diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go index f1491ebf9..6c8114876 100644 --- a/wgengine/magicsock/magicsock.go +++ b/wgengine/magicsock/magicsock.go @@ -2653,16 +2653,17 @@ func (c *Conn) CreateEndpoint(pubKey [32]byte, addrs string) (conn.Endpoint, err pk := key.Public(pubKey) c.logf("magicsock: CreateEndpoint: key=%s: %s", pk.ShortString(), derpStr(addrs)) + if !c.canCreateEPUnlocked.Get() { // sorry + c.mu.Lock() + defer c.mu.Unlock() + } + if strings.HasSuffix(addrs, controlclient.EndpointDiscoSuffix) { discoHex := strings.TrimSuffix(addrs, controlclient.EndpointDiscoSuffix) discoKey, err := key.NewPublicFromHexMem(mem.S(discoHex)) if err != nil { return nil, fmt.Errorf("magicsock: invalid discokey endpoint %q for %v: %w", addrs, pk.ShortString(), err) } - if !c.canCreateEPUnlocked.Get() { // sorry - c.mu.Lock() - defer c.mu.Unlock() - } de := &discoEndpoint{ c: c, publicKey: tailcfg.NodeKey(pk), // peer public key (for WireGuard + DERP) @@ -2706,9 +2707,6 @@ func (c *Conn) CreateEndpoint(pubKey [32]byte, addrs string) (conn.Endpoint, err } } - c.mu.Lock() - defer c.mu.Unlock() - // If this endpoint is being updated, remember its old set of // endpoints so we can remove any (from c.addrsByUDP) that are // not in the new set.