wgengine/magicsock: add an option to disable legacy peer handling.

Used in tests to ensure we're not relying on behavior we're going to remove eventually. Signed-off-by: David Anderson <danderson@tailscale.com>
2025-01-05 23:07:44 +00:00 · 2021-01-15 14:55:44 -08:00 · 2021-01-15 14:55:44 -08:00 · a2463e8948
commit a2463e8948
parent d456bfdc6d
3 changed files with 26 additions and 2 deletions
--- a/wgengine/magicsock/legacy.go
+++ b/wgengine/magicsock/legacy.go
@ -30,9 +30,16 @@
 	"tailscale.com/types/wgkey"
 )

-var errNoDestinations = errors.New("magicsock: no destinations")
+var (
+	errNoDestinations = errors.New("magicsock: no destinations")
+	errDisabled       = errors.New("magicsock: legacy networking disabled")
+)

 func (c *Conn) createLegacyEndpointLocked(pk key.Public, addrs string) (conn.Endpoint, error) {
+	if c.disableLegacy {
+		return nil, errDisabled
+	}
+
 	a := &addrSet{
 		Logf:      c.logf,
 		publicKey: pk,
@ -78,6 +85,10 @@ func (c *Conn) createLegacyEndpointLocked(pk key.Public, addrs string) (conn.End
 }

 func (c *Conn) findLegacyEndpointLocked(ipp netaddr.IPPort, addr *net.UDPAddr, packet []byte) conn.Endpoint {
+	if c.disableLegacy {
+		return nil
+	}
+
 	// Pre-disco: look up their addrSet.
 	if as, ok := c.addrsByUDP[ipp]; ok {
 		as.updateDst(addr)
@ -139,6 +150,10 @@ func (c *Conn) resetAddrSetStatesLocked() {
 }

 func (c *Conn) sendAddrSet(b []byte, as *addrSet) error {
+	if c.disableLegacy {
+		return errDisabled
+	}
+
 	var addrBuf [8]netaddr.IPPort
 	dsts, roamAddr := as.appendDests(addrBuf[:0], b)

--- a/wgengine/magicsock/magicsock.go
+++ b/wgengine/magicsock/magicsock.go
@ -119,6 +119,7 @@ type Conn struct {
 	packetListener   nettype.PacketListener
 	noteRecvActivity func(tailcfg.DiscoKey) // or nil, see Options.NoteRecvActivity
 	simulatedNetwork bool
+	disableLegacy    bool

 	// ================================================================
 	// No locking required to access these fields, either because
@ -382,6 +383,11 @@ type Options struct {
 	// triggering macOS and Windows firwall dialog boxes during
 	// "go test").
 	SimulatedNetwork bool
+
+	// DisableLegacyNetworking disables legacy peer handling. When
+	// enabled, only active discovery-aware nodes will be able to
+	// communicate with Conn.
+	DisableLegacyNetworking bool
 }

 func (o *Options) logf() logger.Logf {
@ -1600,7 +1606,9 @@ func (c *Conn) ReceiveIPv4(b []byte) (n int, ep conn.Endpoint, addr *net.UDPAddr
 				c.logf("magicsock: DERP packet received from idle peer %v; created=%v", dm.src.ShortString(), ep != nil)
 			}
 		}
-		asEp = c.addrsByKey[dm.src]
+		if !c.disableLegacy {
+			asEp = c.addrsByKey[dm.src]
+		}
 		c.mu.Unlock()

 		if discoEp != nil {
--- a/wgengine/magicsock/magicsock_test.go
+++ b/wgengine/magicsock/magicsock_test.go
@ -1485,6 +1485,7 @@ func BenchmarkReceiveFrom(b *testing.B) {
 		EndpointsFunc: func(eps []string) {
 			b.Logf("endpoints: %q", eps)
 		},
+		DisableLegacyNetworking: true,
 	})
 	if err != nil {
 		b.Fatal(err)