diff --git a/cmd/derper/derp_bench_test.go b/cmd/derper/derp_bench_test.go new file mode 100644 index 000000000..e93442059 --- /dev/null +++ b/cmd/derper/derp_bench_test.go @@ -0,0 +1,138 @@ +package main + +import ( + "context" + "fmt" + "log" + "net/http" + "testing" + + "tailscale.com/derp/derphttp" + "tailscale.com/types/key" +) + +// THIS FILE WILL NOT BE INCLUDED, ITS JUST FOR LOCAL TESTING. +// PLEASE IGNORE :) + +func BenchmarkDerpSend(b *testing.B) { + + derper := &Derper{flagCfg: DerperFlagConfig{ + dev: true, + }, + } + + go func() { + if err := derper.Run(); err != nil { + b.Errorf("unable to run derper") + } + }() + + for { + // block until the server is ready + resp, err := http.Get("http://localhost:3340/derp/probe") + if err != nil { + fmt.Println(err) + continue + } + if resp.StatusCode == http.StatusOK { + fmt.Println(resp.Status) + break + } + } + + clientPriv := key.NewNode() + c, err := derphttp.NewClient(clientPriv, "http://localhost:3340/derp", log.Printf) + if err != nil { + b.Fatal(err) + return + } + defer c.Close() + + err = c.Connect(context.Background()) + if err != nil { + b.Fatal("could not connect: ", err) + return + } + + n := key.NewNode() + nc, err := derphttp.NewClient(n, "http://localhost:3340/derp", log.Printf) + if err != nil { + b.Fatal(err) + return + } + defer nc.Close() + + err = nc.Connect(context.Background()) + if err != nil { + b.Fatalf("could not connect") + return + } + + // b.Run("i dont know", func(b *testing.B) { + + for i := 0; i < b.N; i++ { + fmt.Println(i) + if err := c.Send(n.Public(), []byte{1, 2, 3, 4, 5, 6, 7, 8}); err != nil { + b.Fatalf("cannot send packet: %v", err) + return + } + + _, err := nc.Recv() + if err != nil { + b.Fatalf("error receiving: %v", err) + return + } + } + + b.Cleanup(func() { + err := derper.Stop() + if err != nil { + b.Fatalf("oops: %s", err) + } + }) +} + +// func dothestuff() { + +// // n := key.NewNode() + +// // nc, err := derphttp.NewClient(clientPriv, "http://localhost:3340/derp", log.Printf) +// // if err != nil { +// // log.Fatal(err) +// // } +// // defer nc.Close() + +// // err = nc.Connect(context.Background()) +// // if err != nil { +// // fmt.Println(err) +// // panic("connect") +// // } + +// fmt.Println(c.ServerPublicKey()) + +// for i := 0; i < 2; i++ { + +// fmt.Println("hi?") + +// if err := c.SendPing([8]byte{1, 2, 3, 4, 5, 6, 7, 8}); err != nil { +// fmt.Println(err) +// } +// time.Sleep(time.Millisecond * 100) + +// if err := c.Send(n.Public(), []byte{1, 2, 3, 4, 5, 6, 7, 8}); err != nil { +// fmt.Println(err) +// } + +// time.Sleep(time.Millisecond * 100) + +// if err := nc.Send(clientPriv.Public(), []byte{1, 2, 3, 4, 5, 6, 7, 8}); err != nil { +// fmt.Println(err) +// } + +// c.NotePreferred(true) + +// time.Sleep(time.Millisecond * 100) + +// } + +// } diff --git a/cmd/derper/derper.go b/cmd/derper/derper.go index f2573f504..a0bf93c35 100644 --- a/cmd/derper/derper.go +++ b/cmd/derper/derper.go @@ -35,6 +35,18 @@ "tailscale.com/types/key" ) +//* +/* in part it ends up being a preference thing vs. the reviewers, +/* but yeah one of the more ongoing flexible ways is to pull it out into a struct that you can configure before you run it, +/* so a really simple transition is to effectively take the flags and put them in a struct rather than globals, +/* and then take the parts of