Move Linux client & common packages into a public repo.

derp/derp_client.go

@@ -0,0 +1,182 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package derp
+
+import (
+	"bufio"
+	"crypto/rand"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net"
+	"time"
+
+	"golang.org/x/crypto/curve25519"
+	"golang.org/x/crypto/nacl/box"
+)
+
+type Client struct {
+	serverKey  [32]byte
+	privateKey [32]byte // TODO(crawshaw): make this wgcfg.PrivateKey?
+	publicKey  [32]byte
+	logf       func(format string, args ...interface{})
+	netConn    net.Conn
+	conn       *bufio.ReadWriter
+}
+
+func NewClient(privateKey [32]byte, netConn net.Conn, conn *bufio.ReadWriter, logf func(format string, args ...interface{})) (*Client, error) {
+	c := &Client{
+		privateKey: privateKey,
+		logf:       logf,
+		netConn:    netConn,
+		conn:       conn,
+	}
+	curve25519.ScalarBaseMult(&c.publicKey, &c.privateKey)
+
+	if err := c.recvServerKey(); err != nil {
+		return nil, fmt.Errorf("derp.Client: failed to receive server key: %v", err)
+	}
+	if err := c.sendClientKey(); err != nil {
+		return nil, fmt.Errorf("derp.Client: failed to send client key: %v", err)
+	}
+	_, err := c.recvServerInfo()
+	if err != nil {
+		return nil, fmt.Errorf("derp.Client: failed to receive server info: %v", err)
+	}
+
+	return c, nil
+}
+
+func (c *Client) recvServerKey() error {
+	gotMagic, err := readUint32(c.conn, 0xffffffff)
+	if err != nil {
+		return err
+	}
+	if gotMagic != magic {
+		return fmt.Errorf("bad magic %x, want %x", gotMagic, magic)
+	}
+	if err := readType(c.conn.Reader, typeServerKey); err != nil {
+		return err
+	}
+	if _, err := io.ReadFull(c.conn, c.serverKey[:]); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *Client) recvServerInfo() (*serverInfo, error) {
+	if err := readType(c.conn.Reader, typeServerInfo); err != nil {
+		return nil, err
+	}
+	var nonce [24]byte
+	if _, err := io.ReadFull(c.conn, nonce[:]); err != nil {
+		return nil, fmt.Errorf("nonce: %v", err)
+	}
+	msgLen, err := readUint32(c.conn, oneMB)
+	if err != nil {
+		return nil, fmt.Errorf("msglen: %v", err)
+	}
+	msgbox := make([]byte, msgLen)
+	if _, err := io.ReadFull(c.conn, msgbox); err != nil {
+		return nil, fmt.Errorf("msgbox: %v", err)
+	}
+	msg, ok := box.Open(nil, msgbox, &nonce, &c.serverKey, &c.privateKey)
+	if !ok {
+		return nil, fmt.Errorf("msgbox: cannot open len=%d with server key %x", msgLen, c.serverKey[:])
+	}
+	info := new(serverInfo)
+	if err := json.Unmarshal(msg, info); err != nil {
+		return nil, fmt.Errorf("msg: %v", err)
+	}
+	return info, nil
+}
+
+func (c *Client) sendClientKey() error {
+	var nonce [24]byte
+	if _, err := rand.Read(nonce[:]); err != nil {
+		return err
+	}
+	msg := []byte("{}") // no clientInfo for now
