ipn/ipnlocal, tka: compact TKA state after every sync

Previously a TKA compaction would only run when a node starts, which means a long-running node could use unbounded storage as it accumulates ever-increasing amounts of TKA state. This patch changes TKA so it runs a compaction after every sync. Updates https://github.com/tailscale/corp/issues/33537 Change-Id: I91df887ea0c5a5b00cb6caced85aeffa2a4b24ee Signed-off-by: Alex Chan <alexc@tailscale.com>
2025-12-23 17:16:29 +00:00 · 2025-11-17 16:38:57 +00:00
parent 38ccdbe35c
commit e1dd9222d4
10 changed files with 276 additions and 31 deletions
--- a/tka/tailchonk_test.go
+++ b/tka/tailchonk_test.go
@@ -35,7 +35,7 @@ func randHash(t *testing.T, seed int64) [blake2s.Size]byte {
 }

 func TestImplementsChonk(t *testing.T) {
-	impls := []Chonk{&Mem{}, &FS{}}
+	impls := []Chonk{ChonkMem(), &FS{}}
 	t.Logf("chonks: %v", impls)
 }

@@ -229,7 +229,7 @@ func TestMarkActiveChain(t *testing.T) {
 			verdict := make(map[AUMHash]retainState, len(tc.chain))

 			// Build the state of the tailchonk for tests.
-			storage := &Mem{}
+			storage := ChonkMem()
 			var prev AUMHash
 			for i := range tc.chain {
 				if !prev.IsZero() {
@@ -608,7 +608,7 @@ func TestCompactLongButYoung(t *testing.T) {
 	ourKey := Key{Kind: Key25519, Public: ourPriv.Public().Verifier(), Votes: 1}
 	someOtherKey := Key{Kind: Key25519, Public: key.NewNLPrivate().Public().Verifier(), Votes: 1}

-	storage := &Mem{}
+	storage := ChonkMem()
 	auth, _, err := Create(storage, State{
 		Keys:               []Key{ourKey, someOtherKey},
 		DisablementSecrets: [][]byte{DisablementKDF(bytes.Repeat([]byte{0xa5}, 32))},