main that do more configuration/defaults setup +/* and put that in something like func (s *Struct) Configure() +/* and then finally put the part of main that actually runs it in to a func (s *Struct) Run() +/* that way a test / benchmark would mostly set the fields on the struct +/* and/or call configure, and then call run +/* the other thing we needed that we didn't have from main was a way to stop it after starting it +**/ + var ( dev = flag.Bool("dev", false, "run in localhost development mode") addr = flag.String("a", ":443", "server HTTPS listen address, in form \":port\", \"ip:port\", or for IPv6 \"[ip]:port\". If the IP is omitted, it defaults to all interfaces.") @@ -71,93 +83,69 @@ stunIPv6 = stunAddrFamily.Get("ipv6") ) -func init() { - stats.Set("counter_requests", stunDisposition) - stats.Set("counter_addrfamily", stunAddrFamily) - expvar.Publish("stun", stats) - expvar.Publish("derper_tls_request_version", tlsRequestVersion) - expvar.Publish("gauge_derper_tls_active_version", tlsActiveVersion) +type Derper struct { + flagCfg DerperFlagConfig + derpSrv *derp.Server + httpSrv *http.Server + port80srv *http.Server } -type config struct { - PrivateKey key.NodePrivate +type DerperFlagConfig struct { + dev bool + addr string + + httpPort int + stunPort int + configPath string + certMode string + certDir string + hostname string + runSTUN bool + + meshPSKFile string + + meshWith string + bootstrapDNS string + verifyClients bool + + acceptConnLimit float64 + acceptConnBurst int } -func loadConfig() config { - if *dev { - return config{PrivateKey: key.NewNode()} - } - if *configPath == "" { - if os.Getuid() == 0 { - *configPath = "/var/lib/derper/derper.key" - } else { - log.Fatalf("derper: -c not specified") - } - log.Printf("no config path specified; using %s", *configPath) - } - b, err := ioutil.ReadFile(*configPath) - switch { - case errors.Is(err, os.ErrNotExist): - return writeNewConfig() - case err != nil: - log.Fatal(err) - panic("unreachable") - default: - var cfg config - if err := json.Unmarshal(b, &cfg); err != nil { - log.Fatalf("derper: config: %v", err) - } - return cfg - } +func (d *Derper) Configure() error { + + return nil } -func writeNewConfig() config { - k := key.NewNode() - if err := os.MkdirAll(filepath.Dir(*configPath), 0777); err != nil { - log.Fatal(err) - } - cfg := config{ - PrivateKey: k, - } - b, err := json.MarshalIndent(cfg, "", "\t") - if err != nil { - log.Fatal(err) - } - if err := atomicfile.WriteFile(*configPath, b, 0600); err != nil { - log.Fatal(err) - } - return cfg -} - -func main() { - flag.Parse() - - if *dev { - *addr = ":3340" // above the keys DERP +func (d *Derper) Run() error { + if d.flagCfg.dev { + d.flagCfg.addr = ":3340" // above the keys DERP log.Printf("Running in dev mode.") tsweb.DevMode = true } - listenHost, _, err := net.SplitHostPort(*addr) + listenHost, _, err := net.SplitHostPort(d.flagCfg.addr) if err != nil { log.Fatalf("invalid server address: %v", err) } - cfg := loadConfig() + cfg := d.loadConfig() - serveTLS := tsweb.IsProd443(*addr) || *certMode == "manual" + serveTLS := tsweb.IsProd443(d.flagCfg.addr) || d.flagCfg.certMode == "manual" s := derp.NewServer(cfg.PrivateKey, log.Printf) - s.SetVerifyClient(*verifyClients) + s.SetVerifyClient(d.flagCfg.verifyClients) - if *meshPSKFile != "" { - b, err := ioutil.ReadFile(*meshPSKFile) + d.derpSrv = s + + if d.flagCfg.meshPSKFile != "" { + b, err := ioutil.ReadFile(d.flagCfg.meshPSKFile) if err != nil { log.Fatal(err) } key := strings.TrimSpace(string(b)) if matched, _ := regexp.MatchString(`(?i)^[0-9a-f]{64,}$`, key); !matched { - log.Fatalf("key in %s must contain 64+ hex digits", *meshPSKFile) + log.Fatalf("key in %s must contain 64+ hex digits", d.flagCfg.meshPSKFile) } s.SetMeshKey(key) log.Printf("DERP mesh key configured") @@ -191,7 +179,7 @@ func main() { } })) debug := tsweb.Debugger(mux) - debug.KV("TLS hostname", *hostname) + debug.KV("TLS hostname", d.flagCfg.hostname) debug.KV("Mesh key", s.HasMeshKey()) debug.Handle("check", "Consistency check", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { err := s.ConsistencyCheck() @@ -203,12 +191,12 @@ func main() { })) debug.Handle("traffic", "Traffic check", http.HandlerFunc(s.ServeDebugTraffic)) - if *runSTUN { - go serveSTUN(listenHost, *stunPort) + if d.flagCfg.runSTUN { + go serveSTUN(listenHost, d.flagCfg.stunPort) } httpsrv := &http.Server{ - Addr: *addr, + Addr: d.flagCfg.addr, Handler: mux, // Set read/write timeout. For derper, this basically @@ -222,10 +210,12 @@ func main() { WriteTimeout: 30 * time.Second, } + d.httpSrv = httpsrv + if serveTLS { - log.Printf("derper: serving on %s with TLS", *addr) + log.Printf("derper: serving on %s with TLS", d.flagCfg.addr) var certManager certProvider - certManager, err = certProviderByCertMode(*certMode, *certDir, *hostname) + certManager, err = certProviderByCertMode(d.flagCfg.certMode, d.flagCfg.certDir, d.flagCfg.hostname) if err != nil { log.Fatalf("derper: can not start cert provider: %v", err) } @@ -273,18 +263,19 @@ func main() { w.Header().Set("Content-Security-Policy", "default-src 'none'; frame-ancestors 'none'; form-action 'none'; base-uri 'self'; block-all-mixed-content; plugin-types 'none'") mux.ServeHTTP(w, r) }) - if *httpPort > -1 { + if d.flagCfg.httpPort > -1 { + port80srv := &http.Server{ + Addr: net.JoinHostPort(listenHost, fmt.Sprintf("%d", d.flagCfg.httpPort)), + Handler: certManager.HTTPHandler(tsweb.Port80Handler{Main: mux}), + ReadTimeout: 30 * time.Second, + // Crank up WriteTimeout a bit more than usually + // necessary just so we can do long CPU profiles + // and not hit net/http/pprof's "profile + // duration exceeds server's WriteTimeout". + WriteTimeout: 5 * time.Minute, + } + d.port80srv = port80srv go func() { - port80srv := &http.Server{ - Addr: net.JoinHostPort(listenHost, fmt.Sprintf("%d", *httpPort)), - Handler: certManager.HTTPHandler(tsweb.Port80Handler{Main: mux}), - ReadTimeout: 30 * time.Second, - // Crank up WriteTimeout a bit more than usually - // necessary just so we can do long CPU profiles - // and not hit net/http/pprof's "profile - // duration exceeds server's WriteTimeout". - WriteTimeout: 5 * time.Minute, - } err := port80srv.ListenAndServe() if err != nil { if err != http.ErrServerClosed { @@ -295,12 +286,134 @@ func main() { } err = rateLimitedListenAndServeTLS(httpsrv) } else { - log.Printf("derper: serving on %s", *addr) + log.Printf("derper: serving on %s", d.flagCfg.addr) err = httpsrv.ListenAndServe() } if err != nil && err != http.ErrServerClosed { log.Fatalf("derper: %v", err) } + + return nil +} + +func (d *Derper) Stop() error { + var httpSrvErr, port80srvErr error + + if