Commit Graph

28 Commits (main)

Author SHA1 Message Date
Brad Fitzpatrick c76a6e5167 derp: track client-advertised non-ideal DERP connections in more places
In f77821fd63 (released in v1.72.0), we made the client tell a DERP server
when the connection was not its ideal choice (the first node in its region).

But we didn't do anything with that information until now. This adds a
metric about how many such connections are on a given derper, and also
adds a bit to the PeerPresentFlags bitmask so watchers can identify
(and rebalance) them.

Updates tailscale/corp#372

Change-Id: Ief8af448750aa6d598e5939a57c062f4e55962be
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 month ago
Brad Fitzpatrick 3485e4bf5a derp: make RunConnectionLoop funcs take Messages, support PeerPresentFlags
PeerPresentFlags was added in 5ffb2668ef but wasn't plumbed through to
the RunConnectionLoop. Rather than add yet another parameter (as
IP:port was added earlier), pass in the raw PeerPresentMessage and
PeerGoneMessage struct values, which are the same things, plus two
fields: PeerGoneReasonType for gone and the PeerPresentFlags from
5ffb2668ef.

Updates tailscale/corp#17816

Change-Id: Ib19d9f95353651ada90656071fc3656cf58b7987
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 months ago
Brad Fitzpatrick 5ffb2668ef derp: add PeerPresentFlags bitmask to Watch messages
Updates tailscale/corp#17816

Change-Id: Ib5baf6c981a6a4c279f8bbfef02048cfbfb3323b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 months ago
Brad Fitzpatrick 6c791f7d60 derp: include src IPs in mesh watch messages
Updates tailscale/corp#13945

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
Brad Fitzpatrick be4eb6a39e derp, net/dns/recursive: use Go 1.21 min
Updates #8419

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
valscale 74eb99aed1
derp, derphttp, magicsock: send new unknown peer frame when destination is unknown (#7552)
* wgengine/magicsock: add envknob to send CallMeMaybe to non-existent peer

For testing older client version responses to the PeerGone packet format change.

Updates #4326

Signed-off-by: Val <valerie@tailscale.com>

* derp: remove dead sclient struct member replaceLimiter

Leftover from an previous solution to the duplicate client problem.

Updates #2751

Signed-off-by: Val <valerie@tailscale.com>

* derp, derp/derphttp, wgengine/magicsock: add new PeerGone message type Not Here

Extend the PeerGone message type by adding a reason byte. Send a
PeerGone "Not Here" message when an endpoint sends a disco message to
a peer that this server has no record of.

Fixes #4326

Signed-off-by: Val <valerie@tailscale.com>

---------

Signed-off-by: Val <valerie@tailscale.com>
2 years ago
Will Norris 71029cea2d all: update copyright and license headers
This updates all source files to use a new standard header for copyright
and license declaration.  Notably, copyright no longer includes a date,
and we now use the standard SPDX-License-Identifier header.

This commit was done almost entirely mechanically with perl, and then
some minimal manual fixes.

Updates #6865

Signed-off-by: Will Norris <will@tailscale.com>
2 years ago
Eng Zer Jun f0347e841f refactor: move from io/ioutil to io and os packages
The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Reference: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2 years ago
Mihai Parparita 027111fb5a derp: update DERP acronym expansion
Makes the package description consistent with other documentation.

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
2 years ago
Brad Fitzpatrick 116f55ff66 all: gofmt for Go 1.19
Updates #5210

Change-Id: Ib02cd5e43d0a8db60c1f09755a8ac7b140b670be
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2 years ago
Brad Fitzpatrick a59b389a6a derp: add new health update and server restarting frame types
Updates #2756
Updates #2746

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago
Brad Fitzpatrick 79d8288f0a wgengine/magicsock, derp, derp/derphttp: respond to DERP server->client pings
No server support yet, but we want Tailscale 1.6 clients to be able to respond
to them when the server can do it.

Updates #1310

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick e415991256 derp, derp/derphttp: remove one RTT from DERP setup
* advertise server's DERP public key following its ServerHello
* have client look for that DEPR public key in the response
  PeerCertificates
* let client advertise it's going into a "fast start" mode
  if it finds it
* modify server to support that fast start mode, just not
  sending the HTTP response header

Cuts down another round trip, bringing the latency of being able to
write our first DERP frame from SF to Bangalore from ~725ms
(3 RTT) to ~481ms (2 RTT: TCP and TLS).

Fixes #693

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 93ffc565e5 derp: remove protocol version 1 support
It hasn't existed for a long time and there are no current users.

Fixes #199
4 years ago
Brad Fitzpatrick 6b80bcf112 derp: remove a client round-trip waiting on serverInfo
It just has a version number in it and it's not really needed.
Instead just return it as a normal Recv message type for those
that care (currently only tests).

