ipn/ipnserver: change Server to let LocalBackend be supplied async

This is step 1 of de-special-casing of Windows and letting the
LocalAPI HTTP server start serving immediately, even while the rest of
the world (notably the Engine and its TUN device) are being created,
which can take a few to dozens of seconds on Windows.

With this change, the ipnserver.New function changes to not take an
Engine and to return immediately, not returning an error, and let its
Run run immediately. If its ServeHTTP is called when it doesn't yet
have a LocalBackend, it returns an error. A TODO in there shows where
a future handler will serve status before an engine is available.

Future changes will:

* delete a bunch of tailscaled_windows.go code and use this new API
* add the ipnserver.Server ServerHTTP handler to await the engine
  being available
* use that handler in the Windows GUI client

Updates #6522

Change-Id: Iae94e68c235e850b112a72ea24ad0e0959b568ee
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

cmd/tailscaled/depaware.txt

@@ -250,7 +250,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/paths                                          from tailscale.com/ipn/ipnlocal+
      💣 tailscale.com/portlist                                       from tailscale.com/ipn/ipnlocal
         tailscale.com/safesocket                                     from tailscale.com/client/tailscale+
-        tailscale.com/smallzstd                                      from tailscale.com/ipn/ipnserver+
+        tailscale.com/smallzstd                                      from tailscale.com/cmd/tailscaled+
   LD 💣 tailscale.com/ssh/tailssh                                    from tailscale.com/cmd/tailscaled
         tailscale.com/syncs                                          from tailscale.com/net/netcheck+
         tailscale.com/tailcfg                                        from tailscale.com/client/tailscale/apitype+

cmd/tailscaled/taildrop.go

@@ -0,0 +1,106 @@
+// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.19
+
+package main
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"tailscale.com/ipn/ipnlocal"
+	"tailscale.com/types/logger"
+	"tailscale.com/version/distro"
+)
+
+func configureTaildrop(logf logger.Logf, lb *ipnlocal.LocalBackend) {
+	dg := distro.Get()
+	switch dg {
+	case distro.Synology, distro.TrueNAS, distro.QNAP:
+		// See if they have a "Taildrop" share.
+		// See https://github.com/tailscale/tailscale/issues/2179#issuecomment-982821319
+		path, err := findTaildropDir(dg)
+		if err != nil {
+			logf("%s Taildrop support: %v", dg, err)
+		} else {
+			logf("%s Taildrop: using %v", dg, path)
+			lb.SetDirectFileRoot(path)
+			lb.SetDirectFileDoFinalRename(true)
+		}
+	}
+
+}
+
+func findTaildropDir(dg distro.Distro) (string, error) {
+	const name = "Taildrop"
+	switch dg {
+	case distro.Synology:
+		return findSynologyTaildropDir(name)
+	case distro.TrueNAS:
+		return findTrueNASTaildropDir(name)
+	case distro.QNAP:
+		return findQnapTaildropDir(name)
+	}
+	return "", fmt.Errorf("%s is an unsupported distro for Taildrop dir", dg)
+}
+
+// findSynologyTaildropDir looks for the first volume containing a
+// "Taildrop" directory.  We'd run "synoshare --get Taildrop" command
+// but on DSM7 at least, we lack permissions to run that.
+func findSynologyTaildropDir(name string) (dir string, err error) {
+	for i := 1; i <= 16; i++ {
+		dir = fmt.Sprintf("/volume%v/%s", i, name)
+		if fi, err := os.Stat(dir); err == nil && fi.IsDir() {
+			return dir, nil
+		}
+	}
+	return "", fmt.Errorf("shared folder %q not found", name)
+}
+
+// findTrueNASTaildropDir returns the first matching directory of
+// /mnt/{name} or /mnt/*/{name}
+func findTrueNASTaildropDir(name string) (dir string, err error) {
+	// If we're running in a jail, a mount point could just be added at /mnt/Taildrop
+	dir = fmt.Sprintf("/mnt/%s", name)
+	if fi, err := os.Stat(dir); err == nil && fi.IsDir() {
+		return dir, nil
+	}
+
+	// but if running on the host, it may be something like /mnt/Primary/Taildrop
+	fis, err := os.ReadDir("/mnt")
+	if err != nil {
+		return "", fmt.Errorf("error reading /mnt: %w", err)
+	}
+	for _, fi := range fis {
+		dir = fmt.Sprintf("/mnt/%s/%s", fi.Name(), name)
+		if fi, err := os.Stat(dir); err == nil && fi.IsDir() {
+			return dir, nil
+		}
+	}
+	return "", fmt.Errorf("shared folder %q not found", name)
+}
+
+// findQnapTaildropDir checks if a Shared Folder named "Taildrop" exists.
+func findQnapTaildropDir(name string) (string, error) {
+	dir := fmt.Sprintf("/share/%s", name)
+	fi, err := os.Stat(dir)
+	if err != nil {
+		return "", fmt.Errorf("shared folder %q not found", name)
+	}
+	if fi.IsDir() {
+		return dir, nil
+	}
+
+	// share/Taildrop is usually a symlink to CACHEDEV1_DATA/Taildrop/ or some such.
+	fullpath, err := filepath.EvalSymlinks(dir)
+	if err != nil {
+		return "", fmt.Errorf("symlink to shared folder %q not found", name)
+	}
+	if fi, err = os.Stat(fullpath); err == nil && fi.IsDir() {
+		return dir, nil // return the symlink, how QNAP set it up
+	}
+	return "", fmt.Errorf("shared folder %q not found", name)
+}

