Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

chore: add Coder service prefix to tailnet#14943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
spikecurtis merged 1 commit intomainfromspike/coder-service-prefix
Oct 4, 2024
Merged
Show file tree
Hide file tree
Changes fromall commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 4 additions & 11 deletionsagent/agent.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -82,7 +82,6 @@ type Options struct {
SSHMaxTimeout time.Duration
TailnetListenPort uint16
Subsystems []codersdk.AgentSubsystem
Addresses []netip.Prefix
PrometheusRegistry *prometheus.Registry
ReportMetadataInterval time.Duration
ServiceBannerRefreshInterval time.Duration
Expand DownExpand Up@@ -180,7 +179,6 @@ func New(options Options) Agent {
announcementBannersRefreshInterval: options.ServiceBannerRefreshInterval,
sshMaxTimeout: options.SSHMaxTimeout,
subsystems: options.Subsystems,
addresses: options.Addresses,
syscaller: options.Syscaller,
modifiedProcs: options.ModifiedProcesses,
processManagementTick: options.ProcessManagementTick,
Expand DownExpand Up@@ -250,7 +248,6 @@ type agent struct {
lifecycleLastReportedIndex int // Keeps track of the last lifecycle state we successfully reported.

network *tailnet.Conn
addresses []netip.Prefix
statsReporter *statsReporter
logSender *agentsdk.LogSender

Expand DownExpand Up@@ -1112,15 +1109,11 @@ func (a *agent) updateCommandEnv(current []string) (updated []string, err error)
return updated, nil
}

func (a *agent) wireguardAddresses(agentID uuid.UUID) []netip.Prefix {
if len(a.addresses) == 0 {
return []netip.Prefix{
// This is the IP that should be used primarily.
netip.PrefixFrom(tailnet.IPFromUUID(agentID), 128),
}
func (*agent) wireguardAddresses(agentID uuid.UUID) []netip.Prefix {
return []netip.Prefix{
// This is the IP that should be used primarily.
tailnet.TailscaleServicePrefix.PrefixFromUUID(agentID),
}

return a.addresses
}

func (a *agent) trackGoroutine(fn func()) error {
Expand Down
4 changes: 2 additions & 2 deletionsagent/agent_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -1880,7 +1880,7 @@ func TestAgent_UpdatedDERP(t *testing.T) {
// Setup a client connection.
newClientConn:=func(derpMap*tailcfg.DERPMap,namestring)*workspacesdk.AgentConn {
conn,err:=tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(),128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
DERPMap:derpMap,
Logger:logger.Named(name),
})
Expand DownExpand Up@@ -2372,7 +2372,7 @@ func setupAgent(t *testing.T, metadata agentsdk.Manifest, ptyTimeout time.Durati
_=agnt.Close()
})
conn,err:=tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(),128)},
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.TailscaleServicePrefix.RandomAddr(),128)},
DERPMap:metadata.DERPMap,
Logger:logger.Named("client"),
})
Expand Down
4 changes: 2 additions & 2 deletionscoderd/coderd_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -83,7 +83,7 @@ func TestDERP(t *testing.T) {
},
},
}
w1IP := tailnet.IP()
w1IP := tailnet.TailscaleServicePrefix.RandomAddr()
w1, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(w1IP, 128)},
Logger: logger.Named("w1"),
Expand All@@ -92,7 +92,7 @@ func TestDERP(t *testing.T) {
require.NoError(t, err)

w2, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
Logger: logger.Named("w2"),
DERPMap: derpMap,
})
Expand Down
4 changes: 2 additions & 2 deletionscoderd/tailnet.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -61,7 +61,7 @@ func NewServerTailnet(
) (*ServerTailnet, error) {
logger = logger.Named("servertailnet")
conn, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
DERPForceWebSockets: derpForceWebSockets,
Logger: logger,
BlockEndpoints: blockEndpoints,
Expand DownExpand Up@@ -352,7 +352,7 @@ func (s *ServerTailnet) ReverseProxy(targetURL, dashboardURL *url.URL, agentID u
// "localhost:port", causing connections to be shared across agents.
tgt := *targetURL
_, port, _ := net.SplitHostPort(tgt.Host)
tgt.Host = net.JoinHostPort(tailnet.IPFromUUID(agentID).String(), port)
tgt.Host = net.JoinHostPort(tailnet.TailscaleServicePrefix.AddrFromUUID(agentID).String(), port)

