wip

2025-03-03 04:25:26 +00:00 · 2022-06-01 08:07:24 -07:00 · 2022-06-01 08:07:24 -07:00 · 925e812213
commit 925e812213
parent cfe68d0a86
6 changed files with 99 additions and 45 deletions
--- a/cmd/derper/derper.go
+++ b/cmd/derper/derper.go
@ -81,6 +81,14 @@ func init() {
 	expvar.Publish("gauge_derper_tls_active_version", tlsActiveVersion)
 }
 // parseRegion reports the region "derp<N>" by parsing the -mesh-with flag.
 func parseRegion() string {
 	// ExecStart=/home/derp/derper -c /home/derp/derper.conf --certdir=/home/derp/certs --hostname=derp.tailscale.com --mesh-with=derp4c.tailscale.com,derp4d.tailscale.com,derp4e.tailscale.com --stun --bootstrap-dns-names=log.tailscale.io,login.tailscale.com,controlplane.tailscale.com,login.us.tailscale.com
 	for _, host := range strings.Split(*meshWith, ",") {
 	}
 	return 0
 }
 type config struct {
 	PrivateKey key.NodePrivate
 }
--- a/cmd/derpprobe/derpprobe.go
+++ b/cmd/derpprobe/derpprobe.go
@ -360,7 +360,7 @@ func probeUDP(ctx context.Context, dm *tailcfg.DERPMap, n *tailcfg.DERPNode) (la
 				time.Sleep(100 * time.Millisecond)
 				continue
 			}
-			txBack, _, _, err := stun.ParseResponse(buf[:n])
+			txBack, _, _, _, err := stun.ParseResponse(buf[:n])
 			if err != nil {
 				return 0, fmt.Errorf("parsing STUN response from %v: %v", ip, err)
 			}
--- a/net/netcheck/netcheck.go
+++ b/net/netcheck/netcheck.go
@ -251,7 +251,7 @@ func (c *Client) ReceiveSTUNPacket(pkt []byte, src netaddr.IPPort) {
 		return
 	}
-	tx, addr, port, err := stun.ParseResponse(pkt)
+	tx, _, addr, port, err := stun.ParseResponse(pkt)
 	if err != nil {
 		if _, err := stun.ParseBindingRequest(pkt); err == nil {
 			// This was probably our own netcheck hairpin
@ -1044,7 +1044,7 @@ func (c *Client) measureHTTPSLatency(ctx context.Context, reg *tailcfg.DERPRegio
 	}
 	hc := &http.Client{Transport: tr}
-	req, err := http.NewRequestWithContext(ctx, "GET", "https://" + node.HostName + "/derp/latency-check", nil)
+	req, err := http.NewRequestWithContext(ctx, "GET", "https://"+node.HostName+"/derp/latency-check", nil)
 	if err != nil {
 		return 0, ip, err
 	}
--- a/net/stun/stun.go
+++ b/net/stun/stun.go
@ -25,7 +25,7 @@ const (
 	// And servers appear to send it.
 	attrXorMappedAddressAlt = 0x8020
-	software       = "tailnode" // notably: 8 bytes long, so no padding
+	clientSoftware = "tailnode" // notably: 8 bytes long, so no padding
 	bindingRequest = "\x00\x01"
 	magicCookie    = "\x21\x12\xa4\x42"
 	lenFingerprint = 8 // 2+byte header + 2-byte length + 4-byte crc32
@ -48,7 +48,7 @@ func NewTxID() TxID {
 // The transaction ID, tID, should be a random sequence of bytes.
 func Request(tID TxID) []byte {
 	// STUN header, RFC5389 Section 6.
-	const lenAttrSoftware = 4 + len(software)
+	const lenAttrSoftware = 4 + len(clientSoftware)
 	b := make([]byte, 0, headerLen+lenAttrSoftware+lenFingerprint)
 	b = append(b, bindingRequest...)
 	b = appendU16(b, uint16(lenAttrSoftware+lenFingerprint)) // number of bytes following header
@ -57,8 +57,8 @@ func Request(tID TxID) []byte {
 	// Attribute SOFTWARE, RFC5389 Section 15.5.
 	b = appendU16(b, attrNumSoftware)
-	b = appendU16(b, uint16(len(software)))
+	b = appendU16(b, uint16(len(clientSoftware)))
-	b = append(b, software...)