Updates #150 (in that it shares the same goal: initial DERP latency)
Updates #199 (in that it removes some DERP versioning)
4 years ago
Josh Bleecher Snyder e577303dc7 derp: make writeUint32 and readUint32 not allocate
The allocations are small, but they're easy enough to avoid.
And it removes some clutter from the pprof output.

name                      old time/op    new time/op    delta
SendRecv/msgsize=10-8       10.1µs ± 9%     9.7µs ± 7%    -3.45%  (p=0.035 n=14+14)
SendRecv/msgsize=100-8      8.12µs ± 7%    7.38µs ± 9%    -9.02%  (p=0.000 n=15+15)
SendRecv/msgsize=1000-8     9.51µs ±25%    8.76µs ±22%      ~     (p=0.202 n=15+15)
SendRecv/msgsize=10000-8    21.1µs ±25%    19.9µs ±14%      ~     (p=0.270 n=15+14)
WriteUint32-8               25.1ns ± 4%    21.3ns ±12%   -15.01%  (p=0.000 n=14+14)
ReadUint32-8                35.4ns ± 4%    21.9ns ± 4%   -38.06%  (p=0.000 n=15+15)

name                      old alloc/op   new alloc/op   delta
SendRecv/msgsize=10-8         182B ± 2%      169B ± 1%    -7.22%  (p=0.000 n=15+13)
SendRecv/msgsize=100-8        282B ± 1%      265B ± 1%    -5.85%  (p=0.000 n=15+15)
SendRecv/msgsize=1000-8     1.19kB ± 1%    1.18kB ± 0%    -1.26%  (p=0.000 n=14+15)
SendRecv/msgsize=10000-8    19.3kB ± 4%    18.7kB ± 4%    -3.44%  (p=0.006 n=12+12)
WriteUint32-8                4.00B ± 0%     0.00B       -100.00%  (p=0.000 n=15+15)
ReadUint32-8                 4.00B ± 0%     0.00B       -100.00%  (p=0.000 n=15+15)

name                      old allocs/op  new allocs/op  delta
SendRecv/msgsize=10-8         8.00 ± 0%      4.00 ± 0%   -50.00%  (p=0.000 n=15+15)
SendRecv/msgsize=100-8        8.00 ± 0%      4.00 ± 0%   -50.00%  (p=0.000 n=15+15)
SendRecv/msgsize=1000-8       8.00 ± 0%      4.00 ± 0%   -50.00%  (p=0.000 n=15+15)
SendRecv/msgsize=10000-8      8.47 ±17%      5.00 ± 0%   -40.94%  (p=0.000 n=15+14)
WriteUint32-8                 1.00 ± 0%      0.00       -100.00%  (p=0.000 n=15+15)
ReadUint32-8                  1.00 ± 0%      0.00       -100.00%  (p=0.000 n=15+15)

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
4 years ago
Brad Fitzpatrick 4732722b87 derp: add frameClosePeer to move around clients within a region
For various reasons (mostly during rollouts or config changes on our
side), nodes may end up connecting to a fallback DERP node in a
region, rather than the primary one we tell them about in the DERP
map.

Connecting to the "wrong" node is fine, but it's in our best interest
for all nodes in a domain to connect to the same node, to reduce
intra-region packet forwarding.

This adds a privileged frame type used by the control system that can
kick off a client connection when they're connected to the wrong node
in a region. Then they hopefully reconnect immediately to the correct
location. (If not, we can leave them alone and stop closing them.)

Updates tailscale/corp#372
4 years ago
Brad Fitzpatrick 1cb7dab881 cmd/derper: support forwarding packets amongst set of peer DERP servers
Updates #388

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 484b7fc9a3 derp, cmd/derper: add frameWatchConns, framePeerPresent for inter-DERP routing
This lets a trusted DERP client that knows a pre-shared key subscribe
to the connection list. Upon subscribing, they get the current set
of connected public keys, and then all changes over time.

This lets a set of DERP server peers within a region all stay connected to
each other and know which clients are connected to which nodes.

Updates #388

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Dmitry Adamushko 806645ea0e derp: prevent readFrame() from reading more than len(b) bytes.
Signed-off-by: Dmitry Adamushko <da@stablebits.net>
5 years ago
Brad Fitzpatrick 1ab5b31c4b derp, magicsock: send new "peer gone" frames when previous sender disconnects
Updates #150 (not yet enabled by default in magicsock)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 6978b93bdd derp, magicsock: track home (preferred) vs visiting connections for stats 5 years ago
Brad Fitzpatrick bf704a5218 derp: protocol negotiation, add v2: send src pub keys to clients in packets
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 379a3125fd derp, wgengine/magicsock: support more than just packets from Client.Recv
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 88f1cc0c98 derp, cmd/derper: add rate limiting support, add default 5Mbps limit
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick f029c4c82d derp: change the protocol framing to always include a length
Addresses one of crawshaw's TODOs.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 11048b8932 derp: add docs on current protocol overview, break accept apart a bit
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 259406e797 derp: move away from [32]byte key types
And some minor cleanup in the process.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago