derp

package
v1.12.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 3, 2021 License: BSD-3-Clause Imports: 37 Imported by: 39

Documentation

Overview

Package derp implements DERP, the Detour Encrypted Routing Protocol.

DERP routes packets to clients using curve25519 keys as addresses.

DERP is used by Tailscale nodes to proxy encrypted WireGuard packets through the Tailscale cloud servers when a direct path cannot be found or opened. DERP is a last resort. Both sides between very aggressive NATs, firewalls, no IPv6, etc? Well, DERP.

Index

Constants

View Source 
const MaxPacketSize = 64 << 10

MaxPacketSize is the maximum size of a packet sent over DERP. (This only includes the data bytes visible to magicsock, not including its on-wire framing overhead)

View Source 
const ProtocolVersion = 2

ProtocolVersion is bumped whenever there's a wire-incompatible change.

  • version 1 (zero on wire): consistent box headers, in use by employee dev nodes a bit
  • version 2: received packets have src addrs in frameRecvPacket at beginning

Variables

This section is empty.

Functions

This section is empty.

Types

type BytesSentRecv added in v1.10.0 

type BytesSentRecv struct {
	Sent uint64
	Recv uint64
	// Key is the public key of the client which sent/received these bytes.
	Key key.Public
}

BytesSentRecv records the number of bytes that have been sent since the last traffic check for a given process, as well as the public key of the process sending those bytes.

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client is a DERP client.

func NewClient 

func NewClient(privateKey key.Private, nc Conn, brw *bufio.ReadWriter, logf logger.Logf, opts ...ClientOpt) (*Client, error)

func (*Client) ClosePeer added in v0.100.0 

func (c *Client) ClosePeer(target key.Public) error

ClosePeer asks the server to close target's TCP connection. It's a fatal error if the client wasn't created using MeshKey.

func (*Client) ForwardPacket added in v0.100.0 

func (c *Client) ForwardPacket(srcKey, dstKey key.Public, pkt []byte) (err error)

func (*Client) NotePreferred 

func (c *Client) NotePreferred(preferred bool) (err error)

NotePreferred sends a packet that tells the server whether this client is the user's preferred server. This is only used in the server for stats.

func (*Client) Recv 

func (c *Client) Recv() (m ReceivedMessage, err error)

Recv reads a message from the DERP server.

The returned message may alias memory owned by the Client; it should only be accessed until the next call to Client.

Once Recv returns an error, the Client is dead forever.

func (*Client) Send 

func (c *Client) Send(dstKey key.Public, pkt []byte) error

Send sends a packet to the Tailscale node identified by dstKey.

It is an error if the packet is larger than 64KB.

func (*Client) SendPong added in v1.6.0 

func (c *Client) SendPong(data [8]byte) error

func (*Client) ServerPublicKey added in v0.100.0 

func (c *Client) ServerPublicKey() key.Public

ServerPublicKey returns the server's public key.

func (*Client) WatchConnectionChanges added in v0.99.1 

func (c *Client) WatchConnectionChanges() error

WatchConnectionChanges sends a request to subscribe to the peer's connection list. It's a fatal error if the client wasn't created using MeshKey.

type ClientOpt added in v0.100.0 

type ClientOpt interface {
	// contains filtered or unexported methods
}

ClientOpt is an option passed to NewClient.

func CanAckPings added in v1.6.0 

func CanAckPings(v bool) ClientOpt

CanAckPings returns a ClientOpt to set whether it advertises to the server that it's capable of acknowledging ping requests.

func IsProber added in v1.12.0 

func IsProber(v bool) ClientOpt

IsProber returns a ClientOpt to pass to the DERP server during connect to declare that this client is a a prober.

func MeshKey added in v0.100.0 

func MeshKey(key string) ClientOpt

MeshKey returns a ClientOpt to pass to the DERP server during connect to get access to join the mesh.

An empty key means to not use a mesh key.

func ServerPublicKey added in v1.2.0 

func ServerPublicKey(key key.Public) ClientOpt

ServerPublicKey returns a ClientOpt to declare that the server's DERP public key is known. If key is the zero value, the returned ClientOpt is a no-op.

type Conn 

type Conn interface {
	io.Closer

	SetDeadline(time.Time) error
	SetReadDeadline(time.Time) error
	SetWriteDeadline(time.Time) error
}

Conn is the subset of the underlying net.Conn the DERP Server needs. It is a defined type so that non-net connections can be used.

type KeepAliveMessage added in v1.6.0 

type KeepAliveMessage struct{}

KeepAliveMessage is a one-way empty message from server to client, just to keep the connection alive. It's like a PingMessage, but doesn't solicit a reply from the client.

type PacketForwarder added in v0.100.0 

type PacketForwarder interface {
	ForwardPacket(src, dst key.Public, payload []byte) error
}

PacketForwarder is something that can forward packets.

