coder
diff --git a/‎enterprise/tailnet/connio.go
Lines changed: 5 additions & 1 deletion b/‎enterprise/tailnet/connio.go
Lines changed: 5 additions & 1 deletion
diff --git a/‎enterprise/tailnet/multiagent_test.go
Lines changed: 2 additions & 1 deletion b/‎enterprise/tailnet/multiagent_test.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎enterprise/tailnet/pgcoord.go
Lines changed: 4 additions & 0 deletions b/‎enterprise/tailnet/pgcoord.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎enterprise/tailnet/pgcoord_internal_test.go
Lines changed: 3 additions & 1 deletion b/‎enterprise/tailnet/pgcoord_internal_test.go
Lines changed: 3 additions & 1 deletion
diff --git a/‎enterprise/tailnet/pgcoord_test.go
Lines changed: 16 additions & 15 deletions b/‎enterprise/tailnet/pgcoord_test.go
Lines changed: 16 additions & 15 deletions
diff --git a/‎tailnet/controllers.go
Lines changed: 5 additions & 0 deletions b/‎tailnet/controllers.go
Lines changed: 5 additions & 0 deletions
diff --git a/‎tailnet/coordinator.go
Lines changed: 47 additions & 14 deletions b/‎tailnet/coordinator.go
Lines changed: 47 additions & 14 deletions
@@ -113,6 +113,7 @@ func (c *connIO) recvLoop() {
 		select {
 		case <-c.coordCtx.Done():
 			c.logger.Debug(c.coordCtx, "exiting io recvLoop; coordinator exit")
+			_ = c.Enqueue(&proto.CoordinateResponse{Error: agpl.CloseErrCoordinatorClose})
 			return
 		case <-c.peerCtx.Done():
 			c.logger.Debug(c.peerCtx, "exiting io recvLoop; peer context canceled")
@@ -123,6 +124,9 @@ func (c *connIO) recvLoop() {
 				return
 			}
 			if err := c.handleRequest(req); err != nil {
+				if !xerrors.Is(err, errDisconnect) {
+					_ = c.Enqueue(&proto.CoordinateResponse{Error: err.Error()})
+				}
 				return
 			}
 		}
@@ -136,7 +140,7 @@ func (c *connIO) handleRequest(req *proto.CoordinateRequest) error {
 	err := c.auth.Authorize(c.peerCtx, req)
 	if err != nil {
 		c.logger.Warn(c.peerCtx, "unauthorized request", slog.Error(err))
-		return xerrors.Errorf("authorize request: %w", err)
+		return agpl.AuthorizationError{Wrapped: err}
 	}
 
 	if req.UpdateSelf != nil {
 
@@ -10,6 +10,7 @@ import (
 	"cdr.dev/slog/sloggers/slogtest"
 	"github.com/coder/coder/v2/coderd/database/dbtestutil"
 	"github.com/coder/coder/v2/enterprise/tailnet"
+	agpl "github.com/coder/coder/v2/tailnet"
 	agpltest "github.com/coder/coder/v2/tailnet/test"
 	"github.com/coder/coder/v2/testutil"
 )
@@ -77,7 +78,7 @@ func TestPGCoordinator_MultiAgent_CoordClose(t *testing.T) {
 	err = coord1.Close()
 	require.NoError(t, err)
 
-	ma1.AssertEventuallyResponsesClosed()
+	ma1.AssertEventuallyResponsesClosed(agpl.CloseErrCoordinatorClose)
 }
 
 // TestPGCoordinator_MultiAgent_UnsubscribeRace tests a single coordinator with
 
@@ -37,6 +37,7 @@ const (
 	numHandshakerWorkers   = 5
 	dbMaxBackoff           = 10 * time.Second
 	cleanupPeriod          = time.Hour
+	CloseErrUnhealthy      = "coordinator unhealthy"
 )
 
 // pgCoord is a postgres-backed coordinator
@@ -235,6 +236,7 @@ func (c *pgCoord) Coordinate(
 		c.logger.Info(ctx, "closed incoming coordinate call while unhealthy",
 			slog.F("peer_id", id),
 		)
+		resps <- &proto.CoordinateResponse{Error: CloseErrUnhealthy}
 		close(resps)
 		return reqs, resps
 	}
@@ -882,6 +884,7 @@ func (q *querier) newConn(c *connIO) {
 	q.mu.Lock()
 	defer q.mu.Unlock()
 	if !q.healthy {
+		_ = c.Enqueue(&proto.CoordinateResponse{Error: CloseErrUnhealthy})
 		err := c.Close()
 		// This can only happen during a narrow window where we were healthy
 		// when pgCoord checked before accepting the connection, but now are
@@ -1271,6 +1274,7 @@ func (q *querier) unhealthyCloseAll() {
 	for _, mpr := range q.mappers {
 		// close connections async so that we don't block the querier routine that responds to updates
 		go func(c *connIO) {
+			_ = c.Enqueue(&proto.CoordinateResponse{Error: CloseErrUnhealthy})
 			err := c.Close()
 			if err != nil {
 				q.logger.Debug(q.ctx, "error closing conn while unhealthy", slog.Error(err))
 
