Start of netcheck package & including network state in Hostinfo.

* adds new packet "netcheck" to do the checking of UDP, IPv6, and
  nearest DERP server, and the Report type for all that (and more
  in the future, probably pulling in danderson's natprobe)
* new tailcfg.NetInfo type
* cmd/tailscale netcheck subcommand (tentative name, likely to
  change/move) to print out the netcheck.Report.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2020-02-25 14:05:17 -08:00 committed by Brad Fitzpatrick
parent a07af762e4
commit 14559340ee
10 changed files with 326 additions and 1 deletions

42
cmd/tailscale/netcheck.go Normal file
View File

@ -0,0 +1,42 @@
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package main // import "tailscale.com/cmd/tailscale"
import (
"context"
"fmt"
"log"
"sort"
"time"
"github.com/pborman/getopt/v2"
"tailscale.com/netcheck"
)
func isSubcommand(cmd string) bool {
return len(getopt.Args()) == 1 && getopt.Args()[0] == cmd
}
func netcheckCmd() {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
report, err := netcheck.GetReport(ctx, log.Printf)
if err != nil {
log.Fatal(err)
}
fmt.Printf("\nReport:\n")
fmt.Printf("\t* UDP: %v\n", report.UDP)
fmt.Printf("\t* IPv6: %v\n", report.IPv6)
fmt.Printf("\t* MappingVariesByDestIP: %v\n", report.MappingVariesByDestIP)
fmt.Printf("\t* DERP latency:\n")
var ss []string
for s := range report.DERPLatency {
ss = append(ss, s)
}
sort.Strings(ss)
for _, s := range ss {
fmt.Printf("\t\t- %s = %v\n", s, report.DERPLatency[s])
}
}

View File

@ -59,6 +59,11 @@ func main() {
nopf := getopt.BoolLong("no-packet-filter", 'F', "disable packet filter")
advroutes := getopt.ListLong("routes", 'r', "routes to advertise to other nodes (comma-separated, e.g. 10.0.0.0/8,192.168.1.0/24)")
getopt.Parse()
// TODO(bradfitz): move this into a proper subcommand system when we have that.
if isSubcommand("netcheck") {
netcheckCmd()
return
}
pol := logpolicy.New("tailnode.log.tailscale.io")
if len(getopt.Args()) > 0 {
log.Fatalf("too many non-flag arguments: %#v", getopt.Args()[0])

1
go.mod
View File

@ -20,6 +20,7 @@ require (
github.com/tailscale/wireguard-go v0.0.0-20200225215529-3ec48fad1002
golang.org/x/crypto v0.0.0-20200210222208-86ce3cb69678
golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
golang.org/x/sys v0.0.0-20200217220822-9197077df867
golang.org/x/time v0.0.0-20191024005414-555d28b269f0
gortc.io/stun v1.22.1

2
go.sum
View File

@ -125,6 +125,8 @@ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FY
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190310054646-10058d7d4faa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

View File

@ -35,6 +35,42 @@ func Tailscale() (net.IP, *net.Interface, error) {
return nil, nil, nil
}
// HaveIPv6GlobalAddress reports whether the machine appears to have a
// global scope unicast IPv6 address.
//
// It only returns an error if there's a problem querying the system
// interfaces.
func HaveIPv6GlobalAddress() (bool, error) {
ifs, err := net.Interfaces()
if err != nil {
return false, err
}
for _, iface := range ifs {
if isLoopbackInterfaceName(iface.Name) {
continue
}
addrs, err := iface.Addrs()
if err != nil {
continue
}
for _, a := range addrs {
ipnet, ok := a.(*net.IPNet)
if !ok {
continue
}
if ipnet.IP.To4() != nil || !ipnet.IP.IsGlobalUnicast() {
continue
}
return true, nil
}
}
return false, nil
}
func isLoopbackInterfaceName(s string) bool {
return strings.HasPrefix(s, "lo")
}
// maybeTailscaleInterfaceName reports whether s is an interface
// name that might be used by Tailscale.
func maybeTailscaleInterfaceName(s string) bool {

