feat(cli): add p2p diagnostics to ping

ethanndickson · ethanndickson · commit da189ae654ca · 2024-08-26T08:43:12.000Z
diff --git a/agent/api.go b/agent/api.go
@@ -37,6 +37,7 @@ func (a *agent) apiHandler() http.Handler {
 	}
 	promHandler := PrometheusMetricsHandler(a.prometheusRegistry, a.logger)
 	r.Get("/api/v0/listening-ports", lp.handler)
+	r.Get("/api/v0/netcheck", a.HandleNetCheck)
 	r.Get("/debug/logs", a.HandleHTTPDebugLogs)
 	r.Get("/debug/magicsock", a.HandleHTTPDebugMagicsock)
 	r.Get("/debug/magicsock/debug-logging/{state}", a.HandleHTTPMagicsockDebugLoggingState)
diff --git a/agent/health.go b/agent/health.go
@@ -0,0 +1,20 @@
+package agent
+
+import (
+	"net/http"
+
+	"github.com/coder/coder/v2/coderd/healthcheck/health"
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
+)
+
+func (a *agent) HandleNetCheck(rw http.ResponseWriter, r *http.Request) {
+	ni := a.TailnetConn().GetNetInfo()
+
+	httpapi.Write(r.Context(), rw, http.StatusOK, healthsdk.AgentNetcheckReport{
+		BaseReport: healthsdk.BaseReport{
+			Severity: health.SeverityOK,
+		},
+		NetInfo: ni,
+	})
+}
diff --git a/cli/cliui/agent.go b/cli/cliui/agent.go
@@ -10,8 +10,11 @@ import (
 
 	"github.com/google/uuid"
 	"golang.org/x/xerrors"
+	"tailscale.com/tailcfg"
 
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
 	"github.com/coder/coder/v2/tailnet"
 )
 
@@ -346,3 +349,50 @@ func PeerDiagnostics(w io.Writer, d tailnet.PeerDiagnostics) {
 		_, _ = fmt.Fprint(w, "✘ Wireguard is not connected\n")
 	}
 }
+
+type ConnDiags struct {
+	Info              *workspacesdk.AgentConnectionInfo
+	PingP2P           bool
+	LocalNetInfo      *tailcfg.NetInfo
+	FetchAgentNetInfo func() (healthsdk.AgentNetcheckReport, error)
+	// TODO: More diagnostics
+}
+
+func ConnDiagnostics(w io.Writer, d ConnDiags) {
+	if d.PingP2P {
+		_, _ = fmt.Fprintln(w, "✔ You are connected directly, peer-to-peer (p2p).")
+		return
+	}
+	_, _ = fmt.Fprintln(w, "❗ You are connected via a DERP relay, not directly, peer-to-peer (p2p).")
+
+	if d.Info == nil {
+		return
+	}
+
+	if d.Info.DisableDirectConnections {
+		_, _ = fmt.Fprintln(w, "❗ Your Coder administrator has blocked direct connections.")
+		return
+	}
+
+	if !d.Info.DERPMap.HasSTUN() {
+		_, _ = fmt.Fprintln(w, "✘ The workspace agent appears to be unable to reach any STUN servers.\nhttps://coder.com/docs/networking/stun")
+	}
+
+	if d.LocalNetInfo == nil {
+		return
+	}
+
+	if d.LocalNetInfo.MappingVariesByDestIP.EqualBool(true) {
+		_, _ = fmt.Fprintln(w, "❗ Client is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers.")
+	}
+
+	agentNetcheck, err := d.FetchAgentNetInfo()
+	if err != nil {
+		_, _ = fmt.Fprintf(w, "Failed to retrieve netcheck report from agent: %v\n", err)
+		return
+	}
+
+	if agentNetcheck.NetInfo.MappingVariesByDestIP.EqualBool(true) {
+		_, _ = fmt.Fprintln(w, "❗ Agent is potentially behind a hard NAT, as multiple endpoints were retrieved from different STUN servers.")
+	}
+}
diff --git a/cli/ping.go b/cli/ping.go
@@ -14,6 +14,7 @@ import (
 