@@ -427,7 +427,9 @@ func TestPGCoordinatorUnhealthy(t *testing.T) {
 
 	pID := uuid.UUID{5}
 	_, resps := coordinator.Coordinate(ctx, pID, "test", agpl.AgentCoordinateeAuth{ID: pID})
-	resp := testutil.TryReceive(ctx, t, resps)
+	resp := testutil.RequireReceive(ctx, t, resps)
+	require.Equal(t, CloseErrUnhealthy, resp.Error)
+	resp = testutil.TryReceive(ctx, t, resps)
 	require.Nil(t, resp, "channel should be closed")
 
 	// give the coordinator some time to process any pending work.  We are
 
@@ -118,15 +118,15 @@ func TestPGCoordinatorSingle_AgentInvalidIP(t *testing.T) {
 
 	agent := agpltest.NewAgent(ctx, t, coordinator, "agent")
 	defer agent.Close(ctx)
+	prefix := agpl.TailscaleServicePrefix.RandomPrefix()
 	agent.UpdateNode(&proto.Node{
-		Addresses: []string{
-			agpl.TailscaleServicePrefix.RandomPrefix().String(),
-		},
+		Addresses:     []string{prefix.String()},
 		PreferredDerp: 10,
 	})
 
 	// The agent connection should be closed immediately after sending an invalid addr
-	agent.AssertEventuallyResponsesClosed()
+	agent.AssertEventuallyResponsesClosed(
+		agpl.AuthorizationError{Wrapped: agpl.InvalidNodeAddressError{Addr: prefix.Addr().String()}}.Error())
 	assertEventuallyLost(ctx, t, store, agent.ID)
 }
 
@@ -153,7 +153,8 @@ func TestPGCoordinatorSingle_AgentInvalidIPBits(t *testing.T) {
 	})
 
 	// The agent connection should be closed immediately after sending an invalid addr
-	agent.AssertEventuallyResponsesClosed()
+	agent.AssertEventuallyResponsesClosed(
+		agpl.AuthorizationError{Wrapped: agpl.InvalidAddressBitsError{Bits: 64}}.Error())
 	assertEventuallyLost(ctx, t, store, agent.ID)
 }
 
@@ -493,19 +494,19 @@ func TestPGCoordinatorDual_Mainline(t *testing.T) {
 	require.NoError(t, err)
 
 	// this closes agent2, client22, client21
-	agent2.AssertEventuallyResponsesClosed()
-	client22.AssertEventuallyResponsesClosed()
-	client21.AssertEventuallyResponsesClosed()
+	agent2.AssertEventuallyResponsesClosed(agpl.CloseErrCoordinatorClose)
+	client22.AssertEventuallyResponsesClosed(agpl.CloseErrCoordinatorClose)
+	client21.AssertEventuallyResponsesClosed(agpl.CloseErrCoordinatorClose)
 	assertEventuallyLost(ctx, t, store, agent2.ID)
 	assertEventuallyLost(ctx, t, store, client21.ID)
 	assertEventuallyLost(ctx, t, store, client22.ID)
 
 	err = coord1.Close()
 	require.NoError(t, err)
 	// this closes agent1, client12, client11
-	agent1.AssertEventuallyResponsesClosed()
-	client12.AssertEventuallyResponsesClosed()
-	client11.AssertEventuallyResponsesClosed()
+	agent1.AssertEventuallyResponsesClosed(agpl.CloseErrCoordinatorClose)
+	client12.AssertEventuallyResponsesClosed(agpl.CloseErrCoordinatorClose)
+	client11.AssertEventuallyResponsesClosed(agpl.CloseErrCoordinatorClose)
 	assertEventuallyLost(ctx, t, store, agent1.ID)
 	assertEventuallyLost(ctx, t, store, client11.ID)
 	assertEventuallyLost(ctx, t, store, client12.ID)
@@ -636,12 +637,12 @@ func TestPGCoordinator_Unhealthy(t *testing.T) {
 		}
 	}
 	// connected agent should be disconnected
-	agent1.AssertEventuallyResponsesClosed()
+	agent1.AssertEventuallyResponsesClosed(tailnet.CloseErrUnhealthy)
 
