mirror of
https://github.com/tailscale/tailscale.git
synced 2025-01-07 08:07:42 +00:00
magicsock: spray some normal packets after a handshake
In particular, this is designed to catch the case where a HandshakeInitiation packet is sent out but the intermediate NATs have not been primed, so the packet passes over DERP. In that case, the HandshakeResponse also comes back over DERP, and the connection proceeds via DERP without ever trying to punch through the NAT. With this change, the HandshakeResponse (which was sprayed out and so primed one NAT) triggers an UpdateDst, which triggers the extra spray logic. (For this to work, there has to be an initial supply of packets to send on to a peer for the three seconds following a handshake. The source of these packets is left as a future exercise.) Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
This commit is contained in:
parent
8696b17b5f
commit
a6ad3c46e2
@ -387,11 +387,37 @@ func shouldSprayPacket(b []byte) bool {
|
|||||||
//
|
//
|
||||||
// It also returns as's current roamAddr, if any.
|
// It also returns as's current roamAddr, if any.
|
||||||
func appendDests(dsts []*net.UDPAddr, as *AddrSet, b []byte) (_ []*net.UDPAddr, roamAddr *net.UDPAddr) {
|
func appendDests(dsts []*net.UDPAddr, as *AddrSet, b []byte) (_ []*net.UDPAddr, roamAddr *net.UDPAddr) {
|
||||||
spray := shouldSprayPacket(b)
|
spray := shouldSprayPacket(b) // true for handshakes
|
||||||
|
now := time.Now()
|
||||||
|
|
||||||
as.mu.Lock()
|
as.mu.Lock()
|
||||||
defer as.mu.Unlock()
|
defer as.mu.Unlock()
|
||||||
|
|
||||||
|
// Spray logic.
|
||||||
|
//
|
||||||
|
// After exchanging a handshake with a peer, we send some outbound
|
||||||
|
// packets to every endpoint of that peer. These packets are spaced out
|
||||||
|
// over several seconds to make sure that our peer has an opportunity to
|
||||||
|
// send its own spray packet to us before we are done spraying.
|
||||||
|
//
|
||||||
|
// Multiple packets are necessary because we have to both establish the
|
||||||
|
// NAT mappings between two peers *and use* the mappings to switch away
|
||||||
|
// from DERP to a higher-priority UDP endpoint.
|
||||||
|
const sprayPeriod = 3 * time.Second
|
||||||
|
const sprayFreq = 250 * time.Millisecond
|
||||||
|
if spray {
|
||||||
|
as.lastSpray = now
|
||||||
|
as.stopSpray = now.Add(sprayPeriod)
|
||||||
|
} else if now.Before(as.stopSpray) {
|
||||||
|
// We are in the spray window. If it has been sprayFreq since we
|
||||||
|
// last sprayed a packet, spray this packet.
|
||||||
|
if now.Sub(as.lastSpray) >= sprayFreq {
|
||||||
|
spray = true
|
||||||
|
as.lastSpray = now
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Pick our destination address(es).
|
||||||
roamAddr = as.roamAddr
|
roamAddr = as.roamAddr
|
||||||
if roamAddr != nil {
|
if roamAddr != nil {
|
||||||
dsts = append(dsts, roamAddr)
|
dsts = append(dsts, roamAddr)
|
||||||
@ -775,7 +801,7 @@ type AddrSet struct {
|
|||||||
publicKey key.Public // peer public key used for DERP communication
|
publicKey key.Public // peer public key used for DERP communication
|
||||||
addrs []net.UDPAddr // ordered priority list (low to high) provided by wgengine
|
addrs []net.UDPAddr // ordered priority list (low to high) provided by wgengine
|
||||||
|
|
||||||
mu sync.Mutex // guards roamAddr and curAddr
|
mu sync.Mutex // guards following fields
|
||||||
|
|
||||||
// roamAddr is non-nil if/when we receive a correctly signed
|
// roamAddr is non-nil if/when we receive a correctly signed
|
||||||
// WireGuard packet from an unexpected address. If so, we
|
// WireGuard packet from an unexpected address. If so, we
|
||||||
@ -789,6 +815,12 @@ type AddrSet struct {
|
|||||||
// address a valid packet has been received from so far.
|
// address a valid packet has been received from so far.
|
||||||
// If no valid packet from addrs has been received, curAddr is -1.
|
// If no valid packet from addrs has been received, curAddr is -1.
|
||||||
curAddr int
|
curAddr int
|
||||||
|
|
||||||
|
// stopSpray is the time after which we stop spraying packets.
|
||||||
|
stopSpray time.Time
|
||||||
|
|
||||||
|
// lastSpray is the lsat time we sprayed a packet.
|
||||||
|
lastSpray time.Time
|
||||||
}
|
}
|
||||||
|
|
||||||
var noAddr = &net.UDPAddr{
|
var noAddr = &net.UDPAddr{
|
||||||
|
Loading…
x
Reference in New Issue
Block a user