 	"github.com/coder/coder/v2/cli/cliui"
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
 	"github.com/coder/coder/v2/codersdk/workspacesdk"
 	"github.com/coder/serpent"
 )
@@ -140,6 +141,18 @@ func (r *RootCmd) ping() *serpent.Command {
 				if n == int(pingNum) {
 					diags := conn.GetPeerDiagnostics()
 					cliui.PeerDiagnostics(inv.Stdout, diags)
+
+					connDiags := cliui.ConnDiags{
+						PingP2P: didP2p,
+						FetchAgentNetInfo: func() (healthsdk.AgentNetcheckReport, error) {
+							return conn.NetCheck(ctx)
+						},
+					}
+					connInfo, err := workspacesdk.New(client).AgentConnectionInfoGeneric(ctx)
+					if err == nil {
+						connDiags.Info = &connInfo
+					}
+					cliui.ConnDiagnostics(inv.Stdout, connDiags)
 					return nil
 				}
 			}
diff --git a/codersdk/healthsdk/healthsdk.go b/codersdk/healthsdk/healthsdk.go
@@ -273,3 +273,9 @@ type ClientNetcheckReport struct {
 	DERP       DERPHealthReport `json:"derp"`
 	Interfaces InterfacesReport `json:"interfaces"`
 }
+
+// @typescript-ignore AgentNetcheckReport
+type AgentNetcheckReport struct {
+	BaseReport
+	NetInfo *tailcfg.NetInfo `json:"net_info"`
+}
diff --git a/codersdk/workspacesdk/agentconn.go b/codersdk/workspacesdk/agentconn.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/coder/coder/v2/coderd/tracing"
 	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/healthsdk"
 	"github.com/coder/coder/v2/tailnet"
 )
 
@@ -241,6 +242,23 @@ func (c *AgentConn) ListeningPorts(ctx context.Context) (codersdk.WorkspaceAgent
 	return resp, json.NewDecoder(res.Body).Decode(&resp)
 }
 
+// NetCheck returns a network check report from the workspace agent.
+func (c *AgentConn) NetCheck(ctx context.Context) (healthsdk.AgentNetcheckReport, error) {
+	ctx, span := tracing.StartSpan(ctx)
+	defer span.End()
+	res, err := c.apiRequest(ctx, http.MethodGet, "/api/v0/netcheck", nil)
+	if err != nil {
+		return healthsdk.AgentNetcheckReport{}, xerrors.Errorf("do request: %w", err)
+	}
+	defer res.Body.Close()
+	if res.StatusCode != http.StatusOK {
+		return healthsdk.AgentNetcheckReport{}, codersdk.ReadBodyAsError(res)
+	}
+
+	var resp healthsdk.AgentNetcheckReport
+	return resp, json.NewDecoder(res.Body).Decode(&resp)
+}
+
 // DebugMagicsock makes a request to the workspace agent's magicsock debug endpoint.
 func (c *AgentConn) DebugMagicsock(ctx context.Context) ([]byte, error) {
 	ctx, span := tracing.StartSpan(ctx)
diff --git a/tailnet/conn.go b/tailnet/conn.go
@@ -294,6 +294,9 @@ func NewConn(options *Options) (conn *Conn, err error) {
 	}()
 	if server.telemetryStore != nil {
 		server.wireguardEngine.SetNetInfoCallback(func(ni *tailcfg.NetInfo) {
+			server.mutex.Lock()
+			defer server.mutex.Unlock()
+			server.lastNetInfo = ni.Clone()
 			server.telemetryStore.setNetInfo(ni)
 			nodeUp.setNetInfo(ni)
 			server.telemetryStore.pingPeer(server)
@@ -304,7 +307,12 @@ func NewConn(options *Options) (conn *Conn, err error) {
 		})
 		go server.watchConnChange()
 	} else {
-		server.wireguardEngine.SetNetInfoCallback(nodeUp.setNetInfo)
+		server.wireguardEngine.SetNetInfoCallback(func(ni *tailcfg.NetInfo) {
+			server.mutex.Lock()
+			defer server.mutex.Unlock()
+			server.lastNetInfo = ni.Clone()
+			nodeUp.setNetInfo(ni)
+		})
 	}
 	server.wireguardEngine.SetStatusCallback(nodeUp.setStatus)
 	server.magicConn.SetDERPForcedWebsocketCallback(nodeUp.setDERPForcedWebsocket)
@@ -373,6 +381,13 @@ type Conn struct {
 	watchCancel func()
 
 	trafficStats *connstats.Statistics
+	lastNetInfo  *tailcfg.NetInfo
+}
+
+func (c *Conn) GetNetInfo() *tailcfg.NetInfo {
+	c.mutex.Lock()
+	defer c.mutex.Unlock()
+	return c.lastNetInfo.Clone()
 }
 
 func (c *Conn) SetTunnelDestination(id uuid.UUID) {

Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,7 @@ func (a *agent) apiHandler() http.Handler {`
`37`	`37`	`}`
`38`	`38`	`promHandler := PrometheusMetricsHandler(a.prometheusRegistry, a.logger)`
`39`	`39`	`r.Get("/api/v0/listening-ports", lp.handler)`
	`40`	`+ r.Get("/api/v0/netcheck", a.HandleNetCheck)`
`40`	`41`	`r.Get("/debug/logs", a.HandleHTTPDebugLogs)`
`41`	`42`	`r.Get("/debug/magicsock", a.HandleHTTPDebugMagicsock)`
`42`	`43`	`r.Get("/debug/magicsock/debug-logging/{state}", a.HandleHTTPMagicsockDebugLoggingState)`