wgengine: stop importing flowtrack when unused

Updates #12614

Change-Id: I42b5c4d623d356af4bee5bbdabaaf0f6822f2bf4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

wgengine/pendopen.go

@@ -1,6 +1,8 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
+//go:build !ts_omit_debug
+
 package wgengine
 
 import (
@@ -20,6 +22,8 @@ import (
 	"tailscale.com/wgengine/filter"
 )
 
+type flowtrackTuple = flowtrack.Tuple
+
 const tcpTimeoutBeforeDebug = 5 * time.Second
 
 type pendingOpenFlow struct {
@@ -56,6 +60,10 @@ func (e *userspaceEngine) noteFlowProblemFromPeer(f flowtrack.Tuple, problem pac
 	of.problem = problem
 }
 
+func tsRejectFlow(rh packet.TailscaleRejectedHeader) flowtrack.Tuple {
+	return flowtrack.MakeTuple(rh.Proto, rh.Src, rh.Dst)
+}
+
 func (e *userspaceEngine) trackOpenPreFilterIn(pp *packet.Parsed, t *tstun.Wrapper) (res filter.Response) {
 	res = filter.Accept // always
 
@@ -66,8 +74,8 @@ func (e *userspaceEngine) trackOpenPreFilterIn(pp *packet.Parsed, t *tstun.Wrapp
 			return
 		}
 		if rh.MaybeBroken {
-			e.noteFlowProblemFromPeer(rh.Flow(), rh.Reason)
-		} else if f := rh.Flow(); e.removeFlow(f) {
+			e.noteFlowProblemFromPeer(tsRejectFlow(rh), rh.Reason)
+		} else if f := tsRejectFlow(rh); e.removeFlow(f) {
 			e.logf("open-conn-track: flow %v %v > %v rejected due to %v", rh.Proto, rh.Src, rh.Dst, rh.Reason)
 		}
 		return

wgengine/pendopen_omit.go

@@ -0,0 +1,24 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build ts_omit_debug
+
+package wgengine
+
+import (
+	"tailscale.com/net/packet"
+	"tailscale.com/net/tstun"
+	"tailscale.com/wgengine/filter"
+)
+
+type flowtrackTuple = struct{}
+
+type pendingOpenFlow struct{}
+
+func (*userspaceEngine) trackOpenPreFilterIn(pp *packet.Parsed, t *tstun.Wrapper) (res filter.Response) {
+	panic("unreachable")
+}
+
+func (*userspaceEngine) trackOpenPostFilterOut(pp *packet.Parsed, t *tstun.Wrapper) (res filter.Response) {
+	panic("unreachable")
+}

wgengine/userspace.go

@@ -29,7 +29,6 @@ import (
 	"tailscale.com/ipn/ipnstate"
 	"tailscale.com/net/dns"
 	"tailscale.com/net/dns/resolver"
-	"tailscale.com/net/flowtrack"
 	"tailscale.com/net/ipset"
 	"tailscale.com/net/netmon"
 	"tailscale.com/net/packet"
@@ -147,7 +146,7 @@ type userspaceEngine struct {
 	statusCallback StatusCallback
 	peerSequence   []key.NodePublic
 	endpoints      []tailcfg.Endpoint
-	pendOpen       map[flowtrack.Tuple]*pendingOpenFlow // see pendopen.go
+	pendOpen       map[flowtrackTuple]*pendingOpenFlow // see pendopen.go
 
 	// pongCallback is the map of response handlers waiting for disco or TSMP
 	// pong callbacks. The map key is a random slice of bytes.