update RemoteList when we complete a handshake

2025-12-15 15:20:44 -08:00 · 2025-09-05 10:33:32 -05:00 · 2025-09-05 10:33:32 -05:00 · d50c20c403
commit d50c20c403
parent 768325c9b4
3 changed files with 11 additions and 3 deletions
--- a/handshake_ix.go
+++ b/handshake_ix.go
@ -459,7 +459,7 @@ func ixHandshakeStage1(f *Interface, addr netip.AddrPort, via *ViaSender, packet

 	f.connectionManager.AddTrafficWatch(hostinfo)

-	hostinfo.remotes.ResetBlockedRemotes()
+	hostinfo.remotes.RefreshFromHandshake(vpnAddrs)

 	return
 }
@ -667,7 +667,7 @@ func ixHandshakeStage2(f *Interface, addr netip.AddrPort, via *ViaSender, hh *Ha
 		f.cachedPacketMetrics.sent.Inc(int64(len(hh.packetStore)))
 	}

-	hostinfo.remotes.ResetBlockedRemotes()
+	hostinfo.remotes.RefreshFromHandshake(vpnAddrs)
 	f.metricHandshakes.Update(duration)

 	return false
--- a/lighthouse.go
+++ b/lighthouse.go
@ -487,7 +487,7 @@ func (lh *LightHouse) QueryCache(vpnAddrs []netip.Addr) *RemoteList {
 	lh.Lock()
 	defer lh.Unlock()
 	// Add an entry if we don't already have one
-	return lh.unlockedGetRemoteList(vpnAddrs)
+	return lh.unlockedGetRemoteList(vpnAddrs) //todo CERT-V2 this contains addrmap lookups we could potentially skip
 }

 // queryAndPrepMessage is a lock helper on RemoteList, assisting the caller to build a lighthouse message containing
--- a/remote_list.go
+++ b/remote_list.go
@ -368,6 +368,14 @@ func (r *RemoteList) CopyBlockedRemotes() []netip.AddrPort {
 	return c
 }

+// RefreshFromHandshake locks and updates the RemoteList to account for data learned upon a completed handshake
+func (r *RemoteList) RefreshFromHandshake(vpnAddrs []netip.Addr) {
+	r.Lock()
+	r.badRemotes = nil
+	r.vpnAddrs = vpnAddrs //should this be remade and copied, a-la NewRemoteList?
+	r.Unlock()
+}
+
 // ResetBlockedRemotes locks and clears the blocked remotes list
 func (r *RemoteList) ResetBlockedRemotes() {
 	r.Lock()