coder
diff --git a/‎vpn/client.go
Lines changed: 5 additions & 0 deletions b/‎vpn/client.go
Lines changed: 5 additions & 0 deletions
diff --git a/‎vpn/tunnel.go
Lines changed: 161 additions & 21 deletions b/‎vpn/tunnel.go
Lines changed: 161 additions & 21 deletions
@@ -5,12 +5,15 @@ import (
 	"net/http"
 	"net/netip"
 	"net/url"
+	"time"
 
 	"golang.org/x/xerrors"
 	"nhooyr.io/websocket"
+	"tailscale.com/ipn/ipnstate"
 	"tailscale.com/net/dns"
 	"tailscale.com/wgengine/router"
 
+	"github.com/google/uuid"
 	"github.com/tailscale/wireguard-go/tun"
 
 	"cdr.dev/slog"
@@ -23,6 +26,8 @@ import (
 
 type Conn interface {
 	CurrentWorkspaceState() (tailnet.WorkspaceUpdate, error)
+	GetPeerDiagnostics(peerID uuid.UUID) tailnet.PeerDiagnostics
+	Ping(ctx context.Context, ip netip.Addr) (time.Duration, bool, *ipnstate.PingResult, error)
 	Close() error
 }
 
 
@@ -7,24 +7,36 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/netip"
 	"net/url"
 	"reflect"
 	"strconv"
 	"sync"
+	"time"
 	"unicode"
 
+	"golang.org/x/exp/maps"
 	"golang.org/x/xerrors"
+	"google.golang.org/protobuf/types/known/durationpb"
+	"google.golang.org/protobuf/types/known/timestamppb"
 	"tailscale.com/net/dns"
+	"tailscale.com/util/dnsname"
 	"tailscale.com/wgengine/router"
 
+	"github.com/google/uuid"
+
 	"cdr.dev/slog"
 	"github.com/coder/coder/v2/coderd/util/ptr"
 	"github.com/coder/coder/v2/tailnet"
 )
 
+// The interval at which the tunnel sends network status updates to the manager.
+const netStatusInterval = 30 * time.Second
+
 type Tunnel struct {
 	speaker[*TunnelMessage, *ManagerMessage, ManagerMessage]
 	ctx             context.Context
+	netLoopDone     chan struct{}
 	requestLoopDone chan struct{}
 
 	logger slog.Logger
@@ -35,6 +47,10 @@ type Tunnel struct {
 	client Client
 	conn   Conn
 
+	mu sync.Mutex
+	// agents contains the agents that are currently connected to the tunnel.
+	agents map[uuid.UUID]*tailnet.Agent
+
 	// clientLogger is deliberately separate, to avoid the tunnel using itself
 	// as a sink for it's own logs, which could lead to deadlocks
 	clientLogger slog.Logger
@@ -65,14 +81,17 @@ func NewTunnel(
 		logger:          logger,
 		clientLogger:    slog.Make(),
 		requestLoopDone: make(chan struct{}),
+		netLoopDone:     make(chan struct{}),
 		client:          client,
+		agents:          make(map[uuid.UUID]*tailnet.Agent),
 	}
 
 	for _, opt := range opts {
 		opt(t)
 	}
 	t.speaker.start()
 	go t.requestLoop()
+	go t.netStatusLoop()
 	return t, nil
 }
 
