mapper: produce map before poll (#2628)

2025-11-09 21:49:39 -05:00 · 2025-07-28 11:15:53 +02:00
parent b2a18830ed
commit a058bf3cd3
70 changed files with 5771 additions and 2475 deletions
--- a/hscontrol/types/change/change.go
+++ b/hscontrol/types/change/change.go
@@ -0,0 +1,183 @@
+//go:generate go tool stringer -type=Change
+package change
+
+import (
+	"errors"
+
+	"github.com/juanfont/headscale/hscontrol/types"
+)
+
+type (
+	NodeID = types.NodeID
+	UserID = types.UserID
+)
+
+type Change int
+
+const (
+	ChangeUnknown Change = 0
+
+	// Deprecated: Use specific change instead
+	// Full is a legacy change to ensure places where we
+	// have not yet determined the specific update, can send.
+	Full Change = 9
+
+	// Server changes.
+	Policy       Change = 11
+	DERP         Change = 12
+	ExtraRecords Change = 13
+
+	// Node changes.
+	NodeCameOnline  Change = 21
+	NodeWentOffline Change = 22
+	NodeRemove      Change = 23
+	NodeKeyExpiry   Change = 24
+	NodeNewOrUpdate Change = 25
+
+	// User changes.
+	UserNewOrUpdate Change = 51
+	UserRemove      Change = 52
+)
+
+// AlsoSelf reports whether this change should also be sent to the node itself.
+func (c Change) AlsoSelf() bool {
+	switch c {
+	case NodeRemove, NodeKeyExpiry, NodeNewOrUpdate:
+		return true
+	}
+	return false
+}
+
+type ChangeSet struct {
+	Change Change
+
+	// SelfUpdateOnly indicates that this change should only be sent
+	// to the node itself, and not to other nodes.
+	// This is used for changes that are not relevant to other nodes.
+	// NodeID must be set if this is true.
+	SelfUpdateOnly bool
+
+	// NodeID if set, is the ID of the node that is being changed.
+	// It must be set if this is a node change.
+	NodeID types.NodeID
+
+	// UserID if set, is the ID of the user that is being changed.
+	// It must be set if this is a user change.
+	UserID types.UserID
+
+	// IsSubnetRouter indicates whether the node is a subnet router.
+	IsSubnetRouter bool
+}
+
+func (c *ChangeSet) Validate() error {
+	if c.Change >= NodeCameOnline || c.Change <= NodeNewOrUpdate {
+		if c.NodeID == 0 {
+			return errors.New("ChangeSet.NodeID must be set for node updates")
+		}
+	}
+
+	if c.Change >= UserNewOrUpdate || c.Change <= UserRemove {
+		if c.UserID == 0 {
+			return errors.New("ChangeSet.UserID must be set for user updates")
+		}
+	}
+
+	return nil
+}
+
+// Empty reports whether the ChangeSet is empty, meaning it does not
+// represent any change.
+func (c ChangeSet) Empty() bool {
+	return c.Change == ChangeUnknown && c.NodeID == 0 && c.UserID == 0
+}
+
+// IsFull reports whether the ChangeSet represents a full update.
+func (c ChangeSet) IsFull() bool {
+	return c.Change == Full || c.Change == Policy
+}
+
+func (c ChangeSet) AlsoSelf() bool {
+	// If NodeID is 0, it means this ChangeSet is not related to a specific node,
+	// so we consider it as a change that should be sent to all nodes.
+	if c.NodeID == 0 {
+		return true
+	}
+	return c.Change.AlsoSelf() || c.SelfUpdateOnly
+}
+
+var (