+	msgbox := box.Seal(nil, msg, &nonce, &c.serverKey, &c.privateKey)
+
+	if _, err := c.conn.Write(c.publicKey[:]); err != nil {
+		return err
+	}
+	if _, err := c.conn.Write(nonce[:]); err != nil {
+		return err
+	}
+	if err := putUint32(c.conn.Writer, uint32(len(msgbox))); err != nil {
+		return err
+	}
+	if _, err := c.conn.Write(msgbox); err != nil {
+		return err
+	}
+	return c.conn.Flush()
+}
+
+func (c *Client) Send(dstKey [32]byte, msg []byte) (err error) {
+	defer func() {
+		if err != nil {
+			err = fmt.Errorf("derp.Send: %v", err)
+		}
+	}()
+
+	if err := c.conn.WriteByte(typeSendPacket); err != nil {
+		return err
+	}
+	if _, err := c.conn.Write(dstKey[:]); err != nil {
+		return err
+	}
+	msgLen := uint32(len(msg))
+	if int(msgLen) != len(msg) {
+		return fmt.Errorf("packet too big: %d", len(msg))
+	}
+	if err := putUint32(c.conn.Writer, msgLen); err != nil {
+		return err
+	}
+	if _, err := c.conn.Write(msg); err != nil {
+		return err
+	}
+	return c.conn.Flush()
+}
+
+func (c *Client) Recv(b []byte) (n int, err error) {
+	defer func() {
+		if err != nil {
+			err = fmt.Errorf("derp.Recv: %v", err)
+		}
+	}()
+
+loop:
+	for {
+		c.netConn.SetReadDeadline(time.Now().Add(120 * time.Second))
+		packetType, err := c.conn.ReadByte()
+		if err != nil {
+			return 0, err
+		}
+		switch packetType {
+		case typeKeepAlive:
+			continue
+		case typeRecvPacket:
+			break loop
+		default:
+			return 0, fmt.Errorf("derp.Recv: unknown packet type %d", packetType)
+		}
+	}
+
+	packetLen, err := readUint32(c.conn.Reader, oneMB)
+	if err != nil {
+		return 0, err
+	}
+	if int(packetLen) > len(b) {
+		// TODO(crawshaw): discard the packet
+		return 0, io.ErrShortBuffer
+	}
+	b = b[:packetLen]
+	if _, err := io.ReadFull(c.conn, b); err != nil {
+		return 0, err
+	}
+	return int(packetLen), nil
+}

derp/derp_server.go

@@ -0,0 +1,380 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package derp
+
+// TODO(crawshaw): revise protocol so unknown type packets have a predictable length for skipping.
+// TODO(crawshaw): send srcKey with packets to clients?
+// TODO(crawshaw): with predefined serverKey in clients and HMAC on packets we could skip TLS
+
+import (
+	"bufio"
+	"context"
+	"crypto/rand"
+	"encoding/binary"
+	"encoding/json"
+	"fmt"
+	"io"
+	"math/big"
+	"net"
+	"sync"
+	"time"
+
+	"golang.org/x/crypto/curve25519"
+	"golang.org/x/crypto/nacl/box"
+)
+
+const magic = 0x44c55250 // "DERP" with a non-ASCII high-bit
+
+const (
+	typeServerKey  = 0x01
+	typeServerInfo = 0x02
+	typeSendPacket = 0x03
+	typeRecvPacket = 0x04
+	typeKeepAlive  = 0x05
+)
+
+const keepAlive = 60 * time.Second
+
+var bin = binary.BigEndian
+
+const oneMB = 1 << 20
+
+type Server struct {
+	privateKey [32]byte // TODO(crawshaw): make this wgcfg.PrivateKey?
