feature/drive: start factoring out Taildrive, add ts_omit_drive build tag

As of this commit (per the issue), the Taildrive code remains where it was, but in new files that are protected by the new ts_omit_drive build tag. Future commits will move it. Updates #17058 Change-Id: Idf0a51db59e41ae8da6ea2b11d238aefc48b219e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-09-08 08:13:49 -07:00
parent 82c5024f03
commit a1dcf12b67
21 changed files with 582 additions and 440 deletions
@@ -1,38 +1,35 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause

+//go:build !ts_omit_drive
+
 package ipnlocal

 import (
+	"errors"
 	"fmt"
+	"io"
+	"net/http"
+	"net/netip"
 	"os"
 	"slices"

 	"tailscale.com/drive"
 	"tailscale.com/ipn"
 	"tailscale.com/tailcfg"
+	"tailscale.com/types/logger"
 	"tailscale.com/types/netmap"
 	"tailscale.com/types/views"
+	"tailscale.com/util/httpm"
 )

-const (
-	// DriveLocalPort is the port on which the Taildrive listens for location
-	// connections on quad 100.
-	DriveLocalPort = 8080
-)
-
-// DriveSharingEnabled reports whether sharing to remote nodes via Taildrive is
-// enabled. This is currently based on checking for the drive:share node
-// attribute.
-func (b *LocalBackend) DriveSharingEnabled() bool {
-	return b.currentNode().SelfHasCap(tailcfg.NodeAttrsTaildriveShare)
+func init() {
+	hookSetNetMapLockedDrive.Set(setNetMapLockedDrive)
 }

-// DriveAccessEnabled reports whether accessing Taildrive shares on remote nodes
-// is enabled. This is currently based on checking for the drive:access node
-// attribute.
-func (b *LocalBackend) DriveAccessEnabled() bool {
-	return b.currentNode().SelfHasCap(tailcfg.NodeAttrsTaildriveAccess)
+func setNetMapLockedDrive(b *LocalBackend, nm *netmap.NetworkMap) {
+	b.updateDrivePeersLocked(nm)
+	b.driveNotifyCurrentSharesLocked()
 }

