tailscale/wgengine/netstack
Andrew Dunham 7429e8912a wgengine/netstack: fix bug with duplicate SYN packets in client limit
This fixes a bug that was introduced in #11258 where the handling of the
per-client limit didn't properly account for the fact that the gVisor
TCP forwarder will return 'true' to indicate that it's handled a
duplicate SYN packet, but not launch the handler goroutine.

In such a case, we neither decremented our per-client limit in the
wrapper function, nor did we do so in the handler function, leading to
our per-client limit table slowly filling up without bound.

Fix this by doing the same duplicate-tracking logic that the TCP
forwarder does so we can detect such cases and appropriately decrement
our in-flight counter.

Updates tailscale/corp#12184

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: Ib6011a71d382a10d68c0802593f34b8153d06892
2024-03-11 08:05:00 -04:00
..
netstack_linux.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
netstack_test.go wgengine/netstack: fix bug with duplicate SYN packets in client limit 2024-03-11 08:05:00 -04:00
netstack.go wgengine/netstack: fix bug with duplicate SYN packets in client limit 2024-03-11 08:05:00 -04:00
subnet_router_wrapper.go tsd: add package with System type to unify subsystem init, discovery 2023-05-04 14:21:59 -07:00