coder
diff --git a/‎.vscode/settings.json
Lines changed: 4 additions & 8 deletions b/‎.vscode/settings.json
Lines changed: 4 additions & 8 deletions
diff --git a/‎agent/agent.go
Lines changed: 117 additions & 31 deletions b/‎agent/agent.go
Lines changed: 117 additions & 31 deletions
@@ -33,6 +33,7 @@
     "enablements",
     "errgroup",
     "eventsourcemock",
+    "Failf",
     "fatih",
     "Formik",
     "gitauth",
@@ -127,6 +128,7 @@
     "tfplan",
     "tfstate",
     "tios",
+    "tmpdir",
     "tparallel",
     "trialer",
     "trimprefix",
@@ -160,10 +162,7 @@
     "xstate",
     "yamux"
   ],
-  "cSpell.ignorePaths": [
-    "site/package.json",
-    ".vscode/settings.json"
-  ],
+  "cSpell.ignorePaths": ["site/package.json", ".vscode/settings.json"],
   "emeraldwalk.runonsave": {
     "commands": [
       {
@@ -195,10 +194,7 @@
   // To reduce redundancy in tests, it's covered by other packages.
   // Since package coverage pairing can't be defined, all packages cover
   // all other packages.
-  "go.testFlags": [
-    "-short",
-    "-coverpkg=./..."
-  ],
+  "go.testFlags": ["-short", "-coverpkg=./..."],
   // We often use a version of TypeScript that's ahead of the version shipped
   // with VS Code.
   "typescript.tsdk": "./site/node_modules/typescript/lib"
 
@@ -1,6 +1,7 @@
 package agent
 
 import (
+	"bufio"
 	"context"
 	"crypto/rand"
 	"crypto/rsa"
@@ -32,6 +33,7 @@ import (
 	"golang.org/x/xerrors"
 	"tailscale.com/net/speedtest"
 	"tailscale.com/tailcfg"
+	"tailscale.com/types/netlogtype"
 
 	"cdr.dev/slog"
 	"github.com/coder/coder/agent/usershell"
@@ -98,7 +100,6 @@ func New(options Options) io.Closer {
 		exchangeToken:          options.ExchangeToken,
 		filesystem:             options.Filesystem,
 		tempDir:                options.TempDir,
-		stats:                  &Stats{},
 	}
 	server.init(ctx)
 	return server
@@ -126,7 +127,6 @@ type agent struct {
 	sshServer    *ssh.Server
 
 	network *tailnet.Conn
-	stats   *Stats
 }
 
 // runLoop attempts to start the agent in a retry loop.
@@ -238,22 +238,16 @@ func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (*t
 		return nil, xerrors.New("closed")
 	}
 	network, err := tailnet.NewConn(&tailnet.Options{
-		Addresses: []netip.Prefix{netip.PrefixFrom(codersdk.TailnetIP, 128)},
-		DERPMap:   derpMap,
-		Logger:    a.logger.Named("tailnet"),
+		Addresses:          []netip.Prefix{netip.PrefixFrom(codersdk.TailnetIP, 128)},
+		DERPMap:            derpMap,
+		Logger:             a.logger.Named("tailnet"),
+		EnableTrafficStats: true,
 	})
 	if err != nil {
 		a.closeMutex.Unlock()
 		return nil, xerrors.Errorf("create tailnet: %w", err)
 	}
 	a.network = network
-	network.SetForwardTCPCallback(func(conn net.Conn, listenerExists bool) net.Conn {
-		if listenerExists {
-			// If a listener already exists, we would double-wrap the conn.
-			return conn
-		}
-		return a.stats.wrapConn(conn)
-	})
 	a.connCloseWait.Add(4)
 	a.closeMutex.Unlock()
 
@@ -268,7 +262,7 @@ func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (*t
 			if err != nil {
 				return
 			}
-			go a.sshServer.HandleConn(a.stats.wrapConn(conn))
+			go a.sshServer.HandleConn(conn)
 		}
 	}()
 
@@ -284,7 +278,6 @@ func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (*t
 				a.logger.Debug(ctx, "accept pty failed", slog.Error(err))
 				return
 			}
-			conn = a.stats.wrapConn(conn)
 			// This cannot use a JSON decoder, since that can
 			// buffer additional data that is required for the PTY.
 			rawLen := make([]byte, 2)
@@ -487,12 +480,11 @@ func (a *agent) init(ctx context.Context) {
 				var opts []sftp.ServerOption
 				// Change current working directory to the users home
 				// directory so that SFTP connections land there.
-				// https://github.com/coder/coder/issues/3620
-				u, err := user.Current()
+				homedir, err := userHomeDir()
 				if err != nil {
-					sshLogger.Warn(ctx, "get sftp working directory failed, unable to get current user", slog.Error(err))
+					sshLogger.Warn(ctx, "get sftp working directory failed, unable to get home dir", slog.Error(err))
 				} else {
-					opts = append(opts, sftp.WithServerWorkingDirectory(u.HomeDir))
+					opts = append(opts, sftp.WithServerWorkingDirectory(homedir))
 				}
 
 				server, err := sftp.NewServer(session, opts...)
@@ -523,7 +515,13 @@ func (a *agent) init(ctx context.Context) {
 
 	go a.runLoop(ctx)
 	cl, err := a.client.AgentReportStats(ctx, a.logger, func() *codersdk.AgentStats {
-		return a.stats.Copy()
+		stats := map[netlogtype.Connection]netlogtype.Counts{}
+		a.closeMutex.Lock()
+		if a.network != nil {
+			stats = a.network.ExtractTrafficStats()
+		}
+		a.closeMutex.Unlock()
+		return convertAgentStats(stats)
 	})
 	if err != nil {
 		a.logger.Error(ctx, "report stats", slog.Error(err))
@@ -537,6 +535,23 @@ func (a *agent) init(ctx context.Context) {
 	}()
 }
 
