2023-01-27 21:37:20 +00:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2020-08-08 03:44:04 +00:00
|
|
|
|
|
|
|
package controlclient
|
|
|
|
|
|
|
|
import (
|
2023-03-02 21:24:26 +00:00
|
|
|
"crypto/ed25519"
|
2021-02-05 23:44:46 +00:00
|
|
|
"encoding/json"
|
2021-07-16 14:51:54 +00:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 04:14:09 +00:00
|
|
|
"net/netip"
|
2020-08-08 03:44:04 +00:00
|
|
|
"testing"
|
2021-07-16 14:51:54 +00:00
|
|
|
"time"
|
2020-08-08 03:44:04 +00:00
|
|
|
|
2021-08-20 17:34:13 +00:00
|
|
|
"tailscale.com/hostinfo"
|
2021-07-16 14:51:54 +00:00
|
|
|
"tailscale.com/ipn/ipnstate"
|
2022-04-27 18:57:59 +00:00
|
|
|
"tailscale.com/net/tsdial"
|
2020-08-08 03:44:04 +00:00
|
|
|
"tailscale.com/tailcfg"
|
2021-09-03 20:17:46 +00:00
|
|
|
"tailscale.com/types/key"
|
2020-08-08 03:44:04 +00:00
|
|
|
)
|
|
|
|
|
2021-01-08 13:49:29 +00:00
|
|
|
func TestNewDirect(t *testing.T) {
|
2021-08-20 17:34:13 +00:00
|
|
|
hi := hostinfo.New()
|
2021-01-08 13:49:29 +00:00
|
|
|
ni := tailcfg.NetInfo{LinkType: "wired"}
|
|
|
|
hi.NetInfo = &ni
|
|
|
|
|
2021-09-03 20:17:46 +00:00
|
|
|
k := key.NewMachine()
|
2021-03-31 15:51:22 +00:00
|
|
|
opts := Options{
|
|
|
|
ServerURL: "https://example.com",
|
|
|
|
Hostinfo: hi,
|
2021-09-03 20:17:46 +00:00
|
|
|
GetMachinePrivateKey: func() (key.MachinePrivate, error) {
|
|
|
|
return k, nil
|
2021-03-31 15:51:22 +00:00
|
|
|
},
|
2022-04-27 18:57:59 +00:00
|
|
|
Dialer: new(tsdial.Dialer),
|
2021-03-31 15:51:22 +00:00
|
|
|
}
|
2021-01-08 13:49:29 +00:00
|
|
|
c, err := NewDirect(opts)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if c.serverURL != opts.ServerURL {
|
|
|
|
t.Errorf("c.serverURL got %v want %v", c.serverURL, opts.ServerURL)
|
|
|
|
}
|
|
|
|
|
|
|
|
if !hi.Equal(c.hostinfo) {
|
|
|
|
t.Errorf("c.hostinfo got %v want %v", c.hostinfo, hi)
|
|
|
|
}
|
|
|
|
|
|
|
|
changed := c.SetNetInfo(&ni)
|
|
|
|
if changed {
|
|
|
|
t.Errorf("c.SetNetInfo(ni) want false got %v", changed)
|
|
|
|
}
|
|
|
|
ni = tailcfg.NetInfo{LinkType: "wifi"}
|
|
|
|
changed = c.SetNetInfo(&ni)
|
|
|
|
if !changed {
|
|
|
|
t.Errorf("c.SetNetInfo(ni) want true got %v", changed)
|
|
|
|
}
|
|
|
|
|
|
|
|
changed = c.SetHostinfo(hi)
|
|
|
|
if changed {
|
|
|
|
t.Errorf("c.SetHostinfo(hi) want false got %v", changed)
|
|
|
|
}
|
2021-08-20 17:34:13 +00:00
|
|
|
hi = hostinfo.New()
|
2021-01-08 13:49:29 +00:00
|
|
|
hi.Hostname = "different host name"
|
|
|
|
changed = c.SetHostinfo(hi)
|
|
|
|
if !changed {
|
|
|
|
t.Errorf("c.SetHostinfo(hi) want true got %v", changed)
