From b546a6e758a9e0f7f44dd926d2cf539232426aab Mon Sep 17 00:00:00 2001 From: Lee Briggs Date: Tue, 9 Jul 2024 18:47:46 -0700 Subject: [PATCH] wgengine/magicsock: allow a CSV list for pretendpoint Load Balancers often have more than one ingress IP, so allowing us to add multiple means we can offer multiple options. Updates #12578 Change-Id: I4aa49a698d457627d2f7011796d665c67d4c7952 Signed-off-by: Lee Briggs --- wgengine/magicsock/debugknobs.go | 28 +++++++++++++++++--------- wgengine/magicsock/debugknobs_stubs.go | 2 +- wgengine/magicsock/magicsock.go | 6 ++++-- 3 files changed, 23 insertions(+), 13 deletions(-) diff --git a/wgengine/magicsock/debugknobs.go b/wgengine/magicsock/debugknobs.go index 90b49d86f..f8fd9f040 100644 --- a/wgengine/magicsock/debugknobs.go +++ b/wgengine/magicsock/debugknobs.go @@ -8,6 +8,7 @@ import ( "log" "net/netip" + "strings" "sync" "tailscale.com/envknob" @@ -73,17 +74,24 @@ // startup. func inTest() bool { return envknob.Bool("IN_TS_TEST") } -// pretendpoint returns TS_DEBUG_PRETENDPOINT as an AddrPort, if set. +// pretendpoints returns TS_DEBUG_PRETENDPOINT as []AddrPort, if set. // See https://github.com/tailscale/tailscale/issues/12578 and // https://github.com/tailscale/tailscale/pull/12735. -var pretendpoint = sync.OnceValue(func() (ap netip.AddrPort) { - s := envknob.String("TS_DEBUG_PRETENDPOINT") - if s == "" { - return +// +// It can be between 0 and 3 comma-separated AddrPorts. +var pretendpoints = sync.OnceValue(func() (ret []netip.AddrPort) { + all := envknob.String("TS_DEBUG_PRETENDPOINT") + const max = 3 + remain := all + for remain != "" && len(ret) < max { + var s string + s, remain, _ = strings.Cut(remain, ",") + ap, err := netip.ParseAddrPort(s) + if err != nil { + log.Printf("ignoring invalid AddrPort %q in TS_DEBUG_PRETENDPOINT %q: %v", s, all, err) + continue + } + ret = append(ret, ap) } - ap, err := netip.ParseAddrPort(s) - if err != nil { - log.Printf("ignoring invalid TS_DEBUG_PRETENDPOINT %q: %v", s, err) - } - return ap + return }) diff --git a/wgengine/magicsock/debugknobs_stubs.go b/wgengine/magicsock/debugknobs_stubs.go index 7a2f60f6b..336d7baa1 100644 --- a/wgengine/magicsock/debugknobs_stubs.go +++ b/wgengine/magicsock/debugknobs_stubs.go @@ -30,4 +30,4 @@ func debugEnablePMTUD() opt.Bool { return "" } func debugRingBufferMaxSizeBytes() int { return 0 } func inTest() bool { return false } func debugPeerMap() bool { return false } -func pretendpoint() netip.AddrPort { return netip.AddrPort{} } +func pretendpoints() []netip.AddrPort { return []netip.AddrPort{} } diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go index 3ccf30c5e..34c0da742 100644 --- a/wgengine/magicsock/magicsock.go +++ b/wgengine/magicsock/magicsock.go @@ -920,10 +920,12 @@ func (c *Conn) determineEndpoints(ctx context.Context) ([]tailcfg.Endpoint, erro } // Temporarily (2024-07-08) during investigations, allow setting - // a pretend endpoint for testing NAT traversal scenarios. + // pretend endpoint(s) for testing NAT traversal scenarios. // TODO(bradfitz): probably promote this to the config file. // https://github.com/tailscale/tailscale/issues/12578 - addAddr(pretendpoint(), tailcfg.EndpointExplicitConf) + for _, ap := range pretendpoints() { + addAddr(ap, tailcfg.EndpointExplicitConf) + } // Update our set of endpoints by adding any endpoints that we // previously found but haven't expired yet. This also updates the