smart dialer

ibetitsmike · ibetitsmike · commit b0e1cef289a2 · 2025-09-12T12:55:02.000Z
diff --git a/agent/agent.go b/agent/agent.go
@@ -275,6 +275,7 @@ type agent struct {
 
 	// Immortal streams
 	immortalStreamsManager *immortalstreams.Manager
+	immortalStreamsDialer  *immortalstreams.SmartDialer
 }
 
 func (a *agent) TailnetConn() *tailnet.Conn {
@@ -342,8 +343,9 @@ func (a *agent) init() {
 
 	a.containerAPI = agentcontainers.NewAPI(a.logger.Named("containers"), containerAPIOpts...)
 
-	// Initialize immortal streams manager
-	a.immortalStreamsManager = immortalstreams.New(a.logger.Named("immortal-streams"), &net.Dialer{})
+	// Initialize immortal streams manager with smart dialer
+	a.immortalStreamsDialer = immortalstreams.NewSmartDialerWithoutTailnet(a.logger.Named("immortal-streams"))
+	a.immortalStreamsManager = immortalstreams.New(a.logger.Named("immortal-streams"), a.immortalStreamsDialer)
 
 	a.reconnectingPTYServer = reconnectingpty.NewServer(
 		a.logger.Named("reconnecting-pty"),
@@ -1300,6 +1302,12 @@ func (a *agent) createOrUpdateNetwork(manifestOK, networkOK *checkpoint) func(co
 			if !closing {
 				a.network = network
 				a.statsReporter = newStatsReporter(a.logger, network, a)
+
+				// Update the immortal streams dialer with the new tailnet connection
+				if a.immortalStreamsDialer != nil {
+					agentAddr := tailnet.TailscaleServicePrefix.AddrFromUUID(manifest.AgentID)
+					a.immortalStreamsDialer.UpdateTailnetConn(network, agentAddr)
+				}
 			}
 			a.closeMutex.Unlock()
 			if closing {
diff --git a/agent/immortalstreams/smartdialer.go b/agent/immortalstreams/smartdialer.go
@@ -0,0 +1,272 @@
+package immortalstreams
+
+import (
+	"context"
+	"net"
+	"net/netip"
+	"strconv"
+	"strings"
+
+	"golang.org/x/xerrors"
+
+	"cdr.dev/slog"
+	"github.com/coder/coder/v2/tailnet"
+)
+
+// SmartDialer is a Dialer implementation that intelligently chooses between
+// local network connections and tailscale network connections based on the
+// target address and context.
+//
+// It follows a similar approach to tailnet.forwardTCP and the netstack
+// GetTCPHandlerForFlow pattern, providing context-aware routing for different
+// connection types.
+//
+// The SmartDialer can be created without a tailnet connection and will fall back
+// to local dialing until UpdateTailnetConn is called.
+type SmartDialer struct {
+	logger slog.Logger
+
+	// localDialer handles traditional local network connections
+	localDialer *net.Dialer
+
+	// tailnetConn provides access to the tailscale network (can be nil initially)
+	tailnetConn *tailnet.Conn
+
+	// agentAddr is the agent's own tailscale address (can be zero initially)
+	agentAddr netip.Addr
+}
+
+// NewSmartDialer creates a new SmartDialer that can route connections
+// intelligently between local and tailscale networks.
+// The tailnetConn and agentAddr can be nil/zero initially and updated later
+// via UpdateTailnetConn.
+func NewSmartDialer(logger slog.Logger, tailnetConn *tailnet.Conn, agentAddr netip.Addr) *SmartDialer {
+	return &SmartDialer{
+		logger:      logger.Named("smart-dialer"),
+		localDialer: &net.Dialer{},
+		tailnetConn: tailnetConn,
+		agentAddr:   agentAddr,
+	}
+}
+
+// NewSmartDialerWithoutTailnet creates a new SmartDialer that initially only
+// supports local dialing. The tailnet connection can be added later via
+// UpdateTailnetConn.
+func NewSmartDialerWithoutTailnet(logger slog.Logger) *SmartDialer {
+	return NewSmartDialer(logger, nil, netip.Addr{})
+}
+
+// UpdateTailnetConn updates the tailnet connection and agent address.
+// This allows the SmartDialer to start using tailscale network routing.
+func (d *SmartDialer) UpdateTailnetConn(tailnetConn *tailnet.Conn, agentAddr netip.Addr) {
+	d.tailnetConn = tailnetConn
+	d.agentAddr = agentAddr
+	d.logger.Debug(context.Background(), "updated tailnet connection",
