wgengine/netlog: embed node information in network flow logs (#17668)

This rewrites the netlog package to support embedding node information in network flow logs. Some bit of complexity comes in trying to pre-compute the expected size of the log message after JSON serialization to ensure that we can respect maximum body limits in log uploading. We also fix a bug in tstun, where we were recording the IP address after SNAT, which was resulting in non-sensible connection flows being logged. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net>
2025-12-27 12:56:41 +00:00 · 2025-10-28 14:48:37 -07:00
parent fcb614a53e
commit 478342a642
10 changed files with 1089 additions and 595 deletions
--- a/net/tstun/wrap.go
+++ b/net/tstun/wrap.go
@@ -967,6 +967,11 @@ func (t *Wrapper) Read(buffs [][]byte, sizes []int, offset int) (int, error) {
 				continue
 			}
 		}
+		if buildfeatures.HasNetLog {
+			if update := t.connCounter.Load(); update != nil {
+				updateConnCounter(update, p.Buffer(), false)
+			}
+		}

 		// Make sure to do SNAT after filtering, so that any flow tracking in
 		// the filter sees the original source address. See #12133.
@@ -976,11 +981,6 @@ func (t *Wrapper) Read(buffs [][]byte, sizes []int, offset int) (int, error) {
 			panic(fmt.Sprintf("short copy: %d != %d", n, len(data)-res.dataOffset))
 		}
 		sizes[buffsPos] = n
-		if buildfeatures.HasNetLog {
-			if update := t.connCounter.Load(); update != nil {
-				updateConnCounter(update, p.Buffer(), false)
-			}
-		}
 		buffsPos++
 	}
 	if buffsGRO != nil {