 // DriveSetServerAddr tells Taildrive to use the given address for connecting
@@ -363,3 +360,137 @@ func (b *LocalBackend) driveRemotesFromPeers(nm *netmap.NetworkMap) []*drive.Rem
 	}
 	return driveRemotes
 }
+
+// responseBodyWrapper wraps an io.ReadCloser and stores
+// the number of bytesRead.
+type responseBodyWrapper struct {
+	io.ReadCloser
+	logVerbose    bool
+	bytesRx       int64
+	bytesTx       int64
+	log           logger.Logf
+	method        string
+	statusCode    int
+	contentType   string
+	fileExtension string
+	shareNodeKey  string
+	selfNodeKey   string
+	contentLength int64
+}
+
+// logAccess logs the taildrive: access: log line. If the logger is nil,
+// the log will not be written.
+func (rbw *responseBodyWrapper) logAccess(err string) {
+	if rbw.log == nil {
+		return
+	}
+
+	// Some operating systems create and copy lots of 0 length hidden files for
+	// tracking various states. Omit these to keep logs from being too verbose.
+	if rbw.logVerbose || rbw.contentLength > 0 {
+		levelPrefix := ""
+		if rbw.logVerbose {
+			levelPrefix = "[v1] "
+		}
+		rbw.log(
+			"%staildrive: access: %s from %s to %s: status-code=%d ext=%q content-type=%q content-length=%.f tx=%.f rx=%.f err=%q",
+			levelPrefix,
+			rbw.method,
+			rbw.selfNodeKey,
+			rbw.shareNodeKey,
+			rbw.statusCode,
+			rbw.fileExtension,
+			rbw.contentType,
+			roundTraffic(rbw.contentLength),
+			roundTraffic(rbw.bytesTx), roundTraffic(rbw.bytesRx), err)
+	}
+}
+
+// Read implements the io.Reader interface.
+func (rbw *responseBodyWrapper) Read(b []byte) (int, error) {
+	n, err := rbw.ReadCloser.Read(b)
+	rbw.bytesRx += int64(n)
+	if err != nil && !errors.Is(err, io.EOF) {
+		rbw.logAccess(err.Error())
+	}
+
+	return n, err
+}
+
+// Close implements the io.Close interface.
+func (rbw *responseBodyWrapper) Close() error {
+	err := rbw.ReadCloser.Close()
+	var errStr string
+	if err != nil {
+		errStr = err.Error()
+	}
+	rbw.logAccess(errStr)
+
+	return err
+}
+
+// driveTransport is an http.RoundTripper that wraps
+// b.Dialer().PeerAPITransport() with metrics tracking.
+type driveTransport struct {
+	b  *LocalBackend
+	tr *http.Transport
+}
+
+func (b *LocalBackend) newDriveTransport() *driveTransport {
+	return &driveTransport{
+		b:  b,
+		tr: b.Dialer().PeerAPITransport(),
+	}
+}
+
+func (dt *driveTransport) RoundTrip(req *http.Request) (resp *http.Response, err error) {
+	// Some WebDAV clients include origin and refer headers, which peerapi does
+	// not like. Remove them.
+	req.Header.Del("origin")
+	req.Header.Del("referer")
+
+	bw := &requestBodyWrapper{}
+	if req.Body != nil {
+		bw.ReadCloser = req.Body
+		req.Body = bw
+	}
+
+	defer func() {
+		contentType := "unknown"
+		if ct := req.Header.Get("Content-Type"); ct != "" {
+			contentType = ct
+		}
+
+		dt.b.mu.Lock()
+		selfNodeKey := dt.b.currentNode().Self().Key().ShortString()
+		dt.b.mu.Unlock()
+		n, _, ok := dt.b.WhoIs("tcp", netip.MustParseAddrPort(req.URL.Host))
+		shareNodeKey := "unknown"
+		if ok {
+			shareNodeKey = string(n.Key().ShortString())
+		}
+
+		rbw := responseBodyWrapper{
+			log:           dt.b.logf,
+			logVerbose:    req.Method != httpm.GET && req.Method != httpm.PUT, // other requests like PROPFIND are quite chatty, so we log those at verbose level
+			method:        req.Method,
+			bytesTx:       int64(bw.bytesRead),
+			selfNodeKey:   selfNodeKey,
+			shareNodeKey:  shareNodeKey,
+			contentType:   contentType,
+			contentLength: resp.ContentLength,
+			fileExtension: parseDriveFileExtensionForLog(req.URL.Path),
+			statusCode:    resp.StatusCode,
+			ReadCloser:    resp.Body,
+		}
+
+		if resp.StatusCode >= 400 {
+			// in case of error response, just log immediately
+			rbw.logAccess("")
+		} else {
+			resp.Body = &rbw
+		}
+	}()
+
+	return dt.tr.RoundTrip(req)
+}
@@ -0,0 +1,30 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// This is the Taildrive stuff that should ideally be registered in init only when
+// the ts_omit_drive is not set, but for transition reasons is currently (2025-09-08)
+// always defined, as we work to pull it out of LocalBackend.
+
+package ipnlocal
+
+import "tailscale.com/tailcfg"
+
+const (
+	// DriveLocalPort is the port on which the Taildrive listens for location
+	// connections on quad 100.
+	DriveLocalPort = 8080
+)
+
+// DriveSharingEnabled reports whether sharing to remote nodes via Taildrive is
+// enabled. This is currently based on checking for the drive:share node
+// attribute.
+func (b *LocalBackend) DriveSharingEnabled() bool {
+	return b.currentNode().SelfHasCap(tailcfg.NodeAttrsTaildriveShare)
+}
+
+// DriveAccessEnabled reports whether accessing Taildrive shares on remote nodes
+// is enabled. This is currently based on checking for the drive:access node
+// attribute.
+func (b *LocalBackend) DriveAccessEnabled() bool {
+	return b.currentNode().SelfHasCap(tailcfg.NodeAttrsTaildriveAccess)
+}
@@ -52,6 +52,7 @@ import (
 	"tailscale.com/drive"
 	"tailscale.com/envknob"
 	"tailscale.com/envknob/featureknob"
+	"tailscale.com/feature"
 	"tailscale.com/health"
 	"tailscale.com/health/healthmsg"
 	"tailscale.com/hostinfo"
@@ -100,7 +101,6 @@ import (
 	"tailscale.com/util/deephash"
 	"tailscale.com/util/dnsname"
 	"tailscale.com/util/goroutines"
-	"tailscale.com/util/httpm"
 	"tailscale.com/util/mak"
 	"tailscale.com/util/multierr"
 	"tailscale.com/util/osuser"
@@ -6326,143 +6326,12 @@ func (b *LocalBackend) setNetMapLocked(nm *netmap.NetworkMap) {
 		b.metrics.approvedRoutes.Set(approved)
 	}

