TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-25 11:05:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

derp/derphttp: don't link websockets other than on GOOS=js

Browse Source 
Or unless the new "ts_debug_websockets" build tag is set.

Updates #1278

Change-Id: Ic4c4f81c1924250efd025b055585faec37a5491d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2024-11-07 16:49:47 -08:00 committed by Brad Fitzpatrick
parent c3306bfd15
commit 020cacbe70
11 changed files with 56 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/derper/depaware.txt
View File

@ -116,7 +116,7 @@ tailscale.com/cmd/derper dependencies: (generated by github.com/tailscale/depawa
tailscale.com/net/tlsdial/blockblame from tailscale.com/net/tlsdial tailscale.com/net/tlsdial/blockblame from tailscale.com/net/tlsdial
tailscale.com/net/tsaddr from tailscale.com/ipn+ tailscale.com/net/tsaddr from tailscale.com/ipn+
💣 tailscale.com/net/tshttpproxy from tailscale.com/derp/derphttp+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/derp/derphttp+
tailscale.com/net/wsconn from tailscale.com/cmd/derper+ tailscale.com/net/wsconn from tailscale.com/cmd/derper
tailscale.com/paths from tailscale.com/client/tailscale tailscale.com/paths from tailscale.com/client/tailscale
💣 tailscale.com/safesocket from tailscale.com/client/tailscale 💣 tailscale.com/safesocket from tailscale.com/client/tailscale
tailscale.com/syncs from tailscale.com/cmd/derper+ tailscale.com/syncs from tailscale.com/cmd/derper+

5
cmd/k8s-operator/depaware.txt
View File

@ -80,10 +80,6 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
github.com/beorn7/perks/quantile from github.com/prometheus/client_golang/prometheus github.com/beorn7/perks/quantile from github.com/prometheus/client_golang/prometheus
github.com/bits-and-blooms/bitset from github.com/gaissmai/bart github.com/bits-and-blooms/bitset from github.com/gaissmai/bart
💣 github.com/cespare/xxhash/v2 from github.com/prometheus/client_golang/prometheus 💣 github.com/cespare/xxhash/v2 from github.com/prometheus/client_golang/prometheus
L github.com/coder/websocket from tailscale.com/derp/derphttp+
L github.com/coder/websocket/internal/errd from github.com/coder/websocket
L github.com/coder/websocket/internal/util from github.com/coder/websocket
L github.com/coder/websocket/internal/xsync from github.com/coder/websocket
L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw
💣 github.com/davecgh/go-spew/spew from k8s.io/apimachinery/pkg/util/dump 💣 github.com/davecgh/go-spew/spew from k8s.io/apimachinery/pkg/util/dump
W 💣 github.com/dblohm7/wingoes from github.com/dblohm7/wingoes/com+ W 💣 github.com/dblohm7/wingoes from github.com/dblohm7/wingoes/com+
@ -741,7 +737,6 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
tailscale.com/net/tsdial from tailscale.com/control/controlclient+ tailscale.com/net/tsdial from tailscale.com/control/controlclient+
💣 tailscale.com/net/tshttpproxy from tailscale.com/clientupdate/distsign+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/clientupdate/distsign+
tailscale.com/net/tstun from tailscale.com/tsd+ tailscale.com/net/tstun from tailscale.com/tsd+
L tailscale.com/net/wsconn from tailscale.com/derp/derphttp
tailscale.com/omit from tailscale.com/ipn/conffile tailscale.com/omit from tailscale.com/ipn/conffile
tailscale.com/paths from tailscale.com/client/tailscale+ tailscale.com/paths from tailscale.com/client/tailscale+
💣 tailscale.com/portlist from tailscale.com/ipn/ipnlocal 💣 tailscale.com/portlist from tailscale.com/ipn/ipnlocal

