TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-03-03 12:40:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
David Crawshaw 2022-06-01 08:07:24 -07:00
parent cfe68d0a86
commit 925e812213
6 changed files with 99 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/derper/derper.go
View File

@ -81,6 +81,14 @@ func init() {
expvar.Publish("gauge_derper_tls_active_version", tlsActiveVersion) expvar.Publish("gauge_derper_tls_active_version", tlsActiveVersion)
} }
// parseRegion reports the region "derp<N>" by parsing the -mesh-with flag.
func parseRegion() string {
// ExecStart=/home/derp/derper -c /home/derp/derper.conf --certdir=/home/derp/certs --hostname=derp.tailscale.com --mesh-with=derp4c.tailscale.com,derp4d.tailscale.com,derp4e.tailscale.com --stun --bootstrap-dns-names=log.tailscale.io,login.tailscale.com,controlplane.tailscale.com,login.us.tailscale.com
for _, host := range strings.Split(*meshWith, ",") {
}
return 0
}
type config struct { type config struct {
PrivateKey key.NodePrivate PrivateKey key.NodePrivate
} }

2
cmd/derpprobe/derpprobe.go
View File

@ -360,7 +360,7 @@ func probeUDP(ctx context.Context, dm *tailcfg.DERPMap, n *tailcfg.DERPNode) (la
time.Sleep(100 * time.Millisecond) time.Sleep(100 * time.Millisecond)
continue continue
} }
txBack, _, _, err := stun.ParseResponse(buf[:n]) txBack, _, _, _, err := stun.ParseResponse(buf[:n])
if err != nil { if err != nil {
return 0, fmt.Errorf("parsing STUN response from %v: %v", ip, err) return 0, fmt.Errorf("parsing STUN response from %v: %v", ip, err)
} }

4
net/netcheck/netcheck.go
View File

@ -251,7 +251,7 @@ func (c *Client) ReceiveSTUNPacket(pkt []byte, src netaddr.IPPort) {
return return
} }
tx, addr, port, err := stun.ParseResponse(pkt) tx, _, addr, port, err := stun.ParseResponse(pkt)
if err != nil { if err != nil {
if _, err := stun.ParseBindingRequest(pkt); err == nil { if _, err := stun.ParseBindingRequest(pkt); err == nil {
// This was probably our own netcheck hairpin // This was probably our own netcheck hairpin
@ -1044,7 +1044,7 @@ func (c *Client) measureHTTPSLatency(ctx context.Context, reg *tailcfg.DERPRegio
} }
hc := &http.Client{Transport: tr} hc := &http.Client{Transport: tr}
req, err := http.NewRequestWithContext(ctx, "GET", "https://" + node.HostName + "/derp/latency-check", nil) req, err := http.NewRequestWithContext(ctx, "GET", "https://"+node.HostName+"/derp/latency-check", nil)
if err != nil { if err != nil {
return 0, ip, err return 0, ip, err
} }