-	b.updateDrivePeersLocked(nm)
-	b.driveNotifyCurrentSharesLocked()
-}
-
-// responseBodyWrapper wraps an io.ReadCloser and stores
-// the number of bytesRead.
-type responseBodyWrapper struct {
-	io.ReadCloser
-	logVerbose    bool
-	bytesRx       int64
-	bytesTx       int64
-	log           logger.Logf
-	method        string
-	statusCode    int
-	contentType   string
-	fileExtension string
-	shareNodeKey  string
-	selfNodeKey   string
-	contentLength int64
-}
-
-// logAccess logs the taildrive: access: log line. If the logger is nil,
-// the log will not be written.
-func (rbw *responseBodyWrapper) logAccess(err string) {
-	if rbw.log == nil {
-		return
-	}
-
-	// Some operating systems create and copy lots of 0 length hidden files for
-	// tracking various states. Omit these to keep logs from being too verbose.
-	if rbw.logVerbose || rbw.contentLength > 0 {
-		levelPrefix := ""
-		if rbw.logVerbose {
-			levelPrefix = "[v1] "
-		}
-		rbw.log(
-			"%staildrive: access: %s from %s to %s: status-code=%d ext=%q content-type=%q content-length=%.f tx=%.f rx=%.f err=%q",
-			levelPrefix,
-			rbw.method,
-			rbw.selfNodeKey,
-			rbw.shareNodeKey,
-			rbw.statusCode,
-			rbw.fileExtension,
-			rbw.contentType,
-			roundTraffic(rbw.contentLength),
-			roundTraffic(rbw.bytesTx), roundTraffic(rbw.bytesRx), err)
+	if f, ok := hookSetNetMapLockedDrive.GetOk(); ok {
+		f(b, nm)
 	}
 }

-// Read implements the io.Reader interface.
-func (rbw *responseBodyWrapper) Read(b []byte) (int, error) {
-	n, err := rbw.ReadCloser.Read(b)
-	rbw.bytesRx += int64(n)
-	if err != nil && !errors.Is(err, io.EOF) {
-		rbw.logAccess(err.Error())
-	}
-
-	return n, err
-}
-
-// Close implements the io.Close interface.
-func (rbw *responseBodyWrapper) Close() error {
-	err := rbw.ReadCloser.Close()
-	var errStr string
-	if err != nil {
-		errStr = err.Error()
-	}
-	rbw.logAccess(errStr)
-
-	return err
-}
-
-// driveTransport is an http.RoundTripper that wraps
-// b.Dialer().PeerAPITransport() with metrics tracking.
-type driveTransport struct {
-	b  *LocalBackend
-	tr *http.Transport
-}
-
-func (b *LocalBackend) newDriveTransport() *driveTransport {
-	return &driveTransport{
-		b:  b,
-		tr: b.Dialer().PeerAPITransport(),
-	}
-}
-
-func (dt *driveTransport) RoundTrip(req *http.Request) (resp *http.Response, err error) {
-	// Some WebDAV clients include origin and refer headers, which peerapi does
-	// not like. Remove them.
-	req.Header.Del("origin")
-	req.Header.Del("referer")
-
-	bw := &requestBodyWrapper{}
-	if req.Body != nil {
-		bw.ReadCloser = req.Body
-		req.Body = bw
-	}
-
-	defer func() {
-		contentType := "unknown"
-		if ct := req.Header.Get("Content-Type"); ct != "" {
-			contentType = ct
-		}
-
-		dt.b.mu.Lock()
-		selfNodeKey := dt.b.currentNode().Self().Key().ShortString()
-		dt.b.mu.Unlock()
-		n, _, ok := dt.b.WhoIs("tcp", netip.MustParseAddrPort(req.URL.Host))
-		shareNodeKey := "unknown"
-		if ok {
-			shareNodeKey = string(n.Key().ShortString())
-		}
-
-		rbw := responseBodyWrapper{
-			log:           dt.b.logf,
-			logVerbose:    req.Method != httpm.GET && req.Method != httpm.PUT, // other requests like PROPFIND are quite chatty, so we log those at verbose level
-			method:        req.Method,
-			bytesTx:       int64(bw.bytesRead),
-			selfNodeKey:   selfNodeKey,
-			shareNodeKey:  shareNodeKey,
-			contentType:   contentType,
-			contentLength: resp.ContentLength,
-			fileExtension: parseDriveFileExtensionForLog(req.URL.Path),
-			statusCode:    resp.StatusCode,
-			ReadCloser:    resp.Body,
-		}
-
-		if resp.StatusCode >= 400 {
-			// in case of error response, just log immediately
-			rbw.logAccess("")
-		} else {
-			resp.Body = &rbw
-		}
-	}()
-
-	return dt.tr.RoundTrip(req)
-}
+var hookSetNetMapLockedDrive feature.Hook[func(*LocalBackend, *netmap.NetworkMap)]

