derp, cmd/derper: add frameWatchConns, framePeerPresent for inter-DERP routing

This lets a trusted DERP client that knows a pre-shared key subscribe to the connection list. Upon subscribing, they get the current set of connected public keys, and then all changes over time. This lets a set of DERP server peers within a region all stay connected to each other and know which clients are connected to which nodes. Updates #388 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-06-01 15:19:41 -07:00
parent c62b80e00b
commit 484b7fc9a3
7 changed files with 498 additions and 11 deletions
--- a/derp/derphttp/derphttp_client.go
+++ b/derp/derphttp/derphttp_client.go
@ -43,6 +43,7 @@ import (
 type Client struct {
 	TLSConfig *tls.Config        // optional; nil means default
 	DNSCache  *dnscache.Resolver // optional; nil means no caching
+	MeshKey   string             // optional; for trusted clients

 	privateKey key.Private
 	logf       logger.Logf
@ -272,7 +273,7 @@ func (c *Client) connect(ctx context.Context, caller string) (client *derp.Clien
 		return nil, fmt.Errorf("GET failed: %v: %s", err, b)
 	}

-	derpClient, err := derp.NewClient(c.privateKey, httpConn, brw, c.logf)
+	derpClient, err := derp.NewMeshClient(c.privateKey, httpConn, brw, c.logf, c.MeshKey)
 	if err != nil {
 		return nil, err
 	}
@ -492,6 +493,18 @@ func (c *Client) NotePreferred(v bool) {
 	}
 }

+func (c *Client) WatchConnectionChanges() error {
+	client, err := c.connect(context.TODO(), "derphttp.Client.WatchConnectionChanges")
+	if err != nil {
+		return err
+	}
+	err = client.WatchConnectionChanges()
+	if err != nil {
+		c.closeForReconnect(client)
+	}
+	return err
+}
+
 func (c *Client) Recv(b []byte) (derp.ReceivedMessage, error) {
 	client, err := c.connect(context.TODO(), "derphttp.Client.Recv")
 	if err != nil {