021-08-26 03:39:20 +01:00
// updates indexes.
2021-10-16 06:25:29 +01:00
func ( m * peerMap ) deleteEndpoint ( ep * endpoint ) {
2021-08-26 03:39:20 +01:00
if ep == nil {
return
}
ep . stopAndReset ( )
2023-04-08 23:36:47 +01:00
epDisco := ep . disco . Load ( )
2021-09-08 16:12:29 +01:00
pi := m . byNodeKey [ ep . publicKey ]
2023-04-08 23:36:47 +01:00
if epDisco != nil {
delete ( m . nodesOfDisco [ epDisco . key ] , ep . publicKey )
}
2021-08-26 03:39:20 +01:00
delete ( m . byNodeKey , ep . publicKey )
2021-09-08 16:12:29 +01:00
if pi == nil {
// Kneejerk paranoia from earlier issue 2801.
// Unexpected. But no logger plumbed here to log so.
return
}
2021-08-26 03:39:20 +01:00
for ip := range pi . ipPorts {
delete ( m . byIPPort , ip )
}
}
2020-02-05 22:16:58 +00:00
// A Conn routes UDP packets and actively manages a list of its endpoints.
type Conn struct {
2020-12-15 07:58:35 +00:00
// This block mirrors the contents and field order of the Options
// struct. Initialized once at construction, then constant.
2021-08-26 06:26:25 +01:00
logf logger . Logf
epFunc func ( [ ] tailcfg . Endpoint )
derpActiveFunc func ( )
idleFunc func ( ) time . Duration // nil means unknown
testOnlyPacketListener nettype . PacketListener
2021-11-02 00:53:40 +00:00
noteRecvActivity func ( key . NodePublic ) // or nil, see Options.NoteRecvActivity
2023-04-18 22:26:58 +01:00
netMon * netmon . Monitor // or nil
2020-02-18 18:55:25 +00:00
2020-12-15 07:58:35 +00:00
// ================================================================
// No locking required to access these fields, either because
// they're static after construction, or are wholly owned by a
// single goroutine.
connCtx context . Context // closed on Conn.Close
connCtxCancel func ( ) // closes connCtx
2021-01-16 03:13:59 +00:00
donec <- chan struct { } // connCtx.Done()'s to avoid context.cancelCtx.Done()'s mutex per call
2020-12-15 07:58:35 +00:00
// pconn4 and pconn6 are the underlying UDP sockets used to
// send/receive packets for wireguard and other magicsock
// protocols.
2022-09-02 22:24:51 +01:00
pconn4 RebindingUDPConn
pconn6 RebindingUDPConn
2020-12-15 07:58:35 +00:00
2022-12-09 01:58:14 +00:00
receiveBatchPool sync . Pool
2022-08-29 15:57:54 +01:00
// closeDisco4 and closeDisco6 are io.Closers to shut down the raw
// disco packet receivers. If nil, no raw disco receiver is
// running for the given family.
closeDisco4 io . Closer
closeDisco6 io . Closer
2020-12-15 07:58:35 +00:00
// netChecker is the prober that discovers local network
// conditions, including the closest DERP relay and NAT mappings.
netChecker * netcheck . Client
2021-02-20 06:15:41 +00:00
// portMapper is the NAT-PMP/PCP/UPnP prober/client, for requesting
// port mappings from NAT devices.
portMapper * portmapper . Client
2020-03-13 15:55:38 +00:00
// stunReceiveFunc holds the current STUN packet processing func.
// Its Loaded value is always non-nil.
2022-08-04 18:43:49 +01:00
stunReceiveFunc syncs . AtomicValue [ func ( p [ ] byte , fromAddr netip . AddrPort ) ]
2020-03-13 15:55:38 +00:00
2021-03-24 16:41:57 +00:00
// derpRecvCh is used by receiveDERP to read DERP messages.
2022-01-14 21:43:24 +00:00
// It must have buffer size > 0; see issue 3736.
2020-03-13 15:55:38 +00:00
derpRecvCh chan derpReadResult
2021-03-24 16:41:57 +00:00
// bind is the wireguard-go conn.Bind for Conn.
bind * connBind
2021-01-18 16:39:52 +00:00
2020-06-26 22:38:53 +01:00
// ============================================================
2021-06-22 21:00:40 +01:00
// Fields that must be accessed via atomic load/stores.
// noV4 and noV6 are whether IPv4 and IPv6 are known to be
// missing. They're only used to suppress log spam. The name
// is named negatively because in early start-up, we don't yet
// necessarily have a netcheck.Report and don't want to skip
// logging.
2022-08-04 05:51:02 +01:00
noV4 , noV6 atomic . Bool
2021-06-22 21:00:40 +01:00
2021-10-07 01:43:37 +01:00
// noV4Send is whether IPv4 UDP is known to be unable to transmit
// at all. This could happen if the socket is in an invalid state
// (as can happen on darwin after a network link status change).
2022-08-04 05:51:02 +01:00
noV4Send atomic . Bool
2021-10-07 01:43:37 +01:00
2021-06-22 21:00:40 +01:00
// networkUp is whether the network is up (some interface is up
// with IPv4 or IPv6). It's used to suppress log spam and prevent
// new connection that'll fail.
2022-08-04 05:51:02 +01:00
networkUp atomic . Bool
2021-06-22 21:00:40 +01:00
2022-10-04 04:39:45 +01:00
// Whether debugging logging is enabled.
debugLogging atomic . Bool
2021-06-22 21:00:40 +01:00
// havePrivateKey is whether privateKey is non-zero.
2022-08-04 05:51:02 +01:00
havePrivateKey atomic . Bool
2022-08-04 18:43:49 +01:00
publicKeyAtomic syncs . AtomicValue [ key . NodePublic ] // or NodeKey zero value if !havePrivateKey
2021-06-22 21:00:40 +01:00
2022-01-13 21:37:26 +00:00
// derpMapAtomic is the same as derpMap, but without requiring
// sync.Mutex. For use with NewRegionClient's callback, to avoid
// lock ordering deadlocks. See issue 3726 and mu field docs.
2022-08-04 05:31:40 +01:00
derpMapAtomic atomic . Pointer [ tailcfg . DERPMap ]
2022-01-13 21:37:26 +00:00
2022-08-04 05:31:40 +01:00
lastNetCheckReport atomic . Pointer [ netcheck . Report ]
2022-01-29 22:52:00 +00:00
2021-06-22 21:00:40 +01:00
// port is the preferred port from opts.Port; 0 means auto.
2022-08-04 05:51:02 +01:00
port atomic . Uint32
2021-06-22 21:00:40 +01:00
2022-10-28 00:26:52 +01:00
// stats maintains per-connection counters.
2022-11-28 23:59:33 +00:00
stats atomic . Pointer [ connstats . Statistics ]
2022-10-28 00:26:52 +01:00
2023-02-08 23:48:27 +00:00
// captureHook, if non-nil, is the pcap logging callback when capturing.
captureHook syncs . AtomicValue [ capture . Callback ]
2023-04-10 00:59:18 +01:00
// discoPrivate is the private naclbox key used for active
// discovery traffic. It is always present, and immutable.
discoPrivate key . DiscoPrivate
// public of discoPrivate. It is always present and immutable.
discoPublic key . DiscoPublic
// ShortString of discoPublic (to save logging work later). It is always
// present and immutable.
discoShort string
2021-06-22 21:00:40 +01:00
// ============================================================
2022-01-13 21:37:26 +00:00
// mu guards all following fields; see userspaceEngine lock
// ordering rules against the engine. For derphttp, mu must
// be held before derphttp.Client.mu.
2021-06-22 21:00:40 +01:00
mu sync . Mutex
2020-08-04 17:36:38 +01:00
muCond * sync . Cond
2020-03-13 15:55:38 +00:00
2023-01-18 02:54:03 +00:00
closed bool // Close was called
closing atomic . Bool // Close is in progress (or done)
2020-03-13 15:55:38 +00:00
2021-01-19 23:29:50 +00:00
// derpCleanupTimer is the timer that fires to occasionally clean
// up idle DERP connections. It's only used when there is a non-home
// DERP connection in use.
derpCleanupTimer * time . Timer
// derpCleanupTimerArmed is whether derpCleanupTimer is
// scheduled to fire within derpCleanStaleInterval.
derpCleanupTimerArmed bool
2021-01-20 17:52:24 +00:00
// periodicReSTUNTimer, when non-nil, is an AfterFunc timer
// that will call Conn.doPeriodicSTUN.
periodicReSTUNTimer * time . Timer
2020-12-15 07:58:35 +00:00
// endpointsUpdateActive indicates that updateEndpoints is
// currently running. It's used to deduplicate concurrent endpoint
// update requests.
2020-03-13 15:55:38 +00:00
endpointsUpdateActive bool
2020-12-15 07:58:35 +00:00
// wantEndpointsUpdate, if non-empty, means that a new endpoints
// update should begin immediately after the currently-running one
// completes. It can only be non-empty if
// endpointsUpdateActive==true.
wantEndpointsUpdate string // true if non-empty; string is reason
// lastEndpoints records the endpoints found during the previous
// endpoint discovery. It's used to avoid duplicate endpoint
// change notifications.
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
lastEndpoints [ ] tailcfg . Endpoint
2020-12-15 07:58:35 +00:00
2021-01-20 17:52:24 +00:00
// lastEndpointsTime is the last time the endpoints were updated,
// even if there was no change.
lastEndpointsTime time . Time
// onEndpointRefreshed are funcs to run (in their own goroutines)
// when endpoints are refreshed.
2021-08-26 06:20:31 +01:00
onEndpointRefreshed map [ * endpoint ] func ( )
2021-01-20 17:52:24 +00:00
2023-04-14 21:37:10 +01:00
// endpointTracker tracks the set of cached endpoints that we advertise
// for a period of time before withdrawing them.
endpointTracker endpointTracker
2020-12-15 07:58:35 +00:00
// peerSet is the set of peers that are currently configured in
// WireGuard. These are not used to filter inbound or outbound
// traffic at all, but only to track what state can be cleaned up
// in other maps below that are keyed by peer public key.
2021-10-29 21:15:27 +01:00
peerSet map [ key . NodePublic ] struct { }
2020-12-15 07:58:35 +00:00
// nodeOfDisco tracks the networkmap Node entity for each peer
// discovery key.
2021-08-26 03:39:20 +01:00
peerMap peerMap
2021-10-16 04:45:33 +01:00
// discoInfo is the state for an active DiscoKey.
2021-10-29 22:27:29 +01:00
discoInfo map [ key . DiscoPublic ] * discoInfo
2020-02-05 22:16:58 +00:00
2020-12-15 07:58:35 +00:00
// netInfoFunc is a callback that provides a tailcfg.NetInfo when
// discovered network conditions change.
//
// TODO(danderson): why can't it be set at construction time?
// There seem to be a few natural places in ipn/local.go to
// swallow untimely invocations.
2020-03-04 06:21:56 +00:00
netInfoFunc func ( * tailcfg . NetInfo ) // nil until set
2020-12-15 07:58:35 +00:00
// netInfoLast is the NetInfo provided in the last call to
// netInfoFunc. It's used to deduplicate calls to netInfoFunc.
//
// TODO(danderson): should all the deduping happen in
// ipn/local.go? We seem to be doing dedupe at several layers, and
// magicsock could do with any complexity reduction it can get.
2020-03-04 06:21:56 +00:00
netInfoLast * tailcfg . NetInfo
2020-05-17 17:51:38 +01:00
derpMap * tailcfg . DERPMap // nil (or zero regions/nodes) means DERP is disabled
2021-02-05 23:44:46 +00:00
netMap * netmap . NetworkMap
2021-10-29 21:15:27 +01:00
privateKey key . NodePrivate // WireGuard private key for this node
2020-07-28 00:26:33 +01:00
everHadKey bool // whether we ever had a non-zero private key
2020-05-17 17:51:38 +01:00
myDerp int // nearest DERP region ID; 0 means none/unknown
2020-07-27 20:23:14 +01:00
derpStarted chan struct { } // closed on first connection to DERP; for tests & cleaner Close
2020-05-17 17:51:38 +01:00
activeDerp map [ int ] activeDerp // DERP regionID -> connection to a node in that region
prevDerp map [ int ] * syncs . WaitGroupChan
2020-03-23 21:12:23 +00:00
// derpRoute contains optional alternate routes to use as an
// optimization instead of contacting a peer via their home
// DERP connection. If they sent us a message on a different
// DERP connection (which should really only be on our DERP
// home connection, or what was once our home), then we
// remember that route here to optimistically use instead of
// creating a new DERP connection back to their home.
2021-10-29 21:15:27 +01:00
derpRoute map [ key . NodePublic ] derpRoute
2020-03-23 21:12:23 +00:00
// peerLastDerp tracks which DERP node we last used to speak with a
// peer. It's only used to quiet logging, so we only log on change.
2021-10-29 21:15:27 +01:00
peerLastDerp map [ key . NodePublic ] int
2023-05-03 01:49:56 +01:00
// wgPinger is the WireGuard only pinger used for latency measurements.
wgPinger lazy . SyncValue [ * ping . Pinger ]
2020-03-22 01:24:28 +00:00
}
2022-10-04 04:39:45 +01:00
// SetDebugLoggingEnabled controls whether spammy debug logging is enabled.
//
// Note that this is currently independent from the log levels, even though
// they're pretty correlated: debugging logs should be [v1] (or higher), but
// some non-debug logs may also still have a [vN] annotation. The [vN] level
// controls which gets shown in stderr. The dlogf method, on the other hand,
// controls which gets even printed or uploaded at any level.
func ( c * Conn ) SetDebugLoggingEnabled ( v bool ) {
c . debugLogging . Store ( v )
}
// dlogf logs a debug message if debug logging is enabled via SetDebugLoggingEnabled.
func ( c * Conn ) dlogf ( format string , a ... any ) {
if c . debugLogging . Load ( ) {
c . logf ( format , a ... )
}
}
2020-03-22 01:24:28 +00:00
// derpRoute is a route entry for a public key, saying that a certain
// peer should be available at DERP node derpID, as long as the
// current connection for that derpID is dc. (but dc should not be
// used to write directly; it's owned by the read/write loops)
type derpRoute struct {
derpID int
dc * derphttp . Client // don't use directly; see comment above
}
// removeDerpPeerRoute removes a DERP route entry previously added by addDerpPeerRoute.
2021-10-29 21:15:27 +01:00
func ( c * Conn ) removeDerpPeerRoute ( peer key . NodePublic , derpID int , dc * derphttp . Client ) {
2020-03-22 01:24:28 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
r2 := derpRoute { derpID , dc }
if r , ok := c . derpRoute [ peer ] ; ok && r == r2 {
delete ( c . derpRoute , peer )
}
}
// addDerpPeerRoute adds a DERP route entry, noting that peer was seen
// on DERP node derpID, at least on the connection identified by dc.
// See issue 150 for details.
2021-10-29 21:15:27 +01:00
func ( c * Conn ) addDerpPeerRoute ( peer key . NodePublic , derpID int , dc * derphttp . Client ) {
2020-03-22 01:24:28 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2022-04-22 04:25:24 +01:00
mak . Set ( & c . derpRoute , peer , derpRoute { derpID , dc } )
2020-02-05 22:16:58 +00:00
}
2022-07-26 04:55:44 +01:00
var derpMagicIPAddr = netip . MustParseAddr ( tailcfg . DerpMagicIP )
2020-03-09 22:20:33 +00:00
2020-03-05 16:54:08 +00:00
// activeDerp contains fields for an active DERP connection.
type activeDerp struct {
2020-03-23 21:12:23 +00:00
c * derphttp . Client
cancel context . CancelFunc
writeCh chan <- derpWriteRequest
// lastWrite is the time of the last request for its write
// channel (currently even if there was no write).
2021-02-09 17:37:24 +00:00
// It is always non-nil and initialized to a non-zero Time.
2020-03-23 21:12:23 +00:00
lastWrite * time . Time
createTime time . Time
2020-03-05 16:54:08 +00:00
}
2020-02-05 22:16:58 +00:00
// Options contains options for Listen.
type Options struct {
2020-03-19 16:39:00 +00:00
// Logf optionally provides a log function to use.
Add tstest.PanicOnLog(), and fix various problems detected by this.
If a test calls log.Printf, 'go test' horrifyingly rearranges the
output to no longer be in chronological order, which makes debugging
virtually impossible. Let's stop that from happening by making
log.Printf panic if called from any module, no matter how deep, during
tests.
This required us to change the default error handler in at least one
http.Server, as well as plumbing a bunch of logf functions around,
especially in magicsock and wgengine, but also in logtail and backoff.
To add insult to injury, 'go test' also rearranges the output when a
parent test has multiple sub-tests (all the sub-test's t.Logf is always
printed after all the parent tests t.Logf), so we need to screw around
with a special Logf that can point at the "current" t (current_t.Logf)
in some places. Probably our entire way of using subtests is wrong,
since 'go test' would probably like to run them all in parallel if you
called t.Parallel(), but it definitely can't because the're all
manipulating the shared state created by the parent test. They should
probably all be separate toplevel tests instead, with common
setup/teardown logic. But that's a job for another time.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-05-14 03:59:54 +01:00
// Must not be nil.
2020-03-07 21:11:52 +00:00
Logf logger . Logf
2020-02-05 22:16:58 +00:00
// Port is the port to listen on.
// Zero means to pick one automatically.
Port uint16
// EndpointsFunc optionally provides a func to be called when
// endpoints change. The called func does not own the slice.
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
EndpointsFunc func ( [ ] tailcfg . Endpoint )
2020-06-25 22:19:12 +01:00
2020-08-25 21:21:29 +01:00
// DERPActiveFunc optionally provides a func to be called when
// a connection is made to a DERP server.
DERPActiveFunc func ( )
2020-06-25 22:19:12 +01:00
// IdleFunc optionally provides a func to return how long
// it's been since a TUN packet was sent or received.
IdleFunc func ( ) time . Duration
2020-07-10 22:26:04 +01:00
2021-08-26 06:26:25 +01:00
// TestOnlyPacketListener optionally specifies how to create PacketConns.
// Only used by tests.
TestOnlyPacketListener nettype . PacketListener
2020-07-23 23:15:28 +01:00
2021-09-01 03:06:04 +01:00
// NoteRecvActivity, if provided, is a func for magicsock to call
// whenever it receives a packet from a a peer if it's been more
// than ~10 seconds since the last one. (10 seconds is somewhat
// arbitrary; the sole user just doesn't need or want it called on
2022-05-04 20:10:17 +01:00
// every packet, just every minute or two for WireGuard timeouts,
2021-09-01 03:06:04 +01:00
// and 10 seconds seems like a good trade-off between often enough
// and not too often.)
// The provided func is likely to call back into
// Conn.ParseEndpoint, which acquires Conn.mu. As such, you should
// not hold Conn.mu while calling it.
2021-11-02 00:53:40 +00:00
NoteRecvActivity func ( key . NodePublic )
2020-10-28 15:23:12 +00:00
2023-04-18 22:26:58 +01:00
// NetMon is the network monitor to use.
2021-03-15 20:58:10 +00:00
// With one, the portmapper won't be used.
2023-04-18 22:26:58 +01:00
NetMon * netmon . Monitor
2020-02-05 22:16:58 +00:00
}
2020-03-19 16:39:00 +00:00
func ( o * Options ) logf ( ) logger . Logf {
Add tstest.PanicOnLog(), and fix various problems detected by this.
If a test calls log.Printf, 'go test' horrifyingly rearranges the
output to no longer be in chronological order, which makes debugging
virtually impossible. Let's stop that from happening by making
log.Printf panic if called from any module, no matter how deep, during
tests.
This required us to change the default error handler in at least one
http.Server, as well as plumbing a bunch of logf functions around,
especially in magicsock and wgengine, but also in logtail and backoff.
To add insult to injury, 'go test' also rearranges the output when a
parent test has multiple sub-tests (all the sub-test's t.Logf is always
printed after all the parent tests t.Logf), so we need to screw around
with a special Logf that can point at the "current" t (current_t.Logf)
in some places. Probably our entire way of using subtests is wrong,
since 'go test' would probably like to run them all in parallel if you
called t.Parallel(), but it definitely can't because the're all
manipulating the shared state created by the parent test. They should
probably all be separate toplevel tests instead, with common
setup/teardown logic. But that's a job for another time.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-05-14 03:59:54 +01:00
if o . Logf == nil {
panic ( "must provide magicsock.Options.logf" )
2020-03-19 16:39:00 +00:00
}
Add tstest.PanicOnLog(), and fix various problems detected by this.
If a test calls log.Printf, 'go test' horrifyingly rearranges the
output to no longer be in chronological order, which makes debugging
virtually impossible. Let's stop that from happening by making
log.Printf panic if called from any module, no matter how deep, during
tests.
This required us to change the default error handler in at least one
http.Server, as well as plumbing a bunch of logf functions around,
especially in magicsock and wgengine, but also in logtail and backoff.
To add insult to injury, 'go test' also rearranges the output when a
parent test has multiple sub-tests (all the sub-test's t.Logf is always
printed after all the parent tests t.Logf), so we need to screw around
with a special Logf that can point at the "current" t (current_t.Logf)
in some places. Probably our entire way of using subtests is wrong,
since 'go test' would probably like to run them all in parallel if you
called t.Parallel(), but it definitely can't because the're all
manipulating the shared state created by the parent test. They should
probably all be separate toplevel tests instead, with common
setup/teardown logic. But that's a job for another time.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-05-14 03:59:54 +01:00
return o . Logf
2020-03-19 16:39:00 +00:00
}
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
func ( o * Options ) endpointsFunc ( ) func ( [ ] tailcfg . Endpoint ) {
2020-02-05 22:16:58 +00:00
if o == nil || o . EndpointsFunc == nil {
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
return func ( [ ] tailcfg . Endpoint ) { }
2020-02-05 22:16:58 +00:00
}
return o . EndpointsFunc
}
2020-08-25 21:21:29 +01:00
func ( o * Options ) derpActiveFunc ( ) func ( ) {
if o == nil || o . DERPActiveFunc == nil {
return func ( ) { }
}
return o . DERPActiveFunc
}
2020-05-17 17:51:38 +01:00
// newConn is the error-free, network-listening-side-effect-free based
// of NewConn. Mostly for tests.
func newConn ( ) * Conn {
2023-04-10 00:59:18 +01:00
discoPrivate := key . NewDisco ( )
2020-02-05 22:16:58 +00:00
c := & Conn {
2022-01-14 21:43:24 +00:00
derpRecvCh : make ( chan derpReadResult , 1 ) , // must be buffered, see issue 3736
2021-10-16 04:45:33 +01:00
derpStarted : make ( chan struct { } ) ,
2021-10-29 21:15:27 +01:00
peerLastDerp : make ( map [ key . NodePublic ] int ) ,
2021-10-16 04:45:33 +01:00
peerMap : newPeerMap ( ) ,
2021-10-29 22:27:29 +01:00
discoInfo : make ( map [ key . DiscoPublic ] * discoInfo ) ,
2023-04-10 00:59:18 +01:00
discoPrivate : discoPrivate ,
discoPublic : discoPrivate . Public ( ) ,
2020-02-05 22:16:58 +00:00
}
2023-04-10 00:59:18 +01:00
c . discoShort = c . discoPublic . ShortString ( )
2021-03-24 16:41:57 +00:00
c . bind = & connBind { Conn : c , closed : true }
2022-12-09 01:58:14 +00:00
c . receiveBatchPool = sync . Pool { New : func ( ) any {
msgs := make ( [ ] ipv6 . Message , c . bind . BatchSize ( ) )
for i := range msgs {
msgs [ i ] . Buffers = make ( [ ] [ ] byte , 1 )
2023-04-05 00:32:16 +01:00
msgs [ i ] . OOB = make ( [ ] byte , controlMessageSize )
2022-12-09 01:58:14 +00:00
}
batch := & receiveBatch {
msgs : msgs ,
}
return batch
} }
2020-08-04 17:36:38 +01:00
c . muCond = sync . NewCond ( & c . mu )
2022-08-04 05:51:02 +01:00
c . networkUp . Store ( true ) // assume up until told otherwise
2020-05-17 17:51:38 +01:00
return c
}
// NewConn creates a magic Conn listening on opts.Port.
// As the set of possible endpoints for a Conn changes, the
// callback opts.EndpointsFunc is called.
func NewConn ( opts Options ) ( * Conn , error ) {
c := newConn ( )
2022-08-04 05:51:02 +01:00
c . port . Store ( uint32 ( opts . Port ) )
2020-05-17 17:51:38 +01:00
c . logf = opts . logf ( )
c . epFunc = opts . endpointsFunc ( )
2020-08-25 21:21:29 +01:00
c . derpActiveFunc = opts . derpActiveFunc ( )
2020-06-25 22:19:12 +01:00
c . idleFunc = opts . IdleFunc
2021-08-26 06:26:25 +01:00
c . testOnlyPacketListener = opts . TestOnlyPacketListener
2020-07-23 23:15:28 +01:00
c . noteRecvActivity = opts . NoteRecvActivity
2023-04-18 00:01:41 +01:00
c . portMapper = portmapper . NewClient ( logger . WithPrefix ( c . logf , "portmapper: " ) , opts . NetMon , nil , c . onPortMapChanged )
2023-04-18 22:26:58 +01:00
if opts . NetMon != nil {
c . portMapper . SetGatewayLookupFunc ( opts . NetMon . GatewayAndSelfIP )
2021-03-15 20:58:10 +00:00
}
2023-04-18 22:26:58 +01:00
c . netMon = opts . NetMon
2020-03-19 16:39:00 +00:00
2022-09-02 22:24:51 +01:00
if err := c . rebind ( keepCurrentPort ) ; err != nil {
2020-03-19 16:39:00 +00:00
return nil , err
}
c . connCtx , c . connCtxCancel = context . WithCancel ( context . Background ( ) )
2021-01-16 03:13:59 +00:00
c . donec = c . connCtx . Done ( )
2020-03-09 22:20:33 +00:00
c . netChecker = & netcheck . Client {
2020-10-28 15:23:12 +00:00
Logf : logger . WithPrefix ( c . logf , "netcheck: " ) ,
2023-04-18 00:01:41 +01:00
NetMon : c . netMon ,
2022-09-02 22:24:51 +01:00
GetSTUNConn4 : func ( ) netcheck . STUNConn { return & c . pconn4 } ,
GetSTUNConn6 : func ( ) netcheck . STUNConn { return & c . pconn6 } ,
2020-10-28 15:23:12 +00:00
SkipExternalNetwork : inTest ( ) ,
2021-02-20 06:15:41 +00:00
PortMapper : c . portMapper ,
2023-04-14 17:13:03 +01:00
UseDNSCache : true ,
2020-03-19 16:39:00 +00:00
}
2021-02-20 06:15:41 +00:00
2020-02-18 16:57:11 +00:00
c . ignoreSTUNPackets ( )
2020-05-17 17:51:38 +01:00
2022-08-29 15:57:54 +01:00
if d4 , err := c . listenRawDisco ( "ip4" ) ; err == nil {
c . logf ( "[v1] using BPF disco receiver for IPv4" )
c . closeDisco4 = d4
} else {
c . logf ( "[v1] couldn't create raw v4 disco listener, using regular listener instead: %v" , err )
}
if d6 , err := c . listenRawDisco ( "ip6" ) ; err == nil {
c . logf ( "[v1] using BPF disco receiver for IPv6" )
c . closeDisco6 = d6
} else {
c . logf ( "[v1] couldn't create raw v6 disco listener, using regular listener instead: %v" , err )
}
2023-04-10 00:59:18 +01:00
c . logf ( "magicsock: disco key = %v" , c . discoShort )
2020-05-17 17:51:38 +01:00
return c , nil
}
2023-02-08 23:48:27 +00:00
// InstallCaptureHook installs a callback which is called to
// log debug information into the pcap stream. This function
// can be called with a nil argument to uninstall the capture
// hook.
func ( c * Conn ) InstallCaptureHook ( cb capture . Callback ) {
c . captureHook . Store ( cb )
}
2020-02-18 16:57:11 +00:00
// ignoreSTUNPackets sets a STUN packet processing func that does nothing.
func ( c * Conn ) ignoreSTUNPackets ( ) {
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
c . stunReceiveFunc . Store ( func ( [ ] byte , netip . AddrPort ) { } )
2020-02-18 16:57:11 +00:00
}
2021-01-20 17:52:24 +00:00
// doPeriodicSTUN is called (in a new goroutine) by
// periodicReSTUNTimer when periodic STUNs are active.
func ( c * Conn ) doPeriodicSTUN ( ) { c . ReSTUN ( "periodic" ) }
func ( c * Conn ) stopPeriodicReSTUNTimerLocked ( ) {
if t := c . periodicReSTUNTimer ; t != nil {
t . Stop ( )
c . periodicReSTUNTimer = nil
}
}
2020-03-13 15:55:38 +00:00
// c.mu must NOT be held.
func ( c * Conn ) updateEndpoints ( why string ) {
2022-04-22 18:40:49 +01:00
metricUpdateEndpoints . Add ( 1 )
2020-03-13 15:55:38 +00:00
defer func ( ) {
c . mu . Lock ( )
defer c . mu . Unlock ( )
why := c . wantEndpointsUpdate
c . wantEndpointsUpdate = ""
2021-01-20 17:52:24 +00:00
if ! c . closed {
if why != "" {
go c . updateEndpoints ( why )
return
}
if c . shouldDoPeriodicReSTUNLocked ( ) {
// Pick a random duration between 20
// and 26 seconds (just under 30s, a
// common UDP NAT timeout on Linux,
// etc)
d := tstime . RandomDurationBetween ( 20 * time . Second , 26 * time . Second )
if t := c . periodicReSTUNTimer ; t != nil {
2022-09-14 20:49:39 +01:00
if debugReSTUNStopOnIdle ( ) {
2021-01-20 17:52:24 +00:00
c . logf ( "resetting existing periodicSTUN to run in %v" , d )
}
t . Reset ( d )
} else {
2022-09-14 20:49:39 +01:00
if debugReSTUNStopOnIdle ( ) {
2021-01-20 17:52:24 +00:00
c . logf ( "scheduling periodicSTUN to run in %v" , d )
}
c . periodicReSTUNTimer = time . AfterFunc ( d , c . doPeriodicSTUN )
}
} else {
2022-09-14 20:49:39 +01:00
if debugReSTUNStopOnIdle ( ) {
2021-01-20 17:52:24 +00:00
c . logf ( "periodic STUN idle" )
}
c . stopPeriodicReSTUNTimerLocked ( )
}
2020-02-05 22:16:58 +00:00
}
2021-01-20 17:52:24 +00:00
c . endpointsUpdateActive = false
c . muCond . Broadcast ( )
2020-03-13 15:55:38 +00:00
} ( )
2022-10-04 04:39:45 +01:00
c . dlogf ( "[v1] magicsock: starting endpoint update (%s)" , why )
2022-08-04 05:51:02 +01:00
if c . noV4Send . Load ( ) && runtime . GOOS != "js" {
2021-10-16 21:59:13 +01:00
c . mu . Lock ( )
closed := c . closed
c . mu . Unlock ( )
if ! closed {
c . logf ( "magicsock: last netcheck reported send error. Rebinding." )
c . Rebind ( )
}
2021-10-07 01:43:37 +01:00
}
2020-02-05 22:16:58 +00:00
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
endpoints , err := c . determineEndpoints ( c . connCtx )
2020-03-13 15:55:38 +00:00
if err != nil {
2020-03-23 21:12:23 +00:00
c . logf ( "magicsock: endpoint update (%s) failed: %v" , why , err )
2020-03-13 15:55:38 +00:00
// TODO(crawshaw): are there any conditions under which
// we should trigger a retry based on the error here?
return
}
2020-03-04 06:21:56 +00:00
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
if c . setEndpoints ( endpoints ) {
c . logEndpointChange ( endpoints )
2020-03-13 15:55:38 +00:00
c . epFunc ( endpoints )
}
}
2020-03-04 06:21:56 +00:00
2020-03-13 15:55:38 +00:00
// setEndpoints records the new endpoints, reporting whether they're changed.
// It takes ownership of the slice.
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
func ( c * Conn ) setEndpoints ( endpoints [ ] tailcfg . Endpoint ) ( changed bool ) {
2020-10-14 18:44:54 +01:00
anySTUN := false
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
for _ , ep := range endpoints {
if ep . Type == tailcfg . EndpointSTUN {
2020-10-14 18:44:54 +01:00
anySTUN = true
}
}
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2020-10-14 18:44:54 +01:00
if ! anySTUN && c . derpMap == nil && ! inTest ( ) {
// Don't bother storing or reporting this yet. We
// don't have a DERP map or any STUN entries, so we're
// just starting up. A DERP map should arrive shortly
// and then we'll have more interesting endpoints to
// report. This saves a map update.
// TODO(bradfitz): this optimization is currently
// skipped during the e2e tests because they depend
// too much on the exact sequence of updates. Fix the
// tests. But a protocol rewrite might happen first.