proxy := httputil.NewSingleHostReverseProxy(&tgt)
proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, theErr error) {
Expand Down
4 changes: 3 additions & 1 deletioncoderd/tailnet_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -186,7 +186,9 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
// Ensure the reverse proxy director rewrites the url host to the agent's IP.
rp.Director(req)
assert.Equal(t,
fmt.Sprintf("[%s]:%d", tailnet.IPFromUUID(a.id).String(), workspacesdk.AgentHTTPAPIServerPort),
fmt.Sprintf("[%s]:%d",
tailnet.TailscaleServicePrefix.AddrFromUUID(a.id).String(),
workspacesdk.AgentHTTPAPIServerPort),
req.URL.Host,
)
})
Expand Down
2 changes: 1 addition & 1 deletioncodersdk/workspacesdk/agentconn.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -51,7 +51,7 @@ type AgentConnOptions struct {
}

func (c *AgentConn) agentAddress() netip.Addr {
return tailnet.IPFromUUID(c.opts.AgentID)
return tailnet.TailscaleServicePrefix.AddrFromUUID(c.opts.AgentID)
}

// AwaitReachable waits for the agent to be reachable.
Expand Down
2 changes: 1 addition & 1 deletioncodersdk/workspacesdk/workspacesdk.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -236,7 +236,7 @@ func (c *Client) DialAgent(dialCtx context.Context, agentID uuid.UUID, options *
CompressionMode: websocket.CompressionDisabled,
})

ip := tailnet.IP()
ip := tailnet.TailscaleServicePrefix.RandomAddr()
var header http.Header
if headerTransport, ok := c.client.HTTPClient.Transport.(*codersdk.HeaderTransport); ok {
header = headerTransport.Header
Expand Down
6 changes: 3 additions & 3 deletionsenterprise/tailnet/pgcoord_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -120,7 +120,7 @@ func TestPGCoordinatorSingle_AgentInvalidIP(t *testing.T) {
defer agent.Close(ctx)
agent.UpdateNode(&proto.Node{
Addresses: []string{
netip.PrefixFrom(agpl.IP(), 128).String(),
agpl.TailscaleServicePrefix.RandomPrefix().String(),
},
PreferredDerp: 10,
})
Expand All@@ -147,7 +147,7 @@ func TestPGCoordinatorSingle_AgentInvalidIPBits(t *testing.T) {
defer agent.Close(ctx)
agent.UpdateNode(&proto.Node{
Addresses: []string{
netip.PrefixFrom(agpl.IPFromUUID(agent.ID), 64).String(),
netip.PrefixFrom(agpl.TailscaleServicePrefix.AddrFromUUID(agent.ID), 64).String(),
},
PreferredDerp: 10,
})
Expand All@@ -174,7 +174,7 @@ func TestPGCoordinatorSingle_AgentValidIP(t *testing.T) {
defer agent.Close(ctx)
agent.UpdateNode(&proto.Node{
Addresses: []string{
netip.PrefixFrom(agpl.IPFromUUID(agent.ID), 128).String(),
agpl.TailscaleServicePrefix.PrefixFromUUID(agent.ID).String(),
},
PreferredDerp: 10,
})
Expand Down
54 changes: 37 additions & 17 deletionstailnet/conn.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -327,28 +327,48 @@ func NewConn(options *Options) (conn *Conn, err error) {
return server, nil
}

func maskUUID(uid uuid.UUID) uuid.UUID {
// This is Tailscale's ephemeral service prefix. This can be changed easily
// later-on, because all of our nodes are ephemeral.
// fd7a:115c:a1e0
uid[0] = 0xfd
uid[1] = 0x7a
uid[2] = 0x11
uid[3] = 0x5c
uid[4] = 0xa1
uid[5] = 0xe0
type ServicePrefix [6]byte

var (
// TailscaleServicePrefix is the IPv6 prefix for all tailnet nodes since it was first added to
// Coder. It is identical to the service prefix Tailscale.com uses. With the introduction of
// CoderVPN, we would like to stop using the Tailscale prefix so that we don't conflict with
// Tailscale if both are installed at the same time. However, there are a large number of agents
// and clients using this prefix, so we need to carefully manage deprecation and eventual
// removal.
// fd7a:115c:a1e0:://48
TailscaleServicePrefix ServicePrefix = [6]byte{0xfd, 0x7a, 0x11, 0x5c, 0xa1, 0xe0}
// CoderServicePrefix is the Coder-specific IPv6 prefix for tailnet nodes, which we are in the
// process of migrating to. It allows Coder to run alongside Tailscale without conflicts even
// if both are set up as TUN interfaces into the OS (e.g. CoderVPN).
// fd60:627a:a42b::/48
CoderServicePrefix ServicePrefix = [6]byte{0xfd, 0x60, 0x62, 0x7a, 0xa4, 0x2b}
)

