derp: add a verifyClients check to the consistency check

Only implemented for the local tailscaled variant for now.

Updates tailscale/corp#20844

Signed-off-by: James Tucker <james@tailscale.com>
angott/ignore-some-warnings-startup
James Tucker 5 months ago committed by James Tucker
parent 2db2d04a37
commit 87c5ad4c2c

@ -1955,12 +1955,37 @@ func (s *Server) ConsistencyCheck() error {
s.curClients.Value(), s.curClients.Value(),
len(s.clients))) len(s.clients)))
} }
if s.verifyClientsLocalTailscaled {
if err := s.checkVerifyClientsLocalTailscaled(); err != nil {
errs = append(errs, err.Error())
}
}
if len(errs) == 0 { if len(errs) == 0 {
return nil return nil
} }
return errors.New(strings.Join(errs, ", ")) return errors.New(strings.Join(errs, ", "))
} }
// checkVerifyClientsLocalTailscaled checks that a verifyClients call can be made successfully for the derper hosts own node key.
func (s *Server) checkVerifyClientsLocalTailscaled() error {
ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
defer cancel()
status, err := localClient.StatusWithoutPeers(ctx)
if err != nil {
return fmt.Errorf("localClient.Status: %w", err)
}
info := &clientInfo{
IsProber: true,
}
clientIP := netip.IPv6Loopback()
if err := s.verifyClient(ctx, status.Self.PublicKey, info, clientIP); err != nil {
return fmt.Errorf("verifyClient for self nodekey: %w", err)
}
return nil
}
const minTimeBetweenLogs = 2 * time.Second const minTimeBetweenLogs = 2 * time.Second
// BytesSentRecv records the number of bytes that have been sent since the last traffic check // BytesSentRecv records the number of bytes that have been sent since the last traffic check

Loading…
Cancel
Save