ipn/ipnlocal, wgengine/magicsock: check Expired bool on Node; print error in Ping

Change-Id: Ic5f533f175a6e1bb73d4957d8c3f970add42e82e
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
This commit is contained in:
Andrew Dunham 2023-01-13 14:29:41 -05:00
parent 5eded58924
commit 11ce5b7e57
2 changed files with 22 additions and 1 deletions

View File

@ -2275,6 +2275,9 @@ func (b *LocalBackend) pingPeerAPI(ctx context.Context, ip netip.Addr) (peer *ta
if !ok { if !ok {
return nil, "", fmt.Errorf("no peer found with Tailscale IP %v", ip) return nil, "", fmt.Errorf("no peer found with Tailscale IP %v", ip)
} }
if peer.Expired {
return nil, "", errors.New("peer's node key has expired")
}
base := peerAPIBase(nm, peer) base := peerAPIBase(nm, peer)
if base == "" { if base == "" {
return nil, "", fmt.Errorf("no PeerAPI base found for peer %v (%v)", peer.ID, ip) return nil, "", fmt.Errorf("no PeerAPI base found for peer %v (%v)", peer.ID, ip)

View File

@ -3647,6 +3647,8 @@ type endpoint struct {
// See #540 for background. // See #540 for background.
heartbeatDisabled bool heartbeatDisabled bool
pathFinderRunning bool pathFinderRunning bool
expired bool // whether the node has expired
} }
type pendingCLIPing struct { type pendingCLIPing struct {
@ -3899,6 +3901,12 @@ func (de *endpoint) cliPing(res *ipnstate.PingResult, cb func(*ipnstate.PingResu
de.mu.Lock() de.mu.Lock()
defer de.mu.Unlock() defer de.mu.Unlock()
if de.expired {
res.Err = errExpired.Error()
cb(res)
return
}
de.pendingCLIPings = append(de.pendingCLIPings, pendingCLIPing{res, cb}) de.pendingCLIPings = append(de.pendingCLIPings, pendingCLIPing{res, cb})
now := mono.Now() now := mono.Now()
@ -3920,12 +3928,21 @@ func (de *endpoint) cliPing(res *ipnstate.PingResult, cb func(*ipnstate.PingResu
de.noteActiveLocked() de.noteActiveLocked()
} }
var (
errExpired = errors.New("peer's node key has expired")
errNoUDPOrDERP = errors.New("no UDP or DERP addr")
)
func (de *endpoint) send(buffs [][]byte) error { func (de *endpoint) send(buffs [][]byte) error {
if fn := de.sendFunc.Load(); fn != nil { if fn := de.sendFunc.Load(); fn != nil {
return fn(buffs) return fn(buffs)
} }
de.mu.Lock() de.mu.Lock()
if de.expired {
de.mu.Unlock()
return errExpired
}
// if heartbeat disabled, kick off pathfinder // if heartbeat disabled, kick off pathfinder
if de.heartbeatDisabled { if de.heartbeatDisabled {
@ -3943,7 +3960,7 @@ func (de *endpoint) send(buffs [][]byte) error {
de.mu.Unlock() de.mu.Unlock()
if !udpAddr.IsValid() && !derpAddr.IsValid() { if !udpAddr.IsValid() && !derpAddr.IsValid() {
return errors.New("no UDP or DERP addr") return errNoUDPOrDERP
} }
var err error var err error
if udpAddr.IsValid() { if udpAddr.IsValid() {
@ -4112,6 +4129,7 @@ func (de *endpoint) updateFromNode(n *tailcfg.Node, heartbeatDisabled bool) {
defer de.mu.Unlock() defer de.mu.Unlock()
de.heartbeatDisabled = heartbeatDisabled de.heartbeatDisabled = heartbeatDisabled
de.expired = n.Expired
if de.discoKey != n.DiscoKey { if de.discoKey != n.DiscoKey {
de.c.logf("[v1] magicsock: disco: node %s changed from discokey %s to %s", de.publicKey.ShortString(), de.discoKey, n.DiscoKey) de.c.logf("[v1] magicsock: disco: node %s changed from discokey %s to %s", de.publicKey.ShortString(), de.discoKey, n.DiscoKey)