some stuff

coadler · coadler · commit c85a6e9387ea · 2022-06-22T16:17:37.000-05:00
diff --git a/agent/agent.go b/agent/agent.go
@@ -70,7 +70,7 @@ type PublicKeys struct {
 
 type Dialer func(ctx context.Context, logger slog.Logger) (Metadata, *peerbroker.Listener, error)
 type PostKeys func(ctx context.Context, keys PublicKeys) error
-type ListenWireguardPeers func(ctx context.Context, logger slog.Logger) (<-chan *peerwg.WireguardPeerMessage, func(), error)
+type ListenWireguardPeers func(ctx context.Context, logger slog.Logger) (<-chan peerwg.WireguardPeerMessage, func(), error)
 
 func New(dialer Dialer, options *Options) io.Closer {
 	if options == nil {
diff --git a/agent/wireguard.go b/agent/wireguard.go
@@ -13,6 +13,7 @@ import (
 func (a *agent) startWireguard(ctx context.Context, addrs []netaddr.IPPrefix) error {
 	if a.wg != nil {
 		_ = a.wg.Close()
+		a.wg = nil
 	}
 
 	if !a.enableWireguard {
@@ -46,12 +47,12 @@ func (a *agent) startWireguard(ctx context.Context, addrs []netaddr.IPPrefix) er
 			}
 
 			for {
-				peer := <-ch
-				if peer == nil {
+				peer, ok := <-ch
+				if !ok {
 					break
 				}
 
-				err := wg.AddPeer(*peer)
+				err := wg.AddPeer(peer)
 				a.logger.Info(ctx, "added wireguard peer", slog.F("peer", peer.Public.ShortString()), slog.Error(err))
 			}
 
diff --git a/cli/wireguardtunnel.go b/cli/wireguardtunnel.go
@@ -34,6 +34,7 @@ func wireguardPortForward() *cobra.Command {
 		Use:     "wireguard-port-forward <workspace>",
 		Aliases: []string{"wireguard-tunnel"},
 		Args:    cobra.ExactArgs(1),
+		Hidden:  true,
 		Example: `
   - Port forward a single TCP port from 1234 in the workspace to port 5678 on
     your local machine
diff --git a/coderd/devtunnel/tunnel.go b/coderd/devtunnel/tunnel.go
@@ -26,7 +26,6 @@ import (
 )
 
 const (
-	Proto             = "https"
 	EndpointWireguard = "wg-tunnel-udp.coder.app"
 	EndpointHTTPS     = "wg-tunnel.coder.app"
 
@@ -111,7 +110,7 @@ allowed_ip=%s/128`,
 	}()
 
 	return &Tunnel{
-		URL:      fmt.Sprintf("%s://%s.%s", Proto, cfg.ID, EndpointHTTPS),
+		URL:      fmt.Sprintf("https://%s.%s", cfg.ID, EndpointHTTPS),
 		Listener: wgListen,
 	}, ch, nil
 }
@@ -166,7 +165,7 @@ func sendConfigToServer(ctx context.Context, cfg Config) (created bool, err erro
 		return false, xerrors.Errorf("marshal config: %w", err)
 	}
 
-	req, err := http.NewRequestWithContext(ctx, "POST", Proto+"://"+EndpointHTTPS+"/tun", bytes.NewReader(raw))
+	req, err := http.NewRequestWithContext(ctx, "POST", "https://"+EndpointHTTPS+"/tun", bytes.NewReader(raw))
 	if err != nil {
 		return false, xerrors.Errorf("new request: %w", err)
 	}
diff --git a/codersdk/workspaceagents.go b/codersdk/workspaceagents.go
@@ -275,7 +275,7 @@ func (c *Client) PostWireguardPeer(ctx context.Context, workspaceID uuid.UUID, p
 // WireguardPeerListener listens for wireguard peer messages. Peer messages are
 // sent when a new client wants to connect. Once receiving a peer message, the
 // peer should be added to the NetworkMap of the wireguard interface.
-func (c *Client) WireguardPeerListener(ctx context.Context, logger slog.Logger) (<-chan *peerwg.WireguardPeerMessage, func(), error) {
+func (c *Client) WireguardPeerListener(ctx context.Context, logger slog.Logger) (<-chan peerwg.WireguardPeerMessage, func(), error) {
 	serverURL, err := c.URL.Parse("/api/v2/workspaceagents/me/wireguardlisten")
 	if err != nil {
 		return nil, nil, xerrors.Errorf("parse url: %w", err)
@@ -304,7 +304,7 @@ func (c *Client) WireguardPeerListener(ctx context.Context, logger slog.Logger)
 		return nil, nil, readBodyAsError(res)
 	}
 
-	ch := make(chan *peerwg.WireguardPeerMessage, 1)
+	ch := make(chan peerwg.WireguardPeerMessage, 1)
 	go func() {
 		defer conn.Close(websocket.StatusGoingAway, "")
 		defer close(ch)
@@ -322,7 +322,7 @@ func (c *Client) WireguardPeerListener(ctx context.Context, logger slog.Logger)
 				continue
 			}
 
