Skip to content

fix: block incoming endpoints from call-me-maybe #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Apr 22, 2025
Merged

fix: block incoming endpoints from call-me-maybe #55

merged 6 commits into from
Apr 22, 2025

Conversation

deansheather
Copy link
Member

Previously, (*magicsock.Conn).SetBlockEndpoints(true) would only prevent local endpoints from being sent to other peers.

This setting is primarily used to prevent any direct connection from forming, regardless of which side initiated it, but any connections initiated locally to endpoints received from the other peer would still work.

If endpoints are blocked, we will now drop any endpoints we already know of (via call-me-maybe) as well as block any future endpoints received via call-me-maybe.

Endpoints received via coordination are not impacted (and should be blocked using a different mechanism).

Note; it was difficult to write a test that would fail with the previous behavior but pass with the current behavior because of the test utilities available in Tailscale, but I did get it to work. Notably, there's a single time.Sleep(time.Second), but after trying various other ways to accomplish the same thing I couldn't get anything to work.

@deansheather
fix: block incoming endpoints from call-me-maybe
f852531 
Previously, (*magicsock.Conn).SetBlockEndpoints(true) would only prevent
local endpoints from being sent to other peers.

This setting is primarily used to prevent any direct connection from
forming, regardless of which side initiated it, but any connections
initiated locally to endpoints received from the other peer would still
work.

If endpoints are blocked, we will now drop any endpoints we already know
of (via call-me-maybe) as well as block any future endpoints received
via call-me-maybe.

Endpoints received via coordination are not impacted (and should be
blocked using a different mechanism).
ethanndickson
ethanndickson reviewed Jun 20, 2024
View reviewed changes
Copy link
Member

@ethanndickson ethanndickson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@deansheather
Copy link
Member Author

I tested this on coder by setting replace tailscale.com => ../tailscale and it does hit these lines and prevent P2P from occurring from localhost=>localhost via LAN endpoints when only one side has direct connections disabled, so this does solve the problem.

spikecurtis
spikecurtis reviewed Jun 21, 2024
View reviewed changes
@deansheather deansheather requested a review from spikecurtis June 21, 2024 12:45
spikecurtis
spikecurtis reviewed Jun 24, 2024
View reviewed changes
wgengine/magicsock/endpoint.go Outdated
When: time.Now(),
What: "clearEndpoints-" + why,
})
de.endpointState = map[netip.AddrPort]*endpointState{}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this, but I think we should pair it with a lower-level implementation of blockEndpoints

Right now, we check this field on the magicsock Conn before calling into methods on endpoint that could add an endpoint. There are 3 of these (updateFromNode, handleCallMeMaybe and addCandidateEndpoint), but you've only directly blocked the first two.

So, there is still a narrow race condition where you can set block endpoints, clear them all out, and a Disco Ping could come in and add an endpoint back in.

What do you think about extending endpoint to also have a blockEndpoints field that we sync with Conn, that way we can always directly check whether we are blocking endpoints at the moment we are about to add one?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@deansheather deansheather merged commit 27db053 into main Apr 22, 2025
30 of 34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ethanndickson ethanndickson ethanndickson left review comments

@spikecurtis spikecurtis spikecurtis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@deansheather @spikecurtis @ethanndickson