mirror of https://github.com/tailscale/tailscale/
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
318 lines
8.4 KiB
Go
318 lines
8.4 KiB
Go
// Copyright (c) Tailscale Inc & AUTHORS
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
package main
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/binary"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"math"
|
|
"math/rand/v2"
|
|
"net/netip"
|
|
"syscall"
|
|
"time"
|
|
|
|
"github.com/mdlayher/socket"
|
|
"golang.org/x/net/icmp"
|
|
"golang.org/x/net/ipv4"
|
|
"golang.org/x/net/ipv6"
|
|
"golang.org/x/sys/unix"
|
|
"tailscale.com/net/stun"
|
|
)
|
|
|
|
const (
|
|
timestampingFlags = unix.SOF_TIMESTAMPING_TX_SOFTWARE | // tx timestamp generation in device driver
|
|
unix.SOF_TIMESTAMPING_RX_SOFTWARE | // rx timestamp generation in the kernel
|
|
unix.SOF_TIMESTAMPING_SOFTWARE // report software timestamps
|
|
)
|
|
|
|
func getUDPConnKernelTimestamp() (io.ReadWriteCloser, error) {
|
|
sconn, err := socket.Socket(unix.AF_INET6, unix.SOCK_DGRAM, unix.IPPROTO_UDP, "udp", nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
sa := unix.SockaddrInet6{}
|
|
err = sconn.Bind(&sa)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
err = sconn.SetsockoptInt(unix.SOL_SOCKET, unix.SO_TIMESTAMPING_NEW, timestampingFlags)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return sconn, nil
|
|
}
|
|
|
|
func parseTimestampFromCmsgs(oob []byte) (time.Time, error) {
|
|
msgs, err := unix.ParseSocketControlMessage(oob)
|
|
if err != nil {
|
|
return time.Time{}, fmt.Errorf("error parsing oob as cmsgs: %w", err)
|
|
}
|
|
for _, msg := range msgs {
|
|
if msg.Header.Level == unix.SOL_SOCKET && msg.Header.Type == unix.SO_TIMESTAMPING_NEW && len(msg.Data) >= 16 {
|
|
sec := int64(binary.NativeEndian.Uint64(msg.Data[:8]))
|
|
ns := int64(binary.NativeEndian.Uint64(msg.Data[8:16]))
|
|
return time.Unix(sec, ns), nil
|
|
}
|
|
}
|
|
return time.Time{}, errors.New("failed to parse timestamp from cmsgs")
|
|
}
|
|
|
|
func mkICMPMeasureFn(source timestampSource) measureFn {
|
|
return func(conn io.ReadWriteCloser, hostname string, dst netip.AddrPort) (rtt time.Duration, err error) {
|
|
return measureICMPRTT(source, conn, hostname, dst)
|
|
}
|
|
}
|
|
|
|
func measureICMPRTT(source timestampSource, conn io.ReadWriteCloser, _ string, dst netip.AddrPort) (rtt time.Duration, err error) {
|
|
sconn, ok := conn.(*socket.Conn)
|
|
if !ok {
|
|
return 0, fmt.Errorf("conn of unexpected type: %T", conn)
|
|
}
|
|
txBody := &icmp.Echo{
|
|
// The kernel overrides this and routes appropriately so there is no
|
|
// point in setting or verifying.
|
|
ID: 0,
|
|
// Make this sufficiently random so that we do not account a late
|
|
// arriving reply in a future probe window.
|
|
Seq: int(rand.Int32N(math.MaxUint16)),
|
|
// Fingerprint ourselves.