-			ch <- &msg
+			ch <- msg
 		}
 	}()
 
diff --git a/peer/peerwg/peermessage.go b/peer/peerwg/peermessage.go
@@ -29,7 +29,7 @@ type WireguardPeerMessage struct {
 // WireguardPeerMessage to quickly determine if the message is meant for the
 // provided agentID.
 func WireguardPeerMessageRecipientHint(agentID []byte, msg []byte) (bool, error) {
-	idx := bytes.Index(msg, []byte{10})
+	idx := bytes.Index(msg, []byte{peerMessageSeparator})
 	if idx == -1 {
 		return false, xerrors.Errorf("invalid peer message, no separator")
 	}
diff --git a/peer/peerwg/wireguard.go b/peer/peerwg/wireguard.go
@@ -36,12 +36,7 @@ import (
 )
 
 func UUIDToInet(uid uuid.UUID) pqtype.Inet {
-	uid[0] = 0xfd
-	uid[1] = 0x7a
-	uid[2] = 0x11
-	uid[3] = 0x5c
-	uid[4] = 0xa1
-	uid[5] = 0xe0
+	uid = privateUUID(uid)
 
 	return pqtype.Inet{
 		Valid: true,
@@ -53,15 +48,19 @@ func UUIDToInet(uid uuid.UUID) pqtype.Inet {
 }
 
 func UUIDToNetaddr(uid uuid.UUID) netaddr.IP {
+	return netaddr.IPFrom16(privateUUID(uid))
+}
+
+// privateUUID sets the uid to have the tailscale private ipv6 prefix.
+func privateUUID(uid uuid.UUID) uuid.UUID {
 	// fd7a:115c:a1e0
 	uid[0] = 0xfd
 	uid[1] = 0x7a
 	uid[2] = 0x11
 	uid[3] = 0x5c
 	uid[4] = 0xa1
 	uid[5] = 0xe0
-
-	return netaddr.IPFrom16(uid)
+	return uid
 }
 
 var logf tslogger.Logf = log.Printf

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@ import (`
`13`	`13`	`func (a *agent) startWireguard(ctx context.Context, addrs []netaddr.IPPrefix) error {`
`14`	`14`	`if a.wg != nil {`
`15`	`15`	`_ = a.wg.Close()`
	`16`	`+ a.wg = nil`
`16`	`17`	`}`
`17`	`18`
`18`	`19`	`if !a.enableWireguard {`
`@@ -46,12 +47,12 @@ func (a *agent) startWireguard(ctx context.Context, addrs []netaddr.IPPrefix) er`
`46`	`47`	`}`
`47`	`48`
`48`	`49`	`for {`
`49`		`- peer := <-ch`
`50`		`- if peer == nil {`
	`50`	`+ peer, ok := <-ch`
	`51`	`+ if !ok {`
`51`	`52`	`break`
`52`	`53`	`}`
`53`	`54`
`54`		`- err := wg.AddPeer(*peer)`
	`55`	`+ err := wg.AddPeer(peer)`
`55`	`56`	`a.logger.Info(ctx, "added wireguard peer", slog.F("peer", peer.Public.ShortString()), slog.Error(err))`
`56`	`57`	`}`
`57`	`58`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,6 @@ import (`
`26`	`26`	`)`
`27`	`27`
`28`	`28`	`const (`
`29`		`- Proto = "https"`
`30`	`29`	`EndpointWireguard = "wg-tunnel-udp.coder.app"`
`31`	`30`	`EndpointHTTPS = "wg-tunnel.coder.app"`
`32`	`31`
@@ -111,7 +110,7 @@ allowed_ip=%s/128`,
`111`	`110`	`}()`
`112`	`111`
`113`	`112`	`return &Tunnel{`
`114`		`- URL: fmt.Sprintf("%s://%s.%s", Proto, cfg.ID, EndpointHTTPS),`
	`113`	`+ URL: fmt.Sprintf("https://%s.%s", cfg.ID, EndpointHTTPS),`
`115`	`114`	`Listener: wgListen,`
`116`	`115`	`}, ch, nil`
`117`	`116`	`}`
`@@ -166,7 +165,7 @@ func sendConfigToServer(ctx context.Context, cfg Config) (created bool, err erro`
`166`	`165`	`return false, xerrors.Errorf("marshal config: %w", err)`
`167`	`166`	`}`
`168`	`167`
`169`		`- req, err := http.NewRequestWithContext(ctx, "POST", Proto+"://"+EndpointHTTPS+"/tun", bytes.NewReader(raw))`
	`168`	`+ req, err := http.NewRequestWithContext(ctx, "POST", "https://"+EndpointHTTPS+"/tun", bytes.NewReader(raw))`
`170`	`169`	`if err != nil {`
`171`	`170`	`return false, xerrors.Errorf("new request: %w", err)`
`172`	`171`	`}`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ type WireguardPeerMessage struct {`
`29`	`29`	`// WireguardPeerMessage to quickly determine if the message is meant for the`
`30`	`30`	`// provided agentID.`
`31`	`31`	`func WireguardPeerMessageRecipientHint(agentID []byte, msg []byte) (bool, error) {`
`32`		`- idx := bytes.Index(msg, []byte{10})`
	`32`	`+ idx := bytes.Index(msg, []byte{peerMessageSeparator})`
`33`	`33`	`if idx == -1 {`
`34`	`34`	`return false, xerrors.Errorf("invalid peer message, no separator")`
`35`	`35`	`}`