all: make client use server-provided DERP map, add DERP region support

Instead of hard-coding the DERP map (except for cmd/tailscale netcheck for now), get it from the control server at runtime. And make the DERP map support multiple nodes per region with clients picking the first one that's available. (The server will balance the order presented to clients for load balancing) This deletes the stunner package, merging it into the netcheck package instead, to minimize all the config hooks that would've been required. Also fix some test flakes & races. Fixes #387 (Don't hard-code the DERP map) Updates #388 (Add DERP region support) Fixes #399 (wgengine: flaky tests) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-05-17 09:51:38 -07:00
parent e8b3a5e7a1
commit e6b84f2159
20 changed files with 1439 additions and 1201 deletions
@@ -4,6 +4,8 @@

 package tailcfg

+import "sort"
+
 // DERPMap describes the set of DERP packet relay servers that are available.
 type DERPMap struct {
 	// Regions is the set of geographic regions running DERP node(s).
@@ -14,6 +16,16 @@ type DERPMap struct {
 	Regions map[int]*DERPRegion
 }

+/// RegionIDs returns the sorted region IDs.
+func (m *DERPMap) RegionIDs() []int {
+	ret := make([]int, 0, len(m.Regions))
+	for rid := range m.Regions {
+		ret = append(ret, rid)
+	}
+	sort.Ints(ret)
+	return ret
+}
+
 // DERPRegion is a geographic region running DERP relay node(s).
 //
 // Client nodes discover which region they're closest to, advertise
@@ -85,9 +97,29 @@ type DERPNode struct {

 	// IPv4 optionally forces an IPv4 address to use, instead of using DNS.
 	// If empty, A record(s) from DNS lookups of HostName are used.
+	// If the string is not an IPv4 address, IPv4 is not used; the
+	// conventional string to disable IPv4 (and not use DNS) is
+	// "none".
 	IPv4 string `json:",omitempty"`

 	// IPv6 optionally forces an IPv6 address to use, instead of using DNS.
 	// If empty, AAAA record(s) from DNS lookups of HostName are used.
+	// If the string is not an IPv6 address, IPv6 is not used; the
+	// conventional string to disable IPv6 (and not use DNS) is
+	// "none".
 	IPv6 string `json:",omitempty"`
+
+	// Port optionally specifies a STUN port to use.
+	// Zero means 3478.
+	// To disable STUN on this node, use -1.
+	STUNPort int `json:",omitempty"`
+
+	// STUNOnly marks a node as only a STUN server and not a DERP
+	// server.
+	STUNOnly bool `json:",omitempty"`
+
+	// DERPTestPort is used in tests to override the port, instead
+	// of using the default port of 443. If non-zero, TLS
+	// verification is skipped.
+	DERPTestPort int `json:",omitempty"`
 }
@@ -315,8 +315,9 @@ type NetInfo struct {
 	LinkType string // "wired", "wifi", "mobile" (LTE, 4G, 3G, etc)

 	// DERPLatency is the fastest recent time to reach various
-	// DERP STUN servers, in seconds. The map key is the DERP
-	// server's STUN host:port.
+	// DERP STUN servers, in seconds. The map key is the
+	// "regionID-v4" or "-v6"; it was previously the DERP server's
+	// STUN host:port.
 	//
 	// This should only be updated rarely, or when there's a
 	// material change, as any change here also gets uploaded to
@@ -336,7 +337,7 @@ func (ni *NetInfo) String() string {
 }

 // BasicallyEqual reports whether ni and ni2 are basically equal, ignoring
-// changes in DERPLatency.
+// changes in DERP ServerLatency & RegionLatency.
 func (ni *NetInfo) BasicallyEqual(ni2 *NetInfo) bool {
 	if (ni == nil) != (ni2 == nil) {
 		return false