2022-10-04 04:39:45 +01:00
c . dlogf ( "[v1] magicsock: ignoring pre-DERP map, STUN-less endpoint update: %v" , endpoints )
2020-10-14 18:44:54 +01:00
return false
}
2021-01-20 17:52:24 +00:00
c . lastEndpointsTime = time . Now ( )
for de , fn := range c . onEndpointRefreshed {
go fn ( )
delete ( c . onEndpointRefreshed , de )
}
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
if endpointSetsEqual ( endpoints , c . lastEndpoints ) {
2020-03-13 15:55:38 +00:00
return false
2020-02-05 22:16:58 +00:00
}
2020-03-13 15:55:38 +00:00
c . lastEndpoints = endpoints
return true
2020-02-05 22:16:58 +00:00
}
2021-03-09 23:09:10 +00:00
// setNetInfoHavePortMap updates NetInfo.HavePortMap to true.
func ( c * Conn ) setNetInfoHavePortMap ( ) {
c . mu . Lock ( )
defer c . mu . Unlock ( )
if c . netInfoLast == nil {
// No NetInfo yet. Nothing to update.
return
}
if c . netInfoLast . HavePortMap {
// No change.
return
}
ni := c . netInfoLast . Clone ( )
ni . HavePortMap = true
c . callNetInfoCallbackLocked ( ni )
}
2020-03-09 22:20:33 +00:00
func ( c * Conn ) updateNetInfo ( ctx context . Context ) ( * netcheck . Report , error ) {
2020-05-17 17:51:38 +01:00
c . mu . Lock ( )
dm := c . derpMap
c . mu . Unlock ( )
2020-10-07 04:24:10 +01:00
if dm == nil || c . networkDown ( ) {
2020-03-10 18:35:43 +00:00
return new ( netcheck . Report ) , nil
2020-03-06 15:47:54 +00:00
}
2020-03-09 22:20:33 +00:00
ctx , cancel := context . WithTimeout ( ctx , 2 * time . Second )
2020-03-04 06:21:56 +00:00
defer cancel ( )
2020-03-09 22:20:33 +00:00
c . stunReceiveFunc . Store ( c . netChecker . ReceiveSTUNPacket )
defer c . ignoreSTUNPackets ( )
2020-05-17 17:51:38 +01:00
report , err := c . netChecker . GetReport ( ctx , dm )
2020-03-04 06:21:56 +00:00
if err != nil {
2020-03-09 22:20:33 +00:00
return nil , err
2020-03-04 06:21:56 +00:00
}
2022-01-29 22:52:00 +00:00
c . lastNetCheckReport . Store ( report )
2022-08-04 05:51:02 +01:00
c . noV4 . Store ( ! report . IPv4 )
c . noV6 . Store ( ! report . IPv6 )
c . noV4Send . Store ( ! report . IPv4CanSend )
2020-05-29 20:40:51 +01:00
2020-03-04 06:21:56 +00:00
ni := & tailcfg . NetInfo {
DERPLatency : map [ string ] float64 { } ,
MappingVariesByDestIP : report . MappingVariesByDestIP ,
HairPinning : report . HairPinning ,
2020-07-06 21:51:17 +01:00
UPnP : report . UPnP ,
PMP : report . PMP ,
PCP : report . PCP ,
2021-03-09 23:09:10 +00:00
HavePortMap : c . portMapper . HaveMapping ( ) ,
2020-03-04 06:21:56 +00:00
}
2020-05-17 17:51:38 +01:00
for rid , d := range report . RegionV4Latency {
ni . DERPLatency [ fmt . Sprintf ( "%d-v4" , rid ) ] = d . Seconds ( )
}
for rid , d := range report . RegionV6Latency {
ni . DERPLatency [ fmt . Sprintf ( "%d-v6" , rid ) ] = d . Seconds ( )
2020-03-04 06:21:56 +00:00
}
ni . WorkingIPv6 . Set ( report . IPv6 )
2022-10-21 20:13:49 +01:00
ni . OSHasIPv6 . Set ( report . OSHasIPv6 )
2020-03-04 06:21:56 +00:00
ni . WorkingUDP . Set ( report . UDP )
2022-08-04 22:10:13 +01:00
ni . WorkingICMPv4 . Set ( report . ICMPv4 )
2020-03-04 06:21:56 +00:00
ni . PreferredDERP = report . PreferredDERP
if ni . PreferredDERP == 0 {
// Perhaps UDP is blocked. Pick a deterministic but arbitrary
// one.
ni . PreferredDERP = c . pickDERPFallback ( )
}
2020-03-04 20:21:40 +00:00
if ! c . setNearestDERP ( ni . PreferredDERP ) {
ni . PreferredDERP = 0
}
2020-03-04 06:21:56 +00:00
// TODO: set link type
c . callNetInfoCallback ( ni )
2020-03-09 22:20:33 +00:00
return report , nil
2020-03-04 06:21:56 +00:00
}
var processStartUnixNano = time . Now ( ) . UnixNano ( )
// pickDERPFallback returns a non-zero but deterministic DERP node to
// connect to. This is only used if netcheck couldn't find the
// nearest one (for instance, if UDP is blocked and thus STUN latency
// checks aren't working).
2020-03-13 15:55:38 +00:00
//
// c.mu must NOT be held.
2020-03-04 06:21:56 +00:00
func ( c * Conn ) pickDERPFallback ( ) int {
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2020-03-04 06:21:56 +00:00
2020-05-17 17:51:38 +01:00
if ! c . wantDerpLocked ( ) {
return 0
}
ids := c . derpMap . RegionIDs ( )
2020-03-09 22:20:33 +00:00
if len ( ids ) == 0 {
2020-05-17 17:51:38 +01:00
// No DERP regions in non-nil map.
2020-03-04 06:21:56 +00:00
return 0
}
2021-08-26 03:39:20 +01:00
// TODO: figure out which DERP region most of our peers are using,
// and use that region as our fallback.
//
// If we already had selected something in the past and it has any
// peers, we want to stay on it. If there are no peers at all,
// stay on whatever DERP we previously picked. If we need to pick
// one and have no peer info, pick a region randomly.
//
// We used to do the above for legacy clients, but never updated
// it for disco.
2020-03-25 18:14:29 +00:00
2021-08-26 03:39:20 +01:00
if c . myDerp != 0 {
2020-03-25 18:14:29 +00:00
return c . myDerp
}
2020-03-04 06:21:56 +00:00
h := fnv . New64 ( )
2022-08-04 05:29:11 +01:00
fmt . Fprintf ( h , "%p/%d" , c , processStartUnixNano ) // arbitrary
2020-03-09 22:20:33 +00:00
return ids [ rand . New ( rand . NewSource ( int64 ( h . Sum64 ( ) ) ) ) . Intn ( len ( ids ) ) ]
2020-03-04 06:21:56 +00:00
}
// callNetInfoCallback calls the NetInfo callback (if previously
// registered with SetNetInfoCallback) if ni has substantially changed
// since the last state.
//
// callNetInfoCallback takes ownership of ni.
2020-03-13 15:55:38 +00:00
//
// c.mu must NOT be held.
2020-03-04 06:21:56 +00:00
func ( c * Conn ) callNetInfoCallback ( ni * tailcfg . NetInfo ) {
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2020-03-04 06:21:56 +00:00
if ni . BasicallyEqual ( c . netInfoLast ) {
return
}
2021-03-09 23:09:10 +00:00
c . callNetInfoCallbackLocked ( ni )
}
func ( c * Conn ) callNetInfoCallbackLocked ( ni * tailcfg . NetInfo ) {
2020-03-04 06:21:56 +00:00
c . netInfoLast = ni
if c . netInfoFunc != nil {
2022-10-04 04:39:45 +01:00
c . dlogf ( "[v1] magicsock: netInfo update: %+v" , ni )
2020-03-04 06:21:56 +00:00
go c . netInfoFunc ( ni )
}
}
2021-01-15 20:50:33 +00:00
// addValidDiscoPathForTest makes addr a validated disco address for
// discoKey. It's used in tests to enable receiving of packets from
// addr without having to spin up the entire active discovery
// machinery.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) addValidDiscoPathForTest ( nodeKey key . NodePublic , addr netip . AddrPort ) {
2021-01-15 20:50:33 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2021-10-18 21:29:09 +01:00
c . peerMap . setNodeKeyForIPPort ( addr , nodeKey )
2021-01-15 20:50:33 +00:00
}
2020-03-04 06:21:56 +00:00
func ( c * Conn ) SetNetInfoCallback ( fn func ( * tailcfg . NetInfo ) ) {
if fn == nil {
panic ( "nil NetInfoCallback" )
}
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
2020-03-04 06:21:56 +00:00
last := c . netInfoLast
c . netInfoFunc = fn
2020-03-13 15:55:38 +00:00
c . mu . Unlock ( )
2020-03-04 06:21:56 +00:00
if last != nil {
fn ( last )
}
}
2021-10-15 22:40:49 +01:00
// LastRecvActivityOfNodeKey describes the time we last got traffic from
2021-01-12 03:07:08 +00:00
// this endpoint (updated every ~10 seconds).
2021-11-02 00:53:40 +00:00
func ( c * Conn ) LastRecvActivityOfNodeKey ( nk key . NodePublic ) string {
2021-01-12 03:07:08 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2021-10-15 22:40:49 +01:00
de , ok := c . peerMap . endpointForNodeKey ( nk )
2021-01-12 03:07:08 +00:00
if ! ok {
2021-07-21 19:04:36 +01:00
return "never"
2021-01-12 03:07:08 +00:00
}
2021-07-21 19:04:36 +01:00
saw := de . lastRecv . LoadAtomic ( )
if saw == 0 {
return "never"
2021-01-12 03:07:08 +00:00
}
2021-07-21 19:04:36 +01:00
return mono . Since ( saw ) . Round ( time . Second ) . String ( )
2020-08-09 22:49:42 +01:00
}
// Ping handles a "tailscale ping" CLI query.
2021-03-23 04:25:43 +00:00
func ( c * Conn ) Ping ( peer * tailcfg . Node , res * ipnstate . PingResult , cb func ( * ipnstate . PingResult ) ) {
2020-08-09 22:49:42 +01:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
if c . privateKey . IsZero ( ) {
res . Err = "local tailscaled stopped"
cb ( res )
return
}
if len ( peer . Addresses ) > 0 {
2022-07-25 04:08:42 +01:00
res . NodeIP = peer . Addresses [ 0 ] . Addr ( ) . String ( )
2020-08-09 22:49:42 +01:00
}
res . NodeName = peer . Name // prefer DNS name
if res . NodeName == "" {
2022-02-15 16:19:44 +00:00
res . NodeName = peer . Hostinfo . Hostname ( ) // else hostname
2020-08-09 22:49:42 +01:00
} else {
2022-03-19 19:42:46 +00:00
res . NodeName , _ , _ = strings . Cut ( res . NodeName , "." )
2020-08-09 22:49:42 +01:00
}
2021-11-02 03:55:52 +00:00
ep , ok := c . peerMap . endpointForNodeKey ( peer . Key )
2020-08-09 22:49:42 +01:00
if ! ok {
2021-09-01 00:55:22 +01:00
res . Err = "unknown peer"
cb ( res )
return
2020-08-09 22:49:42 +01:00
}
2021-09-01 00:55:22 +01:00
ep . cliPing ( res , cb )
2020-08-09 22:49:42 +01:00
}
// c.mu must be held
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) populateCLIPingResponseLocked ( res * ipnstate . PingResult , latency time . Duration , ep netip . AddrPort ) {
2020-08-09 22:49:42 +01:00
res . LatencySeconds = latency . Seconds ( )
2022-07-25 04:08:42 +01:00
if ep . Addr ( ) != derpMagicIPAddr {
2020-08-09 22:49:42 +01:00
res . Endpoint = ep . String ( )
return
}
2021-05-15 02:07:28 +01:00
regionID := int ( ep . Port ( ) )
2020-08-09 22:49:42 +01:00
res . DERPRegionID = regionID
2021-08-23 18:59:07 +01:00
res . DERPRegionCode = c . derpRegionCodeLocked ( regionID )
}
2023-02-21 20:57:08 +00:00
// GetEndpointChanges returns the most recent changes for a particular
// endpoint. The returned EndpointChange structs are for debug use only and
// there are no guarantees about order, size, or content.
func ( c * Conn ) GetEndpointChanges ( peer * tailcfg . Node ) ( [ ] EndpointChange , error ) {
c . mu . Lock ( )
if c . privateKey . IsZero ( ) {
c . mu . Unlock ( )
return nil , fmt . Errorf ( "tailscaled stopped" )
}
ep , ok := c . peerMap . endpointForNodeKey ( peer . Key )
c . mu . Unlock ( )
if ! ok {
return nil , fmt . Errorf ( "unknown peer" )
}
return ep . debugUpdates . GetAll ( ) , nil
}
2021-08-23 18:59:07 +01:00
func ( c * Conn ) derpRegionCodeLocked ( regionID int ) string {
if c . derpMap == nil {
return ""
}
if dr , ok := c . derpMap . Regions [ regionID ] ; ok {
return dr . RegionCode
2020-08-09 22:49:42 +01:00
}
2021-08-23 18:59:07 +01:00
return ""
2020-08-09 22:49:42 +01:00
}
2020-07-06 20:10:39 +01:00
// DiscoPublicKey returns the discovery public key.
2021-10-29 22:27:29 +01:00
func ( c * Conn ) DiscoPublicKey ( ) key . DiscoPublic {
2020-07-06 20:10:39 +01:00
return c . discoPublic
2020-06-19 20:06:49 +01:00
}
2020-03-13 15:55:38 +00:00
// c.mu must NOT be held.
2020-03-04 20:21:40 +00:00
func ( c * Conn ) setNearestDERP ( derpNum int ) ( wantDERP bool ) {
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2020-05-17 17:51:38 +01:00
if ! c . wantDerpLocked ( ) {
2020-03-04 20:21:40 +00:00
c . myDerp = 0
2021-02-25 05:29:51 +00:00
health . SetMagicSockDERPHome ( 0 )
2020-03-04 20:21:40 +00:00
return false
}
2020-03-05 23:00:56 +00:00
if derpNum == c . myDerp {
// No change.
return true
}
2021-11-16 16:34:25 +00:00
if c . myDerp != 0 && derpNum != 0 {
metricDERPHomeChange . Add ( 1 )
}
2020-03-24 15:09:30 +00:00
c . myDerp = derpNum
2021-02-25 05:29:51 +00:00
health . SetMagicSockDERPHome ( derpNum )
2020-03-24 15:09:30 +00:00
if c . privateKey . IsZero ( ) {
// No private key yet, so DERP connections won't come up anyway.
// Return early rather than ultimately log a couple lines of noise.
return true
}
2020-03-19 06:32:31 +00:00
// On change, notify all currently connected DERP servers and
// start connecting to our home DERP if we are not already.
2020-05-28 08:42:03 +01:00
dr := c . derpMap . Regions [ derpNum ]
if dr == nil {
c . logf ( "[unexpected] magicsock: derpMap.Regions[%v] is nil" , derpNum )
} else {
c . logf ( "magicsock: home is now derp-%v (%v)" , derpNum , c . derpMap . Regions [ derpNum ] . RegionCode )
}
2020-03-05 23:00:56 +00:00
for i , ad := range c . activeDerp {
go ad . c . NotePreferred ( i == c . myDerp )
}
2020-04-09 22:21:36 +01:00
c . goDerpConnect ( derpNum )
2020-03-04 20:21:40 +00:00
return true
2020-03-04 01:46:03 +00:00
}
2021-02-10 18:04:42 +00:00
// startDerpHomeConnectLocked starts connecting to our DERP home, if any.
//
// c.mu must be held.
func ( c * Conn ) startDerpHomeConnectLocked ( ) {
c . goDerpConnect ( c . myDerp )
}
2020-04-09 22:21:36 +01:00
// goDerpConnect starts a goroutine to start connecting to the given
// DERP node.
//
// c.mu may be held, but does not need to be.
func ( c * Conn ) goDerpConnect ( node int ) {
if node == 0 {
return
}
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
go c . derpWriteChanOfAddr ( netip . AddrPortFrom ( derpMagicIPAddr , uint16 ( node ) ) , key . NodePublic { } )
2020-04-09 22:21:36 +01:00
}
2020-02-18 16:57:11 +00:00
// determineEndpoints returns the machine's endpoint addresses. It
2020-03-13 15:55:38 +00:00
// does a STUN lookup (via netcheck) to determine its public address.
//
// c.mu must NOT be held.
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
func ( c * Conn ) determineEndpoints ( ctx context . Context ) ( [ ] tailcfg . Endpoint , error ) {
2021-10-22 17:09:37 +01:00
var havePortmap bool
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
var portmapExt netip . AddrPort
2021-10-22 17:09:37 +01:00
if runtime . GOOS != "js" {
portmapExt , havePortmap = c . portMapper . GetCachedMappingOrStartCreatingOne ( )
2021-10-20 20:57:10 +01:00
}
2021-07-09 18:01:50 +01:00
2020-03-13 15:55:38 +00:00
nr , err := c . updateNetInfo ( ctx )
if err != nil {
c . logf ( "magicsock.Conn.determineEndpoints: updateNetInfo: %v" , err )
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
return nil , err
2020-03-13 15:55:38 +00:00
}
2021-10-22 17:09:37 +01:00
if runtime . GOOS == "js" {
// TODO(bradfitz): why does control require an
// endpoint? Otherwise it doesn't stream map responses
// back.
return [ ] tailcfg . Endpoint {
{
2022-07-26 04:55:44 +01:00
Addr : netip . MustParseAddrPort ( "[fe80:123:456:789::1]:12345" ) ,
2021-10-22 17:09:37 +01:00
Type : tailcfg . EndpointLocal ,
} ,
} , nil
}
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
var already map [ netip . AddrPort ] tailcfg . EndpointType // endpoint -> how it was found
2022-04-22 18:40:49 +01:00
var eps [ ] tailcfg . Endpoint // unique endpoints
2020-02-05 22:16:58 +00:00
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
ipp := func ( s string ) ( ipp netip . AddrPort ) {
2022-07-26 04:55:44 +01:00
ipp , _ = netip . ParseAddrPort ( s )
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
return
}
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
addAddr := func ( ipp netip . AddrPort , et tailcfg . EndpointType ) {
2022-09-14 20:49:39 +01:00
if ! ipp . IsValid ( ) || ( debugOmitLocalAddresses ( ) && et == tailcfg . EndpointLocal ) {
2020-07-02 17:53:10 +01:00
return
}
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
if _ , ok := already [ ipp ] ; ! ok {
2022-04-22 04:25:24 +01:00
mak . Set ( & already , ipp , et )
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
eps = append ( eps , tailcfg . Endpoint { Addr : ipp , Type : et } )
2020-02-05 22:16:58 +00:00
}
}
2021-07-09 18:01:50 +01:00
// If we didn't have a portmap earlier, maybe it's done by now.
if ! havePortmap {
portmapExt , havePortmap = c . portMapper . GetCachedMappingOrStartCreatingOne ( )
}
if havePortmap {
addAddr ( portmapExt , tailcfg . EndpointPortmapped )
2021-03-09 23:09:10 +00:00
c . setNetInfoHavePortMap ( )
2021-02-20 06:15:41 +00:00
}
2020-03-09 22:20:33 +00:00
if nr . GlobalV4 != "" {
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
addAddr ( ipp ( nr . GlobalV4 ) , tailcfg . EndpointSTUN )
2020-08-04 17:48:34 +01:00
// If they're behind a hard NAT and are using a fixed
// port locally, assume they might've added a static
// port mapping on their router to the same explicit
// port that tailscaled is running with. Worst case
// it's an invalid candidate mapping.
2022-08-04 05:51:02 +01:00
if port := c . port . Load ( ) ; nr . MappingVariesByDestIP . EqualBool ( true ) && port != 0 {
2020-08-04 17:48:34 +01:00
if ip , _ , err := net . SplitHostPort ( nr . GlobalV4 ) ; err == nil {
2021-06-22 21:00:40 +01:00
addAddr ( ipp ( net . JoinHostPort ( ip , strconv . Itoa ( int ( port ) ) ) ) , tailcfg . EndpointSTUN4LocalPort )
2020-08-04 17:48:34 +01:00
}
}
2020-02-05 22:16:58 +00:00
}
2020-03-19 16:39:00 +00:00
if nr . GlobalV6 != "" {
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
addAddr ( ipp ( nr . GlobalV6 ) , tailcfg . EndpointSTUN )
2020-02-05 22:16:58 +00:00
}
2020-02-18 16:57:11 +00:00
c . ignoreSTUNPackets ( )
2020-02-05 22:16:58 +00:00
2023-04-14 21:37:10 +01:00
// Update our set of endpoints by adding any endpoints that we
// previously found but haven't expired yet. This also updates the
// cache with the set of endpoints discovered in this function.
//
// NOTE: we do this here and not below so that we don't cache local
// endpoints; we know that the local endpoints we discover are all
// possible local endpoints since we determine them by looking at the
// set of addresses on our local interfaces.
//
// TODO(andrew): If we pull in any cached endpoints, we should probably
// do something to ensure we're propagating the removal of those cached
// endpoints if they do actually time out without being rediscovered.
// For now, though, rely on a minor LinkChange event causing this to
// re-run.
eps = c . endpointTracker . update ( time . Now ( ) , eps )
2020-03-19 15:49:30 +00:00
if localAddr := c . pconn4 . LocalAddr ( ) ; localAddr . IP . IsUnspecified ( ) {
2020-03-02 18:38:44 +00:00
ips , loopback , err := interfaces . LocalAddresses ( )
2020-02-05 22:16:58 +00:00
if err != nil {
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
return nil , err
2020-02-05 22:16:58 +00:00
}
2020-05-28 22:16:23 +01:00
if len ( ips ) == 0 && len ( eps ) == 0 {
2020-02-05 22:16:58 +00:00
// Only include loopback addresses if we have no
2020-05-28 22:16:23 +01:00
// interfaces at all to use as endpoints and don't
// have a public IPv4 or IPv6 address. This allows
2020-02-05 22:16:58 +00:00
// for localhost testing when you're on a plane and
// offline, for example.
2020-03-02 18:38:44 +00:00
ips = loopback
}
2021-03-04 06:02:45 +00:00
for _ , ip := range ips {
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
addAddr ( netip . AddrPortFrom ( ip , uint16 ( localAddr . Port ) ) , tailcfg . EndpointLocal )
2020-02-05 22:16:58 +00:00
}
} else {
// Our local endpoint is bound to a particular address.
// Do not offer addresses on other local interfaces.
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
addAddr ( ipp ( localAddr . String ( ) ) , tailcfg . EndpointLocal )
2020-02-05 22:16:58 +00:00
}
// Note: the endpoints are intentionally returned in priority order,
// from "farthest but most reliable" to "closest but least
// reliable." Addresses returned from STUN should be globally
// addressable, but might go farther on the network than necessary.
// Local interface addresses might have lower latency, but not be
// globally addressable.
//
// The STUN address(es) are always first so that legacy wireguard
// can use eps[0] as its only known endpoint address (although that's
// obviously non-ideal).
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
//
// Despite this sorting, though, clients since 0.100 haven't relied
// on the sorting order for any decisions.
return eps , nil
2020-02-05 22:16:58 +00:00
}
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
// endpointSetsEqual reports whether x and y represent the same set of
// endpoints. The order doesn't matter.
2021-03-22 17:23:26 +00:00
//
// It does not mutate the slices.
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
func endpointSetsEqual ( x , y [ ] tailcfg . Endpoint ) bool {
2021-03-22 17:23:26 +00:00
if len ( x ) == len ( y ) {
orderMatches := true
for i := range x {
if x [ i ] != y [ i ] {
orderMatches = false
break
}
}
if orderMatches {
return true
}
}
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
m := map [ tailcfg . Endpoint ] int { }
2021-03-22 17:23:26 +00:00
for _ , v := range x {
m [ v ] |= 1
}
for _ , v := range y {
m [ v ] |= 2
2020-02-05 22:16:58 +00:00
}
2021-03-22 17:23:26 +00:00
for _ , n := range m {
if n != 3 {
2020-02-05 22:16:58 +00:00
return false
}
}
return true
}
2021-02-20 06:15:41 +00:00
// LocalPort returns the current IPv4 listener's port number.
2020-02-05 22:16:58 +00:00
func ( c * Conn ) LocalPort ( ) uint16 {
2021-10-20 20:57:10 +01:00
if runtime . GOOS == "js" {
return 12345
}
2020-03-19 15:49:30 +00:00
laddr := c . pconn4 . LocalAddr ( )
2020-02-05 22:16:58 +00:00
return uint16 ( laddr . Port )
}
2020-10-06 23:22:46 +01:00
var errNetworkDown = errors . New ( "magicsock: network down" )
2022-08-04 05:51:02 +01:00
func ( c * Conn ) networkDown ( ) bool { return ! c . networkUp . Load ( ) }
2020-02-18 21:32:04 +00:00
2023-04-16 16:44:33 +01:00
// Send implements conn.Bind.
//
// See https://pkg.go.dev/golang.zx2c4.com/wireguard/conn#Bind.Send
2022-12-09 01:58:14 +00:00
func ( c * Conn ) Send ( buffs [ ] [ ] byte , ep conn . Endpoint ) error {
n := int64 ( len ( buffs ) )
metricSendData . Add ( n )
2020-10-06 23:22:46 +01:00
if c . networkDown ( ) {
2022-12-09 01:58:14 +00:00
metricSendDataNetworkDown . Add ( n )
2020-10-06 23:22:46 +01:00
return errNetworkDown
}
2022-12-09 01:58:14 +00:00
return ep . ( * endpoint ) . send ( buffs )
2020-02-18 21:32:04 +00:00
}
2020-02-05 22:16:58 +00:00
2020-02-18 21:32:04 +00:00
var errConnClosed = errors . New ( "Conn closed" )
2020-02-05 22:16:58 +00:00
2020-02-18 21:32:04 +00:00
var errDropDerpPacket = errors . New ( "too many DERP packets queued; dropping" )
2021-10-22 17:09:37 +01:00
var errNoUDP = errors . New ( "no UDP available on platform" )
2022-12-09 01:58:14 +00:00
var (
// This acts as a compile-time check for our usage of ipv6.Message in
2023-04-05 00:32:16 +01:00
// batchingUDPConn for both IPv6 and IPv4 operations.
2022-12-09 01:58:14 +00:00
_ ipv6 . Message = ipv4 . Message { }
)
func ( c * Conn ) sendUDPBatch ( addr netip . AddrPort , buffs [ ] [ ] byte ) ( sent bool , err error ) {
isIPv6 := false
switch {
case addr . Addr ( ) . Is4 ( ) :
case addr . Addr ( ) . Is6 ( ) :
isIPv6 = true
default :
panic ( "bogus sendUDPBatch addr type" )
}
if isIPv6 {
2023-04-05 00:32:16 +01:00
err = c . pconn6 . WriteBatchTo ( buffs , addr )
2022-12-09 01:58:14 +00:00
} else {
2023-04-05 00:32:16 +01:00
err = c . pconn4 . WriteBatchTo ( buffs , addr )
}
if err != nil {
var errGSO neterror . ErrUDPGSODisabled
if errors . As ( err , & errGSO ) {
c . logf ( "magicsock: %s" , errGSO . Error ( ) )
err = errGSO . RetryErr
}
2022-12-09 01:58:14 +00:00
}
return err == nil , err
}
2020-06-30 20:22:42 +01:00
// sendUDP sends UDP packet b to ipp.
2020-07-01 22:39:21 +01:00
// See sendAddr's docs on the return value meanings.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) sendUDP ( ipp netip . AddrPort , b [ ] byte ) ( sent bool , err error ) {
2021-10-22 17:09:37 +01:00
if runtime . GOOS == "js" {
return false , errNoUDP
}
2022-07-25 04:08:42 +01:00
sent , err = c . sendUDPStd ( ipp , b )
2020-12-14 02:51:24 +00:00
if err != nil {
metricSendUDPError . Add ( 1 )
} else {
if sent {
metricSendUDP . Add ( 1 )
}
2021-10-18 01:11:27 +01:00
}
return
2020-06-30 20:22:42 +01:00
}
2020-07-01 22:39:21 +01:00
// sendUDP sends UDP packet b to addr.
// See sendAddr's docs on the return value meanings.
2022-07-25 04:08:42 +01:00
func ( c * Conn ) sendUDPStd ( addr netip . AddrPort , b [ ] byte ) ( sent bool , err error ) {
2020-06-30 20:22:42 +01:00
switch {
2022-07-25 04:08:42 +01:00
case addr . Addr ( ) . Is4 ( ) :
_ , err = c . pconn4 . WriteToUDPAddrPort ( b , addr )
2022-08-04 05:51:02 +01:00
if err != nil && ( c . noV4 . Load ( ) || neterror . TreatAsLostUDP ( err ) ) {
2020-07-01 22:39:21 +01:00
return false , nil
2020-05-29 20:40:51 +01:00
}
2022-07-25 04:08:42 +01:00
case addr . Addr ( ) . Is6 ( ) :
_ , err = c . pconn6 . WriteToUDPAddrPort ( b , addr )
2022-08-04 05:51:02 +01:00
if err != nil && ( c . noV6 . Load ( ) || neterror . TreatAsLostUDP ( err ) ) {
2020-07-01 22:39:21 +01:00
return false , nil
2020-05-29 20:40:51 +01:00
}
2020-06-30 20:22:42 +01:00
default :
2020-07-01 22:39:21 +01:00
panic ( "bogus sendUDPStd addr type" )
2020-03-20 20:38:21 +00:00
}
2020-07-01 22:39:21 +01:00
return err == nil , err
2020-03-20 20:38:21 +00:00
}
2020-02-18 21:32:04 +00:00
// sendAddr sends packet b to addr, which is either a real UDP address
// or a fake UDP address representing a DERP server (see derpmap.go).
// The provided public key identifies the recipient.
2020-07-01 22:39:21 +01:00
//
// The returned err is whether there was an error writing when it
// should've worked.
// The returned sent is whether a packet went out at all.
// An example of when they might be different: sending to an
// IPv6 address when the local machine doesn't have IPv6 support
// returns (false, nil); it's not an error, but nothing was sent.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) sendAddr ( addr netip . AddrPort , pubKey key . NodePublic , b [ ] byte ) ( sent bool , err error ) {
2022-07-25 04:08:42 +01:00
if addr . Addr ( ) != derpMagicIPAddr {
2020-03-20 20:38:21 +00:00
return c . sendUDP ( addr , b )
2020-03-04 20:21:40 +00:00
}
2020-03-22 01:24:28 +00:00
ch := c . derpWriteChanOfAddr ( addr , pubKey )
2020-03-04 20:21:40 +00:00
if ch == nil {
2020-12-14 02:51:24 +00:00
metricSendDERPErrorChan . Add ( 1 )
2020-07-01 22:39:21 +01:00
return false , nil
2020-03-04 20:21:40 +00:00
}
2020-03-12 19:05:32 +00:00
// TODO(bradfitz): this makes garbage for now; we could use a
// buffer pool later. Previously we passed ownership of this
// to derpWriteRequest and waited for derphttp.Client.Send to
// complete, but that's too slow while holding wireguard-go
// internal locks.
pkt := make ( [ ] byte , len ( b ) )
copy ( pkt , b )
2020-03-04 20:21:40 +00:00
select {
2021-01-16 03:13:59 +00:00
case <- c . donec :
2020-12-14 02:51:24 +00:00
metricSendDERPErrorClosed . Add ( 1 )
2020-07-01 22:39:21 +01:00
return false , errConnClosed
2020-03-12 19:05:32 +00:00
case ch <- derpWriteRequest { addr , pubKey , pkt } :
2020-12-14 02:51:24 +00:00
metricSendDERPQueued . Add ( 1 )
2020-07-01 22:39:21 +01:00
return true , nil
2020-03-04 20:21:40 +00:00
default :
2020-12-14 02:51:24 +00:00
metricSendDERPErrorQueue . Add ( 1 )
2020-03-04 20:21:40 +00:00
// Too many writes queued. Drop packet.
2020-07-01 22:39:21 +01:00
return false , errDropDerpPacket
2020-02-18 21:32:04 +00:00
}
}
2020-02-05 22:16:58 +00:00
2023-04-03 21:08:29 +01:00
var (
bufferedDerpWrites int
bufferedDerpWritesOnce sync . Once
)
// bufferedDerpWritesBeforeDrop returns how many packets writes can be queued
// up the DERP client to write on the wire before we start dropping.
func bufferedDerpWritesBeforeDrop ( ) int {
// For mobile devices, always return the previous minimum value of 32;
// we can do this outside the sync.Once to avoid that overhead.
if runtime . GOOS == "ios" || runtime . GOOS == "android" {
return 32
}
bufferedDerpWritesOnce . Do ( func ( ) {
// Some rough sizing: for the previous fixed value of 32, the
// total consumed memory can be:
// = numDerpRegions * messages/region * sizeof(message)
//
// For sake of this calculation, assume 100 DERP regions; at
// time of writing (2023-04-03), we have 24.
//
// A reasonable upper bound for the worst-case average size of
// a message is a *disco.CallMeMaybe message with 16 endpoints;
// since sizeof(netip.AddrPort) = 32, that's 512 bytes. Thus:
// = 100 * 32 * 512
// = 1638400 (1.6MiB)
//
// On a reasonably-small node with 4GiB of memory that's
// connected to each region and handling a lot of load, 1.6MiB
// is about 0.04% of the total system memory.
//
// For sake of this calculation, then, let's double that memory
// usage to 0.08% and scale based on total system memory.
//
// For a 16GiB Linux box, this should buffer just over 256
// messages.
systemMemory := sysresources . TotalMemory ( )
memoryUsable := float64 ( systemMemory ) * 0.0008
const (
theoreticalDERPRegions = 100
messageMaximumSizeBytes = 512
)
bufferedDerpWrites = int ( memoryUsable / ( theoreticalDERPRegions * messageMaximumSizeBytes ) )
// Never drop below the previous minimum value.
if bufferedDerpWrites < 32 {
bufferedDerpWrites = 32
}
} )
return bufferedDerpWrites
}
2020-02-18 21:32:04 +00:00
// derpWriteChanOfAddr returns a DERP client for fake UDP addresses that
// represent DERP servers, creating them as necessary. For real UDP
// addresses, it returns nil.