+	publicKey  [32]byte
+	logf       func(format string, args ...interface{})
+
+	mu       sync.Mutex
+	netConns map[net.Conn]chan struct{}
+	clients  map[[32]byte]*client
+}
+
+func NewServer(privateKey [32]byte, logf func(format string, args ...interface{})) *Server {
+	s := &Server{
+		privateKey: privateKey,
+		logf:       logf,
+		clients:    make(map[[32]byte]*client),
+		netConns:   make(map[net.Conn]chan struct{}),
+	}
+	curve25519.ScalarBaseMult(&s.publicKey, &s.privateKey)
+	return s
+}
+
+func (s *Server) Close() error {
+	var closedChs []chan struct{}
+
+	s.mu.Lock()
+	for netConn, closed := range s.netConns {
+		netConn.Close()
+		closedChs = append(closedChs, closed)
+	}
+	s.mu.Unlock()
+
+	for _, closed := range closedChs {
+		<-closed
+	}
+
+	return nil
+}
+
+func (s *Server) Accept(netConn net.Conn, conn *bufio.ReadWriter) {
+	closed := make(chan struct{})
+
+	s.mu.Lock()
+	s.netConns[netConn] = closed
+	s.mu.Unlock()
+
+	defer func() {
+		netConn.Close()
+		close(closed)
+
+		s.mu.Lock()
+		delete(s.netConns, netConn)
+		s.mu.Unlock()
+	}()
+
+	if err := s.accept(netConn, conn); err != nil {
+		s.logf("derp: %s: %v", netConn.RemoteAddr(), err)
+	}
+}
+
+func (s *Server) accept(netConn net.Conn, conn *bufio.ReadWriter) error {
+	netConn.SetDeadline(time.Now().Add(10 * time.Second))
+	if err := s.sendServerKey(conn); err != nil {
+		return fmt.Errorf("send server key: %v", err)
+	}
+	netConn.SetDeadline(time.Now().Add(10 * time.Second))
+	clientKey, clientInfo, err := s.recvClientKey(conn)
+	if err != nil {
+		return fmt.Errorf("receive client key: %v", err)
+	}
+	if err := s.verifyClient(clientKey, clientInfo); err != nil {
+		return fmt.Errorf("client %x rejected: %v", clientKey, err)
+	}
+
+	// At this point we trust the client so we don't time out.
+	netConn.SetDeadline(time.Time{})
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	c := &client{
+		key:     clientKey,
+		netConn: netConn,
+		conn:    conn,
+	}
+	if clientInfo != nil {
+		c.info = *clientInfo
+	}
+	go func() {
+		if err := c.keepAlive(ctx); err != nil {
+			s.logf("derp: %s: client %x: keep alive failed: %v", netConn.RemoteAddr(), c.key, err)
+		}
+	}()
+
+	defer func() {
+		s.mu.Lock()
+		curClient := s.clients[c.key]
+		if curClient != nil && curClient.conn == conn {
+			s.logf("derp: %s: client %x: removing connection", netConn.RemoteAddr(), c.key)
+			delete(s.clients, c.key)
+		}
+		s.mu.Unlock()
+	}()
+
+	// Hold mu while we add the new client to the clients list and under
+	// the same acquisition send server info. This ensure that both:
+	// 1. by the time the client receives the server info, it can be addressed.
+	// 2. the server info is the very first
+	c.mu.Lock()
+	s.mu.Lock()
+	oldClient := s.clients[c.key]
+	s.clients[c.key] = c
+	s.mu.Unlock()
+	if err := s.sendServerInfo(conn, clientKey); err != nil {
+		return fmt.Errorf("send server info: %v", err)
+	}
+	c.mu.Unlock()
+
+	if oldClient == nil {
+		s.logf("derp: %s: client %x: adding connection", netConn.RemoteAddr(), c.key)
+	} else {
+		oldClient.netConn.Close()
+		s.logf("derp: %s: client %x: adding connection, replacing %s", netConn.RemoteAddr(), c.key, oldClient.netConn.RemoteAddr())
+	}
+
+	for {
+		dstKey, contents, err := s.recvPacket(c.conn)
+		if err != nil {
+			return fmt.Errorf("client %x: recv: %v", c.key, err)
+		}
+
+		s.mu.Lock()
+		dst := s.clients[dstKey]
+		s.mu.Unlock()
+
+		if dst == nil {
+			s.logf("derp: %s: client %x: dropping packet for unknown %x", netConn.RemoteAddr(), c.key, dstKey)
+			continue
+		}
+
+		dst.mu.Lock()
+		err = s.sendPacket(dst.conn, c.key, contents)
+		dst.mu.Unlock()
+
+		if err != nil {
+			s.logf("derp: %s: client %x: dropping packet for %x: %v", netConn.RemoteAddr(), c.key, dstKey, err)
+
+			// If we cannot send to a destination, shut it down.
+			// Let its receive loop do the cleanup.
