| 
									
										
										
										
											2023-01-27 13:37:20 -08:00
										 |  |  | // Copyright (c) Tailscale Inc & AUTHORS | 
					
						
							|  |  |  | // SPDX-License-Identifier: BSD-3-Clause | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 
 | 
					
						
							|  |  |  | package main | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"context" | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	"encoding/binary" | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 	"encoding/json" | 
					
						
							|  |  |  | 	"expvar" | 
					
						
							|  |  |  | 	"log" | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	"math/rand/v2" | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 	"net" | 
					
						
							|  |  |  | 	"net/http" | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	"net/netip" | 
					
						
							|  |  |  | 	"strconv" | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 	"strings" | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	"sync/atomic" | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 	"time" | 
					
						
							| 
									
										
										
										
											2022-08-04 10:43:49 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	"tailscale.com/syncs" | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	"tailscale.com/util/mak" | 
					
						
							| 
									
										
										
										
											2023-03-03 13:15:56 -05:00
										 |  |  | 	"tailscale.com/util/slicesx" | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | const refreshTimeout = time.Minute | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | type dnsEntryMap struct { | 
					
						
							|  |  |  | 	IPs     map[string][]net.IP | 
					
						
							|  |  |  | 	Percent map[string]float64 // "foo.com" => 0.5 for 50% | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  | var ( | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	dnsCache            atomic.Pointer[dnsEntryMap] | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 	dnsCacheBytes       syncs.AtomicValue[[]byte] // of JSON | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	unpublishedDNSCache atomic.Pointer[dnsEntryMap] | 
					
						
							| 
									
										
										
										
											2023-08-17 04:11:32 -07:00
										 |  |  | 	bootstrapLookupMap  syncs.Map[string, bool] | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | var ( | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	bootstrapDNSRequests        = expvar.NewInt("counter_bootstrap_dns_requests") | 
					
						
							|  |  |  | 	publishedDNSHits            = expvar.NewInt("counter_bootstrap_dns_published_hits") | 
					
						
							|  |  |  | 	publishedDNSMisses          = expvar.NewInt("counter_bootstrap_dns_published_misses") | 
					
						
							|  |  |  | 	unpublishedDNSHits          = expvar.NewInt("counter_bootstrap_dns_unpublished_hits") | 
					
						
							|  |  |  | 	unpublishedDNSMisses        = expvar.NewInt("counter_bootstrap_dns_unpublished_misses") | 
					
						
							|  |  |  | 	unpublishedDNSPercentMisses = expvar.NewInt("counter_bootstrap_dns_unpublished_percent_misses") | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | ) | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-08-17 04:11:32 -07:00
										 |  |  | func init() { | 
					
						
							|  |  |  | 	expvar.Publish("counter_bootstrap_dns_queried_domains", expvar.Func(func() any { | 
					
						
							|  |  |  | 		return bootstrapLookupMap.Len() | 
					
						
							|  |  |  | 	})) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | func refreshBootstrapDNSLoop() { | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 	if *bootstrapDNS == "" && *unpublishedDNS == "" { | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	for { | 
					
						
							|  |  |  | 		refreshBootstrapDNS() | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 		refreshUnpublishedDNS() | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 		time.Sleep(10 * time.Minute) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func refreshBootstrapDNS() { | 
					
						
							|  |  |  | 	if *bootstrapDNS == "" { | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 	ctx, cancel := context.WithTimeout(context.Background(), refreshTimeout) | 
					
						
							|  |  |  | 	defer cancel() | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	dnsEntries := resolveList(ctx, *bootstrapDNS) | 
					
						
							| 
									
										
										
										
											2023-03-02 23:36:12 -05:00
										 |  |  | 	// Randomize the order of the IPs for each name to avoid the client biasing | 
					
						
							|  |  |  | 	// to IPv6 | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	for _, vv := range dnsEntries.IPs { | 
					
						
							|  |  |  | 		slicesx.Shuffle(vv) | 
					
						
							| 
									
										
										
										
											2023-03-02 23:36:12 -05:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	j, err := json.MarshalIndent(dnsEntries.IPs, "", "\t") | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		// leave the old values in place | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	dnsCache.Store(dnsEntries) | 
					
						
							|  |  |  | 	dnsCacheBytes.Store(j) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func refreshUnpublishedDNS() { | 
					
						
							|  |  |  | 	if *unpublishedDNS == "" { | 
					
						
							|  |  |  | 		return | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	ctx, cancel := context.WithTimeout(context.Background(), refreshTimeout) | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 	defer cancel() | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	dnsEntries := resolveList(ctx, *unpublishedDNS) | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 	unpublishedDNSCache.Store(dnsEntries) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | // resolveList takes a comma-separated list of DNS names to resolve. | 
					
						
							|  |  |  | // | 
					
						
							|  |  |  | // If an entry contains a slash, it's two DNS names: the first is the one to | 
					
						
							|  |  |  | // resolve and the second is that of a TXT recording containing the rollout | 
					
						
							|  |  |  | // percentage in range "0".."100". If the TXT record doesn't exist or is | 
					
						
							|  |  |  | // malformed, the percentage is 0. If the TXT record is not provided (there's no | 
					
						
							|  |  |  | // slash), then the percentage is 100. | 
					
						
							|  |  |  | func resolveList(ctx context.Context, list string) *dnsEntryMap { | 
					
						
							|  |  |  | 	ents := strings.Split(list, ",") | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	ret := &dnsEntryMap{} | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 	var r net.Resolver | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	for _, ent := range ents { | 
					
						
							|  |  |  | 		name, txtName, _ := strings.Cut(ent, "/") | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 		addrs, err := r.LookupIP(ctx, "ip", name) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			log.Printf("bootstrap DNS lookup %q: %v", name, err) | 
					