cmd/tailscaled/tailscaled.go

@@ -33,11 +33,13 @@ import (
 	"tailscale.com/cmd/tailscaled/childproc"
 	"tailscale.com/control/controlclient"
 	"tailscale.com/envknob"
+	"tailscale.com/ipn/ipnlocal"
 	"tailscale.com/ipn/ipnserver"
 	"tailscale.com/ipn/store"
 	"tailscale.com/logpolicy"
 	"tailscale.com/logtail"
 	"tailscale.com/net/dns"
+	"tailscale.com/net/dnsfallback"
 	"tailscale.com/net/netns"
 	"tailscale.com/net/proxymux"
 	"tailscale.com/net/socks5"
@@ -45,6 +47,7 @@ import (
 	"tailscale.com/net/tstun"
 	"tailscale.com/paths"
 	"tailscale.com/safesocket"
+	"tailscale.com/smallzstd"
 	"tailscale.com/tsweb"
 	"tailscale.com/types/flagtype"
 	"tailscale.com/types/logger"
@@ -273,7 +276,21 @@ func statePathOrDefault() string {
 	return ""
 }
 
-func ipnServerOpts() (o ipnserver.Options) {
+// serverOptions is the configuration of the Tailscale node agent.
+type serverOptions struct {
+	// VarRoot is the Tailscale daemon's private writable
+	// directory (usually "/var/lib/tailscale" on Linux) that
+	// contains the "tailscaled.state" file, the "certs" directory
+	// for TLS certs, and the "files" directory for incoming
+	// Taildrop files before they're moved to a user directory.
+	// If empty, Taildrop and TLS certs don't function.
+	VarRoot string
+
+	// LoginFlags specifies the LoginFlags to pass to the client.
+	LoginFlags controlclient.LoginFlags
+}
+
+func ipnServerOpts() (o serverOptions) {
 	goos := envknob.GOOS()
 
 	o.VarRoot = args.statedir
@@ -297,9 +314,6 @@ func ipnServerOpts() (o ipnserver.Options) {
 		// TODO(bradfitz): if we start using browser LocalStorage
 		// or something, then rethink this.
 		o.LoginFlags = controlclient.LoginEphemeral
-		fallthrough
-	default:
-		o.SurviveDisconnects = true
 	case "windows":
 		// Not those.
 	}
@@ -445,11 +459,24 @@ func run() error {
 	if err != nil {
 		return fmt.Errorf("store.New: %w", err)
 	}
-	srv, err := ipnserver.New(logf, pol.PublicID.String(), store, e, dialer, opts)
+	logid := pol.PublicID.String()
+
+	lb, err := ipnlocal.NewLocalBackend(logf, logid, store, "", dialer, e, opts.LoginFlags)
 	if err != nil {
-		return fmt.Errorf("ipnserver.New: %w", err)
+		return fmt.Errorf("ipnlocal.NewLocalBackend: %w", err)
 	}
-	ns.SetLocalBackend(srv.LocalBackend())
+	lb.SetVarRoot(opts.VarRoot)
+	if root := lb.TailscaleVarRoot(); root != "" {
+		dnsfallback.SetCachePath(filepath.Join(root, "derpmap.cached.json"))
+	}
+	lb.SetDecompressor(func() (controlclient.Decompressor, error) {
+		return smallzstd.NewDecoder(nil)
+	})
+	configureTaildrop(logf, lb)
+
+	srv := ipnserver.New(logf, logid)
+	srv.SetLocalBackend(lb)
+	ns.SetLocalBackend(lb)
 	if err := ns.Start(); err != nil {
 		log.Fatalf("failed to start netstack: %v", err)
 	}