2020-03-22 01:24:28 +00:00
//
// If peer is non-zero, it can be used to find an active reverse
// path, without using addr.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) derpWriteChanOfAddr ( addr netip . AddrPort , peer key . NodePublic ) chan <- derpWriteRequest {
2022-07-25 04:08:42 +01:00
if addr . Addr ( ) != derpMagicIPAddr {
2020-02-18 21:32:04 +00:00
return nil
}
2021-05-15 02:07:28 +01:00
regionID := int ( addr . Port ( ) )
2020-03-22 21:08:59 +00:00
2020-10-06 23:22:46 +01:00
if c . networkDown ( ) {
return nil
}
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2020-05-17 17:51:38 +01:00
if ! c . wantDerpLocked ( ) || c . closed {
2020-03-04 20:21:40 +00:00
return nil
}
2022-09-12 23:45:35 +01:00
if c . derpMap == nil || c . derpMap . Regions [ regionID ] == nil {
return nil
}
2020-02-28 19:13:28 +00:00
if c . privateKey . IsZero ( ) {
2020-03-24 05:11:49 +00:00
c . logf ( "magicsock: DERP lookup of %v with no private key; ignoring" , addr )
2020-02-28 19:13:28 +00:00
return nil
}
2020-03-09 22:20:33 +00:00
2020-03-22 01:24:28 +00:00
// See if we have a connection open to that DERP node ID
// first. If so, might as well use it. (It's a little
// arbitrary whether we use this one vs. the reverse route
// below when we have both.)
2020-05-17 17:51:38 +01:00
ad , ok := c . activeDerp [ regionID ]
2020-03-22 21:08:59 +00:00
if ok {
* ad . lastWrite = time . Now ( )
2020-05-17 17:51:38 +01:00
c . setPeerLastDerpLocked ( peer , regionID , regionID )
2020-03-22 21:08:59 +00:00
return ad . writeCh
}
2020-03-12 18:16:54 +00:00
2020-03-22 01:24:28 +00:00
// If we don't have an open connection to the peer's home DERP
// node, see if we have an open connection to a DERP node
// where we'd heard from that peer already. For instance,
// perhaps peer's home is Frankfurt, but they dialed our home DERP
// node in SF to reach us, so we can reply to them using our
// SF connection rather than dialing Frankfurt. (Issue 150)
2020-08-17 20:56:17 +01:00
if ! peer . IsZero ( ) && useDerpRoute ( ) {
2020-03-22 01:24:28 +00:00
if r , ok := c . derpRoute [ peer ] ; ok {
if ad , ok := c . activeDerp [ r . derpID ] ; ok && ad . c == r . dc {
2020-05-17 17:51:38 +01:00
c . setPeerLastDerpLocked ( peer , r . derpID , regionID )
2020-03-22 01:24:28 +00:00
* ad . lastWrite = time . Now ( )
return ad . writeCh
}
}
}
2020-03-24 15:09:30 +00:00
why := "home-keep-alive"
if ! peer . IsZero ( ) {
2021-10-29 21:15:27 +01:00
why = peer . ShortString ( )
2020-03-24 15:09:30 +00:00
}
2020-05-17 17:51:38 +01:00
c . logf ( "magicsock: adding connection to derp-%v for %v" , regionID , why )
2020-03-23 21:12:23 +00:00
2020-05-14 01:54:27 +01:00
firstDerp := false
2020-03-22 21:08:59 +00:00
if c . activeDerp == nil {
2020-05-14 01:54:27 +01:00
firstDerp = true
2020-03-22 21:08:59 +00:00
c . activeDerp = make ( map [ int ] activeDerp )
c . prevDerp = make ( map [ int ] * syncs . WaitGroupChan )
}
2021-01-10 14:50:35 +00:00
// Note that derphttp.NewRegionClient does not dial the server
2022-01-13 21:37:26 +00:00
// (it doesn't block) so it is safe to do under the c.mu lock.
2023-04-18 00:01:41 +01:00
dc := derphttp . NewRegionClient ( c . privateKey , c . logf , c . netMon , func ( ) * tailcfg . DERPRegion {
2022-01-13 21:37:26 +00:00
// Warning: it is not legal to acquire
// magicsock.Conn.mu from this callback.
// It's run from derphttp.Client.connect (via Send, etc)
// and the lock ordering rules are that magicsock.Conn.mu
// must be acquired before derphttp.Client.mu.
// See https://github.com/tailscale/tailscale/issues/3726
2020-07-27 20:23:14 +01:00
if c . connCtx . Err ( ) != nil {
2022-01-13 21:37:26 +00:00
// We're closing anyway; return nil to stop dialing.
2020-07-27 20:23:14 +01:00
return nil
}
2022-08-04 05:31:40 +01:00
derpMap := c . derpMapAtomic . Load ( )
2022-01-13 21:37:26 +00:00
if derpMap == nil {
2020-05-17 17:51:38 +01:00
return nil
}
2022-01-13 21:37:26 +00:00
return derpMap . Regions [ regionID ]
2020-05-17 17:51:38 +01:00
} )
2020-03-22 01:24:28 +00:00
2021-03-12 17:45:37 +00:00
dc . SetCanAckPings ( true )
2020-05-17 17:51:38 +01:00
dc . NotePreferred ( c . myDerp == regionID )
2022-01-29 22:52:00 +00:00
dc . SetAddressFamilySelector ( derpAddrFamSelector { c } )
2020-03-22 21:08:59 +00:00
dc . DNSCache = dnscache . Get ( )
ctx , cancel := context . WithCancel ( c . connCtx )
2023-04-03 21:08:29 +01:00
ch := make ( chan derpWriteRequest , bufferedDerpWritesBeforeDrop ( ) )
2020-03-22 21:08:59 +00:00
ad . c = dc
ad . writeCh = ch
ad . cancel = cancel
ad . lastWrite = new ( time . Time )
2020-03-23 21:12:23 +00:00
* ad . lastWrite = time . Now ( )
ad . createTime = time . Now ( )
2020-05-17 17:51:38 +01:00
c . activeDerp [ regionID ] = ad
2020-12-14 02:51:24 +00:00
metricNumDERPConns . Set ( int64 ( len ( c . activeDerp ) ) )
2020-03-23 21:12:23 +00:00
c . logActiveDerpLocked ( )
2020-05-17 17:51:38 +01:00
c . setPeerLastDerpLocked ( peer , regionID , regionID )
2021-01-19 23:29:50 +00:00
c . scheduleCleanStaleDerpLocked ( )
2020-03-22 21:08:59 +00:00
// Build a startGate for the derp reader+writer
// goroutines, so they don't start running until any
// previous generation is closed.
startGate := syncs . ClosedChan ( )
2020-05-17 17:51:38 +01:00
if prev := c . prevDerp [ regionID ] ; prev != nil {
2020-03-22 21:08:59 +00:00
startGate = prev . DoneChan ( )
}
// And register a WaitGroup(Chan) for this generation.
wg := syncs . NewWaitGroupChan ( )
wg . Add ( 2 )
2020-05-17 17:51:38 +01:00
c . prevDerp [ regionID ] = wg
2020-03-22 21:08:59 +00:00
2020-05-14 18:01:48 +01:00
if firstDerp {
startGate = c . derpStarted
go func ( ) {
dc . Connect ( ctx )
2020-05-14 01:54:27 +01:00
close ( c . derpStarted )
2020-08-04 17:36:38 +01:00
c . muCond . Broadcast ( )
2020-05-14 18:01:48 +01:00
} ( )
}
go c . runDerpReader ( ctx , addr , dc , wg , startGate )
2020-06-30 20:22:42 +01:00
go c . runDerpWriter ( ctx , dc , ch , wg , startGate )
2020-08-25 21:21:29 +01:00
go c . derpActiveFunc ( )
2020-03-22 21:08:59 +00:00
2020-03-05 16:54:08 +00:00
return ad . writeCh
2020-02-18 21:32:04 +00:00
}
2020-02-05 22:16:58 +00:00
2020-03-24 15:09:30 +00:00
// setPeerLastDerpLocked notes that peer is now being written to via
2020-05-17 17:51:38 +01:00
// the provided DERP regionID, and that the peer advertises a DERP
// home region ID of homeID.
2020-03-24 15:09:30 +00:00
//
// If there's any change, it logs.
//
2020-03-23 21:12:23 +00:00
// c.mu must be held.
2021-10-29 21:15:27 +01:00
func ( c * Conn ) setPeerLastDerpLocked ( peer key . NodePublic , regionID , homeID int ) {
2020-03-23 21:12:23 +00:00
if peer . IsZero ( ) {
return
}
old := c . peerLastDerp [ peer ]
2020-05-17 17:51:38 +01:00
if old == regionID {
2020-03-23 21:12:23 +00:00
return
}
2020-05-17 17:51:38 +01:00
c . peerLastDerp [ peer ] = regionID
2020-03-23 21:12:23 +00:00
2020-03-24 15:09:30 +00:00
var newDesc string
switch {
2020-05-17 17:51:38 +01:00
case regionID == homeID && regionID == c . myDerp :
2020-03-24 15:09:30 +00:00
newDesc = "shared home"
2020-05-17 17:51:38 +01:00
case regionID == homeID :
2020-03-24 15:09:30 +00:00
newDesc = "their home"
2020-05-17 17:51:38 +01:00
case regionID == c . myDerp :
2020-03-24 15:09:30 +00:00
newDesc = "our home"
2020-05-17 17:51:38 +01:00
case regionID != homeID :
2020-03-24 15:09:30 +00:00
newDesc = "alt"
}
if old == 0 {
2021-10-29 21:15:27 +01:00
c . logf ( "[v1] magicsock: derp route for %s set to derp-%d (%s)" , peer . ShortString ( ) , regionID , newDesc )
2020-03-24 15:09:30 +00:00
} else {
2021-10-29 21:15:27 +01:00
c . logf ( "[v1] magicsock: derp route for %s changed from derp-%d => derp-%d (%s)" , peer . ShortString ( ) , old , regionID , newDesc )
2020-03-24 15:09:30 +00:00
}
2020-03-23 21:12:23 +00:00
}
2020-02-18 21:32:04 +00:00
// derpReadResult is the type sent by runDerpClient to ReceiveIPv4
// when a DERP packet is available.
2020-03-04 17:35:32 +00:00
//
// Notably, it doesn't include the derp.ReceivedPacket because we
// don't want to give the receiver access to the aliased []byte. To
// get at the packet contents they need to call copyBuf to copy it
// out, which also releases the buffer.
2020-02-18 21:32:04 +00:00
type derpReadResult struct {
2020-06-30 20:22:42 +01:00
regionID int
2021-10-16 00:42:24 +01:00
n int // length of data received
2021-10-29 21:15:27 +01:00
src key . NodePublic
2020-02-18 21:32:04 +00:00
// copyBuf is called to copy the data to dst. It returns how
// much data was copied, which will be n if dst is large
2020-03-04 17:35:32 +00:00
// enough. copyBuf can only be called once.
2021-02-07 06:39:58 +00:00
// If copyBuf is nil, that's a signal from the sender to ignore
// this message.
2020-02-18 21:32:04 +00:00
copyBuf func ( dst [ ] byte ) int
}
// runDerpReader runs in a goroutine for the life of a DERP
// connection, handling received packets.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) runDerpReader ( ctx context . Context , derpFakeAddr netip . AddrPort , dc * derphttp . Client , wg * syncs . WaitGroupChan , startGate <- chan struct { } ) {
2020-03-12 18:16:54 +00:00
defer wg . Decr ( )
defer dc . Close ( )
select {
case <- startGate :
case <- ctx . Done ( ) :
return
}
2020-02-18 21:32:04 +00:00
didCopy := make ( chan struct { } , 1 )
2021-05-15 02:07:28 +01:00
regionID := int ( derpFakeAddr . Port ( ) )
2020-06-30 20:22:42 +01:00
res := derpReadResult { regionID : regionID }
2020-03-04 17:35:32 +00:00
var pkt derp . ReceivedPacket
res . copyBuf = func ( dst [ ] byte ) int {
n := copy ( dst , pkt . Data )
2020-02-18 21:32:04 +00:00
didCopy <- struct { } { }
return n
}
2021-02-25 05:29:51 +00:00
defer health . SetDERPRegionConnectedState ( regionID , false )
2021-09-02 03:27:22 +01:00
defer health . SetDERPRegionHealth ( regionID , "" )
2021-02-25 05:29:51 +00:00
2020-03-22 01:24:28 +00:00
// peerPresent is the set of senders we know are present on this
// connection, based on messages we've received from the server.
2021-10-29 21:15:27 +01:00
peerPresent := map [ key . NodePublic ] bool { }
2020-10-19 23:11:40 +01:00
bo := backoff . NewBackoff ( fmt . Sprintf ( "derp-%d" , regionID ) , c . logf , 5 * time . Second )
2021-02-25 05:29:51 +00:00
var lastPacketTime time . Time
2022-01-13 22:01:49 +00:00
var lastPacketSrc key . NodePublic
2021-02-25 05:29:51 +00:00
2020-02-18 21:32:04 +00:00
for {
2021-03-04 17:19:45 +00:00
msg , connGen , err := dc . RecvDetail ( )
2020-02-18 21:32:04 +00:00
if err != nil {
2021-02-25 05:29:51 +00:00
health . SetDERPRegionConnectedState ( regionID , false )
2020-03-22 01:24:28 +00:00
// Forget that all these peers have routes.
for peer := range peerPresent {
delete ( peerPresent , peer )
2020-06-30 20:22:42 +01:00
c . removeDerpPeerRoute ( peer , regionID , dc )
2020-03-22 01:24:28 +00:00
}
2020-10-06 23:22:46 +01:00
if err == derphttp . ErrClientClosed {
return
}
if c . networkDown ( ) {
2020-12-21 18:58:06 +00:00
c . logf ( "[v1] magicsock: derp.Recv(derp-%d): network down, closing" , regionID )
2020-10-06 23:22:46 +01:00
return
}
2020-02-18 21:32:04 +00:00
select {
2020-02-28 19:13:28 +00:00
case <- ctx . Done ( ) :
return
2020-02-18 21:32:04 +00:00
default :
}
2020-10-19 23:11:40 +01:00
2020-06-30 20:22:42 +01:00
c . logf ( "magicsock: [%p] derp.Recv(derp-%d): %v" , dc , regionID , err )
2020-07-16 16:21:34 +01:00
2020-10-19 23:11:40 +01:00
// If our DERP connection broke, it might be because our network
// conditions changed. Start that check.
c . ReSTUN ( "derp-recv-error" )
// Back off a bit before reconnecting.
bo . BackOff ( ctx , err )
2020-07-16 15:44:57 +01:00
select {
case <- ctx . Done ( ) :
return
2020-10-19 23:11:40 +01:00
default :
2020-07-16 15:44:57 +01:00
}
2020-02-18 21:32:04 +00:00
continue
}
2020-10-19 23:11:40 +01:00
bo . BackOff ( ctx , nil ) // reset
2021-02-25 05:29:51 +00:00
now := time . Now ( )
if lastPacketTime . IsZero ( ) || now . Sub ( lastPacketTime ) > 5 * time . Second {
health . NoteDERPRegionReceivedFrame ( regionID )
lastPacketTime = now
}
2020-02-21 03:10:54 +00:00
switch m := msg . ( type ) {
2021-03-04 17:19:45 +00:00
case derp . ServerInfoMessage :
2021-02-25 05:29:51 +00:00
health . SetDERPRegionConnectedState ( regionID , true )
2021-09-02 03:27:22 +01:00
health . SetDERPRegionHealth ( regionID , "" ) // until declared otherwise
2021-03-04 17:19:45 +00:00
c . logf ( "magicsock: derp-%d connected; connGen=%v" , regionID , connGen )
continue
2020-02-21 03:10:54 +00:00
case derp . ReceivedPacket :
2020-03-04 17:35:32 +00:00
pkt = m
res . n = len ( m . Data )
2021-10-29 21:15:27 +01:00
res . src = m . Source
2022-09-14 20:49:39 +01:00
if logDerpVerbose ( ) {
2020-06-30 20:22:42 +01:00
c . logf ( "magicsock: got derp-%v packet: %q" , regionID , m . Data )
2020-03-04 17:35:32 +00:00
}
2020-03-22 01:24:28 +00:00
// If this is a new sender we hadn't seen before, remember it and
// register a route for this peer.
2022-01-13 22:01:49 +00:00
if res . src != lastPacketSrc { // avoid map lookup w/ high throughput single peer
lastPacketSrc = res . src
if _ , ok := peerPresent [ res . src ] ; ! ok {
peerPresent [ res . src ] = true
c . addDerpPeerRoute ( res . src , regionID , dc )
}
2020-03-22 01:24:28 +00:00
}
2021-03-09 20:53:02 +00:00
case derp . PingMessage :
// Best effort reply to the ping.
pingData := [ 8 ] byte ( m )
go func ( ) {
if err := dc . SendPong ( pingData ) ; err != nil {
c . logf ( "magicsock: derp-%d SendPong error: %v" , regionID , err )
}
} ( )
continue
2021-09-02 03:27:22 +01:00
case derp . HealthMessage :
health . SetDERPRegionHealth ( regionID , m . Problem )
2022-01-13 21:56:40 +00:00
case derp . PeerGoneMessage :
2023-03-25 02:11:48 +00:00
switch m . Reason {
case derp . PeerGoneReasonDisconnected :
// Do nothing.
case derp . PeerGoneReasonNotHere :
metricRecvDiscoDERPPeerNotHere . Add ( 1 )
c . logf ( "[unexpected] magicsock: derp-%d does not know about peer %s, removing route" ,
regionID , key . NodePublic ( m . Peer ) . ShortString ( ) )
default :
metricRecvDiscoDERPPeerGoneUnknown . Add ( 1 )
c . logf ( "[unexpected] magicsock: derp-%d peer %s gone, reason %v, removing route" ,
regionID , key . NodePublic ( m . Peer ) . ShortString ( ) , m . Reason )
}
c . removeDerpPeerRoute ( key . NodePublic ( m . Peer ) , regionID , dc )
2020-02-21 03:10:54 +00:00
default :
// Ignore.
continue
}
2021-01-18 16:39:52 +00:00
2021-03-24 16:41:57 +00:00
select {
case <- ctx . Done ( ) :
2021-02-07 05:27:02 +00:00
return
2021-03-24 16:41:57 +00:00
case c . derpRecvCh <- res :
2021-02-07 05:27:02 +00:00
}
2021-03-24 16:41:57 +00:00
2020-02-18 21:32:04 +00:00
select {
2020-03-12 18:16:54 +00:00
case <- ctx . Done ( ) :
2020-02-18 21:32:04 +00:00
return
2021-02-07 05:27:02 +00:00
case <- didCopy :
continue
2020-02-18 21:32:04 +00:00
}
}
}
type derpWriteRequest struct {
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
addr netip . AddrPort
2021-10-29 21:15:27 +01:00
pubKey key . NodePublic
2020-03-12 19:05:32 +00:00
b [ ] byte // copied; ownership passed to receiver
2020-02-18 21:32:04 +00:00
}
// runDerpWriter runs in a goroutine for the life of a DERP
// connection, handling received packets.
2020-06-30 20:22:42 +01:00
func ( c * Conn ) runDerpWriter ( ctx context . Context , dc * derphttp . Client , ch <- chan derpWriteRequest , wg * syncs . WaitGroupChan , startGate <- chan struct { } ) {
2020-03-12 18:16:54 +00:00
defer wg . Decr ( )
select {
case <- startGate :
case <- ctx . Done ( ) :
return
}
2020-02-18 21:32:04 +00:00
for {
select {
2020-02-28 19:13:28 +00:00
case <- ctx . Done ( ) :
return
2020-02-18 21:32:04 +00:00
case wr := <- ch :
2021-10-29 21:15:27 +01:00
err := dc . Send ( wr . pubKey , wr . b )
2020-02-18 21:32:04 +00:00
if err != nil {
2020-03-07 21:11:52 +00:00
c . logf ( "magicsock: derp.Send(%v): %v" , wr . addr , err )
2021-11-16 16:34:25 +00:00
metricSendDERPError . Add ( 1 )
} else {
metricSendDERP . Add ( 1 )
2020-02-18 21:32:04 +00:00
}
}
}
2020-02-05 22:16:58 +00:00
}
2022-12-09 01:58:14 +00:00
type receiveBatch struct {
msgs [ ] ipv6 . Message
}
2023-04-05 00:32:16 +01:00
func ( c * Conn ) getReceiveBatchForBuffs ( buffs [ ] [ ] byte ) * receiveBatch {
2022-12-09 01:58:14 +00:00
batch := c . receiveBatchPool . Get ( ) . ( * receiveBatch )
2023-04-05 00:32:16 +01:00
for i := range buffs {
batch . msgs [ i ] . Buffers [ 0 ] = buffs [ i ]
batch . msgs [ i ] . OOB = batch . msgs [ i ] . OOB [ : cap ( batch . msgs [ i ] . OOB ) ]
}
2022-12-09 01:58:14 +00:00
return batch
}
func ( c * Conn ) putReceiveBatch ( batch * receiveBatch ) {
for i := range batch . msgs {
2023-04-05 00:32:16 +01:00
batch . msgs [ i ] = ipv6 . Message { Buffers : batch . msgs [ i ] . Buffers , OOB : batch . msgs [ i ] . OOB }
2022-12-09 01:58:14 +00:00
}
c . receiveBatchPool . Put ( batch )
}
2023-04-14 16:09:09 +01:00
// receiveIPv4 creates an IPv4 ReceiveFunc reading from c.pconn4.
func ( c * Conn ) receiveIPv4 ( ) conn . ReceiveFunc {
return c . mkReceiveFunc ( & c . pconn4 , & health . ReceiveIPv4 , metricRecvDataIPv4 )
}
2022-12-09 01:58:14 +00:00
2023-04-14 16:09:09 +01:00
// receiveIPv6 creates an IPv6 ReceiveFunc reading from c.pconn6.
func ( c * Conn ) receiveIPv6 ( ) conn . ReceiveFunc {
return c . mkReceiveFunc ( & c . pconn6 , & health . ReceiveIPv6 , metricRecvDataIPv6 )
}
2022-12-09 01:58:14 +00:00
2023-04-14 16:09:09 +01:00
// mkReceiveFunc creates a ReceiveFunc reading from ruc.
// The provided healthItem and metric are updated if non-nil.
func ( c * Conn ) mkReceiveFunc ( ruc * RebindingUDPConn , healthItem * health . ReceiveFuncStats , metric * clientmetric . Metric ) conn . ReceiveFunc {
// epCache caches an IPPort->endpoint for hot flows.
var epCache ippEndpointCache
2022-12-09 01:58:14 +00:00
2023-04-14 16:09:09 +01:00
return func ( buffs [ ] [ ] byte , sizes [ ] int , eps [ ] conn . Endpoint ) ( int , error ) {
if healthItem != nil {
healthItem . Enter ( )
defer healthItem . Exit ( )
}
if ruc == nil {
panic ( "nil RebindingUDPConn" )
2020-06-30 20:22:42 +01:00
}
2022-12-09 01:58:14 +00:00
2023-04-14 16:09:09 +01:00
batch := c . getReceiveBatchForBuffs ( buffs )
defer c . putReceiveBatch ( batch )
for {
numMsgs , err := ruc . ReadBatch ( batch . msgs [ : len ( buffs ) ] , 0 )
if err != nil {
if neterror . PacketWasTruncated ( err ) {
continue
}
return 0 , err
2022-12-09 01:58:14 +00:00
}
2023-04-14 16:09:09 +01:00
reportToCaller := false
for i , msg := range batch . msgs [ : numMsgs ] {
if msg . N == 0 {
sizes [ i ] = 0
continue
}
ipp := msg . Addr . ( * net . UDPAddr ) . AddrPort ( )
if ep , ok := c . receiveIP ( msg . Buffers [ 0 ] [ : msg . N ] , ipp , & epCache ) ; ok {
if metric != nil {
metric . Add ( 1 )
}
eps [ i ] = ep
sizes [ i ] = msg . N
reportToCaller = true
} else {
sizes [ i ] = 0
}
2023-04-05 00:32:16 +01:00
}
2023-04-14 16:09:09 +01:00
if reportToCaller {
return numMsgs , nil
2022-12-09 01:58:14 +00:00
}
2020-02-18 21:32:04 +00:00
}
2021-01-18 16:39:52 +00:00
}
}
2020-03-07 01:50:36 +00:00
2021-01-18 16:39:52 +00:00
// receiveIP is the shared bits of ReceiveIPv4 and ReceiveIPv6.
2021-02-04 02:15:01 +00:00
//
// ok is whether this read should be reported up to wireguard-go (our
// caller).
2023-01-28 05:04:32 +00:00
func ( c * Conn ) receiveIP ( b [ ] byte , ipp netip . AddrPort , cache * ippEndpointCache ) ( ep * endpoint , ok bool ) {
2021-01-18 16:39:52 +00:00
if stun . Is ( b ) {
2022-08-04 18:43:49 +01:00
c . stunReceiveFunc . Load ( ) ( b , ipp )
2021-01-19 18:57:30 +00:00
return nil , false
2021-01-18 16:39:52 +00:00
}
2023-04-05 00:32:16 +01:00
if c . handleDiscoMessage ( b , ipp , key . NodePublic { } , discoRXPathUDP ) {
2021-01-19 18:57:30 +00:00
return nil , false
2021-01-18 16:39:52 +00:00
}
2022-08-04 05:51:02 +01:00
if ! c . havePrivateKey . Load ( ) {
2021-02-04 02:15:01 +00:00
// If we have no private key, we're logged out or
2021-03-24 16:41:57 +00:00
// stopped. Don't try to pass these wireguard packets
// up to wireguard-go; it'll just complain (issue 1167).
2021-02-04 02:15:01 +00:00
return nil , false
}
2021-01-18 23:27:44 +00:00
if cache . ipp == ipp && cache . de != nil && cache . gen == cache . de . numStopAndReset ( ) {
ep = cache . de
} else {
2021-08-26 06:15:48 +01:00
c . mu . Lock ( )
2021-08-26 06:20:31 +01:00
de , ok := c . peerMap . endpointForIPPort ( ipp )
2021-08-26 06:15:48 +01:00
c . mu . Unlock ( )
2021-08-26 03:39:20 +01:00
if ! ok {
2021-01-19 18:57:30 +00:00
return nil , false
2021-01-18 23:27:44 +00:00
}
2021-08-26 03:39:20 +01:00
cache . ipp = ipp
cache . de = de
cache . gen = de . numStopAndReset ( )
ep = de
2021-01-18 16:39:52 +00:00
}
2021-09-01 03:06:04 +01:00
ep . noteRecvActivity ( )
2022-11-28 23:59:33 +00:00
if stats := c . stats . Load ( ) ; stats != nil {
stats . UpdateRxPhysical ( ep . nodeAddr , ipp , len ( b ) )
2022-10-28 00:26:52 +01:00
}
2021-01-18 16:39:52 +00:00
return ep , true
}
2022-12-09 01:58:14 +00:00
func ( c * connBind ) receiveDERP ( buffs [ ] [ ] byte , sizes [ ] int , eps [ ] conn . Endpoint ) ( int , error ) {
2021-04-27 01:08:05 +01:00
health . ReceiveDERP . Enter ( )
defer health . ReceiveDERP . Exit ( )
2022-12-09 01:58:14 +00:00
2021-03-24 16:41:57 +00:00
for dm := range c . derpRecvCh {
2023-04-16 16:44:33 +01:00
if c . isClosed ( ) {
2021-03-24 16:41:57 +00:00
break
}
2022-12-09 01:58:14 +00:00
n , ep := c . processDERPReadResult ( dm , buffs [ 0 ] )
2021-03-24 16:41:57 +00:00
if n == 0 {
// No data read occurred. Wait for another packet.
continue
}
2020-12-14 02:51:24 +00:00
metricRecvDataDERP . Add ( 1 )
2022-12-09 01:58:14 +00:00
sizes [ 0 ] = n
eps [ 0 ] = ep
return 1 , nil
2021-02-07 06:39:58 +00:00
}
2022-12-09 01:58:14 +00:00
return 0 , net . ErrClosed
2021-03-24 16:41:57 +00:00
}
2021-08-26 06:20:31 +01:00
func ( c * Conn ) processDERPReadResult ( dm derpReadResult , b [ ] byte ) ( n int , ep * endpoint ) {
2021-02-07 06:39:58 +00:00
if dm . copyBuf == nil {
2021-03-24 16:41:57 +00:00
return 0 , nil
2021-02-07 06:39:58 +00:00
}
2021-01-18 16:39:52 +00:00
var regionID int
n , regionID = dm . n , dm . regionID
ncopy := dm . copyBuf ( b )
if ncopy != n {
2021-03-24 16:41:57 +00:00
err := fmt . Errorf ( "received DERP packet of length %d that's too big for WireGuard buf size %d" , n , ncopy )
2021-01-18 16:39:52 +00:00
c . logf ( "magicsock: %v" , err )
2021-03-24 16:41:57 +00:00
return 0 , nil
2020-03-19 16:39:00 +00:00
}
2021-01-18 16:39:52 +00:00
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
ipp := netip . AddrPortFrom ( derpMagicIPAddr , uint16 ( regionID ) )
2023-04-05 00:32:16 +01:00
if c . handleDiscoMessage ( b [ : n ] , ipp , dm . src , discoRXPathDERP ) {
2021-03-24 16:41:57 +00:00
return 0 , nil
2021-01-18 16:39:52 +00:00
}
2021-08-26 03:39:20 +01:00
var ok bool
2021-09-01 00:55:22 +01:00
c . mu . Lock ( )
2021-11-02 00:53:40 +00:00
ep , ok = c . peerMap . endpointForNodeKey ( dm . src )
2021-09-01 00:55:22 +01:00
c . mu . Unlock ( )
2021-08-26 03:39:20 +01:00
if ! ok {
2021-09-01 00:55:22 +01:00
// We don't know anything about this node key, nothing to
// record or process.
return 0 , nil
2021-01-18 16:39:52 +00:00
}
2021-09-01 03:06:04 +01:00
ep . noteRecvActivity ( )
2022-11-28 23:59:33 +00:00
if stats := c . stats . Load ( ) ; stats != nil {
stats . UpdateRxPhysical ( ep . nodeAddr , ipp , dm . n )
2022-10-28 00:26:52 +01:00
}
2021-03-24 16:41:57 +00:00
return n , ep
2020-02-05 22:16:58 +00:00
}
2020-07-18 21:50:08 +01:00
// discoLogLevel controls the verbosity of discovery log messages.
type discoLogLevel int
const (
// discoLog means that a message should be logged.
discoLog discoLogLevel = iota
// discoVerboseLog means that a message should only be logged
// in TS_DEBUG_DISCO mode.
discoVerboseLog
)
2022-12-21 03:29:25 +00:00
// TS_DISCO_PONG_IPV4_DELAY, if set, is a time.Duration string that is how much
// fake latency to add before replying to disco pings. This can be used to bias
// peers towards using IPv6 when both IPv4 and IPv6 are available at similar
// speeds.
var debugIPv4DiscoPingPenalty = envknob . RegisterDuration ( "TS_DISCO_PONG_IPV4_DELAY" )
2021-10-16 05:44:52 +01:00
// sendDiscoMessage sends discovery message m to dstDisco at dst.
//
// If dst is a DERP IP:port, then dstKey must be non-zero.
//
// The dstKey should only be non-zero if the dstDisco key
// unambiguously maps to exactly one peer.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) sendDiscoMessage ( dst netip . AddrPort , dstKey key . NodePublic , dstDisco key . DiscoPublic , m disco . Message , logLevel discoLogLevel ) ( sent bool , err error ) {
2022-12-21 03:29:25 +00:00
isDERP := dst . Addr ( ) == derpMagicIPAddr
if _ , isPong := m . ( * disco . Pong ) ; isPong && ! isDERP && dst . Addr ( ) . Is4 ( ) {
time . Sleep ( debugIPv4DiscoPingPenalty ( ) )
}
2020-07-01 20:56:17 +01:00
c . mu . Lock ( )
2020-07-09 00:50:31 +01:00
if c . closed {
c . mu . Unlock ( )
2020-07-30 21:59:23 +01:00
return false , errConnClosed
2020-07-09 00:50:31 +01:00
}
2020-07-01 20:56:17 +01:00
var nonce [ disco . NonceLen ] byte
if _ , err := crand . Read ( nonce [ : ] ) ; err != nil {
panic ( err ) // worth dying for
}
pkt := make ( [ ] byte , 0 , 512 ) // TODO: size it correctly? pool? if it matters.
pkt = append ( pkt , disco . Magic ... )
2021-10-29 22:27:29 +01:00
pkt = c . discoPublic . AppendTo ( pkt )
2021-10-16 04:45:33 +01:00
di := c . discoInfoLocked ( dstDisco )
2020-07-01 20:56:17 +01:00
c . mu . Unlock ( )
2020-12-14 02:51:24 +00:00
if isDERP {
metricSendDiscoDERP . Add ( 1 )
} else {
metricSendDiscoUDP . Add ( 1 )
}
2021-10-29 22:27:29 +01:00
box := di . sharedKey . Seal ( m . AppendMarshal ( nil ) )
pkt = append ( pkt , box ... )
2021-11-02 00:53:40 +00:00
sent , err = c . sendAddr ( dst , dstKey , pkt )
2020-07-01 22:39:21 +01:00
if sent {
2022-09-14 20:49:39 +01:00
if logLevel == discoLog || ( logLevel == discoVerboseLog && debugDisco ( ) ) {
2021-10-16 05:44:52 +01:00
node := "?"
if ! dstKey . IsZero ( ) {
node = dstKey . ShortString ( )
}
2022-10-04 04:39:45 +01:00
c . dlogf ( "[v1] magicsock: disco: %v->%v (%v, %v) sent %v" , c . discoShort , dstDisco . ShortString ( ) , node , derpStr ( dst . String ( ) ) , disco . MessageSummary ( m ) )
2020-07-18 21:50:08 +01:00
}
2020-12-14 02:51:24 +00:00
if isDERP {
metricSentDiscoDERP . Add ( 1 )
} else {
metricSentDiscoUDP . Add ( 1 )
}
2021-12-20 17:29:31 +00:00
switch m . ( type ) {
case * disco . Ping :
metricSentDiscoPing . Add ( 1 )
case * disco . Pong :
metricSentDiscoPong . Add ( 1 )
case * disco . CallMeMaybe :
metricSentDiscoCallMeMaybe . Add ( 1 )
}
2020-07-01 22:39:21 +01:00
} else if err == nil {
2020-07-02 18:48:13 +01:00
// Can't send. (e.g. no IPv6 locally)
2020-07-01 22:39:21 +01:00
} else {
2020-10-06 23:22:46 +01:00
if ! c . networkDown ( ) {
c . logf ( "magicsock: disco: failed to send %T to %v: %v" , m , dst , err )
}
2020-07-01 22:39:21 +01:00
}
return sent , err
2020-07-01 20:56:17 +01:00
}
2023-02-08 23:48:27 +00:00
// discoPcapFrame marshals the bytes for a pcap record that describe a
// disco frame.