 	// new agent should immediately disconnect
 	agent2 := agpltest.NewAgent(ctx, t, uut, "agent2")
 	defer agent2.Close(ctx)
-	agent2.AssertEventuallyResponsesClosed()
+	agent2.AssertEventuallyResponsesClosed(tailnet.CloseErrUnhealthy)
 
 	// next heartbeats succeed, so we are healthy
 	for i := 0; i < 2; i++ {
@@ -836,7 +837,7 @@ func TestPGCoordinatorDual_FailedHeartbeat(t *testing.T) {
 	// we eventually disconnect from the coordinator.
 	err = sdb1.Close()
 	require.NoError(t, err)
-	p1.AssertEventuallyResponsesClosed()
+	p1.AssertEventuallyResponsesClosed(tailnet.CloseErrUnhealthy)
 	p2.AssertEventuallyLost(p1.ID)
 	// This basically checks that peer2 had no update
 	// performed on their status since we are connected
@@ -891,7 +892,7 @@ func TestPGCoordinatorDual_PeerReconnect(t *testing.T) {
 	// never send a DISCONNECTED update.
 	err = c1.Close()
 	require.NoError(t, err)
-	p1.AssertEventuallyResponsesClosed()
+	p1.AssertEventuallyResponsesClosed(agpl.CloseErrCoordinatorClose)
 	p2.AssertEventuallyLost(p1.ID)
 	// This basically checks that peer2 had no update
 	// performed on their status since we are connected
 
@@ -284,6 +284,11 @@ func (c *BasicCoordination) respLoop() {
 			return
 		}
 
+		if resp.Error != "" {
+			c.logger.Error(context.Background(),
+				"coordination protocol error", slog.F("error", resp.Error))
+		}
+
 		err = c.coordinatee.UpdatePeers(resp.GetPeerUpdates())
 		if err != nil {
 			c.logger.Debug(context.Background(), "failed to update peers", slog.Error(err))
 
@@ -24,7 +24,9 @@ const (
 	// dropping updates
 	ResponseBufferSize = 512
 	// RequestBufferSize is the max number of requests to buffer per connection
-	RequestBufferSize = 32
+	RequestBufferSize        = 32
+	CloseErrOverwritten      = "peer ID overwritten by new connection"
+	CloseErrCoordinatorClose = "coordinator closed"
 )
 
 // Coordinator exchanges nodes with agents to establish connections.
@@ -97,6 +99,18 @@ var (
 	ErrAlreadyRemoved = xerrors.New("already removed")
 )
 
+type AuthorizationError struct {
+	Wrapped error
+}
+
+func (e AuthorizationError) Error() string {
+	return fmt.Sprintf("authorization: %s", e.Wrapped.Error())
+}
+
+func (e AuthorizationError) Unwrap() error {
+	return e.Wrapped
+}
+
 // NewCoordinator constructs a new in-memory connection coordinator. This
 // coordinator is incompatible with multiple Coder replicas as all node data is
 // in-memory.
@@ -161,8 +175,12 @@ func (c *coordinator) Coordinate(
 	c.wg.Add(1)
 	go func() {
 		defer c.wg.Done()
-		p.reqLoop(ctx, logger, c.core.handleRequest)
-		err := c.core.lostPeer(p)
+		loopErr := p.reqLoop(ctx, logger, c.core.handleRequest)
+		closeErrStr := ""
+		if loopErr != nil {
+			closeErrStr = loopErr.Error()
+		}
+		err := c.core.lostPeer(p, closeErrStr)
 		if xerrors.Is(err, ErrClosed) || xerrors.Is(err, ErrAlreadyRemoved) {
 			return
 		}
@@ -227,7 +245,7 @@ func (c *core) handleRequest(ctx context.Context, p *peer, req *proto.Coordinate
 	}
 
 	if err := pr.auth.Authorize(ctx, req); err != nil {
-		return xerrors.Errorf("authorize request: %w", err)
+		return AuthorizationError{Wrapped: err}
 	}
 
