Add DERP meshing to arbitrary addresses

kylecarbs · kylecarbs · commit 7dc968c52313 · 2022-10-12T17:53:00.000Z
diff --git a/enterprise/derpmesh/derpmesh.go b/enterprise/derpmesh/derpmesh.go
@@ -0,0 +1,124 @@
+package derpmesh
+
+import (
+	"context"
+	"sync"
+
+	"golang.org/x/xerrors"
+	"tailscale.com/derp"
+	"tailscale.com/derp/derphttp"
+	"tailscale.com/types/key"
+
+	"github.com/coder/coder/tailnet"
+
+	"cdr.dev/slog"
+)
+
+func New(logger slog.Logger, server *derp.Server) *Mesh {
+	return &Mesh{
+		logger: logger,
+		server: server,
+		ctx:    context.Background(),
+		closed: make(chan struct{}),
+		active: make(map[string]context.CancelFunc),
+	}
+}
+
+type Mesh struct {
+	logger slog.Logger
+	server *derp.Server
+	ctx    context.Context
+
+	mutex  sync.Mutex
+	closed chan struct{}
+	active map[string]context.CancelFunc
+}
+
+// SetAddresses performs a diff of the incoming addresses and adds
+// or removes DERP clients from the mesh.
+func (m *Mesh) SetAddresses(addresses []string) {
+	total := make(map[string]struct{}, 0)
+	for _, address := range addresses {
+		total[address] = struct{}{}
+		added, err := m.addAddress(address)
+		if err != nil {
+			m.logger.Error(m.ctx, "failed to add address", slog.F("address", address), slog.Error(err))
+			continue
+		}
+		if added {
+			m.logger.Debug(m.ctx, "added mesh address", slog.F("address", address))
+		}
+	}
+
+	m.mutex.Lock()
+	for address := range m.active {
+		_, found := total[address]
+		if found {
+			continue
+		}
+		removed := m.removeAddress(address)
+		if removed {
+			m.logger.Debug(m.ctx, "removed mesh address", slog.F("address", address))
+		}
+	}
+	m.mutex.Unlock()
+}
+
+// addAddress begins meshing with a new address.
+// It's expected that this is a full HTTP address with a path.
+// e.g. http://127.0.0.1:8080/derp
+func (m *Mesh) addAddress(address string) (bool, error) {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+	_, isActive := m.active[address]
+	if isActive {
+		return false, nil
+	}
+	client, err := derphttp.NewClient(m.server.PrivateKey(), address, tailnet.Logger(m.logger))
+	if err != nil {
+		return false, xerrors.Errorf("create derp client: %w", err)
+	}
+	client.MeshKey = m.server.MeshKey()
+	ctx, cancelFunc := context.WithCancel(m.ctx)
+	closed := make(chan struct{})
+	closeFunc := func() {
+		cancelFunc()
+		_ = client.Close()
+		<-closed
+	}
+	m.active[address] = closeFunc
+	go func() {
+		defer close(closed)
+		client.RunWatchConnectionLoop(ctx, m.server.PublicKey(), tailnet.Logger(m.logger), func(np key.NodePublic) {
+			m.server.AddPacketForwarder(np, client)
+		}, func(np key.NodePublic) {
+			m.server.RemovePacketForwarder(np, client)
+		})
+	}()
+	return true, nil
+}
+
+// removeAddress stops meshing with a given address.
+func (m *Mesh) removeAddress(address string) bool {
+	cancelFunc, isActive := m.active[address]
+	if isActive {
+		cancelFunc()
+	}
+	return isActive
+}
+
+// Close ends all active meshes with the DERP server.
+func (m *Mesh) Close() error {
+	m.mutex.Lock()
+	defer m.mutex.Unlock()
+	select {
+	case <-m.closed:
+		return nil
+	default:
+	}
+	close(m.closed)
+	for _, cancelFunc := range m.active {
+		cancelFunc()
+	}
+	return nil
+}
diff --git a/enterprise/derpmesh/derpmesh_test.go b/enterprise/derpmesh/derpmesh_test.go
@@ -0,0 +1,146 @@
+package derpmesh_test
+
+import (
+	"context"
+	"errors"
+	"io"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.uber.org/goleak"
+	"tailscale.com/derp"
+	"tailscale.com/derp/derphttp"
+	"tailscale.com/types/key"
+
+	"cdr.dev/slog"
+	"cdr.dev/slog/sloggers/slogtest"
+	"github.com/coder/coder/enterprise/derpmesh"
+	"github.com/coder/coder/tailnet"
+)
+
+func TestMain(m *testing.M) {
+	goleak.VerifyTestMain(m)
+}
+
+func TestDERPMesh(t *testing.T) {
+	t.Parallel()
+	t.Run("ExchangeMessages", func(t *testing.T) {
+		// This tests messages passing through multiple DERP servers.
