webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

net/udprelay: use mono.Time instead of time.Time

Browse Source 
Fixes: https://github.com/tailscale/tailscale/issues/18064

Signed-off-by: Simar <simar@linux.com>
This commit is contained in:
Simar
2025-11-24 19:12:02 -07:00
committed by Jordan Whited
parent 076d5c7214
commit 363d882306
2 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/udprelay/server.go
+13 -12
View File
@@ -36,6 +36,7 @@ import (
"tailscale.com/net/udprelay/status" "tailscale.com/net/udprelay/status"
"tailscale.com/tailcfg" "tailscale.com/tailcfg"
"tailscale.com/tstime" "tailscale.com/tstime"
"tailscale.com/tstime/mono"
"tailscale.com/types/key" "tailscale.com/types/key"
"tailscale.com/types/logger" "tailscale.com/types/logger"
"tailscale.com/types/nettype" "tailscale.com/types/nettype"
@@ -78,7 +79,7 @@ type Server struct {
mu sync.Mutex // guards the following fields mu sync.Mutex // guards the following fields
macSecrets [][blake2s.Size]byte // [0] is most recent, max 2 elements macSecrets [][blake2s.Size]byte // [0] is most recent, max 2 elements
macSecretRotatedAt time.Time macSecretRotatedAt mono.Time
derpMap *tailcfg.DERPMap derpMap *tailcfg.DERPMap
onlyStaticAddrPorts bool // no dynamic addr port discovery when set onlyStaticAddrPorts bool // no dynamic addr port discovery when set
staticAddrPorts views.Slice[netip.AddrPort] // static ip:port pairs set with [Server.SetStaticAddrPorts] staticAddrPorts views.Slice[netip.AddrPort] // static ip:port pairs set with [Server.SetStaticAddrPorts]
@@ -109,13 +110,13 @@ type serverEndpoint struct {
discoSharedSecrets [2]key.DiscoShared discoSharedSecrets [2]key.DiscoShared
inProgressGeneration [2]uint32 // or zero if a handshake has never started, or has just completed inProgressGeneration [2]uint32 // or zero if a handshake has never started, or has just completed
boundAddrPorts [2]netip.AddrPort // or zero value if a handshake has never completed for that relay leg boundAddrPorts [2]netip.AddrPort // or zero value if a handshake has never completed for that relay leg
lastSeen [2]time.Time // TODO(jwhited): consider using mono.Time lastSeen [2]mono.Time
packetsRx [2]uint64 // num packets received from/sent by each client after they are bound packetsRx [2]uint64 // num packets received from/sent by each client after they are bound
bytesRx [2]uint64 // num bytes received from/sent by each client after they are bound bytesRx [2]uint64 // num bytes received from/sent by each client after they are bound
lamportID uint64 lamportID uint64
vni uint32 vni uint32
allocatedAt time.Time allocatedAt mono.Time
} }
func blakeMACFromBindMsg(blakeKey [blake2s.Size]byte, src netip.AddrPort, msg disco.BindUDPRelayEndpointCommon) ([blake2s.Size]byte, error) { func blakeMACFromBindMsg(blakeKey [blake2s.Size]byte, src netip.AddrPort, msg disco.BindUDPRelayEndpointCommon) ([blake2s.Size]byte, error) {
@@ -216,7 +217,7 @@ func (e *serverEndpoint) handleDiscoControlMsg(from netip.AddrPort, senderIndex
if bytes.Equal(mac[:], discoMsg.Challenge[:]) { if bytes.Equal(mac[:], discoMsg.Challenge[:]) {
// Handshake complete. Update the binding for this sender. // Handshake complete. Update the binding for this sender.
e.boundAddrPorts[senderIndex] = from e.boundAddrPorts[senderIndex] = from
e.lastSeen[senderIndex] = time.Now() // record last seen as bound time e.lastSeen[senderIndex] = mono.Now() // record last seen as bound time
e.inProgressGeneration[senderIndex] = 0 // reset to zero, which indicates there is no in-progress handshake e.inProgressGeneration[senderIndex] = 0 // reset to zero, which indicates there is no in-progress handshake
return nil, netip.AddrPort{} return nil, netip.AddrPort{}
} }
@@ -263,7 +264,7 @@ func (e *serverEndpoint) handleSealedDiscoControlMsg(from netip.AddrPort, b []by