View File

@ -5,6 +5,7 @@
package ipn
import (
"context"
"errors"
"fmt"
"log"
@ -14,6 +15,7 @@ import (
"github.com/tailscale/wireguard-go/wgcfg"
"tailscale.com/control/controlclient"
"tailscale.com/netcheck"
"tailscale.com/portlist"
"tailscale.com/tailcfg"
"tailscale.com/types/empty"
@ -134,6 +136,7 @@ func (b *LocalBackend) Start(opts Options) error {
hi := controlclient.NewHostinfo()
hi.BackendLogID = b.backendLogID
hi.FrontendLogID = opts.FrontendLogID
b.populateNetworkConditions(hi)
b.mu.Lock()
@ -360,6 +363,7 @@ func (b *LocalBackend) popBrowserAuthNow() {
b.interact = 0
b.authURL = ""
b.mu.Unlock()
b.logf("popBrowserAuthNow: url=%v\n", url != "")
b.blockEngineUpdates(true)
@ -749,3 +753,33 @@ func (b *LocalBackend) assertClientLocked() {
panic("LocalBackend.assertClient: b.c == nil")
}
}
// populateNetworkConditions spends up to 2 seconds populating hi's
// network condition fields.
//
// TODO: this is currently just done once at start-up, not regularly on
// link changes. This will probably need to be moved & rethought. For now
// we're just gathering some data.
func (b *LocalBackend) populateNetworkConditions(hi *tailcfg.Hostinfo) {
logf := logger.WithPrefix(b.logf, "populateNetworkConditions: ")
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Second)
defer cancel()
report, err := netcheck.GetReport(ctx, logf)
if err != nil {
logf("GetReport: %v", err)
return
}
ni := &tailcfg.NetInfo{
DERPLatency: map[string]float64{},
MappingVariesByDestIP: report.MappingVariesByDestIP,
}
for server, d := range report.DERPLatency {
ni.DERPLatency[server] = d.Seconds()
}
ni.WorkingIPv6.Set(report.IPv6)
ni.WorkingUDP.Set(report.UDP)
hi.NetInfo = ni
}

25
ipn/local_test.go Normal file
View File

@ -0,0 +1,25 @@
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package ipn
import (
"flag"
"testing"
"tailscale.com/tailcfg"
)
var external = flag.Bool("external", false, "run external network tests")
func TestPopulateNetworkConditions(t *testing.T) {
if !*external {
t.Skip("skipping network test without -external flag")
}
b := &LocalBackend{logf: t.Logf}
hi := new(tailcfg.Hostinfo)
b.populateNetworkConditions(hi)
t.Logf("Got: %+v", hi)
}

137
netcheck/netcheck.go Normal file
View File

@ -0,0 +1,137 @@
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package netcheck checks the network conditions from the current host.
package netcheck
import (
"context"
"io"
"net"
"strings"
"sync"
"time"
"golang.org/x/sync/errgroup"
"tailscale.com/interfaces"
"tailscale.com/stunner"
"tailscale.com/types/logger"
"tailscale.com/types/opt"
)
type Report struct {
UDP bool // UDP works
IPv6 bool // IPv6 works
MappingVariesByDestIP opt.Bool // for IPv4
DERPLatency map[string]time.Duration // keyed by STUN host:port
}
func GetReport(ctx context.Context, logf logger.Logf) (*Report, error) {
closeOnCtx := func(c io.Closer) {
<-ctx.Done()
c.Close()
}
v6, err := interfaces.HaveIPv6GlobalAddress()
if err != nil {
logf("interfaces: %v", err)
}
var (
mu sync.Mutex
ret = &Report{
DERPLatency: map[string]time.Duration{},
}
gotIP = map[string]string{} // server -> IP
)
add := func(server, ip string, d time.Duration) {
logf("%s says we are %s (in %v)", server, ip, d)
mu.Lock()
defer mu.Unlock()
ret.UDP = true
ret.DERPLatency[server] = d
if strings.Contains(server, "-v6") {
ret.IPv6 = true
}
gotIP[server] = ip
}
var pc4, pc6 net.PacketConn
pc4, err = net.ListenPacket("udp4", ":0")
if err != nil {
logf("udp4: %v", err)
return nil, err
}
go closeOnCtx(pc4)
if v6 {
pc6, err = net.ListenPacket("udp6", ":0")
if err != nil {
logf("udp6: %v", err)
v6 = false
} else {
go closeOnCtx(pc6)
}
}
reader := func(s *stunner.Stunner, pc net.PacketConn) {
var buf [64 << 10]byte
for {
n, addr, err := pc.ReadFrom(buf[:])
if err != nil {
if ctx.Err() != nil {
return
}
logf("ReadFrom: %v", err)
return
}
ua, ok := addr.(*net.UDPAddr)
if !ok {
logf("ReadFrom: unexpected addr %T", addr)
continue
}
logf("Packet from %v: %q", ua, buf[:n])
s.Receive(buf[:n], ua)
}
}
var grp errgroup.Group
s4 := &stunner.Stunner{
Send: pc4.WriteTo,
Endpoint: add,
Servers: []string{"derp1.tailscale.com:3478", "derp2.tailscale.com:3478"},
Logf: logf,
}
grp.Go(func() error { return s4.Run(ctx) })
go reader(s4, pc4)
if v6 {
s6 := &stunner.Stunner{
Endpoint: add,
Send: pc6.WriteTo,
Servers: []string{"derp1-v6.tailscale.com:3478", "derp2-v6.tailscale.com:3478"},
Logf: logf,
OnlyIPv6: true,
}
grp.Go(func() error { return s6.Run(ctx) })
go reader(s6, pc6)
}
err = grp.Wait()
logf("stunner.Run: %v", err)
mu.Lock()
defer mu.Unlock() // unnecessary, but feels weird without
// TODO: generalize this to find at least two out of N DERP
// servers (where N will be 5+).
ip1 := gotIP["derp1.tailscale.com:3478"]
ip2 := gotIP["derp2.tailscale.com:3478"]
if ip1 != "" && ip2 != "" {
ret.MappingVariesByDestIP.Set(ip1 != ip2)
}
return ret, nil
}