+		t.Parallel()
+		firstServer, firstServerURL := startDERP(t)
+		defer firstServer.Close()
+		secondServer, secondServerURL := startDERP(t)
+		firstMesh := derpmesh.New(slogtest.Make(t, nil).Named("first").Leveled(slog.LevelDebug), firstServer)
+		firstMesh.SetAddresses([]string{secondServerURL})
+		secondMesh := derpmesh.New(slogtest.Make(t, nil).Named("second").Leveled(slog.LevelDebug), secondServer)
+		secondMesh.SetAddresses([]string{firstServerURL})
+		defer firstMesh.Close()
+		defer secondMesh.Close()
+
+		first := key.NewNode()
+		second := key.NewNode()
+		firstClient, err := derphttp.NewClient(first, secondServerURL, tailnet.Logger(slogtest.Make(t, nil)))
+		require.NoError(t, err)
+		secondClient, err := derphttp.NewClient(second, firstServerURL, tailnet.Logger(slogtest.Make(t, nil)))
+		require.NoError(t, err)
+		err = secondClient.Connect(context.Background())
+		require.NoError(t, err)
+
+		sent := []byte("hello world")
+		err = firstClient.Send(second.Public(), sent)
+		require.NoError(t, err)
+
+		got := recvData(t, secondClient)
+		require.Equal(t, sent, got)
+	})
+	t.Run("RemoveAddress", func(t *testing.T) {
+		// This tests messages passing through multiple DERP servers.
+		t.Parallel()
+		server, serverURL := startDERP(t)
+		mesh := derpmesh.New(slogtest.Make(t, nil).Named("first").Leveled(slog.LevelDebug), server)
+		mesh.SetAddresses([]string{"http://fake.com"})
+		// This should trigger a removal...
+		mesh.SetAddresses([]string{})
+		defer mesh.Close()
+
+		first := key.NewNode()
+		second := key.NewNode()
+		firstClient, err := derphttp.NewClient(first, serverURL, tailnet.Logger(slogtest.Make(t, nil)))
+		require.NoError(t, err)
+		secondClient, err := derphttp.NewClient(second, serverURL, tailnet.Logger(slogtest.Make(t, nil)))
+		require.NoError(t, err)
+		err = secondClient.Connect(context.Background())
+		require.NoError(t, err)
+		sent := []byte("hello world")
+		err = firstClient.Send(second.Public(), sent)
+		require.NoError(t, err)
+		got := recvData(t, secondClient)
+		require.Equal(t, sent, got)
+	})
+	t.Run("TwentyMeshes", func(t *testing.T) {
+		t.Parallel()
+		meshes := make([]*derpmesh.Mesh, 0, 20)
+		serverURLs := make([]string, 0, 20)
+		for i := 0; i < 20; i++ {
+			server, url := startDERP(t)
+			mesh := derpmesh.New(slogtest.Make(t, nil).Named("mesh").Leveled(slog.LevelDebug), server)
+			t.Cleanup(func() {
+				_ = server.Close()
+				_ = mesh.Close()
+			})
+			serverURLs = append(serverURLs, url)
+			meshes = append(meshes, mesh)
+		}
+		for _, mesh := range meshes {
+			mesh.SetAddresses(serverURLs)
+		}
+
+		first := key.NewNode()
+		second := key.NewNode()
+		firstClient, err := derphttp.NewClient(first, serverURLs[9], tailnet.Logger(slogtest.Make(t, nil)))
+		require.NoError(t, err)
+		secondClient, err := derphttp.NewClient(second, serverURLs[16], tailnet.Logger(slogtest.Make(t, nil)))
+		require.NoError(t, err)
+		err = secondClient.Connect(context.Background())
+		require.NoError(t, err)
+
+		sent := []byte("hello world")
+		err = firstClient.Send(second.Public(), sent)
+		require.NoError(t, err)
+
+		got := recvData(t, secondClient)
+		require.Equal(t, sent, got)
+	})
+}
+
+func recvData(t *testing.T, client *derphttp.Client) []byte {
+	for {
+		msg, err := client.Recv()
+		if errors.Is(err, io.EOF) {
+			return nil
+		}
+		assert.NoError(t, err)
+		t.Logf("derp: %T", msg)
+		switch msg := msg.(type) {
+		case derp.ReceivedPacket:
+			return msg.Data
+		default:
+			// Drop all others!
+		}
+	}
+}
+
+func startDERP(t *testing.T) (*derp.Server, string) {
+	logf := tailnet.Logger(slogtest.Make(t, nil))
+	d := derp.NewServer(key.NewNode(), logf)
+	d.SetMeshKey("some-key")
+	server := httptest.NewUnstartedServer(derphttp.Handler(d))
+	server.Start()
+	t.Cleanup(func() {
+		_ = d.Close()
+	})
+	t.Cleanup(server.Close)
+	return d, server.URL
+}
diff --git a/enterprise/tailmesh/tailmesh.go b/enterprise/tailmesh/tailmesh.go
