ipn/ipnlocal: introduce the concept of client-side-reachability (#17367)

The control plane will sometimes determine that a node is not online, while the node is still able to connect to its peers. This patch doesn’t solve this problem, but it does mitigate it. This PR introduces the `client-side-reachability` node attribute that switches the node to completely ignore the online signal from control. In the future, the client itself should collect reachability data from active Wireguard flows and Tailscale pings. Updates #17366 Updates tailscale/corp#30379 Updates tailscale/corp#32686 Signed-off-by: Simon Law <sfllaw@tailscale.com>
2025-10-02 16:01:55 -07:00
parent 24e38eb729
commit cd523eae52
4 changed files with 118 additions and 2 deletions
@@ -9,7 +9,10 @@ import (
 	"testing"
 	"time"

+	"tailscale.com/tailcfg"
 	"tailscale.com/tstest"
+	"tailscale.com/types/netmap"
+	"tailscale.com/types/ptr"
 	"tailscale.com/util/eventbus"
 )

@@ -122,3 +125,68 @@ func TestNodeBackendConcurrentReadyAndShutdown(t *testing.T) {

 	nb.Wait(context.Background())
 }
+
+func TestNodeBackendReachability(t *testing.T) {
+	for _, tc := range []struct {
+		name string
+
+		// Cap sets [tailcfg.NodeAttrClientSideReachability] on the self
+		// node.
+		//
+		// When disabled, the client relies on the control plane sending
+		// an accurate peer.Online flag. When enabled, the client
+		// ignores peer.Online and determines whether it can reach the
+		// peer node.
+		cap bool
+
+		peer tailcfg.Node
+		want bool
+	}{
+		{
+			name: "disabled/offline",
+			cap:  false,
+			peer: tailcfg.Node{
+				Online: ptr.To(false),
+			},
+			want: false,
+		},
+		{
+			name: "disabled/online",
+			cap:  false,
+			peer: tailcfg.Node{
+				Online: ptr.To(true),
+			},
+			want: true,
+		},
+		{
+			name: "enabled/offline",
+			cap:  true,
+			peer: tailcfg.Node{
+				Online: ptr.To(false),
+			},
+			want: true,
+		},
+		{
+			name: "enabled/online",
+			cap:  true,
+			peer: tailcfg.Node{
+				Online: ptr.To(true),
+			},
+			want: true,
+		},
+	} {
+		t.Run(tc.name, func(t *testing.T) {
+			nb := newNodeBackend(t.Context(), tstest.WhileTestRunningLogger(t), eventbus.New())
+			nb.netMap = &netmap.NetworkMap{}
+			if tc.cap {
+				nb.netMap.AllCaps.Make()
+				nb.netMap.AllCaps.Add(tailcfg.NodeAttrClientSideReachability)
+			}
+
+			got := nb.PeerIsReachable(t.Context(), tc.peer.View())
+			if got != tc.want {
+				t.Errorf("got %v, want %v", got, tc.want)
+			}
+		})
+	}
+}