vnet: add control/derps to test, stateful firewall

Updates #13038

Change-Id: Icd65b34c5f03498b5a7109785bb44692bce8911a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

cmd/tta/tta.go

@@ -11,6 +11,7 @@
 package main
 
 import (
+	"bufio"
 	"bytes"
 	"errors"
 	"flag"
@@ -19,12 +20,18 @@ import (
 	"log"
 	"net"
 	"net/http"
+	"net/http/httputil"
+	"net/url"
 	"os"
 	"os/exec"
+	"regexp"
 	"strings"
 	"sync"
 	"time"
 
+	"github.com/mitchellh/go-ps"
+	"tailscale.com/client/tailscale"
+	"tailscale.com/util/must"
 	"tailscale.com/util/set"
 	"tailscale.com/version/distro"
 )
@@ -33,21 +40,35 @@ var (
 	driverAddr = flag.String("driver", "test-driver.tailscale:8008", "address of the test driver; by default we use the DNS name test-driver.tailscale which is special cased in the emulated network's DNS server")
 )
 
-type chanListener <-chan net.Conn
+func absify(cmd string) string {
+	if distro.Get() == distro.Gokrazy && !strings.Contains(cmd, "/") {
+		return "/user/" + cmd
+	}
+	return cmd
+}
 
 func serveCmd(w http.ResponseWriter, cmd string, args ...string) {
-	if distro.Get() == distro.Gokrazy && !strings.Contains(cmd, "/") {
-		cmd = "/user/" + cmd
-	}
-	out, err := exec.Command(cmd, args...).CombinedOutput()
+	log.Printf("Got serveCmd for %q %v", cmd, args)
+	out, err := exec.Command(absify(cmd), args...).CombinedOutput()
 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
 	if err != nil {
 		w.Header().Set("Exec-Err", err.Error())
 		w.WriteHeader(500)
+		log.Printf("Err on serveCmd for %q %v, %d bytes of output: %v", cmd, args, len(out), err)
+	} else {
+		log.Printf("Did serveCmd for %q %v, %d bytes of output", cmd, args, len(out))
 	}
 	w.Write(out)
 }
 
+type localClientRoundTripper struct {
+	lc *tailscale.LocalClient
+}
+
+func (rt localClientRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) {
+	return rt.lc.DoLocalRequest(req)
+}
+
 func main() {
 	if distro.Get() == distro.Gokrazy {
 		cmdLine, _ := os.ReadFile("/proc/cmdline")
@@ -59,8 +80,52 @@ func main() {
 		}
 	}
 	flag.Parse()
+
+	if distro.Get() == distro.Gokrazy {
+		nsRx := regexp.MustCompile(`(?m)^nameserver (.*)`)
+		for t := time.Now(); time.Since(t) < 10*time.Second; time.Sleep(10 * time.Millisecond) {
+			all, _ := os.ReadFile("/etc/resolv.conf")
+			if nsRx.Match(all) {
+				break
+			}
+		}
+	}
+
+	logc, err := net.Dial("tcp", "9.9.9.9:124")
+	if err == nil {
+		log.SetOutput(logc)
+	}
+
 	log.Printf("Tailscale Test Agent running.")
 