d.derpSrv != nil { + err := d.derpSrv.Close() + if err != nil { + return fmt.Errorf("damn") + } + } + + if d.httpSrv != nil { + httpSrvErr = d.httpSrv.Close() + } + + if d.port80srv != nil { + port80srvErr = d.port80srv.Close() + } + + switch { + case httpSrvErr != nil && port80srvErr != nil: + log.Println("failed to close port80srv:", port80srvErr) + return fmt.Errorf("failed to close httpsrv: %w", httpSrvErr) + case httpSrvErr != nil: + return fmt.Errorf("failed to close httpsrv: %w", httpSrvErr) + case port80srvErr != nil: + return fmt.Errorf("failed to close port80srv: %w", port80srvErr) + } + + return nil +} + +func init() { + stats.Set("counter_requests", stunDisposition) + stats.Set("counter_addrfamily", stunAddrFamily) + expvar.Publish("stun", stats) + expvar.Publish("derper_tls_request_version", tlsRequestVersion) + expvar.Publish("gauge_derper_tls_active_version", tlsActiveVersion) +} + +type config struct { + PrivateKey key.NodePrivate +} + +func (d *Derper) loadConfig() config { + if d.flagCfg.dev { + return config{PrivateKey: key.NewNode()} + } + if d.flagCfg.configPath == "" { + if os.Getuid() == 0 { + d.flagCfg.configPath = "/var/lib/derper/derper.key" + } else { + log.Fatalf("derper: -c not specified") + } + log.Printf("no config path specified; using %s", d.flagCfg.configPath) + } + b, err := ioutil.ReadFile(d.flagCfg.configPath) + switch { + case errors.Is(err, os.ErrNotExist): + return writeNewConfig() + case err != nil: + log.Fatal(err) + panic("unreachable") + default: + var cfg config + if err := json.Unmarshal(b, &cfg); err != nil { + log.Fatalf("derper: config: %v", err) + } + return cfg + } +} + +func writeNewConfig() config { + k := key.NewNode() + if err := os.MkdirAll(filepath.Dir(*configPath), 0777); err != nil { + log.Fatal(err) + } + cfg := config{ + PrivateKey: k, + } + b, err := json.MarshalIndent(cfg, "", "\t") + if err != nil { + log.Fatal(err) + } + if err := atomicfile.WriteFile(*configPath, b, 0600); err != nil { + log.Fatal(err) + } + return cfg +} + +func main() { + flag.Parse() + + derper := &Derper{flagCfg: DerperFlagConfig{ + dev: *dev, + addr: *addr, + + httpPort: *httpPort, + stunPort: *stunPort, + configPath: *configPath, + certMode: *certMode, + certDir: *certDir, + hostname: *hostname, + runSTUN: *runSTUN, + + meshPSKFile: *meshPSKFile, + + meshWith: *meshWith, + bootstrapDNS: *bootstrapDNS, + verifyClients: *verifyClients, + + acceptConnLimit: *acceptConnLimit, + acceptConnBurst: *acceptConnBurst, + }, + } + + if err := derper.Run(); err != nil { + log.Fatal("unable to run derper") + } } // probeHandler is the endpoint that js/wasm clients hit to measure diff --git a/old.txt b/old.txt new file mode 100644 index 000000000..1ad7f5cb4 --- /dev/null +++ b/old.txt @@ -0,0 +1,31 @@ +2022/08/04 15:43:37 Running in dev mode. +2022/08/04 15:43:37 derper: serving on :3340 +2022/08/04 15:43:37 derphttp.Client.Connect: connecting to http://localhost:3340/derp +2022/08/04 15:43:37 running STUN server on [::]:3478 +2022/08/04 15:43:37 derphttp.Client.Connect: connecting to http://localhost:3340/derp +goos: linux +goarch: amd64 +pkg: tailscale.com/cmd/derper +2022/08/04 15:43:37 derp client [::1]:55814/6e6f64656b65793a39313565343537666538633835303532333432386231396631383238323234643963373936356262393231326266316632326534646466663331623337363734: read