diff options
| author | Andrew Dunham <andrew@du.nham.ca> | 2024-02-28 23:21:31 -0500 |
|---|---|---|
| committer | Andrew Dunham <andrew@du.nham.ca> | 2024-03-11 08:05:00 -0400 |
| commit | 7429e8912acb74a61c7928852a02ceaf3c144e81 (patch) | |
| tree | 891a47a64d4fe77c98248a397f17653146ccb829 /control/controlknobs | |
| parent | ad33e47270509345469af795aed65177df88904e (diff) | |
| download | tailscale-7429e8912acb74a61c7928852a02ceaf3c144e81.tar.xz tailscale-7429e8912acb74a61c7928852a02ceaf3c144e81.zip | |
wgengine/netstack: fix bug with duplicate SYN packets in client limit
This fixes a bug that was introduced in #11258 where the handling of the
per-client limit didn't properly account for the fact that the gVisor
TCP forwarder will return 'true' to indicate that it's handled a
duplicate SYN packet, but not launch the handler goroutine.
In such a case, we neither decremented our per-client limit in the
wrapper function, nor did we do so in the handler function, leading to
our per-client limit table slowly filling up without bound.
Fix this by doing the same duplicate-tracking logic that the TCP
forwarder does so we can detect such cases and appropriately decrement
our in-flight counter.
Updates tailscale/corp#12184
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: Ib6011a71d382a10d68c0802593f34b8153d06892
Diffstat (limited to 'control/controlknobs')
0 files changed, 0 insertions, 0 deletions