//
// Warning: Alloc garbage. Acceptable while capturing.
func discoPcapFrame ( src netip . AddrPort , derpNodeSrc key . NodePublic , payload [ ] byte ) [ ] byte {
var (
b bytes . Buffer
flag uint8
)
b . Grow ( 128 ) // Most disco frames will probably be smaller than this.
if src . Addr ( ) == derpMagicIPAddr {
flag |= 0x01
}
b . WriteByte ( flag ) // 1b: flag
derpSrc := derpNodeSrc . Raw32 ( )
b . Write ( derpSrc [ : ] ) // 32b: derp public key
binary . Write ( & b , binary . LittleEndian , uint16 ( src . Port ( ) ) ) // 2b: port
addr , _ := src . Addr ( ) . MarshalBinary ( )
binary . Write ( & b , binary . LittleEndian , uint16 ( len ( addr ) ) ) // 2b: len(addr)
b . Write ( addr ) // Xb: addr
binary . Write ( & b , binary . LittleEndian , uint16 ( len ( payload ) ) ) // 2b: len(payload)
b . Write ( payload ) // Xb: payload
return b . Bytes ( )
}
2023-04-05 00:32:16 +01:00
type discoRXPath string
const (
discoRXPathUDP discoRXPath = "UDP socket"
discoRXPathDERP discoRXPath = "DERP"
discoRXPathRawSocket discoRXPath = "raw socket"
)
2021-02-04 02:15:01 +00:00
// handleDiscoMessage handles a discovery message and reports whether
// msg was a Tailscale inter-node discovery message.
2020-06-26 22:38:53 +01:00
//
// A discovery message has the form:
//
2022-08-02 17:33:46 +01:00
// - magic [6]byte
// - senderDiscoPubKey [32]byte
// - nonce [24]byte
// - naclbox of payload (see tailscale.com/disco package for inner payload format)
2020-06-30 20:22:42 +01:00
//
2022-07-25 04:08:42 +01:00
// For messages received over DERP, the src.Addr() will be derpMagicIP (with
2021-10-16 00:42:24 +01:00
// src.Port() being the region ID) and the derpNodeSrc will be the node key
// it was received from at the DERP layer. derpNodeSrc is zero when received
// over UDP.
2023-04-05 00:32:16 +01:00
func ( c * Conn ) handleDiscoMessage ( msg [ ] byte , src netip . AddrPort , derpNodeSrc key . NodePublic , via discoRXPath ) ( isDiscoMsg bool ) {
2021-10-30 01:35:51 +01:00
const headerLen = len ( disco . Magic ) + key . DiscoPublicRawLen
2020-07-01 20:56:17 +01:00
if len ( msg ) < headerLen || string ( msg [ : len ( disco . Magic ) ] ) != disco . Magic {
2020-06-26 22:38:53 +01:00
return false
}
2021-02-04 02:15:01 +00:00
// If the first four parts are the prefix of disco.Magic
2022-05-04 20:10:17 +01:00
// (0x5453f09f) then it's definitely not a valid WireGuard
2021-02-04 02:15:01 +00:00
// packet (which starts with little-endian uint32 1, 2, 3, 4).
// Use naked returns for all following paths.
isDiscoMsg = true
2021-10-30 01:35:51 +01:00
sender := key . DiscoPublicFromRaw32 ( mem . B ( msg [ len ( disco . Magic ) : headerLen ] ) )
2020-06-26 22:38:53 +01:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2020-07-09 00:50:31 +01:00
if c . closed {
2021-02-04 02:15:01 +00:00
return
2020-07-09 00:50:31 +01:00
}
2022-09-14 20:49:39 +01:00
if debugDisco ( ) {
2023-04-05 00:32:16 +01:00
c . logf ( "magicsock: disco: got disco-looking frame from %v via %s" , sender . ShortString ( ) , via )
2020-07-01 20:56:17 +01:00
}
2020-07-30 21:48:32 +01:00
if c . privateKey . IsZero ( ) {
// Ignore disco messages when we're stopped.
2021-02-04 02:15:01 +00:00
// Still return true, to not pass it down to wireguard.
return
2020-07-30 21:48:32 +01:00
}
2020-06-26 22:38:53 +01:00
2021-10-16 03:22:30 +01:00
if ! c . peerMap . anyEndpointForDiscoKey ( sender ) {
2020-12-14 02:51:24 +00:00
metricRecvDiscoBadPeer . Add ( 1 )
2022-09-14 20:49:39 +01:00
if debugDisco ( ) {
2021-09-01 00:55:22 +01:00
c . logf ( "magicsock: disco: ignoring disco-looking frame, don't know endpoint for %v" , sender . ShortString ( ) )
2020-07-01 20:56:17 +01:00
}
2021-02-04 02:15:01 +00:00
return
2020-06-26 22:38:53 +01:00
}
2021-08-26 03:39:20 +01:00
// We're now reasonably sure we're expecting communication from
// this peer, do the heavy crypto lifting to see what they want.
//
// From here on, peerNode and de are non-nil.
2020-06-26 22:38:53 +01:00
2021-10-16 04:45:33 +01:00
di := c . discoInfoLocked ( sender )
2020-06-26 22:38:53 +01:00
sealedBox := msg [ headerLen : ]
2021-10-29 22:27:29 +01:00
payload , ok := di . sharedKey . Open ( sealedBox )
2020-06-26 22:38:53 +01:00
if ! ok {
2020-06-30 21:14:41 +01:00
// This might be have been intended for a previous
// disco key. When we restart we get a new disco key
// and old packets might've still been in flight (or
// scheduled). This is particularly the case for LANs
2023-04-05 00:32:16 +01:00
// or non-NATed endpoints. UDP offloading on Linux
// can also cause this when a disco message is
// received via raw socket at the head of a coalesced
// group of messages. Don't log in normal case.
// Callers may choose to pass on to wireguard, in case
// it's actually a wireguard packet (super unlikely, but).
2022-09-14 20:49:39 +01:00
if debugDisco ( ) {
2023-04-05 00:32:16 +01:00
c . logf ( "magicsock: disco: failed to open naclbox from %v (wrong rcpt?) via %s" , sender , via )
2020-07-01 20:56:17 +01:00
}
2020-12-14 02:51:24 +00:00
metricRecvDiscoBadKey . Add ( 1 )
2021-02-04 02:15:01 +00:00
return
2020-06-26 22:38:53 +01:00
}
2023-02-08 23:48:27 +00:00
// Emit information about the disco frame into the pcap stream
// if a capture hook is installed.
if cb := c . captureHook . Load ( ) ; cb != nil {
2023-03-30 20:39:39 +01:00
cb ( capture . PathDisco , time . Now ( ) , discoPcapFrame ( src , derpNodeSrc , payload ) , packet . CaptureMeta { } )
2023-02-08 23:48:27 +00:00
}
2020-06-30 20:22:42 +01:00
dm , err := disco . Parse ( payload )
2022-09-14 20:49:39 +01:00
if debugDisco ( ) {
2020-07-01 20:56:17 +01:00
c . logf ( "magicsock: disco: disco.Parse = %T, %v" , dm , err )
}
2020-06-30 20:22:42 +01:00
if err != nil {
// Couldn't parse it, but it was inside a correctly
// signed box, so just ignore it, assuming it's from a
// newer version of Tailscale that we don't
// understand. Not even worth logging about, lest it
// be too spammy for old clients.
2020-12-14 02:51:24 +00:00
metricRecvDiscoBadParse . Add ( 1 )
2021-02-04 02:15:01 +00:00
return
2020-06-30 20:22:42 +01:00
}
2022-07-25 04:08:42 +01:00
isDERP := src . Addr ( ) == derpMagicIPAddr
2020-12-14 02:51:24 +00:00
if isDERP {
metricRecvDiscoDERP . Add ( 1 )
} else {
metricRecvDiscoUDP . Add ( 1 )
}
2020-06-30 20:22:42 +01:00
switch dm := dm . ( type ) {
case * disco . Ping :
2020-12-14 02:51:24 +00:00
metricRecvDiscoPing . Add ( 1 )
2021-10-16 05:44:52 +01:00
c . handlePingLocked ( dm , src , di , derpNodeSrc )
2020-06-30 20:22:42 +01:00
case * disco . Pong :
2020-12-14 02:51:24 +00:00
metricRecvDiscoPong . Add ( 1 )
2021-10-16 05:55:59 +01:00
// There might be multiple nodes for the sender's DiscoKey.
// Ask each to handle it, stopping once one reports that
// the Pong's TxID was theirs.
2023-01-28 05:04:32 +00:00
c . peerMap . forEachEndpointWithDiscoKey ( sender , func ( ep * endpoint ) ( keepGoing bool ) {
if ep . handlePongConnLocked ( dm , di , src ) {
return false
2021-10-16 05:55:59 +01:00
}
2023-01-28 05:04:32 +00:00
return true
2021-10-16 05:55:59 +01:00
} )
2021-01-20 19:39:42 +00:00
case * disco . CallMeMaybe :
2020-12-14 02:51:24 +00:00
metricRecvDiscoCallMeMaybe . Add ( 1 )
if ! isDERP || derpNodeSrc . IsZero ( ) {
2020-07-18 21:57:26 +01:00
// CallMeMaybe messages should only come via DERP.
2020-06-30 21:14:41 +01:00
c . logf ( "[unexpected] CallMeMaybe packets should only come via DERP" )
2021-02-04 02:15:01 +00:00
return
2020-06-30 20:22:42 +01:00
}
2021-11-02 00:53:40 +00:00
nodeKey := derpNodeSrc
2021-10-17 19:31:21 +01:00
ep , ok := c . peerMap . endpointForNodeKey ( nodeKey )
2021-10-16 00:42:24 +01:00
if ! ok {
2020-12-14 02:51:24 +00:00
metricRecvDiscoCallMeMaybeBadNode . Add ( 1 )
2021-10-16 00:42:24 +01:00
c . logf ( "magicsock: disco: ignoring CallMeMaybe from %v; %v is unknown" , sender . ShortString ( ) , derpNodeSrc . ShortString ( ) )
return
}
2023-04-08 23:36:47 +01:00
epDisco := ep . disco . Load ( )
if epDisco == nil {
return
}
if epDisco . key != di . discoKey {
2020-12-14 02:51:24 +00:00
metricRecvDiscoCallMeMaybeBadDisco . Add ( 1 )
2021-10-17 19:31:21 +01:00
c . logf ( "[unexpected] CallMeMaybe from peer via DERP whose netmap discokey != disco source" )
return
}
2022-10-04 04:39:45 +01:00
c . dlogf ( "[v1] magicsock: disco: %v<-%v (%v, %v) got call-me-maybe, %d endpoints" ,
2023-04-08 23:36:47 +01:00
c . discoShort , epDisco . short ,
2021-09-01 00:55:22 +01:00
ep . publicKey . ShortString ( ) , derpStr ( src . String ( ) ) ,
2021-08-26 03:39:20 +01:00
len ( dm . MyNumber ) )
2021-09-01 00:55:22 +01:00
go ep . handleCallMeMaybe ( dm )
2020-06-30 20:22:42 +01:00
}
2021-02-04 02:15:01 +00:00
return
2020-06-26 22:38:53 +01:00
}
2021-10-17 19:31:21 +01:00
// unambiguousNodeKeyOfPingLocked attempts to look up an unambiguous mapping
// from a DiscoKey dk (which sent ping dm) to a NodeKey. ok is true
// if there's the NodeKey is known unambiguously.
//
// derpNodeSrc is non-zero if the disco ping arrived via DERP.
//
// c.mu must be held.
2021-11-02 00:53:40 +00:00
func ( c * Conn ) unambiguousNodeKeyOfPingLocked ( dm * disco . Ping , dk key . DiscoPublic , derpNodeSrc key . NodePublic ) ( nk key . NodePublic , ok bool ) {
2021-10-17 19:31:21 +01:00
if ! derpNodeSrc . IsZero ( ) {
2023-04-08 23:36:47 +01:00
if ep , ok := c . peerMap . endpointForNodeKey ( derpNodeSrc ) ; ok {
epDisco := ep . disco . Load ( )
if epDisco != nil && epDisco . key == dk {
return derpNodeSrc , true
}
2021-10-17 19:31:21 +01:00
}
}
// Pings after 1.16.0 contains its node source. See if it maps back.
if ! dm . NodeKey . IsZero ( ) {
2023-04-08 23:36:47 +01:00
if ep , ok := c . peerMap . endpointForNodeKey ( dm . NodeKey ) ; ok {
epDisco := ep . disco . Load ( )
if epDisco != nil && epDisco . key == dk {
return dm . NodeKey , true
}
2021-10-17 19:31:21 +01:00
}
}
// If there's exactly 1 node in our netmap with DiscoKey dk,
// then it's not ambiguous which node key dm was from.
if set := c . peerMap . nodesOfDisco [ dk ] ; len ( set ) == 1 {
for nk = range set {
return nk , true
}
}
return nk , false
}
2021-10-16 04:45:33 +01:00
// di is the discoInfo of the source of the ping.
// derpNodeSrc is non-zero if the ping arrived via DERP.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) handlePingLocked ( dm * disco . Ping , src netip . AddrPort , di * discoInfo , derpNodeSrc key . NodePublic ) {
2021-10-16 04:45:33 +01:00
likelyHeartBeat := src == di . lastPingFrom && time . Since ( di . lastPingTime ) < 5 * time . Second
di . lastPingFrom = src
di . lastPingTime = time . Now ( )
2022-07-25 04:08:42 +01:00
isDerp := src . Addr ( ) == derpMagicIPAddr
2021-10-18 21:29:09 +01:00
// If we can figure out with certainty which node key this disco
// message is for, eagerly update our IP<>node and disco<>node
// mappings to make p2p path discovery faster in simple
// cases. Without this, disco would still work, but would be
// reliant on DERP call-me-maybe to establish the disco<>node
// mapping, and on subsequent disco handlePongLocked to establish
// the IP<>disco mapping.
2021-10-17 19:31:21 +01:00
if nk , ok := c . unambiguousNodeKeyOfPingLocked ( dm , di . discoKey , derpNodeSrc ) ; ok {
2021-10-18 21:29:09 +01:00
if ! isDerp {
c . peerMap . setNodeKeyForIPPort ( src , nk )
}
2021-10-17 19:31:21 +01:00
}
2021-10-16 15:43:48 +01:00
2021-10-16 05:44:52 +01:00
// If we got a ping over DERP, then derpNodeSrc is non-zero and we reply
// over DERP (in which case ipDst is also a DERP address).
// But if the ping was over UDP (ipDst is not a DERP address), then dstKey
// will be zero here, but that's fine: sendDiscoMessage only requires
// a dstKey if the dst ip:port is DERP.
dstKey := derpNodeSrc
2020-07-02 16:37:46 +01:00
2020-07-03 20:43:39 +01:00
// Remember this route if not present.
2021-10-16 05:44:52 +01:00
var numNodes int
2023-01-28 05:04:32 +00:00
var dup bool
2021-10-16 15:43:48 +01:00
if isDerp {
2021-10-16 05:44:52 +01:00
if ep , ok := c . peerMap . endpointForNodeKey ( derpNodeSrc ) ; ok {
2023-01-28 05:04:32 +00:00
if ep . addCandidateEndpoint ( src , dm . TxID ) {
return
}
2021-10-16 05:44:52 +01:00
numNodes = 1
}
} else {
2023-01-28 05:04:32 +00:00
c . peerMap . forEachEndpointWithDiscoKey ( di . discoKey , func ( ep * endpoint ) ( keepGoing bool ) {
if ep . addCandidateEndpoint ( src , dm . TxID ) {
dup = true
return false
}
2021-10-16 05:44:52 +01:00
numNodes ++
if numNodes == 1 && dstKey . IsZero ( ) {
dstKey = ep . publicKey
}
2023-01-28 05:04:32 +00:00
return true
2021-10-16 05:44:52 +01:00
} )
2023-01-28 05:04:32 +00:00
if dup {
return
}
2021-10-16 05:44:52 +01:00
if numNodes > 1 {
// Zero it out if it's ambiguous, so sendDiscoMessage logging
// isn't confusing.
2021-11-02 00:53:40 +00:00
dstKey = key . NodePublic { }
2021-10-16 05:44:52 +01:00
}
}
if numNodes == 0 {
c . logf ( "[unexpected] got disco ping from %v/%v for node not in peers" , src , derpNodeSrc )
return
}
2022-09-14 20:49:39 +01:00
if ! likelyHeartBeat || debugDisco ( ) {
2021-10-16 05:44:52 +01:00
pingNodeSrcStr := dstKey . ShortString ( )
if numNodes > 1 {
pingNodeSrcStr = "[one-of-multi]"
}
2022-10-04 04:39:45 +01:00
c . dlogf ( "[v1] magicsock: disco: %v<-%v (%v, %v) got ping tx=%x" , c . discoShort , di . discoShort , pingNodeSrcStr , src , dm . TxID [ : 6 ] )
2021-10-16 05:44:52 +01:00
}
2020-07-02 16:37:46 +01:00
2020-07-23 23:15:28 +01:00
ipDst := src
2021-10-16 04:45:33 +01:00
discoDest := di . discoKey
2021-10-16 05:44:52 +01:00
go c . sendDiscoMessage ( ipDst , dstKey , discoDest , & disco . Pong {
2020-07-02 16:37:46 +01:00
TxID : dm . TxID ,
Src : src ,
2020-07-18 21:50:08 +01:00
} , discoVerboseLog )
2020-07-02 16:37:46 +01:00
}
2021-01-20 20:41:25 +00:00
// enqueueCallMeMaybe schedules a send of disco.CallMeMaybe to de via derpAddr
// once we know that our STUN endpoint is fresh.
//
// derpAddr is de.derpAddr at the time of send. It's assumed the peer won't be
// flipping primary DERPs in the 0-30ms it takes to confirm our STUN endpoint.
// If they do, traffic will just go over DERP for a bit longer until the next
// discovery round.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) enqueueCallMeMaybe ( derpAddr netip . AddrPort , de * endpoint ) {
2021-01-20 20:41:25 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2023-04-08 23:36:47 +01:00
epDisco := de . disco . Load ( )
if epDisco == nil {
return
}
2021-01-20 17:52:24 +00:00
if ! c . lastEndpointsTime . After ( time . Now ( ) . Add ( - endpointsFreshEnoughDuration ) ) {
2022-10-04 04:39:45 +01:00
c . dlogf ( "[v1] magicsock: want call-me-maybe but endpoints stale; restunning" )
2022-08-31 21:47:25 +01:00
mak . Set ( & c . onEndpointRefreshed , de , func ( ) {
2023-04-08 23:36:47 +01:00
c . dlogf ( "[v1] magicsock: STUN done; sending call-me-maybe to %v %v" , epDisco . short , de . publicKey . ShortString ( ) )
2021-01-20 17:52:24 +00:00
c . enqueueCallMeMaybe ( derpAddr , de )
2022-08-31 21:47:25 +01:00
} )
2021-01-20 17:52:24 +00:00
// TODO(bradfitz): make a new 'reSTUNQuickly' method
// that passes down a do-a-lite-netcheck flag down to
// netcheck that does 1 (or 2 max) STUN queries
// (UDP-only, not HTTPs) to find our port mapping to
// our home DERP and maybe one other. For now we do a
// "full" ReSTUN which may or may not be a full one
// (depending on age) and may do HTTPS timing queries
// (if UDP is blocked). Good enough for now.
go c . ReSTUN ( "refresh-for-peering" )
return
}
2021-01-20 20:41:25 +00:00
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
eps := make ( [ ] netip . AddrPort , 0 , len ( c . lastEndpoints ) )
2021-01-20 20:41:25 +00:00
for _ , ep := range c . lastEndpoints {
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
eps = append ( eps , ep . Addr )
2021-01-20 20:41:25 +00:00
}
2023-04-08 23:36:47 +01:00
go de . c . sendDiscoMessage ( derpAddr , de . publicKey , epDisco . key , & disco . CallMeMaybe { MyNumber : eps } , discoLog )
2023-03-25 02:11:48 +00:00
if debugSendCallMeUnknownPeer ( ) {
// Send a callMeMaybe packet to a non-existent peer
unknownKey := key . NewNode ( ) . Public ( )
c . logf ( "magicsock: sending CallMeMaybe to unknown peer per TS_DEBUG_SEND_CALLME_UNKNOWN_PEER" )
2023-04-08 23:36:47 +01:00
go de . c . sendDiscoMessage ( derpAddr , unknownKey , epDisco . key , & disco . CallMeMaybe { MyNumber : eps } , discoLog )
2023-03-25 02:11:48 +00:00
}
2021-01-20 20:41:25 +00:00
}
2021-10-16 04:45:33 +01:00
// discoInfoLocked returns the previous or new discoInfo for k.
//
// c.mu must be held.
2021-10-29 22:27:29 +01:00
func ( c * Conn ) discoInfoLocked ( k key . DiscoPublic ) * discoInfo {
2021-10-16 04:45:33 +01:00
di , ok := c . discoInfo [ k ]
if ! ok {
di = & discoInfo {
discoKey : k ,
discoShort : k . ShortString ( ) ,
2021-10-29 22:27:29 +01:00
sharedKey : c . discoPrivate . Shared ( k ) ,
2021-10-16 04:45:33 +01:00
}
c . discoInfo [ k ] = di
2020-06-29 22:26:25 +01:00
}
2021-10-16 04:45:33 +01:00
return di
2020-06-29 22:26:25 +01:00
}
2020-10-06 23:22:46 +01:00
func ( c * Conn ) SetNetworkUp ( up bool ) {
c . mu . Lock ( )
defer c . mu . Unlock ( )
2022-08-04 05:51:02 +01:00
if c . networkUp . Load ( ) == up {
2020-10-06 23:22:46 +01:00
return
}
c . logf ( "magicsock: SetNetworkUp(%v)" , up )
2022-08-04 05:51:02 +01:00
c . networkUp . Store ( up )
2020-10-06 23:22:46 +01:00
2021-02-10 18:04:42 +00:00
if up {
c . startDerpHomeConnectLocked ( )
} else {
2021-02-20 06:15:41 +00:00
c . portMapper . NoteNetworkDown ( )
2020-10-06 23:22:46 +01:00
c . closeAllDerpLocked ( "network-down" )
}
}
2021-06-22 21:00:40 +01:00
// SetPreferredPort sets the connection's preferred local port.
func ( c * Conn ) SetPreferredPort ( port uint16 ) {
2022-08-04 05:51:02 +01:00
if uint16 ( c . port . Load ( ) ) == port {
2021-06-22 21:00:40 +01:00
return
}
2022-08-04 05:51:02 +01:00
c . port . Store ( uint32 ( port ) )
2021-06-22 21:00:40 +01:00
if err := c . rebind ( dropCurrentPort ) ; err != nil {
c . logf ( "%w" , err )
return
}
c . resetEndpointStates ( )
}
2020-03-02 17:31:25 +00:00
// SetPrivateKey sets the connection's private key.
//
// This is only used to be able prove our identity when connecting to
// DERP servers.
//
// If the private key changes, any DERP connections are torn down &
// recreated when needed.
2021-10-28 19:07:25 +01:00
func ( c * Conn ) SetPrivateKey ( privateKey key . NodePrivate ) error {
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2020-02-28 19:13:28 +00:00
2021-10-29 21:15:27 +01:00
oldKey , newKey := c . privateKey , privateKey
if newKey . Equal ( oldKey ) {
2020-02-28 19:13:28 +00:00
return nil
}
c . privateKey = newKey
2022-08-04 05:51:02 +01:00
c . havePrivateKey . Store ( ! newKey . IsZero ( ) )
2020-02-28 19:13:28 +00:00
2021-10-16 22:55:26 +01:00
if newKey . IsZero ( ) {
2021-11-02 00:53:40 +00:00
c . publicKeyAtomic . Store ( key . NodePublic { } )
2021-10-16 22:55:26 +01:00
} else {
2021-11-02 00:53:40 +00:00
c . publicKeyAtomic . Store ( newKey . Public ( ) )
2021-10-16 22:55:26 +01:00
}
2020-03-24 15:09:30 +00:00
if oldKey . IsZero ( ) {
2020-07-28 00:26:33 +01:00
c . everHadKey = true
2020-03-24 15:09:30 +00:00
c . logf ( "magicsock: SetPrivateKey called (init)" )
2021-09-01 02:09:52 +01:00
go c . ReSTUN ( "set-private-key" )
2020-07-27 18:19:05 +01:00
} else if newKey . IsZero ( ) {
c . logf ( "magicsock: SetPrivateKey called (zeroed)" )
c . closeAllDerpLocked ( "zero-private-key" )
2021-01-20 17:52:24 +00:00
c . stopPeriodicReSTUNTimerLocked ( )
c . onEndpointRefreshed = nil
2020-03-24 15:09:30 +00:00
} else {
2020-07-27 18:19:05 +01:00
c . logf ( "magicsock: SetPrivateKey called (changed)" )
c . closeAllDerpLocked ( "new-private-key" )
2020-03-24 15:09:30 +00:00
}
// Key changed. Close existing DERP connections and reconnect to home.
2020-07-27 18:19:05 +01:00
if c . myDerp != 0 && ! newKey . IsZero ( ) {
2020-04-09 22:21:36 +01:00
c . logf ( "magicsock: private key changed, reconnecting to home derp-%d" , c . myDerp )
2021-02-10 18:04:42 +00:00
c . startDerpHomeConnectLocked ( )
2020-03-24 15:09:30 +00:00
}
2020-03-02 17:31:25 +00:00
2020-07-30 21:48:32 +01:00
if newKey . IsZero ( ) {
2021-10-16 06:25:29 +01:00
c . peerMap . forEachEndpoint ( func ( ep * endpoint ) {
2021-08-26 03:39:20 +01:00
ep . stopAndReset ( )
} )
2020-07-30 21:48:32 +01:00
}
2020-03-02 17:31:25 +00:00
return nil
}
2020-04-18 16:48:01 +01:00
// UpdatePeers is called when the set of WireGuard peers changes. It
// then removes any state for old peers.
//
// The caller passes ownership of newPeers map to UpdatePeers.
2021-10-29 21:15:27 +01:00
func ( c * Conn ) UpdatePeers ( newPeers map [ key . NodePublic ] struct { } ) {
2020-04-18 16:48:01 +01:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
oldPeers := c . peerSet
c . peerSet = newPeers
2021-10-29 21:15:27 +01:00
// Clean up any key.NodePublic-keyed maps for peers that no longer
2020-04-18 16:48:01 +01:00
// exist.
for peer := range oldPeers {
if _ , ok := newPeers [ peer ] ; ! ok {
delete ( c . derpRoute , peer )
delete ( c . peerLastDerp , peer )
}
}
2020-04-28 21:41:18 +01:00
if len ( oldPeers ) == 0 && len ( newPeers ) > 0 {
go c . ReSTUN ( "non-zero-peers" )
}
2020-04-18 16:48:01 +01:00
}
2020-05-17 17:51:38 +01:00
// SetDERPMap controls which (if any) DERP servers are used.
// A nil value means to disable DERP; it's disabled by default.
func ( c * Conn ) SetDERPMap ( dm * tailcfg . DERPMap ) {
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2020-03-04 20:21:40 +00:00
2023-04-05 01:10:50 +01:00
var derpAddr = debugUseDERPAddr ( )
if derpAddr != "" {
derpPort := 443
if debugUseDERPHTTP ( ) {
// Match the port for -dev in derper.go
derpPort = 3340
}
dm = & tailcfg . DERPMap {
OmitDefaultRegions : true ,
Regions : map [ int ] * tailcfg . DERPRegion {
999 : {
RegionID : 999 ,
Nodes : [ ] * tailcfg . DERPNode { {
Name : "999dev" ,
RegionID : 999 ,
HostName : derpAddr ,
DERPPort : derpPort ,
} } ,
} ,
} ,
}
}
2020-05-17 17:51:38 +01:00
if reflect . DeepEqual ( dm , c . derpMap ) {
return
}
2022-01-13 21:37:26 +00:00
c . derpMapAtomic . Store ( dm )
2022-01-04 22:59:11 +00:00
old := c . derpMap
2020-05-17 17:51:38 +01:00
c . derpMap = dm
if dm == nil {
2020-03-23 21:12:23 +00:00
c . closeAllDerpLocked ( "derp-disabled" )
2020-05-17 17:51:38 +01:00
return
2020-03-04 20:21:40 +00:00
}
2020-05-17 17:51:38 +01:00
2022-01-04 22:59:11 +00:00
// Reconnect any DERP region that changed definitions.
if old != nil {
changes := false
for rid , oldDef := range old . Regions {
if reflect . DeepEqual ( oldDef , dm . Regions [ rid ] ) {
continue
}
changes = true
if rid == c . myDerp {
c . myDerp = 0
}
c . closeDerpLocked ( rid , "derp-region-redefined" )
}
if changes {
c . logActiveDerpLocked ( )
}
}
2021-09-01 02:09:52 +01:00
go c . ReSTUN ( "derp-map-update" )
2020-03-04 20:21:40 +00:00
}
2020-07-26 03:37:08 +01:00
func nodesEqual ( x , y [ ] * tailcfg . Node ) bool {
if len ( x ) != len ( y ) {
return false
}
for i := range x {
if ! x [ i ] . Equal ( y [ i ] ) {
return false
}
}
return true
}
2023-02-21 20:57:08 +00:00
var debugRingBufferMaxSizeBytes = envknob . RegisterInt ( "TS_DEBUG_MAGICSOCK_RING_BUFFER_MAX_SIZE_BYTES" )
2020-06-25 19:04:52 +01:00
// SetNetworkMap is called when the control client gets a new network
2020-07-26 03:37:08 +01:00
// map from the control server. It must always be non-nil.
2020-06-25 19:04:52 +01:00
//
// It should not use the DERPMap field of NetworkMap; that's
// conditionally sent to SetDERPMap instead.
2021-02-05 23:44:46 +00:00
func ( c * Conn ) SetNetworkMap ( nm * netmap . NetworkMap ) {
2020-06-25 19:04:52 +01:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2021-08-26 03:39:20 +01:00
if c . closed {
return
}
2023-01-24 22:03:57 +00:00
priorNetmap := c . netMap
var priorDebug * tailcfg . Debug
if priorNetmap != nil {
priorDebug = priorNetmap . Debug
2020-06-25 19:04:52 +01:00
}
2023-01-24 22:03:57 +00:00
debugChanged := ! reflect . DeepEqual ( priorDebug , nm . Debug )
2020-12-14 02:51:24 +00:00
metricNumPeers . Set ( int64 ( len ( nm . Peers ) ) )
2023-01-24 22:03:57 +00:00
// Update c.netMap regardless, before the following early return.
2020-06-25 19:04:52 +01:00
c . netMap = nm
2020-06-26 22:38:53 +01:00
2023-01-24 22:03:57 +00:00
if priorNetmap != nil && nodesEqual ( priorNetmap . Peers , nm . Peers ) && ! debugChanged {
// The rest of this function is all adjusting state for peers that have
// changed. But if the set of peers is equal and the debug flags (for
// silent disco) haven't changed, no need to do anything else.
return
}
c . logf ( "[v1] magicsock: got updated network map; %d peers" , len ( nm . Peers ) )
2022-09-17 04:48:46 +01:00
heartbeatDisabled := debugEnableSilentDisco ( ) || ( c . netMap != nil && c . netMap . Debug != nil && c . netMap . Debug . EnableSilentDisco )
2023-02-21 20:57:08 +00:00
// Set a maximum size for our set of endpoint ring buffers by assuming
// that a single large update is ~500 bytes, and that we want to not
// use more than 1MiB of memory on phones / 4MiB on other devices.
// Calculate the per-endpoint ring buffer size by dividing that out,
// but always storing at least two entries.
var entriesPerBuffer int = 2
if len ( nm . Peers ) > 0 {
var maxRingBufferSize int
if runtime . GOOS == "ios" || runtime . GOOS == "android" {
maxRingBufferSize = 1 * 1024 * 1024
} else {
maxRingBufferSize = 4 * 1024 * 1024
}
if v := debugRingBufferMaxSizeBytes ( ) ; v > 0 {
maxRingBufferSize = v
}
const averageRingBufferElemSize = 512
entriesPerBuffer = maxRingBufferSize / ( averageRingBufferElemSize * len ( nm . Peers ) )
if entriesPerBuffer < 2 {
entriesPerBuffer = 2
}
}
2021-08-31 21:25:58 +01:00
// Try a pass of just upserting nodes and creating missing
// endpoints. If the set of nodes is the same, this is an
// efficient alloc-free update. If the set of nodes is different,
// we'll fall through to the next pass, which allocates but can
// handle full set updates.
2021-08-26 03:39:20 +01:00
for _ , n := range nm . Peers {
2021-11-02 03:55:52 +00:00
if ep , ok := c . peerMap . endpointForNodeKey ( n . Key ) ; ok {
2023-04-06 01:28:28 +01:00
if n . DiscoKey . IsZero ( ) && ! n . IsWireGuardOnly {
// Discokey transitioned from non-zero to zero? This should not
// happen in the wild, however it could mean:
// 1. A node was downgraded from post 0.100 to pre 0.100.
// 2. A Tailscale node key was extracted and used on a
// non-Tailscale node (should not enter here due to the
// IsWireGuardOnly check)
// 3. The server is misbehaving.
