Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit dc1f76b

Browse files
kylecarbskylecarbs
committed
Log TURN remote address
1 parent 859ec70 commit dc1f76b

File tree

6 files changed

+82
-49
lines changed

6 files changed

+82
-49
lines changed

.github/workflows/coder.yaml

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -163,10 +163,6 @@ jobs:
163163
terraform_version: 1.1.2
164164
terraform_wrapper: false
165165

166-
- name: Install socat
167-
if: runner.os == 'Linux'
168-
run: sudo apt-get install -y socat
169-
170166
- name: Test with Mock Database
171167
shell: bash
172168
env:

coderd/turnconn/turnconn.go

Lines changed: 65 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,20 @@ import (
1313
)
1414

1515
var (
16-
reservedHost = "coder"
17-
credential = "coder"
16+
// reservedAddress is a magic address that's used exclusively
17+
// for proxying via Coder. We don't proxy all TURN connections,
18+
// because that'd exclude the possibility of a customer using
19+
// their own TURN server.
20+
reservedAddress = "127.0.0.1:12345"
21+
credential = "coder"
22+
localhost = &net.TCPAddr{
23+
IP: net.IPv4(127, 0, 0, 1),
24+
}
1825

1926
// Proxy is a an ICE Server that uses a special hostname
2027
// to indicate traffic should be proxied.
2128
Proxy = webrtc.ICEServer{
22-
URLs: []string{"turns:" + reservedHost},
29+
URLs: []string{"turns:" + reservedAddress},
2330
Username: "coder",
2431
Credential: credential,
2532
}
@@ -29,14 +36,35 @@ var (
2936
// The relay address is used to broadcast the location of an accepted connection.
3037
func New(relayAddress *turn.RelayAddressGeneratorStatic) (*Server, error) {
3138
if relayAddress == nil {
32-
// Default to localhost.
39+
ip := ""
40+
addrs, err := net.InterfaceAddrs()
41+
if err != nil {
42+
return nil, xerrors.Errorf("find interface addrs: %w", err)
43+
}
44+
// Try to find the localhost IP address.
45+
// It will generally be 127.0.0.1, but
46+
// search to be sure!
47+
for _, address := range addrs {
48+
ipNet, ok := address.(*net.IPNet)
49+
if !ok {
50+
continue
51+
}
52+
if !ipNet.IP.IsLoopback() {
53+
continue
54+
}
55+
ip = ipNet.IP.String()
56+
break
57+
}
58+
if ip == "" {
59+
ip = "127.0.0.1"
60+
}
3361
relayAddress = &turn.RelayAddressGeneratorStatic{
34-
RelayAddress: net.IP{127, 0, 0, 1},
35-
Address: "127.0.0.1",
62+
RelayAddress: net.ParseIP(ip),
63+
Address: ip,
3664
}
3765
}
3866
logger := logging.NewDefaultLoggerFactory()
39-
logger.DefaultLogLevel = logging.LogLevelDisabled
67+
logger.DefaultLogLevel = logging.LogLevelDebug
4068
server := &Server{
4169
conns: make(chan net.Conn, 1),
4270
closed: make(chan struct{}),
@@ -47,6 +75,8 @@ func New(relayAddress *turn.RelayAddressGeneratorStatic) (*Server, error) {
4775
var err error
4876
server.turn, err = turn.NewServer(turn.ServerConfig{
4977
AuthHandler: func(username, realm string, srcAddr net.Addr) (key []byte, ok bool) {
78+
// TURN connections require credentials. It's not important
79+
// for our use-case, because our listener is entirely in-memory.
5080
return turn.GenerateAuthKey(Proxy.Username, "", credential), true
5181
},
5282
ListenerConfigs: []turn.ListenerConfig{{
@@ -62,33 +92,6 @@ func New(relayAddress *turn.RelayAddressGeneratorStatic) (*Server, error) {
6292
return server, nil
6393
}
6494

65-
// ProxyDialer accepts a proxy function that's called when the connection
66-
// address matches the reserved host in the "Proxy" ICE server.
67-
//
68-
// This should be passed to WebRTC connections as an ICE dialer.
69-
func ProxyDialer(proxyFunc func() (c net.Conn, err error)) proxy.Dialer {
70-
return dialer(func(network, addr string) (net.Conn, error) {
71-
host, _, err := net.SplitHostPort(addr)
72-
if err != nil {
73-
return nil, err
74-
}
75-
if host != reservedHost {
76-
return proxy.Direct.Dial(network, addr)
77-
}
78-
netConn, err := proxyFunc()
79-
if err != nil {
80-
return nil, err
81-
}
82-
return &Conn{
83-
localAddress: &net.TCPAddr{
84-
IP: net.IPv4(127, 0, 0, 1),
85-
},
86-
closed: make(chan struct{}),
87-
Conn: netConn,
88-
}, nil
89-
})
90-
}
91-
9295
// Server accepts and connects TURN allocations.
9396
//
9497
// This is a thin wrapper around pion/turn that pipes
@@ -105,10 +108,14 @@ type Server struct {
105108
// Accept consumes a new connection into the TURN server.
106109
// A unique remote address must exist per-connection.
107110
// pion/turn indexes allocations based on the address.
108-
func (s *Server) Accept(nc net.Conn, remoteAddress *net.TCPAddr) *Conn {
111+
func (s *Server) Accept(nc net.Conn, remoteAddress, localAddress *net.TCPAddr) *Conn {
112+
if localAddress == nil {
113+
localAddress = localhost
114+
}
109115
conn := &Conn{
110116
Conn: nc,
111117
remoteAddress: remoteAddress,
118+
localAddress: localAddress,
112119
closed: make(chan struct{}),
113120
}
114121
s.conns <- conn
@@ -181,16 +188,38 @@ func (c *Conn) Closed() <-chan struct{} {
181188
}
182189

