TUN-2788: cloudflared should store one ConnDigest per HA connection

2020-03-06 17:25:34 -06:00 · 2020-03-06 17:25:34 -06:00 · 5376df5439
parent db9b6541d0
commit 5376df5439
2 changed files with 13 additions and 12 deletions
--- a/origin/supervisor.go
+++ b/origin/supervisor.go
@ -39,7 +39,6 @@ const (
 var (
 	errJWTUnset         = errors.New("JWT unset")
 	errEventDigestUnset = errors.New("event digest unset")
-	errConnDigestUnset  = errors.New("conn digest unset")
 )

 // Supervisor manages non-declarative tunnels. Establishes TCP connections with the edge, and
@ -66,7 +65,7 @@ type Supervisor struct {
 	eventDigest     []byte

 	connDigestLock sync.RWMutex
-	connDigest     []byte
+	connDigest     map[uint8][]byte

 	bufferPool *buffer.Pool
 }
@ -101,6 +100,7 @@ func NewSupervisor(config *TunnelConfig, u uuid.UUID) (*Supervisor, error) {
 		tunnelErrors:      make(chan tunnelError),
 		tunnelsConnecting: map[int]chan struct{}{},
 		logger:            config.Logger.WithField("subsystem", "supervisor"),
+		connDigest:        make(map[uint8][]byte),
 		bufferPool:        buffer.NewPool(512 * 1024),
 	}, nil
 }
@ -334,19 +334,20 @@ func (s *Supervisor) SetEventDigest(eventDigest []byte) {
 	s.eventDigest = eventDigest
 }

-func (s *Supervisor) ConnDigest() ([]byte, error) {
+func (s *Supervisor) ConnDigest(connID uint8) ([]byte, error) {
 	s.connDigestLock.RLock()
 	defer s.connDigestLock.RUnlock()
-	if s.connDigest == nil {
-		return nil, errConnDigestUnset
+	digest, ok := s.connDigest[connID]
+	if !ok {
+		return nil, fmt.Errorf("no connection digest for connection %v", connID)
 	}
-	return s.connDigest, nil
+	return digest, nil
 }

-func (s *Supervisor) SetConnDigest(connDigest []byte) {
+func (s *Supervisor) SetConnDigest(connID uint8, connDigest []byte) {
 	s.connDigestLock.Lock()
 	defer s.connDigestLock.Unlock()
-	s.connDigest = connDigest
+	s.connDigest[connID] = connDigest
 }

 func (s *Supervisor) refreshAuth(
--- a/origin/tunnel.go
+++ b/origin/tunnel.go
@ -95,8 +95,8 @@ type ReconnectTunnelCredentialManager interface {
 	ReconnectToken() ([]byte, error)
 	EventDigest() ([]byte, error)
 	SetEventDigest(eventDigest []byte)
-	ConnDigest() ([]byte, error)
-	SetConnDigest(connDigest []byte)
+	ConnDigest(connID uint8) ([]byte, error)
+	SetConnDigest(connID uint8, connDigest []byte)
 }

 type dupConnRegisterTunnelError struct{}
@ -286,7 +286,7 @@ func ServeTunnel(

 				// check if we can use Quick Reconnects
 				if config.UseQuickReconnects {
-					if digest, connDigestErr := credentialManager.ConnDigest(); connDigestErr == nil {
+					if digest, connDigestErr := credentialManager.ConnDigest(connectionID); connDigestErr == nil {
 						connDigest = digest
 					}
 				}
@ -392,7 +392,7 @@ func RegisterTunnel(
 		return processRegisterTunnelError(registrationErr, config.Metrics, register)
 	}
 	credentialManager.SetEventDigest(registration.EventDigest)
-	credentialManager.SetConnDigest(registration.ConnDigest)
+	credentialManager.SetConnDigest(connectionID, registration.ConnDigest)
 	return processRegistrationSuccess(config, logger, connectionID, registration, register)
 }