 // roundTraffic rounds bytes. This is used to preserve user privacy within logs.
 func roundTraffic(bytes int64) float64 {
@@ -16,7 +16,6 @@ import (
 	"net/http"
 	"net/netip"
 	"os"
-	"path/filepath"
 	"runtime"
 	"slices"
 	"strconv"
@@ -26,7 +25,6 @@ import (

 	"golang.org/x/net/dns/dnsmessage"
 	"golang.org/x/net/http/httpguts"
-	"tailscale.com/drive"
 	"tailscale.com/envknob"
 	"tailscale.com/health"
 	"tailscale.com/hostinfo"
@@ -39,14 +37,9 @@ import (
 	"tailscale.com/types/netmap"
 	"tailscale.com/types/views"
 	"tailscale.com/util/clientmetric"
-	"tailscale.com/util/httpm"
 	"tailscale.com/wgengine/filter"
 )

-const (
-	taildrivePrefix = "/v0/drive"
-)
-
 var initListenConfig func(*net.ListenConfig, netip.Addr, *netmon.State, string) error

 // addH2C is non-nil on platforms where we want to add H2C
@@ -369,10 +362,6 @@ func (h *peerAPIHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.handleDNSQuery(w, r)
 		return
 	}
-	if strings.HasPrefix(r.URL.Path, taildrivePrefix) {
-		h.handleServeDrive(w, r)
-		return
-	}
 	switch r.URL.Path {
 	case "/v0/goroutines":
 		h.handleServeGoroutines(w, r)
@@ -1018,90 +1007,6 @@ func (rbw *requestBodyWrapper) Read(b []byte) (int, error) {
 	return n, err
 }

