NotificationsYou must be signed in to change notification settings
Fork928
Star10.1k

Commit269bc1e

committed

fix(wsconncache): only allow one peer per connection

If an agent went away and reconnected, the wsconncache connection wouldbe polluted for about 10m because there would be two peers with thesame IP. The old peer always had priority, which caused the dashboard totry and always dial the old peer until it was removed.Fixes:#5292

1 parentb0a1615 commit269bc1eCopy full SHA for 269bc1e

File tree

2 files changed

+47

-6

lines changed

coderd
- workspaceagents.go
tailnet
- conn.go

2 files changed

+47

-6

lines changed

`‎coderd/workspaceagents.go`

Lines changed: 22 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -278,18 +278,21 @@ func (api API) workspaceAgentPTY(rw http.ResponseWriter, r http.Request) {`
`278`	`278`	`_,wsNetConn:=websocketNetConn(ctx,conn,websocket.MessageBinary)`
`279`	`279`	`deferwsNetConn.Close()// Also closes conn.`
`280`	`280`
	`281`	`+fmt.Println("getting conn from cache")`
`281`	`282`	`agentConn,release,err:=api.workspaceAgentCache.Acquire(r,workspaceAgent.ID)`
`282`	`283`	`iferr!=nil {`
`283`	`284`	`_=conn.Close(websocket.StatusInternalError,httpapi.WebsocketCloseSprintf("dial workspace agent: %s",err))`
`284`	`285`	`return`
`285`	`286`	`}`
`286`	`287`	`deferrelease()`
	`288`	`+fmt.Println("got conn from cache")`
`287`	`289`	`ptNetConn,err:=agentConn.ReconnectingPTY(ctx,reconnect,uint16(height),uint16(width),r.URL.Query().Get("command"))`
`288`	`290`	`iferr!=nil {`
`289`	`291`	`_=conn.Close(websocket.StatusInternalError,httpapi.WebsocketCloseSprintf("dial: %s",err))`
`290`	`292`	`return`
`291`	`293`	`}`
`292`	`294`	`deferptNetConn.Close()`
	`295`	`+fmt.Println("dialed reconnecting pty, doing bicopy")`
`293`	`296`	`agent.Bicopy(ctx,wsNetConn,ptNetConn)`
`294`	`297`	`}`
`295`	`298`
`@@ -402,11 +405,11 @@ func (api API) workspaceAgentListeningPorts(rw http.ResponseWriter, r http.Req`
`402`	`405`
`403`	`406`	`func (apiAPI)dialWorkspaceAgentTailnet(rhttp.Request,agentID uuid.UUID) (*codersdk.AgentConn,error) {`
`404`	`407`	`clientConn,serverConn:=net.Pipe()`
`405`		`-gofunc() {`
`406`		`-<-r.Context().Done()`
`407`		`-_=clientConn.Close()`
`408`		`-_=serverConn.Close()`
`409`		`-}()`
	`408`	`+//go func() {`
	`409`	`+//<-r.Context().Done()`
	`410`	`+//_ = clientConn.Close()`
	`411`	`+//_ = serverConn.Close()`
	`412`	`+//}()`
`410`	`413`
`411`	`414`	`derpMap:=api.DERPMap.Clone()`
`412`	`415`	`for_,region:=rangederpMap.Regions {`
`@@ -453,7 +456,16 @@ func (api API) dialWorkspaceAgentTailnet(r http.Request, agentID uuid.UUID) (*`
`453`	`456`	`}`
`454`	`457`
`455`	`458`	`sendNodes,_:=tailnet.ServeCoordinator(clientConn,func(node []*tailnet.Node)error {`
`456`		`-returnconn.UpdateNodes(node)`
	`459`	`+err:=conn.RemoveAllPeers()`
	`460`	`+iferr!=nil {`
	`461`	`+returnxerrors.Errorf("remove all peers: %w",err)`
	`462`	`+}`
	`463`	`+`
	`464`	`+err=conn.UpdateNodes(node)`
	`465`	`+iferr!=nil {`
	`466`	`+returnxerrors.Errorf("update nodes: %w",err)`
	`467`	`+}`
	`468`	`+returnnil`
`457`	`469`	`})`
`458`	`470`	`conn.SetNodeCallback(sendNodes)`
`459`	`471`	`gofunc() {`
`@@ -465,6 +477,10 @@ func (api API) dialWorkspaceAgentTailnet(r http.Request, agentID uuid.UUID) (*`
`465`	`477`	`}()`
`466`	`478`	`return&codersdk.AgentConn{`
`467`	`479`	`Conn:conn,`
	`480`	`+CloseFunc:func() {`
	`481`	`+_=clientConn.Close()`
	`482`	`+_=serverConn.Close()`
	`483`	`+},`
`468`	`484`	`},nil`
`469`	`485`	`}`
`470`	`486`

`‎tailnet/conn.go`

Lines changed: 25 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -325,6 +325,31 @@ func (c Conn) SetDERPMap(derpMap tailcfg.DERPMap) {`
`325`	`325`	`c.wireguardEngine.SetDERPMap(derpMap)`
`326`	`326`	`}`
`327`	`327`
	`328`	`+func (c*Conn)RemoveAllPeers()error {`
	`329`	`+c.mutex.Lock()`
	`330`	`+deferc.mutex.Unlock()`
	`331`	`+`
	`332`	`+c.netMap.Peers= []*tailcfg.Node{}`
	`333`	`+c.peerMap=map[tailcfg.NodeID]*tailcfg.Node{}`
	`334`	`+netMapCopy:=*c.netMap`
	`335`	`+c.wireguardEngine.SetNetworkMap(&netMapCopy)`
	`336`	`+cfg,err:=nmcfg.WGCfg(c.netMap,Logger(c.logger.Named("wgconfig")),netmap.AllowSingleHosts,"")`
	`337`	`+iferr!=nil {`
	`338`	`+returnxerrors.Errorf("update wireguard config: %w",err)`
	`339`	`+}`
	`340`	`+err=c.wireguardEngine.Reconfig(cfg,c.wireguardRouter,&dns.Config{},&tailcfg.Debug{})`
	`341`	`+iferr!=nil {`
	`342`	`+ifc.isClosed() {`
	`343`	`+returnnil`
	`344`	`+}`
	`345`	`+iferrors.Is(err,wgengine.ErrNoChanges) {`
	`346`	`+returnnil`
	`347`	`+}`
	`348`	`+returnxerrors.Errorf("reconfig: %w",err)`
	`349`	`+}`
	`350`	`+returnnil`
	`351`	`+}`
	`352`	`+`
`328`	`353`	`// UpdateNodes connects with a set of peers. This can be constantly updated,`
`329`	`354`	`// and peers will continually be reconnected as necessary.`
`330`	`355`	`func (cConn)UpdateNodes(nodes []Node)error {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit269bc1e

File tree

2 files changed

2 files changed

`‎coderd/workspaceagents.go`

`‎tailnet/conn.go`

0 commit comments