+		slog.F("has_tailnet", tailnetConn != nil),
+		slog.F("agent_addr", agentAddr.String()))
+}
+
+// DialContext implements the Dialer interface with intelligent routing.
+// It analyzes the target address to determine whether to use local network
+// or tailscale network connections.
+// Only TCP connections are supported as immortal streams only need TCP.
+func (d *SmartDialer) DialContext(ctx context.Context, network, address string) (net.Conn, error) {
+	d.logger.Debug(ctx, "dialing connection",
+		slog.F("network", network),
+		slog.F("address", address))
+
+	// Only support TCP for immortal streams
+	if network != "tcp" {
+		return nil, xerrors.Errorf("unsupported network type: %q (only tcp is supported)", network)
+	}
+
+	// Parse the address to determine routing strategy
+	host, portStr, err := net.SplitHostPort(address)
+	if err != nil {
+		return nil, xerrors.Errorf("parse address %q: %w", address, err)
+	}
+
+	port, err := strconv.ParseUint(portStr, 10, 16)
+	if err != nil {
+		return nil, xerrors.Errorf("parse port %q: %w", portStr, err)
+	}
+
+	strategy := d.determineDialStrategy(host, uint16(port))
+
+	d.logger.Debug(ctx, "determined dial strategy",
+		slog.F("strategy", strategy),
+		slog.F("host", host),
+		slog.F("port", port))
+
+	switch strategy {
+	case dialStrategyLocal:
+		return d.dialLocal(ctx, network, address)
+	case dialStrategyTailscale:
+		return d.dialTailscale(ctx, network, host, uint16(port))
+	case dialStrategyFallback:
+		return d.dialWithFallback(ctx, network, address, host, uint16(port))
+	default:
+		return nil, xerrors.Errorf("unknown dial strategy: %v", strategy)
+	}
+}
+
+type dialStrategy int
+
+const (
+	dialStrategyLocal dialStrategy = iota
+	dialStrategyTailscale
+	dialStrategyFallback
+)
+
+// determineDialStrategy analyzes the target address and determines the best
+// routing strategy based on the host and port.
+func (d *SmartDialer) determineDialStrategy(host string, port uint16) dialStrategy {
+	// Parse the host to check if it's an IP address
+	if addr, err := netip.ParseAddr(host); err == nil {
+		// It's an IP address - analyze it
+		return d.analyzeIPAddress(addr, port)
+	}
+
+	// It's a hostname - analyze it
+	return d.analyzeHostname(host, port)
+}
+
+// analyzeIPAddress determines the dial strategy for IP addresses
+func (d *SmartDialer) analyzeIPAddress(addr netip.Addr, _ uint16) dialStrategy {
+	// Check if it's a localhost/loopback address
+	if addr.IsLoopback() {
+		d.logger.Debug(context.Background(), "detected loopback address, using local dial")
+		return dialStrategyLocal
+	}
+
+	// Check if it's a tailscale service prefix address
+	if tailnet.TailscaleServicePrefix.AsNetip().Contains(addr) {
+		d.logger.Debug(context.Background(), "detected tailscale service address, using tailscale dial")
+		return dialStrategyTailscale
+	}
+
+	// Check if it's a coder service prefix address
+	if tailnet.CoderServicePrefix.AsNetip().Contains(addr) {
+		d.logger.Debug(context.Background(), "detected coder service address, using tailscale dial")
+		return dialStrategyTailscale
+	}
+
+	// Check if it's a private/local network address
+	if addr.IsPrivate() || addr.IsLinkLocalUnicast() {
+		d.logger.Debug(context.Background(), "detected private address, trying local first with tailscale fallback")
+		return dialStrategyFallback
+	}
+
+	// For other addresses, prefer local dialing (might be reachable through local routing)
+	d.logger.Debug(context.Background(), "unknown address type, trying local first with tailscale fallback")
+	return dialStrategyFallback
+}
+
+// analyzeHostname determines the dial strategy for hostnames
+func (d *SmartDialer) analyzeHostname(host string, _ uint16) dialStrategy {
+	// Normalize hostname
+	host = strings.ToLower(host)
+
+	// Check for localhost variants
+	if host == "localhost" || host == "localhost.localdomain" {
