Skip to content

Commit 5ac9f3e

Browse files
JSmith-AuraJSmith-Aura
committed
Fix issue in clustered environments where inactivity timeout would always occur
1 parent 11b5a84 commit 5ac9f3e

File tree

1 file changed

+15
-17
lines changed

1 file changed

+15
-17
lines changed

internal/router/firewall.go

Lines changed: 15 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,7 @@ func (f *Firewall) Evaluate(src, dst netip.AddrPort, proto uint16) bool {
179179

180180
if f.inactivityTimeout == -1 || !device.inactive {
181181
// It doesnt matter if this gets race conditioned
182-
device.SetActive(f.db, f.inactivityTimeout)
182+
device.SetActive(f.db, f.inactivityTimeout, f.nodeID)
183183
} else {
184184
authorized = false
185185
}
@@ -242,20 +242,10 @@ func (f *Firewall) UpdateNodeAssociation(device data.Device) error {
242242
return fmt.Errorf("device %q was not found", address)
243243
}
244244

245-
if device.AssociatedNode == f.db.GetCurrentNodeID() {
246-
// TODO figure out a better way of doing this
247-
// when a client shifts over to us, make sure we set the last packet time to something they can actually use
248-
d.SetActive(f.db, f.inactivityTimeout)
249-
} else {
250-
// its roamed away from us
251-
if d.inactiveTimer != nil {
252-
d.inactiveTimer.Stop()
253-
d.inactiveTimer = nil
254-
}
255-
}
256-
257245
d.associatedNode = device.AssociatedNode
258246

247+
d.SetActive(f.db, f.inactivityTimeout, f.nodeID)
248+
259249
return nil
260250
}
261251

@@ -292,11 +282,10 @@ func (f *Firewall) SetAuthorized(address string, node types.ID) error {
292282
}
293283

294284
device.sessionExpiry = time.Now().Add(time.Duration(timeToSet) * time.Minute)
295-
296-
device.SetActive(f.db, f.inactivityTimeout)
297-
298285
device.associatedNode = node
299286

287+
device.SetActive(f.db, f.inactivityTimeout, f.nodeID)
288+
300289
return nil
301290
}
302291

@@ -607,12 +596,21 @@ func (fwd *FirewallDevice) timeout(db interfaces.Database) func() {
607596
err := db.DeauthenticateDevice(fwd.address.String())
608597
if err != nil {
609598
log.Println("failed to deauthenticate device on inactivity timeout: ", err)
599+
return
610600
}
611601
log.Printf("Device %q %q became inactive", fwd.username, fwd.address)
612602
}
613603
}
614604

615-
func (fwd *FirewallDevice) SetActive(db interfaces.Database, duration time.Duration) {
605+
func (fwd *FirewallDevice) SetActive(db interfaces.Database, duration time.Duration, currentNode types.ID) {
606+
if currentNode != fwd.associatedNode {
607+
if fwd.inactiveTimer != nil {
608+
fwd.inactiveTimer.Stop()
609+
fwd.inactiveTimer = nil
610+
}
611+
return
612+
}
613+
616614
fwd.inactive = false
617615

618616
if duration == -1 {

0 commit comments

Comments
 (0)