|
|
Data: []byte("stunstamp"),
|
|
}
|
|
txMsg := icmp.Message{
|
|
Body: txBody,
|
|
}
|
|
var to unix.Sockaddr
|
|
if dst.Addr().Is4() {
|
|
txMsg.Type = ipv4.ICMPTypeEcho
|
|
to = &unix.SockaddrInet4{}
|
|
copy(to.(*unix.SockaddrInet4).Addr[:], dst.Addr().AsSlice())
|
|
} else {
|
|
txMsg.Type = ipv6.ICMPTypeEchoRequest
|
|
to = &unix.SockaddrInet6{}
|
|
copy(to.(*unix.SockaddrInet6).Addr[:], dst.Addr().AsSlice())
|
|
}
|
|
txBuf, err := txMsg.Marshal(nil)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
txAt := time.Now()
|
|
err = sconn.Sendto(context.Background(), txBuf, 0, to)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("sendto error: %v", err)
|
|
}
|
|
|
|
if source == timestampSourceKernel {
|
|
txCtx, txCancel := context.WithTimeout(context.Background(), txRxTimeout)
|
|
defer txCancel()
|
|
|
|
buf := make([]byte, 1024)
|
|
oob := make([]byte, 1024)
|
|
|
|
for {
|
|
n, oobn, _, _, err := sconn.Recvmsg(txCtx, buf, oob, unix.MSG_ERRQUEUE)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("recvmsg (MSG_ERRQUEUE) error: %v", err) // don't wrap
|
|
}
|
|
|
|
buf = buf[:n]
|
|
// Spin until we find the message we sent. We get the full packet
|
|
// looped including eth header so match against the tail.
|
|
if n < len(txBuf) {
|
|
continue
|
|
}
|
|
txLoopedMsg, err := icmp.ParseMessage(txMsg.Type.Protocol(), buf[len(buf)-len(txBuf):])
|
|
if err != nil {
|
|
continue
|
|
}
|
|
txLoopedBody, ok := txLoopedMsg.Body.(*icmp.Echo)
|
|
if !ok || txLoopedBody.Seq != txBody.Seq || txLoopedMsg.Code != txMsg.Code ||
|
|
txLoopedMsg.Type != txLoopedMsg.Type || !bytes.Equal(txLoopedBody.Data, txBody.Data) {
|
|
continue
|
|
}
|
|
txAt, err = parseTimestampFromCmsgs(oob[:oobn])
|
|
if err != nil {
|
|
return 0, fmt.Errorf("failed to get tx timestamp: %v", err) // don't wrap
|
|
}
|
|
break
|
|
}
|
|
}
|
|
|
|
rxCtx, rxCancel := context.WithTimeout(context.Background(), txRxTimeout)
|
|
defer rxCancel()
|
|
|
|
rxBuf := make([]byte, 1024)
|
|
oob := make([]byte, 1024)
|
|
for {
|
|
n, oobn, _, _, err := sconn.Recvmsg(rxCtx, rxBuf, oob, 0)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("recvmsg error: %w", err)
|
|
}
|
|
rxAt := time.Now()
|
|
rxMsg, err := icmp.ParseMessage(txMsg.Type.Protocol(), rxBuf[:n])
|
|
if err != nil {
|
|
continue
|
|
}
|
|
if txMsg.Type == ipv4.ICMPTypeEcho {
|
|
if rxMsg.Type != ipv4.ICMPTypeEchoReply {
|
|
continue
|
|
}
|
|
} else {
|
|
if rxMsg.Type != ipv6.ICMPTypeEchoReply {
|
|
continue
|
|
}
|
|
}
|
|
if rxMsg.Code != txMsg.Code {
|
|
continue
|
|
}
|
|
rxBody, ok := rxMsg.Body.(*icmp.Echo)
|
|
if !ok || rxBody.Seq != txBody.Seq || !bytes.Equal(rxBody.Data, txBody.Data) {
|
|
continue
|
|
}
|
|
if source == timestampSourceKernel {
|
|
rxAt, err = parseTimestampFromCmsgs(oob[:oobn])
|
|
if err != nil {
|
|
return 0, fmt.Errorf("failed to get rx timestamp: %v", err)
|
|
}
|
|
}
|
|
return rxAt.Sub(txAt), nil
|
|
}
|
|
}
|
|
|
|
func measureSTUNRTTKernel(conn io.ReadWriteCloser, _ string, dst netip.AddrPort) (rtt time.Duration, err error) {
|
|
sconn, ok := conn.(*socket.Conn)
|
|
if !ok {
|
|
return 0, fmt.Errorf("conn of unexpected type: %T", conn)
|
|
}
|
|
|
|
var to unix.Sockaddr
|
|
if dst.Addr().Is4() {
|
|
to = &unix.SockaddrInet4{
|
|
Port: int(dst.Port()),
|
|
}
|
|
copy(to.(*unix.SockaddrInet4).Addr[:], dst.Addr().AsSlice())
|
|
} else {
|
|
to = &unix.SockaddrInet6{
|
|
Port: int(dst.Port()),
|
|
}
|
|
copy(to.(*unix.SockaddrInet6).Addr[:], dst.Addr().AsSlice())
|
|
}
|
|
|
|
txID := stun.NewTxID()
|
|
req := stun.Request(txID)
|
|
|
|
err = sconn.Sendto(context.Background(), req, 0, to)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("sendto error: %v", err) // don't wrap
|
|
}
|
|
|
|
txCtx, txCancel := context.WithTimeout(context.Background(), txRxTimeout)
|
|
defer txCancel()
|
|
|
|
buf := make([]byte, 1024)
|
|
oob := make([]byte, 1024)
|
|
var txAt time.Time
|
|
|
|
for {
|
|
n, oobn, _, _, err := sconn.Recvmsg(txCtx, buf, oob, unix.MSG_ERRQUEUE)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("recvmsg (MSG_ERRQUEUE) error: %v", err) // don't wrap
|
|
}
|
|
|
|
buf = buf[:n]
|
|
if n < len(req) || !bytes.Equal(req, buf[len(buf)-len(req):]) {
|
|
// Spin until we find the message we sent. We get the full packet
|
|
// looped including eth header so match against the tail.
