feature/ace: make ACE modular

Updates #12614

Change-Id: Iaee75d8831c4ba5c9705d7877bb78044424c6da1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2025-10-03 17:32:17 -07:00 committed by Brad Fitzpatrick
parent 141eb64d3f
commit 223ced84b5
14 changed files with 77 additions and 14 deletions

View File

@ -742,7 +742,6 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
tailscale.com/logtail from tailscale.com/control/controlclient+ tailscale.com/logtail from tailscale.com/control/controlclient+
tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+ tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+
tailscale.com/metrics from tailscale.com/net/tstun+ tailscale.com/metrics from tailscale.com/net/tstun+
tailscale.com/net/ace from tailscale.com/control/controlhttp
tailscale.com/net/bakedroots from tailscale.com/net/tlsdial+ tailscale.com/net/bakedroots from tailscale.com/net/tlsdial+
💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock 💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock
tailscale.com/net/captivedetection from tailscale.com/ipn/ipnlocal+ tailscale.com/net/captivedetection from tailscale.com/ipn/ipnlocal+

View File

@ -113,7 +113,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
tailscale.com/kube/kubetypes from tailscale.com/envknob tailscale.com/kube/kubetypes from tailscale.com/envknob
tailscale.com/licenses from tailscale.com/client/web+ tailscale.com/licenses from tailscale.com/client/web+
tailscale.com/metrics from tailscale.com/tsweb+ tailscale.com/metrics from tailscale.com/tsweb+
tailscale.com/net/ace from tailscale.com/cmd/tailscale/cli+ tailscale.com/net/ace from tailscale.com/cmd/tailscale/cli
tailscale.com/net/bakedroots from tailscale.com/net/tlsdial tailscale.com/net/bakedroots from tailscale.com/net/tlsdial
tailscale.com/net/captivedetection from tailscale.com/net/netcheck tailscale.com/net/captivedetection from tailscale.com/net/netcheck
tailscale.com/net/dnscache from tailscale.com/control/controlhttp+ tailscale.com/net/dnscache from tailscale.com/control/controlhttp+

View File

@ -77,7 +77,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/logtail from tailscale.com/cmd/tailscaled+ tailscale.com/logtail from tailscale.com/cmd/tailscaled+
tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+ tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+
tailscale.com/metrics from tailscale.com/net/tstun+ tailscale.com/metrics from tailscale.com/net/tstun+
tailscale.com/net/ace from tailscale.com/control/controlhttp
tailscale.com/net/bakedroots from tailscale.com/net/tlsdial tailscale.com/net/bakedroots from tailscale.com/net/tlsdial
💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock 💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock
tailscale.com/net/connstats from tailscale.com/net/tstun+ tailscale.com/net/connstats from tailscale.com/net/tstun+

View File

@ -100,7 +100,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/logtail from tailscale.com/cmd/tailscaled+ tailscale.com/logtail from tailscale.com/cmd/tailscaled+
tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+ tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+
tailscale.com/metrics from tailscale.com/net/tstun+ tailscale.com/metrics from tailscale.com/net/tstun+
tailscale.com/net/ace from tailscale.com/control/controlhttp+ tailscale.com/net/ace from tailscale.com/cmd/tailscale/cli
tailscale.com/net/bakedroots from tailscale.com/net/tlsdial tailscale.com/net/bakedroots from tailscale.com/net/tlsdial
💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock 💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock
tailscale.com/net/connstats from tailscale.com/net/tstun+ tailscale.com/net/connstats from tailscale.com/net/tstun+

