You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/net
Andrea Gottardo ed1ac799c8
net/captivedetection: set Timeout on net.Dialer (#13613)
Updates tailscale/tailscale#1634
Updates tailscale/tailscale#13265

Captive portal detection uses a custom `net.Dialer` in its `http.Client`. This custom Dialer ensures that the socket is bound specifically to the Wi-Fi interface. This is crucial because without it, if any default routes are set, the outgoing requests for detecting a captive portal would bypass Wi-Fi and go through the default route instead.

The Dialer did not have a Timeout property configured, so the default system timeout was applied. This caused issues in #13265, where we attempted to make captive portal detection requests over an IPsec interface used for Wi-Fi Calling. The call to `connect()` would fail and remain blocked until the system timeout (approximately 1 minute) was reached.

In #13598, I simply excluded the IPsec interface from captive portal detection. This was a quick and safe mitigation for the issue. This PR is a follow-up to make the process more robust, by setting a 3 seconds timeout on any connection establishment on any interface (this is the same timeout interval we were already setting on the HTTP client).

Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
2 months ago
..
art all: fix new lint warnings from bumping staticcheck 3 months ago
captivedetection net/captivedetection: set Timeout on net.Dialer (#13613) 2 months ago
connstats all: use Go 1.22 range-over-int 7 months ago
dns cli: add `tailscale dns query` (#13368) 2 months ago
dnscache net/dnscache: use parent context to perform lookup 5 months ago
dnsfallback {control,net}: close idle connections of custom transports 4 months ago
flowtrack net/flowtrack: fix, test String method 5 months ago
ipset go.mod: bump bart 5 months ago
ktimeout net/ktimeout: add a package to set TCP user timeout 9 months ago
memnet net/memnet: export the network name (#9111) 1 year ago
netaddr all: update copyright and license headers 2 years ago
netcheck net/netcheck,wgengine/magicsock: plumb OnlyTCP443 controlknob through netcheck (#13491) 2 months ago
neterror net/neterror, wgengine/magicsock: use UDP GSO and GRO on Linux (#7791) 2 years ago
netkernelconf ipn/{ipnlocal,localapi},net/netkernelconf,client/tailscale,cmd/containerboot: optionally enable UDP GRO forwarding for containers (#12410) 5 months ago
netknob all: update copyright and license headers 2 years ago
netmon all: fix new lint warnings from bumping staticcheck 3 months ago
netns net/netns: remove some logspam by avoiding logging parse errors due to unspecified addresses 4 months ago
netstat all: add test for package comments, fix, add comments as needed 4 months ago
netutil {ipn,net,tsnet}: use tsaddr helpers 2 months ago
packet wgengine/magicsock: actually use AF_PACKET socket for raw disco 3 months ago
ping net/ping: fix ICMP echo code field to 0 1 year ago
portmapper net/portmapper: don't treat 0.0.0.0 as a valid IP 2 months ago
proxymux all: cleanup unused code, part 1 (#10661) 11 months ago
routetable net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon 7 months ago
socks5 net/socks5: support UDP 4 months ago
sockstats net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon 7 months ago
speedtest all: update copyright and license headers 2 years ago
stun ci: enable checklocks workflow for specific packages 5 months ago
stunserver all: use Go 1.22 range-over-int 7 months ago
tcpinfo all: use Go 1.22 range-over-int 7 months ago
tlsdial cmd/tta, vnet: add host firewall, env var support, more tests 3 months ago
tsaddr net/tsaddr: add WithoutExitRoutes and IsExitRoute 2 months ago
tsdial {control,net}: close idle connections of custom transports 4 months ago
tshttpproxy all: use Go 1.22 range-over-int 7 months ago
tstun util/usermetrics: make usermetrics non-global 2 months ago
wsconn go.{mod,sum}: migrate from nhooyr.io/websocket to github.com/coder/websocket 3 months ago