70
net/stun/stun.go
View File

@ -25,7 +25,7 @@ const (
// And servers appear to send it. // And servers appear to send it.
attrXorMappedAddressAlt = 0x8020 attrXorMappedAddressAlt = 0x8020
software = "tailnode" // notably: 8 bytes long, so no padding clientSoftware = "tailnode" // notably: 8 bytes long, so no padding
bindingRequest = "\x00\x01" bindingRequest = "\x00\x01"
magicCookie = "\x21\x12\xa4\x42" magicCookie = "\x21\x12\xa4\x42"
lenFingerprint = 8 // 2+byte header + 2-byte length + 4-byte crc32 lenFingerprint = 8 // 2+byte header + 2-byte length + 4-byte crc32
@ -48,7 +48,7 @@ func NewTxID() TxID {
// The transaction ID, tID, should be a random sequence of bytes. // The transaction ID, tID, should be a random sequence of bytes.
func Request(tID TxID) []byte { func Request(tID TxID) []byte {
// STUN header, RFC5389 Section 6. // STUN header, RFC5389 Section 6.
const lenAttrSoftware = 4 + len(software) const lenAttrSoftware = 4 + len(clientSoftware)
b := make([]byte, 0, headerLen+lenAttrSoftware+lenFingerprint) b := make([]byte, 0, headerLen+lenAttrSoftware+lenFingerprint)
b = append(b, bindingRequest...) b = append(b, bindingRequest...)
b = appendU16(b, uint16(lenAttrSoftware+lenFingerprint)) // number of bytes following header b = appendU16(b, uint16(lenAttrSoftware+lenFingerprint)) // number of bytes following header
@ -57,8 +57,8 @@ func Request(tID TxID) []byte {
// Attribute SOFTWARE, RFC5389 Section 15.5. // Attribute SOFTWARE, RFC5389 Section 15.5.
b = appendU16(b, attrNumSoftware) b = appendU16(b, attrNumSoftware)
b = appendU16(b, uint16(len(software))) b = appendU16(b, uint16(len(clientSoftware)))
b = append(b, software...) b = append(b, clientSoftware...)
// Attribute FINGERPRINT, RFC5389 Section 15.5. // Attribute FINGERPRINT, RFC5389 Section 15.5.
fp := fingerPrint(b) fp := fingerPrint(b)
@ -97,7 +97,7 @@ func ParseBindingRequest(b []byte) (TxID, error) {
var gotFP uint32 var gotFP uint32
if err := foreachAttr(b[headerLen:], func(attrType uint16, a []byte) error { if err := foreachAttr(b[headerLen:], func(attrType uint16, a []byte) error {
lastAttr = attrType lastAttr = attrType
if attrType == attrNumSoftware && string(a) == software { if attrType == attrNumSoftware && string(a) == clientSoftware {
softwareOK = true softwareOK = true
} }
if attrType == attrNumFingerprint && len(a) == 4 { if attrType == attrNumFingerprint && len(a) == 4 {
@ -151,7 +151,7 @@ func foreachAttr(b []byte, fn func(attrType uint16, a []byte) error) error {
} }
// Response generates a binding response. // Response generates a binding response.
func Response(txID TxID, ip net.IP, port uint16) []byte { func Response(txID TxID, ip net.IP, port uint16, resSoftware string) []byte {
if ip4 := ip.To4(); ip4 != nil { if ip4 := ip.To4(); ip4 != nil {
ip = ip4 ip = ip4
} }
@ -164,7 +164,13 @@ func Response(txID TxID, ip net.IP, port uint16) []byte {
default: default:
return nil return nil
} }
attrsLen := 8 + len(ip) lenAttrAddr := 8 + len(ip)
var lenAttrSoftware, lenAttrSoftwareWithPad int
if len(resSoftware) > 0 {
lenAttrSoftware = 4 + len(resSoftware)
lenAttrSoftwareWithPad = (lenAttrSoftware + 3) &^ 3
}
attrsLen := lenAttrAddr + lenAttrSoftwareWithPad
b := make([]byte, 0, headerLen+attrsLen) b := make([]byte, 0, headerLen+attrsLen)
// Header // Header
@ -173,7 +179,7 @@ func Response(txID TxID, ip net.IP, port uint16) []byte {
b = append(b, magicCookie...) b = append(b, magicCookie...)
b = append(b, txID[:]...) b = append(b, txID[:]...)
// Attributes (well, one) // Attribute XOR-MAPPED-ADDRESS
b = appendU16(b, attrXorMappedAddress) b = appendU16(b, attrXorMappedAddress)
b = appendU16(b, uint16(4+len(ip))) b = appendU16(b, uint16(4+len(ip)))
b = append(b, b = append(b,
@ -187,24 +193,35 @@ func Response(txID TxID, ip net.IP, port uint16) []byte {
