Wipe all endpoints on BlockEndpoints

deansheather · deansheather · commit 5beb71a0d327 · 2024-06-21T12:41:37.000Z
diff --git a/wgengine/magicsock/endpoint.go b/wgengine/magicsock/endpoint.go
@@ -207,6 +207,19 @@ func (de *endpoint) deleteEndpointLocked(why string, ep netip.AddrPort) {
 	}
 }
 
+func (de *endpoint) clearEndpoints(why string) {
+	de.mu.Lock()
+	defer de.mu.Unlock()
+	de.debugUpdates.Add(EndpointChange{
+		When: time.Now(),
+		What: "clearEndpoints-" + why,
+	})
+	de.endpointState = map[netip.AddrPort]*endpointState{}
+	de.bestAddr = addrLatency{}
+	de.c.logf("magicsock: disco: node %s %s now using DERP only (all endpoints deleted)",
+		de.publicKey.ShortString(), de.discoShort())
+}
+
 // initFakeUDPAddr populates fakeWGAddr with a globally unique fake UDPAddr.
 // The current implementation just uses the pointer value of de jammed into an IPv6
 // address, but it could also be, say, a counter.
diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go
@@ -218,8 +218,7 @@ type Conn struct {
 	// endpoints gathered from local interfaces or STUN. Only DERP endpoints
 	// will be sent.
 	// This will also block incoming endpoints received via call-me-maybe disco
-	// packets. Endpoints manually added (e.g. via coordination) will not be
-	// blocked.
+	// packets.
 	blockEndpoints bool
 	// endpointsUpdateActive indicates that updateEndpoints is
 	// currently running. It's used to deduplicate concurrent endpoint
@@ -846,10 +845,10 @@ func (c *Conn) DiscoPublicKey() key.DiscoPublic {
 	return c.discoPublic
 }
 
-// SetBlockEndpoints sets the blockEndpoints field. If changed, endpoints will
-// be updated to apply the new settings. Existing connections may continue to
-// use the old setting until they are reestablished. Disabling endpoints does
-// not affect the UDP socket or portmapper.
+// SetBlockEndpoints sets the blockEndpoints field. If enabled, all peer
+// endpoints will be cleared from the peer map and every connection will
+// immediately switch to DERP. Disabling endpoints does not affect the UDP
+// socket or portmapper.
 func (c *Conn) SetBlockEndpoints(block bool) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
@@ -874,11 +873,7 @@ func (c *Conn) SetBlockEndpoints(block bool) {
 	// Clear any endpoints from the peerMap if block is true.
 	if block {
 		c.peerMap.forEachEndpoint(func(ep *endpoint) {
-			// Simulate receiving a call-me-maybe disco packet with no
-			// endpoints, which will cause all endpoints to be removed.
-			ep.handleCallMeMaybe(&disco.CallMeMaybe{
-				MyNumber: []netip.AddrPort{},
-			})
+			ep.clearEndpoints("SetBlockEndpoints")
 		})
 	}
 }
@@ -1944,6 +1939,13 @@ func (c *Conn) SetNetworkMap(nm *netmap.NetworkMap) {
 	// we'll fall through to the next pass, which allocates but can
 	// handle full set updates.
 	for _, n := range nm.Peers {
+		if c.blockEndpoints {
+			c.dlogf("[v1] magicsock: SetNetworkingMap: %v (%v, %v) received %d endpoints, but endpoints blocked",
+				n.DiscoKey.ShortString(), n.Key.ShortString(),
+				len(n.Endpoints),
+			)
+			n.Endpoints = []string{}
+		}
 		if ep, ok := c.peerMap.endpointForNodeKey(n.Key); ok {
 			if n.DiscoKey.IsZero() && !n.IsWireGuardOnly {
 				// Discokey transitioned from non-zero to zero? This should not
diff --git a/wgengine/magicsock/magicsock_test.go b/wgengine/magicsock/magicsock_test.go
@@ -3097,35 +3097,16 @@ func TestBlockEndpointsDERPOK(t *testing.T) {
 	waitForEndpoints(t, ms1.conn)
 	waitForEndpoints(t, ms2.conn)
 
-	// meshStacks doesn't use call-me-maybe packets to update endpoints, which
-	// makes them not get cleared when we call SetBlockEndpoints.
-	ep2, ok := ms1.conn.peerMap.endpointForNodeKey(ms2.Public())
-	if !ok {
-		t.Fatalf("endpoint not found for ms2")
-	}
-	ep2.mu.Lock()
-	for k := range ep2.endpointState {
-		ep2.deleteEndpointLocked("TestBlockEndpointsDERPOK", k)
-	}
-	ep2.mu.Unlock()
-
-	// Wait for the call-me-maybe packet to arrive.
-	for i := 0; i < 50; i++ {
-		time.Sleep(100 * time.Millisecond)
-		ep2.mu.Lock()
-		if len(ep2.endpointState) != 0 {
-			ep2.mu.Unlock()
-			break
-		}
-		ep2.mu.Unlock()
-	}
-
 	// SetBlockEndpoints is called later since it's incompatible with the test
 	// meshStacks implementations.
 	// We only set it on ms1, since ms2's endpoints should be ignored by ms1.
 	ms1.conn.SetBlockEndpoints(true)
 
-	// All call-me-maybe endpoints should've been immediately removed from ms1.
+	// All endpoints should've been immediately removed from ms1.
+	ep2, ok := ms1.conn.peerMap.endpointForNodeKey(ms2.Public())
+	if !ok {
+		t.Fatalf("endpoint not found for ms2")
+	}
 	ep2.mu.Lock()
 	if len(ep2.endpointState) != 0 {
 		ep2.mu.Unlock()