+			s.mu.Lock()
+			if s.clients[dstKey].conn == dst.conn {
+				s.clients[dstKey].netConn.Close()
+			}
+			s.mu.Unlock()
+		}
+	}
+}
+
+func (s *Server) verifyClient(clientKey [32]byte, info *clientInfo) error {
+	// TODO(crawshaw): implement policy constraints on who can use the DERP server
+	return nil
+}
+
+func (s *Server) sendServerKey(conn *bufio.ReadWriter) error {
+	if err := putUint32(conn, magic); err != nil {
+		return err
+	}
+	if err := conn.WriteByte(typeServerKey); err != nil {
+		return err
+	}
+	if _, err := conn.Write(s.publicKey[:]); err != nil {
+		return err
+	}
+	return conn.Flush()
+}
+
+func (s *Server) sendServerInfo(conn *bufio.ReadWriter, clientKey [32]byte) error {
+	var nonce [24]byte
+	if _, err := rand.Read(nonce[:]); err != nil {
+		return err
+	}
+	msg := []byte("{}") // no serverInfo for now
+	msgbox := box.Seal(nil, msg, &nonce, &clientKey, &s.privateKey)
+
+	if err := conn.WriteByte(typeServerInfo); err != nil {
+		return err
+	}
+	if _, err := conn.Write(nonce[:]); err != nil {
+		return err
+	}
+	if err := putUint32(conn, uint32(len(msgbox))); err != nil {
+		return err
+	}
+	if _, err := conn.Write(msgbox); err != nil {
+		return err
+	}
+	return conn.Flush()
+}
+
+func (s *Server) recvClientKey(conn *bufio.ReadWriter) (clientKey [32]byte, info *clientInfo, err error) {
+	if _, err := io.ReadFull(conn, clientKey[:]); err != nil {
+		return [32]byte{}, nil, err
+	}
+	var nonce [24]byte
+	if _, err := io.ReadFull(conn, nonce[:]); err != nil {
+		return [32]byte{}, nil, fmt.Errorf("nonce: %v", err)
+	}
+	msgLen, err := readUint32(conn, oneMB)
+	if err != nil {
+		return [32]byte{}, nil, fmt.Errorf("msglen: %v", err)
+	}
+	msgbox := make([]byte, msgLen)
+	if _, err := io.ReadFull(conn, msgbox); err != nil {
+		return [32]byte{}, nil, fmt.Errorf("msgbox: %v", err)
+	}
+	msg, ok := box.Open(nil, msgbox, &nonce, &clientKey, &s.privateKey)
+	if !ok {
+		return [32]byte{}, nil, fmt.Errorf("msgbox: cannot open len=%d with client key %x", msgLen, clientKey[:])
+	}
+	info = new(clientInfo)
+	if err := json.Unmarshal(msg, info); err != nil {
+		return [32]byte{}, nil, fmt.Errorf("msg: %v", err)
+	}
+	return clientKey, info, nil
+}
+
+func (s *Server) sendPacket(conn *bufio.ReadWriter, srcKey [32]byte, contents []byte) error {
+	if err := conn.WriteByte(typeRecvPacket); err != nil {
+		return err
+	}
+	if err := putUint32(conn.Writer, uint32(len(contents))); err != nil {
+		return err
+	}
+	if _, err := conn.Write(contents); err != nil {
+		return err
+	}
+	return conn.Flush()
+}
+
+func (s *Server) recvPacket(conn *bufio.ReadWriter) (dstKey [32]byte, contents []byte, err error) {
+	if err := readType(conn.Reader, typeSendPacket); err != nil {
+		return [32]byte{}, nil, err
+	}
+	if _, err := io.ReadFull(conn, dstKey[:]); err != nil {
+		return [32]byte{}, nil, err
+	}
+	packetLen, err := readUint32(conn.Reader, oneMB)
+	if err != nil {
+		return [32]byte{}, nil, err
+	}
+	contents = make([]byte, packetLen)
+	if _, err := io.ReadFull(conn, contents); err != nil {
+		return [32]byte{}, nil, err
+	}
+	return dstKey, contents, nil
+}
+
+type client struct {
+	netConn net.Conn
+	key     [32]byte
+	info    clientInfo
+
+	keepAliveTimer *time.Timer