+		d.logger.Debug(context.Background(), "detected localhost hostname, using local dial")
+		return dialStrategyLocal
+	}
+
+	// Check for special tailscale hostnames (if any patterns emerge)
+	if strings.HasSuffix(host, ".ts.net") || strings.HasSuffix(host, ".tailscale") {
+		d.logger.Debug(context.Background(), "detected tailscale hostname, using tailscale dial")
+		return dialStrategyTailscale
+	}
+
+	// For other hostnames, try local first with fallback
+	d.logger.Debug(context.Background(), "unknown hostname, trying local first with tailscale fallback")
+	return dialStrategyFallback
+}
+
+// dialLocal uses the local network dialer
+func (d *SmartDialer) dialLocal(ctx context.Context, network, address string) (net.Conn, error) {
+	conn, err := d.localDialer.DialContext(ctx, network, address)
+	if err != nil {
+		d.logger.Debug(ctx, "local dial failed", slog.Error(err))
+		return nil, err
+	}
+	d.logger.Debug(ctx, "local dial succeeded")
+	return conn, nil
+}
+
+// dialTailscale uses the tailscale network connection
+func (d *SmartDialer) dialTailscale(ctx context.Context, network, host string, port uint16) (net.Conn, error) {
+	if d.tailnetConn == nil {
+		return nil, xerrors.New("tailnet connection not available")
+	}
+
+	// Parse the host as an IP address for tailscale dialing
+	addr, err := netip.ParseAddr(host)
+	if err != nil {
+		return nil, xerrors.Errorf("parse tailscale address %q: %w", host, err)
+	}
+
+	addrPort := netip.AddrPortFrom(addr, port)
+
+	if network != "tcp" {
+		return nil, xerrors.Errorf("unsupported network type for tailscale dial: %q (only tcp is supported)", network)
+	}
+
+	conn, err := d.tailnetConn.DialContextTCP(ctx, addrPort)
+	if err != nil {
+		d.logger.Debug(ctx, "tailscale TCP dial failed", slog.Error(err))
+		return nil, err
+	}
+	d.logger.Debug(ctx, "tailscale TCP dial succeeded")
+	return conn, nil
+}
+
+// dialWithFallback tries local first, then falls back to tailscale if available
+func (d *SmartDialer) dialWithFallback(ctx context.Context, network, address, host string, port uint16) (net.Conn, error) {
+	// Try local first
+	localConn, localErr := d.dialLocal(ctx, network, address)
+	if localErr == nil {
+		d.logger.Debug(ctx, "fallback: local dial succeeded")
+		return localConn, nil
+	}
+
+	d.logger.Debug(ctx, "fallback: local dial failed, trying tailscale", slog.Error(localErr))
+
+	// If local failed and we have tailnet, try tailscale
+	if d.tailnetConn != nil {
+		// Try to parse as IP for tailscale dial
+		if _, err := netip.ParseAddr(host); err == nil {
+			tailscaleConn, tailscaleErr := d.dialTailscale(ctx, network, host, port)
+			if tailscaleErr == nil {
+				d.logger.Debug(ctx, "fallback: tailscale dial succeeded")
+				return tailscaleConn, nil
+			}
+			d.logger.Debug(ctx, "fallback: tailscale dial also failed", slog.Error(tailscaleErr))
+
+			// Return the more specific error if both failed
+			if isConnectionRefusedError(localErr) {
+				return nil, localErr
+			}
+			return nil, tailscaleErr
+		}
+	}
+
+	// If we can't try tailscale or it's not available, return the local error
+	d.logger.Debug(ctx, "fallback: only local dial attempted")
+	return nil, localErr
+}
+
+// isConnectionRefusedError checks if an error indicates a connection was refused
+// This is used to preserve the semantics of the original error handling
+func isConnectionRefusedError(err error) bool {
+	if err == nil {
+		return false
+	}
+
+	// This uses the same logic as the original manager.go
+	errStr := err.Error()
+	return strings.Contains(errStr, "connection refused") ||
+		strings.Contains(errStr, "connectex: No connection could be made because the target machine actively refused it") ||
+		strings.Contains(errStr, "actively refused")
+}
diff --git a/agent/immortalstreams/smartdialer_test.go b/agent/immortalstreams/smartdialer_test.go