View File

@ -14,6 +14,7 @@ import (
"github.com/tailscale/wireguard-go/wgcfg"
"golang.org/x/oauth2"
"tailscale.com/types/opt"
"tailscale.com/wgengine/filter"
)
@ -222,11 +223,49 @@ type Hostinfo struct {
Hostname string // name of the host the client runs on
RoutableIPs []wgcfg.CIDR `json:",omitempty"` // set of IP ranges this client can route
Services []Service `json:",omitempty"` // services advertised by this machine
NetInfo *NetInfo `json:",omitempty"`
// NOTE: any new fields containing pointers in this type
// require changes to Hostinfo.Copy and Hostinfo.Equal.
}
// NetInfo contains information about the host's network state.
type NetInfo struct {
// MappingVariesByDestIP says whether the host's NAT mappings
// vary based on the destination IP.
MappingVariesByDestIP opt.Bool
// WorkingIPv6 is whether IPv6 works.
WorkingIPv6 opt.Bool
// WorkingUDP is whether UDP works.
WorkingUDP opt.Bool
// DERPLatency is the fastest recent time to reach various
// DERP STUN servers, in seconds. The map key is the DERP
// server's STUN host:port.
//
// This should only be updated rarely, or when there's a
// material change, as any change here also gets uploaded to
// the control plane.
DERPLatency map[string]float64 `json:",omitempty"`
}
func (ni *NetInfo) Copy() (res *NetInfo) {
if ni == nil {
return nil
}
res = new(NetInfo)
*res = *ni
if ni.DERPLatency != nil {
res.DERPLatency = map[string]float64{}
for k, v := range ni.DERPLatency {
res.DERPLatency[k] = v
}
}
return res
}
// Copy makes a deep copy of Hostinfo.
// The result aliases no memory with the original.
func (h *Hostinfo) Copy() (res *Hostinfo) {
@ -235,6 +274,7 @@ func (h *Hostinfo) Copy() (res *Hostinfo) {
res.RoutableIPs = append([]wgcfg.CIDR{}, h.RoutableIPs...)
res.Services = append([]Service{}, h.Services...)
res.NetInfo = h.NetInfo.Copy()
return res
}

View File

@ -20,7 +20,10 @@ func fieldsOf(t reflect.Type) (fields []string) {
}
func TestHostinfoEqual(t *testing.T) {
hiHandles := []string{"IPNVersion", "FrontendLogID", "BackendLogID", "OS", "Hostname", "RoutableIPs", "Services"}
hiHandles := []string{
"IPNVersion", "FrontendLogID", "BackendLogID", "OS", "Hostname", "RoutableIPs", "Services",
"NetInfo",
}
if have := fieldsOf(reflect.TypeOf(Hostinfo{})); !reflect.DeepEqual(have, hiHandles) {
t.Errorf("Hostinfo.Equal check might be out of sync\nfields: %q\nhandled: %q\n",
have, hiHandles)