diff options
| author | Jordan Whited <jordan@tailscale.com> | 2025-11-20 19:33:18 -0800 |
|---|---|---|
| committer | Jordan Whited <jwhited0917@gmail.com> | 2025-11-24 14:52:34 -0800 |
| commit | 755309c04eae75e4dda61b79042a4ca1112b5a45 (patch) | |
| tree | 15fe030b3955932aa2be802e601c266e369a5a7a /util/execqueue/execqueue.go | |
| parent | 6637003cc8c5a73a56ed10f57f207a2a2c9f2c7c (diff) | |
| download | tailscale-755309c04eae75e4dda61b79042a4ca1112b5a45.tar.xz tailscale-755309c04eae75e4dda61b79042a4ca1112b5a45.zip | |
net/udprelay: use blake2s-256 MAC for handshake challenge
This commit replaces crypto/rand challenge generation with a blake2s-256
MAC. This enables the peer relay server to respond to multiple forward
disco.BindUDPRelayEndpoint messages per handshake generation without
sacrificing the proof of IP ownership properties of the handshake.
Responding to multiple forward disco.BindUDPRelayEndpoint messages per
handshake generation improves client address/path selection where
lowest client->server path/addr one-way delay does not necessarily
equate to lowest client<->server round trip delay.
It also improves situations where outbound traffic is filtered
independent of input, and the first reply
disco.BindUDPRelayEndpointChallenge message is dropped on the reply
path, but a later reply using a different source would make it through.
Reduction in serverEndpoint state saves 112 bytes per instance, trading
for slightly more expensive crypto ops: 277ns/op vs 321ns/op on an M1
Macbook Pro.
Updates tailscale/corp#34414
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Diffstat (limited to 'util/execqueue/execqueue.go')
0 files changed, 0 insertions, 0 deletions