return e.handleDiscoControlMsg(from, senderIndex, discoMsg, serverDisco, macSecrets) return e.handleDiscoControlMsg(from, senderIndex, discoMsg, serverDisco, macSecrets)
} }
func (e *serverEndpoint) handleDataPacket(from netip.AddrPort, b []byte, now time.Time) (write []byte, to netip.AddrPort) { func (e *serverEndpoint) handleDataPacket(from netip.AddrPort, b []byte, now mono.Time) (write []byte, to netip.AddrPort) {
if !e.isBound() { if !e.isBound() {
// not a control packet, but serverEndpoint isn't bound // not a control packet, but serverEndpoint isn't bound
return nil, netip.AddrPort{} return nil, netip.AddrPort{}
@@ -285,7 +286,7 @@ func (e *serverEndpoint) handleDataPacket(from netip.AddrPort, b []byte, now tim
} }
} }
func (e *serverEndpoint) isExpired(now time.Time, bindLifetime, steadyStateLifetime time.Duration) bool { func (e *serverEndpoint) isExpired(now mono.Time, bindLifetime, steadyStateLifetime time.Duration) bool {
if !e.isBound() { if !e.isBound() {
if now.Sub(e.allocatedAt) > bindLifetime { if now.Sub(e.allocatedAt) > bindLifetime {
return true return true
@@ -653,7 +654,7 @@ func (s *Server) endpointGCLoop() {
defer ticker.Stop() defer ticker.Stop()
gc := func() { gc := func() {
now := time.Now() now := mono.Now()
// TODO: consider performance implications of scanning all endpoints and // TODO: consider performance implications of scanning all endpoints and
// holding s.mu for the duration. Keep it simple (and slow) for now. // holding s.mu for the duration. Keep it simple (and slow) for now.
s.mu.Lock() s.mu.Lock()
@@ -700,7 +701,7 @@ func (s *Server) handlePacket(from netip.AddrPort, b []byte) (write []byte, to n
return nil, netip.AddrPort{} return nil, netip.AddrPort{}
} }
now := time.Now() now := mono.Now()
if gh.Control { if gh.Control {
if gh.Protocol != packet.GeneveProtocolDisco { if gh.Protocol != packet.GeneveProtocolDisco {
// control packet, but not Disco // control packet, but not Disco
@@ -713,7 +714,7 @@ func (s *Server) handlePacket(from netip.AddrPort, b []byte) (write []byte, to n
return e.handleDataPacket(from, b, now) return e.handleDataPacket(from, b, now)
} }
func (s *Server) maybeRotateMACSecretLocked(now time.Time) { func (s *Server) maybeRotateMACSecretLocked(now mono.Time) {
if !s.macSecretRotatedAt.IsZero() && now.Sub(s.macSecretRotatedAt) < macSecretRotationInterval { if !s.macSecretRotatedAt.IsZero() && now.Sub(s.macSecretRotatedAt) < macSecretRotationInterval {
return return
} }
@@ -908,7 +909,7 @@ func (s *Server) AllocateEndpoint(discoA, discoB key.DiscoPublic) (endpoint.Serv
e = &serverEndpoint{ e = &serverEndpoint{
discoPubKeys: pair, discoPubKeys: pair,
lamportID: s.lamportID, lamportID: s.lamportID,
allocatedAt: time.Now(), allocatedAt: mono.Now(),
vni: vni, vni: vni,
} }
e.discoSharedSecrets[0] = s.disco.Shared(e.discoPubKeys.Get()[0]) e.discoSharedSecrets[0] = s.disco.Shared(e.discoPubKeys.Get()[0])
net/udprelay/server_test.go
+2 -1
View File
@@ -18,6 +18,7 @@ import (
"golang.org/x/crypto/blake2s" "golang.org/x/crypto/blake2s"
"tailscale.com/disco" "tailscale.com/disco"
"tailscale.com/net/packet" "tailscale.com/net/packet"
"tailscale.com/tstime/mono"
"tailscale.com/types/key" "tailscale.com/types/key"
"tailscale.com/types/views" "tailscale.com/types/views"
) )
@@ -452,7 +453,7 @@ func Benchmark_blakeMACFromBindMsg(b *testing.B) {
func TestServer_maybeRotateMACSecretLocked(t *testing.T) { func TestServer_maybeRotateMACSecretLocked(t *testing.T) {
s := &Server{} s := &Server{}
start := time.Now() start := mono.Now()
s.maybeRotateMACSecretLocked(start) s.maybeRotateMACSecretLocked(start)
qt.Assert(t, len(s.macSecrets), qt.Equals, 1) qt.Assert(t, len(s.macSecrets), qt.Equals, 1)
macSecret := s.macSecrets[0] macSecret := s.macSecrets[0]