net/netcheck,wgengine/magicsock: plumb OnlyTCP443 controlknob through netcheck (#13491)

Updates tailscale/corp#17879

Signed-off-by: Jordan Whited <jordan@tailscale.com>
pull/13502/head
Jordan Whited 2 months ago committed by GitHub
parent 8b962f23d1
commit 951884b077
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -724,6 +724,9 @@ type GetReportOpts struct {
// If no communication with that region has occurred, or it occurred // If no communication with that region has occurred, or it occurred
// too far in the past, this function should return the zero time. // too far in the past, this function should return the zero time.
GetLastDERPActivity func(int) time.Time GetLastDERPActivity func(int) time.Time
// OnlyTCP443 constrains netcheck reporting to measurements over TCP port
// 443.
OnlyTCP443 bool
} }
// getLastDERPActivity calls o.GetLastDERPActivity if both o and // getLastDERPActivity calls o.GetLastDERPActivity if both o and
@ -838,7 +841,10 @@ func (c *Client) GetReport(ctx context.Context, dm *tailcfg.DERPMap, opts *GetRe
go rs.probePortMapServices() go rs.probePortMapServices()
} }
plan := makeProbePlan(dm, ifState, last) var plan probePlan
if opts == nil || !opts.OnlyTCP443 {
plan = makeProbePlan(dm, ifState, last)
}
// If we're doing a full probe, also check for a captive portal. We // If we're doing a full probe, also check for a captive portal. We
// delay by a bit to wait for UDP STUN to finish, to avoid the probe if // delay by a bit to wait for UDP STUN to finish, to avoid the probe if
@ -930,19 +936,20 @@ func (c *Client) GetReport(ctx context.Context, dm *tailcfg.DERPMap, opts *GetRe
} }
} }
if len(need) > 0 { if len(need) > 0 {
// Kick off ICMP in parallel to HTTPS checks; we don't if !opts.OnlyTCP443 {
// reuse the same WaitGroup for those probes because we // Kick off ICMP in parallel to HTTPS checks; we don't
// need to close the underlying Pinger after a timeout // reuse the same WaitGroup for those probes because we
// or when all ICMP probes are done, regardless of // need to close the underlying Pinger after a timeout
// whether the HTTPS probes have finished. // or when all ICMP probes are done, regardless of
wg.Add(1) // whether the HTTPS probes have finished.
go func() { wg.Add(1)
defer wg.Done() go func() {
if err := c.measureAllICMPLatency(ctx, rs, need); err != nil { defer wg.Done()
c.logf("[v1] measureAllICMPLatency: %v", err) if err := c.measureAllICMPLatency(ctx, rs, need); err != nil {
} c.logf("[v1] measureAllICMPLatency: %v", err)
}() }
}()
}
wg.Add(len(need)) wg.Add(len(need))
c.logf("netcheck: UDP is blocked, trying HTTPS") c.logf("netcheck: UDP is blocked, trying HTTPS")
} }

@ -692,6 +692,7 @@ func (c *Conn) updateNetInfo(ctx context.Context) (*netcheck.Report, error) {
// health package here, but I'd rather do that and not store // health package here, but I'd rather do that and not store
// the exact same state in two different places. // the exact same state in two different places.
GetLastDERPActivity: c.health.GetDERPRegionReceivedTime, GetLastDERPActivity: c.health.GetDERPRegionReceivedTime,
OnlyTCP443: c.onlyTCP443.Load(),
}) })
if err != nil { if err != nil {
return nil, err return nil, err

Loading…
Cancel
Save