+	keepAliveReset chan struct{}
+
+	mu   sync.Mutex
+	conn *bufio.ReadWriter
+}
+
+func (c *client) keepAlive(ctx context.Context) error {
+	jitterMs, err := rand.Int(rand.Reader, big.NewInt(5000))
+	if err != nil {
+		panic(err)
+	}
+	jitter := time.Duration(jitterMs.Int64()) * time.Millisecond
+	c.keepAliveTimer = time.NewTimer(keepAlive + jitter)
+
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-c.keepAliveReset:
+			if c.keepAliveTimer.Stop() {
+				<-c.keepAliveTimer.C
+			}
+			c.keepAliveTimer.Reset(keepAlive + jitter)
+		case <-c.keepAliveTimer.C:
+			c.mu.Lock()
+			err := c.conn.WriteByte(typeKeepAlive)
+			if err == nil {
+				err = c.conn.Flush()
+			}
+			c.mu.Unlock()
+
+			if err != nil {
+				// TODO log
+				c.netConn.Close()
+				return err
+			}
+		}
+	}
+}
+
+type clientInfo struct {
+}
+
+type serverInfo struct {
+}
+
+func readType(r *bufio.Reader, t uint8) error {
+	packetType, err := r.ReadByte()
+	if err != nil {
+		return err
+	}
+	if packetType != t {
+		return fmt.Errorf("bad packet type 0x%X, want 0x%X", packetType, t)
+	}
+	return nil
+}
+
+func putUint32(w io.Writer, v uint32) error {
+	var b [4]byte
+	bin.PutUint32(b[:], v)
+	_, err := w.Write(b[:])
+	return err
+}
+
+func readUint32(r io.Reader, maxVal uint32) (uint32, error) {
+	b := make([]byte, 4)
+	if _, err := io.ReadFull(r, b); err != nil {
+		return 0, err
+	}
+	val := bin.Uint32(b)
+	if val > maxVal {
+		return 0, fmt.Errorf("uint32 %d exceeds limit %d", val, maxVal)
+	}
+	return val, nil
+}

derp/derp_test.go

@@ -0,0 +1,125 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package derp
+
+import (
+	"bufio"
+	"crypto/rand"
+	"net"
+	"testing"
+	"time"
+
+	"golang.org/x/crypto/curve25519"
+)
+
+func TestSendRecv(t *testing.T) {
+	const numClients = 3
+	var serverPrivateKey [32]byte
+	if _, err := rand.Read(serverPrivateKey[:]); err != nil {
+		t.Fatal(err)
+	}
+	var clientPrivateKeys [][32]byte
+	for i := 0; i < numClients; i++ {
+		var key [32]byte
+		if _, err := rand.Read(key[:]); err != nil {
+			t.Fatal(err)
+		}
+		clientPrivateKeys = append(clientPrivateKeys, key)
+	}
+	var clientKeys [][32]byte
+	for _, privKey := range clientPrivateKeys {
+		var key [32]byte
+		curve25519.ScalarBaseMult(&key, &privKey)
+		clientKeys = append(clientKeys, key)
+	}
+
+	ln, err := net.Listen("tcp", ":0")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	var clientConns []net.Conn
+	for i := 0; i < numClients; i++ {
+		conn, err := net.Dial("tcp", ln.Addr().String())
+		if err != nil {
+			t.Fatal(err)
+		}
+		clientConns = append(clientConns, conn)
+	}
+	s := NewServer(serverPrivateKey, t.Logf)
+	defer s.Close()
+	for i := 0; i < numClients; i++ {
+		netConn, err := ln.Accept()
+		if err != nil {
+			t.Fatal(err)
+		}
+		conn := bufio.NewReadWriter(bufio.NewReader(netConn), bufio.NewWriter(netConn))
+		go s.Accept(netConn, conn)
+	}
+
+	var clients []*Client
+	var recvChs []chan []byte
+	errCh := make(chan error, 3)
+	for i := 0; i < numClients; i++ {
+		key := clientPrivateKeys[i]
+		netConn := clientConns[i]
+		conn := bufio.NewReadWriter(bufio.NewReader(netConn), bufio.NewWriter(netConn))
+		c, err := NewClient(key, netConn, conn, t.Logf)
+		if err != nil {
+			t.Fatalf("client %d: %v", i, err)
+		}