						
							|  |  |  | 			continue | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 		mak.Set(&ret.IPs, name, addrs) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		if txtName == "" { | 
					
						
							|  |  |  | 			mak.Set(&ret.Percent, name, 1.0) | 
					
						
							|  |  |  | 			continue | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		vals, err := r.LookupTXT(ctx, txtName) | 
					
						
							|  |  |  | 		if err != nil { | 
					
						
							|  |  |  | 			log.Printf("bootstrap DNS lookup %q: %v", txtName, err) | 
					
						
							|  |  |  | 			continue | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		for _, v := range vals { | 
					
						
							|  |  |  | 			if v, err := strconv.Atoi(v); err == nil && v >= 0 && v <= 100 { | 
					
						
							|  |  |  | 				mak.Set(&ret.Percent, name, float64(v)/100) | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 	} | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 	return ret | 
					
						
							| 
									
										
										
										
											2022-02-11 12:30:36 -08:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-11 12:30:36 -08:00
										 |  |  | func handleBootstrapDNS(w http.ResponseWriter, r *http.Request) { | 
					
						
							|  |  |  | 	bootstrapDNSRequests.Add(1) | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-02-11 14:14:04 -08:00
										 |  |  | 	w.Header().Set("Content-Type", "application/json") | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 	// Bootstrap DNS requests occur cross-regions, and are randomized per | 
					
						
							|  |  |  | 	// request, so keeping a connection open is pointlessly expensive. | 
					
						
							| 
									
										
										
										
											2022-02-11 14:06:53 -08:00
										 |  |  | 	w.Header().Set("Connection", "close") | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	// Try answering a query from our hidden map first | 
					
						
							|  |  |  | 	if q := r.URL.Query().Get("q"); q != "" { | 
					
						
							| 
									
										
										
										
											2023-08-17 04:11:32 -07:00
										 |  |  | 		bootstrapLookupMap.Store(q, true) | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 		if bootstrapLookupMap.Len() > 500 { // defensive | 
					
						
							|  |  |  | 			bootstrapLookupMap.Clear() | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		if m := unpublishedDNSCache.Load(); m != nil && len(m.IPs[q]) > 0 { | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 			unpublishedDNSHits.Add(1) | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 			percent := m.Percent[q] | 
					
						
							|  |  |  | 			if remoteAddrMatchesPercent(r.RemoteAddr, percent) { | 
					
						
							|  |  |  | 				// Only return the specific query, not everything. | 
					
						
							|  |  |  | 				m := map[string][]net.IP{q: m.IPs[q]} | 
					
						
							|  |  |  | 				j, err := json.MarshalIndent(m, "", "\t") | 
					
						
							|  |  |  | 				if err == nil { | 
					
						
							|  |  |  | 					w.Write(j) | 
					
						
							|  |  |  | 					return | 
					
						
							|  |  |  | 				} | 
					
						
							|  |  |  | 			} else { | 
					
						
							|  |  |  | 				unpublishedDNSPercentMisses.Add(1) | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		// If we have a "q" query for a name in the published cache | 
					
						
							|  |  |  | 		// list, then track whether that's a hit/miss. | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 		m := dnsCache.Load() | 
					
						
							|  |  |  | 		var inPub bool | 
					
						
							|  |  |  | 		var ips []net.IP | 
					
						
							|  |  |  | 		if m != nil { | 
					
						
							|  |  |  | 			ips, inPub = m.IPs[q] | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		if inPub { | 
					
						
							|  |  |  | 			if len(ips) > 0 { | 
					
						
							| 
									
										
										
										
											2022-09-02 14:48:30 -04:00
										 |  |  | 				publishedDNSHits.Add(1) | 
					
						
							|  |  |  | 			} else { | 
					
						
							|  |  |  | 				publishedDNSMisses.Add(1) | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} else { | 
					
						
							|  |  |  | 			// If it wasn't in either cache, treat this as a query | 
					
						
							|  |  |  | 			// for the unpublished cache, and thus a cache miss. | 
					
						
							|  |  |  | 			unpublishedDNSMisses.Add(1) | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	// Fall back to returning the public set of cached DNS names | 
					
						
							|  |  |  | 	j := dnsCacheBytes.Load() | 
					
						
							| 
									
										
										
										
											2021-02-26 08:28:31 -08:00
										 |  |  | 	w.Write(j) | 
					
						
							|  |  |  | } | 
					
						
							| 
									
										
										
										
											2024-05-22 10:34:57 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | // percent is [0.0, 1.0]. | 
					
						
							|  |  |  | func remoteAddrMatchesPercent(remoteAddr string, percent float64) bool { | 
					
						
							|  |  |  | 	if percent == 0 { | 
					
						
							|  |  |  | 		return false | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	if percent == 1 { | 
					
						
							|  |  |  | 		return true | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	reqIPStr, _, err := net.SplitHostPort(remoteAddr) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return false | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	reqIP, err := netip.ParseAddr(reqIPStr) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return false | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	if reqIP.IsLoopback() { | 
					
						
							|  |  |  | 		// For local testing. | 
					
						
							|  |  |  | 		return rand.Float64() < 0.5 | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	reqIP16 := reqIP.As16() | 
					
						
							|  |  |  | 	rndSrc := rand.NewPCG(binary.LittleEndian.Uint64(reqIP16[:8]), binary.LittleEndian.Uint64(reqIP16[8:])) | 
					
						
							|  |  |  | 	rnd := rand.New(rndSrc) | 
					
						
							|  |  |  | 	return percent > rnd.Float64() | 
					
						
							|  |  |  | } |