feature/ace: make ACE modular

Updates #12614

Change-Id: Iaee75d8831c4ba5c9705d7877bb78044424c6da1
Signed-off-by: Brad Fitzpatrick <[email protected]>

cmd/k8s-operator/depaware.txt

@@ -742,7 +742,6 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
         tailscale.com/logtail                                        from tailscale.com/control/controlclient+
         tailscale.com/logtail/filch                                  from tailscale.com/log/sockstatlog+
         tailscale.com/metrics                                        from tailscale.com/net/tstun+
-        tailscale.com/net/ace                                        from tailscale.com/control/controlhttp
         tailscale.com/net/bakedroots                                 from tailscale.com/net/tlsdial+
      💣 tailscale.com/net/batching                                   from tailscale.com/wgengine/magicsock
         tailscale.com/net/captivedetection                           from tailscale.com/ipn/ipnlocal+

cmd/tailscale/depaware.txt

@@ -113,7 +113,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
         tailscale.com/kube/kubetypes                                 from tailscale.com/envknob
         tailscale.com/licenses                                       from tailscale.com/client/web+
         tailscale.com/metrics                                        from tailscale.com/tsweb+
-        tailscale.com/net/ace                                        from tailscale.com/cmd/tailscale/cli+
+        tailscale.com/net/ace                                        from tailscale.com/cmd/tailscale/cli
         tailscale.com/net/bakedroots                                 from tailscale.com/net/tlsdial
         tailscale.com/net/captivedetection                           from tailscale.com/net/netcheck
         tailscale.com/net/dnscache                                   from tailscale.com/control/controlhttp+

cmd/tailscaled/depaware-min.txt

@@ -77,7 +77,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/logtail                                        from tailscale.com/cmd/tailscaled+
         tailscale.com/logtail/filch                                  from tailscale.com/log/sockstatlog+
         tailscale.com/metrics                                        from tailscale.com/net/tstun+
-        tailscale.com/net/ace                                        from tailscale.com/control/controlhttp
         tailscale.com/net/bakedroots                                 from tailscale.com/net/tlsdial
      💣 tailscale.com/net/batching                                   from tailscale.com/wgengine/magicsock
         tailscale.com/net/connstats                                  from tailscale.com/net/tstun+

cmd/tailscaled/depaware-minbox.txt

@@ -100,7 +100,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/logtail                                        from tailscale.com/cmd/tailscaled+
         tailscale.com/logtail/filch                                  from tailscale.com/log/sockstatlog+
         tailscale.com/metrics                                        from tailscale.com/net/tstun+
-        tailscale.com/net/ace                                        from tailscale.com/control/controlhttp+
+        tailscale.com/net/ace                                        from tailscale.com/cmd/tailscale/cli
         tailscale.com/net/bakedroots                                 from tailscale.com/net/tlsdial
      💣 tailscale.com/net/batching                                   from tailscale.com/wgengine/magicsock
         tailscale.com/net/connstats                                  from tailscale.com/net/tstun+

cmd/tailscaled/depaware.txt

@@ -252,7 +252,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/cmd/tailscaled/tailscaledhooks                 from tailscale.com/cmd/tailscaled+
         tailscale.com/control/controlbase                            from tailscale.com/control/controlhttp+
         tailscale.com/control/controlclient                          from tailscale.com/cmd/tailscaled+
-        tailscale.com/control/controlhttp                            from tailscale.com/control/ts2021
+        tailscale.com/control/controlhttp                            from tailscale.com/control/ts2021+
         tailscale.com/control/controlhttp/controlhttpcommon          from tailscale.com/control/controlhttp
         tailscale.com/control/controlknobs                           from tailscale.com/control/controlclient+
         tailscale.com/control/ts2021                                 from tailscale.com/control/controlclient
@@ -272,6 +272,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/envknob                                        from tailscale.com/client/local+
         tailscale.com/envknob/featureknob                            from tailscale.com/client/web+
         tailscale.com/feature                                        from tailscale.com/feature/wakeonlan+
+        tailscale.com/feature/ace                                    from tailscale.com/feature/condregister
         tailscale.com/feature/appconnectors                          from tailscale.com/feature/condregister
         tailscale.com/feature/buildfeatures                          from tailscale.com/wgengine/magicsock+
         tailscale.com/feature/capture                                from tailscale.com/feature/condregister
@@ -322,7 +323,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/logtail                                        from tailscale.com/cmd/tailscaled+
         tailscale.com/logtail/filch                                  from tailscale.com/log/sockstatlog+
         tailscale.com/metrics                                        from tailscale.com/net/tstun+
-        tailscale.com/net/ace                                        from tailscale.com/control/controlhttp
+        tailscale.com/net/ace                                        from tailscale.com/feature/ace
         tailscale.com/net/bakedroots                                 from tailscale.com/net/tlsdial+
      💣 tailscale.com/net/batching                                   from tailscale.com/wgengine/magicsock+
         tailscale.com/net/captivedetection                           from tailscale.com/ipn/ipnlocal+