|
|
|
|
}
|
|
|
|
|
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 20:24:29 +00:00
|
|
|
endpoints := fakeEndpoints(1, 2, 3)
|
2022-06-19 23:31:54 +00:00
|
|
|
changed = c.newEndpoints(endpoints)
|
2021-01-08 13:49:29 +00:00
|
|
|
if !changed {
|
2022-06-19 23:31:54 +00:00
|
|
|
t.Errorf("c.newEndpoints want true got %v", changed)
|
2021-01-08 13:49:29 +00:00
|
|
|
}
|
2022-06-19 23:31:54 +00:00
|
|
|
changed = c.newEndpoints(endpoints)
|
2021-01-08 13:49:29 +00:00
|
|
|
if changed {
|
2022-06-19 23:31:54 +00:00
|
|
|
t.Errorf("c.newEndpoints want false got %v", changed)
|
2021-01-08 13:49:29 +00:00
|
|
|
}
|
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 20:24:29 +00:00
|
|
|
endpoints = fakeEndpoints(4, 5, 6)
|
2022-06-19 23:31:54 +00:00
|
|
|
changed = c.newEndpoints(endpoints)
|
2021-01-08 13:49:29 +00:00
|
|
|
if !changed {
|
2022-06-19 23:31:54 +00:00
|
|
|
t.Errorf("c.newEndpoints want true got %v", changed)
|
2021-01-08 13:49:29 +00:00
|
|
|
}
|
|
|
|
}
|
2021-02-05 23:44:46 +00:00
|
|
|
|
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 20:24:29 +00:00
|
|
|
func fakeEndpoints(ports ...uint16) (ret []tailcfg.Endpoint) {
|
|
|
|
for _, port := range ports {
|
|
|
|
ret = append(ret, tailcfg.Endpoint{
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 04:14:09 +00:00
|
|
|
Addr: netip.AddrPortFrom(netip.Addr{}, port),
|
tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 20:24:29 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2021-07-16 14:51:54 +00:00
|
|
|
func TestTsmpPing(t *testing.T) {
|
2021-08-20 17:34:13 +00:00
|
|
|
hi := hostinfo.New()
|
2021-07-16 14:51:54 +00:00
|
|
|
ni := tailcfg.NetInfo{LinkType: "wired"}
|
|
|
|
hi.NetInfo = &ni
|
|
|
|
|
2021-09-03 20:17:46 +00:00
|
|
|
k := key.NewMachine()
|
2021-07-16 14:51:54 +00:00
|
|
|
opts := Options{
|
|
|
|
ServerURL: "https://example.com",
|
|
|
|
Hostinfo: hi,
|
2021-09-03 20:17:46 +00:00
|
|
|
GetMachinePrivateKey: func() (key.MachinePrivate, error) {
|
|
|
|
return k, nil
|
2021-07-16 14:51:54 +00:00
|
|
|
},
|
2022-04-27 18:57:59 +00:00
|
|
|
Dialer: new(tsdial.Dialer),
|
2021-07-16 14:51:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
c, err := NewDirect(opts)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
|
2022-04-15 16:00:27 +00:00
|
|
|
pingRes := &tailcfg.PingResponse{
|
|
|
|
Type: "TSMP",
|
2021-07-16 14:51:54 +00:00
|
|
|
IP: "123.456.7890",
|
|
|
|
Err: "",
|
|
|
|
NodeName: "testnode",
|
|
|
|
}
|
|
|
|
|
|
|
|
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
defer r.Body.Close()
