mirror of https://github.com/coder/coder.git
fix: never send local endpoints if disabled (#12138)
This commit is contained in:
parent
c63f569174
commit
9861830e87
2
go.mod
2
go.mod
|
@ -33,7 +33,7 @@ replace github.com/dlclark/regexp2 => github.com/dlclark/regexp2 v1.7.0
|
|||
|
||||
// There are a few minor changes we make to Tailscale that we're slowly upstreaming. Compare here:
|
||||
// https://github.com/tailscale/tailscale/compare/main...coder:tailscale:main
|
||||
replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20231205095743-61c97bad8c8b
|
||||
replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240214140224-3788ab894ba1
|
||||
|
||||
// Fixes a race-condition in coder/wgtunnel.
|
||||
// Upstream PR: https://github.com/WireGuard/wireguard-go/pull/85
|
||||
|
|
4
go.sum
4
go.sum
|
@ -202,8 +202,8 @@ github.com/coder/retry v1.5.1 h1:iWu8YnD8YqHs3XwqrqsjoBTAVqT9ml6z9ViJ2wlMiqc=
|
|||
github.com/coder/retry v1.5.1/go.mod h1:blHMk9vs6LkoRT9ZHyuZo360cufXEhrxqvEzeMtRGoY=
|
||||
github.com/coder/ssh v0.0.0-20231128192721-70855dedb788 h1:YoUSJ19E8AtuUFVYBpXuOD6a/zVP3rcxezNsoDseTUw=
|
||||
github.com/coder/ssh v0.0.0-20231128192721-70855dedb788/go.mod h1:aGQbuCLyhRLMzZF067xc84Lh7JDs1FKwCmF1Crl9dxQ=
|
||||
github.com/coder/tailscale v1.1.1-0.20231205095743-61c97bad8c8b h1:ut/aL6oI8TjGdg4JI8+bKB9w5j73intbe0dJAmcmYyQ=
|
||||
github.com/coder/tailscale v1.1.1-0.20231205095743-61c97bad8c8b/go.mod h1:L8tPrwSi31RAMEMV8rjb0vYTGs7rXt8rAHbqY/p41j4=
|
||||
github.com/coder/tailscale v1.1.1-0.20240214140224-3788ab894ba1 h1:A7dZHNidAVH6Kxn5D3hTEH+iRO8slnM0aRer6/cxlyE=
|
||||
github.com/coder/tailscale v1.1.1-0.20240214140224-3788ab894ba1/go.mod h1:L8tPrwSi31RAMEMV8rjb0vYTGs7rXt8rAHbqY/p41j4=
|
||||
github.com/coder/terraform-provider-coder v0.17.0 h1:qwdLSbh6vPN+QDDvw1WNSYYEFlFwJFwzzP9vrvwr/ks=
|
||||
github.com/coder/terraform-provider-coder v0.17.0/go.mod h1:pACHRoXSHBGyY696mLeQ1hR/Ag1G2wFk5bw0mT5Zp2g=
|
||||
github.com/coder/wgtunnel v0.1.13-0.20231127054351-578bfff9b92a h1:KhR9LUVllMZ+e9lhubZ1HNrtJDgH5YLoTvpKwmrGag4=
|
||||
|
|
|
@ -168,6 +168,7 @@ func NewConn(options *Options) (conn *Conn, err error) {
|
|||
|
||||
magicConn := sys.MagicSock.Get()
|
||||
magicConn.SetDERPForceWebsockets(options.DERPForceWebSockets)
|
||||
magicConn.SetBlockEndpoints(options.BlockEndpoints)
|
||||
if options.DERPHeader != nil {
|
||||
magicConn.SetDERPHeader(options.DERPHeader.Clone())
|
||||
}
|
||||
|
@ -345,6 +346,7 @@ func (c *Conn) SetDERPForceWebSockets(v bool) {
|
|||
func (c *Conn) SetBlockEndpoints(blockEndpoints bool) {
|
||||
c.configMaps.setBlockEndpoints(blockEndpoints)
|
||||
c.nodeUpdater.setBlockEndpoints(blockEndpoints)
|
||||
c.magicConn.SetBlockEndpoints(blockEndpoints)
|
||||
}
|
||||
|
||||
// SetDERPRegionDialer updates the dialer to use for connecting to DERP regions.
|
||||
|
|
|
@ -4,6 +4,7 @@ import (
|
|||
"context"
|
||||
"net/netip"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
@ -412,6 +413,63 @@ parentLoop:
|
|||
require.True(t, client2.AwaitReachable(awaitReachableCtx4, ip))
|
||||
}
|
||||
|
||||
func TestConn_BlockEndpoints(t *testing.T) {
|
||||
t.Parallel()
|
||||
logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
|
||||
|
||||
derpMap, _ := tailnettest.RunDERPAndSTUN(t)
|
||||
|
||||
// Setup conn 1.
|
||||
ip1 := tailnet.IP()
|
||||
conn1, err := tailnet.NewConn(&tailnet.Options{
|
||||
Addresses: []netip.Prefix{netip.PrefixFrom(ip1, 128)},
|
||||
Logger: logger.Named("w1"),
|
||||
DERPMap: derpMap,
|
||||
BlockEndpoints: true,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
defer func() {
|
||||
err := conn1.Close()
|
||||
assert.NoError(t, err)
|
||||
}()
|
||||
|
||||
// Setup conn 2.
|
||||
ip2 := tailnet.IP()
|
||||
conn2, err := tailnet.NewConn(&tailnet.Options{
|
||||
Addresses: []netip.Prefix{netip.PrefixFrom(ip2, 128)},
|
||||
Logger: logger.Named("w2"),
|
||||
DERPMap: derpMap,
|
||||
BlockEndpoints: true,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
defer func() {
|
||||
err := conn2.Close()
|
||||
assert.NoError(t, err)
|
||||
}()
|
||||
|
||||
// Connect them together and wait for them to be reachable.
|
||||
stitch(t, conn2, conn1)
|
||||
stitch(t, conn1, conn2)
|
||||
awaitReachableCtx, awaitReachableCancel := context.WithTimeout(context.Background(), testutil.WaitShort)
|
||||
defer awaitReachableCancel()
|
||||
require.True(t, conn1.AwaitReachable(awaitReachableCtx, ip2))
|
||||
|
||||
// Wait 10s for endpoints to potentially be sent over Disco. There's no way
|
||||
// to force Disco to send endpoints immediately.
|
||||
time.Sleep(10 * time.Second)
|
||||
|
||||
// Double check that both peers don't have endpoints for the other peer
|
||||
// according to magicsock.
|
||||
conn1Status, ok := conn1.Status().Peer[conn2.Node().Key]
|
||||
require.True(t, ok)
|
||||
require.Empty(t, conn1Status.Addrs)
|
||||
require.Empty(t, conn1Status.CurAddr)
|
||||
conn2Status, ok := conn2.Status().Peer[conn1.Node().Key]
|
||||
require.True(t, ok)
|
||||
require.Empty(t, conn2Status.Addrs)
|
||||
require.Empty(t, conn2Status.CurAddr)
|
||||
}
|
||||
|
||||
// stitch sends node updates from src Conn as peer updates to dst Conn. Sort of
|
||||
// like the Coordinator would, but without actually needing a Coordinator.
|
||||
func stitch(t *testing.T, dst, src *tailnet.Conn) {
|
||||
|
|
Loading…
Reference in New Issue