2022-11-18 20:43:09 +00:00
c . peerMap . deleteEndpoint ( ep )
continue
}
2023-04-08 23:36:47 +01:00
var oldDiscoKey key . DiscoPublic
if epDisco := ep . disco . Load ( ) ; epDisco != nil {
oldDiscoKey = epDisco . key
}
2022-09-18 15:56:40 +01:00
ep . updateFromNode ( n , heartbeatDisabled )
2021-11-10 22:03:47 +00:00
c . peerMap . upsertEndpoint ( ep , oldDiscoKey ) // maybe update discokey mappings in peerMap
2021-09-01 00:55:22 +01:00
continue
}
2023-04-06 01:28:28 +01:00
if n . DiscoKey . IsZero ( ) && ! n . IsWireGuardOnly {
// Ancient pre-0.100 node, which does not have a disco key, and will only be reachable via DERP.
2022-11-18 20:43:09 +00:00
continue
}
2021-08-31 21:25:58 +01:00
2021-09-01 00:55:22 +01:00
ep := & endpoint {
2022-09-17 04:48:46 +01:00
c : c ,
2023-02-21 20:57:08 +00:00
debugUpdates : ringbuffer . New [ EndpointChange ] ( entriesPerBuffer ) ,
2022-09-17 04:48:46 +01:00
publicKey : n . Key ,
2022-10-17 21:22:48 +01:00
publicKeyHex : n . Key . UntypedHexString ( ) ,
2022-09-17 04:48:46 +01:00
sentPing : map [ stun . TxID ] sentPing { } ,
endpointState : map [ netip . AddrPort ] * endpointState { } ,
heartbeatDisabled : heartbeatDisabled ,
2023-05-03 01:49:56 +01:00
isWireguardOnly : n . IsWireGuardOnly ,
2021-09-01 00:55:22 +01:00
}
2022-10-28 00:26:52 +01:00
if len ( n . Addresses ) > 0 {
ep . nodeAddr = n . Addresses [ 0 ] . Addr ( )
}
2021-09-01 00:55:22 +01:00
ep . initFakeUDPAddr ( )
2023-04-06 01:28:28 +01:00
if n . DiscoKey . IsZero ( ) {
ep . disco . Store ( nil )
} else {
ep . disco . Store ( & endpointDisco {
key : n . DiscoKey ,
short : n . DiscoKey . ShortString ( ) ,
} )
if debugDisco ( ) { // rather than making a new knob
c . logf ( "magicsock: created endpoint key=%s: disco=%s; %v" , n . Key . ShortString ( ) , n . DiscoKey . ShortString ( ) , logger . ArgWriter ( func ( w * bufio . Writer ) {
const derpPrefix = "127.3.3.40:"
if strings . HasPrefix ( n . DERP , derpPrefix ) {
ipp , _ := netip . ParseAddrPort ( n . DERP )
regionID := int ( ipp . Port ( ) )
code := c . derpRegionCodeLocked ( regionID )
if code != "" {
code = "(" + code + ")"
}
fmt . Fprintf ( w , "derp=%v%s " , regionID , code )
2021-11-18 18:51:34 +00:00
}
2021-09-01 00:55:22 +01:00
2023-04-06 01:28:28 +01:00
for _ , a := range n . AllowedIPs {
if a . IsSingleIP ( ) {
fmt . Fprintf ( w , "aip=%v " , a . Addr ( ) )
} else {
fmt . Fprintf ( w , "aip=%v " , a )
}
2021-11-18 18:51:34 +00:00
}
2023-04-06 01:28:28 +01:00
for _ , ep := range n . Endpoints {
fmt . Fprintf ( w , "ep=%v " , ep )
}
} ) )
}
2021-11-18 18:51:34 +00:00
}
2022-09-18 15:56:40 +01:00
ep . updateFromNode ( n , heartbeatDisabled )
2021-11-10 22:03:47 +00:00
c . peerMap . upsertEndpoint ( ep , key . DiscoPublic { } )
2020-06-26 22:38:53 +01:00
}
2021-08-26 03:39:20 +01:00
// If the set of nodes changed since the last SetNetworkMap, the
// upsert loop just above made c.peerMap contain the union of the
// old and new peers - which will be larger than the set from the
// current netmap. If that happens, go through the allocful
// deletion path to clean up moribund nodes.
if c . peerMap . nodeCount ( ) != len ( nm . Peers ) {
2021-11-02 00:53:40 +00:00
keep := make ( map [ key . NodePublic ] bool , len ( nm . Peers ) )
2021-08-26 03:39:20 +01:00
for _ , n := range nm . Peers {
2021-11-02 03:55:52 +00:00
keep [ n . Key ] = true
2020-06-28 19:53:37 +01:00
}
2021-10-16 06:25:29 +01:00
c . peerMap . forEachEndpoint ( func ( ep * endpoint ) {
2021-09-01 00:55:22 +01:00
if ! keep [ ep . publicKey ] {
2021-10-16 06:25:29 +01:00
c . peerMap . deleteEndpoint ( ep )
2021-08-26 03:39:20 +01:00
}
} )
2020-06-28 19:53:37 +01:00
}
2021-10-06 18:18:12 +01:00
2021-10-16 04:45:33 +01:00
// discokeys might have changed in the above. Discard unused info.
for dk := range c . discoInfo {
if ! c . peerMap . anyEndpointForDiscoKey ( dk ) {
delete ( c . discoInfo , dk )
2021-10-06 18:18:12 +01:00
}
}
2020-06-25 19:04:52 +01:00
}
2020-05-17 17:51:38 +01:00
func ( c * Conn ) wantDerpLocked ( ) bool { return c . derpMap != nil }
2020-03-13 15:55:38 +00:00
// c.mu must be held.
2020-03-23 21:12:23 +00:00
func ( c * Conn ) closeAllDerpLocked ( why string ) {
if len ( c . activeDerp ) == 0 {
return // without the useless log statement
}
2020-03-05 16:54:08 +00:00
for i := range c . activeDerp {
2020-03-23 21:12:23 +00:00
c . closeDerpLocked ( i , why )
2020-02-28 19:13:28 +00:00
}
2020-03-23 21:12:23 +00:00
c . logActiveDerpLocked ( )
2020-03-05 16:54:08 +00:00
}
2021-12-29 02:01:50 +00:00
// maybeCloseDERPsOnRebind, in response to a rebind, closes all
// DERP connections that don't have a local address in okayLocalIPs
// and pings all those that do.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( c * Conn ) maybeCloseDERPsOnRebind ( okayLocalIPs [ ] netip . Prefix ) {
2021-12-29 02:01:50 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
for regionID , ad := range c . activeDerp {
la , err := ad . c . LocalAddr ( )
if err != nil {
2022-09-25 19:29:55 +01:00
c . closeOrReconnectDERPLocked ( regionID , "rebind-no-localaddr" )
2021-12-29 02:01:50 +00:00
continue
}
2022-07-25 04:08:42 +01:00
if ! tsaddr . PrefixesContainsIP ( okayLocalIPs , la . Addr ( ) ) {
2022-09-25 19:29:55 +01:00
c . closeOrReconnectDERPLocked ( regionID , "rebind-default-route-change" )
2021-12-29 02:01:50 +00:00
continue
}
regionID := regionID
dc := ad . c
go func ( ) {
ctx , cancel := context . WithTimeout ( context . Background ( ) , 3 * time . Second )
defer cancel ( )
if err := dc . Ping ( ctx ) ; err != nil {
c . mu . Lock ( )
defer c . mu . Unlock ( )
2022-09-25 19:29:55 +01:00
c . closeOrReconnectDERPLocked ( regionID , "rebind-ping-fail" )
2021-12-29 02:01:50 +00:00
return
}
c . logf ( "post-rebind ping of DERP region %d okay" , regionID )
} ( )
}
c . logActiveDerpLocked ( )
}
2022-09-25 19:29:55 +01:00
// closeOrReconnectDERPLocked closes the DERP connection to the
2021-12-29 02:01:50 +00:00
// provided regionID and starts reconnecting it if it's our current
// home DERP.
//
// why is a reason for logging.
//
// c.mu must be held.
2022-09-25 19:29:55 +01:00
func ( c * Conn ) closeOrReconnectDERPLocked ( regionID int , why string ) {
2021-12-29 02:01:50 +00:00
c . closeDerpLocked ( regionID , why )
if ! c . privateKey . IsZero ( ) && c . myDerp == regionID {
c . startDerpHomeConnectLocked ( )
}
}
2020-03-13 15:55:38 +00:00
// c.mu must be held.
2020-03-23 21:12:23 +00:00
// It is the responsibility of the caller to call logActiveDerpLocked after any set of closes.
2021-12-29 02:01:50 +00:00
func ( c * Conn ) closeDerpLocked ( regionID int , why string ) {
if ad , ok := c . activeDerp [ regionID ] ; ok {
c . logf ( "magicsock: closing connection to derp-%v (%v), age %v" , regionID , why , time . Since ( ad . createTime ) . Round ( time . Second ) )
2020-03-05 16:54:08 +00:00
go ad . c . Close ( )
ad . cancel ( )
2021-12-29 02:01:50 +00:00
delete ( c . activeDerp , regionID )
2020-12-14 02:51:24 +00:00
metricNumDERPConns . Set ( int64 ( len ( c . activeDerp ) ) )
2020-02-28 19:13:28 +00:00
}
2020-02-05 22:16:58 +00:00
}
2020-03-23 21:12:23 +00:00
// c.mu must be held.
func ( c * Conn ) logActiveDerpLocked ( ) {
now := time . Now ( )
2020-05-31 23:29:04 +01:00
c . logf ( "magicsock: %v active derp conns%s" , len ( c . activeDerp ) , logger . ArgWriter ( func ( buf * bufio . Writer ) {
if len ( c . activeDerp ) == 0 {
return
}
buf . WriteString ( ":" )
c . foreachActiveDerpSortedLocked ( func ( node int , ad activeDerp ) {
fmt . Fprintf ( buf , " derp-%d=cr%v,wr%v" , node , simpleDur ( now . Sub ( ad . createTime ) ) , simpleDur ( now . Sub ( * ad . lastWrite ) ) )
} )
} ) )
2020-03-23 21:12:23 +00:00
}
2023-02-21 20:57:08 +00:00
// EndpointChange is a structure containing information about changes made to a
// particular endpoint. This is not a stable interface and could change at any
// time.
type EndpointChange struct {
When time . Time // when the change occurred
What string // what this change is
From any ` json:",omitempty" ` // information about the previous state
To any ` json:",omitempty" ` // information about the new state
}
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
func ( c * Conn ) logEndpointChange ( endpoints [ ] tailcfg . Endpoint ) {
2020-05-31 23:29:04 +01:00
c . logf ( "magicsock: endpoints changed: %s" , logger . ArgWriter ( func ( buf * bufio . Writer ) {
for i , ep := range endpoints {
if i > 0 {
buf . WriteString ( ", " )
}
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
fmt . Fprintf ( buf , "%s (%s)" , ep . Addr , ep . Type )
2020-03-24 15:09:30 +00:00
}
2020-05-31 23:29:04 +01:00
} ) )
2020-03-24 15:09:30 +00:00
}
2020-03-23 21:12:23 +00:00
// c.mu must be held.
2020-05-17 17:51:38 +01:00
func ( c * Conn ) foreachActiveDerpSortedLocked ( fn func ( regionID int , ad activeDerp ) ) {
2020-03-23 21:12:23 +00:00
if len ( c . activeDerp ) < 2 {
for id , ad := range c . activeDerp {
fn ( id , ad )
}
return
}
ids := make ( [ ] int , 0 , len ( c . activeDerp ) )
for id := range c . activeDerp {
ids = append ( ids , id )
}
sort . Ints ( ids )
for _ , id := range ids {
fn ( id , c . activeDerp [ id ] )
}
}
2020-03-05 20:47:54 +00:00
func ( c * Conn ) cleanStaleDerp ( ) {
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2021-01-19 23:29:50 +00:00
if c . closed {
return
}
c . derpCleanupTimerArmed = false
tooOld := time . Now ( ) . Add ( - derpInactiveCleanupTime )
2020-03-23 21:12:23 +00:00
dirty := false
2021-01-19 23:29:50 +00:00
someNonHomeOpen := false
2020-03-05 20:47:54 +00:00
for i , ad := range c . activeDerp {
if i == c . myDerp {
continue
}
if ad . lastWrite . Before ( tooOld ) {
2020-03-23 21:12:23 +00:00
c . closeDerpLocked ( i , "idle" )
dirty = true
2021-01-19 23:29:50 +00:00
} else {
someNonHomeOpen = true
2020-03-05 20:47:54 +00:00
}
}
2020-03-23 21:12:23 +00:00
if dirty {
c . logActiveDerpLocked ( )
}
2021-01-19 23:29:50 +00:00
if someNonHomeOpen {
c . scheduleCleanStaleDerpLocked ( )
}
}
func ( c * Conn ) scheduleCleanStaleDerpLocked ( ) {
if c . derpCleanupTimerArmed {
// Already going to fire soon. Let the existing one
// fire lest it get infinitely delayed by repeated
// calls to scheduleCleanStaleDerpLocked.
return
}
c . derpCleanupTimerArmed = true
if c . derpCleanupTimer != nil {
c . derpCleanupTimer . Reset ( derpCleanStaleInterval )
} else {
c . derpCleanupTimer = time . AfterFunc ( derpCleanStaleInterval , c . cleanStaleDerp )
}
2020-03-05 20:47:54 +00:00
}
2020-03-19 06:55:14 +00:00
// DERPs reports the number of active DERP connections.
func ( c * Conn ) DERPs ( ) int {
c . mu . Lock ( )
defer c . mu . Unlock ( )
return len ( c . activeDerp )
}
2021-03-24 16:41:57 +00:00
// Bind returns the wireguard-go conn.Bind for c.
2023-04-16 16:44:33 +01:00
//
// See https://pkg.go.dev/golang.zx2c4.com/wireguard/conn#Bind
2021-03-24 16:41:57 +00:00
func ( c * Conn ) Bind ( ) conn . Bind {
return c . bind
}
// connBind is a wireguard-go conn.Bind for a Conn.
2021-04-03 02:36:24 +01:00
// It bridges the behavior of wireguard-go and a Conn.
// wireguard-go calls Close then Open on device.Up.
// That won't work well for a Conn, which is only closed on shutdown.
// The subsequent Close is a real close.
2021-03-24 16:41:57 +00:00
type connBind struct {
* Conn
mu sync . Mutex
closed bool
}
2023-04-16 16:44:33 +01:00
var _ conn . Bind = ( * connBind ) ( nil )
// BatchSize returns the number of buffers expected to be passed to
// the ReceiveFuncs, and the maximum expected to be passed to SendBatch.
//
// See https://pkg.go.dev/golang.zx2c4.com/wireguard/conn#Bind.BatchSize
2022-12-09 01:58:14 +00:00
func ( c * connBind ) BatchSize ( ) int {
// TODO(raggi): determine by properties rather than hardcoding platform behavior
switch runtime . GOOS {
case "linux" :
2023-03-28 23:37:11 +01:00
return conn . IdealBatchSize
2022-12-09 01:58:14 +00:00
default :
return 1
}
}
2021-03-24 16:41:57 +00:00
// Open is called by WireGuard to create a UDP binding.
// The ignoredPort comes from wireguard-go, via the wgcfg config.
// We ignore that port value here, since we have the local port available easily.
2023-04-16 16:44:33 +01:00
//
// See https://pkg.go.dev/golang.zx2c4.com/wireguard/conn#Bind.Open
2021-03-24 16:41:57 +00:00
func ( c * connBind ) Open ( ignoredPort uint16 ) ( [ ] conn . ReceiveFunc , uint16 , error ) {
c . mu . Lock ( )
defer c . mu . Unlock ( )
if ! c . closed {
return nil , 0 , errors . New ( "magicsock: connBind already open" )
}
c . closed = false
2023-04-14 16:09:09 +01:00
fns := [ ] conn . ReceiveFunc { c . receiveIPv4 ( ) , c . receiveIPv6 ( ) , c . receiveDERP }
2021-10-20 20:14:19 +01:00
if runtime . GOOS == "js" {
fns = [ ] conn . ReceiveFunc { c . receiveDERP }
}
2021-03-24 16:41:57 +00:00
// TODO: Combine receiveIPv4 and receiveIPv6 and receiveIP into a single
// closure that closes over a *RebindingUDPConn?
2021-10-20 20:57:10 +01:00
return fns , c . LocalPort ( ) , nil
2021-03-24 16:41:57 +00:00
}
// SetMark is used by wireguard-go to set a mark bit for packets to avoid routing loops.
// We handle that ourselves elsewhere.
2023-04-16 16:44:33 +01:00
//
// See https://pkg.go.dev/golang.zx2c4.com/wireguard/conn#Bind.SetMark
2021-03-24 16:41:57 +00:00
func ( c * connBind ) SetMark ( value uint32 ) error {
return nil
}
2021-04-03 02:36:24 +01:00
// Close closes the connBind, unless it is already closed.
2023-04-16 16:44:33 +01:00
//
// See https://pkg.go.dev/golang.zx2c4.com/wireguard/conn#Bind.Close
2021-03-24 16:41:57 +00:00
func ( c * connBind ) Close ( ) error {
c . mu . Lock ( )
defer c . mu . Unlock ( )
if c . closed {
return nil
}
c . closed = true
// Unblock all outstanding receives.
2022-09-02 22:24:51 +01:00
c . pconn4 . Close ( )
c . pconn6 . Close ( )
2022-08-29 15:57:54 +01:00
if c . closeDisco4 != nil {
c . closeDisco4 . Close ( )
}
if c . closeDisco6 != nil {
c . closeDisco6 . Close ( )
}
2021-03-24 16:41:57 +00:00
// Send an empty read result to unblock receiveDERP,
// which will then check connBind.Closed.
2022-01-14 21:43:24 +00:00
// connBind.Closed takes c.mu, but c.derpRecvCh is buffered.
2021-03-24 16:41:57 +00:00
c . derpRecvCh <- derpReadResult { }
return nil
}
2023-04-16 16:44:33 +01:00
// isClosed reports whether c is closed.
func ( c * connBind ) isClosed ( ) bool {
2021-03-24 16:41:57 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
return c . closed
}
2020-02-05 22:16:58 +00:00
2020-03-13 15:55:38 +00:00
// Close closes the connection.
//
// Only the first close does anything. Any later closes return nil.
2020-02-05 22:16:58 +00:00
func ( c * Conn ) Close ( ) error {
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
2021-01-15 00:51:17 +00:00
defer c . mu . Unlock ( )
2020-03-13 15:55:38 +00:00
if c . closed {
2020-02-18 21:32:04 +00:00
return nil
}
2023-01-18 02:54:03 +00:00
c . closing . Store ( true )
2021-01-19 23:29:50 +00:00
if c . derpCleanupTimerArmed {
c . derpCleanupTimer . Stop ( )
}
2021-01-20 17:52:24 +00:00
c . stopPeriodicReSTUNTimerLocked ( )
2021-02-20 06:15:41 +00:00
c . portMapper . Close ( )
2020-03-02 17:31:25 +00:00
2021-10-16 06:25:29 +01:00
c . peerMap . forEachEndpoint ( func ( ep * endpoint ) {
2020-07-30 21:48:32 +01:00
ep . stopAndReset ( )
2021-08-26 03:39:20 +01:00
} )
2020-07-09 00:50:31 +01:00
2020-03-13 15:55:38 +00:00
c . closed = true
c . connCtxCancel ( )
2020-03-23 21:12:23 +00:00
c . closeAllDerpLocked ( "conn-close" )
2021-04-03 02:36:24 +01:00
// Ignore errors from c.pconnN.Close.
// They will frequently have been closed already by a call to connBind.Close.
2022-09-02 22:24:51 +01:00
c . pconn6 . Close ( )
c . pconn4 . Close ( )
2020-08-04 17:36:38 +01:00
// Wait on goroutines updating right at the end, once everything is
// already closed. We want everything else in the Conn to be
// consistently in the closed state before we release mu to wait
// on the endpoint updater & derphttp.Connect.
for c . goroutinesRunningLocked ( ) {
c . muCond . Wait ( )
}
2023-05-03 01:49:56 +01:00
if pinger := c . getPinger ( ) ; pinger != nil {
pinger . Close ( )
}
2021-04-03 02:36:24 +01:00
return nil
2020-08-04 17:36:38 +01:00
}
func ( c * Conn ) goroutinesRunningLocked ( ) bool {
if c . endpointsUpdateActive {
return true
}
2020-07-14 18:07:46 +01:00
// The goroutine running dc.Connect in derpWriteChanOfAddr may linger
// and appear to leak, as observed in https://github.com/tailscale/tailscale/issues/554.
// This is despite the underlying context being cancelled by connCtxCancel above.
// To avoid this condition, we must wait on derpStarted here
// to ensure that this goroutine has exited by the time Close returns.
// We only do this if derpWriteChanOfAddr has executed at least once:
// on the first run, it sets firstDerp := true and spawns the aforementioned goroutine.
// To detect this, we check activeDerp, which is initialized to non-nil on the first run.
if c . activeDerp != nil {
2020-08-04 17:36:38 +01:00
select {
case <- c . derpStarted :
default :
return true
}
2020-04-27 21:03:22 +01:00
}
2020-08-04 17:36:38 +01:00
return false
2020-03-13 15:55:38 +00:00
}
2020-06-25 22:19:12 +01:00
func maxIdleBeforeSTUNShutdown ( ) time . Duration {
2022-09-14 20:49:39 +01:00
if debugReSTUNStopOnIdle ( ) {
2021-01-20 17:52:24 +00:00
return 45 * time . Second
2020-06-25 22:19:12 +01:00
}
2021-01-20 17:52:24 +00:00
return sessionActiveTimeout
2020-06-25 22:19:12 +01:00
}
2021-01-20 17:52:24 +00:00
func ( c * Conn ) shouldDoPeriodicReSTUNLocked ( ) bool {
2020-10-06 23:22:46 +01:00
if c . networkDown ( ) {
return false
}
2021-01-20 17:52:24 +00:00
if len ( c . peerSet ) == 0 || c . privateKey . IsZero ( ) {
// If no peers, not worth doing.
// Also don't if there's no key (not running).
2020-06-25 22:19:12 +01:00
return false
}
if f := c . idleFunc ; f != nil {
idleFor := f ( )
2022-09-14 20:49:39 +01:00
if debugReSTUNStopOnIdle ( ) {
2020-06-25 22:19:12 +01:00
c . logf ( "magicsock: periodicReSTUN: idle for %v" , idleFor . Round ( time . Second ) )
}
if idleFor > maxIdleBeforeSTUNShutdown ( ) {
2021-01-20 17:52:24 +00:00
if c . netMap != nil && c . netMap . Debug != nil && c . netMap . Debug . ForceBackgroundSTUN {
// Overridden by control.
return true
2020-06-25 22:19:12 +01:00
}
2021-01-20 17:52:24 +00:00
return false
2020-06-25 22:19:12 +01:00
}
}
return true
2020-04-28 21:41:18 +01:00
}
2021-07-09 18:01:50 +01:00
func ( c * Conn ) onPortMapChanged ( ) { c . ReSTUN ( "portmap-changed" ) }
2020-03-13 03:10:11 +00:00
// ReSTUN triggers an address discovery.
// The provided why string is for debug logging only.
func ( c * Conn ) ReSTUN ( why string ) {
2020-03-13 15:55:38 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2020-04-27 21:03:22 +01:00
if c . closed {
// raced with a shutdown.
return
}
2022-04-22 18:40:49 +01:00
metricReSTUNCalls . Add ( 1 )
2020-07-28 00:26:33 +01:00
// If the user stopped the app, stop doing work. (When the
// user stops Tailscale via the GUI apps, ipn/local.go
// reconfigures the engine with a zero private key.)
//
// This used to just check c.privateKey.IsZero, but that broke
2022-09-25 19:29:55 +01:00
// some end-to-end tests that didn't ever set a private
2020-07-28 00:26:33 +01:00
// key somehow. So for now, only stop doing work if we ever
// had a key, which helps real users, but appeases tests for
// now. TODO: rewrite those tests to be less brittle or more
// realistic.
if c . privateKey . IsZero ( ) && c . everHadKey {
c . logf ( "magicsock: ReSTUN(%q) ignored; stopped, no private key" , why )
2020-07-27 18:19:05 +01:00
return
}
2020-04-27 21:03:22 +01:00
2020-03-13 15:55:38 +00:00
if c . endpointsUpdateActive {
if c . wantEndpointsUpdate != why {
2022-10-04 04:39:45 +01:00
c . dlogf ( "[v1] magicsock: ReSTUN: endpoint update active, need another later (%q)" , why )
2020-03-13 15:55:38 +00:00
c . wantEndpointsUpdate = why
}
} else {
c . endpointsUpdateActive = true
go c . updateEndpoints ( why )
2020-02-18 18:55:25 +00:00
}
}
2021-04-28 18:28:44 +01:00
// listenPacket opens a packet listener.
// The network must be "udp4" or "udp6".
2022-07-25 04:08:42 +01:00
func ( c * Conn ) listenPacket ( network string , port uint16 ) ( nettype . PacketConn , error ) {
2023-03-06 23:35:50 +00:00
ctx := context . Background ( ) // unused without DNS name to resolve
if network == "udp4" {
2023-04-13 02:23:22 +01:00
ctx = sockstats . WithSockStats ( ctx , sockstats . LabelMagicsockConnUDP4 , c . logf )
2023-03-06 23:35:50 +00:00
} else {
2023-04-13 02:23:22 +01:00
ctx = sockstats . WithSockStats ( ctx , sockstats . LabelMagicsockConnUDP6 , c . logf )
2023-03-06 23:35:50 +00:00
}
2021-08-26 07:33:46 +01:00
addr := net . JoinHostPort ( "" , fmt . Sprint ( port ) )
2021-08-26 06:26:25 +01:00
if c . testOnlyPacketListener != nil {
2022-07-25 04:08:42 +01:00
return nettype . MakePacketListenerWithNetIP ( c . testOnlyPacketListener ) . ListenPacket ( ctx , network , addr )
2020-07-10 22:26:04 +01:00
}
2023-04-18 00:01:41 +01:00
return nettype . MakePacketListenerWithNetIP ( netns . Listener ( c . logf , c . netMon ) ) . ListenPacket ( ctx , network , addr )
2020-07-10 22:26:04 +01:00
}
2023-01-31 18:05:07 +00:00
var debugBindSocket = envknob . RegisterBool ( "TS_DEBUG_MAGICSOCK_BIND_SOCKET" )
2021-04-27 22:40:29 +01:00
// bindSocket initializes rucPtr if necessary and binds a UDP socket to it.
// Network indicates the UDP socket type; it must be "udp4" or "udp6".
// If rucPtr had an existing UDP socket bound, it closes that socket.
// The caller is responsible for informing the portMapper of any changes.
2021-06-22 21:00:40 +01:00
// If curPortFate is set to dropCurrentPort, no attempt is made to reuse
// the current port.
2022-09-02 22:24:51 +01:00
func ( c * Conn ) bindSocket ( ruc * RebindingUDPConn , network string , curPortFate currentPortFate ) error {
2023-01-31 18:05:07 +00:00
if debugBindSocket ( ) {
c . logf ( "magicsock: bindSocket: network=%q curPortFate=%v" , network , curPortFate )
}
2021-04-27 22:40:29 +01:00
// Hold the ruc lock the entire time, so that the close+bind is atomic
// from the perspective of ruc receive functions.
ruc . mu . Lock ( )
defer ruc . mu . Unlock ( )
2021-03-08 23:48:49 +00:00
2022-09-06 20:16:39 +01:00
if runtime . GOOS == "js" {
2023-04-05 00:32:16 +01:00
ruc . setConnLocked ( newBlockForeverConn ( ) , "" , c . bind . BatchSize ( ) )
2022-09-06 20:16:39 +01:00
return nil
}
2022-09-14 20:49:39 +01:00
if debugAlwaysDERP ( ) {
2021-07-14 00:01:37 +01:00
c . logf ( "disabled %v per TS_DEBUG_ALWAYS_USE_DERP" , network )
2023-04-05 00:32:16 +01:00
ruc . setConnLocked ( newBlockForeverConn ( ) , "" , c . bind . BatchSize ( ) )
2021-07-14 00:01:37 +01:00
return nil
}
2021-04-27 22:40:29 +01:00
// Build a list of preferred ports.
// Best is the port that the user requested.
// Second best is the port that is currently in use.
// If those fail, fall back to 0.
var ports [ ] uint16
2022-08-04 05:51:02 +01:00
if port := uint16 ( c . port . Load ( ) ) ; port != 0 {
2021-06-22 21:00:40 +01:00
ports = append ( ports , port )
2021-04-27 22:40:29 +01:00
}
2021-06-22 21:00:40 +01:00
if ruc . pconn != nil && curPortFate == keepCurrentPort {
2021-04-27 22:40:29 +01:00
curPort := uint16 ( ruc . localAddrLocked ( ) . Port )
ports = append ( ports , curPort )
}
ports = append ( ports , 0 )
// Remove duplicates. (All duplicates are consecutive.)
2022-08-30 22:56:51 +01:00
uniq . ModifySlice ( & ports )
2021-04-27 22:40:29 +01:00
2023-01-31 18:05:07 +00:00
if debugBindSocket ( ) {
c . logf ( "magicsock: bindSocket: candidate ports: %+v" , ports )
}
2022-07-25 04:08:42 +01:00
var pconn nettype . PacketConn
2021-04-27 22:40:29 +01:00
for _ , port := range ports {
// Close the existing conn, in case it is sitting on the port we want.
err := ruc . closeLocked ( )
if err != nil && ! errors . Is ( err , net . ErrClosed ) && ! errors . Is ( err , errNilPConn ) {
c . logf ( "magicsock: bindSocket %v close failed: %v" , network , err )
2020-02-05 22:16:58 +00:00
}
2021-04-27 22:40:29 +01:00
// Open a new one with the desired port.
2021-08-26 07:33:46 +01:00
pconn , err = c . listenPacket ( network , port )
2021-03-08 23:48:49 +00:00
if err != nil {
2021-04-27 22:40:29 +01:00
c . logf ( "magicsock: unable to bind %v port %d: %v" , network , port , err )
continue
2021-03-08 23:48:49 +00:00
}
2022-09-26 23:49:59 +01:00
trySetSocketBuffer ( pconn , c . logf )
2021-04-27 22:40:29 +01:00
// Success.
2023-01-31 18:05:07 +00:00
if debugBindSocket ( ) {
c . logf ( "magicsock: bindSocket: successfully listened %v port %d" , network , port )
}
2023-04-05 00:32:16 +01:00
ruc . setConnLocked ( pconn , network , c . bind . BatchSize ( ) )
2021-04-28 18:36:54 +01:00
if network == "udp4" {
health . SetUDP4Unbound ( false )
}
2021-04-27 22:40:29 +01:00
return nil
}
// Failed to bind, including on port 0 (!).
// Set pconn to a dummy conn whose reads block until closed.
// This keeps the receive funcs alive for a future in which
// we get a link change and we can try binding again.
2023-04-05 00:32:16 +01:00
ruc . setConnLocked ( newBlockForeverConn ( ) , "" , c . bind . BatchSize ( ) )
2021-04-28 18:36:54 +01:00
if network == "udp4" {
health . SetUDP4Unbound ( true )
}
2021-04-27 22:40:29 +01:00
return fmt . Errorf ( "failed to bind any ports (tried %v)" , ports )
}
2021-06-22 21:00:40 +01:00
type currentPortFate uint8
const (
keepCurrentPort = currentPortFate ( 0 )
dropCurrentPort = currentPortFate ( 1 )
)
// rebind closes and re-binds the UDP sockets.
// We consider it successful if we manage to bind the IPv4 socket.
func ( c * Conn ) rebind ( curPortFate currentPortFate ) error {
2022-09-02 22:24:51 +01:00
if err := c . bindSocket ( & c . pconn6 , "udp6" , curPortFate ) ; err != nil {
c . logf ( "magicsock: Rebind ignoring IPv6 bind failure: %v" , err )
}
2021-06-22 21:00:40 +01:00
if err := c . bindSocket ( & c . pconn4 , "udp4" , curPortFate ) ; err != nil {
return fmt . Errorf ( "magicsock: Rebind IPv4 failed: %w" , err )
2020-02-05 22:16:58 +00:00
}
2021-02-20 06:15:41 +00:00
c . portMapper . SetLocalPort ( c . LocalPort ( ) )
2021-06-22 21:00:40 +01:00
return nil
}
// Rebind closes and re-binds the UDP sockets and resets the DERP connection.
// It should be followed by a call to ReSTUN.
func ( c * Conn ) Rebind ( ) {
2022-04-22 18:40:49 +01:00
metricRebindCalls . Add ( 1 )
2021-06-22 21:00:40 +01:00
if err := c . rebind ( keepCurrentPort ) ; err != nil {
c . logf ( "%w" , err )
return
}
2020-04-09 22:21:36 +01:00
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
var ifIPs [ ] netip . Prefix
2023-04-18 22:26:58 +01:00
if c . netMon != nil {
st := c . netMon . InterfaceState ( )
2021-12-29 02:01:50 +00:00
defIf := st . DefaultRouteInterface
ifIPs = st . InterfaceIPs [ defIf ]
c . logf ( "Rebind; defIf=%q, ips=%v" , defIf , ifIPs )
2021-02-10 18:04:42 +00:00
}
2020-07-27 18:19:05 +01:00
2021-12-29 02:01:50 +00:00
c . maybeCloseDERPsOnRebind ( ifIPs )
2020-12-18 08:31:48 +00:00
c . resetEndpointStates ( )
2020-04-10 06:25:31 +01:00
}
2021-08-26 03:39:20 +01:00
// resetEndpointStates resets the preferred address for all peers.