EOF +cpu: AMD Ryzen 9 5950X 16-Core Processor +BenchmarkDerpSend-32 2022/08/04 15:43:37 derp client [::1]:55814/6e6f64656b65793a39313565343537666538633835303532333432386231396631383238323234643963373936356262393231326266316632326534646466663331623337363734: removing connection +2022/08/04 15:43:37 derp client [::1]:55804/6e6f64656b65793a37666439653266633166653463356232643663336463666632393836626265393537306136383433393064313037303739613662383333346235333137383035: removing connection +2022/08/04 15:43:37 derp: [::1]:55804: client 6e6f64656b65793a37666439653266633166653463356232643663336463666632393836626265393537306136383433393064313037303739613662383333346235333137383035: readFrameHeader: read tcp [::1]:3340->[::1]:55804: read: connection reset by peer +2022/08/04 15:43:37 derphttp.Client.Connect: connecting to http://localhost:3340/derp +2022/08/04 15:43:37 derphttp.Client.Connect: connecting to http://localhost:3340/derp +2022/08/04 15:43:37 derp client [::1]:55824/6e6f64656b65793a32373562346333346436346633646338656132393363376237646638663364633263633066336339346264356631303236613661643239333163646538373532: read EOF +2022/08/04 15:43:37 derp client [::1]:55824/6e6f64656b65793a32373562346333346436346633646338656132393363376237646638663364633263633066336339346264356631303236613661643239333163646538373532: removing connection +2022/08/04 15:43:37 derp client [::1]:55820/6e6f64656b65793a63373934623165623130633532393536643936626437666563663165303138613937333132336534323535656462653133303566663839366161343962623361: removing connection +2022/08/04 15:43:37 derp: [::1]:55820: client 6e6f64656b65793a63373934623165623130633532393536643936626437666563663165303138613937333132336534323535656462653133303566663839366161343962623361: readFrameHeader: read tcp [::1]:3340->[::1]:55820: read: connection reset by peer +2022/08/04 15:43:37 derphttp.Client.Connect: connecting to http://localhost:3340/derp +2022/08/04 15:43:37 derphttp.Client.Connect: connecting to http://localhost:3340/derp +2022/08/04 15:43:38 derp client [::1]:55836/6e6f64656b65793a36363733333036363562396531316436333161343531333339383635386634393733333765383236346136396132666364616434633563313833636334353236: read EOF +2022/08/04 15:43:38 derp client [::1]:55836/6e6f64656b65793a36363733333036363562396531316436333161343531333339383635386634393733333765383236346136396132666364616434633563313833636334353236: removing connection +2022/08/04 15:43:38 derp client [::1]:55834/6e6f64656b65793a33383939363766613636623134356431393134376432356633313763653337336635656235643736666666663839623432363232343266363233366531623239: removing connection +2022/08/04 15:43:38 derp: [::1]:55834: client 6e6f64656b65793a33383939363766613636623134356431393134376432356633313763653337336635656235643736666666663839623432363232343266363233366531623239: readFrameHeader: read tcp [::1]:3340->[::1]:55834: read: connection reset by peer +2022/08/04 15:43:38 derphttp.Client.Connect: connecting to http://localhost:3340/derp +2022/08/04 15:43:38 derphttp.Client.Connect: connecting to http://localhost:3340/derp +2022/08/04 15:43:39 derp client [::1]:55864/6e6f64656b65793a61653265313834373232356462613663656132633336383462663138363965366563626334613361363935393130633935363131626463316339653637663630: read EOF + 24733 66103 ns/op +PASS +ok tailscale.com/cmd/derper 2.134s