diff --git a/cmd/derper/derper.go b/cmd/derper/derper.go index 5513a2062..1f5543e28 100644 --- a/cmd/derper/derper.go +++ b/cmd/derper/derper.go @@ -81,6 +81,14 @@ func init() { expvar.Publish("gauge_derper_tls_active_version", tlsActiveVersion) } +// parseRegion reports the region "derp" by parsing the -mesh-with flag. +func parseRegion() string { + // ExecStart=/home/derp/derper -c /home/derp/derper.conf --certdir=/home/derp/certs --hostname=derp.tailscale.com --mesh-with=derp4c.tailscale.com,derp4d.tailscale.com,derp4e.tailscale.com --stun --bootstrap-dns-names=log.tailscale.io,login.tailscale.com,controlplane.tailscale.com,login.us.tailscale.com + for _, host := range strings.Split(*meshWith, ",") { + } + return 0 +} + type config struct { PrivateKey key.NodePrivate } diff --git a/cmd/derpprobe/derpprobe.go b/cmd/derpprobe/derpprobe.go index 07660f8c7..46f349973 100644 --- a/cmd/derpprobe/derpprobe.go +++ b/cmd/derpprobe/derpprobe.go @@ -360,7 +360,7 @@ func probeUDP(ctx context.Context, dm *tailcfg.DERPMap, n *tailcfg.DERPNode) (la time.Sleep(100 * time.Millisecond) continue } - txBack, _, _, err := stun.ParseResponse(buf[:n]) + txBack, _, _, _, err := stun.ParseResponse(buf[:n]) if err != nil { return 0, fmt.Errorf("parsing STUN response from %v: %v", ip, err) } diff --git a/net/netcheck/netcheck.go b/net/netcheck/netcheck.go index dd2afe55b..6e57728eb 100644 --- a/net/netcheck/netcheck.go +++ b/net/netcheck/netcheck.go @@ -251,7 +251,7 @@ func (c *Client) ReceiveSTUNPacket(pkt []byte, src netaddr.IPPort) { return } - tx, addr, port, err := stun.ParseResponse(pkt) + tx, _, addr, port, err := stun.ParseResponse(pkt) if err != nil { if _, err := stun.ParseBindingRequest(pkt); err == nil { // This was probably our own netcheck hairpin @@ -1044,7 +1044,7 @@ func (c *Client) measureHTTPSLatency(ctx context.Context, reg *tailcfg.DERPRegio } hc := &http.Client{Transport: tr} - req, err := http.NewRequestWithContext(ctx, "GET", "https://" + node.HostName + "/derp/latency-check", nil) + req, err := http.NewRequestWithContext(ctx, "GET", "https://"+node.HostName+"/derp/latency-check", nil) if err != nil { return 0, ip, err } diff --git a/net/stun/stun.go b/net/stun/stun.go index e6077c306..e86bb3593 100644 --- a/net/stun/stun.go +++ b/net/stun/stun.go @@ -25,7 +25,7 @@ const ( // And servers appear to send it. attrXorMappedAddressAlt = 0x8020 - software = "tailnode" // notably: 8 bytes long, so no padding + clientSoftware = "tailnode" // notably: 8 bytes long, so no padding bindingRequest = "\x00\x01" magicCookie = "\x21\x12\xa4\x42" lenFingerprint = 8 // 2+byte header + 2-byte length + 4-byte crc32 @@ -48,7 +48,7 @@ func NewTxID() TxID { // The transaction ID, tID, should be a random sequence of bytes. func Request(tID TxID) []byte { // STUN header, RFC5389 Section 6. - const lenAttrSoftware = 4 + len(software) + const lenAttrSoftware = 4 + len(clientSoftware) b := make([]byte, 0, headerLen+lenAttrSoftware+lenFingerprint) b = append(b, bindingRequest...) b = appendU16(b, uint16(lenAttrSoftware+lenFingerprint)) // number of bytes following header @@ -57,8 +57,8 @@ func Request(tID TxID) []byte { // Attribute SOFTWARE, RFC5389 Section 15.5. b = appendU16(b, attrNumSoftware) - b = appendU16(b, uint16(len(software))) - b = append(b, software...) + b = appendU16(b, uint16(len(clientSoftware))) + b = append(b, clientSoftware...) // Attribute FINGERPRINT, RFC5389 Section 15.5. fp := fingerPrint(b) @@ -97,7 +97,7 @@ func ParseBindingRequest(b []byte) (TxID, error) { var gotFP uint32 if err := foreachAttr(b[headerLen:], func(attrType uint16, a []byte) error { lastAttr = attrType - if attrType == attrNumSoftware && string(a) == software { + if attrType == attrNumSoftware && string(a) == clientSoftware { softwareOK = true } if attrType == attrNumFingerprint && len(a) == 4 { @@ -151,7 +151,7 @@ func foreachAttr(b []byte, fn func(attrType uint16, a []byte) error) error { } // Response generates a binding response. -func Response(txID TxID, ip net.IP, port uint16) []byte { +func Response(txID TxID, ip net.IP, port uint16, resSoftware string) []byte { if ip4 := ip.To4(); ip4 != nil { ip = ip4 } @@ -164,7 +164,13 @@ func Response(txID TxID, ip net.IP, port uint16) []byte { default: return nil } - attrsLen := 8 + len(ip) + lenAttrAddr := 8 + len(ip) + var lenAttrSoftware, lenAttrSoftwareWithPad int + if len(resSoftware) > 0 { + lenAttrSoftware = 4 + len(resSoftware) + lenAttrSoftwareWithPad = (lenAttrSoftware + 3) &^ 3 + } + attrsLen := lenAttrAddr + lenAttrSoftwareWithPad b := make([]byte, 0, headerLen+attrsLen) // Header @@ -173,7 +179,7 @@ func Response(txID TxID, ip net.IP, port uint16) []byte { b = append(b, magicCookie...) b = append(b, txID[:]...) - // Attributes (well, one) + // Attribute XOR-MAPPED-ADDRESS b = appendU16(b, attrXorMappedAddress) b = appendU16(b, uint16(4+len(ip))) b = append(b, @@ -187,24 +193,35 @@ func Response(txID TxID, ip net.IP, port uint16) []byte { b = append(b, o^txID[i-len(magicCookie)]) } } + + // Attribute SOFTWARE + if len(resSoftware) > 0 { + b = appendU16(b, attrNumSoftware) + b = appendU16(b, uint16(len(resSoftware))) + b = append(b, resSoftware...) + for i := lenAttrSoftware; i < lenAttrSoftwareWithPad; i++ { + b = append(b, 0) + } + } + return b } // ParseResponse parses a successful binding response STUN packet. // The IP address is extracted from the XOR-MAPPED-ADDRESS attribute. // The returned addr slice is owned by the caller and does not alias b. -func ParseResponse(b []byte) (tID TxID, addr []byte, port uint16, err error) { +func ParseResponse(b []byte) (tID TxID, software, addr []byte, port uint16, err error) { if !Is(b) { - return tID, nil, 0, ErrNotSTUN + return tID, nil, nil, 0, ErrNotSTUN } copy(tID[:], b[8:8+len(tID)]) if b[0] != 0x01 || b[1] != 0x01 { - return tID, nil, 0, ErrNotSuccessResponse + return tID, nil, nil, 0, ErrNotSuccessResponse } attrsLen := int(binary.BigEndian.Uint16(b[2:4])) b = b[headerLen:] // remove STUN header if attrsLen > len(b) { - return tID, nil, 0, ErrMalformedAttrs + return tID, nil, nil, 0, ErrMalformedAttrs } else if len(b) > attrsLen { b = b[:attrsLen] // trim trailing packet bytes } @@ -239,26 +256,28 @@ func ParseResponse(b []byte) (tID TxID, addr []byte, port uint16, err error) { } else { fallbackAddr, fallbackPort = a, p } + case attrNumSoftware: + software = append([]byte(nil), attr...) } return nil }); err != nil { - return TxID{}, nil, 0, err + return TxID{}, nil, nil, 0, err } if addr != nil { - return tID, addr, port, nil + return tID, software, addr, port, nil } if fallbackAddr != nil { - return tID, append([]byte{}, fallbackAddr...), fallbackPort, nil + return tID, software, append([]byte{}, fallbackAddr...), fallbackPort, nil } if addr6 != nil { - return tID, addr6, port6, nil + return tID, software, addr6, port6, nil } if fallbackAddr6 != nil { - return tID, append([]byte{}, fallbackAddr6...), fallbackPort6, nil + return tID, software, append([]byte{}, fallbackAddr6...), fallbackPort6, nil } - return tID, nil, 0, ErrMalformedAttrs + return tID, nil, nil, 0, ErrMalformedAttrs } func xorMappedAddress(tID TxID, b []byte) (addr []byte, port uint16, err error) { @@ -316,6 +335,21 @@ func mappedAddress(b []byte) (addr []byte, port uint16, err error) { return append([]byte(nil), addrField[:addrLen]...), port, nil } +/*func softwareString(b []byte) ([]byte, error) { + fmt.Printf("softwareString len(b)=%d\n", len(b)) + if len(b) < 4 { + return nil, ErrMalformedAttrs + } + strLen := int(uint16(b[2])<<8 | uint16(b[3])) + fmt.Printf("softwareString b[2]=%d, b[3]=%d\n", b[2], b[3]) + str := b[4:] + fmt.Printf("softwareString len(str)=%d, strLen=%d\n", len(str), strLen) + if len(str) < strLen { + return nil, ErrMalformedAttrs + } + return append([]byte(nil), str...), nil +}*/ + // Is reports whether b is a STUN message. func Is(b []byte) bool { return len(b) >= headerLen && diff --git a/net/stun/stun_test.go b/net/stun/stun_test.go index 81b5a8244..19a8d465b 100644 --- a/net/stun/stun_test.go +++ b/net/stun/stun_test.go @@ -22,11 +22,12 @@ func ExampleRequest() { } var responseTests = []struct { - name string - data []byte - wantTID []byte - wantAddr []byte - wantPort uint16 + name string + data []byte + wantTID []byte + wantAddr []byte + wantPort uint16 + wantSoftware string }{ { name: "google-1", @@ -77,8 +78,9 @@ var responseTests = []struct { 0x48, 0x2e, 0xb6, 0x47, 0x15, 0xe8, 0xb2, 0x8e, 0xae, 0xad, 0x64, 0x44, }, - wantAddr: []byte{72, 69, 33, 45}, - wantPort: 58539, + wantAddr: []byte{72, 69, 33, 45}, + wantPort: 58539, + wantSoftware: "Vovida.org 0.96\x00", }, { name: "stun.powervoip.com:3478", @@ -114,8 +116,9 @@ var responseTests = []struct { 0xeb, 0xc2, 0xd3, 0x6e, 0xf4, 0x71, 0x21, 0x7c, 0x4f, 0x3e, 0x30, 0x8e, }, - wantAddr: []byte{127, 0, 0, 1}, - wantPort: 61300, + wantAddr: []byte{127, 0, 0, 1}, + wantPort: 61300, + wantSoftware: "endpointer", }, { name: "stuntman-server ipv6", @@ -156,8 +159,9 @@ var responseTests = []struct { 0xeb, 0xc2, 0xd3, 0x6e, 0xf4, 0x71, 0x21, 0x7c, 0x4f, 0x3e, 0x30, 0x8e, }, - wantAddr: []byte{127, 0, 0, 1}, - wantPort: 61300, + wantAddr: []byte{127, 0, 0, 1}, + wantPort: 61300, + wantSoftware: "a", }, { name: "software-abc", @@ -172,15 +176,16 @@ var responseTests = []struct { 0xeb, 0xc2, 0xd3, 0x6e, 0xf4, 0x71, 0x21, 0x7c, 0x4f, 0x3e, 0x30, 0x8e, }, - wantAddr: []byte{127, 0, 0, 1}, - wantPort: 61300, + wantAddr: []byte{127, 0, 0, 1}, + wantPort: 61300, + wantSoftware: "abc", }, } func TestParseResponse(t *testing.T) { subtest := func(t *testing.T, i int) { test := responseTests[i] - tID, addr, port, err := stun.ParseResponse(test.data) + tID, software, addr, port, err := stun.ParseResponse(test.data) if err != nil { t.Fatal(err) } @@ -194,6 +199,9 @@ func TestParseResponse(t *testing.T) { if port != test.wantPort { t.Errorf("port=%d, want %d", port, test.wantPort) } + if string(software) != test.wantSoftware { + t.Errorf("software=%q, want %s", software, test.wantSoftware) + } } for i, test := range responseTests { t.Run(test.name, func(t *testing.T) { @@ -248,22 +256,26 @@ func TestResponse(t *testing.T) { return } tests := []struct { - tx stun.TxID - ip net.IP - port uint16 + tx stun.TxID + software string + ip net.IP + port uint16 }{ - {tx: txN(1), ip: net.ParseIP("1.2.3.4").To4(), port: 254}, - {tx: txN(2), ip: net.ParseIP("1.2.3.4").To4(), port: 257}, - {tx: txN(3), ip: net.ParseIP("1::4"), port: 254}, - {tx: txN(4), ip: net.ParseIP("1::4"), port: 257}, + {tx: txN(1), software: "derp3", ip: net.ParseIP("1.2.3.4").To4(), port: 254}, + {tx: txN(2), software: "eightLen", ip: net.ParseIP("1.2.3.4").To4(), port: 257}, + {tx: txN(3), software: "", ip: net.ParseIP("1::4"), port: 254}, + {tx: txN(4), software: "💩", ip: net.ParseIP("1::4"), port: 257}, } for _, tt := range tests { - res := stun.Response(tt.tx, tt.ip, tt.port) - tx2, ip2, port2, err := stun.ParseResponse(res) + res := stun.Response(tt.tx, tt.ip, tt.port, tt.software) + tx2, software2, ip2, port2, err := stun.ParseResponse(res) if err != nil { t.Errorf("TX %x: error: %v", tt.tx, err) continue } + if tt.software != string(software2) { + t.Errorf("TX %x: software=%v, want %v", tt.tx, software2, tt.software) + } if tt.tx != tx2 { t.Errorf("TX %x: got TxID = %v", tt.tx, tx2) } diff --git a/net/stun/stuntest/stuntest.go b/net/stun/stuntest/stuntest.go index 6057a43a9..53dcc9dde 100644 --- a/net/stun/stuntest/stuntest.go +++ b/net/stun/stuntest/stuntest.go @@ -84,7 +84,7 @@ func runSTUN(t testing.TB, pc net.PacketConn, stats *stunStats, done chan<- stru } stats.mu.Unlock() - res := stun.Response(txid, ua.IP, uint16(ua.Port)) + res := stun.Response(txid, ua.IP, uint16(ua.Port), "stuntest") if _, err := pc.WriteTo(res, addr); err != nil { t.Logf("STUN server write failed: %v", err) }