-func (h *peerAPIHandler) handleServeDrive(w http.ResponseWriter, r *http.Request) {
-	h.logfv1("taildrive: got %s request from %s", r.Method, h.peerNode.Key().ShortString())
-	if !h.ps.b.DriveSharingEnabled() {
-		h.logf("taildrive: not enabled")
-		http.Error(w, "taildrive not enabled", http.StatusNotFound)
-		return
-	}
-
-	capsMap := h.PeerCaps()
-	driveCaps, ok := capsMap[tailcfg.PeerCapabilityTaildrive]
-	if !ok {
-		h.logf("taildrive: not permitted")
-		http.Error(w, "taildrive not permitted", http.StatusForbidden)
-		return
-	}
-
-	rawPerms := make([][]byte, 0, len(driveCaps))
-	for _, cap := range driveCaps {
-		rawPerms = append(rawPerms, []byte(cap))
-	}
-
-	p, err := drive.ParsePermissions(rawPerms)
-	if err != nil {
-		h.logf("taildrive: error parsing permissions: %v", err)
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-
-	fs, ok := h.ps.b.sys.DriveForRemote.GetOK()
-	if !ok {
-		h.logf("taildrive: not supported on platform")
-		http.Error(w, "taildrive not supported on platform", http.StatusNotFound)
-		return
-	}
-	wr := &httpResponseWrapper{
-		ResponseWriter: w,
-	}
-	bw := &requestBodyWrapper{
-		ReadCloser: r.Body,
-	}
-	r.Body = bw
-
-	defer func() {
-		switch wr.statusCode {
-		case 304:
-			// 304s are particularly chatty so skip logging.
-		default:
-			log := h.logf
-			if r.Method != httpm.PUT && r.Method != httpm.GET {
-				log = h.logfv1
-			}
-			contentType := "unknown"
-			if ct := wr.Header().Get("Content-Type"); ct != "" {
-				contentType = ct
-			}
-
-			log("taildrive: share: %s from %s to %s: status-code=%d ext=%q content-type=%q tx=%.f rx=%.f", r.Method, h.peerNode.Key().ShortString(), h.selfNode.Key().ShortString(), wr.statusCode, parseDriveFileExtensionForLog(r.URL.Path), contentType, roundTraffic(wr.contentLength), roundTraffic(bw.bytesRead))
-		}
-	}()
-
-	r.URL.Path = strings.TrimPrefix(r.URL.Path, taildrivePrefix)
-	fs.ServeHTTPWithPerms(p, wr, r)
-}
-
-// parseDriveFileExtensionForLog parses the file extension, if available.
-// If a file extension is not present or parsable, the file extension is
-// set to "unknown". If the file extension contains a double quote, it is
-// replaced with "removed".
-// All whitespace is removed from a parsed file extension.
-// File extensions including the leading ., e.g. ".gif".
-func parseDriveFileExtensionForLog(path string) string {
-	fileExt := "unknown"
-	if fe := filepath.Ext(path); fe != "" {
-		if strings.Contains(fe, "\"") {
-			// Do not log include file extensions with quotes within them.
-			return "removed"
-		}
-		// Remove white space from user defined inputs.
-		fileExt = strings.ReplaceAll(fe, " ", "")
-	}
-
-	return fileExt
-}
-
 // peerAPIURL returns an HTTP URL for the peer's peerapi service,
 // without a trailing slash.
 //
@@ -0,0 +1,110 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build !ts_omit_drive
+
+package ipnlocal
+
+import (
+	"net/http"
+	"path/filepath"
+	"strings"
+
+	"tailscale.com/drive"
+	"tailscale.com/tailcfg"
+	"tailscale.com/util/httpm"
+)
+
+const (
+	taildrivePrefix = "/v0/drive"
+)
+
+func init() {
+	peerAPIHandlerPrefixes[taildrivePrefix] = handleServeDrive
+}
+
+func handleServeDrive(hi PeerAPIHandler, w http.ResponseWriter, r *http.Request) {
+	h := hi.(*peerAPIHandler)
+
+	h.logfv1("taildrive: got %s request from %s", r.Method, h.peerNode.Key().ShortString())
+	if !h.ps.b.DriveSharingEnabled() {
+		h.logf("taildrive: not enabled")
+		http.Error(w, "taildrive not enabled", http.StatusNotFound)
+		return
+	}
+
+	capsMap := h.PeerCaps()
+	driveCaps, ok := capsMap[tailcfg.PeerCapabilityTaildrive]
+	if !ok {
+		h.logf("taildrive: not permitted")
+		http.Error(w, "taildrive not permitted", http.StatusForbidden)
+		return
+	}
+
+	rawPerms := make([][]byte, 0, len(driveCaps))
+	for _, cap := range driveCaps {
+		rawPerms = append(rawPerms, []byte(cap))
+	}
+
+	p, err := drive.ParsePermissions(rawPerms)
+	if err != nil {
+		h.logf("taildrive: error parsing permissions: %v", err)
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	fs, ok := h.ps.b.sys.DriveForRemote.GetOK()
+	if !ok {
+		h.logf("taildrive: not supported on platform")
+		http.Error(w, "taildrive not supported on platform", http.StatusNotFound)
+		return
+	}
+	wr := &httpResponseWrapper{
+		ResponseWriter: w,
+	}
+	bw := &requestBodyWrapper{
+		ReadCloser: r.Body,
+	}
+	r.Body = bw
+
+	defer func() {
+		switch wr.statusCode {
+		case 304:
+			// 304s are particularly chatty so skip logging.
+		default:
+			log := h.logf
+			if r.Method != httpm.PUT && r.Method != httpm.GET {
+				log = h.logfv1
+			}
+			contentType := "unknown"
+			if ct := wr.Header().Get("Content-Type"); ct != "" {
+				contentType = ct
+			}
+
+			log("taildrive: share: %s from %s to %s: status-code=%d ext=%q content-type=%q tx=%.f rx=%.f", r.Method, h.peerNode.Key().ShortString(), h.selfNode.Key().ShortString(), wr.statusCode, parseDriveFileExtensionForLog(r.URL.Path), contentType, roundTraffic(wr.contentLength), roundTraffic(bw.bytesRead))
+		}
+	}()
+
+	r.URL.Path = strings.TrimPrefix(r.URL.Path, taildrivePrefix)
+	fs.ServeHTTPWithPerms(p, wr, r)
+}
+
+// parseDriveFileExtensionForLog parses the file extension, if available.
+// If a file extension is not present or parsable, the file extension is
+// set to "unknown". If the file extension contains a double quote, it is
+// replaced with "removed".
+// All whitespace is removed from a parsed file extension.
+// File extensions including the leading ., e.g. ".gif".
+func parseDriveFileExtensionForLog(path string) string {
+	fileExt := "unknown"
+	if fe := filepath.Ext(path); fe != "" {
+		if strings.Contains(fe, "\"") {
+			// Do not log include file extensions with quotes within them.
+			return "removed"
+		}
+		// Remove white space from user defined inputs.
+		fileExt = strings.ReplaceAll(fe, " ", "")
+	}
+
+	return fileExt
+}