@@ -101,6 +120,20 @@ func (t *Tunnel) requestLoop() {
 	}
 }
 
+func (t *Tunnel) netStatusLoop() {
+	ticker := time.NewTicker(netStatusInterval)
+	defer ticker.Stop()
+	defer close(t.netLoopDone)
+	for {
+		select {
+		case <-t.ctx.Done():
+			return
+		case <-ticker.C:
+			t.sendAgentUpdate()
+		}
+	}
+}
+
 // handleRPC handles unary RPCs from the manager.
 func (t *Tunnel) handleRPC(req *ManagerMessage, msgID uint64) *TunnelMessage {
 	resp := &TunnelMessage{}
@@ -111,8 +144,12 @@ func (t *Tunnel) handleRPC(req *ManagerMessage, msgID uint64) *TunnelMessage {
 		if err != nil {
 			t.logger.Critical(t.ctx, "failed to get current workspace state", slog.Error(err))
 		}
+		update, err := t.createPeerUpdate(state)
+		if err != nil {
+			t.logger.Error(t.ctx, "failed to populate agent network info", slog.Error(err))
+		}
 		resp.Msg = &TunnelMessage_PeerUpdate{
-			PeerUpdate: convertWorkspaceUpdate(state),
+			PeerUpdate: update,
 		}
 		return resp
 	case *ManagerMessage_Start:
@@ -193,9 +230,13 @@ func (t *Tunnel) ApplyNetworkSettings(ctx context.Context, ns *NetworkSettingsRe
 }
 
 func (t *Tunnel) Update(update tailnet.WorkspaceUpdate) error {
+	peerUpdate, err := t.createPeerUpdate(update)
+	if err != nil {
+		t.logger.Error(t.ctx, "failed to populate agent network info", slog.Error(err))
+	}
 	msg := &TunnelMessage{
 		Msg: &TunnelMessage_PeerUpdate{
-			PeerUpdate: convertWorkspaceUpdate(update),
+			PeerUpdate: peerUpdate,
 		},
 	}
 	select {
@@ -292,35 +333,30 @@ func sinkEntryToPb(e slog.SinkEntry) *Log {
 	return l
 }
 