7
cmd/tailscale/depaware.txt
View File

@ -5,10 +5,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
W 💣 github.com/alexbrainman/sspi from github.com/alexbrainman/sspi/internal/common+ W 💣 github.com/alexbrainman/sspi from github.com/alexbrainman/sspi/internal/common+
W github.com/alexbrainman/sspi/internal/common from github.com/alexbrainman/sspi/negotiate W github.com/alexbrainman/sspi/internal/common from github.com/alexbrainman/sspi/negotiate
W 💣 github.com/alexbrainman/sspi/negotiate from tailscale.com/net/tshttpproxy W 💣 github.com/alexbrainman/sspi/negotiate from tailscale.com/net/tshttpproxy
L github.com/coder/websocket from tailscale.com/derp/derphttp+
L github.com/coder/websocket/internal/errd from github.com/coder/websocket
L github.com/coder/websocket/internal/util from github.com/coder/websocket
L github.com/coder/websocket/internal/xsync from github.com/coder/websocket
L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw
W 💣 github.com/dblohm7/wingoes from github.com/dblohm7/wingoes/pe+ W 💣 github.com/dblohm7/wingoes from github.com/dblohm7/wingoes/pe+
W 💣 github.com/dblohm7/wingoes/pe from tailscale.com/util/winutil/authenticode W 💣 github.com/dblohm7/wingoes/pe from tailscale.com/util/winutil/authenticode
@ -125,7 +121,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
tailscale.com/net/tlsdial/blockblame from tailscale.com/net/tlsdial tailscale.com/net/tlsdial/blockblame from tailscale.com/net/tlsdial
tailscale.com/net/tsaddr from tailscale.com/client/web+ tailscale.com/net/tsaddr from tailscale.com/client/web+
💣 tailscale.com/net/tshttpproxy from tailscale.com/clientupdate/distsign+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/clientupdate/distsign+
L tailscale.com/net/wsconn from tailscale.com/derp/derphttp
tailscale.com/paths from tailscale.com/client/tailscale+ tailscale.com/paths from tailscale.com/client/tailscale+
💣 tailscale.com/safesocket from tailscale.com/client/tailscale+ 💣 tailscale.com/safesocket from tailscale.com/client/tailscale+
tailscale.com/syncs from tailscale.com/cmd/tailscale/cli+ tailscale.com/syncs from tailscale.com/cmd/tailscale/cli+
@ -326,7 +321,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
reflect from archive/tar+ reflect from archive/tar+
regexp from github.com/coreos/go-iptables/iptables+ regexp from github.com/coreos/go-iptables/iptables+
regexp/syntax from regexp regexp/syntax from regexp
runtime/debug from github.com/coder/websocket/internal/xsync+ runtime/debug from tailscale.com+
slices from tailscale.com/client/web+ slices from tailscale.com/client/web+
sort from compress/flate+ sort from compress/flate+
strconv from archive/tar+ strconv from archive/tar+

5
cmd/tailscaled/depaware.txt
View File

@ -79,10 +79,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
L github.com/aws/smithy-go/transport/http/internal/io from github.com/aws/smithy-go/transport/http L github.com/aws/smithy-go/transport/http/internal/io from github.com/aws/smithy-go/transport/http
L github.com/aws/smithy-go/waiter from github.com/aws/aws-sdk-go-v2/service/ssm L github.com/aws/smithy-go/waiter from github.com/aws/aws-sdk-go-v2/service/ssm
github.com/bits-and-blooms/bitset from github.com/gaissmai/bart github.com/bits-and-blooms/bitset from github.com/gaissmai/bart
L github.com/coder/websocket from tailscale.com/derp/derphttp+
L github.com/coder/websocket/internal/errd from github.com/coder/websocket
L github.com/coder/websocket/internal/util from github.com/coder/websocket
L github.com/coder/websocket/internal/xsync from github.com/coder/websocket
L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw L github.com/coreos/go-iptables/iptables from tailscale.com/util/linuxfw
LD 💣 github.com/creack/pty from tailscale.com/ssh/tailssh LD 💣 github.com/creack/pty from tailscale.com/ssh/tailssh
W 💣 github.com/dblohm7/wingoes from github.com/dblohm7/wingoes/com+ W 💣 github.com/dblohm7/wingoes from github.com/dblohm7/wingoes/com+
@ -328,7 +324,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/net/tsdial from tailscale.com/cmd/tailscaled+ tailscale.com/net/tsdial from tailscale.com/cmd/tailscaled+
💣 tailscale.com/net/tshttpproxy from tailscale.com/clientupdate/distsign+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/clientupdate/distsign+
tailscale.com/net/tstun from tailscale.com/cmd/tailscaled+ tailscale.com/net/tstun from tailscale.com/cmd/tailscaled+
L tailscale.com/net/wsconn from tailscale.com/derp/derphttp
tailscale.com/omit from tailscale.com/ipn/conffile tailscale.com/omit from tailscale.com/ipn/conffile
tailscale.com/paths from tailscale.com/client/tailscale+ tailscale.com/paths from tailscale.com/client/tailscale+
💣 tailscale.com/portlist from tailscale.com/ipn/ipnlocal 💣 tailscale.com/portlist from tailscale.com/ipn/ipnlocal

5
control/controlhttp/client_js.go
View File

@ -12,6 +12,7 @@
"github.com/coder/websocket" "github.com/coder/websocket"
"tailscale.com/control/controlbase" "tailscale.com/control/controlbase"
"tailscale.com/control/controlhttp/controlhttpcommon"
"tailscale.com/net/wsconn" "tailscale.com/net/wsconn"
) )
@ -42,11 +43,11 @@ func (d *Dialer) Dial(ctx context.Context) (*ClientConn, error) {
// Can't set HTTP headers on the websocket request, so we have to to send // Can't set HTTP headers on the websocket request, so we have to to send
// the handshake via an HTTP header. // the handshake via an HTTP header.
RawQuery: url.Values{ RawQuery: url.Values{
handshakeHeaderName: []string{base64.StdEncoding.EncodeToString(init)}, controlhttpcommon.HandshakeHeaderName: []string{base64.StdEncoding.EncodeToString(init)},
}.Encode(), }.Encode(),
} }
wsConn, _, err := websocket.Dial(ctx, wsURL.String(), &websocket.DialOptions{ wsConn, _, err := websocket.Dial(ctx, wsURL.String(), &websocket.DialOptions{
Subprotocols: []string{upgradeHeaderValue}, Subprotocols: []string{controlhttpcommon.UpgradeHeaderValue},
}) })
if err != nil { if err != nil {
return nil, err return nil, err