b = append(b, o^txID[i-len(magicCookie)]) b = append(b, o^txID[i-len(magicCookie)])
} }
} }
// Attribute SOFTWARE
if len(resSoftware) > 0 {
b = appendU16(b, attrNumSoftware)
b = appendU16(b, uint16(len(resSoftware)))
b = append(b, resSoftware...)
for i := lenAttrSoftware; i < lenAttrSoftwareWithPad; i++ {
b = append(b, 0)
}
}
return b return b
} }
// ParseResponse parses a successful binding response STUN packet. // ParseResponse parses a successful binding response STUN packet.
// The IP address is extracted from the XOR-MAPPED-ADDRESS attribute. // The IP address is extracted from the XOR-MAPPED-ADDRESS attribute.
// The returned addr slice is owned by the caller and does not alias b. // The returned addr slice is owned by the caller and does not alias b.
func ParseResponse(b []byte) (tID TxID, addr []byte, port uint16, err error) { func ParseResponse(b []byte) (tID TxID, software, addr []byte, port uint16, err error) {
if !Is(b) { if !Is(b) {
return tID, nil, 0, ErrNotSTUN return tID, nil, nil, 0, ErrNotSTUN
} }
copy(tID[:], b[8:8+len(tID)]) copy(tID[:], b[8:8+len(tID)])
if b[0] != 0x01 || b[1] != 0x01 { if b[0] != 0x01 || b[1] != 0x01 {
return tID, nil, 0, ErrNotSuccessResponse return tID, nil, nil, 0, ErrNotSuccessResponse
} }
attrsLen := int(binary.BigEndian.Uint16(b[2:4])) attrsLen := int(binary.BigEndian.Uint16(b[2:4]))
b = b[headerLen:] // remove STUN header b = b[headerLen:] // remove STUN header
if attrsLen > len(b) { if attrsLen > len(b) {
return tID, nil, 0, ErrMalformedAttrs return tID, nil, nil, 0, ErrMalformedAttrs
} else if len(b) > attrsLen { } else if len(b) > attrsLen {
b = b[:attrsLen] // trim trailing packet bytes b = b[:attrsLen] // trim trailing packet bytes
} }
@ -239,26 +256,28 @@ func ParseResponse(b []byte) (tID TxID, addr []byte, port uint16, err error) {
} else { } else {
fallbackAddr, fallbackPort = a, p fallbackAddr, fallbackPort = a, p
} }
case attrNumSoftware:
software = append([]byte(nil), attr...)
} }
return nil return nil
}); err != nil { }); err != nil {
return TxID{}, nil, 0, err return TxID{}, nil, nil, 0, err
} }
if addr != nil { if addr != nil {
return tID, addr, port, nil return tID, software, addr, port, nil
} }
if fallbackAddr != nil { if fallbackAddr != nil {
return tID, append([]byte{}, fallbackAddr...), fallbackPort, nil return tID, software, append([]byte{}, fallbackAddr...), fallbackPort, nil
} }
if addr6 != nil { if addr6 != nil {
return tID, addr6, port6, nil return tID, software, addr6, port6, nil
} }
if fallbackAddr6 != nil { if fallbackAddr6 != nil {
return tID, append([]byte{}, fallbackAddr6...), fallbackPort6, nil return tID, software, append([]byte{}, fallbackAddr6...), fallbackPort6, nil
} }
return tID, nil, 0, ErrMalformedAttrs return tID, nil, nil, 0, ErrMalformedAttrs
} }
func xorMappedAddress(tID TxID, b []byte) (addr []byte, port uint16, err error) { func xorMappedAddress(tID TxID, b []byte) (addr []byte, port uint16, err error) {
@ -316,6 +335,21 @@ func mappedAddress(b []byte) (addr []byte, port uint16, err error) {
return append([]byte(nil), addrField[:addrLen]...), port, nil return append([]byte(nil), addrField[:addrLen]...), port, nil
} }
/*func softwareString(b []byte) ([]byte, error) {
fmt.Printf("softwareString len(b)=%d\n", len(b))
if len(b) < 4 {
return nil, ErrMalformedAttrs
}
strLen := int(uint16(b[2])<<8 | uint16(b[3]))
fmt.Printf("softwareString b[2]=%d, b[3]=%d\n", b[2], b[3])
str := b[4:]
fmt.Printf("softwareString len(str)=%d, strLen=%d\n", len(str), strLen)
if len(str) < strLen {
return nil, ErrMalformedAttrs
}
return append([]byte(nil), str...), nil
}*/
// Is reports whether b is a STUN message. // Is reports whether b is a STUN message.
func Is(b []byte) bool { func Is(b []byte) bool {
return len(b) >= headerLen && return len(b) >= headerLen &&