 	if req.UpdateSelf != nil {
@@ -270,7 +288,7 @@ func (c *core) handleRequest(ctx context.Context, p *peer, req *proto.Coordinate
 		}
 	}
 	if req.Disconnect != nil {
-		c.removePeerLocked(p.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "graceful disconnect")
+		c.removePeerLocked(p.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "graceful disconnect", "")
 	}
 	if rfhs := req.ReadyForHandshake; rfhs != nil {
 		err := c.handleReadyForHandshakeLocked(pr, rfhs)
@@ -344,7 +362,7 @@ func (c *core) updateTunnelPeersLocked(id uuid.UUID, n *proto.Node, k proto.Coor
 		err := other.updateMappingLocked(id, n, k, reason)
 		if err != nil {
 			other.logger.Error(context.Background(), "failed to update mapping", slog.Error(err))
-			c.removePeerLocked(other.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update")
+			c.removePeerLocked(other.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update", "failed to update tunnel peer mapping")
 		}
 	}
 }
@@ -360,7 +378,8 @@ func (c *core) addTunnelLocked(src *peer, dstID uuid.UUID) error {
 			err := src.updateMappingLocked(dstID, dst.node, proto.CoordinateResponse_PeerUpdate_NODE, "add tunnel")
 			if err != nil {
 				src.logger.Error(context.Background(), "failed update of tunnel src", slog.Error(err))
-				c.removePeerLocked(src.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update")
+				c.removePeerLocked(src.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update",
+					"failed to update tunnel dest mapping")
 				// if the source fails, then the tunnel is also removed and there is no reason to continue
 				// processing.
 				return err
@@ -370,7 +389,8 @@ func (c *core) addTunnelLocked(src *peer, dstID uuid.UUID) error {
 			err := dst.updateMappingLocked(src.id, src.node, proto.CoordinateResponse_PeerUpdate_NODE, "add tunnel")
 			if err != nil {
 				dst.logger.Error(context.Background(), "failed update of tunnel dst", slog.Error(err))
-				c.removePeerLocked(dst.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update")
+				c.removePeerLocked(dst.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update",
+					"failed to update tunnel src mapping")
 			}
 		}
 	}
@@ -381,7 +401,7 @@ func (c *core) removeTunnelLocked(src *peer, dstID uuid.UUID) error {
 	err := src.updateMappingLocked(dstID, nil, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "remove tunnel")
 	if err != nil {
 		src.logger.Error(context.Background(), "failed to update", slog.Error(err))
-		c.removePeerLocked(src.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update")
+		c.removePeerLocked(src.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update", "failed to remove tunnel dest mapping")
 		// removing the peer also removes all other tunnels and notifies destinations, so it's safe to
 		// return here.
 		return err
@@ -391,7 +411,7 @@ func (c *core) removeTunnelLocked(src *peer, dstID uuid.UUID) error {
 		err = dst.updateMappingLocked(src.id, nil, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "remove tunnel")
 		if err != nil {
 			dst.logger.Error(context.Background(), "failed to update", slog.Error(err))
-			c.removePeerLocked(dst.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update")
+			c.removePeerLocked(dst.id, proto.CoordinateResponse_PeerUpdate_DISCONNECTED, "failed update", "failed to remove tunnel src mapping")
 			// don't return here because we still want to remove the tunnel, and an error at the
 			// destination doesn't count as an error removing the tunnel at the source.
 		}
@@ -413,6 +433,11 @@ func (c *core) initPeer(p *peer) error {
 	if old, ok := c.peers[p.id]; ok {
 		// rare and interesting enough to log at Info, but it isn't an error per se
 		old.logger.Info(context.Background(), "overwritten by new connection")
+		select {
+		case old.resps <- &proto.CoordinateResponse{Error: CloseErrOverwritten}:
+		default:
+			// pass
+		}
 		close(old.resps)
 		p.overwrites = old.overwrites + 1
 	}
@@ -433,7 +458,7 @@ func (c *core) initPeer(p *peer) error {
 
 // removePeer removes and cleans up a lost peer.  It updates all peers it shares a tunnel with, deletes
 // all tunnels from which the removed peer is the source.
-func (c *core) lostPeer(p *peer) error {
+func (c *core) lostPeer(p *peer, closeErr string) error {
 	c.mutex.Lock()
 	defer c.mutex.Unlock()
 	c.logger.Debug(context.Background(), "lostPeer", slog.F("peer_id", p.id))
@@ -443,18 +468,25 @@ func (c *core) lostPeer(p *peer) error {
 	if existing, ok := c.peers[p.id]; !ok || existing != p {
 		return ErrAlreadyRemoved
 	}
-	c.removePeerLocked(p.id, proto.CoordinateResponse_PeerUpdate_LOST, "lost")
+	c.removePeerLocked(p.id, proto.CoordinateResponse_PeerUpdate_LOST, "lost", closeErr)
 	return nil
 }
 