// maskUUID returns a new UUID with the first 6 bytes changed to the ServicePrefix
func (p ServicePrefix) maskUUID(uid uuid.UUID) uuid.UUID {
copy(uid[:], p[:])
return uid
}

// IP generates a random IP with a static service prefix.
func IP() netip.Addr {
uid := maskUUID(uuid.New())
return netip.AddrFrom16(uid)
// RandomAddr returns a random IP address in the service prefix.
func (p ServicePrefix) RandomAddr() netip.Addr {
return netip.AddrFrom16(p.maskUUID(uuid.New()))
}

// AddrFromUUID returns an IPv6 address corresponding to the given UUID in the service prefix.
func (p ServicePrefix) AddrFromUUID(uid uuid.UUID) netip.Addr {
return netip.AddrFrom16(p.maskUUID(uid))
}

// PrefixFromUUID returns a single IPv6 /128 prefix corresponding to the given UUID.
func (p ServicePrefix) PrefixFromUUID(uid uuid.UUID) netip.Prefix {
return netip.PrefixFrom(p.AddrFromUUID(uid), 128)
}

//IP generates anew IP from a UUID.
funcIPFromUUID(uid uuid.UUID)netip.Addr {
return netip.AddrFrom16(maskUUID(uid))
//RandomPrefix returns asingle IPv6 /128 prefix within the service prefix.
func(p ServicePrefix) RandomPrefix()netip.Prefix {
return netip.PrefixFrom(p.RandomAddr(), 128)
}

// Conn is an actively listening Wireguard connection.
Expand Down
59 changes: 44 additions & 15 deletionstailnet/conn_test.go
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -3,6 +3,7 @@ package tailnet_test
import (
"context"
"net/netip"
"strings"
"testing"
"time"

Expand DownExpand Up@@ -30,7 +31,7 @@ func TestTailnet(t *testing.T) {
t.Parallel()
logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
conn, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
Logger: logger.Named("w1"),
DERPMap: derpMap,
})
Expand All@@ -42,7 +43,7 @@ func TestTailnet(t *testing.T) {
t.Parallel()
logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
ctx := testutil.Context(t, testutil.WaitLong)
w1IP := tailnet.IP()
w1IP := tailnet.TailscaleServicePrefix.RandomAddr()
w1, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(w1IP, 128)},
Logger: logger.Named("w1"),
Expand All@@ -51,7 +52,7 @@ func TestTailnet(t *testing.T) {
require.NoError(t, err)

w2, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
Logger: logger.Named("w2"),
DERPMap: derpMap,
})
Expand DownExpand Up@@ -106,7 +107,7 @@ func TestTailnet(t *testing.T) {
logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
ctx := testutil.Context(t, testutil.WaitMedium)

w1IP := tailnet.IP()
w1IP := tailnet.TailscaleServicePrefix.RandomAddr()
derpMap := tailnettest.RunDERPOnlyWebSockets(t)
w1, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(w1IP, 128)},
Expand All@@ -117,7 +118,7 @@ func TestTailnet(t *testing.T) {
require.NoError(t, err)

w2, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
Logger: logger.Named("w2"),
DERPMap: derpMap,
BlockEndpoints: true,
Expand DownExpand Up@@ -168,7 +169,7 @@ func TestTailnet(t *testing.T) {
t.Parallel()
logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
ctx := testutil.Context(t, testutil.WaitLong)
w1IP := tailnet.IP()
w1IP := tailnet.TailscaleServicePrefix.RandomAddr()
w1, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(w1IP, 128)},
Logger: logger.Named("w1"),
Expand All@@ -177,7 +178,7 @@ func TestTailnet(t *testing.T) {
require.NoError(t, err)

w2, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
Logger: logger.Named("w2"),
DERPMap: derpMap,
})
Expand DownExpand Up@@ -211,7 +212,7 @@ func TestTailnet(t *testing.T) {
t.Parallel()
logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
ctx := testutil.Context(t, testutil.WaitLong)
w1IP := tailnet.IP()
w1IP := tailnet.TailscaleServicePrefix.RandomAddr()
w1, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(w1IP, 128)},
Logger: logger.Named("w1"),
Expand All@@ -221,7 +222,7 @@ func TestTailnet(t *testing.T) {
require.NoError(t, err)