View File

@ -252,7 +252,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/cmd/tailscaled/tailscaledhooks from tailscale.com/cmd/tailscaled+ tailscale.com/cmd/tailscaled/tailscaledhooks from tailscale.com/cmd/tailscaled+
tailscale.com/control/controlbase from tailscale.com/control/controlhttp+ tailscale.com/control/controlbase from tailscale.com/control/controlhttp+
tailscale.com/control/controlclient from tailscale.com/cmd/tailscaled+ tailscale.com/control/controlclient from tailscale.com/cmd/tailscaled+
tailscale.com/control/controlhttp from tailscale.com/control/ts2021 tailscale.com/control/controlhttp from tailscale.com/control/ts2021+
tailscale.com/control/controlhttp/controlhttpcommon from tailscale.com/control/controlhttp tailscale.com/control/controlhttp/controlhttpcommon from tailscale.com/control/controlhttp
tailscale.com/control/controlknobs from tailscale.com/control/controlclient+ tailscale.com/control/controlknobs from tailscale.com/control/controlclient+
tailscale.com/control/ts2021 from tailscale.com/control/controlclient tailscale.com/control/ts2021 from tailscale.com/control/controlclient
@ -272,6 +272,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/envknob from tailscale.com/client/local+ tailscale.com/envknob from tailscale.com/client/local+
tailscale.com/envknob/featureknob from tailscale.com/client/web+ tailscale.com/envknob/featureknob from tailscale.com/client/web+
tailscale.com/feature from tailscale.com/feature/wakeonlan+ tailscale.com/feature from tailscale.com/feature/wakeonlan+
tailscale.com/feature/ace from tailscale.com/feature/condregister
tailscale.com/feature/appconnectors from tailscale.com/feature/condregister tailscale.com/feature/appconnectors from tailscale.com/feature/condregister
tailscale.com/feature/buildfeatures from tailscale.com/wgengine/magicsock+ tailscale.com/feature/buildfeatures from tailscale.com/wgengine/magicsock+
tailscale.com/feature/capture from tailscale.com/feature/condregister tailscale.com/feature/capture from tailscale.com/feature/condregister
@ -322,7 +323,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
tailscale.com/logtail from tailscale.com/cmd/tailscaled+ tailscale.com/logtail from tailscale.com/cmd/tailscaled+
tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+ tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+
tailscale.com/metrics from tailscale.com/net/tstun+ tailscale.com/metrics from tailscale.com/net/tstun+
tailscale.com/net/ace from tailscale.com/control/controlhttp tailscale.com/net/ace from tailscale.com/feature/ace
tailscale.com/net/bakedroots from tailscale.com/net/tlsdial+ tailscale.com/net/bakedroots from tailscale.com/net/tlsdial+
💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock+ 💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock+
tailscale.com/net/captivedetection from tailscale.com/ipn/ipnlocal+ tailscale.com/net/captivedetection from tailscale.com/ipn/ipnlocal+

View File

@ -170,7 +170,6 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
tailscale.com/logtail from tailscale.com/control/controlclient+ tailscale.com/logtail from tailscale.com/control/controlclient+
tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+ tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+
tailscale.com/metrics from tailscale.com/net/tstun+ tailscale.com/metrics from tailscale.com/net/tstun+
tailscale.com/net/ace from tailscale.com/control/controlhttp
tailscale.com/net/bakedroots from tailscale.com/ipn/ipnlocal+ tailscale.com/net/bakedroots from tailscale.com/ipn/ipnlocal+
💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock 💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock
tailscale.com/net/captivedetection from tailscale.com/ipn/ipnlocal+ tailscale.com/net/captivedetection from tailscale.com/ipn/ipnlocal+

View File

@ -42,7 +42,6 @@ import (
"tailscale.com/feature" "tailscale.com/feature"
"tailscale.com/feature/buildfeatures" "tailscale.com/feature/buildfeatures"
"tailscale.com/health" "tailscale.com/health"
"tailscale.com/net/ace"
"tailscale.com/net/dnscache" "tailscale.com/net/dnscache"
"tailscale.com/net/dnsfallback" "tailscale.com/net/dnsfallback"
"tailscale.com/net/netutil" "tailscale.com/net/netutil"
@ -395,6 +394,8 @@ var macOSScreenTime = health.Register(&health.Warnable{
ImpactsConnectivity: true, ImpactsConnectivity: true,
}) })
var HookMakeACEDialer feature.Hook[func(dialer netx.DialFunc, aceHost string, optIP netip.Addr) netx.DialFunc]
// tryURLUpgrade connects to u, and tries to upgrade it to a net.Conn. // tryURLUpgrade connects to u, and tries to upgrade it to a net.Conn.
// //
// If optAddr is valid, then no DNS is used and the connection will be made to // If optAddr is valid, then no DNS is used and the connection will be made to
@ -424,11 +425,14 @@ func (a *Dialer) tryURLUpgrade(ctx context.Context, u *url.URL, optAddr netip.Ad
} }
if optACEHost != "" { if optACEHost != "" {
dialer = (&ace.Dialer{ if !buildfeatures.HasACE {
ACEHost: optACEHost, return nil, feature.ErrUnavailable
ACEHostIP: optAddr, // may be zero }
NetDialer: dialer, f, ok := HookMakeACEDialer.GetOk()
}).Dial if !ok {
return nil, feature.ErrUnavailable
}
dialer = f(dialer, optACEHost, optAddr)
} }
// On macOS, see if Screen Time is blocking things. // On macOS, see if Screen Time is blocking things.