183190
func (c *Conn) Close() error {
191+
err := c.Conn.Close()
184192
select {
185193
case <-c.closed:
186194
default:
187195
close(c.closed)
188196
}
189-
return c.Conn.Close()
197+
return err
190198
}
191199

192200
type dialer func(network, addr string) (c net.Conn, err error)
193201

194202
func (d dialer) Dial(network, addr string) (c net.Conn, err error) {
195203
return d(network, addr)
196204
}
205+
206+
// ProxyDialer accepts a proxy function that's called when the connection
207+
// address matches the reserved host in the "Proxy" ICE server.
208+
//
209+
// This should be passed to WebRTC connections as an ICE dialer.
210+
func ProxyDialer(proxyFunc func() (c net.Conn, err error)) proxy.Dialer {
211+
return dialer(func(network, addr string) (net.Conn, error) {
212+
if addr != reservedAddress {
213+
return proxy.Direct.Dial(network, addr)
214+
}
215+
netConn, err := proxyFunc()
216+
if err != nil {
217+
return nil, err
218+
}
219+
return &Conn{
220+
localAddress: localhost,
221+
closed: make(chan struct{}),
222+
Conn: netConn,
223+
}, nil
224+
})
225+
}

coderd/turnconn/turnconn_test.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,8 @@ func TestTURNConn(t *testing.T) {
3030
clientDialer, clientTURN := net.Pipe()
3131
turnServer.Accept(clientTURN, &net.TCPAddr{
3232
IP: net.IPv4(127, 0, 0, 1),
33-
Port: 1,
34-
})
33+
Port: 16000,
34+
}, nil)
3535
require.NoError(t, err)
3636
clientSettings := webrtc.SettingEngine{}
3737
clientSettings.SetNetworkTypes([]webrtc.NetworkType{webrtc.NetworkTypeTCP4, webrtc.NetworkTypeTCP6})
@@ -48,8 +48,8 @@ func TestTURNConn(t *testing.T) {
4848
serverDialer, serverTURN := net.Pipe()
4949
turnServer.Accept(serverTURN, &net.TCPAddr{
5050
IP: net.IPv4(127, 0, 0, 1),
51-
Port: 2,
52-
})
51+
Port: 16001,
52+
}, nil)
5353
require.NoError(t, err)
5454
serverSettings := webrtc.SettingEngine{}
5555
serverSettings.SetNetworkTypes([]webrtc.NetworkType{webrtc.NetworkTypeTCP4, webrtc.NetworkTypeTCP6})

coderd/workspaceagents.go

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -232,6 +232,7 @@ func (api *api) workspaceAgentTurn(rw http.ResponseWriter, r *http.Request) {
232232
api.websocketWaitMutex.Unlock()
233233
defer api.websocketWaitGroup.Done()
234234

235+
localAddress, _ := r.Context().Value(http.LocalAddrContextKey).(*net.TCPAddr)
235236
remoteAddress := &net.TCPAddr{
236237
IP: net.ParseIP(r.RemoteAddr),
237238
}
@@ -261,11 +262,16 @@ func (api *api) workspaceAgentTurn(rw http.ResponseWriter, r *http.Request) {
261262
})
262263
return
263264
}
265+
defer func() {
266+
_ = wsConn.Close(websocket.StatusNormalClosure, "")
267+
}()
264268
netConn := websocket.NetConn(r.Context(), wsConn, websocket.MessageBinary)
269+
api.Logger.Debug(r.Context(), "accepting turn connection", slog.F("remote-address", r.RemoteAddr), slog.F("local-address", localAddress))
265270
select {
266-
case <-api.TURNServer.Accept(netConn, remoteAddress).Closed():
271+
case <-api.TURNServer.Accept(netConn, remoteAddress, localAddress).Closed():
267272
case <-r.Context().Done():
268273
}
274+
api.Logger.Debug(r.Context(), "completed turn connection", slog.F("remote-address", r.RemoteAddr), slog.F("local-address", localAddress))
269275
}
270276

271277
func convertWorkspaceAgent(dbAgent database.WorkspaceAgent, agentUpdateFrequency time.Duration) (codersdk.WorkspaceAgent, error) {

coderd/workspaceagents_test.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,9 @@ func TestWorkspaceAgentTURN(t *testing.T) {
143143
_ = agentCloser.Close()
144144
})
145145
resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.LatestBuild.ID)
146-
opts := &peer.ConnOptions{}
146+
opts := &peer.ConnOptions{
147+
Logger: slogtest.Make(t, nil).Named("client"),
148+
}
147149
// Force a TURN connection!
148150
opts.SettingEngine.SetNetworkTypes([]webrtc.NetworkType{webrtc.NetworkTypeTCP4})
149151
conn, err := client.DialWorkspaceAgent(context.Background(), resources[0].Agents[0].ID, opts)

peer/conn.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -50,9 +50,9 @@ func newWithClientOrServer(servers []webrtc.ICEServer, client bool, opts *ConnOp
5050
}
5151

5252
opts.SettingEngine.DetachDataChannels()
53-
factory := logging.NewDefaultLoggerFactory()
54-
factory.DefaultLogLevel = logging.LogLevelDisabled
55-
opts.SettingEngine.LoggerFactory = factory
53+
logger := logging.NewDefaultLoggerFactory()
54+
logger.DefaultLogLevel = logging.LogLevelDisabled
55+
opts.SettingEngine.LoggerFactory = logger
5656
api := webrtc.NewAPI(webrtc.WithSettingEngine(opts.SettingEngine))
5757
rtc, err := api.NewPeerConnection(webrtc.Configuration{
5858
ICEServers: servers,

0 commit comments

Comments
 (0)