wgengine/magicsock: fix discoEndpoint caching bug when a node key changes

Fixes #1391 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit e9e4f1063d)
2024-11-29 04:55:31 +00:00 · 2021-02-23 14:26:29 -08:00 · 2021-02-23 14:26:29 -08:00 · b8b83c8a3f
commit b8b83c8a3f
parent 2d0bd18a08
2 changed files with 73 additions and 1 deletions
--- a/wgengine/magicsock/magicsock.go
+++ b/wgengine/magicsock/magicsock.go
@ -2264,8 +2264,12 @@ func (c *Conn) SetNetworkMap(nm *controlclient.NetworkMap) {
 			continue
 		}
 		numDisco++
-		if ep, ok := c.endpointOfDisco[n.DiscoKey]; ok {
+		if ep, ok := c.endpointOfDisco[n.DiscoKey]; ok && ep.publicKey == n.Key {
 			ep.updateFromNode(n)
+		} else if ok {
+			c.logf("magicsock: disco key %v changed from node key %v to %v", n.DiscoKey, ep.publicKey.ShortString(), n.Key.ShortString())
+			ep.stopAndReset()
+			delete(c.endpointOfDisco, n.DiscoKey)
 		}
 	}

--- a/wgengine/magicsock/magicsock_test.go
+++ b/wgengine/magicsock/magicsock_test.go
@ -1601,3 +1601,71 @@ func BenchmarkReceiveFrom_Native(b *testing.B) {
 		}
 	}
 }
+
+// Test that a netmap update where node changes its node key but
+// doesn't change its disco key doesn't result in a broken state.
+//
+// https://github.com/tailscale/tailscale/issues/1391
+func TestSetNetworkMapChangingNodeKey(t *testing.T) {
+	conn := newNonLegacyTestConn(t)
+	t.Cleanup(func() { conn.Close() })
+	var logBuf bytes.Buffer
+	conn.logf = func(format string, a ...interface{}) {
+		fmt.Fprintf(&logBuf, format, a...)
+		if !bytes.HasSuffix(logBuf.Bytes(), []byte("\n")) {
+			logBuf.WriteByte('\n')
+		}
+	}
+
+	conn.SetPrivateKey(wgkey.Private{0: 1})
+
+	discoKey := tailcfg.DiscoKey{31: 1}
+	nodeKey1 := tailcfg.NodeKey{0: 'N', 1: 'K', 2: '1'}
+	nodeKey2 := tailcfg.NodeKey{0: 'N', 1: 'K', 2: '2'}
+
+	conn.SetNetworkMap(&controlclient.NetworkMap{
+		Peers: []*tailcfg.Node{
+			{
+				Key:       nodeKey1,
+				DiscoKey:  discoKey,
+				Endpoints: []string{"192.168.1.2:345"},
+			},
+		},
+	})
+	_, err := conn.CreateEndpoint([32]byte(nodeKey1), "0000000000000000000000000000000000000000000000000000000000000001.disco.tailscale:12345")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for i := 0; i < 3; i++ {
+		conn.SetNetworkMap(&controlclient.NetworkMap{
+			Peers: []*tailcfg.Node{
+				{
+					Key:       nodeKey2,
+					DiscoKey:  discoKey,
+					Endpoints: []string{"192.168.1.2:345"},
+				},
+			},
+		})
+	}
+
+	de := conn.endpointOfDisco[discoKey]
+	if de != nil && de.publicKey != nodeKey2 {
+		t.Fatalf("discoEndpoint public key = %q; want %q", de.publicKey[:], nodeKey2[:])
+	}
+
+	log := logBuf.String()
+	wantSub := map[string]int{
+		"magicsock: got updated network map; 1 peers (1 with discokey)":                                                                           2,
+		"magicsock: disco key discokey:0000000000000000000000000000000000000000000000000000000000000001 changed from node key [TksxA] to [TksyA]": 1,
+	}
+	for sub, want := range wantSub {
+		got := strings.Count(log, sub)
+		if got != want {
+			t.Errorf("in log, count of substring %q = %v; want %v", sub, got, want)
+		}
+	}
+	if t.Failed() {
+		t.Logf("log output: %s", log)
+	}
+}