wgengine/magicsock: allow a CSV list for pretendpoint

Load Balancers often have more than one ingress IP, so allowing us to add multiple means we can offer multiple options. Updates tailscale#12578 Change-Id: I4aa49a698d457627d2f7011796d665c67d4c7952 Signed-off-by: Lee Briggs <lee@leebriggs.co.uk>
ornikar · Jul 10, 2024 · b546a6e · b546a6e
1 parent c6af5bb
commit b546a6e
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 13 deletions.
diff --git a/wgengine/magicsock/debugknobs.go b/wgengine/magicsock/debugknobs.go
@@ -8,6 +8,7 @@ package magicsock
 import (
 	"log"
 	"net/netip"
+	"strings"
 	"sync"
 
 	"tailscale.com/envknob"
@@ -73,17 +74,24 @@ var (
 // startup.
 func inTest() bool { return envknob.Bool("IN_TS_TEST") }
 
-// pretendpoint returns TS_DEBUG_PRETENDPOINT as an AddrPort, if set.
+// pretendpoints returns TS_DEBUG_PRETENDPOINT as []AddrPort, if set.
 // See https://github.com/tailscale/tailscale/issues/12578 and
 // https://github.com/tailscale/tailscale/pull/12735.
-var pretendpoint = sync.OnceValue(func() (ap netip.AddrPort) {
-	s := envknob.String("TS_DEBUG_PRETENDPOINT")
-	if s == "" {
-		return
-	}
-	ap, err := netip.ParseAddrPort(s)
-	if err != nil {
-		log.Printf("ignoring invalid TS_DEBUG_PRETENDPOINT %q: %v", s, err)
+//
+// It can be between 0 and 3 comma-separated AddrPorts.
+var pretendpoints = sync.OnceValue(func() (ret []netip.AddrPort) {
+	all := envknob.String("TS_DEBUG_PRETENDPOINT")
+	const max = 3
+	remain := all
+	for remain != "" && len(ret) < max {
+		var s string
+		s, remain, _ = strings.Cut(remain, ",")
+		ap, err := netip.ParseAddrPort(s)
+		if err != nil {
+			log.Printf("ignoring invalid AddrPort %q in TS_DEBUG_PRETENDPOINT %q: %v", s, all, err)
+			continue
+		}
+		ret = append(ret, ap)
 	}
-	return ap
+	return
 })
diff --git a/wgengine/magicsock/debugknobs_stubs.go b/wgengine/magicsock/debugknobs_stubs.go
@@ -30,4 +30,4 @@ func debugEnablePMTUD() opt.Bool       { return "" }
 func debugRingBufferMaxSizeBytes() int { return 0 }
 func inTest() bool                     { return false }
 func debugPeerMap() bool               { return false }
-func pretendpoint() netip.AddrPort     { return netip.AddrPort{} }
+func pretendpoints() []netip.AddrPort  { return []netip.AddrPort{} }
diff --git a/wgengine/magicsock/magicsock.go b/wgengine/magicsock/magicsock.go
@@ -920,10 +920,12 @@ func (c *Conn) determineEndpoints(ctx context.Context) ([]tailcfg.Endpoint, erro
 	}
 
 	// Temporarily (2024-07-08) during investigations, allow setting
-	// a pretend endpoint for testing NAT traversal scenarios.
+	// pretend endpoint(s) for testing NAT traversal scenarios.
 	// TODO(bradfitz): probably promote this to the config file.
 	// https://github.com/tailscale/tailscale/issues/12578
-	addAddr(pretendpoint(), tailcfg.EndpointExplicitConf)
+	for _, ap := range pretendpoints() {
+		addAddr(ap, tailcfg.EndpointExplicitConf)
+	}
 
 	// Update our set of endpoints by adding any endpoints that we
 	// previously found but haven't expired yet. This also updates the