2020-04-10 06:25:31 +01:00
// This is called when connectivity changes enough that we no longer
// trust the old routes.
2020-12-18 08:31:48 +00:00
func ( c * Conn ) resetEndpointStates ( ) {
2020-04-10 06:25:31 +01:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2021-10-16 06:25:29 +01:00
c . peerMap . forEachEndpoint ( func ( ep * endpoint ) {
2021-08-26 03:39:20 +01:00
ep . noteConnectivityChange ( )
} )
2020-02-05 22:16:58 +00:00
}
2020-06-30 20:22:42 +01:00
// packIPPort packs an IPPort into the form wanted by WireGuard.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func packIPPort ( ua netip . AddrPort ) [ ] byte {
2022-07-25 04:08:42 +01:00
ip := ua . Addr ( ) . Unmap ( )
2020-06-30 20:22:42 +01:00
a := ip . As16 ( )
ipb := a [ : ]
if ip . Is4 ( ) {
ipb = ipb [ 12 : ]
}
b := make ( [ ] byte , 0 , len ( ipb ) + 2 )
b = append ( b , ipb ... )
2021-05-15 02:07:28 +01:00
b = append ( b , byte ( ua . Port ( ) ) )
b = append ( b , byte ( ua . Port ( ) >> 8 ) )
2020-06-30 20:22:42 +01:00
return b
}
2023-04-16 16:44:33 +01:00
// ParseEndpoint implements conn.Bind; it's called by WireGuard to connect to an endpoint.
//
// See https://pkg.go.dev/golang.zx2c4.com/wireguard/conn#Bind.ParseEndpoint
2021-09-01 06:37:23 +01:00
func ( c * Conn ) ParseEndpoint ( nodeKeyStr string ) ( conn . Endpoint , error ) {
2021-10-28 19:07:25 +01:00
k , err := key . ParseNodePublicUntyped ( mem . S ( nodeKeyStr ) )
2021-05-01 00:45:36 +01:00
if err != nil {
2021-09-01 06:37:23 +01:00
return nil , fmt . Errorf ( "magicsock: ParseEndpoint: parse failed on %q: %w" , nodeKeyStr , err )
2020-02-05 22:16:58 +00:00
}
2021-05-01 00:45:36 +01:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2021-08-26 03:39:20 +01:00
if c . closed {
2021-08-31 05:26:38 +01:00
return nil , errConnClosed
2021-08-26 03:39:20 +01:00
}
2021-11-02 00:53:40 +00:00
ep , ok := c . peerMap . endpointForNodeKey ( k )
2021-09-01 00:55:22 +01:00
if ! ok {
// We should never be telling WireGuard about a new peer
// before magicsock knows about it.
2021-11-02 00:53:40 +00:00
c . logf ( "[unexpected] magicsock: ParseEndpoint: unknown node key=%s" , k . ShortString ( ) )
return nil , fmt . Errorf ( "magicsock: ParseEndpoint: unknown peer %q" , k . ShortString ( ) )
2021-08-31 21:25:58 +01:00
}
2021-08-26 03:39:20 +01:00
2021-09-01 00:55:22 +01:00
return ep , nil
2020-02-05 22:16:58 +00:00
}
2023-04-05 00:32:16 +01:00
// xnetBatchReaderWriter defines the batching i/o methods of
// golang.org/x/net/ipv4.PacketConn (and ipv6.PacketConn).
// TODO(jwhited): This should eventually be replaced with the standard library
// implementation of https://github.com/golang/go/issues/45886
type xnetBatchReaderWriter interface {
xnetBatchReader
xnetBatchWriter
}
type xnetBatchReader interface {
ReadBatch ( [ ] ipv6 . Message , int ) ( int , error )
2022-12-09 01:58:14 +00:00
}
2023-04-05 00:32:16 +01:00
type xnetBatchWriter interface {
2022-12-09 01:58:14 +00:00
WriteBatch ( [ ] ipv6 . Message , int ) ( int , error )
}
2023-04-05 00:32:16 +01:00
// batchingUDPConn is a UDP socket that provides batched i/o.
type batchingUDPConn struct {
pc nettype . PacketConn
xpc xnetBatchReaderWriter
rxOffload bool // supports UDP GRO or similar
txOffload atomic . Bool // supports UDP GSO or similar
setGSOSizeInControl func ( control * [ ] byte , gsoSize uint16 ) // typically setGSOSizeInControl(); swappable for testing
getGSOSizeFromControl func ( control [ ] byte ) ( int , error ) // typically getGSOSizeFromControl(); swappable for testing
sendBatchPool sync . Pool
2022-12-09 01:58:14 +00:00
}
2023-04-15 21:08:16 +01:00
func ( c * batchingUDPConn ) ReadFromUDPAddrPort ( p [ ] byte ) ( n int , addr netip . AddrPort , err error ) {
2023-04-05 00:32:16 +01:00
if c . rxOffload {
// UDP_GRO is opt-in on Linux via setsockopt(). Once enabled you may
// receive a "monster datagram" from any read call. The ReadFrom() API
// does not support passing the GSO size and is unsafe to use in such a
// case. Other platforms may vary in behavior, but we go with the most
// conservative approach to prevent this from becoming a footgun in the
// future.
2023-04-15 21:08:16 +01:00
return 0 , netip . AddrPort { } , errors . New ( "rx UDP offload is enabled on this socket, single packet reads are unavailable" )
2023-04-05 00:32:16 +01:00
}
2023-04-15 21:08:16 +01:00
return c . pc . ReadFromUDPAddrPort ( p )
2023-04-05 00:32:16 +01:00
}
func ( c * batchingUDPConn ) SetDeadline ( t time . Time ) error {
return c . pc . SetDeadline ( t )
}
func ( c * batchingUDPConn ) SetReadDeadline ( t time . Time ) error {
return c . pc . SetReadDeadline ( t )
}
func ( c * batchingUDPConn ) SetWriteDeadline ( t time . Time ) error {
return c . pc . SetWriteDeadline ( t )
}
const (
// This was initially established for Linux, but may split out to
// GOOS-specific values later. It originates as UDP_MAX_SEGMENTS in the
// kernel's TX path, and UDP_GRO_CNT_MAX for RX.
udpSegmentMaxDatagrams = 64
)
const (
// Exceeding these values results in EMSGSIZE.
maxIPv4PayloadLen = 1 << 16 - 1 - 20 - 8
maxIPv6PayloadLen = 1 << 16 - 1 - 8
)
// coalesceMessages iterates msgs, coalescing them where possible while
// maintaining datagram order. All msgs have their Addr field set to addr.
func ( c * batchingUDPConn ) coalesceMessages ( addr * net . UDPAddr , buffs [ ] [ ] byte , msgs [ ] ipv6 . Message ) int {
var (
base = - 1 // index of msg we are currently coalescing into
gsoSize int // segmentation size of msgs[base]
dgramCnt int // number of dgrams coalesced into msgs[base]
endBatch bool // tracking flag to start a new batch on next iteration of buffs
)
maxPayloadLen := maxIPv4PayloadLen
if addr . IP . To4 ( ) == nil {
maxPayloadLen = maxIPv6PayloadLen
}
for i , buff := range buffs {
if i > 0 {
msgLen := len ( buff )
baseLenBefore := len ( msgs [ base ] . Buffers [ 0 ] )
freeBaseCap := cap ( msgs [ base ] . Buffers [ 0 ] ) - baseLenBefore
if msgLen + baseLenBefore <= maxPayloadLen &&
msgLen <= gsoSize &&
msgLen <= freeBaseCap &&
dgramCnt < udpSegmentMaxDatagrams &&
! endBatch {
msgs [ base ] . Buffers [ 0 ] = append ( msgs [ base ] . Buffers [ 0 ] , make ( [ ] byte , msgLen ) ... )
copy ( msgs [ base ] . Buffers [ 0 ] [ baseLenBefore : ] , buff )
if i == len ( buffs ) - 1 {
c . setGSOSizeInControl ( & msgs [ base ] . OOB , uint16 ( gsoSize ) )
}
dgramCnt ++
if msgLen < gsoSize {
// A smaller than gsoSize packet on the tail is legal, but
// it must end the batch.
endBatch = true
}
continue
}
}
if dgramCnt > 1 {
c . setGSOSizeInControl ( & msgs [ base ] . OOB , uint16 ( gsoSize ) )
}
// Reset prior to incrementing base since we are preparing to start a
// new potential batch.
endBatch = false
base ++
gsoSize = len ( buff )
msgs [ base ] . OOB = msgs [ base ] . OOB [ : 0 ]
msgs [ base ] . Buffers [ 0 ] = buff
msgs [ base ] . Addr = addr
dgramCnt = 1
}
return base + 1
}
type sendBatch struct {
msgs [ ] ipv6 . Message
ua * net . UDPAddr
}
func ( c * batchingUDPConn ) getSendBatch ( ) * sendBatch {
batch := c . sendBatchPool . Get ( ) . ( * sendBatch )
return batch
}
func ( c * batchingUDPConn ) putSendBatch ( batch * sendBatch ) {
for i := range batch . msgs {
batch . msgs [ i ] = ipv6 . Message { Buffers : batch . msgs [ i ] . Buffers , OOB : batch . msgs [ i ] . OOB }
}
c . sendBatchPool . Put ( batch )
}
func ( c * batchingUDPConn ) WriteBatchTo ( buffs [ ] [ ] byte , addr netip . AddrPort ) error {
batch := c . getSendBatch ( )
defer c . putSendBatch ( batch )
if addr . Addr ( ) . Is6 ( ) {
as16 := addr . Addr ( ) . As16 ( )
copy ( batch . ua . IP , as16 [ : ] )
batch . ua . IP = batch . ua . IP [ : 16 ]
} else {
as4 := addr . Addr ( ) . As4 ( )
copy ( batch . ua . IP , as4 [ : ] )
batch . ua . IP = batch . ua . IP [ : 4 ]
}
batch . ua . Port = int ( addr . Port ( ) )
var (
n int
retried bool
)
retry :
if c . txOffload . Load ( ) {
n = c . coalesceMessages ( batch . ua , buffs , batch . msgs )
} else {
for i := range buffs {
batch . msgs [ i ] . Buffers [ 0 ] = buffs [ i ]
batch . msgs [ i ] . Addr = batch . ua
batch . msgs [ i ] . OOB = batch . msgs [ i ] . OOB [ : 0 ]
}
n = len ( buffs )
}
err := c . writeBatch ( batch . msgs [ : n ] )
if err != nil && c . txOffload . Load ( ) && neterror . ShouldDisableUDPGSO ( err ) {
c . txOffload . Store ( false )
retried = true
goto retry
}
if retried {
return neterror . ErrUDPGSODisabled { OnLaddr : c . pc . LocalAddr ( ) . String ( ) , RetryErr : err }
}
return err
}
func ( c * batchingUDPConn ) writeBatch ( msgs [ ] ipv6 . Message ) error {
var head int
for {
n , err := c . xpc . WriteBatch ( msgs [ head : ] , 0 )
if err != nil || n == len ( msgs [ head : ] ) {
// Returning the number of packets written would require
// unraveling individual msg len and gso size during a coalesced
// write. The top of the call stack disregards partial success,
// so keep this simple for now.
return err
}
head += n
}
}
// splitCoalescedMessages splits coalesced messages from the tail of dst
// beginning at index 'firstMsgAt' into the head of the same slice. It reports
// the number of elements to evaluate in msgs for nonzero len (msgs[i].N). An
// error is returned if a socket control message cannot be parsed or a split
// operation would overflow msgs.
func ( c * batchingUDPConn ) splitCoalescedMessages ( msgs [ ] ipv6 . Message , firstMsgAt int ) ( n int , err error ) {
for i := firstMsgAt ; i < len ( msgs ) ; i ++ {
msg := & msgs [ i ]
if msg . N == 0 {
return n , err
}
var (
gsoSize int
start int
end = msg . N
numToSplit = 1
)
gsoSize , err = c . getGSOSizeFromControl ( msg . OOB [ : msg . NN ] )
if err != nil {
return n , err
}
if gsoSize > 0 {
numToSplit = ( msg . N + gsoSize - 1 ) / gsoSize
end = gsoSize
}
for j := 0 ; j < numToSplit ; j ++ {
if n > i {
return n , errors . New ( "splitting coalesced packet resulted in overflow" )
}
copied := copy ( msgs [ n ] . Buffers [ 0 ] , msg . Buffers [ 0 ] [ start : end ] )
msgs [ n ] . N = copied
msgs [ n ] . Addr = msg . Addr
start = end
end += gsoSize
if end > msg . N {
end = msg . N
}
n ++
}
if i != n - 1 {
// It is legal for bytes to move within msg.Buffers[0] as a result
// of splitting, so we only zero the source msg len when it is not
// the destination of the last split operation above.
msg . N = 0
}
}
return n , nil
}
func ( c * batchingUDPConn ) ReadBatch ( msgs [ ] ipv6 . Message , flags int ) ( n int , err error ) {
if ! c . rxOffload || len ( msgs ) < 2 {
return c . xpc . ReadBatch ( msgs , flags )
}
// Read into the tail of msgs, split into the head.
readAt := len ( msgs ) - 2
numRead , err := c . xpc . ReadBatch ( msgs [ readAt : ] , 0 )
if err != nil || numRead == 0 {
return 0 , err
}
return c . splitCoalescedMessages ( msgs , readAt )
}
func ( c * batchingUDPConn ) LocalAddr ( ) net . Addr {
return c . pc . LocalAddr ( ) . ( * net . UDPAddr )
}
func ( c * batchingUDPConn ) WriteToUDPAddrPort ( b [ ] byte , addr netip . AddrPort ) ( int , error ) {
return c . pc . WriteToUDPAddrPort ( b , addr )
}
func ( c * batchingUDPConn ) Close ( ) error {
return c . pc . Close ( )
}
// tryUpgradeToBatchingUDPConn probes the capabilities of the OS and pconn, and
// upgrades pconn to a *batchingUDPConn if appropriate.
func tryUpgradeToBatchingUDPConn ( pconn nettype . PacketConn , network string , batchSize int ) nettype . PacketConn {
if network != "udp4" && network != "udp6" {
return pconn
}
if runtime . GOOS != "linux" {
return pconn
}
if strings . HasPrefix ( hostinfo . GetOSVersion ( ) , "2." ) {
// recvmmsg/sendmmsg were added in 2.6.33, but we support down to
// 2.6.32 for old NAS devices. See https://github.com/tailscale/tailscale/issues/6807.
// As a cheap heuristic: if the Linux kernel starts with "2", just
// consider it too old for mmsg. Nobody who cares about performance runs
// such ancient kernels. UDP offload was added much later, so no
// upgrades are available.
return pconn
}
uc , ok := pconn . ( * net . UDPConn )
if ! ok {
return pconn
}
b := & batchingUDPConn {
pc : pconn ,
getGSOSizeFromControl : getGSOSizeFromControl ,
setGSOSizeInControl : setGSOSizeInControl ,
sendBatchPool : sync . Pool {
New : func ( ) any {
ua := & net . UDPAddr {
IP : make ( [ ] byte , 16 ) ,
}
msgs := make ( [ ] ipv6 . Message , batchSize )
for i := range msgs {
msgs [ i ] . Buffers = make ( [ ] [ ] byte , 1 )
msgs [ i ] . Addr = ua
msgs [ i ] . OOB = make ( [ ] byte , controlMessageSize )
}
return & sendBatch {
ua : ua ,
msgs : msgs ,
}
} ,
} ,
2022-12-09 01:58:14 +00:00
}
switch network {
case "udp4" :
2023-04-05 00:32:16 +01:00
b . xpc = ipv4 . NewPacketConn ( uc )
2022-12-09 01:58:14 +00:00
case "udp6" :
2023-04-05 00:32:16 +01:00
b . xpc = ipv6 . NewPacketConn ( uc )
2022-12-09 01:58:14 +00:00
default :
panic ( "bogus network" )
}
2023-04-05 00:32:16 +01:00
var txOffload bool
txOffload , b . rxOffload = tryEnableUDPOffload ( uc )
b . txOffload . Store ( txOffload )
return b
2022-12-09 01:58:14 +00:00
}
2020-02-05 22:16:58 +00:00
// RebindingUDPConn is a UDP socket that can be re-bound.
// Unix has no notion of re-binding a socket, so we swap it out for a new one.
type RebindingUDPConn struct {
2022-12-07 01:42:40 +00:00
// pconnAtomic is a pointer to the value stored in pconn, but doesn't
// require acquiring mu. It's used for reads/writes and only upon failure
// do the reads/writes then check pconn (after acquiring mu) to see if
// there's been a rebind meanwhile.
2022-08-02 17:29:16 +01:00
// pconn isn't really needed, but makes some of the code simpler
2022-12-07 01:42:40 +00:00
// to keep it distinct.
// Neither is expected to be nil, sockets are bound on creation.
pconnAtomic atomic . Pointer [ nettype . PacketConn ]
2022-08-02 17:29:16 +01:00
mu sync . Mutex // held while changing pconn (and pconnAtomic)
2022-07-25 04:08:42 +01:00
pconn nettype . PacketConn
2022-09-02 18:33:46 +01:00
port uint16
2021-03-24 16:41:57 +00:00
}
2022-12-09 01:58:14 +00:00
// setConnLocked sets the provided nettype.PacketConn. It should be called only
// after acquiring RebindingUDPConn.mu. It upgrades the provided
2023-04-05 00:32:16 +01:00
// nettype.PacketConn to a *batchingUDPConn when appropriate. This upgrade
2022-12-09 01:58:14 +00:00
// is intentionally pushed closest to where read/write ops occur in order to
// avoid disrupting surrounding code that assumes nettype.PacketConn is a
// *net.UDPConn.
2023-04-05 00:32:16 +01:00
func ( c * RebindingUDPConn ) setConnLocked ( p nettype . PacketConn , network string , batchSize int ) {
upc := tryUpgradeToBatchingUDPConn ( p , network , batchSize )
2022-12-09 01:58:14 +00:00
c . pconn = upc
c . pconnAtomic . Store ( & upc )
2022-09-02 18:33:46 +01:00
c . port = uint16 ( c . localAddrLocked ( ) . Port )
2022-08-02 17:29:16 +01:00
}
// currentConn returns c's current pconn, acquiring c.mu in the process.
2022-07-25 04:08:42 +01:00
func ( c * RebindingUDPConn ) currentConn ( ) nettype . PacketConn {
2021-03-24 16:41:57 +00:00
c . mu . Lock ( )
defer c . mu . Unlock ( )
2021-04-03 02:36:24 +01:00
return c . pconn
2020-02-05 22:16:58 +00:00
}
2023-04-15 21:08:16 +01:00
func ( c * RebindingUDPConn ) readFromWithInitPconn ( pconn nettype . PacketConn , b [ ] byte ) ( int , netip . AddrPort , error ) {
2020-02-05 22:16:58 +00:00
for {
2023-04-15 21:08:16 +01:00
n , addr , err := pconn . ReadFromUDPAddrPort ( b )
2021-04-03 02:36:24 +01:00
if err != nil && pconn != c . currentConn ( ) {
2023-01-20 17:15:32 +00:00
pconn = * c . pconnAtomic . Load ( )
2021-04-03 02:36:24 +01:00
continue
2020-02-05 22:16:58 +00:00
}
return n , addr , err
}
}
2023-04-15 21:08:16 +01:00
// ReadFromUDPAddrPort reads a packet from c into b.
2023-01-20 17:15:32 +00:00
// It returns the number of bytes copied and the source address.
2023-04-15 21:08:16 +01:00
func ( c * RebindingUDPConn ) ReadFromUDPAddrPort ( b [ ] byte ) ( int , netip . AddrPort , error ) {
2023-01-20 17:15:32 +00:00
return c . readFromWithInitPconn ( * c . pconnAtomic . Load ( ) , b )
}
2023-04-05 00:32:16 +01:00
// WriteBatchTo writes buffs to addr.
func ( c * RebindingUDPConn ) WriteBatchTo ( buffs [ ] [ ] byte , addr netip . AddrPort ) error {
2021-02-11 21:35:06 +00:00
for {
2022-12-07 01:42:40 +00:00
pconn := * c . pconnAtomic . Load ( )
2023-04-05 00:32:16 +01:00
b , ok := pconn . ( * batchingUDPConn )
2022-12-09 01:58:14 +00:00
if ! ok {
2023-04-05 00:32:16 +01:00
for _ , buf := range buffs {
_ , err := c . writeToUDPAddrPortWithInitPconn ( pconn , buf , addr )
2022-12-09 01:58:14 +00:00
if err != nil {
2023-04-05 00:32:16 +01:00
return err
2022-12-09 01:58:14 +00:00
}
}
2023-04-05 00:32:16 +01:00
return nil
2022-12-09 01:58:14 +00:00
}
2023-04-05 00:32:16 +01:00
err := b . WriteBatchTo ( buffs , addr )
2022-12-09 01:58:14 +00:00
if err != nil {
if pconn != c . currentConn ( ) {
continue
}
2023-04-05 00:32:16 +01:00
return err
2022-12-09 01:58:14 +00:00
}
2023-04-05 00:32:16 +01:00
return err
2022-12-09 01:58:14 +00:00
}
}
2023-04-05 00:32:16 +01:00
// ReadBatch reads messages from c into msgs. It returns the number of messages
// the caller should evaluate for nonzero len, as a zero len message may fall
// on either side of a nonzero.
2022-12-09 01:58:14 +00:00
func ( c * RebindingUDPConn ) ReadBatch ( msgs [ ] ipv6 . Message , flags int ) ( int , error ) {
for {
pconn := * c . pconnAtomic . Load ( )
2023-04-05 00:32:16 +01:00
b , ok := pconn . ( * batchingUDPConn )
2022-12-09 01:58:14 +00:00
if ! ok {
2023-04-15 21:08:16 +01:00
n , ap , err := c . readFromWithInitPconn ( pconn , msgs [ 0 ] . Buffers [ 0 ] )
2022-12-09 01:58:14 +00:00
if err == nil {
2023-04-15 21:08:16 +01:00
msgs [ 0 ] . N = n
msgs [ 0 ] . Addr = net . UDPAddrFromAddrPort ( netaddr . Unmap ( ap ) )
2022-12-09 01:58:14 +00:00
return 1 , nil
}
return 0 , err
}
2023-04-05 00:32:16 +01:00
n , err := b . ReadBatch ( msgs , flags )
2022-12-09 01:58:14 +00:00
if err != nil && pconn != c . currentConn ( ) {
continue
}
return n , err
}
}
2022-09-02 18:33:46 +01:00
func ( c * RebindingUDPConn ) Port ( ) uint16 {
c . mu . Lock ( )
defer c . mu . Unlock ( )
return c . port
}
2020-02-05 22:16:58 +00:00
func ( c * RebindingUDPConn ) LocalAddr ( ) * net . UDPAddr {
c . mu . Lock ( )
defer c . mu . Unlock ( )
2021-03-08 23:48:49 +00:00
return c . localAddrLocked ( )
}
func ( c * RebindingUDPConn ) localAddrLocked ( ) * net . UDPAddr {
2020-02-05 22:16:58 +00:00
return c . pconn . LocalAddr ( ) . ( * net . UDPAddr )
}
2021-04-27 22:40:29 +01:00
// errNilPConn is returned by RebindingUDPConn.Close when there is no current pconn.
// It is for internal use only and should not be returned to users.
var errNilPConn = errors . New ( "nil pconn" )
2020-02-05 22:16:58 +00:00
func ( c * RebindingUDPConn ) Close ( ) error {
c . mu . Lock ( )
defer c . mu . Unlock ( )
2021-04-27 22:40:29 +01:00
return c . closeLocked ( )
}
func ( c * RebindingUDPConn ) closeLocked ( ) error {
if c . pconn == nil {
return errNilPConn
}
2022-09-02 18:33:46 +01:00
c . port = 0
2020-02-05 22:16:58 +00:00
return c . pconn . Close ( )
}
2023-04-05 00:32:16 +01:00
func ( c * RebindingUDPConn ) writeToUDPAddrPortWithInitPconn ( pconn nettype . PacketConn , b [ ] byte , addr netip . AddrPort ) ( int , error ) {
2020-02-05 22:16:58 +00:00
for {
2023-04-05 00:32:16 +01:00
n , err := pconn . WriteToUDPAddrPort ( b , addr )
2022-12-07 01:42:40 +00:00
if err != nil && pconn != c . currentConn ( ) {
2023-01-20 17:15:32 +00:00
pconn = * c . pconnAtomic . Load ( )
2022-12-07 01:42:40 +00:00
continue
2020-02-05 22:16:58 +00:00
}
return n , err
}
}
2020-03-23 21:12:23 +00:00
2023-04-05 00:32:16 +01:00
func ( c * RebindingUDPConn ) WriteToUDPAddrPort ( b [ ] byte , addr netip . AddrPort ) ( int , error ) {
return c . writeToUDPAddrPortWithInitPconn ( * c . pconnAtomic . Load ( ) , b , addr )
}
2021-04-27 22:40:29 +01:00
func newBlockForeverConn ( ) * blockForeverConn {
c := new ( blockForeverConn )
c . cond = sync . NewCond ( & c . mu )
return c
}
// blockForeverConn is a net.PacketConn whose reads block until it is closed.
type blockForeverConn struct {
mu sync . Mutex
cond * sync . Cond
closed bool
}
2023-04-15 21:08:16 +01:00
func ( c * blockForeverConn ) ReadFromUDPAddrPort ( p [ ] byte ) ( n int , addr netip . AddrPort , err error ) {
2021-04-27 22:40:29 +01:00
c . mu . Lock ( )
for ! c . closed {
c . cond . Wait ( )
}
c . mu . Unlock ( )
2023-04-15 21:08:16 +01:00
return 0 , netip . AddrPort { } , net . ErrClosed
2021-04-27 22:40:29 +01:00
}
2022-07-25 04:08:42 +01:00
func ( c * blockForeverConn ) WriteToUDPAddrPort ( p [ ] byte , addr netip . AddrPort ) ( int , error ) {
// Silently drop writes.
return len ( p ) , nil
}
2021-04-27 22:40:29 +01:00
func ( c * blockForeverConn ) LocalAddr ( ) net . Addr {
// Return a *net.UDPAddr because lots of code assumes that it will.
return new ( net . UDPAddr )
}
func ( c * blockForeverConn ) Close ( ) error {
c . mu . Lock ( )
defer c . mu . Unlock ( )
if c . closed {
return net . ErrClosed
}
c . closed = true
2022-01-06 21:19:09 +00:00
c . cond . Broadcast ( )
2021-04-27 22:40:29 +01:00
return nil
}
func ( c * blockForeverConn ) SetDeadline ( t time . Time ) error { return errors . New ( "unimplemented" ) }
func ( c * blockForeverConn ) SetReadDeadline ( t time . Time ) error { return errors . New ( "unimplemented" ) }
func ( c * blockForeverConn ) SetWriteDeadline ( t time . Time ) error { return errors . New ( "unimplemented" ) }
2020-03-23 21:12:23 +00:00
// simpleDur rounds d such that it stringifies to something short.
func simpleDur ( d time . Duration ) time . Duration {
if d < time . Second {
return d . Round ( time . Millisecond )
}
if d < time . Minute {
return d . Round ( time . Second )
}
return d . Round ( time . Minute )
}
2020-03-24 15:09:30 +00:00
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func sbPrintAddr ( sb * strings . Builder , a netip . AddrPort ) {
2022-07-25 04:08:42 +01:00
is6 := a . Addr ( ) . Is6 ( )
2020-03-24 20:40:43 +00:00
if is6 {
sb . WriteByte ( '[' )
}
2022-07-25 04:08:42 +01:00
fmt . Fprintf ( sb , "%s" , a . Addr ( ) )
2020-03-24 20:40:43 +00:00
if is6 {
sb . WriteByte ( ']' )
}
2021-05-15 02:07:28 +01:00
fmt . Fprintf ( sb , ":%d" , a . Port ( ) )
2020-03-24 20:40:43 +00:00
}
2020-03-26 05:57:46 +00:00
2020-07-03 21:44:22 +01:00
func ( c * Conn ) derpRegionCodeOfAddrLocked ( ipPort string ) string {
_ , portStr , err := net . SplitHostPort ( ipPort )
if err != nil {
return ""
}
regionID , err := strconv . Atoi ( portStr )
if err != nil {
return ""
}
return c . derpRegionCodeOfIDLocked ( regionID )
}
func ( c * Conn ) derpRegionCodeOfIDLocked ( regionID int ) string {
if c . derpMap == nil {
return ""
}
if r , ok := c . derpMap . Regions [ regionID ] ; ok {
return r . RegionCode
}
return ""
}
2020-03-26 05:57:46 +00:00
func ( c * Conn ) UpdateStatus ( sb * ipnstate . StatusBuilder ) {
c . mu . Lock ( )
defer c . mu . Unlock ( )
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
var tailscaleIPs [ ] netip . Addr
2020-07-27 21:25:25 +01:00
if c . netMap != nil {
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
tailscaleIPs = make ( [ ] netip . Addr , 0 , len ( c . netMap . Addresses ) )
2020-07-27 21:25:25 +01:00
for _ , addr := range c . netMap . Addresses {
2020-12-24 20:33:55 +00:00
if ! addr . IsSingleIP ( ) {
2020-07-27 21:25:25 +01:00
continue
}
2022-07-25 04:08:42 +01:00
sb . AddTailscaleIP ( addr . Addr ( ) )
tailscaleIPs = append ( tailscaleIPs , addr . Addr ( ) )
2020-07-27 21:25:25 +01:00
}
}
2021-03-25 22:38:40 +00:00
sb . MutateSelfStatus ( func ( ss * ipnstate . PeerStatus ) {
2021-10-29 00:56:44 +01:00
if ! c . privateKey . IsZero ( ) {
2021-10-29 21:15:27 +01:00
ss . PublicKey = c . privateKey . Public ( )
2021-10-29 00:56:44 +01:00
} else {
ss . PublicKey = key . NodePublic { }
}
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 21:24:29 +01:00
ss . Addrs = make ( [ ] string , 0 , len ( c . lastEndpoints ) )
for _ , ep := range c . lastEndpoints {
ss . Addrs = append ( ss . Addrs , ep . Addr . String ( ) )
}
2021-03-25 22:38:40 +00:00
ss . OS = version . OS ( )
if c . derpMap != nil {
derpRegion , ok := c . derpMap . Regions [ c . myDerp ]
if ok {
ss . Relay = derpRegion . RegionCode
}
}
2021-04-14 15:20:27 +01:00
ss . TailscaleIPs = tailscaleIPs
2021-03-25 22:38:40 +00:00
} )
2020-07-27 21:25:25 +01:00
2022-12-19 18:23:47 +00:00
if sb . WantPeers {
c . peerMap . forEachEndpoint ( func ( ep * endpoint ) {
ps := & ipnstate . PeerStatus { InMagicSock : true }
//ps.Addrs = append(ps.Addrs, n.Endpoints...)
ep . populatePeerStatus ( ps )
sb . AddPeer ( ep . publicKey , ps )
} )
}
2020-03-26 05:57:46 +00:00
c . foreachActiveDerpSortedLocked ( func ( node int , ad activeDerp ) {
// TODO(bradfitz): add to ipnstate.StatusBuilder
//f("<li><b>derp-%v</b>: cr%v,wr%v</li>", node, simpleDur(now.Sub(ad.createTime)), simpleDur(now.Sub(*ad.lastWrite)))
} )
}
2022-11-28 23:59:33 +00:00
// SetStatistics specifies a per-connection statistics aggregator.
// Nil may be specified to disable statistics gathering.
func ( c * Conn ) SetStatistics ( stats * connstats . Statistics ) {
c . stats . Store ( stats )
2022-10-28 00:26:52 +01:00
}
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ippDebugString ( ua netip . AddrPort ) string {
2022-07-25 04:08:42 +01:00
if ua . Addr ( ) == derpMagicIPAddr {
2021-05-15 02:07:28 +01:00
return fmt . Sprintf ( "derp-%d" , ua . Port ( ) )
2020-03-26 05:57:46 +00:00
}
return ua . String ( )
}
2020-06-28 19:53:37 +01:00
2022-12-09 01:58:14 +00:00
// endpointSendFunc is a func that writes encrypted Wireguard payloads from
2022-10-20 05:30:50 +01:00
// WireGuard to a peer. It might write via UDP, DERP, both, or neither.
//
// What these funcs should NOT do is too much work. Minimize use of mutexes, map
// lookups, etc. The idea is that selecting the path to use is done infrequently
// and mostly async from sending packets. When conditions change (including the
// passing of time and loss of confidence in certain routes), then a new send
// func gets set on an sendpoint.
//
// A nil value means the current fast path has expired and needs to be
// recalculated.
2022-12-09 01:58:14 +00:00
type endpointSendFunc func ( [ ] [ ] byte ) error
2022-10-20 05:30:50 +01:00
2023-04-10 04:48:12 +01:00
// endpointDisco is the current disco key and short string for an endpoint. This
// structure is immutable.
2023-04-08 23:36:47 +01:00
type endpointDisco struct {
key key . DiscoPublic // for discovery messages.
short string // ShortString of discoKey.
}
2023-05-03 01:49:56 +01:00
// endpoint is a wireguard/conn.Endpoint. In wireguard-go and kernel WireGuard
// there is only one endpoint for a peer, but in Tailscale we distribute a
// number of possible endpoints for a peer which would include the all the
// likely addresses at which a peer may be reachable. This endpoint type holds
// the information required that when WiregGuard-Go wants to send to a
// particular peer (essentally represented by this endpoint type), the send
// function can use the currnetly best known Tailscale endpoint to send packets
// to the peer.