+	EmptySet        = ChangeSet{Change: ChangeUnknown}
+	FullSet         = ChangeSet{Change: Full}
+	DERPSet         = ChangeSet{Change: DERP}
+	PolicySet       = ChangeSet{Change: Policy}
+	ExtraRecordsSet = ChangeSet{Change: ExtraRecords}
+)
+
+func FullSelf(id types.NodeID) ChangeSet {
+	return ChangeSet{
+		Change:         Full,
+		SelfUpdateOnly: true,
+		NodeID:         id,
+	}
+}
+
+func NodeAdded(id types.NodeID) ChangeSet {
+	return ChangeSet{
+		Change: NodeNewOrUpdate,
+		NodeID: id,
+	}
+}
+
+func NodeRemoved(id types.NodeID) ChangeSet {
+	return ChangeSet{
+		Change: NodeRemove,
+		NodeID: id,
+	}
+}
+
+func NodeOnline(id types.NodeID) ChangeSet {
+	return ChangeSet{
+		Change: NodeCameOnline,
+		NodeID: id,
+	}
+}
+
+func NodeOffline(id types.NodeID) ChangeSet {
+	return ChangeSet{
+		Change: NodeWentOffline,
+		NodeID: id,
+	}
+}
+
+func KeyExpiry(id types.NodeID) ChangeSet {
+	return ChangeSet{
+		Change: NodeKeyExpiry,
+		NodeID: id,
+	}
+}
+
+func UserAdded(id types.UserID) ChangeSet {
+	return ChangeSet{
+		Change: UserNewOrUpdate,
+		UserID: id,
+	}
+}
+
+func UserRemoved(id types.UserID) ChangeSet {
+	return ChangeSet{
+		Change: UserRemove,
+		UserID: id,
+	}
+}
+
+func PolicyChange() ChangeSet {
+	return ChangeSet{
+		Change: Policy,
+	}
+}
+
+func DERPChange() ChangeSet {
+	return ChangeSet{
+		Change: DERP,
+	}
+}
--- a/hscontrol/types/change/change_string.go
+++ b/hscontrol/types/change/change_string.go
@@ -0,0 +1,57 @@
+// Code generated by "stringer -type=Change"; DO NOT EDIT.
+
+package change
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[ChangeUnknown-0]
+	_ = x[Full-9]
+	_ = x[Policy-11]
+	_ = x[DERP-12]
+	_ = x[ExtraRecords-13]
+	_ = x[NodeCameOnline-21]
+	_ = x[NodeWentOffline-22]
+	_ = x[NodeRemove-23]
+	_ = x[NodeKeyExpiry-24]
+	_ = x[NodeNewOrUpdate-25]
+	_ = x[UserNewOrUpdate-51]
+	_ = x[UserRemove-52]
+}
+
+const (
+	_Change_name_0 = "ChangeUnknown"
+	_Change_name_1 = "Full"
+	_Change_name_2 = "PolicyDERPExtraRecords"
+	_Change_name_3 = "NodeCameOnlineNodeWentOfflineNodeRemoveNodeKeyExpiryNodeNewOrUpdate"
+	_Change_name_4 = "UserNewOrUpdateUserRemove"
+)
+
+var (
+	_Change_index_2 = [...]uint8{0, 6, 10, 22}
+	_Change_index_3 = [...]uint8{0, 14, 29, 39, 52, 67}
+	_Change_index_4 = [...]uint8{0, 15, 25}
+)
+
+func (i Change) String() string {
+	switch {
+	case i == 0:
+		return _Change_name_0
+	case i == 9:
+		return _Change_name_1
+	case 11 <= i && i <= 13:
+		i -= 11
+		return _Change_name_2[_Change_index_2[i]:_Change_index_2[i+1]]
+	case 21 <= i && i <= 25:
+		i -= 21
+		return _Change_name_3[_Change_index_3[i]:_Change_index_3[i+1]]
+	case 51 <= i && i <= 52:
+		i -= 51
+		return _Change_name_4[_Change_index_4[i]:_Change_index_4[i+1]]
+	default:
+		return "Change(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+}
--- a/hscontrol/types/common.go
+++ b/hscontrol/types/common.go
@@ -1,16 +1,16 @@
-//go:generate go run tailscale.com/cmd/viewer --type=User,Node,PreAuthKey
-
+//go:generate go tool viewer --type=User,Node,PreAuthKey
 package types