+	if distro.Get() == distro.Gokrazy {
+		procs, err := ps.Processes()
+		if err != nil {
+			log.Fatalf("ps.Processes: %v", err)
+		}
+		killed := false
+		for _, p := range procs {
+			if p.Executable() == "tailscaled" {
+				if op, err := os.FindProcess(p.Pid()); err == nil {
+					op.Signal(os.Interrupt)
+					killed = true
+				}
+			}
+		}
+		log.Printf("killed = %v", killed)
+		if killed {
+			for {
+				_, err := exec.Command(absify("tailscale"), "status", "--json").CombinedOutput()
+				if err == nil {
+					log.Printf("tailscaled back up")
+					break
+				}
+				log.Printf("tailscale status error; sleeping before trying again...")
+				time.Sleep(50 * time.Millisecond)
+			}
+		}
+	}
+
 	var mux http.ServeMux
 	var hs http.Server
 	hs.Handler = &mux
@@ -75,7 +140,7 @@ func main() {
 		switch s {
 		case http.StateNew:
 			newSet.Add(c)
-		case http.StateClosed:
+		default:
 			newSet.Delete(c)
 		}
 		if len(newSet) == 0 {
@@ -86,20 +151,41 @@ func main() {
 		}
 	}
 	conns := make(chan net.Conn, 1)
+	var lc tailscale.LocalClient
+	rp := httputil.NewSingleHostReverseProxy(must.Get(url.Parse("http://local-tailscaled.sock")))
+	rp.Transport = localClientRoundTripper{&lc}
+
+	mux.Handle("/localapi/", rp)
 
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		io.WriteString(w, "TTA\n")
 		return
 	})
 	mux.HandleFunc("/up", func(w http.ResponseWriter, r *http.Request) {
-		serveCmd(w, "tailscale", "up", "--auth-key=test")
+		cmd := exec.Command(absify("tailscale"), "debug", "daemon-logs")
+		out, err := cmd.StdoutPipe()
+		if err != nil {
+			http.Error(w, err.Error(), 500)
+			return
+		}
+		defer out.Close()
+		cmd.Start()
+		defer cmd.Process.Kill()
+		go func() {
+			bs := bufio.NewScanner(out)
+			for bs.Scan() {
+				log.Printf("Daemon: %s", bs.Text())
+			}
+		}()
+
+		serveCmd(w, "tailscale", "up", "--login-server=http://control.tailscale")
 	})
 	mux.HandleFunc("/status", func(w http.ResponseWriter, r *http.Request) {
 		serveCmd(w, "tailscale", "status", "--json")
 	})
 	mux.HandleFunc("/ping", func(w http.ResponseWriter, r *http.Request) {
 		target := r.FormValue("target")
-		cmd := exec.Command("tailscale", "ping", target)
+		cmd := exec.Command(absify("tailscale"), "ping", target)
 		w.Header().Set("Content-Type", "text/plain; charset=utf-8")
 		w.(http.Flusher).Flush()
 		cmd.Stdout = w
@@ -139,6 +225,8 @@ func connect() (net.Conn, error) {
 	return c, nil
 }
 
+type chanListener <-chan net.Conn
+
 func (cl chanListener) Accept() (net.Conn, error) {
 	c, ok := <-cl
 	if !ok {

cmd/vnet/vnet-main.go

@@ -19,6 +19,7 @@ import (
 var (
 	listen  = flag.String("listen", "/tmp/qemu.sock", "path to listen on")
 	nat     = flag.String("nat", "easy", "type of NAT to use")
+	nat2    = flag.String("nat2", "hard", "type of NAT to use for second network")
 	portmap = flag.Bool("portmap", false, "enable portmapping")
 	dgram   = flag.Bool("dgram", false, "enable datagram mode; for use with macOS Hypervisor.Framework and VZFileHandleNetworkDeviceAttachment")
 )
@@ -52,7 +53,7 @@ func main() {
 
 	var c vnet.Config
 	node1 := c.AddNode(c.AddNetwork("2.1.1.1", "192.168.1.1/24", vnet.NAT(*nat)))
-	c.AddNode(c.AddNetwork("2.2.2.2", "10.2.0.1/16", vnet.NAT(*nat)))
+	c.AddNode(c.AddNetwork("2.2.2.2", "10.2.0.1/16", vnet.NAT(*nat2)))
 	if *portmap {
 		node1.Network().AddService(vnet.NATPMP)
 	}
@@ -81,6 +82,7 @@ func main() {
 		}
 		for {
 			time.Sleep(5 * time.Second)
+			//continue
 			getStatus()
 		}
 	}()