+func convertAgentStats(counts map[netlogtype.Connection]netlogtype.Counts) *codersdk.AgentStats {
+	stats := &codersdk.AgentStats{
+		ConnsByProto: map[string]int64{},
+		NumConns:     int64(len(counts)),
+	}
+
+	for conn, count := range counts {
+		stats.ConnsByProto[conn.Proto.String()]++
+		stats.RxPackets += int64(count.RxPackets)
+		stats.RxBytes += int64(count.RxBytes)
+		stats.TxPackets += int64(count.TxPackets)
+		stats.TxBytes += int64(count.TxBytes)
+	}
+
+	return stats
+}
+
 // createCommand processes raw command input with OpenSSH-like behavior.
 // If the rawCommand provided is empty, it will default to the users shell.
 // This injects environment variables specified by the user at launch too.
@@ -583,8 +598,12 @@ func (a *agent) createCommand(ctx context.Context, rawCommand string, env []stri
 	cmd := exec.CommandContext(ctx, shell, args...)
 	cmd.Dir = metadata.Directory
 	if cmd.Dir == "" {
-		// Default to $HOME if a directory is not set!
-		cmd.Dir = os.Getenv("HOME")
+		// Default to user home if a directory is not set.
+		homedir, err := userHomeDir()
+		if err != nil {
+			return nil, xerrors.Errorf("get home dir: %w", err)
+		}
+		cmd.Dir = homedir
 	}
 	cmd.Env = append(os.Environ(), env...)
 	executablePath, err := os.Executable()
@@ -660,6 +679,18 @@ func (a *agent) handleSSHSession(session ssh.Session) (retErr error) {
 		// See https://github.com/coder/coder/issues/3371.
 		session.DisablePTYEmulation()
 
+		if !isQuietLogin(session.RawCommand()) {
+			metadata, ok := a.metadata.Load().(codersdk.WorkspaceAgentMetadata)
+			if ok {
+				err = showMOTD(session, metadata.MOTDFile)
+				if err != nil {
+					a.logger.Error(ctx, "show MOTD", slog.Error(err))
+				}
+			} else {
+				a.logger.Warn(ctx, "metadata lookup failed, unable to show MOTD")
+			}
+		}
+
 		cmd.Env = append(cmd.Env, fmt.Sprintf("TERM=%s", sshPty.Term))
 
 		// The pty package sets `SSH_TTY` on supported platforms.
@@ -985,19 +1016,74 @@ func Bicopy(ctx context.Context, c1, c2 io.ReadWriteCloser) {
 	}
 }
 
-// ExpandRelativeHomePath expands the tilde at the beginning of a path to the
-// current user's home directory and returns a full absolute path.
-func ExpandRelativeHomePath(in string) (string, error) {
-	usr, err := user.Current()
+// isQuietLogin checks if the SSH server should perform a quiet login or not.
+//
+// https://github.com/openssh/openssh-portable/blob/25bd659cc72268f2858c5415740c442ee950049f/session.c#L816
+func isQuietLogin(rawCommand string) bool {
+	// We are always quiet unless this is a login shell.
+	if len(rawCommand) != 0 {
+		return true
+	}
+
+	// Best effort, if we can't get the home directory,
+	// we can't lookup .hushlogin.
+	homedir, err := userHomeDir()
 	if err != nil {
-		return "", xerrors.Errorf("get current user details: %w", err)
+		return false
+	}
+
+	_, err = os.Stat(filepath.Join(homedir, ".hushlogin"))
+	return err == nil
+}
+
+// showMOTD will output the message of the day from
+// the given filename to dest, if the file exists.
+//
+// https://github.com/openssh/openssh-portable/blob/25bd659cc72268f2858c5415740c442ee950049f/session.c#L784
+func showMOTD(dest io.Writer, filename string) error {
+	if filename == "" {
+		return nil
+	}
+
+	f, err := os.Open(filename)
+	if err != nil {
+		if xerrors.Is(err, os.ErrNotExist) {
+			// This is not an error, there simply isn't a MOTD to show.
+			return nil
+		}
+		return xerrors.Errorf("open MOTD: %w", err)
 	}
+	defer f.Close()
 
-	if in == "~" {
-		in = usr.HomeDir
-	} else if strings.HasPrefix(in, "~/") {
-		in = filepath.Join(usr.HomeDir, in[2:])
+	s := bufio.NewScanner(f)
+	for s.Scan() {
+		// Carriage return ensures each line starts
+		// at the beginning of the terminal.
+		_, err = fmt.Fprint(dest, s.Text()+"\r\n")
+		if err != nil {
+			return xerrors.Errorf("write MOTD: %w", err)
+		}
+	}
+	if err := s.Err(); err != nil {
+		return xerrors.Errorf("read MOTD: %w", err)
+	}
+
+	return nil
+}
+
+// userHomeDir returns the home directory of the current user, giving
+// priority to the $HOME environment variable.
+func userHomeDir() (string, error) {
+	// First we check the environment.
+	homedir, err := os.UserHomeDir()
+	if err == nil {
+		return homedir, nil
 	}
 
-	return filepath.Abs(in)
+	// As a fallback, we try the user information.
+	u, err := user.Current()
+	if err != nil {
+		return "", xerrors.Errorf("current user: %w", err)
+	}
+	return u.HomeDir, nil
 }