cmd/tsidp/depaware.txt

@@ -170,7 +170,6 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
         tailscale.com/logtail                                        from tailscale.com/control/controlclient+
         tailscale.com/logtail/filch                                  from tailscale.com/log/sockstatlog+
         tailscale.com/metrics                                        from tailscale.com/net/tstun+
-        tailscale.com/net/ace                                        from tailscale.com/control/controlhttp
         tailscale.com/net/bakedroots                                 from tailscale.com/ipn/ipnlocal+
      💣 tailscale.com/net/batching                                   from tailscale.com/wgengine/magicsock
         tailscale.com/net/captivedetection                           from tailscale.com/ipn/ipnlocal+

control/controlhttp/client.go

@@ -42,7 +42,6 @@ import (
 	"tailscale.com/feature"
 	"tailscale.com/feature/buildfeatures"
 	"tailscale.com/health"
-	"tailscale.com/net/ace"
 	"tailscale.com/net/dnscache"
 	"tailscale.com/net/dnsfallback"
 	"tailscale.com/net/netutil"
@@ -395,6 +394,8 @@ var macOSScreenTime = health.Register(&health.Warnable{
 	ImpactsConnectivity: true,
 })
 
+var HookMakeACEDialer feature.Hook[func(dialer netx.DialFunc, aceHost string, optIP netip.Addr) netx.DialFunc]
+
 // tryURLUpgrade connects to u, and tries to upgrade it to a net.Conn.
 //
 // If optAddr is valid, then no DNS is used and the connection will be made to
@@ -424,11 +425,14 @@ func (a *Dialer) tryURLUpgrade(ctx context.Context, u *url.URL, optAddr netip.Ad
 	}
 
 	if optACEHost != "" {
-		dialer = (&ace.Dialer{
-			ACEHost:   optACEHost,
-			ACEHostIP: optAddr, // may be zero
-			NetDialer: dialer,
-		}).Dial
+		if !buildfeatures.HasACE {
+			return nil, feature.ErrUnavailable
+		}
+		f, ok := HookMakeACEDialer.GetOk()
+		if !ok {
+			return nil, feature.ErrUnavailable
+		}
+		dialer = f(dialer, optACEHost, optAddr)
 	}
 
 	// On macOS, see if Screen Time is blocking things.

feature/ace/ace.go

@@ -0,0 +1,25 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Package ace registers support for Alternate Connectivity Endpoints (ACE).
+package ace
+
+import (
+	"net/netip"
+
+	"tailscale.com/control/controlhttp"
+	"tailscale.com/net/ace"
+	"tailscale.com/net/netx"
+)
+
+func init() {
+	controlhttp.HookMakeACEDialer.Set(mkDialer)
+}
+
+func mkDialer(dialer netx.DialFunc, aceHost string, optIP netip.Addr) netx.DialFunc {
+	return (&ace.Dialer{
+		ACEHost:   aceHost,
+		ACEHostIP: optIP, // may be zero
+		NetDialer: dialer,
+	}).Dial
+}

feature/buildfeatures/feature_ace_disabled.go

@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build ts_omit_ace
+
+package buildfeatures
+
+// HasACE is whether the binary was built with support for modular feature "Alternate Connectivity Endpoints".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_ace" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasACE = false

feature/buildfeatures/feature_ace_enabled.go

@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build !ts_omit_ace
+
+package buildfeatures
+
+// HasACE is whether the binary was built with support for modular feature "Alternate Connectivity Endpoints".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_ace" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasACE = true

feature/condregister/maybe_ace.go

@@ -0,0 +1,8 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build !ts_omit_ace
+
+package condregister
+
+import _ "tailscale.com/feature/ace"

feature/featuretags/featuretags.go

@@ -93,6 +93,7 @@ type FeatureMeta struct {
 // Features are the known Tailscale features that can be selectively included or
 // excluded via build tags, and a description of each.
 var Features = map[FeatureTag]FeatureMeta{
+	"ace":           {Sym: "ACE", Desc: "Alternate Connectivity Endpoints"},
 	"acme":          {Sym: "ACME", Desc: "ACME TLS certificate management"},
 	"appconnectors": {Sym: "AppConnectors", Desc: "App Connectors support"},
 	"aws":           {Sym: "AWS", Desc: "AWS integration"},

net/ace/ace.go

@@ -28,6 +28,8 @@ type Dialer struct {
 	ACEHostIP netip.Addr // optional; if non-zero, use this IP instead of DNS
 	ACEPort   int        // zero means 443
 
+	// NetDialer optionally specifies the underlying dialer to use to reach the
+	// ACEHost. If nil, net.Dialer.DialContext is used.
 	NetDialer func(ctx context.Context, network, address string) (net.Conn, error)
 }
 

tsnet/depaware.txt

@@ -166,7 +166,6 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
         tailscale.com/logtail                                        from tailscale.com/control/controlclient+
         tailscale.com/logtail/filch                                  from tailscale.com/log/sockstatlog+
         tailscale.com/metrics                                        from tailscale.com/net/tstun+
-        tailscale.com/net/ace                                        from tailscale.com/control/controlhttp
         tailscale.com/net/bakedroots                                 from tailscale.com/ipn/ipnlocal+
      💣 tailscale.com/net/batching                                   from tailscale.com/wgengine/magicsock
         tailscale.com/net/captivedetection                           from tailscale.com/ipn/ipnlocal+