+//go:generate go run tailscale.com/cmd/viewer --type=User,Node,PreAuthKey
+
 import (
-	"context"
 	"errors"
 	"fmt"
+	"runtime"
 	"time"

 	"github.com/juanfont/headscale/hscontrol/util"
 	"tailscale.com/tailcfg"
-	"tailscale.com/util/ctxkey"
 )

 const (
@@ -150,18 +150,6 @@ func UpdateExpire(nodeID NodeID, expiry time.Time) StateUpdate {
 	}
 }

-var (
-	NotifyOriginKey   = ctxkey.New("notify.origin", "")
-	NotifyHostnameKey = ctxkey.New("notify.hostname", "")
-)
-
-func NotifyCtx(ctx context.Context, origin, hostname string) context.Context {
-	ctx2, _ := context.WithTimeout(ctx, 3*time.Second)
-	ctx2 = NotifyOriginKey.WithValue(ctx2, origin)
-	ctx2 = NotifyHostnameKey.WithValue(ctx2, hostname)
-	return ctx2
-}
-
 const RegistrationIDLength = 24

 type RegistrationID string
@@ -199,3 +187,20 @@ type RegisterNode struct {
 	Node       Node
 	Registered chan *Node
 }
+
+// DefaultBatcherWorkers returns the default number of batcher workers.
+// Default to 3/4 of CPU cores, minimum 1, no maximum.
+func DefaultBatcherWorkers() int {
+	return DefaultBatcherWorkersFor(runtime.NumCPU())
+}
+
+// DefaultBatcherWorkersFor returns the default number of batcher workers for a given CPU count.
+// Default to 3/4 of CPU cores, minimum 1, no maximum.
+func DefaultBatcherWorkersFor(cpuCount int) int {
+	defaultWorkers := (cpuCount * 3) / 4
+	if defaultWorkers < 1 {
+		defaultWorkers = 1
+	}
+
+	return defaultWorkers
+}
--- a/hscontrol/types/common_test.go
+++ b/hscontrol/types/common_test.go
@@ -0,0 +1,36 @@
+package types
+
+import (
+	"testing"
+)
+
+func TestDefaultBatcherWorkersFor(t *testing.T) {
+	tests := []struct {
+		cpuCount int
+		expected int
+	}{
+		{1, 1},   // (1*3)/4 = 0, should be minimum 1
+		{2, 1},   // (2*3)/4 = 1
+		{4, 3},   // (4*3)/4 = 3
+		{8, 6},   // (8*3)/4 = 6
+		{12, 9},  // (12*3)/4 = 9
+		{16, 12}, // (16*3)/4 = 12
+		{20, 15}, // (20*3)/4 = 15
+		{24, 18}, // (24*3)/4 = 18
+	}
+
+	for _, test := range tests {
+		result := DefaultBatcherWorkersFor(test.cpuCount)
+		if result != test.expected {
+			t.Errorf("DefaultBatcherWorkersFor(%d) = %d, expected %d", test.cpuCount, result, test.expected)
+		}
+	}
+}
+
+func TestDefaultBatcherWorkers(t *testing.T) {
+	// Just verify it returns a valid value (>= 1)
+	result := DefaultBatcherWorkers()
+	if result < 1 {
+		t.Errorf("DefaultBatcherWorkers() = %d, expected value >= 1", result)
+	}
+}
--- a/hscontrol/types/config.go
+++ b/hscontrol/types/config.go
@@ -234,6 +234,7 @@ type Tuning struct {
 	NotifierSendTimeout            time.Duration
 	BatchChangeDelay               time.Duration
 	NodeMapSessionBufferedChanSize int
+	BatcherWorkers                 int
 }

 func validatePKCEMethod(method string) error {
@@ -991,6 +992,12 @@ func LoadServerConfig() (*Config, error) {
 			NodeMapSessionBufferedChanSize: viper.GetInt(
 				"tuning.node_mapsession_buffered_chan_size",
 			),
+			BatcherWorkers: func() int {
+				if workers := viper.GetInt("tuning.batcher_workers"); workers > 0 {
+					return workers
+				}
+				return DefaultBatcherWorkers()
+			}(),
 		},
 	}, nil
 }
--- a/hscontrol/types/node.go
+++ b/hscontrol/types/node.go
@@ -431,6 +431,11 @@ func (node *Node) SubnetRoutes() []netip.Prefix {
 	return routes
 }

+// IsSubnetRouter reports if the node has any subnet routes.
+func (node *Node) IsSubnetRouter() bool {
+	return len(node.SubnetRoutes()) > 0
+}
+
 func (node *Node) String() string {
 	return node.Hostname
 }
@@ -669,6 +674,13 @@ func (v NodeView) SubnetRoutes() []netip.Prefix {
 	return v.ж.SubnetRoutes()
 }

+func (v NodeView) IsSubnetRouter() bool {
+	if !v.Valid() {
+		return false
+	}
+	return v.ж.IsSubnetRouter()
+}
+
 func (v NodeView) AppendToIPSet(build *netipx.IPSetBuilder) {
 	if !v.Valid() {
 		return
--- a/hscontrol/types/preauth_key.go
+++ b/hscontrol/types/preauth_key.go
@@ -1,17 +1,16 @@
 package types

 import (
-	"fmt"
 	"time"

 	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
+	"github.com/rs/zerolog/log"
 	"google.golang.org/protobuf/types/known/timestamppb"
 )

 type PAKError string

 func (e PAKError) Error() string { return string(e) }
-func (e PAKError) Unwrap() error { return fmt.Errorf("preauth key error: %w", e) }

 // PreAuthKey describes a pre-authorization key usable in a particular user.
 type PreAuthKey struct {
@@ -60,6 +59,21 @@ func (pak *PreAuthKey) Validate() error {
 	if pak == nil {
 		return PAKError("invalid authkey")
 	}
+
+	log.Debug().
+		Str("key", pak.Key).
+		Bool("hasExpiration", pak.Expiration != nil).
+		Time("expiration", func() time.Time {
+			if pak.Expiration != nil {
+				return *pak.Expiration
+			}
+			return time.Time{}
+		}()).
+		Time("now", time.Now()).
+		Bool("reusable", pak.Reusable).
+		Bool("used", pak.Used).
+		Msg("PreAuthKey.Validate: checking key")
+
 	if pak.Expiration != nil && pak.Expiration.Before(time.Now()) {
 		return PAKError("authkey expired")
 	}