feature/{condregister,relayserver}: implement the skeleton for the relayserver feature (#15699)

This feature is "registered" as an ipnlocal.Extension, and conditionally linked depending on GOOS and ts_omit_relayserver build tag. The feature is not linked on iOS in attempt to limit the impact to binary size and resulting effect of pushing up against NetworkExtension limits. Eventually we will want to support the relay server on iOS, specifically on the Apple TV. Apple TVs are well-fitted to act as underlay relay servers as they are effectively always-on servers. This skeleton begins to tie a PeerAPI endpoint to a net/udprelay.Server. The PeerAPI endpoint is currently no-op as extension.shouldRunRelayServer() always returns false. Follow-up commits will implement extension.shouldRunRelayServer(). Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-14 06:57:31 +00:00 · 2025-04-16 09:50:48 -07:00
parent 450bcbcb08
commit 37f5fd2ec1
5 changed files with 168 additions and 2 deletions
--- a/feature/condregister/maybe_relayserver.go
+++ b/feature/condregister/maybe_relayserver.go
@@ -0,0 +1,8 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build !ios && !ts_omit_relayserver
+
+package condregister
+
+import _ "tailscale.com/feature/relayserver"
--- a/feature/relayserver/relayserver.go
+++ b/feature/relayserver/relayserver.go
@@ -0,0 +1,154 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Package relayserver registers the relay server feature and implements its
+// associated ipnext.Extension.
+package relayserver
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"net/http"
+	"net/netip"
+	"sync"
+
+	"tailscale.com/feature"
+	"tailscale.com/ipn/ipnext"
+	"tailscale.com/ipn/ipnlocal"
+	"tailscale.com/net/udprelay"
+	"tailscale.com/tailcfg"
+	"tailscale.com/tsd"
+	"tailscale.com/types/key"
+	"tailscale.com/types/logger"
+	"tailscale.com/util/httpm"
+)
+
+// featureName is the name of the feature implemented by this package.
+// It is also the [extension] name and the log prefix.
+const featureName = "relayserver"
+
+func init() {
+	feature.Register(featureName)
+	ipnext.RegisterExtension(featureName, newExtension)
+	ipnlocal.RegisterPeerAPIHandler("/v0/relay/endpoint", handlePeerAPIRelayAllocateEndpoint)
+}
+
+// newExtension is an [ipnext.NewExtensionFn] that creates a new relay server
+// extension. It is registered with [ipnext.RegisterExtension] if the package is
+// imported.
+func newExtension(logf logger.Logf, _ *tsd.System) (ipnext.Extension, error) {
+	return &extension{logf: logger.WithPrefix(logf, featureName+": ")}, nil
+}
+
+// extension is an [ipnext.Extension] managing the relay server on platforms
+// that import this package.
+type extension struct {
+	logf logger.Logf
+
+	mu       sync.Mutex // guards the following fields
+	shutdown bool
+	port     int
+	server   *udprelay.Server // lazily initialized
+}
+
+// Name implements [ipnext.Extension].
+func (e *extension) Name() string {
+	return featureName
+}
+
+// Init implements [ipnext.Extension] by registering callbacks and providers
+// for the duration of the extension's lifetime.
+func (e *extension) Init(_ ipnext.Host) error {
+	return nil
+}
+
+// Shutdown implements [ipnlocal.Extension].
+func (e *extension) Shutdown() error {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	e.shutdown = true
+	if e.server != nil {
+		e.server.Close()
+		e.server = nil
+	}
+	return nil
+}
+
+func (e *extension) shouldRunRelayServer() bool {
+	// TODO(jwhited): consider:
+	//  1. tailcfg.NodeAttrRelayServer
+	//  2. ipn.Prefs.RelayServerPort
+	//  3. envknob.UseWIPCode()
+	//  4. e.shutdown
+	return false
+}
+
+func (e *extension) relayServerOrInit() (*udprelay.Server, error) {
+	e.mu.Lock()
+	defer e.mu.Unlock()
+	if e.shutdown {
+		return nil, errors.New("relay server is shutdown")
+	}
+	if e.server != nil {
+		return e.server, nil
+	}
+	var err error
+	e.server, _, err = udprelay.NewServer(e.port, []netip.Addr{netip.MustParseAddr("127.0.0.1")})
+	if err != nil {
+		return nil, err
+	}
+	return e.server, nil
+}
+
+func handlePeerAPIRelayAllocateEndpoint(h ipnlocal.PeerAPIHandler, w http.ResponseWriter, r *http.Request) {
+	// TODO(jwhited): log errors
+	e, ok := h.LocalBackend().FindExtensionByName(featureName).(*extension)
+	if !ok {
+		http.Error(w, "relay failed to initialize", http.StatusServiceUnavailable)
+		return
+	}
+
+	if !e.shouldRunRelayServer() {
+		http.Error(w, "relay not enabled", http.StatusNotFound)
+		return
+	}
+
+	if !h.PeerCaps().HasCapability(tailcfg.PeerCapabilityRelay) {
+		http.Error(w, "relay not permitted", http.StatusForbidden)
+		return
+	}
+
+	if r.Method != httpm.POST {
+		http.Error(w, "only POST method is allowed", http.StatusMethodNotAllowed)
+		return
+	}
+
+	var allocateEndpointReq struct {
+		DiscoKeys []key.DiscoPublic
+	}
+	err := json.NewDecoder(io.LimitReader(r.Body, 512)).Decode(&allocateEndpointReq)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusBadRequest)
+		return
+	}
+	if len(allocateEndpointReq.DiscoKeys) != 2 {
+		http.Error(w, "2 disco public keys must be supplied", http.StatusBadRequest)
+		return
+	}
+
+	rs, err := e.relayServerOrInit()
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	ep, err := rs.AllocateEndpoint(allocateEndpointReq.DiscoKeys[0], allocateEndpointReq.DiscoKeys[1])
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	err = json.NewEncoder(w).Encode(&ep)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+	}
+}