cmd/tailscaled/tailscaled_windows.go

@@ -31,6 +31,7 @@ import (
 	"os"
 	"os/exec"
 	"os/signal"
+	"path/filepath"
 	"sync"
 	"syscall"
 	"time"
@@ -40,16 +41,20 @@ import (
 	"golang.org/x/sys/windows/svc"
 	"golang.org/x/sys/windows/svc/eventlog"
 	"golang.zx2c4.com/wireguard/windows/tunnel/winipcfg"
+	"tailscale.com/control/controlclient"
 	"tailscale.com/envknob"
 	"tailscale.com/ipn"
+	"tailscale.com/ipn/ipnlocal"
 	"tailscale.com/ipn/ipnserver"
 	"tailscale.com/ipn/store"
 	"tailscale.com/logpolicy"
 	"tailscale.com/logtail/backoff"
 	"tailscale.com/net/dns"
+	"tailscale.com/net/dnsfallback"
 	"tailscale.com/net/tsdial"
 	"tailscale.com/net/tstun"
 	"tailscale.com/safesocket"
+	"tailscale.com/smallzstd"
 	"tailscale.com/types/logger"
 	"tailscale.com/util/winutil"
 	"tailscale.com/version"
@@ -609,7 +614,7 @@ func (ln *listenerWithReadyConn) Accept() (net.Conn, error) {
 //
 // This works around issues on Windows with the wgengine.Engine/wintun creation
 // failing or hanging. See https://github.com/tailscale/tailscale/issues/6522.
-func ipnServerRunWithRetries(ctx context.Context, logf logger.Logf, ln net.Listener, store ipn.StateStore, linkMon *monitor.Mon, dialer *tsdial.Dialer, logid string, getEngine func() (wgengine.Engine, *netstack.Impl, error), opts ipnserver.Options) error {
+func ipnServerRunWithRetries(ctx context.Context, logf logger.Logf, ln net.Listener, store ipn.StateStore, linkMon *monitor.Mon, dialer *tsdial.Dialer, logid string, getEngine func() (wgengine.Engine, *netstack.Impl, error), opts serverOptions) error {
 	getEngine = getEngineUntilItWorksWrapper(getEngine)
 	runDone := make(chan struct{})
 	defer close(runDone)
@@ -662,12 +667,23 @@ func ipnServerRunWithRetries(ctx context.Context, logf logger.Logf, ln net.Liste
 		}
 	}
 
-	server, err := ipnserver.New(logf, logid, store, eng, dialer, opts)
+	server := ipnserver.New(logf, logid)
+
+	lb, err := ipnlocal.NewLocalBackend(logf, logid, store, "", dialer, eng, opts.LoginFlags)
 	if err != nil {
-		return err
+		return fmt.Errorf("ipnlocal.NewLocalBackend: %w", err)
 	}
+	lb.SetVarRoot(opts.VarRoot)
+	if root := lb.TailscaleVarRoot(); root != "" {
+		dnsfallback.SetCachePath(filepath.Join(root, "derpmap.cached.json"))
+	}
+	lb.SetDecompressor(func() (controlclient.Decompressor, error) {
+		return smallzstd.NewDecoder(nil)
+	})
+
+	server.SetLocalBackend(lb)
 	if ns != nil {
-		ns.SetLocalBackend(server.LocalBackend())
+		ns.SetLocalBackend(lb)
 	}
 	return server.Run(ctx, ln)
 }

cmd/tsconnect/wasm/wasm_js.go

@@ -36,6 +36,7 @@ import (
 	"tailscale.com/net/netns"
 	"tailscale.com/net/tsdial"
 	"tailscale.com/safesocket"
+	"tailscale.com/smallzstd"
 	"tailscale.com/tailcfg"
 	"tailscale.com/wgengine"
 	"tailscale.com/wgengine/netstack"
@@ -124,15 +125,17 @@ func newIPN(jsConfig js.Value) map[string]any {
 		return ns.DialContextTCP(ctx, dst)
 	}
 
-	srv, err := ipnserver.New(logf, lpc.PublicID.String(), store, eng, dialer, ipnserver.Options{
-		SurviveDisconnects: true,
-		LoginFlags:         controlclient.LoginEphemeral,
-		AutostartStateKey:  "wasm",
-	})
+	logid := lpc.PublicID.String()
+	srv := ipnserver.New(logf, logid)
+
+	lb, err := ipnlocal.NewLocalBackend(logf, logid, store, "wasm", dialer, eng, controlclient.LoginEphemeral)
 	if err != nil {
-		log.Fatalf("ipnserver.New: %v", err)
+		log.Fatalf("ipnlocal.NewLocalBackend: %v", err)
 	}
-	lb := srv.LocalBackend()
+	lb.SetDecompressor(func() (controlclient.Decompressor, error) {
+		return smallzstd.NewDecoder(nil)
+	})
+	srv.SetLocalBackend(lb)
 	ns.SetLocalBackend(lb)
 
 	jsIPN := &jsIPN{