+		clients = append(clients, c)
+		recvChs = append(recvChs, make(chan []byte))
+
+		go func(i int) {
+			for {
+				b := make([]byte, 1<<16)
+				n, err := c.Recv(b)
+				if err != nil {
+					errCh <- err
+					return
+				}
+				b = b[:n]
+				recvChs[i] <- b
+			}
+		}(i)
+	}
+
+	recv := func(i int, want string) {
+		t.Helper()
+		select {
+		case b := <-recvChs[i]:
+			if got := string(b); got != want {
+				t.Errorf("client1.Recv=%q, want %q", got, want)
+			}
+		case <-time.After(1 * time.Second):
+			t.Errorf("client%d.Recv, got nothing, want %q", i, want)
+		}
+	}
+	recvNothing := func(i int) {
+		t.Helper()
+		select {
+		case b := <-recvChs[0]:
+			t.Errorf("client%d.Recv=%q, want nothing", i, string(b))
+		default:
+		}
+	}
+
+	msg1 := []byte("hello 0->1\n")
+	if err := clients[0].Send(clientKeys[1], msg1); err != nil {
+		t.Fatal(err)
+	}
+	recv(1, string(msg1))
+	recvNothing(0)
+	recvNothing(2)
+
+	msg2 := []byte("hello 1->2\n")
+	if err := clients[1].Send(clientKeys[2], msg2); err != nil {
+		t.Fatal(err)
+	}
+	recv(2, string(msg2))
+	recvNothing(0)
+	recvNothing(1)
+}

derp/derphttp/derphttp_client.go

@@ -0,0 +1,203 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package derphttp implements DERP-over-HTTP.
+//
+// This makes DERP look exactly like WebSockets.
+// A server can implement DERP over HTTPS and even if the TLS connection
+// intercepted using a fake root CA, unless the interceptor knows how to
+// detect DERP packets, it will look like a web socket.
+package derphttp
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/url"
+	"sync"
+
+	"tailscale.com/derp"
+)
+
+// Client is a DERP-over-HTTP client.
+//
+// It automatically reconnects on error retry. That is, a failed Send or
+// Recv will report the error and not retry, but subsequent calls to
+// Send/Recv will completely re-establish the connection.
+type Client struct {
+	privateKey [32]byte
+	logf       func(format string, args ...interface{})
+	closed     chan struct{}
+	url        *url.URL
+	resp       *http.Response
+
+	netConnMu sync.Mutex
+	netConn   net.Conn
+
+	clientMu sync.Mutex
+	client   *derp.Client
+}
+
+func NewClient(privateKey [32]byte, serverURL string, logf func(format string, args ...interface{})) (c *Client, err error) {
+	u, err := url.Parse(serverURL)
+	if err != nil {
+		return nil, fmt.Errorf("derphttp.NewClient: %v", err)
+	}
+
+	c = &Client{
+		privateKey: privateKey,
+		logf:       logf,
+		url:        u,
+		closed:     make(chan struct{}),
+	}
+	if _, err := c.connect("derphttp.NewClient"); err != nil {
+		c.logf("%v", err)
+	}
+	return c, nil
+}
+
+func (c *Client) connect(caller string) (client *derp.Client, err error) {
+	select {
+	case <-c.closed:
+		return nil, ErrClientClosed
+	default:
+	}
+
+	c.clientMu.Lock()
+	defer c.clientMu.Unlock()
+
+	if c.client != nil {
+		return c.client, nil
+	}
+
+	c.logf("%s: connecting", caller)
+
+	var netConn net.Conn
+	defer func() {
+		if err != nil {
+			err = fmt.Errorf("%s connect: %v", caller, err)
+			if netConn := netConn; netConn != nil {
+				netConn.Close()
+			}
+		}
+	}()
+
+	if c.url.Scheme == "https" {
+		port := c.url.Port()
+		if port == "" {
+			port = "443"
+		}
+		config := &tls.Config{}
+		var tlsConn *tls.Conn