-func (c *core) removePeerLocked(id uuid.UUID, kind proto.CoordinateResponse_PeerUpdate_Kind, reason string) {
+func (c *core) removePeerLocked(id uuid.UUID, kind proto.CoordinateResponse_PeerUpdate_Kind, reason, closeErr string) {
 	p, ok := c.peers[id]
 	if !ok {
 		c.logger.Critical(context.Background(), "removed non-existent peer %s", id)
 		return
 	}
 	c.updateTunnelPeersLocked(id, nil, kind, reason)
 	c.tunnels.removeAll(id)
+	if closeErr != "" {
+		select {
+		case p.resps <- &proto.CoordinateResponse{Error: closeErr}:
+		default:
+			// blocked, pass.
+		}
+	}
 	close(p.resps)
 	delete(c.peers, id)
 }
@@ -487,7 +519,8 @@ func (c *core) close() error {
 	for id := range c.peers {
 		// when closing, mark them as LOST so that we don't disrupt in-progress
 		// connections.
-		c.removePeerLocked(id, proto.CoordinateResponse_PeerUpdate_LOST, "coordinator close")
+		c.removePeerLocked(id, proto.CoordinateResponse_PeerUpdate_LOST, "coordinator close",
+			CloseErrCoordinatorClose)
 	}
 	return nil
 }
Original file line number	Diff line number	Diff line change
`@@ -113,6 +113,7 @@ func (c *connIO) recvLoop() {`
`113`	`113`	`select {`
`114`	`114`	`case <-c.coordCtx.Done():`
`115`	`115`	`c.logger.Debug(c.coordCtx, "exiting io recvLoop; coordinator exit")`
	`116`	`+ _ = c.Enqueue(&proto.CoordinateResponse{Error: agpl.CloseErrCoordinatorClose})`
`116`	`117`	`return`
`117`	`118`	`case <-c.peerCtx.Done():`
`118`	`119`	`c.logger.Debug(c.peerCtx, "exiting io recvLoop; peer context canceled")`
`@@ -123,6 +124,9 @@ func (c *connIO) recvLoop() {`
`123`	`124`	`return`
`124`	`125`	`}`
`125`	`126`	`if err := c.handleRequest(req); err != nil {`
	`127`	`+ if !xerrors.Is(err, errDisconnect) {`
	`128`	`+ _ = c.Enqueue(&proto.CoordinateResponse{Error: err.Error()})`
	`129`	`+ }`
`126`	`130`	`return`
`127`	`131`	`}`
`128`	`132`	`}`
`@@ -136,7 +140,7 @@ func (c connIO) handleRequest(req proto.CoordinateRequest) error {`
`136`	`140`	`err := c.auth.Authorize(c.peerCtx, req)`
`137`	`141`	`if err != nil {`
`138`	`142`	`c.logger.Warn(c.peerCtx, "unauthorized request", slog.Error(err))`
`139`		`- return xerrors.Errorf("authorize request: %w", err)`
	`143`	`+ return agpl.AuthorizationError{Wrapped: err}`
`140`	`144`	`}`
`141`	`145`
`142`	`146`	`if req.UpdateSelf != nil {`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ import (`
`10`	`10`	`"cdr.dev/slog/sloggers/slogtest"`
`11`	`11`	`"github.com/coder/coder/v2/coderd/database/dbtestutil"`
`12`	`12`	`"github.com/coder/coder/v2/enterprise/tailnet"`
	`13`	`+ agpl "github.com/coder/coder/v2/tailnet"`
`13`	`14`	`agpltest "github.com/coder/coder/v2/tailnet/test"`
`14`	`15`	`"github.com/coder/coder/v2/testutil"`
`15`	`16`	`)`
`@@ -77,7 +78,7 @@ func TestPGCoordinator_MultiAgent_CoordClose(t *testing.T) {`
`77`	`78`	`err = coord1.Close()`
`78`	`79`	`require.NoError(t, err)`
`79`	`80`
`80`		`- ma1.AssertEventuallyResponsesClosed()`
	`81`	`+ ma1.AssertEventuallyResponsesClosed(agpl.CloseErrCoordinatorClose)`
`81`	`82`	`}`
`82`	`83`
`83`	`84`	`// TestPGCoordinator_MultiAgent_UnsubscribeRace tests a single coordinator with`