|
|
|
|
body := new(ipnstate.PingResult)
|
|
|
|
if err := json.NewDecoder(r.Body).Decode(body); err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
if pingRes.IP != body.IP {
|
|
|
|
t.Fatalf("PingResult did not have the correct IP : got %v, expected : %v", body.IP, pingRes.IP)
|
|
|
|
}
|
|
|
|
w.WriteHeader(200)
|
|
|
|
}))
|
|
|
|
defer ts.Close()
|
|
|
|
|
|
|
|
now := time.Now()
|
|
|
|
|
|
|
|
pr := &tailcfg.PingRequest{
|
|
|
|
URL: ts.URL,
|
|
|
|
}
|
|
|
|
|
|
|
|
err = postPingResult(now, t.Logf, c.httpc, pr, pingRes)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
}
|
2023-03-02 21:24:26 +00:00
|
|
|
|
|
|
|
func TestDecodeWrappedAuthkey(t *testing.T) {
|
|
|
|
k, isWrapped, sig, priv := decodeWrappedAuthkey("tskey-32mjsdkdsffds9o87dsfkjlh", nil)
|
|
|
|
if want := "tskey-32mjsdkdsffds9o87dsfkjlh"; k != want {
|
|
|
|
t.Errorf("decodeWrappedAuthkey(<unwrapped-key>).key = %q, want %q", k, want)
|
|
|
|
}
|
|
|
|
if isWrapped {
|
|
|
|
t.Error("decodeWrappedAuthkey(<unwrapped-key>).isWrapped = true, want false")
|
|
|
|
}
|
|
|
|
if sig != nil {
|
|
|
|
t.Errorf("decodeWrappedAuthkey(<unwrapped-key>).sig = %v, want nil", sig)
|
|
|
|
}
|
|
|
|
if priv != nil {
|
|
|
|
t.Errorf("decodeWrappedAuthkey(<unwrapped-key>).priv = %v, want nil", priv)
|
|
|
|
}
|
|
|
|
|
|
|
|
k, isWrapped, sig, priv = decodeWrappedAuthkey("tskey-auth-k7UagY1CNTRL-ZZZZZ--TLpAEDA1ggnXuw4/fWnNWUwcoOjLemhOvml1juMl5lhLmY5sBUsj8EWEAfL2gdeD9g8VDw5tgcxCiHGlEb67BgU2DlFzZApi4LheLJraA+pYjTGChVhpZz1iyiBPD+U2qxDQAbM3+WFY0EBlggxmVqG53Hu0Rg+KmHJFMlUhfgzo+AQP6+Kk9GzvJJOs4-k36RdoSFqaoARfQo0UncHAV0t3YTqrkD5r/z2jTrE43GZWobnce7RGD4qYckUyVSF+DOj4BA/r4qT0bO8kk6zg", nil)
|
|
|
|
if want := "tskey-auth-k7UagY1CNTRL-ZZZZZ"; k != want {
|
|
|
|
t.Errorf("decodeWrappedAuthkey(<wrapped-key>).key = %q, want %q", k, want)
|
|
|
|
}
|
|
|
|
if !isWrapped {
|
|
|
|
t.Error("decodeWrappedAuthkey(<wrapped-key>).isWrapped = false, want true")
|
|
|
|
}
|
|
|
|
|
|
|
|
if sig == nil {
|
|
|
|
t.Fatal("decodeWrappedAuthkey(<wrapped-key>).sig = nil, want non-nil signature")
|
|
|
|
}
|
|
|
|
sigHash := sig.SigHash()
|
|
|
|
if !ed25519.Verify(sig.KeyID, sigHash[:], sig.Signature) {
|
|
|
|
t.Error("signature failed to verify")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Make sure the private is correct by using it.
|
|
|
|
someSig := ed25519.Sign(priv, []byte{1, 2, 3, 4})
|
|
|
|
if !ed25519.Verify(sig.WrappingPubkey, []byte{1, 2, 3, 4}, someSig) {
|
|
|
|
t.Error("failed to use priv")
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|