2
control/controlhttp/controlhttpserver/controlhttpserver.go
View File

@ -3,7 +3,7 @@
//go:build !ios //go:build !ios
// Packet controlhttpserver contains the HTTP server side of the ts2021 control protocol. // Package controlhttpserver contains the HTTP server side of the ts2021 control protocol.
package controlhttpserver package controlhttpserver
import ( import (

5
derp/derphttp/derphttp_client.go
View File

@ -313,6 +313,9 @@ func (c *Client) preferIPv6() bool {
var dialWebsocketFunc func(ctx context.Context, urlStr string) (net.Conn, error) var dialWebsocketFunc func(ctx context.Context, urlStr string) (net.Conn, error)
func useWebsockets() bool { func useWebsockets() bool {
if !canWebsockets {
return false
}
if runtime.GOOS == "js" { if runtime.GOOS == "js" {
return true return true
} }
@ -383,7 +386,7 @@ func (c *Client) connect(ctx context.Context, caller string) (client *derp.Clien
var node *tailcfg.DERPNode // nil when using c.url to dial var node *tailcfg.DERPNode // nil when using c.url to dial
var idealNodeInRegion bool var idealNodeInRegion bool
switch { switch {
case useWebsockets(): case canWebsockets && useWebsockets():
var urlStr string var urlStr string
if c.url != nil { if c.url != nil {
urlStr = c.url.String() urlStr = c.url.String()

22
derp/derphttp/derphttp_test.go
View File

@ -17,7 +17,9 @@
"tailscale.com/derp" "tailscale.com/derp"
"tailscale.com/net/netmon" "tailscale.com/net/netmon"
"tailscale.com/tstest/deptest"
"tailscale.com/types/key" "tailscale.com/types/key"
"tailscale.com/util/set"
) )
func TestSendRecv(t *testing.T) { func TestSendRecv(t *testing.T) {
@ -485,3 +487,23 @@ func TestProbe(t *testing.T) {
} }
} }
} }
func TestDeps(t *testing.T) {
deptest.DepChecker{
GOOS: "darwin",
GOARCH: "arm64",
BadDeps: map[string]string{
"github.com/coder/websocket": "shouldn't link websockets except on js/wasm",
},
}.Check(t)
deptest.DepChecker{
GOOS: "darwin",
GOARCH: "arm64",
Tags: "ts_debug_websockets",
WantDeps: set.Of(
"github.com/coder/websocket",
),
}.Check(t)
}

4
derp/derphttp/websocket.go
View File

@ -1,7 +1,7 @@
// Copyright (c) Tailscale Inc & AUTHORS // Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause // SPDX-License-Identifier: BSD-3-Clause
//go:build linux || js //go:build js || ((linux || darwin) && ts_debug_websockets)
package derphttp package derphttp
@ -14,6 +14,8 @@
"tailscale.com/net/wsconn" "tailscale.com/net/wsconn"
) )
const canWebsockets = true
func init() { func init() {
dialWebsocketFunc = dialWebsocket dialWebsocketFunc = dialWebsocket
} }

8
derp/derphttp/websocket_stub.go Normal file
View File

@ -0,0 +1,8 @@
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
//go:build !(js || ((linux || darwin) && ts_debug_websockets))
package derphttp
const canWebsockets = false

17
tstest/deptest/deptest.go
View File

@ -13,15 +13,19 @@
"path/filepath" "path/filepath"
"regexp" "regexp"
"runtime" "runtime"
"slices"
"strings" "strings"
"testing" "testing"
"tailscale.com/util/set"
) )
type DepChecker struct { type DepChecker struct {
GOOS string // optional GOOS string // optional
GOARCH string // optional GOARCH string // optional
BadDeps map[string]string // package => why BadDeps map[string]string // package => why
Tags string // comma-separated WantDeps set.Set[string] // packages expected
Tags string // comma-separated
} }
func (c DepChecker) Check(t *testing.T) { func (c DepChecker) Check(t *testing.T) {
@ -55,6 +59,11 @@ func (c DepChecker) Check(t *testing.T) {
t.Errorf("package %q is not allowed as a dependency (env: %q); reason: %s", dep, extraEnv, why) t.Errorf("package %q is not allowed as a dependency (env: %q); reason: %s", dep, extraEnv, why)
} }
} }
for dep := range c.WantDeps {
if !slices.Contains(res.Deps, dep) {
t.Errorf("expected package %q to be a dependency (env: %q)", dep, extraEnv)
}
}
t.Logf("got %d dependencies", len(res.Deps)) t.Logf("got %d dependencies", len(res.Deps))
} }