|
|
continue
|
|
}
|
|
txAt, err = parseTimestampFromCmsgs(oob[:oobn])
|
|
if err != nil {
|
|
return 0, fmt.Errorf("failed to get tx timestamp: %v", err) // don't wrap
|
|
}
|
|
break
|
|
}
|
|
|
|
rxCtx, rxCancel := context.WithTimeout(context.Background(), txRxTimeout)
|
|
defer rxCancel()
|
|
|
|
for {
|
|
n, oobn, _, _, err := sconn.Recvmsg(rxCtx, buf, oob, 0)
|
|
if err != nil {
|
|
return 0, fmt.Errorf("recvmsg error: %w", err) // wrap for timeout-related error unwrapping
|
|
}
|
|
|
|
gotTxID, _, err := stun.ParseResponse(buf[:n])
|
|
if err != nil || gotTxID != txID {
|
|
// Spin until we find the txID we sent. We may end up reading
|
|
// extremely late arriving responses from previous intervals. As
|
|
// such, we can't be certain if we're parsing the "current"
|
|
// response, so spin for parse errors too.
|
|
continue
|
|
}
|
|
|
|
rxAt, err := parseTimestampFromCmsgs(oob[:oobn])
|
|
if err != nil {
|
|
return 0, fmt.Errorf("failed to get rx timestamp: %v", err) // don't wrap
|
|
}
|
|
|
|
return rxAt.Sub(txAt), nil
|
|
}
|
|
|
|
}
|
|
|
|
func getICMPConn(forDst netip.Addr, source timestampSource) (io.ReadWriteCloser, error) {
|
|
domain := unix.AF_INET
|
|
proto := unix.IPPROTO_ICMP
|
|
if forDst.Is6() {
|
|
domain = unix.AF_INET6
|
|
proto = unix.IPPROTO_ICMPV6
|
|
}
|
|
conn, err := socket.Socket(domain, unix.SOCK_DGRAM, proto, "icmp", nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if source == timestampSourceKernel {
|
|
err = conn.SetsockoptInt(unix.SOL_SOCKET, unix.SO_TIMESTAMPING_NEW, timestampingFlags)
|
|
}
|
|
return conn, err
|
|
}
|
|
|
|
func getProtocolSupportInfo(p protocol) protocolSupportInfo {
|
|
switch p {
|
|
case protocolSTUN:
|
|
return protocolSupportInfo{
|
|
kernelTS: true,
|
|
userspaceTS: true,
|
|
stableConn: true,
|
|
}
|
|
case protocolHTTPS:
|
|
return protocolSupportInfo{
|
|
kernelTS: false,
|
|
userspaceTS: true,
|
|
stableConn: true,
|
|
}
|
|
case protocolTCP:
|
|
return protocolSupportInfo{
|
|
kernelTS: true,
|
|
userspaceTS: false,
|
|
stableConn: true,
|
|
}
|
|
case protocolICMP:
|
|
return protocolSupportInfo{
|
|
kernelTS: true,
|
|
userspaceTS: true,
|
|
stableConn: false,
|
|
}
|
|
}
|
|
return protocolSupportInfo{}
|
|
}
|
|
|
|
func setSOReuseAddr(fd uintptr) error {
|
|
// we may restart faster than TIME_WAIT can clear
|
|
return syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1)
|
|
}
|