+		tlsConn, err = tls.Dial("tcp", net.JoinHostPort(c.url.Host, port), config)
+		if tlsConn != nil {
+			netConn = tlsConn
+		}
+	} else {
+		netConn, err = net.Dial("tcp", c.url.Host)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	c.netConnMu.Lock()
+	c.netConn = netConn
+	c.netConnMu.Unlock()
+
+	conn := bufio.NewReadWriter(bufio.NewReader(netConn), bufio.NewWriter(netConn))
+
+	req, err := http.NewRequest("GET", c.url.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Upgrade", "WebSocket")
+	req.Header.Set("Connection", "Upgrade")
+	if err := req.Write(conn); err != nil {
+		return nil, err
+	}
+	if err := conn.Flush(); err != nil {
+		return nil, err
+	}
+
+	resp, err := http.ReadResponse(conn.Reader, req)
+	if err != nil {
+		return nil, err
+	}
+	if resp.StatusCode != http.StatusSwitchingProtocols {
+		b, _ := ioutil.ReadAll(resp.Body)
+		resp.Body.Close()
+		return nil, fmt.Errorf("GET failed: %v: %s", err, b)
+	}
+	resp.Body = ioutil.NopCloser(bytes.NewReader([]byte{}))
+
+	derpClient, err := derp.NewClient(c.privateKey, netConn, conn, c.logf)
+	if err != nil {
+		return nil, err
+	}
+	c.resp = resp
+	c.client = derpClient
+	return c.client, nil
+}
+
+func (c *Client) Send(dstKey [32]byte, b []byte) error {
+	client, err := c.connect("derphttp.Client.Send")
+	if err != nil {
+		return err
+	}
+	if err := client.Send(dstKey, b); err != nil {
+		c.close()
+	}
+	return err
+}
+
+func (c *Client) Recv(b []byte) (int, error) {
+	client, err := c.connect("derphttp.Client.Recv")
+	if err != nil {
+		return 0, err
+	}
+	n, err := client.Recv(b)
+	if err != nil {
+		c.close()
+	}
+	return n, err
+}
+
+func (c *Client) Close() error {
+	select {
+	case <-c.closed:
+		return ErrClientClosed
+	default:
+	}
+	close(c.closed)
+	c.close()
+	return nil
+}
+
+func (c *Client) close() {
+	c.netConnMu.Lock()
+	netConn := c.netConn
+	c.netConnMu.Unlock()
+
+	if netConn != nil {
+		netConn.Close()
+	}
+
+	c.clientMu.Lock()
+	defer c.clientMu.Unlock()
+	if c.client == nil {
+		return
+	}
+	c.resp = nil
+	c.client = nil
+	c.netConnMu.Lock()
+	c.netConn = nil
+	c.netConnMu.Unlock()
+}
+
+var ErrClientClosed = errors.New("derphttp.Client closed")

derp/derphttp/derphttp_server.go

@@ -0,0 +1,35 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package derphttp
+
+import (
+	"net/http"
+
+	"tailscale.com/derp"
+)
+
+func Handler(s *derp.Server) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Header.Get("Upgrade") != "WebSocket" {
+			http.Error(w, "DERP requires connection upgrade", http.StatusUpgradeRequired)
+			return
+		}
+		w.Header().Set("Upgrade", "WebSocket")
+		w.Header().Set("Connection", "Upgrade")
+		w.WriteHeader(http.StatusSwitchingProtocols)
+
+		h, ok := w.(http.Hijacker)
+		if !ok {
+			http.Error(w, "HTTP does not support general TCP support", 500)
+			return
+		}
+		netConn, conn, err := h.Hijack()
+		if err != nil {
+			http.Error(w, "HTTP does not support general TCP support", 500)
+			return
+		}
+		s.Accept(netConn, conn)
+	})
+}

derp/derphttp/derphttp_test.go

@@ -0,0 +1,142 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package derphttp
+
+import (
+	"crypto/rand"
+	"crypto/tls"
+	"net"
+	"net/http"
+	"sync"
+	"testing"
+	"time"
+