2021-08-26 06:20:31 +01:00
type endpoint struct {
2020-08-06 22:57:03 +01:00
// atomically accessed; declared first for alignment reasons
2021-07-21 19:04:36 +01:00
lastRecv mono . Time
2021-01-18 23:27:44 +00:00
numStopAndResetAtomic int64
2022-10-20 05:30:50 +01:00
sendFunc syncs . AtomicValue [ endpointSendFunc ] // nil or unset means unused
2023-02-21 20:57:08 +00:00
debugUpdates * ringbuffer . RingBuffer [ EndpointChange ]
2020-08-06 22:57:03 +01:00
2020-07-02 06:15:41 +01:00
// These fields are initialized once and never modified.
2022-10-17 21:22:48 +01:00
c * Conn
publicKey key . NodePublic // peer public key (for WireGuard + DERP)
publicKeyHex string // cached output of publicKey.UntypedHexString
fakeWGAddr netip . AddrPort // the UDP address we tell wireguard-go we're using
2022-12-13 18:37:29 +00:00
nodeAddr netip . Addr // the node's first tailscale address; used for logging & wireguard rate-limiting (Issue 6686)
2020-06-28 19:53:37 +01:00
2023-04-08 23:36:47 +01:00
disco atomic . Pointer [ endpointDisco ] // if the peer supports disco, the key and short string
2020-06-30 23:32:19 +01:00
// mu protects all following fields.
2021-08-26 06:20:31 +01:00
mu sync . Mutex // Lock ordering: Conn.mu, then endpoint.mu
2020-06-30 23:32:19 +01:00
2020-07-03 20:43:39 +01:00
heartBeatTimer * time . Timer // nil when idle
2021-07-21 19:04:36 +01:00
lastSend mono . Time // last time there was outgoing packets sent to this peer (from wireguard-go)
2023-05-03 01:49:56 +01:00
lastFullPing mono . Time // last time we pinged all disco endpoints
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
derpAddr netip . AddrPort // fallback/bootstrap path, if non-zero (non-zero for well-behaved clients)
2020-06-30 23:32:19 +01:00
2021-03-23 17:07:34 +00:00
bestAddr addrLatency // best non-DERP path; zero if none
2021-07-21 19:04:36 +01:00
bestAddrAt mono . Time // time best address re-confirmed
trustBestAddrUntil mono . Time // time when bestAddr expires
2020-07-01 23:28:14 +01:00
sentPing map [ stun . TxID ] sentPing
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
endpointState map [ netip . AddrPort ] * endpointState
isCallMeMaybeEP map [ netip . AddrPort ] bool
2020-08-09 22:49:42 +01:00
pendingCLIPings [ ] pendingCLIPing // any outstanding "tailscale ping" commands running
2022-09-17 04:48:46 +01:00
2022-10-20 19:34:49 +01:00
// The following fields are related to the new "silent disco"
// implementation that's a WIP as of 2022-10-20.
// See #540 for background.
heartbeatDisabled bool
pathFinderRunning bool
2023-01-13 19:29:41 +00:00
2023-05-03 01:49:56 +01:00
expired bool // whether the node has expired
isWireguardOnly bool // whether the endpoint is WireGuard only
2020-08-09 22:49:42 +01:00
}
type pendingCLIPing struct {
res * ipnstate . PingResult
cb func ( * ipnstate . PingResult )
2020-06-30 23:32:19 +01:00
}
2020-07-03 19:06:33 +01:00
const (
2020-07-03 20:43:39 +01:00
// sessionActiveTimeout is how long since the last activity we
2021-08-26 06:20:31 +01:00
// try to keep an established endpoint peering alive.
2021-01-20 17:52:24 +00:00
// It's also the idle time at which we stop doing STUN queries to
// keep NAT mappings alive.
2022-01-05 19:28:08 +00:00
sessionActiveTimeout = 45 * time . Second
2020-07-03 20:43:39 +01:00
// upgradeInterval is how often we try to upgrade to a better path
// even if we have some non-DERP route that works.
upgradeInterval = 1 * time . Minute
// heartbeatInterval is how often pings to the best UDP address
// are sent.
2022-01-05 19:28:08 +00:00
heartbeatInterval = 3 * time . Second
2020-07-03 20:43:39 +01:00
2020-07-03 19:06:33 +01:00
// trustUDPAddrDuration is how long we trust a UDP address as the exclusive
// path (without using DERP) without having heard a Pong reply.
2022-01-05 19:28:08 +00:00
trustUDPAddrDuration = 6500 * time . Millisecond
2020-07-03 20:43:39 +01:00
// goodEnoughLatency is the latency at or under which we don't
// try to upgrade to a better path.
goodEnoughLatency = 5 * time . Millisecond
2021-01-19 23:29:50 +00:00
// derpInactiveCleanupTime is how long a non-home DERP connection
// needs to be idle (last written to) before we close it.
derpInactiveCleanupTime = 60 * time . Second
// derpCleanStaleInterval is how often cleanStaleDerp runs when there
// are potentially-stale DERP connections to close.
derpCleanStaleInterval = 15 * time . Second
2021-01-20 17:52:24 +00:00
// endpointsFreshEnoughDuration is how long we consider a
// STUN-derived endpoint valid for. UDP NAT mappings typically
// expire at 30 seconds, so this is a few seconds shy of that.
endpointsFreshEnoughDuration = 27 * time . Second
2023-04-14 21:37:10 +01:00
// endpointTrackerLifetime is how long we continue advertising an
// endpoint after we last see it. This is intentionally chosen to be
// slightly longer than a full netcheck period.
endpointTrackerLifetime = 5 * time . Minute + 10 * time . Second
2020-07-03 19:06:33 +01:00
)
2021-10-19 13:10:38 +01:00
// Constants that are variable for testing.
var (
// pingTimeoutDuration is how long we wait for a pong reply before
// assuming it's never coming.
pingTimeoutDuration = 5 * time . Second
// discoPingInterval is the minimum time between pings
// to an endpoint. (Except in the case of CallMeMaybe frames
// resetting the counter, as the first pings likely didn't through
// the firewall)
discoPingInterval = 5 * time . Second
)
2020-07-03 19:06:33 +01:00
// endpointState is some state and history for a specific endpoint of
2021-08-26 06:20:31 +01:00
// a endpoint. (The subject is the endpoint.endpointState
2020-07-03 19:06:33 +01:00
// map key)
2020-06-30 23:32:19 +01:00
type endpointState struct {
2021-08-26 06:20:31 +01:00
// all fields guarded by endpoint.mu
2020-08-13 04:12:56 +01:00
// lastPing is the last (outgoing) ping time.
2021-07-21 19:04:36 +01:00
lastPing mono . Time
2020-08-13 04:12:56 +01:00
// lastGotPing, if non-zero, means that this was an endpoint
// that we learned about at runtime (from an incoming ping)
// and that is not in the network map. If so, we keep the time
// updated and use it to discard old candidates.
lastGotPing time . Time
2023-01-31 06:38:20 +00:00
// lastGotPingTxID contains the TxID for the last incoming ping. This is
// used to de-dup incoming pings that we may see on both the raw disco
// socket on Linux, and UDP socket. We cannot rely solely on the raw socket
// disco handling due to https://github.com/tailscale/tailscale/issues/7078.
2023-01-28 05:04:32 +00:00
lastGotPingTxID stun . TxID
2021-01-20 20:41:25 +00:00
// callMeMaybeTime, if non-zero, is the time this endpoint
// was advertised last via a call-me-maybe disco message.
callMeMaybeTime time . Time
2020-07-03 19:06:33 +01:00
recentPongs [ ] pongReply // ring buffer up to pongHistoryCount entries
2020-08-09 22:49:42 +01:00
recentPong uint16 // index into recentPongs of most recent; older before, wrapped
2020-08-13 04:12:56 +01:00
index int16 // index in nodecfg.Node.Endpoints; meaningless if lastGotPing non-zero
}
// indexSentinelDeleted is the temporary value that endpointState.index takes while
2021-08-26 06:20:31 +01:00
// a endpoint's endpoints are being updated from a new network map.
2020-08-13 04:12:56 +01:00
const indexSentinelDeleted = - 1
// shouldDeleteLocked reports whether we should delete this endpoint.
func ( st * endpointState ) shouldDeleteLocked ( ) bool {
switch {
2021-01-20 20:41:25 +00:00
case ! st . callMeMaybeTime . IsZero ( ) :
return false
2020-08-13 04:12:56 +01:00
case st . lastGotPing . IsZero ( ) :
// This was an endpoint from the network map. Is it still in the network map?
return st . index == indexSentinelDeleted
default :
2021-01-20 20:41:25 +00:00
// This was an endpoint discovered at runtime.
2020-08-13 04:12:56 +01:00
return time . Since ( st . lastGotPing ) > sessionActiveTimeout
}
}
2023-05-03 01:49:56 +01:00
// latencyLocked returns the most recent latency measurement, if any.
// endpoint.mu must be held.
func ( st * endpointState ) latencyLocked ( ) ( lat time . Duration , ok bool ) {
if len ( st . recentPongs ) == 0 {
return 0 , false
}
return st . recentPongs [ st . recentPong ] . latency , true
}
2023-02-21 20:57:08 +00:00
func ( de * endpoint ) deleteEndpointLocked ( why string , ep netip . AddrPort ) {
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "deleteEndpointLocked-" + why ,
From : ep ,
} )
2020-08-13 04:12:56 +01:00
delete ( de . endpointState , ep )
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
if de . bestAddr . AddrPort == ep {
2023-02-21 20:57:08 +00:00
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "deleteEndpointLocked-bestAddr-" + why ,
From : de . bestAddr ,
} )
2021-03-23 17:07:34 +00:00
de . bestAddr = addrLatency { }
2020-08-13 04:12:56 +01:00
}
2020-07-03 19:06:33 +01:00
}
// pongHistoryCount is how many pongReply values we keep per endpointState
const pongHistoryCount = 64
type pongReply struct {
latency time . Duration
2021-07-21 19:04:36 +01:00
pongAt mono . Time // when we received the pong
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
from netip . AddrPort // the pong's src (usually same as endpoint map key)
pongSrc netip . AddrPort // what they reported they heard
2020-06-30 23:32:19 +01:00
}
type sentPing struct {
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
to netip . AddrPort
2021-07-21 19:04:36 +01:00
at mono . Time
2020-07-18 21:50:08 +01:00
timer * time . Timer // timeout timer
purpose discoPingPurpose
2020-06-28 19:53:37 +01:00
}
// initFakeUDPAddr populates fakeWGAddr with a globally unique fake UDPAddr.
// The current implementation just uses the pointer value of de jammed into an IPv6
// address, but it could also be, say, a counter.
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) initFakeUDPAddr ( ) {
2020-06-28 19:53:37 +01:00
var addr [ 16 ] byte
addr [ 0 ] = 0xfd
addr [ 1 ] = 0x00
binary . BigEndian . PutUint64 ( addr [ 2 : ] , uint64 ( reflect . ValueOf ( de ) . Pointer ( ) ) )
2022-08-02 21:38:11 +01:00
de . fakeWGAddr = netip . AddrPortFrom ( netip . AddrFrom16 ( addr ) . Unmap ( ) , 12345 )
2020-06-28 19:53:37 +01:00
}
2021-09-01 03:06:04 +01:00
// noteRecvActivity records receive activity on de, and invokes
// Conn.noteRecvActivity no more than once every 10s.
func ( de * endpoint ) noteRecvActivity ( ) {
if de . c . noteRecvActivity == nil {
return
}
2021-07-21 19:04:36 +01:00
now := mono . Now ( )
elapsed := now . Sub ( de . lastRecv . LoadAtomic ( ) )
if elapsed > 10 * time . Second {
de . lastRecv . StoreAtomic ( now )
2021-09-01 03:06:04 +01:00
de . c . noteRecvActivity ( de . publicKey )
2020-08-06 22:57:03 +01:00
}
}
2023-04-08 23:36:47 +01:00
func ( de * endpoint ) discoShort ( ) string {
var short string
if d := de . disco . Load ( ) ; d != nil {
short = d . short
}
return short
}
2020-07-04 06:26:53 +01:00
// String exists purely so wireguard-go internals can log.Printf("%v")
// its internal conn.Endpoints and we don't end up with data races
// from fmt (via log) reading mutex fields and such.
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) String ( ) string {
2023-04-08 23:36:47 +01:00
return fmt . Sprintf ( "magicsock.endpoint{%v, %v}" , de . publicKey . ShortString ( ) , de . discoShort ( ) )
2020-07-04 06:26:53 +01:00
}
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) ClearSrc ( ) { }
func ( de * endpoint ) SrcToString ( ) string { panic ( "unused" ) } // unused by wireguard-go
2022-03-17 00:16:55 +00:00
func ( de * endpoint ) SrcIP ( ) netip . Addr { panic ( "unused" ) } // unused by wireguard-go
2022-10-17 21:22:48 +01:00
func ( de * endpoint ) DstToString ( ) string { return de . publicKeyHex }
2022-12-13 18:37:29 +00:00
func ( de * endpoint ) DstIP ( ) netip . Addr { return de . nodeAddr } // see tailscale/tailscale#6686
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) DstToBytes ( ) [ ] byte { return packIPPort ( de . fakeWGAddr ) }
2020-06-28 19:53:37 +01:00
2020-07-03 19:06:33 +01:00
// addrForSendLocked returns the address(es) that should be used for
// sending the next packet. Zero, one, or both of UDP address and DERP
2023-05-03 01:49:56 +01:00
// addr may be non-zero. If the endpoint is WireGuard only and does not have
// latency information, a bool is returned to indiciate that the
// WireGuard latency discovery pings should be sent.
2020-07-03 19:06:33 +01:00
//
// de.mu must be held.
2023-05-03 01:49:56 +01:00
func ( de * endpoint ) addrForSendLocked ( now mono . Time ) ( udpAddr , derpAddr netip . AddrPort , sendWGPing bool ) {
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
udpAddr = de . bestAddr . AddrPort
2023-05-03 01:49:56 +01:00
if udpAddr . IsValid ( ) && ! now . After ( de . trustBestAddrUntil ) {
return udpAddr , netip . AddrPort { } , false
2020-07-03 19:06:33 +01:00
}
2023-05-03 01:49:56 +01:00
if de . isWireguardOnly {
// If the endpoint is wireguard-only, we don't have a DERP
// address to send to, so we have to send to the UDP address.
udpAddr , shouldPing := de . addrForWireGuardSendLocked ( now )
return udpAddr , netip . AddrPort { } , shouldPing
}
// We had a bestAddr but it expired so send both to it
// and DERP.
return udpAddr , de . derpAddr , false
}
// addrForWireGuardSendLocked returns the address that should be used for
// sending the next packet. If a packet has never or not recently been sent to
// the endpoint, then a randomly selected address for the endpoint is returned,
// as well as a bool indiciating that WireGuard discovery pings should be started.
// If the addresses have latency information available, then the address with the
// best latency is used.
//
// de.mu must be held.
func ( de * endpoint ) addrForWireGuardSendLocked ( now mono . Time ) ( udpAddr netip . AddrPort , shouldPing bool ) {
// lowestLatency is a high duration initially, so we
// can be sure we're going to have a duration lower than this
// for the first latency retrieved.
lowestLatency := time . Hour
for ipp , state := range de . endpointState {
if latency , ok := state . latencyLocked ( ) ; ok {
if latency < lowestLatency || latency == lowestLatency && ipp . Addr ( ) . Is6 ( ) {
// If we have the same latency,IPv6 is prioritized.
// TODO(catzkorn): Consider a small increase in latency to use
// IPv6 in comparison to IPv4, when possible.
lowestLatency = latency
udpAddr = ipp
}
}
}
if udpAddr . IsValid ( ) {
// Set trustBestAddrUntil to an hour, so we will
// continue to use this address for a long period of time.
de . bestAddr . AddrPort = udpAddr
de . trustBestAddrUntil = now . Add ( 1 * time . Hour )
return udpAddr , false
}
2023-07-06 19:11:21 +01:00
candidates := maps . Keys ( de . endpointState )
if len ( candidates ) == 0 {
de . c . logf ( "magicsock: addrForSendWireguardLocked: [unexpected] no candidates available for endpoint" )
return udpAddr , false
2023-05-03 01:49:56 +01:00
}
2023-07-06 19:11:21 +01:00
2023-05-03 01:49:56 +01:00
// Randomly select an address to use until we retrieve latency information
// and give it a short trustBestAddrUntil time so we avoid flapping between
// addresses while waiting on latency information to be populated.
udpAddr = candidates [ rand . Intn ( len ( candidates ) ) ]
de . bestAddr . AddrPort = udpAddr
if len ( candidates ) == 1 {
// if we only have one address that we can send data too,
// we should trust it for a longer period of time.
de . trustBestAddrUntil = now . Add ( 1 * time . Hour )
} else {
de . trustBestAddrUntil = now . Add ( 15 * time . Second )
}
return udpAddr , len ( candidates ) > 1
2020-07-03 19:06:33 +01:00
}
2020-07-03 20:43:39 +01:00
// heartbeat is called every heartbeatInterval to keep the best UDP path alive,
// or kick off discovery of other paths.
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) heartbeat ( ) {
2020-07-03 20:43:39 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
de . heartBeatTimer = nil
2022-09-17 04:48:46 +01:00
if de . heartbeatDisabled {
// If control override to disable heartBeatTimer set, return early.
return
}
2020-07-03 20:43:39 +01:00
if de . lastSend . IsZero ( ) {
// Shouldn't happen.
return
}
2021-07-21 19:04:36 +01:00
if mono . Since ( de . lastSend ) > sessionActiveTimeout {
2020-07-03 20:43:39 +01:00
// Session's idle. Stop heartbeating.
2023-04-08 23:36:47 +01:00
de . c . dlogf ( "[v1] magicsock: disco: ending heartbeats for idle session to %v (%v)" , de . publicKey . ShortString ( ) , de . discoShort ( ) )
2020-07-03 20:43:39 +01:00
return
}
2021-07-21 19:04:36 +01:00
now := mono . Now ( )
2023-05-03 01:49:56 +01:00
udpAddr , _ , _ := de . addrForSendLocked ( now )
2022-07-25 04:08:42 +01:00
if udpAddr . IsValid ( ) {
2020-07-03 20:43:39 +01:00
// We have a preferred path. Ping that every 2 seconds.
2023-05-03 01:49:56 +01:00
de . startDiscoPingLocked ( udpAddr , now , pingHeartbeat )
2020-07-03 20:43:39 +01:00
}
if de . wantFullPingLocked ( now ) {
2023-05-03 01:49:56 +01:00
de . sendDiscoPingsLocked ( now , true )
2020-07-03 20:43:39 +01:00
}
de . heartBeatTimer = time . AfterFunc ( heartbeatInterval , de . heartbeat )
}
// wantFullPingLocked reports whether we should ping to all our peers looking for
// a better path.
//
// de.mu must be held.
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) wantFullPingLocked ( now mono . Time ) bool {
2021-10-22 17:09:37 +01:00
if runtime . GOOS == "js" {
return false
}
2022-07-25 04:08:42 +01:00
if ! de . bestAddr . IsValid ( ) || de . lastFullPing . IsZero ( ) {
2020-07-03 20:43:39 +01:00
return true
}
if now . After ( de . trustBestAddrUntil ) {
return true
}
2021-03-23 17:07:34 +00:00
if de . bestAddr . latency <= goodEnoughLatency {
2020-07-03 20:43:39 +01:00
return false
}
if now . Sub ( de . lastFullPing ) >= upgradeInterval {
return true
}
return false
}
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) noteActiveLocked ( ) {
2021-07-21 19:04:36 +01:00
de . lastSend = mono . Now ( )
2022-11-18 20:43:09 +00:00
if de . heartBeatTimer == nil && ! de . heartbeatDisabled {
2020-07-03 20:43:39 +01:00
de . heartBeatTimer = time . AfterFunc ( heartbeatInterval , de . heartbeat )
}
}
2020-08-09 22:49:42 +01:00
// cliPing starts a ping for the "tailscale ping" command. res is value to call cb with,
// already partially filled.
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) cliPing ( res * ipnstate . PingResult , cb func ( * ipnstate . PingResult ) ) {
2020-08-09 22:49:42 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
2023-01-13 19:29:41 +00:00
if de . expired {
res . Err = errExpired . Error ( )
cb ( res )
return
}
2020-08-09 22:49:42 +01:00
de . pendingCLIPings = append ( de . pendingCLIPings , pendingCLIPing { res , cb } )
2021-07-21 19:04:36 +01:00
now := mono . Now ( )
2023-05-03 01:49:56 +01:00
udpAddr , derpAddr , _ := de . addrForSendLocked ( now )
2022-07-25 04:08:42 +01:00
if derpAddr . IsValid ( ) {
2023-05-03 01:49:56 +01:00
de . startDiscoPingLocked ( derpAddr , now , pingCLI )
2020-08-09 22:49:42 +01:00
}
2022-07-25 04:08:42 +01:00
if udpAddr . IsValid ( ) && now . Before ( de . trustBestAddrUntil ) {
2020-08-09 22:49:42 +01:00
// Already have an active session, so just ping the address we're using.
// Otherwise "tailscale ping" results to a node on the local network
// can look like they're bouncing between, say 10.0.0.0/9 and the peer's
// IPv6 address, both 1ms away, and it's random who replies first.
2023-05-03 01:49:56 +01:00
de . startDiscoPingLocked ( udpAddr , now , pingCLI )
2022-11-18 20:43:09 +00:00
} else {
2020-08-09 22:49:42 +01:00
for ep := range de . endpointState {
2023-05-03 01:49:56 +01:00
de . startDiscoPingLocked ( ep , now , pingCLI )
2020-08-09 22:49:42 +01:00
}
}
de . noteActiveLocked ( )
}
2023-01-13 19:29:41 +00:00
var (
errExpired = errors . New ( "peer's node key has expired" )
errNoUDPOrDERP = errors . New ( "no UDP or DERP addr" )
)
2022-12-09 01:58:14 +00:00
func ( de * endpoint ) send ( buffs [ ] [ ] byte ) error {
2022-10-20 05:30:50 +01:00
if fn := de . sendFunc . Load ( ) ; fn != nil {
2022-12-09 01:58:14 +00:00
return fn ( buffs )
2022-10-20 05:30:50 +01:00
}
2020-06-28 19:53:37 +01:00
de . mu . Lock ( )
2023-01-13 19:29:41 +00:00
if de . expired {
de . mu . Unlock ( )
return errExpired
}
2022-10-20 19:34:49 +01:00
// if heartbeat disabled, kick off pathfinder
if de . heartbeatDisabled {
if ! de . pathFinderRunning {
de . startPathFinder ( )
}
}
now := mono . Now ( )
2023-05-03 01:49:56 +01:00
udpAddr , derpAddr , startWGPing := de . addrForSendLocked ( now )
if de . isWireguardOnly {
if startWGPing {
de . sendWireGuardOnlyPingsLocked ( now )
}
} else if ! udpAddr . IsValid ( ) || now . After ( de . trustBestAddrUntil ) {
de . sendDiscoPingsLocked ( now , true )
2020-06-30 23:32:19 +01:00
}
2020-07-03 20:43:39 +01:00
de . noteActiveLocked ( )
2020-06-28 19:53:37 +01:00
de . mu . Unlock ( )
2022-07-25 04:08:42 +01:00
if ! udpAddr . IsValid ( ) && ! derpAddr . IsValid ( ) {
2023-01-13 19:29:41 +00:00
return errNoUDPOrDERP
2020-06-28 19:53:37 +01:00
}
2020-07-03 19:06:33 +01:00
var err error
2022-07-25 04:08:42 +01:00
if udpAddr . IsValid ( ) {
2022-12-09 01:58:14 +00:00
_ , err = de . c . sendUDPBatch ( udpAddr , buffs )
// TODO(raggi): needs updating for accuracy, as in error conditions we may have partial sends.
2022-11-28 23:59:33 +00:00
if stats := de . c . stats . Load ( ) ; err == nil && stats != nil {
2022-12-09 01:58:14 +00:00
var txBytes int
for _ , b := range buffs {
txBytes += len ( b )
}
stats . UpdateTxPhysical ( de . nodeAddr , udpAddr , txBytes )
2022-10-28 00:26:52 +01:00
}
2020-07-03 19:06:33 +01:00
}
2022-07-25 04:08:42 +01:00
if derpAddr . IsValid ( ) {
2022-12-09 01:58:14 +00:00
allOk := true
for _ , buff := range buffs {
ok , _ := de . c . sendAddr ( derpAddr , de . publicKey , buff )
2022-11-28 23:59:33 +00:00
if stats := de . c . stats . Load ( ) ; stats != nil {
2022-12-09 01:58:14 +00:00
stats . UpdateTxPhysical ( de . nodeAddr , derpAddr , len ( buff ) )
2022-10-28 00:26:52 +01:00
}
2022-12-09 01:58:14 +00:00
if ! ok {
allOk = false
2022-10-28 00:26:52 +01:00
}
2020-07-03 19:06:33 +01:00
}
2022-12-09 01:58:14 +00:00
if allOk {
return nil
}
2020-07-01 23:28:14 +01:00
}
2020-07-01 22:39:21 +01:00
return err
}
2023-05-03 01:49:56 +01:00
func ( de * endpoint ) discoPingTimeout ( txid stun . TxID ) {
2020-07-24 19:18:35 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
sp , ok := de . sentPing [ txid ]
if ! ok {
return
}
2022-09-14 20:49:39 +01:00
if debugDisco ( ) || ! de . bestAddr . IsValid ( ) || mono . Now ( ) . After ( de . trustBestAddrUntil ) {
2023-04-08 23:36:47 +01:00
de . c . dlogf ( "[v1] magicsock: disco: timeout waiting for pong %x from %v (%v, %v)" , txid [ : 6 ] , sp . to , de . publicKey . ShortString ( ) , de . discoShort ( ) )
2020-07-24 19:18:35 +01:00
}
2023-05-03 01:49:56 +01:00
de . removeSentDiscoPingLocked ( txid , sp )
2020-07-24 19:18:35 +01:00
}
2023-05-03 01:49:56 +01:00
// forgetDiscoPing is called by a timer when a ping either fails to send or
2020-07-01 22:39:21 +01:00
// has taken too long to get a pong reply.
2023-05-03 01:49:56 +01:00
func ( de * endpoint ) forgetDiscoPing ( txid stun . TxID ) {
2020-07-01 22:39:21 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
if sp , ok := de . sentPing [ txid ] ; ok {
2023-05-03 01:49:56 +01:00
de . removeSentDiscoPingLocked ( txid , sp )
2020-07-01 22:39:21 +01:00
}
}
2023-05-03 01:49:56 +01:00
func ( de * endpoint ) removeSentDiscoPingLocked ( txid stun . TxID , sp sentPing ) {
2020-07-03 06:48:12 +01:00
// Stop the timer for the case where sendPing failed to write to UDP.
// In the case of a timer already having fired, this is a no-op:
sp . timer . Stop ( )
delete ( de . sentPing , txid )
}
2021-11-18 01:30:27 +00:00
// sendDiscoPing sends a ping with the provided txid to ep using de's discoKey.
2020-07-03 20:43:39 +01:00
//
2021-11-18 01:30:27 +00:00
// The caller (startPingLocked) should've already recorded the ping in
2020-07-03 20:43:39 +01:00
// sentPing and set up the timer.
2021-11-18 01:30:27 +00:00
//
// The caller should use de.discoKey as the discoKey argument.
// It is passed in so that sendDiscoPing doesn't need to lock de.mu.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( de * endpoint ) sendDiscoPing ( ep netip . AddrPort , discoKey key . DiscoPublic , txid stun . TxID , logLevel discoLogLevel ) {
2021-11-18 01:30:27 +00:00
sent , _ := de . c . sendDiscoMessage ( ep , de . publicKey , discoKey , & disco . Ping {
2021-10-16 22:55:26 +01:00
TxID : [ 12 ] byte ( txid ) ,
2022-08-04 18:43:49 +01:00
NodeKey : de . c . publicKeyAtomic . Load ( ) ,
2021-10-16 22:55:26 +01:00
} , logLevel )
2020-07-01 22:39:21 +01:00
if ! sent {
2023-05-03 01:49:56 +01:00
de . forgetDiscoPing ( txid )
2020-07-01 22:39:21 +01:00
}
2020-06-30 23:32:19 +01:00
}
2020-07-18 21:50:08 +01:00
// discoPingPurpose is the reason why a discovery ping message was sent.
type discoPingPurpose int
2023-01-27 21:36:46 +00:00
//go:generate go run tailscale.com/cmd/addlicense -file discopingpurpose_string.go go run golang.org/x/tools/cmd/stringer -type=discoPingPurpose -trimprefix=ping
2020-07-18 21:50:08 +01:00
const (
// pingDiscovery means that purpose of a ping was to see if a
// path was valid.
pingDiscovery discoPingPurpose = iota
// pingHeartbeat means that purpose of a ping was whether a
// peer was still there.
pingHeartbeat
2020-08-09 22:49:42 +01:00
// pingCLI means that the user is running "tailscale ping"
// from the CLI. These types of pings can go over DERP.
pingCLI
2020-07-18 21:50:08 +01:00
)
2023-05-03 01:49:56 +01:00
func ( de * endpoint ) startDiscoPingLocked ( ep netip . AddrPort , now mono . Time , purpose discoPingPurpose ) {
2021-10-22 17:09:37 +01:00
if runtime . GOOS == "js" {
return
}
2023-04-08 23:36:47 +01:00
epDisco := de . disco . Load ( )
if epDisco == nil {
return
}
2020-08-09 22:49:42 +01:00
if purpose != pingCLI {
st , ok := de . endpointState [ ep ]
if ! ok {
// Shouldn't happen. But don't ping an endpoint that's
// not active for us.
de . c . logf ( "magicsock: disco: [unexpected] attempt to ping no longer live endpoint %v" , ep )
return
}
st . lastPing = now
2020-07-03 20:43:39 +01:00
}
txid := stun . NewTxID ( )
de . sentPing [ txid ] = sentPing {
2020-07-24 19:18:35 +01:00
to : ep ,
at : now ,
2023-05-03 01:49:56 +01:00
timer : time . AfterFunc ( pingTimeoutDuration , func ( ) { de . discoPingTimeout ( txid ) } ) ,
2020-07-18 21:50:08 +01:00
purpose : purpose ,
}
logLevel := discoLog
if purpose == pingHeartbeat {
logLevel = discoVerboseLog
2020-07-03 20:43:39 +01:00
}
2023-04-08 23:36:47 +01:00
go de . sendDiscoPing ( ep , epDisco . key , txid , logLevel )
2020-07-03 20:43:39 +01:00
}
2023-05-03 01:49:56 +01:00
func ( de * endpoint ) sendDiscoPingsLocked ( now mono . Time , sendCallMeMaybe bool ) {
2020-07-03 20:43:39 +01:00
de . lastFullPing = now
2020-07-03 06:48:12 +01:00
var sentAny bool
2020-07-01 20:56:17 +01:00
for ep , st := range de . endpointState {
2020-08-13 04:12:56 +01:00
if st . shouldDeleteLocked ( ) {
2023-02-21 20:57:08 +00:00
de . deleteEndpointLocked ( "sendPingsLocked" , ep )
2020-08-13 04:12:56 +01:00
continue
}
2021-10-27 17:37:32 +01:00
if runtime . GOOS == "js" {
continue
}
2020-07-03 19:06:33 +01:00
if ! st . lastPing . IsZero ( ) && now . Sub ( st . lastPing ) < discoPingInterval {
2020-07-01 20:56:17 +01:00
continue
}
2020-07-03 06:48:12 +01:00
firstPing := ! sentAny
sentAny = true
if firstPing && sendCallMeMaybe {
2023-04-08 23:36:47 +01:00
de . c . dlogf ( "[v1] magicsock: disco: send, starting discovery for %v (%v)" , de . publicKey . ShortString ( ) , de . discoShort ( ) )
2020-07-03 06:48:12 +01:00
}
2023-05-03 01:49:56 +01:00
de . startDiscoPingLocked ( ep , now , pingDiscovery )
2020-07-01 20:56:17 +01:00
}
derpAddr := de . derpAddr
2022-07-25 04:08:42 +01:00
if sentAny && sendCallMeMaybe && derpAddr . IsValid ( ) {
2021-01-20 20:41:25 +00:00
// Have our magicsock.Conn figure out its STUN endpoint (if
// it doesn't know already) and then send a CallMeMaybe
// message to our peer via DERP informing them that we've
// sent so our firewall ports are probably open and now
// would be a good time for them to connect.
go de . c . enqueueCallMeMaybe ( derpAddr , de )
2020-07-01 20:56:17 +01:00
}
}
2023-05-03 01:49:56 +01:00
// sendWireGuardOnlyPingsLocked evaluates all available addresses for
// a WireGuard only endpoint and initates an ICMP ping for useable
// addresses.
func ( de * endpoint ) sendWireGuardOnlyPingsLocked ( now mono . Time ) {
if runtime . GOOS == "js" {
return
}
// Normally the we only send pings at a low rate as the decision to start
// sending a ping sets bestAddrAtUntil with a reasonable time to keep trying
// that address, however, if that code changed we may want to be sure that
// we don't ever send excessive pings to avoid impact to the client/user.
if ! now . After ( de . lastFullPing . Add ( 10 * time . Second ) ) {
return
}
de . lastFullPing = now
for ipp := range de . endpointState {
if ipp . Addr ( ) . Is4 ( ) && de . c . noV4 . Load ( ) {
continue
}
if ipp . Addr ( ) . Is6 ( ) && de . c . noV6 . Load ( ) {
continue
}
go de . sendWireGuardOnlyPing ( ipp , now )
}
}
// getPinger lazily instantiates a pinger and returns it, if it was
// already instantiated it returns the existing one.
func ( c * Conn ) getPinger ( ) * ping . Pinger {
return c . wgPinger . Get ( func ( ) * ping . Pinger {
return ping . New ( c . connCtx , c . dlogf , netns . Listener ( c . logf , c . netMon ) )
} )
}
// sendWireGuardOnlyPing sends a ICMP ping to a WireGuard only address to
// discover the latency.
func ( de * endpoint ) sendWireGuardOnlyPing ( ipp netip . AddrPort , now mono . Time ) {
ctx , cancel := context . WithTimeout ( de . c . connCtx , 5 * time . Second )
defer cancel ( )
de . setLastPing ( ipp , now )
addr := & net . IPAddr {
IP : net . IP ( ipp . Addr ( ) . AsSlice ( ) ) ,
Zone : ipp . Addr ( ) . Zone ( ) ,
}
p := de . c . getPinger ( )
if p == nil {
de . c . logf ( "[v2] magicsock: sendWireGuardOnlyPingLocked: pinger is nil" )
return
}
latency , err := p . Send ( ctx , addr , nil )
if err != nil {
de . c . logf ( "[v2] magicsock: sendWireGuardOnlyPingLocked: %s" , err )
return
}
de . mu . Lock ( )
defer de . mu . Unlock ( )
state , ok := de . endpointState [ ipp ]
if ! ok {
return
}
state . addPongReplyLocked ( pongReply {
latency : latency ,
pongAt : now ,
from : ipp ,
pongSrc : netip . AddrPort { } , // We don't know this.