25
feature/ace/ace.go Normal file
View File

@ -0,0 +1,25 @@
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
// Package ace registers support for Alternate Connectivity Endpoints (ACE).
package ace
import (
"net/netip"
"tailscale.com/control/controlhttp"
"tailscale.com/net/ace"
"tailscale.com/net/netx"
)
func init() {
controlhttp.HookMakeACEDialer.Set(mkDialer)
}
func mkDialer(dialer netx.DialFunc, aceHost string, optIP netip.Addr) netx.DialFunc {
return (&ace.Dialer{
ACEHost: aceHost,
ACEHostIP: optIP, // may be zero
NetDialer: dialer,
}).Dial
}

View File

@ -0,0 +1,13 @@
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
// Code generated by gen.go; DO NOT EDIT.
//go:build ts_omit_ace
package buildfeatures
// HasACE is whether the binary was built with support for modular feature "Alternate Connectivity Endpoints".
// Specifically, it's whether the binary was NOT built with the "ts_omit_ace" build tag.
// It's a const so it can be used for dead code elimination.
const HasACE = false

View File

@ -0,0 +1,13 @@
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
// Code generated by gen.go; DO NOT EDIT.
//go:build !ts_omit_ace
package buildfeatures
// HasACE is whether the binary was built with support for modular feature "Alternate Connectivity Endpoints".
// Specifically, it's whether the binary was NOT built with the "ts_omit_ace" build tag.
// It's a const so it can be used for dead code elimination.
const HasACE = true

View File

@ -0,0 +1,8 @@
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
//go:build !ts_omit_ace
package condregister
import _ "tailscale.com/feature/ace"

View File

@ -93,6 +93,7 @@ type FeatureMeta struct {
// Features are the known Tailscale features that can be selectively included or // Features are the known Tailscale features that can be selectively included or
// excluded via build tags, and a description of each. // excluded via build tags, and a description of each.
var Features = map[FeatureTag]FeatureMeta{ var Features = map[FeatureTag]FeatureMeta{
"ace": {Sym: "ACE", Desc: "Alternate Connectivity Endpoints"},
"acme": {Sym: "ACME", Desc: "ACME TLS certificate management"}, "acme": {Sym: "ACME", Desc: "ACME TLS certificate management"},
"appconnectors": {Sym: "AppConnectors", Desc: "App Connectors support"}, "appconnectors": {Sym: "AppConnectors", Desc: "App Connectors support"},
"aws": {Sym: "AWS", Desc: "AWS integration"}, "aws": {Sym: "AWS", Desc: "AWS integration"},

View File

@ -28,6 +28,8 @@ type Dialer struct {
ACEHostIP netip.Addr // optional; if non-zero, use this IP instead of DNS ACEHostIP netip.Addr // optional; if non-zero, use this IP instead of DNS
ACEPort int // zero means 443 ACEPort int // zero means 443
// NetDialer optionally specifies the underlying dialer to use to reach the
// ACEHost. If nil, net.Dialer.DialContext is used.
NetDialer func(ctx context.Context, network, address string) (net.Conn, error) NetDialer func(ctx context.Context, network, address string) (net.Conn, error)
} }

View File

@ -166,7 +166,6 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
tailscale.com/logtail from tailscale.com/control/controlclient+ tailscale.com/logtail from tailscale.com/control/controlclient+
tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+ tailscale.com/logtail/filch from tailscale.com/log/sockstatlog+
tailscale.com/metrics from tailscale.com/net/tstun+ tailscale.com/metrics from tailscale.com/net/tstun+
tailscale.com/net/ace from tailscale.com/control/controlhttp
tailscale.com/net/bakedroots from tailscale.com/ipn/ipnlocal+ tailscale.com/net/bakedroots from tailscale.com/ipn/ipnlocal+
💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock 💣 tailscale.com/net/batching from tailscale.com/wgengine/magicsock
tailscale.com/net/captivedetection from tailscale.com/ipn/ipnlocal+ tailscale.com/net/captivedetection from tailscale.com/ipn/ipnlocal+