From ac0f1cfcf4f14b5c54269616f436339e41e9c6a2 Mon Sep 17 00:00:00 2001
From: Jordan Whited <jordan@tailscale.com>
Date: Thu, 8 Aug 2024 15:38:18 -0700
Subject: [PATCH] net/netcheck: change DERP HTTPS latency measurement to TCP
 connect time

HTTPS and ICMP latency are fallbacks when STUN doesn't work. The lowest
value wins. When ICMP doesn't work you just get HTTPS. HTTPS latency was
way more variable than it needed to be as we were measuring "server
processing time" (inclusive of TLS, HTTPS) instead of just TCP connect
time.

We don't need to perform an HTTPS request, we really just need a TCP
ping, but aiming for a simpler change to start.

Updates tailscale/corp#22114

Signed-off-by: Jordan Whited <jordan@tailscale.com>
---
 net/netcheck/netcheck.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/netcheck/netcheck.go b/net/netcheck/netcheck.go
index 8eb50a61d..0d4f1af99 100644
--- a/net/netcheck/netcheck.go
+++ b/net/netcheck/netcheck.go
@@ -1108,9 +1108,9 @@ func (c *Client) measureHTTPSLatency(ctx context.Context, reg *tailcfg.DERPRegio
 	}
 	result.End(c.timeNow())
 
-	// TODO: decide best timing heuristic here.
-	// Maybe the server should return the tcpinfo_rtt?
-	return result.ServerProcessing, ip, nil
+	// TODO(jwhited): consider simplified TCP RTT. We don't need HTTPS or TLS
+	//  involvement above.
+	return result.TCPConnection, ip, nil
 }
 
 func (c *Client) measureAllICMPLatency(ctx context.Context, rs *reportState, need []*tailcfg.DERPRegion) error {