It's mostly an inteface for circular dependency reasons; the typical implementation is derphttp.Client. The other implementation is a multiForwarder, which this package creates as needed if a public key gets more than one PacketForwarder registered for it.

type PeerGoneMessage added in v0.98.0 

type PeerGoneMessage key.Public

PeerGoneMessage is a ReceivedMessage that indicates that the client identified by the underlying public key had previously sent you a packet but has now disconnected from the server.

type PeerPresentMessage added in v0.99.1 

type PeerPresentMessage key.Public

PeerPresentMessage is a ReceivedMessage that indicates that the client is connected to the server. (Only used by trusted mesh clients)

type PingMessage added in v1.6.0 

type PingMessage [8]byte

PingMessage is a request from a client or server to reply to the other side with a PongMessage with the given payload.

type ReceivedMessage 

type ReceivedMessage interface {
	// contains filtered or unexported methods
}

ReceivedMessage represents a type returned by Client.Recv. Unless otherwise documented, the returned message aliases the byte slice provided to Recv and thus the message is only as good as that buffer, which is up to the caller.

type ReceivedPacket 

type ReceivedPacket struct {
	Source key.Public
	// Data is the received packet bytes. It aliases the memory
	// passed to Client.Recv.
	Data []byte
}

ReceivedPacket is a ReceivedMessage representing an incoming packet.

type Server 

type Server struct {
	// WriteTimeout, if non-zero, specifies how long to wait
	// before failing when writing to a client.
	WriteTimeout time.Duration
	// contains filtered or unexported fields
}

Server is a DERP server.

func NewServer 

func NewServer(privateKey key.Private, logf logger.Logf) *Server

NewServer returns a new DERP server. It doesn't listen on its own. Connections are given to it via Server.Accept.

func (*Server) Accept 

func (s *Server) Accept(nc Conn, brw *bufio.ReadWriter, remoteAddr string)

Accept adds a new connection to the server and serves it.

The provided bufio ReadWriter must be already connected to nc. Accept blocks until the Server is closed or the connection closes on its own.

Accept closes nc.

func (*Server) AddPacketForwarder added in v0.100.0 

func (s *Server) AddPacketForwarder(dst key.Public, fwd PacketForwarder)

AddPacketForwarder registers fwd as a packet forwarder for dst. fwd must be comparable.

func (*Server) Close 

func (s *Server) Close() error

Close closes the server and waits for the connections to disconnect.

func (*Server) ConsistencyCheck added in v0.100.0 

func (s *Server) ConsistencyCheck() error

func (*Server) ExpVar 

func (s *Server) ExpVar() expvar.Var

ExpVar returns an expvar variable suitable for registering with expvar.Publish.

func (*Server) HasMeshKey added in v0.99.1 

func (s *Server) HasMeshKey() bool

HasMeshKey reports whether the server is configured with a mesh key.

func (*Server) MeshKey added in v0.100.0 

func (s *Server) MeshKey() string

MeshKey returns the configured mesh key, if any.

func (*Server) MetaCert added in v1.2.0 

func (s *Server) MetaCert() []byte

MetaCert returns the server metadata cert that can be sent by the TLS server to let the client skip a round trip during start-up.

func (*Server) PrivateKey added in v0.100.0 

func (s *Server) PrivateKey() key.Private

PrivateKey returns the server's private key.

func (*Server) PublicKey added in v0.100.0 

func (s *Server) PublicKey() key.Public

PublicKey returns the server's public key.

func (*Server) RemovePacketForwarder added in v0.100.0 

func (s *Server) RemovePacketForwarder(dst key.Public, fwd PacketForwarder)

RemovePacketForwarder removes fwd as a packet forwarder for dst. fwd must be comparable.

func (*Server) ServeDebugTraffic added in v1.10.0 

func (s *Server) ServeDebugTraffic(w http.ResponseWriter, r *http.Request)

func (*Server) SetMeshKey added in v0.99.1 

func (s *Server) SetMeshKey(v string)

SetMesh sets the pre-shared key that regional DERP servers used to mesh amongst themselves.

It must be called before serving begins.

func (*Server) SetVerifyClient added in v1.10.0 

func (s *Server) SetVerifyClient(v bool)

SetVerifyClients sets whether this DERP server verifies clients through tailscaled.

It must be called before serving begins.

type ServerInfoMessage added in v1.2.0 

type ServerInfoMessage struct{}

ServerInfoMessage is sent by the server upon first connect.

Source Files

View all Source files

Directories

Path Synopsis
Package derphttp implements DERP-over-HTTP.
 Package derphttp implements DERP-over-HTTP.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.