+	b = append(b, clientSoftware...)
 	// Attribute FINGERPRINT, RFC5389 Section 15.5.
 	fp := fingerPrint(b)
@ -97,7 +97,7 @@ func ParseBindingRequest(b []byte) (TxID, error) {
 	var gotFP uint32
 	if err := foreachAttr(b[headerLen:], func(attrType uint16, a []byte) error {
 		lastAttr = attrType
-		if attrType == attrNumSoftware && string(a) == software {
+		if attrType == attrNumSoftware && string(a) == clientSoftware {
 			softwareOK = true
 		}
 		if attrType == attrNumFingerprint && len(a) == 4 {
@ -151,7 +151,7 @@ func foreachAttr(b []byte, fn func(attrType uint16, a []byte) error) error {
 }
 // Response generates a binding response.
-func Response(txID TxID, ip net.IP, port uint16) []byte {
+func Response(txID TxID, ip net.IP, port uint16, resSoftware string) []byte {
 	if ip4 := ip.To4(); ip4 != nil {
 		ip = ip4
 	}
@ -164,7 +164,13 @@ func Response(txID TxID, ip net.IP, port uint16) []byte {
 	default:
 		return nil
 	}
-	attrsLen := 8 + len(ip)
+	lenAttrAddr := 8 + len(ip)
 	var lenAttrSoftware, lenAttrSoftwareWithPad int
 	if len(resSoftware) > 0 {
 		lenAttrSoftware = 4 + len(resSoftware)
 		lenAttrSoftwareWithPad = (lenAttrSoftware + 3) &^ 3
 	}
 	attrsLen := lenAttrAddr + lenAttrSoftwareWithPad
 	b := make([]byte, 0, headerLen+attrsLen)
 	// Header
@ -173,7 +179,7 @@ func Response(txID TxID, ip net.IP, port uint16) []byte {
 	b = append(b, magicCookie...)
 	b = append(b, txID[:]...)
-	// Attributes (well, one)
+	// Attribute XOR-MAPPED-ADDRESS
 	b = appendU16(b, attrXorMappedAddress)
 	b = appendU16(b, uint16(4+len(ip)))
 	b = append(b,
@ -187,24 +193,35 @@ func Response(txID TxID, ip net.IP, port uint16) []byte {
 			b = append(b, o^txID[i-len(magicCookie)])
 		}
 	}
 	// Attribute SOFTWARE
 	if len(resSoftware) > 0 {
 		b = appendU16(b, attrNumSoftware)
 		b = appendU16(b, uint16(len(resSoftware)))
 		b = append(b, resSoftware...)
 		for i := lenAttrSoftware; i < lenAttrSoftwareWithPad; i++ {
 			b = append(b, 0)
 		}
 	}
 	return b
 }
 // ParseResponse parses a successful binding response STUN packet.
 // The IP address is extracted from the XOR-MAPPED-ADDRESS attribute.
 // The returned addr slice is owned by the caller and does not alias b.
-func ParseResponse(b []byte) (tID TxID, addr []byte, port uint16, err error) {
+func ParseResponse(b []byte) (tID TxID, software, addr []byte, port uint16, err error) {
 	if !Is(b) {
-		return tID, nil, 0, ErrNotSTUN
+		return tID, nil, nil, 0, ErrNotSTUN
 	}
 	copy(tID[:], b[8:8+len(tID)])
 	if b[0] != 0x01 || b[1] != 0x01 {
-		return tID, nil, 0, ErrNotSuccessResponse
+		return tID, nil, nil, 0, ErrNotSuccessResponse
 	}
 	attrsLen := int(binary.BigEndian.Uint16(b[2:4]))
 	b = b[headerLen:] // remove STUN header
 	if attrsLen > len(b) {
-		return tID, nil, 0, ErrMalformedAttrs
+		return tID, nil, nil, 0, ErrMalformedAttrs
 	} else if len(b) > attrsLen {
 		b = b[:attrsLen] // trim trailing packet bytes
 	}
@ -239,26 +256,28 @@ func ParseResponse(b []byte) (tID TxID, addr []byte, port uint16, err error) {
 			} else {
 				fallbackAddr, fallbackPort = a, p
 			}
 		case attrNumSoftware:
 			software = append([]byte(nil), attr...)
