webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

wgengine/netstack: stop inject goroutine from leaking in Impl.Start (#19721)

Browse Source 
This patch fixes a data race in wgengine/netstack that surfaced while
running both TestTCPForwardLimits and TestTCPForwardLimits_PerClient.
Because these two tests both setup the TS_DEBUG_NETSTACK envknob, a
race happens because netstack.Impl.Close leaked its inject goroutine.
The inject goroutine also reads the TS_DEBUG_NETSTACK envknob, so if
it is still running when the next test starts, then it will break.

This patch also cleans up the tests a bit, ensuring that neither of
them run in T.Parallel. It also adds a T.Cleanup call to clear the
envknob.

Fixes #19720

Signed-off-by: Simon Law <sfllaw@tailscale.com>
This commit is contained in:
Simon Law
2026-05-13 08:13:40 -07:00
committed by GitHub
parent 6467f0d067
commit e4e59a2af0
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
wgengine/netstack/netstack.go
+5 -1
View File
@@ -216,6 +216,7 @@ type Impl struct {
dialer *tsdial.Dialer
ctx context.Context // alive until Close
ctxCancel context.CancelFunc // called on Close
injectWG sync.WaitGroup // wait for the inject goroutine
lb *ipnlocal.LocalBackend // or nil
dns *dns.Manager
@@ -450,6 +451,7 @@ func (ns *Impl) Close() error {
ns.ctxCancel()
ns.ipstack.Close()
ns.ipstack.Wait()
ns.injectWG.Wait()
return nil
}
@@ -644,7 +646,9 @@ func (ns *Impl) Start(b LocalBackend) error {
udpFwd := udp.NewForwarder(ns.ipstack, ns.acceptUDPNoICMP)
ns.ipstack.SetTransportProtocolHandler(tcp.ProtocolNumber, ns.wrapTCPProtocolHandler(tcpFwd.HandlePacket))
ns.ipstack.SetTransportProtocolHandler(udp.ProtocolNumber, ns.wrapUDPProtocolHandler(udpFwd.HandlePacket))
go ns.inject()
ns.injectWG.Go(func() {
ns.inject()
})
if ns.ready.Swap(true) {
panic("already started")
}
wgengine/netstack/netstack_test.go
+4
View File
@@ -737,7 +737,10 @@ func makeHangDialer(tb testing.TB) (netx.DialFunc, chan struct{}) {
// TestTCPForwardLimits verifies that the limits on the TCP forwarder work in a
// success case (i.e. when we don't hit the limit).
func TestTCPForwardLimits(t *testing.T) {
tstest.AssertNotParallel(t) // calls envknob.Setenv
envknob.Setenv("TS_DEBUG_NETSTACK", "true")
t.Cleanup(func() { envknob.Setenv("TS_DEBUG_NETSTACK", "") })
impl := makeNetstack(t, func(impl *Impl) {
impl.ProcessSubnets = true
})
@@ -815,6 +818,7 @@ func TestTCPForwardLimits_PerClient(t *testing.T) {
clientmetric.ResetForTest(t)
tstest.AssertNotParallel(t) // calls envknob.Setenv
envknob.Setenv("TS_DEBUG_NETSTACK", "true")
t.Cleanup(func() { envknob.Setenv("TS_DEBUG_NETSTACK", "") })
// Set our test override limits during this test.
maxInFlightConnectionAttemptsForTest.Store(2)