From 5d1bf805970649b1182d975737438ef301109c22 Mon Sep 17 00:00:00 2001 From: Simon Law Date: Fri, 15 May 2026 15:50:50 -0700 Subject: [PATCH] feature/routecheck: add ts_omit_routecheck feature flag (#19638) RouteCheck, which checks that overlapping routers are reachable, is enabled by default for both tailscaled and tsnet. Updates #17366 Updates tailscale/corp#33033 Signed-off-by: Simon Law --- cmd/tailscaled/depaware.txt | 1 + cmd/tailscaled/deps_test.go | 13 +++++++++++++ .../feature_routecheck_disabled.go | 13 +++++++++++++ .../buildfeatures/feature_routecheck_enabled.go | 13 +++++++++++++ feature/condregister/maybe_routecheck.go | 8 ++++++++ feature/featuretags/featuretags.go | 4 ++++ feature/routecheck/routecheck.go | 17 +++++++++++++++++ 7 files changed, 69 insertions(+) create mode 100644 feature/buildfeatures/feature_routecheck_disabled.go create mode 100644 feature/buildfeatures/feature_routecheck_enabled.go create mode 100644 feature/condregister/maybe_routecheck.go create mode 100644 feature/routecheck/routecheck.go diff --git a/cmd/tailscaled/depaware.txt b/cmd/tailscaled/depaware.txt index 57332f5f8..7e0e95be8 100644 --- a/cmd/tailscaled/depaware.txt +++ b/cmd/tailscaled/depaware.txt @@ -303,6 +303,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/feature/portmapper from tailscale.com/feature/condregister/portmapper tailscale.com/feature/posture from tailscale.com/feature/condregister tailscale.com/feature/relayserver from tailscale.com/feature/condregister + tailscale.com/feature/routecheck from tailscale.com/feature/condregister L tailscale.com/feature/sdnotify from tailscale.com/feature/condregister LD tailscale.com/feature/ssh from tailscale.com/cmd/tailscaled tailscale.com/feature/syspolicy from tailscale.com/feature/condregister+ diff --git a/cmd/tailscaled/deps_test.go b/cmd/tailscaled/deps_test.go index be4f65a7d..e91509765 100644 --- a/cmd/tailscaled/deps_test.go +++ b/cmd/tailscaled/deps_test.go @@ -202,6 +202,19 @@ func TestOmitPortlist(t *testing.T) { }.Check(t) } +func TestOmitRouteCheck(t *testing.T) { + deptest.DepChecker{ + GOOS: "linux", + GOARCH: "amd64", + Tags: "ts_omit_routecheck,ts_include_cli", + OnDep: func(dep string) { + if strings.Contains(dep, "routecheck") { + t.Errorf("unexpected dep: %q", dep) + } + }, + }.Check(t) +} + func TestOmitGRO(t *testing.T) { deptest.DepChecker{ GOOS: "linux", diff --git a/feature/buildfeatures/feature_routecheck_disabled.go b/feature/buildfeatures/feature_routecheck_disabled.go new file mode 100644 index 000000000..e728fc91d --- /dev/null +++ b/feature/buildfeatures/feature_routecheck_disabled.go @@ -0,0 +1,13 @@ +// Copyright (c) Tailscale Inc & contributors +// SPDX-License-Identifier: BSD-3-Clause + +// Code generated by gen.go; DO NOT EDIT. + +//go:build ts_omit_routecheck + +package buildfeatures + +// HasRouteCheck is whether the binary was built with support for modular feature "Support checking the reachability of overlapping routers, for choosing between multiple network paths to the same IP address". +// Specifically, it's whether the binary was NOT built with the "ts_omit_routecheck" build tag. +// It's a const so it can be used for dead code elimination. +const HasRouteCheck = false diff --git a/feature/buildfeatures/feature_routecheck_enabled.go b/feature/buildfeatures/feature_routecheck_enabled.go new file mode 100644 index 000000000..34fffb835 --- /dev/null +++ b/feature/buildfeatures/feature_routecheck_enabled.go @@ -0,0 +1,13 @@ +// Copyright (c) Tailscale Inc & contributors +// SPDX-License-Identifier: BSD-3-Clause + +// Code generated by gen.go; DO NOT EDIT. + +//go:build !ts_omit_routecheck + +package buildfeatures + +// HasRouteCheck is whether the binary was built with support for modular feature "Support checking the reachability of overlapping routers, for choosing between multiple network paths to the same IP address". +// Specifically, it's whether the binary was NOT built with the "ts_omit_routecheck" build tag. +// It's a const so it can be used for dead code elimination. +const HasRouteCheck = true diff --git a/feature/condregister/maybe_routecheck.go b/feature/condregister/maybe_routecheck.go new file mode 100644 index 000000000..2d98c43db --- /dev/null +++ b/feature/condregister/maybe_routecheck.go @@ -0,0 +1,8 @@ +// Copyright (c) Tailscale Inc & contributors +// SPDX-License-Identifier: BSD-3-Clause + +//go:build !ts_omit_routecheck + +package condregister + +import _ "tailscale.com/feature/routecheck" diff --git a/feature/featuretags/featuretags.go b/feature/featuretags/featuretags.go index e44a4f592..2c12b6960 100644 --- a/feature/featuretags/featuretags.go +++ b/feature/featuretags/featuretags.go @@ -235,6 +235,10 @@ var Features = map[FeatureTag]FeatureMeta{ Desc: "Linux systemd-resolved integration", Deps: []FeatureTag{"dbus"}, }, + "routecheck": { + Sym: "RouteCheck", + Desc: "Support checking the reachability of overlapping routers, for choosing between multiple network paths to the same IP address", + }, "sdnotify": { Sym: "SDNotify", Desc: "systemd notification support", diff --git a/feature/routecheck/routecheck.go b/feature/routecheck/routecheck.go new file mode 100644 index 000000000..055ceb379 --- /dev/null +++ b/feature/routecheck/routecheck.go @@ -0,0 +1,17 @@ +// Copyright (c) Tailscale Inc & contributors +// SPDX-License-Identifier: BSD-3-Clause + +// Package routecheck registers support for RouteCheck, +// which checks the reachability of overlapping routers. +// +// When there are multiple network paths to an IP address, it is being routed by +// overlapping routers. The client uses reachability to pick between those +// paths: either sticking with an active WireGuard session or choosing from the +// peers that it has determined it can reach. It doesn’t need reachability for +// IP addresses that have only one network path, since it can naively attempt to +// establish a WireGuard session. +package routecheck + +func init() { + // TODO(sfllaw): Initialize the new routecheck package. +}