} )
}
// setLastPing sets lastPing on the endpointState to now.
func ( de * endpoint ) setLastPing ( ipp netip . AddrPort , now mono . Time ) {
de . mu . Lock ( )
defer de . mu . Unlock ( )
state , ok := de . endpointState [ ipp ]
if ! ok {
return
}
state . lastPing = now
}
// updateFromNode updates the endpoint based on a tailcfg.Node from a NetMap
// update.
2022-09-18 15:56:40 +01:00
func ( de * endpoint ) updateFromNode ( n * tailcfg . Node , heartbeatDisabled bool ) {
2020-06-28 19:53:37 +01:00
if n == nil {
2023-05-03 01:49:56 +01:00
panic ( "nil node when updating endpoint" )
2020-06-28 19:53:37 +01:00
}
de . mu . Lock ( )
defer de . mu . Unlock ( )
2022-09-18 15:56:40 +01:00
de . heartbeatDisabled = heartbeatDisabled
2023-01-13 19:29:41 +00:00
de . expired = n . Expired
2022-09-18 15:56:40 +01:00
2023-04-08 23:36:47 +01:00
epDisco := de . disco . Load ( )
var discoKey key . DiscoPublic
if epDisco != nil {
discoKey = epDisco . key
}
if discoKey != n . DiscoKey {
de . c . logf ( "[v1] magicsock: disco: node %s changed from %s to %s" , de . publicKey . ShortString ( ) , discoKey , n . DiscoKey )
de . disco . Store ( & endpointDisco {
key : n . DiscoKey ,
short : n . DiscoKey . ShortString ( ) ,
} )
2023-02-21 20:57:08 +00:00
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "updateFromNode-resetLocked" ,
} )
2021-10-06 18:18:12 +01:00
de . resetLocked ( )
}
2020-06-28 19:53:37 +01:00
if n . DERP == "" {
2023-02-21 20:57:08 +00:00
if de . derpAddr . IsValid ( ) {
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "updateFromNode-remove-DERP" ,
From : de . derpAddr ,
} )
}
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
de . derpAddr = netip . AddrPort { }
2020-06-28 19:53:37 +01:00
} else {
2023-02-21 20:57:08 +00:00
newDerp , _ := netip . ParseAddrPort ( n . DERP )
if de . derpAddr != newDerp {
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "updateFromNode-DERP" ,
From : de . derpAddr ,
To : newDerp ,
} )
}
de . derpAddr = newDerp
2020-06-28 19:53:37 +01:00
}
2020-06-30 23:32:19 +01:00
for _ , st := range de . endpointState {
2020-08-13 04:12:56 +01:00
st . index = indexSentinelDeleted // assume deleted until updated in next loop
2020-06-30 23:32:19 +01:00
}
2023-02-21 20:57:08 +00:00
var newIpps [ ] netip . AddrPort
2020-06-30 23:32:19 +01:00
for i , epStr := range n . Endpoints {
2020-07-03 19:06:33 +01:00
if i > math . MaxInt16 {
// Seems unlikely.
continue
}
2022-07-26 04:55:44 +01:00
ipp , err := netip . ParseAddrPort ( epStr )
2020-06-30 23:32:19 +01:00
if err != nil {
de . c . logf ( "magicsock: bogus netmap endpoint %q" , epStr )
continue
}
if st , ok := de . endpointState [ ipp ] ; ok {
2020-07-03 19:06:33 +01:00
st . index = int16 ( i )
2020-06-30 23:32:19 +01:00
} else {
2020-07-03 19:06:33 +01:00
de . endpointState [ ipp ] = & endpointState { index : int16 ( i ) }
2023-02-21 20:57:08 +00:00
newIpps = append ( newIpps , ipp )
2020-06-30 23:32:19 +01:00
}
}
2023-02-21 20:57:08 +00:00
if len ( newIpps ) > 0 {
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "updateFromNode-new-Endpoints" ,
To : newIpps ,
} )
}
2020-08-13 04:12:56 +01:00
// Now delete anything unless it's still in the network map or
// was a recently discovered endpoint.
for ep , st := range de . endpointState {
if st . shouldDeleteLocked ( ) {
2023-02-21 20:57:08 +00:00
de . deleteEndpointLocked ( "updateFromNode" , ep )
2020-08-13 04:12:56 +01:00
}
}
2022-10-20 05:30:50 +01:00
// Node changed. Invalidate its sending fast path, if any.
de . sendFunc . Store ( nil )
2020-08-13 04:12:56 +01:00
}
// addCandidateEndpoint adds ep as an endpoint to which we should send
2023-01-28 05:04:32 +00:00
// future pings. If there is an existing endpointState for ep, and forRxPingTxID
// matches the last received ping TxID, this function reports true, otherwise
// false.
2020-08-13 04:12:56 +01:00
//
// This is called once we've already verified that we got a valid
// discovery message from de via ep.
2023-01-28 05:04:32 +00:00
func ( de * endpoint ) addCandidateEndpoint ( ep netip . AddrPort , forRxPingTxID stun . TxID ) ( duplicatePing bool ) {
2020-08-13 04:12:56 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
if st , ok := de . endpointState [ ep ] ; ok {
2023-01-31 06:38:20 +00:00
duplicatePing = forRxPingTxID == st . lastGotPingTxID
if ! duplicatePing {
st . lastGotPingTxID = forRxPingTxID
}
2020-08-13 04:12:56 +01:00
if st . lastGotPing . IsZero ( ) {
// Already-known endpoint from the network map.
2023-01-31 06:38:20 +00:00
return duplicatePing
2020-08-13 04:12:56 +01:00
}
st . lastGotPing = time . Now ( )
2023-01-31 06:38:20 +00:00
return duplicatePing
2020-08-13 04:12:56 +01:00
}
// Newly discovered endpoint. Exciting!
2023-04-08 23:36:47 +01:00
de . c . dlogf ( "[v1] magicsock: disco: adding %v as candidate endpoint for %v (%s)" , ep , de . discoShort ( ) , de . publicKey . ShortString ( ) )
2020-08-13 04:12:56 +01:00
de . endpointState [ ep ] = & endpointState {
2023-01-28 05:04:32 +00:00
lastGotPing : time . Now ( ) ,
lastGotPingTxID : forRxPingTxID ,
2020-08-13 04:12:56 +01:00
}
// If for some reason this gets very large, do some cleanup.
if size := len ( de . endpointState ) ; size > 100 {
for ep , st := range de . endpointState {
if st . shouldDeleteLocked ( ) {
2023-02-21 20:57:08 +00:00
de . deleteEndpointLocked ( "addCandidateEndpoint" , ep )
2020-06-30 23:32:19 +01:00
}
}
2020-08-13 04:12:56 +01:00
size2 := len ( de . endpointState )
2022-10-04 04:39:45 +01:00
de . c . dlogf ( "[v1] magicsock: disco: addCandidateEndpoint pruned %v candidate set from %v to %v entries" , size , size2 )
2020-06-30 23:32:19 +01:00
}
2023-01-28 05:04:32 +00:00
return false
2020-06-28 19:53:37 +01:00
}
// noteConnectivityChange is called when connectivity changes enough
// that we should question our earlier assumptions about which paths
// work.
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) noteConnectivityChange ( ) {
2020-06-28 19:53:37 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
2021-07-21 19:04:36 +01:00
de . trustBestAddrUntil = 0
2020-06-28 19:53:37 +01:00
}
2020-07-02 06:15:41 +01:00
// handlePongConnLocked handles a Pong message (a reply to an earlier ping).
// It should be called with the Conn.mu held.
2021-10-16 05:55:59 +01:00
//
// It reports whether m.TxID corresponds to a ping that this endpoint sent.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
func ( de * endpoint ) handlePongConnLocked ( m * disco . Pong , di * discoInfo , src netip . AddrPort ) ( knownTxID bool ) {
2020-07-01 20:56:17 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
2022-07-25 04:08:42 +01:00
isDerp := src . Addr ( ) == derpMagicIPAddr
2020-07-02 06:15:41 +01:00
2020-07-01 20:56:17 +01:00
sp , ok := de . sentPing [ m . TxID ]
if ! ok {
2021-10-16 05:55:59 +01:00
// This is not a pong for a ping we sent.
return false
2020-07-01 20:56:17 +01:00
}
2021-10-16 05:55:59 +01:00
knownTxID = true // for naked returns below
2023-05-03 01:49:56 +01:00
de . removeSentDiscoPingLocked ( m . TxID , sp )
2020-07-01 20:56:17 +01:00
2021-07-21 19:04:36 +01:00
now := mono . Now ( )
2020-07-03 19:06:33 +01:00
latency := now . Sub ( sp . at )
2020-08-09 22:49:42 +01:00
if ! isDerp {
st , ok := de . endpointState [ sp . to ]
if ! ok {
// This is no longer an endpoint we care about.
return
}
2021-10-18 21:29:09 +01:00
de . c . peerMap . setNodeKeyForIPPort ( src , de . publicKey )
2020-08-09 22:49:42 +01:00
st . addPongReplyLocked ( pongReply {
latency : latency ,
pongAt : now ,
from : src ,
pongSrc : m . Src ,
} )
}
2020-07-03 06:48:12 +01:00
2020-07-18 21:50:08 +01:00
if sp . purpose != pingHeartbeat {
2023-04-08 23:36:47 +01:00
de . c . dlogf ( "[v1] magicsock: disco: %v<-%v (%v, %v) got pong tx=%x latency=%v pong.src=%v%v" , de . c . discoShort , de . discoShort ( ) , de . publicKey . ShortString ( ) , src , m . TxID [ : 6 ] , latency . Round ( time . Millisecond ) , m . Src , logger . ArgWriter ( func ( bw * bufio . Writer ) {
2020-07-18 21:50:08 +01:00
if sp . to != src {
fmt . Fprintf ( bw , " ping.to=%v" , sp . to )
}
} ) )
}
2020-07-01 20:56:17 +01:00
2020-08-09 22:49:42 +01:00
for _ , pp := range de . pendingCLIPings {
de . c . populateCLIPingResponseLocked ( pp . res , latency , sp . to )
go pp . cb ( pp . res )
}
de . pendingCLIPings = nil
2020-07-01 20:56:17 +01:00
// Promote this pong response to our current best address if it's lower latency.
// TODO(bradfitz): decide how latency vs. preference order affects decision
2020-08-09 22:49:42 +01:00
if ! isDerp {
2021-03-23 17:07:34 +00:00
thisPong := addrLatency { sp . to , latency }
if betterAddr ( thisPong , de . bestAddr ) {
2023-04-08 23:36:47 +01:00
de . c . logf ( "magicsock: disco: node %v %v now using %v" , de . publicKey . ShortString ( ) , de . discoShort ( ) , sp . to )
2023-02-21 20:57:08 +00:00
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "handlePingLocked-bestAddr-update" ,
From : de . bestAddr ,
To : thisPong ,
} )
2021-03-23 17:07:34 +00:00
de . bestAddr = thisPong
2020-08-09 22:49:42 +01:00
}
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
if de . bestAddr . AddrPort == thisPong . AddrPort {
2023-02-21 20:57:08 +00:00
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "handlePingLocked-bestAddr-latency" ,
From : de . bestAddr ,
To : thisPong ,
} )
2021-03-23 17:07:34 +00:00
de . bestAddr . latency = latency
2020-08-09 22:49:42 +01:00
de . bestAddrAt = now
de . trustBestAddrUntil = now . Add ( trustUDPAddrDuration )
2020-07-02 19:37:19 +01:00
}
2020-07-03 19:06:33 +01:00
}
2021-10-16 05:55:59 +01:00
return
2020-07-03 19:06:33 +01:00
}
2022-09-26 23:49:59 +01:00
// portableTrySetSocketBuffer sets SO_SNDBUF and SO_RECVBUF on pconn to socketBufferSize,
// logging an error if it occurs.
func portableTrySetSocketBuffer ( pconn nettype . PacketConn , logf logger . Logf ) {
if c , ok := pconn . ( * net . UDPConn ) ; ok {
// Attempt to increase the buffer size, and allow failures.
if err := c . SetReadBuffer ( socketBufferSize ) ; err != nil {
logf ( "magicsock: failed to set UDP read buffer size to %d: %v" , socketBufferSize , err )
}
if err := c . SetWriteBuffer ( socketBufferSize ) ; err != nil {
logf ( "magicsock: failed to set UDP write buffer size to %d: %v" , socketBufferSize , err )
}
}
}
2021-03-23 17:07:34 +00:00
// addrLatency is an IPPort with an associated latency.
type addrLatency struct {
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
netip . AddrPort
2021-03-23 17:07:34 +00:00
latency time . Duration
}
2023-02-21 20:57:08 +00:00
func ( a addrLatency ) String ( ) string {
return a . AddrPort . String ( ) + "@" + a . latency . String ( )
}
2021-03-23 17:07:34 +00:00
// betterAddr reports whether a is a better addr to use than b.
func betterAddr ( a , b addrLatency ) bool {
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
if a . AddrPort == b . AddrPort {
2021-03-23 17:07:34 +00:00
return false
}
2022-07-25 04:08:42 +01:00
if ! b . IsValid ( ) {
2021-03-23 17:07:34 +00:00
return true
}
2022-07-25 04:08:42 +01:00
if ! a . IsValid ( ) {
2021-03-23 17:07:34 +00:00
return false
}
2023-04-21 16:35:16 +01:00
2023-05-08 14:55:14 +01:00
// Each address starts with a set of points (from 0 to 100) that
// represents how much faster they are than the highest-latency
// endpoint. For example, if a has latency 200ms and b has latency
// 190ms, then a starts with 0 points and b starts with 5 points since
// it's 5% faster.
var aPoints , bPoints int
if a . latency > b . latency && a . latency > 0 {
bPoints = int ( 100 - ( ( b . latency * 100 ) / a . latency ) )
} else if b . latency > 0 {
aPoints = int ( 100 - ( ( a . latency * 100 ) / b . latency ) )
}
// Prefer private IPs over public IPs as long as the latencies are
// roughly equivalent, since it's less likely that a user will have to
// pay for the bandwidth in a cloud environment.
2023-04-21 16:35:16 +01:00
//
2023-05-08 14:55:14 +01:00
// Additionally, prefer any loopback address strongly over non-loopback
// addresses.
if a . Addr ( ) . IsLoopback ( ) {
aPoints += 50
} else if a . Addr ( ) . IsPrivate ( ) {
aPoints += 20
}
if b . Addr ( ) . IsLoopback ( ) {
bPoints += 50
} else if b . Addr ( ) . IsPrivate ( ) {
bPoints += 20
}
// Prefer IPv6 for being a bit more robust, as long as
// the latencies are roughly equivalent.
if a . Addr ( ) . Is6 ( ) {
aPoints += 10
}
if b . Addr ( ) . Is6 ( ) {
bPoints += 10
2023-04-21 16:35:16 +01:00
}
// Don't change anything if the latency improvement is less than 1%; we
// want a bit of "stickiness" (a.k.a. hysteresis) to avoid flapping if
// there's two roughly-equivalent endpoints.
2023-05-08 14:55:14 +01:00
//
// Points are essentially the percentage improvement of latency vs. the
// slower endpoint; absent any boosts from private IPs, IPv6, etc., a
// will be a better address than b by a fraction of 1% or less if
// aPoints <= 1 and bPoints == 0.
if aPoints <= 1 && bPoints == 0 {
2023-04-21 16:35:16 +01:00
return false
}
2023-05-08 14:55:14 +01:00
return aPoints > bPoints
2021-03-23 17:07:34 +00:00
}
2021-08-26 06:20:31 +01:00
// endpoint.mu must be held.
2020-07-03 19:06:33 +01:00
func ( st * endpointState ) addPongReplyLocked ( r pongReply ) {
if n := len ( st . recentPongs ) ; n < pongHistoryCount {
st . recentPong = uint16 ( n )
st . recentPongs = append ( st . recentPongs , r )
return
2020-07-01 20:56:17 +01:00
}
2020-07-03 19:06:33 +01:00
i := st . recentPong + 1
if i == pongHistoryCount {
i = 0
}
st . recentPongs [ i ] = r
st . recentPong = i
2020-07-01 20:56:17 +01:00
}
2020-07-01 23:28:14 +01:00
// handleCallMeMaybe handles a CallMeMaybe discovery message via
// DERP. The contract for use of this message is that the peer has
// already sent to us via UDP, so their stateful firewall should be
// open. Now we can Ping back and make it through.
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) handleCallMeMaybe ( m * disco . CallMeMaybe ) {
2021-10-22 17:09:37 +01:00
if runtime . GOOS == "js" {
// Nothing to do on js/wasm if we can't send UDP packets anyway.
return
}
2020-07-01 23:28:14 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
2021-01-20 20:41:25 +00:00
now := time . Now ( )
for ep := range de . isCallMeMaybeEP {
de . isCallMeMaybeEP [ ep ] = false // mark for deletion
}
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
var newEPs [ ] netip . AddrPort
2021-01-20 20:41:25 +00:00
for _ , ep := range m . MyNumber {
2022-07-25 04:08:42 +01:00
if ep . Addr ( ) . Is6 ( ) && ep . Addr ( ) . IsLinkLocalUnicast ( ) {
2021-01-21 16:05:07 +00:00
// We send these out, but ignore them for now.
// TODO: teach the ping code to ping on all interfaces
// for these.
continue
}
2022-04-22 04:25:24 +01:00
mak . Set ( & de . isCallMeMaybeEP , ep , true )
2021-01-20 20:41:25 +00:00
if es , ok := de . endpointState [ ep ] ; ok {
es . callMeMaybeTime = now
} else {
de . endpointState [ ep ] = & endpointState { callMeMaybeTime : now }
2021-01-21 16:05:07 +00:00
newEPs = append ( newEPs , ep )
}
}
if len ( newEPs ) > 0 {
2023-02-21 20:57:08 +00:00
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "handleCallMeMaybe-new-endpoints" ,
To : newEPs ,
} )
2022-10-04 04:39:45 +01:00
de . c . dlogf ( "[v1] magicsock: disco: call-me-maybe from %v %v added new endpoints: %v" ,
2023-04-08 23:36:47 +01:00
de . publicKey . ShortString ( ) , de . discoShort ( ) ,
2021-01-21 16:05:07 +00:00
logger . ArgWriter ( func ( w * bufio . Writer ) {
for i , ep := range newEPs {
if i > 0 {
w . WriteString ( ", " )
}
w . WriteString ( ep . String ( ) )
}
} ) )
2021-01-20 20:41:25 +00:00
}
2021-01-21 16:05:07 +00:00
2022-09-25 19:29:55 +01:00
// Delete any prior CallMeMaybe endpoints that weren't included
2021-01-20 20:41:25 +00:00
// in this message.
for ep , want := range de . isCallMeMaybeEP {
if ! want {
delete ( de . isCallMeMaybeEP , ep )
2023-02-21 20:57:08 +00:00
de . deleteEndpointLocked ( "handleCallMeMaybe" , ep )
2021-01-20 20:41:25 +00:00
}
}
2020-07-01 23:28:14 +01:00
// Zero out all the lastPing times to force sendPingsLocked to send new ones,
// even if it's been less than 5 seconds ago.
for _ , st := range de . endpointState {
2021-07-21 19:04:36 +01:00
st . lastPing = 0
2020-07-01 23:28:14 +01:00
}
2023-05-03 01:49:56 +01:00
de . sendDiscoPingsLocked ( mono . Now ( ) , false )
2020-07-01 23:28:14 +01:00
}
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) populatePeerStatus ( ps * ipnstate . PeerStatus ) {
2020-07-03 19:06:33 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
2021-09-01 00:55:22 +01:00
ps . Relay = de . c . derpRegionCodeOfIDLocked ( int ( de . derpAddr . Port ( ) ) )
2020-07-03 19:06:33 +01:00
if de . lastSend . IsZero ( ) {
return
}
2021-07-21 19:04:36 +01:00
now := mono . Now ( )
2021-08-04 16:01:35 +01:00
ps . LastWrite = de . lastSend . WallTime ( )
ps . Active = now . Sub ( de . lastSend ) < sessionActiveTimeout
2023-05-03 01:49:56 +01:00
if udpAddr , derpAddr , _ := de . addrForSendLocked ( now ) ; udpAddr . IsValid ( ) && ! derpAddr . IsValid ( ) {
2020-07-03 19:06:33 +01:00
ps . CurAddr = udpAddr . String ( )
}
}
2020-07-30 21:48:32 +01:00
// stopAndReset stops timers associated with de and resets its state back to zero.
2021-08-26 03:39:20 +01:00
// It's called when a discovery endpoint is no longer present in the
// NetworkMap, or when magicsock is transitioning from running to
// stopped state (via SetPrivateKey(zero))
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) stopAndReset ( ) {
2021-01-18 23:27:44 +00:00
atomic . AddInt64 ( & de . numStopAndResetAtomic , 1 )
2020-06-28 19:53:37 +01:00
de . mu . Lock ( )
defer de . mu . Unlock ( )
2023-01-18 02:54:03 +00:00
if closing := de . c . closing . Load ( ) ; ! closing {
2023-04-08 23:36:47 +01:00
de . c . logf ( "[v1] magicsock: doing cleanup for discovery key %s" , de . discoShort ( ) )
2023-01-18 02:54:03 +00:00
}
2020-06-30 23:32:19 +01:00
2023-02-21 20:57:08 +00:00
de . debugUpdates . Add ( EndpointChange {
When : time . Now ( ) ,
What : "stopAndReset-resetLocked" ,
} )
2021-10-06 18:18:12 +01:00
de . resetLocked ( )
if de . heartBeatTimer != nil {
de . heartBeatTimer . Stop ( )
de . heartBeatTimer = nil
}
de . pendingCLIPings = nil
}
// resetLocked clears all the endpoint's p2p state, reverting it to a
// DERP-only endpoint. It does not stop the endpoint's heartbeat
// timer, if one is running.
func ( de * endpoint ) resetLocked ( ) {
2021-07-21 19:04:36 +01:00
de . lastSend = 0
de . lastFullPing = 0
2021-03-23 17:07:34 +00:00
de . bestAddr = addrLatency { }
2021-07-21 19:04:36 +01:00
de . bestAddrAt = 0
de . trustBestAddrUntil = 0
2020-07-30 21:48:32 +01:00
for _ , es := range de . endpointState {
2021-07-21 19:04:36 +01:00
es . lastPing = 0
2020-07-30 21:48:32 +01:00
}
2020-07-03 19:45:41 +01:00
for txid , sp := range de . sentPing {
2023-05-03 01:49:56 +01:00
de . removeSentDiscoPingLocked ( txid , sp )
2020-06-30 23:32:19 +01:00
}
2020-06-28 19:53:37 +01:00
}
2020-06-30 22:37:35 +01:00
2021-08-26 06:20:31 +01:00
func ( de * endpoint ) numStopAndReset ( ) int64 {
2021-01-18 23:27:44 +00:00
return atomic . LoadInt64 ( & de . numStopAndResetAtomic )
}
2020-07-02 18:48:13 +01:00
// derpStr replaces DERP IPs in s with "derp-".
func derpStr ( s string ) string { return strings . ReplaceAll ( s , "127.3.3.40:" , "derp-" ) }
2020-09-03 23:45:41 +01:00
2021-01-18 23:27:44 +00:00
// ippEndpointCache is a mutex-free single-element cache, mapping from
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
// a single netip.AddrPort to a single endpoint.
2021-01-18 23:27:44 +00:00
type ippEndpointCache struct {
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
ipp netip . AddrPort
2021-01-18 23:27:44 +00:00
gen int64
2021-08-26 06:20:31 +01:00
de * endpoint
2021-01-18 23:27:44 +00:00
}
2021-10-16 04:45:33 +01:00
// discoInfo is the info and state for the DiscoKey
// in the Conn.discoInfo map key.
//
// Note that a DiscoKey does not necessarily map to exactly one
// node. In the case of shared nodes and users switching accounts, two
// nodes in the NetMap may legitimately have the same DiscoKey. As
// such, no fields in here should be considered node-specific.
type discoInfo struct {
// discoKey is the same as the Conn.discoInfo map key,
// just so you can pass around a *discoInfo alone.
2022-09-25 19:29:55 +01:00
// Not modified once initialized.
2021-10-29 22:27:29 +01:00
discoKey key . DiscoPublic
2021-10-16 04:45:33 +01:00
// discoShort is discoKey.ShortString().
2022-09-25 19:29:55 +01:00
// Not modified once initialized;
2021-10-16 04:45:33 +01:00
discoShort string
2021-10-29 22:27:29 +01:00
// sharedKey is the precomputed key for communication with the
// peer that has the DiscoKey used to look up this *discoInfo in
// Conn.discoInfo.
2022-09-25 19:29:55 +01:00
// Not modified once initialized.
2021-10-29 22:27:29 +01:00
sharedKey key . DiscoShared
2021-10-16 04:45:33 +01:00
// Mutable fields follow, owned by Conn.mu:
// lastPingFrom is the src of a ping for discoKey.
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
lastPingFrom netip . AddrPort
2021-10-16 04:45:33 +01:00
// lastPingTime is the last time of a ping for discoKey.
lastPingTime time . Time
}
2020-12-14 02:51:24 +00:00
2022-01-29 22:52:00 +00:00
// derpAddrFamSelector is the derphttp.AddressFamilySelector we pass
// to derphttp.Client.SetAddressFamilySelector.
//
// It provides the hint as to whether in an IPv4-vs-IPv6 race that
// IPv4 should be held back a bit to give IPv6 a better-than-50/50
// chance of winning. We only return true when we believe IPv6 will
// work anyway, so we don't artificially delay the connection speed.
type derpAddrFamSelector struct { c * Conn }
func ( s derpAddrFamSelector ) PreferIPv6 ( ) bool {
2022-08-04 05:31:40 +01:00
if r := s . c . lastNetCheckReport . Load ( ) ; r != nil {
2022-01-29 22:52:00 +00:00
return r . IPv6
}
return false
}
2023-04-14 21:37:10 +01:00
type endpointTrackerEntry struct {
endpoint tailcfg . Endpoint
until time . Time
}
type endpointTracker struct {
mu sync . Mutex
cache map [ netip . AddrPort ] endpointTrackerEntry
}
func ( et * endpointTracker ) update ( now time . Time , eps [ ] tailcfg . Endpoint ) ( epsPlusCached [ ] tailcfg . Endpoint ) {
epsPlusCached = eps
var inputEps set . Slice [ netip . AddrPort ]
for _ , ep := range eps {
inputEps . Add ( ep . Addr )
}
et . mu . Lock ( )
defer et . mu . Unlock ( )
// Add entries to the return array that aren't already there.
for k , ep := range et . cache {
// If the endpoint was in the input list, or has expired, skip it.
if inputEps . Contains ( k ) {
continue
} else if now . After ( ep . until ) {
continue
}
// We haven't seen this endpoint; add to the return array
epsPlusCached = append ( epsPlusCached , ep . endpoint )
}
// Add entries from the original input array into the cache, and/or
// extend the lifetime of entries that are already in the cache.
until := now . Add ( endpointTrackerLifetime )
for _ , ep := range eps {
et . addLocked ( now , ep , until )
}
// Remove everything that has now expired.
et . removeExpiredLocked ( now )
return epsPlusCached
}
// add will store the provided endpoint(s) in the cache for a fixed period of
// time, and remove any entries in the cache that have expired.
//
// et.mu must be held.
func ( et * endpointTracker ) addLocked ( now time . Time , ep tailcfg . Endpoint , until time . Time ) {
// If we already have an entry for this endpoint, update the timeout on
// it; otherwise, add it.
entry , found := et . cache [ ep . Addr ]
if found {
entry . until = until
} else {
entry = endpointTrackerEntry { ep , until }
}
mak . Set ( & et . cache , ep . Addr , entry )
}
// removeExpired will remove all expired entries from the cache
//
// et.mu must be held
func ( et * endpointTracker ) removeExpiredLocked ( now time . Time ) {
for k , ep := range et . cache {
if now . After ( ep . until ) {
delete ( et . cache , k )
}
}
}
2020-12-14 02:51:24 +00:00
var (
metricNumPeers = clientmetric . NewGauge ( "magicsock_netmap_num_peers" )
metricNumDERPConns = clientmetric . NewGauge ( "magicsock_num_derp_conns" )
2022-04-22 18:40:49 +01:00
metricRebindCalls = clientmetric . NewCounter ( "magicsock_rebind_calls" )
metricReSTUNCalls = clientmetric . NewCounter ( "magicsock_restun_calls" )
metricUpdateEndpoints = clientmetric . NewCounter ( "magicsock_update_endpoints" )
2020-12-14 02:51:24 +00:00
// Sends (data or disco)
metricSendDERPQueued = clientmetric . NewCounter ( "magicsock_send_derp_queued" )
metricSendDERPErrorChan = clientmetric . NewCounter ( "magicsock_send_derp_error_chan" )
metricSendDERPErrorClosed = clientmetric . NewCounter ( "magicsock_send_derp_error_closed" )
metricSendDERPErrorQueue = clientmetric . NewCounter ( "magicsock_send_derp_error_queue" )
metricSendUDP = clientmetric . NewCounter ( "magicsock_send_udp" )
metricSendUDPError = clientmetric . NewCounter ( "magicsock_send_udp_error" )
2021-11-16 16:34:25 +00:00
metricSendDERP = clientmetric . NewCounter ( "magicsock_send_derp" )
metricSendDERPError = clientmetric . NewCounter ( "magicsock_send_derp_error" )
2020-12-14 02:51:24 +00:00
// Data packets (non-disco)
metricSendData = clientmetric . NewCounter ( "magicsock_send_data" )
metricSendDataNetworkDown = clientmetric . NewCounter ( "magicsock_send_data_network_down" )
metricRecvDataDERP = clientmetric . NewCounter ( "magicsock_recv_data_derp" )
metricRecvDataIPv4 = clientmetric . NewCounter ( "magicsock_recv_data_ipv4" )
metricRecvDataIPv6 = clientmetric . NewCounter ( "magicsock_recv_data_ipv6" )
// Disco packets
2021-12-20 17:29:31 +00:00
metricSendDiscoUDP = clientmetric . NewCounter ( "magicsock_disco_send_udp" )
metricSendDiscoDERP = clientmetric . NewCounter ( "magicsock_disco_send_derp" )
metricSentDiscoUDP = clientmetric . NewCounter ( "magicsock_disco_sent_udp" )
metricSentDiscoDERP = clientmetric . NewCounter ( "magicsock_disco_sent_derp" )
metricSentDiscoPing = clientmetric . NewCounter ( "magicsock_disco_sent_ping" )
metricSentDiscoPong = clientmetric . NewCounter ( "magicsock_disco_sent_pong" )
metricSentDiscoCallMeMaybe = clientmetric . NewCounter ( "magicsock_disco_sent_callmemaybe" )
metricRecvDiscoBadPeer = clientmetric . NewCounter ( "magicsock_disco_recv_bad_peer" )
metricRecvDiscoBadKey = clientmetric . NewCounter ( "magicsock_disco_recv_bad_key" )
metricRecvDiscoBadParse = clientmetric . NewCounter ( "magicsock_disco_recv_bad_parse" )
2020-12-14 02:51:24 +00:00
metricRecvDiscoUDP = clientmetric . NewCounter ( "magicsock_disco_recv_udp" )
metricRecvDiscoDERP = clientmetric . NewCounter ( "magicsock_disco_recv_derp" )
metricRecvDiscoPing = clientmetric . NewCounter ( "magicsock_disco_recv_ping" )
metricRecvDiscoPong = clientmetric . NewCounter ( "magicsock_disco_recv_pong" )
metricRecvDiscoCallMeMaybe = clientmetric . NewCounter ( "magicsock_disco_recv_callmemaybe" )
metricRecvDiscoCallMeMaybeBadNode = clientmetric . NewCounter ( "magicsock_disco_recv_callmemaybe_bad_node" )
metricRecvDiscoCallMeMaybeBadDisco = clientmetric . NewCounter ( "magicsock_disco_recv_callmemaybe_bad_disco" )
2023-03-25 02:11:48 +00:00
metricRecvDiscoDERPPeerNotHere = clientmetric . NewCounter ( "magicsock_disco_recv_derp_peer_not_here" )
metricRecvDiscoDERPPeerGoneUnknown = clientmetric . NewCounter ( "magicsock_disco_recv_derp_peer_gone_unknown" )
2021-11-16 16:34:25 +00:00
// metricDERPHomeChange is how many times our DERP home region DI has
// changed from non-zero to a different non-zero.
metricDERPHomeChange = clientmetric . NewCounter ( "derp_home_change" )
2022-08-29 15:57:54 +01:00
// Disco packets received bpf read path
metricRecvDiscoPacketIPv4 = clientmetric . NewCounter ( "magicsock_disco_recv_bpf_ipv4" )
metricRecvDiscoPacketIPv6 = clientmetric . NewCounter ( "magicsock_disco_recv_bpf_ipv6" )
2020-12-14 02:51:24 +00:00
)