From 18fc093c0df7a04b9d0a396ad3b635e9f859ffa5 Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Fri, 18 Oct 2024 07:47:05 -0700 Subject: [PATCH] derp: give trusted mesh peers longer write timeouts Updates tailscale/corp#24014 Change-Id: I700872be48ab337dce8e11cabef7f82b97f0422a Signed-off-by: Brad Fitzpatrick --- derp/derp_server.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/derp/derp_server.go b/derp/derp_server.go index 8c5d6e890..94d2263f4 100644 --- a/derp/derp_server.go +++ b/derp/derp_server.go @@ -74,6 +74,7 @@ func init() { const ( perClientSendQueueDepth = 32 // packets buffered for sending writeTimeout = 2 * time.Second + privilegedWriteTimeout = 30 * time.Second // for clients with the mesh key ) // dupPolicy is a temporary (2021-08-30) mechanism to change the policy @@ -1721,7 +1722,19 @@ func (c *sclient) sendLoop(ctx context.Context) error { } func (c *sclient) setWriteDeadline() { - c.nc.SetWriteDeadline(time.Now().Add(writeTimeout)) + d := writeTimeout + if c.canMesh { + // Trusted peers get more tolerance. + // + // The "canMesh" is a bit of a misnomer; mesh peers typically run over a + // different interface for a per-region private VPC and are not + // throttled. But monitoring software elsewhere over the internet also + // use the private mesh key to subscribe to connect/disconnect events + // and might hit throttling and need more time to get the initial dump + // of connected peers. + d = privilegedWriteTimeout + } + c.nc.SetWriteDeadline(time.Now().Add(d)) } // sendKeepAlive sends a keep-alive frame, without flushing.