w2, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
Logger: logger.Named("w2"),
DERPMap: derpMap,
BlockEndpoints: true,
Expand DownExpand Up@@ -261,7 +262,7 @@ func TestConn_PreferredDERP(t *testing.T) {
logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
derpMap, _ := tailnettest.RunDERPAndSTUN(t)
conn, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
Logger: logger.Named("w1"),
DERPMap: derpMap,
})
Expand DownExpand Up@@ -290,7 +291,7 @@ func TestConn_UpdateDERP(t *testing.T) {
logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)

derpMap1, _ := tailnettest.RunDERPAndSTUN(t)
ip := tailnet.IP()
ip := tailnet.TailscaleServicePrefix.RandomAddr()
conn, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(ip, 128)},
Logger: logger.Named("w1"),
Expand DownExpand Up@@ -320,7 +321,7 @@ func TestConn_UpdateDERP(t *testing.T) {

// Connect from a different client.
client1, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
Logger: logger.Named("client1"),
DERPMap: derpMap1,
BlockEndpoints: true,
Expand DownExpand Up@@ -394,7 +395,7 @@ parentLoop:
// Connect from a different different client with up-to-date derp map and
// nodes.
client2, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()},
Logger: logger.Named("client2"),
DERPMap: derpMap2,
BlockEndpoints: true,
Expand DownExpand Up@@ -425,7 +426,7 @@ func TestConn_BlockEndpoints(t *testing.T) {
derpMap, _ := tailnettest.RunDERPAndSTUN(t)

// Setup conn 1.
ip1 := tailnet.IP()
ip1 := tailnet.TailscaleServicePrefix.RandomAddr()
conn1, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(ip1, 128)},
Logger: logger.Named("w1"),
Expand All@@ -439,7 +440,7 @@ func TestConn_BlockEndpoints(t *testing.T) {
}()

// Setup conn 2.
ip2 := tailnet.IP()
ip2 := tailnet.TailscaleServicePrefix.RandomAddr()
conn2, err := tailnet.NewConn(&tailnet.Options{
Addresses: []netip.Prefix{netip.PrefixFrom(ip2, 128)},
Logger: logger.Named("w2"),
Expand DownExpand Up@@ -492,3 +493,31 @@ func stitch(t *testing.T, dst, src *tailnet.Conn) {
assert.NoError(t, err)
})
}

func TestTailscaleServicePrefix(t *testing.T) {
t.Parallel()
a := tailnet.TailscaleServicePrefix.RandomAddr()
require.True(t, strings.HasPrefix(a.String(), "fd7a:115c:a1e0"))
p := tailnet.TailscaleServicePrefix.RandomPrefix()
require.True(t, strings.HasPrefix(p.String(), "fd7a:115c:a1e0"))
require.True(t, strings.HasSuffix(p.String(), "/128"))
u := uuid.MustParse("aaaaaaaa-aaaa-aaaa-aaaa-123456789abc")
a = tailnet.TailscaleServicePrefix.AddrFromUUID(u)
require.Equal(t, "fd7a:115c:a1e0:aaaa:aaaa:1234:5678:9abc", a.String())
p = tailnet.TailscaleServicePrefix.PrefixFromUUID(u)
require.Equal(t, "fd7a:115c:a1e0:aaaa:aaaa:1234:5678:9abc/128", p.String())
}

func TestCoderServicePrefix(t *testing.T) {
t.Parallel()
a := tailnet.CoderServicePrefix.RandomAddr()
require.True(t, strings.HasPrefix(a.String(), "fd60:627a:a42b"))
p := tailnet.CoderServicePrefix.RandomPrefix()
require.True(t, strings.HasPrefix(p.String(), "fd60:627a:a42b"))
require.True(t, strings.HasSuffix(p.String(), "/128"))
u := uuid.MustParse("aaaaaaaa-aaaa-aaaa-aaaa-123456789abc")
a = tailnet.CoderServicePrefix.AddrFromUUID(u)
require.Equal(t, "fd60:627a:a42b:aaaa:aaaa:1234:5678:9abc", a.String())
p = tailnet.CoderServicePrefix.PrefixFromUUID(u)
require.Equal(t, "fd60:627a:a42b:aaaa:aaaa:1234:5678:9abc/128", p.String())
}
Loading
Loading
[8]ページ先頭
©2009-2025 Movatter.jp