tailscale/net/captivedetection
Andrea Gottardo ed1ac799c8
net/captivedetection: set Timeout on net.Dialer (#13613)
Updates tailscale/tailscale#1634
Updates tailscale/tailscale#13265

Captive portal detection uses a custom `net.Dialer` in its `http.Client`. This custom Dialer ensures that the socket is bound specifically to the Wi-Fi interface. This is crucial because without it, if any default routes are set, the outgoing requests for detecting a captive portal would bypass Wi-Fi and go through the default route instead.

The Dialer did not have a Timeout property configured, so the default system timeout was applied. This caused issues in #13265, where we attempted to make captive portal detection requests over an IPsec interface used for Wi-Fi Calling. The call to `connect()` would fail and remain blocked until the system timeout (approximately 1 minute) was reached.

In #13598, I simply excluded the IPsec interface from captive portal detection. This was a quick and safe mitigation for the issue. This PR is a follow-up to make the process more robust, by setting a 3 seconds timeout on any connection establishment on any interface (this is the same timeout interval we were already setting on the HTTP client).

Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
2024-10-02 15:29:46 +00:00
..
captivedetection_test.go net/captivedetection: mark TestAllEndpointsAreUpAndReturnExpectedResponse flaky (#13021) 2024-08-03 22:08:55 +00:00
captivedetection.go net/captivedetection: set Timeout on net.Dialer (#13613) 2024-10-02 15:29:46 +00:00
endpoints.go health: introduce captive-portal-detected Warnable (#12707) 2024-07-26 11:25:55 -07:00
rawconn_apple.go health: introduce captive-portal-detected Warnable (#12707) 2024-07-26 11:25:55 -07:00
rawconn.go health: introduce captive-portal-detected Warnable (#12707) 2024-07-26 11:25:55 -07:00