26
net/stun/stun_test.go
View File

@ -27,6 +27,7 @@ var responseTests = []struct {
wantTID []byte wantTID []byte
wantAddr []byte wantAddr []byte
wantPort uint16 wantPort uint16
wantSoftware string
}{ }{
{ {
name: "google-1", name: "google-1",
@ -79,6 +80,7 @@ var responseTests = []struct {
}, },
wantAddr: []byte{72, 69, 33, 45}, wantAddr: []byte{72, 69, 33, 45},
wantPort: 58539, wantPort: 58539,
wantSoftware: "Vovida.org 0.96\x00",
}, },
{ {
name: "stun.powervoip.com:3478", name: "stun.powervoip.com:3478",
@ -116,6 +118,7 @@ var responseTests = []struct {
}, },
wantAddr: []byte{127, 0, 0, 1}, wantAddr: []byte{127, 0, 0, 1},
wantPort: 61300, wantPort: 61300,
wantSoftware: "endpointer",
}, },
{ {
name: "stuntman-server ipv6", name: "stuntman-server ipv6",
@ -158,6 +161,7 @@ var responseTests = []struct {
}, },
wantAddr: []byte{127, 0, 0, 1}, wantAddr: []byte{127, 0, 0, 1},
wantPort: 61300, wantPort: 61300,
wantSoftware: "a",
}, },
{ {
name: "software-abc", name: "software-abc",
@ -174,13 +178,14 @@ var responseTests = []struct {
}, },
wantAddr: []byte{127, 0, 0, 1}, wantAddr: []byte{127, 0, 0, 1},
wantPort: 61300, wantPort: 61300,
wantSoftware: "abc",
}, },
} }
func TestParseResponse(t *testing.T) { func TestParseResponse(t *testing.T) {
subtest := func(t *testing.T, i int) { subtest := func(t *testing.T, i int) {
test := responseTests[i] test := responseTests[i]
tID, addr, port, err := stun.ParseResponse(test.data) tID, software, addr, port, err := stun.ParseResponse(test.data)
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
} }
@ -194,6 +199,9 @@ func TestParseResponse(t *testing.T) {
if port != test.wantPort { if port != test.wantPort {
t.Errorf("port=%d, want %d", port, test.wantPort) t.Errorf("port=%d, want %d", port, test.wantPort)
} }
if string(software) != test.wantSoftware {
t.Errorf("software=%q, want %s", software, test.wantSoftware)
}
} }
for i, test := range responseTests { for i, test := range responseTests {
t.Run(test.name, func(t *testing.T) { t.Run(test.name, func(t *testing.T) {
@ -249,21 +257,25 @@ func TestResponse(t *testing.T) {
} }
tests := []struct { tests := []struct {
tx stun.TxID tx stun.TxID
software string
ip net.IP ip net.IP
port uint16 port uint16
}{ }{
{tx: txN(1), ip: net.ParseIP("1.2.3.4").To4(), port: 254}, {tx: txN(1), software: "derp3", ip: net.ParseIP("1.2.3.4").To4(), port: 254},
{tx: txN(2), ip: net.ParseIP("1.2.3.4").To4(), port: 257}, {tx: txN(2), software: "eightLen", ip: net.ParseIP("1.2.3.4").To4(), port: 257},
{tx: txN(3), ip: net.ParseIP("1::4"), port: 254}, {tx: txN(3), software: "", ip: net.ParseIP("1::4"), port: 254},
{tx: txN(4), ip: net.ParseIP("1::4"), port: 257}, {tx: txN(4), software: "💩", ip: net.ParseIP("1::4"), port: 257},
} }
for _, tt := range tests { for _, tt := range tests {
res := stun.Response(tt.tx, tt.ip, tt.port) res := stun.Response(tt.tx, tt.ip, tt.port, tt.software)
tx2, ip2, port2, err := stun.ParseResponse(res) tx2, software2, ip2, port2, err := stun.ParseResponse(res)
if err != nil { if err != nil {
t.Errorf("TX %x: error: %v", tt.tx, err) t.Errorf("TX %x: error: %v", tt.tx, err)
continue continue
} }
if tt.software != string(software2) {
t.Errorf("TX %x: software=%v, want %v", tt.tx, software2, tt.software)
}
if tt.tx != tx2 { if tt.tx != tx2 {
t.Errorf("TX %x: got TxID = %v", tt.tx, tx2) t.Errorf("TX %x: got TxID = %v", tt.tx, tx2)
} }

2
net/stun/stuntest/stuntest.go
View File

@ -84,7 +84,7 @@ func runSTUN(t testing.TB, pc net.PacketConn, stats *stunStats, done chan<- stru
} }
stats.mu.Unlock() stats.mu.Unlock()
res := stun.Response(txid, ua.IP, uint16(ua.Port)) res := stun.Response(txid, ua.IP, uint16(ua.Port), "stuntest")
if _, err := pc.WriteTo(res, addr); err != nil { if _, err := pc.WriteTo(res, addr); err != nil {
t.Logf("STUN server write failed: %v", err) t.Logf("STUN server write failed: %v", err)
} }