net/netcheck,wgengine/magicsock: plumb OnlyTCP443 controlknob through netcheck (#13491)

Updates tailscale/corp#17879

Signed-off-by: Jordan Whited <jordan@tailscale.com>
This commit is contained in:
Jordan Whited 2024-09-17 12:24:42 -07:00 committed by GitHub
parent 8b962f23d1
commit 951884b077
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 22 additions and 14 deletions

View File

@ -724,6 +724,9 @@ type GetReportOpts struct {
// If no communication with that region has occurred, or it occurred
// too far in the past, this function should return the zero time.
GetLastDERPActivity func(int) time.Time
// OnlyTCP443 constrains netcheck reporting to measurements over TCP port
// 443.
OnlyTCP443 bool
}
// getLastDERPActivity calls o.GetLastDERPActivity if both o and
@ -838,7 +841,10 @@ func (c *Client) GetReport(ctx context.Context, dm *tailcfg.DERPMap, opts *GetRe
go rs.probePortMapServices()
}
plan := makeProbePlan(dm, ifState, last)
var plan probePlan
if opts == nil || !opts.OnlyTCP443 {
plan = makeProbePlan(dm, ifState, last)
}
// If we're doing a full probe, also check for a captive portal. We
// delay by a bit to wait for UDP STUN to finish, to avoid the probe if
@ -930,6 +936,7 @@ func (c *Client) GetReport(ctx context.Context, dm *tailcfg.DERPMap, opts *GetRe
}
}
if len(need) > 0 {
if !opts.OnlyTCP443 {
// Kick off ICMP in parallel to HTTPS checks; we don't
// reuse the same WaitGroup for those probes because we
// need to close the underlying Pinger after a timeout
@ -942,7 +949,7 @@ func (c *Client) GetReport(ctx context.Context, dm *tailcfg.DERPMap, opts *GetRe
c.logf("[v1] measureAllICMPLatency: %v", err)
}
}()
}
wg.Add(len(need))
c.logf("netcheck: UDP is blocked, trying HTTPS")
}

View File

@ -692,6 +692,7 @@ func (c *Conn) updateNetInfo(ctx context.Context) (*netcheck.Report, error) {
// health package here, but I'd rather do that and not store
// the exact same state in two different places.
GetLastDERPActivity: c.health.GetDERPRegionReceivedTime,
OnlyTCP443: c.onlyTCP443.Load(),
})
if err != nil {
return nil, err