-func convertWorkspaceUpdate(update tailnet.WorkspaceUpdate) *PeerUpdate {
+// createPeerUpdate creates a PeerUpdate message from a workspace update, populating
+// the network status of the agents.
+func (t *Tunnel) createPeerUpdate(update tailnet.WorkspaceUpdate) (*PeerUpdate, error) {
 	out := &PeerUpdate{
 		UpsertedWorkspaces: make([]*Workspace, len(update.UpsertedWorkspaces)),
 		UpsertedAgents:     make([]*Agent, len(update.UpsertedAgents)),
 		DeletedWorkspaces:  make([]*Workspace, len(update.DeletedWorkspaces)),
 		DeletedAgents:      make([]*Agent, len(update.DeletedAgents)),
 	}
+
+	t.saveUpdate(update)
+
 	for i, ws := range update.UpsertedWorkspaces {
 		out.UpsertedWorkspaces[i] = &Workspace{
 			Id:     tailnet.UUIDToByteSlice(ws.ID),
 			Name:   ws.Name,
 			Status: Workspace_Status(ws.Status),
 		}
 	}
-	for i, agent := range update.UpsertedAgents {
-		fqdn := make([]string, 0, len(agent.Hosts))
-		for name := range agent.Hosts {
-			fqdn = append(fqdn, name.WithTrailingDot())
-		}
-		out.UpsertedAgents[i] = &Agent{
-			Id:          tailnet.UUIDToByteSlice(agent.ID),
-			Name:        agent.Name,
-			WorkspaceId: tailnet.UUIDToByteSlice(agent.WorkspaceID),
-			Fqdn:        fqdn,
-			IpAddrs:     []string{tailnet.CoderServicePrefix.AddrFromUUID(agent.ID).String()},
-			// TODO: Populate
-			LastHandshake: nil,
-		}
+	upsertedAgents, err := t.populateAgents(update.UpsertedAgents)
+	if err != nil {
+		return nil, xerrors.Errorf("failed to populate agent network info: %w", err)
 	}
+	out.UpsertedAgents = upsertedAgents
 	for i, ws := range update.DeletedWorkspaces {
 		out.DeletedWorkspaces[i] = &Workspace{
 			Id:     tailnet.UUIDToByteSlice(ws.ID),
@@ -334,16 +370,106 @@ func convertWorkspaceUpdate(update tailnet.WorkspaceUpdate) *PeerUpdate {
 			fqdn = append(fqdn, name.WithTrailingDot())
 		}
 		out.DeletedAgents[i] = &Agent{
+			Id:            tailnet.UUIDToByteSlice(agent.ID),
+			Name:          agent.Name,
+			WorkspaceId:   tailnet.UUIDToByteSlice(agent.WorkspaceID),
+			Fqdn:          fqdn,
+			IpAddrs:       hostsToIPStrings(agent.Hosts),
+			LastHandshake: nil,
+			Latency:       nil,
+		}
+	}
+	return out, nil
+}
+
+// Given a list of agents, populate their network info, and return them as proto agents.
+func (t *Tunnel) populateAgents(agents []*tailnet.Agent) ([]*Agent, error) {
+	if t.conn == nil {
+		return nil, xerrors.New("no active connection")
+	}
+
+	out := make([]*Agent, 0, len(agents))
+	var wg sync.WaitGroup
+	pingCtx, cancelFunc := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancelFunc()
+
+	for _, agent := range agents {
+		fqdn := make([]string, 0, len(agent.Hosts))
+		for name := range agent.Hosts {
+			fqdn = append(fqdn, name.WithTrailingDot())
+		}
+		protoAgent := &Agent{
 			Id:          tailnet.UUIDToByteSlice(agent.ID),
 			Name:        agent.Name,
 			WorkspaceId: tailnet.UUIDToByteSlice(agent.WorkspaceID),
 			Fqdn:        fqdn,
-			IpAddrs:     []string{tailnet.CoderServicePrefix.AddrFromUUID(agent.ID).String()},
-			// TODO: Populate
-			LastHandshake: nil,
+			IpAddrs:     hostsToIPStrings(agent.Hosts),
 		}
+		agentIP := tailnet.CoderServicePrefix.AddrFromUUID(agent.ID)
+		wg.Add(1)
+		go func() {
+			defer wg.Done()
+			duration, _, _, err := t.conn.Ping(pingCtx, agentIP)
+			if err != nil {
+				return
+			}
+			protoAgent.Latency = durationpb.New(duration)
+		}()
+		diags := t.conn.GetPeerDiagnostics(agent.ID)
+		//nolint:revive // outdated rule
+		protoAgent.LastHandshake = timestamppb.New(diags.LastWireguardHandshake)
+		out = append(out, protoAgent)
+	}
+	wg.Wait()
+
+	return out, nil
+}
+
+// saveUpdate saves the workspace update to the tunnel's state, such that it can
+// be used to populate automated peer updates.
+func (t *Tunnel) saveUpdate(update tailnet.WorkspaceUpdate) {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	for _, agent := range update.UpsertedAgents {
+		t.agents[agent.ID] = agent
+	}
+	for _, agent := range update.DeletedAgents {
+		delete(t.agents, agent.ID)
+	}
+}
+
+// sendAgentUpdate sends a peer update message to the manager with the current
+// state of the agents, including the latest network status.
+func (t *Tunnel) sendAgentUpdate() {
+	// The lock must be held until we send the message,
+	// else we risk upserting a deleted agent.
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	upsertedAgents, err := t.populateAgents(maps.Values(t.agents))
+	if err != nil {
+		t.logger.Error(t.ctx, "failed to produce agent network status update", slog.Error(err))
+		return
+	}
+
+	if len(upsertedAgents) == 0 {
+		return
+	}
+
+	msg := &TunnelMessage{
+		Msg: &TunnelMessage_PeerUpdate{
+			PeerUpdate: &PeerUpdate{
+				UpsertedAgents: upsertedAgents,
+			},
+		},
+	}
+
+	select {
+	case <-t.ctx.Done():
+		return
+	case t.sendCh <- msg:
 	}
-	return out
 }
 
 // the following are taken from sloghuman:
@@ -403,3 +529,17 @@ func quote(key string) string {
 	}
 	return quoted
 }
+
+func hostsToIPStrings(hosts map[dnsname.FQDN][]netip.Addr) []string {
+	seen := make(map[netip.Addr]struct{})
+	var result []string
+	for _, inner := range hosts {
+		for _, elem := range inner {
+			if _, exists := seen[elem]; !exists {
+				seen[elem] = struct{}{}
+				result = append(result, elem.String())
+			}
+		}
+	}
+	return result
+}