+	"golang.org/x/crypto/curve25519"
+	"tailscale.com/derp"
+)
+
+func TestSendRecv(t *testing.T) {
+	const numClients = 3
+	var serverPrivateKey [32]byte
+	if _, err := rand.Read(serverPrivateKey[:]); err != nil {
+		t.Fatal(err)
+	}
+	var clientPrivateKeys [][32]byte
+	for i := 0; i < numClients; i++ {
+		var key [32]byte
+		if _, err := rand.Read(key[:]); err != nil {
+			t.Fatal(err)
+		}
+		clientPrivateKeys = append(clientPrivateKeys, key)
+	}
+	var clientKeys [][32]byte
+	for _, privKey := range clientPrivateKeys {
+		var key [32]byte
+		curve25519.ScalarBaseMult(&key, &privKey)
+		clientKeys = append(clientKeys, key)
+	}
+
+	s := derp.NewServer(serverPrivateKey, t.Logf)
+	defer s.Close()
+
+	httpsrv := &http.Server{
+		TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler)),
+		Handler:      Handler(s),
+	}
+
+	ln, err := net.Listen("tcp4", "localhost:0")
+	if err != nil {
+		t.Fatal(err)
+	}
+	serverURL := "http://" + ln.Addr().String()
+	t.Logf("server URL: %s", serverURL)
+
+	go func() {
+		if err := httpsrv.Serve(ln); err != nil {
+			if err == http.ErrServerClosed {
+				return
+			}
+			panic(err)
+		}
+	}()
+
+	var clients []*Client
+	var recvChs []chan []byte
+	done := make(chan struct{})
+	var wg sync.WaitGroup
+	defer func() {
+		close(done)
+		for _, c := range clients {
+			c.Close()
+		}
+		wg.Wait()
+	}()
+	for i := 0; i < numClients; i++ {
+		key := clientPrivateKeys[i]
+		c, err := NewClient(key, serverURL, t.Logf)
+		if err != nil {
+			t.Fatalf("client %d: %v", i, err)
+		}
+		clients = append(clients, c)
+		recvChs = append(recvChs, make(chan []byte))
+
+		wg.Add(1)
+		go func(i int) {
+			defer wg.Done()
+			for {
+				select {
+				case <-done:
+					return
+				default:
+				}
+				b := make([]byte, 1<<16)
+				n, err := c.Recv(b)
+				if err != nil {
+					t.Logf("client%d: %v", i, err)
+					break
+				}
+				b = b[:n]
+				recvChs[i] <- b
+			}
+		}(i)
+	}
+
+	recv := func(i int, want string) {
+		t.Helper()
+		select {
+		case b := <-recvChs[i]:
+			if got := string(b); got != want {
+				t.Errorf("client1.Recv=%q, want %q", got, want)
+			}
+		case <-time.After(1 * time.Second):
+			t.Errorf("client%d.Recv, got nothing, want %q", i, want)
+		}
+	}
+	recvNothing := func(i int) {
+		t.Helper()
+		select {
+		case b := <-recvChs[0]:
+			t.Errorf("client%d.Recv=%q, want nothing", i, string(b))
+		default:
+		}
+	}
+
+	msg1 := []byte("hello 0->1\n")
+	if err := clients[0].Send(clientKeys[1], msg1); err != nil {
+		t.Fatal(err)
+	}
+	recv(1, string(msg1))
+	recvNothing(0)
+	recvNothing(2)
+
+	msg2 := []byte("hello 1->2\n")
+	if err := clients[1].Send(clientKeys[2], msg2); err != nil {
+		t.Fatal(err)
+	}
+	recv(2, string(msg2))
+	recvNothing(0)
+	recvNothing(1)
+
+}

derp/doc.go

@@ -0,0 +1,13 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package derp implements DERP, the Detour Encrypted Routing Protocol.
+//
+// DERP routes packets to clients using curve25519 keys as addresses.
+//
+// DERP is used by Tailscale nodes to proxy encrypted WireGuard
+// packets through the Tailscale cloud servers when a direct path
+// cannot be found or opened. DERP is a last resort. Both sides
+// between very aggressive NATs, firewalls, no IPv6, etc? Well, DERP.
+package derp