 		}
 		return nil
 	}); err != nil {
-		return TxID{}, nil, 0, err
+		return TxID{}, nil, nil, 0, err
 	}
 	if addr != nil {
-		return tID, addr, port, nil
+		return tID, software, addr, port, nil
 	}
 	if fallbackAddr != nil {
-		return tID, append([]byte{}, fallbackAddr...), fallbackPort, nil
+		return tID, software, append([]byte{}, fallbackAddr...), fallbackPort, nil
 	}
 	if addr6 != nil {
-		return tID, addr6, port6, nil
+		return tID, software, addr6, port6, nil
 	}
 	if fallbackAddr6 != nil {
-		return tID, append([]byte{}, fallbackAddr6...), fallbackPort6, nil
+		return tID, software, append([]byte{}, fallbackAddr6...), fallbackPort6, nil
 	}
-	return tID, nil, 0, ErrMalformedAttrs
+	return tID, nil, nil, 0, ErrMalformedAttrs
 }
 func xorMappedAddress(tID TxID, b []byte) (addr []byte, port uint16, err error) {
@ -316,6 +335,21 @@ func mappedAddress(b []byte) (addr []byte, port uint16, err error) {
 	return append([]byte(nil), addrField[:addrLen]...), port, nil
 }
 /*func softwareString(b []byte) ([]byte, error) {
 	fmt.Printf("softwareString len(b)=%d\n", len(b))
 	if len(b) < 4 {
 		return nil, ErrMalformedAttrs
 	}
 	strLen := int(uint16(b[2])<<8 | uint16(b[3]))
 	fmt.Printf("softwareString b[2]=%d, b[3]=%d\n", b[2], b[3])
 	str := b[4:]
 	fmt.Printf("softwareString len(str)=%d, strLen=%d\n", len(str), strLen)
 	if len(str) < strLen {
 		return nil, ErrMalformedAttrs
 	}
 	return append([]byte(nil), str...), nil
 }*/
 // Is reports whether b is a STUN message.
 func Is(b []byte) bool {
 	return len(b) >= headerLen &&
--- a/net/stun/stun_test.go
+++ b/net/stun/stun_test.go
@ -22,11 +22,12 @@ func ExampleRequest() {
 }
 var responseTests = []struct {
-	name     string
+	name         string
-	data     []byte
+	data         []byte
-	wantTID  []byte
+	wantTID      []byte
-	wantAddr []byte
+	wantAddr     []byte
-	wantPort uint16
+	wantPort     uint16
 	wantSoftware string
 }{
 	{
 		name: "google-1",
@ -77,8 +78,9 @@ var responseTests = []struct {
 			0x48, 0x2e, 0xb6, 0x47, 0x15, 0xe8, 0xb2, 0x8e,
 			0xae, 0xad, 0x64, 0x44,
 		},
-		wantAddr: []byte{72, 69, 33, 45},
+		wantAddr:     []byte{72, 69, 33, 45},
-		wantPort: 58539,
+		wantPort:     58539,
 		wantSoftware: "Vovida.org 0.96\x00",
 	},
 	{
 		name: "stun.powervoip.com:3478",
@ -114,8 +116,9 @@ var responseTests = []struct {
 			0xeb, 0xc2, 0xd3, 0x6e, 0xf4, 0x71, 0x21, 0x7c,
 			0x4f, 0x3e, 0x30, 0x8e,
 		},
-		wantAddr: []byte{127, 0, 0, 1},
+		wantAddr:     []byte{127, 0, 0, 1},
-		wantPort: 61300,
+		wantPort:     61300,
 		wantSoftware: "endpointer",
 	},
 	{
 		name: "stuntman-server ipv6",
@ -156,8 +159,9 @@ var responseTests = []struct {
 			0xeb, 0xc2, 0xd3, 0x6e, 0xf4, 0x71, 0x21, 0x7c,
 			0x4f, 0x3e, 0x30, 0x8e,
 		},
-		wantAddr: []byte{127, 0, 0, 1},
+		wantAddr:     []byte{127, 0, 0, 1},
-		wantPort: 61300,
+		wantPort:     61300,
 		wantSoftware: "a",
 	},
 	{
 		name: "software-abc",
@ -172,15 +176,16 @@ var responseTests = []struct {
 			0xeb, 0xc2, 0xd3, 0x6e, 0xf4, 0x71, 0x21, 0x7c,
 			0x4f, 0x3e, 0x30, 0x8e,
 		},
-		wantAddr: []byte{127, 0, 0, 1},
+		wantAddr:     []byte{127, 0, 0, 1},
-		wantPort: 61300,
+		wantPort:     61300,
 		wantSoftware: "abc",
 	},
 }
 func TestParseResponse(t *testing.T) {
 	subtest := func(t *testing.T, i int) {
 		test := responseTests[i]
-		tID, addr, port, err := stun.ParseResponse(test.data)
+		tID, software, addr, port, err := stun.ParseResponse(test.data)
 		if err != nil {
 			t.Fatal(err)
 		}
@ -194,6 +199,9 @@ func TestParseResponse(t *testing.T) {
 		if port != test.wantPort {
 			t.Errorf("port=%d, want %d", port, test.wantPort)
 		}
 		if string(software) != test.wantSoftware {
 			t.Errorf("software=%q, want %s", software, test.wantSoftware)
 		}
 	}
 	for i, test := range responseTests {
 		t.Run(test.name, func(t *testing.T) {
@ -248,22 +256,26 @@ func TestResponse(t *testing.T) {
 		return
 	}
 	tests := []struct {
-		tx   stun.TxID
+		tx       stun.TxID
-		ip   net.IP
+		software string
-		port uint16
+		ip       net.IP
 		port     uint16
 	}{
-		{tx: txN(1), ip: net.ParseIP("1.2.3.4").To4(), port: 254},
+		{tx: txN(1), software: "derp3", ip: net.ParseIP("1.2.3.4").To4(), port: 254},
-		{tx: txN(2), ip: net.ParseIP("1.2.3.4").To4(), port: 257},
+		{tx: txN(2), software: "eightLen", ip: net.ParseIP("1.2.3.4").To4(), port: 257},
-		{tx: txN(3), ip: net.ParseIP("1::4"), port: 254},
+		{tx: txN(3), software: "", ip: net.ParseIP("1::4"), port: 254},
-		{tx: txN(4), ip: net.ParseIP("1::4"), port: 257},
+		{tx: txN(4), software: "💩", ip: net.ParseIP("1::4"), port: 257},
 	}
 	for _, tt := range tests {
-		res := stun.Response(tt.tx, tt.ip, tt.port)
+		res := stun.Response(tt.tx, tt.ip, tt.port, tt.software)
-		tx2, ip2, port2, err := stun.ParseResponse(res)
+		tx2, software2, ip2, port2, err := stun.ParseResponse(res)
 		if err != nil {
 			t.Errorf("TX %x: error: %v", tt.tx, err)
 			continue
 		}
 		if tt.software != string(software2) {
 			t.Errorf("TX %x: software=%v, want %v", tt.tx, software2, tt.software)
 		}
 		if tt.tx != tx2 {
 			t.Errorf("TX %x: got TxID = %v", tt.tx, tx2)
 		}
--- a/net/stun/stuntest/stuntest.go
+++ b/net/stun/stuntest/stuntest.go
@ -84,7 +84,7 @@ func runSTUN(t testing.TB, pc net.PacketConn, stats *stunStats, done chan<- stru
 		}
 		stats.mu.Unlock()
-		res := stun.Response(txid, ua.IP, uint16(ua.Port))
+		res := stun.Response(txid, ua.IP, uint16(ua.Port), "stuntest")
 		if _, err := pc.WriteTo(res, addr); err != nil {
 			t.Logf("STUN server write failed: %v", err)
 		}