derp,magicsock: add debug envknobs for HTTP and derp server name (#7744)

Make developing derp easier by: 1. Creating an envknob telling clients to use HTTP to connect to derp servers, so devs don't have to acquire a valid TLS cert. 2. Creating an envknob telling clients which derp server to connect to, so devs don't have to edit the ACLs in the admin console to add a custom DERP map. 3. Explaining how the -dev and -a command lines args to derper interact. To use this: 1. Run derper with -dev. 2. Run tailscaled with TS_DEBUG_USE_DERP_HTTP=1 and TS_DEBUG_USE_DERP_ADDR=localhost This will result in the client connecting to derp via HTTP on port 3340. Fixes #7700 Signed-off-by: Val <valerie@tailscale.com>
2025-12-01 09:32:08 +00:00 · 2023-04-04 17:10:50 -07:00
parent f475e5550c
commit 7bfb7744b7
5 changed files with 49 additions and 6 deletions
--- a/wgengine/magicsock/debugknobs.go
+++ b/wgengine/magicsock/debugknobs.go
@@ -33,13 +33,19 @@ var (
 	debugReSTUNStopOnIdle = envknob.RegisterBool("TS_DEBUG_RESTUN_STOP_ON_IDLE")
 	// debugAlwaysDERP disables the use of UDP, forcing all peer communication over DERP.
 	debugAlwaysDERP = envknob.RegisterBool("TS_DEBUG_ALWAYS_USE_DERP")
+	// debugDERPAddr sets the derp address manually, overriding the DERP map from control.
+	debugUseDERPAddr = envknob.RegisterString("TS_DEBUG_USE_DERP_ADDR")
+	// debugDERPUseHTTP tells clients to connect to DERP via HTTP on port 3340 instead of
+	// HTTPS on 443.
+	debugUseDERPHTTP = envknob.RegisterBool("TS_DEBUG_USE_DERP_HTTP")
 	// debugEnableSilentDisco disables the use of heartbeatTimer on the endpoint struct
 	// and attempts to handle disco silently. See issue #540 for details.
 	debugEnableSilentDisco = envknob.RegisterBool("TS_DEBUG_ENABLE_SILENT_DISCO")
-	// DebugSendCallMeUnknownPeer sends a CallMeMaybe to a
-	// non-existent destination every time we send a real
-	// CallMeMaybe to test the PeerGoneNotHere logic.
+	// debugSendCallMeUnknownPeer sends a CallMeMaybe to a non-existent destination every
+	// time we send a real CallMeMaybe to test the PeerGoneNotHere logic.
 	debugSendCallMeUnknownPeer = envknob.RegisterBool("TS_DEBUG_SEND_CALLME_UNKNOWN_PEER")
+	// Hey you! Adding a new debugknob? Make sure to stub it out in the debugknob_stubs.go
+	// file too.
 )

 // inTest reports whether the running program is a test that set the
--- a/wgengine/magicsock/debugknobs_stubs.go
+++ b/wgengine/magicsock/debugknobs_stubs.go
@@ -16,8 +16,10 @@ func debugOmitLocalAddresses() bool    { return false }
 func logDerpVerbose() bool             { return false }
 func debugReSTUNStopOnIdle() bool      { return false }
 func debugAlwaysDERP() bool            { return false }
+func debugUseDERPHTTP() bool           { return false }
 func debugEnableSilentDisco() bool     { return false }
 func debugSendCallMeUnknownPeer() bool { return false }
+func debugUseDERPAddr() string         { return "" }
 func debugUseDerpRouteEnv() string     { return "" }
 func debugUseDerpRoute() opt.Bool      { return "" }
 func inTest() bool                     { return false }
--- a/wgengine/magicsock/magicsock.go
+++ b/wgengine/magicsock/magicsock.go
@@ -2572,6 +2572,29 @@ func (c *Conn) SetDERPMap(dm *tailcfg.DERPMap) {
 	c.mu.Lock()
 	defer c.mu.Unlock()

+	var derpAddr = debugUseDERPAddr()
+	if derpAddr != "" {
+		derpPort := 443
+		if debugUseDERPHTTP() {
+			// Match the port for -dev in derper.go
+			derpPort = 3340
+		}
+		dm = &tailcfg.DERPMap{
+			OmitDefaultRegions: true,
+			Regions: map[int]*tailcfg.DERPRegion{
+				999: {
+					RegionID: 999,
+					Nodes: []*tailcfg.DERPNode{{
+						Name:     "999dev",
+						RegionID: 999,
+						HostName: derpAddr,
+						DERPPort: derpPort,
+					}},
+				},
+			},
+		}
+	}
+
 	if reflect.DeepEqual(dm, c.derpMap) {
 		return
 	}