ipn,tun2socks: ControlledRouter api for connectivity checks

Author: ignoramous

intra/ipn/exit.go

@@ -8,6 +8,9 @@ package ipn
 
 import (
 	"context"
+	"encoding/hex"
+	"math/rand/v2"
+	"net"
 	"strconv"
 
 	x "github.com/celzero/firestack/intra/backend"
@@ -17,7 +20,14 @@ import (
 	"github.com/celzero/firestack/intra/protect"
 )
 
-const fakeExitAddr = "127.0.0.127:1337"
+const (
+	fakeExitAddr = "127.0.0.127"
+	fakeExitPort = "1337"
+)
+
+var (
+	fakeExitAddrPort = net.JoinHostPort(fakeExitAddr, fakeExitPort)
+)
 
 // exit is a proxy that always dials out to the internet.
 type exit struct {
@@ -37,6 +47,16 @@ func NewExitProxy(ctx context.Context, c protect.Controller) *exit {
 	return newExitProxy(Exit, fakeExitAddr, ctx, c)
 }
 
+func NewExitProxyWithID(id, addr string, ctx context.Context, c protect.Controller) *exit {
+	if len(id) <= 0 {
+		id = hex8()
+	}
+	if len(addr) <= 0 {
+		addr = net.JoinHostPort(fakeExitAddr, no65535())
+	}
+	return newExitProxy(id, addr, ctx, c)
+}
+
 func newExitProxy(id, addr string, ctx context.Context, c protect.Controller) *exit {
 	ctx, done := context.WithCancel(ctx)
 	h := &exit{
@@ -179,3 +199,17 @@ func idstr(p x.Proxy) string {
 	}
 	return p.ID()
 }
+
+// create a random hex character string of length 8
+func hex8() string {
+	b := make([]byte, 4)
+	if _, err := rand.Read(b); err != nil {
+		return "deadbeef"
+	}
+	return hex.EncodeToString(b)
+}
+
+func no65535() string {
+	no := max(rand.IntN(65535), 1024)
+	return strconv.Itoa(no)
+}

intra/tun2socks.go

@@ -24,12 +24,14 @@
 package intra
 
 import (
+	"context"
 	"os"
 	"path/filepath"
 	"runtime/debug"
 
 	x "github.com/celzero/firestack/intra/backend"
 	"github.com/celzero/firestack/intra/core"
+	"github.com/celzero/firestack/intra/ipn"
 	"github.com/celzero/firestack/intra/rnet"
 	"github.com/celzero/firestack/intra/settings"
 
@@ -77,6 +79,14 @@ func Connect(fd, mtu int, fakedns string, dtr DefaultDNS, bdg Bridge) (t Tunnel,
 	return NewTunnel(fd, mtu, fakedns, dtr, bdg)
 }
 
+// ControlledRouter creates a [backend.Router] over a [backend.Internet] proxy (like [backend.Exit]),
+// but one that uses custom Controller c. id and addrport are used only for
+// diagnostics and logging, and could be left empty. Typical usage is to use
+// Router.Reaches() to check if a host:port is reachable over this Controller c.
+func ControlledRouter(c Controller, id, addrport string) x.Router {
+	return ipn.NewExitProxyWithID(id, addrport, context.Background(), c).Router()
+}
+
 // Change log level to very verbose (0), verbose (1), debug (2), info (3), warn (4), error (5),
 // stacktraces (6), user notifications (7), or no logs (8). gologLevel and consolelogLevel can
 // be set independently; ex: LogLevel(2, 6) or LogLevel(8, 0) etc.