wgengine: stop importing flowtrack when unused

Updates #12614

Change-Id: I42b5c4d623d356af4bee5bbdabaaf0f6822f2bf4
Signed-off-by: Brad Fitzpatrick <[email protected]>

cmd/k8s-operator/depaware.txt

@@ -753,7 +753,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
         tailscale.com/net/dns/resolver                               from tailscale.com/net/dns+
         tailscale.com/net/dnscache                                   from tailscale.com/control/controlclient+
         tailscale.com/net/dnsfallback                                from tailscale.com/control/controlclient+
-        tailscale.com/net/flowtrack                                  from tailscale.com/net/packet+
+        tailscale.com/net/flowtrack                                  from tailscale.com/wgengine+
         tailscale.com/net/ipset                                      from tailscale.com/ipn/ipnlocal+
         tailscale.com/net/memnet                                     from tailscale.com/tsnet
         tailscale.com/net/netaddr                                    from tailscale.com/ipn+

cmd/tailscaled/depaware-min.txt

@@ -86,7 +86,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/net/dns/resolver                               from tailscale.com/net/dns+
         tailscale.com/net/dnscache                                   from tailscale.com/control/controlclient+
         tailscale.com/net/dnsfallback                                from tailscale.com/cmd/tailscaled+
-        tailscale.com/net/flowtrack                                  from tailscale.com/net/packet+
+        tailscale.com/net/flowtrack                                  from tailscale.com/wgengine/filter
         tailscale.com/net/ipset                                      from tailscale.com/ipn/ipnlocal+
         tailscale.com/net/netaddr                                    from tailscale.com/ipn+
         tailscale.com/net/netcheck                                   from tailscale.com/ipn/ipnlocal+

cmd/tailscaled/depaware-minbox.txt

@@ -110,7 +110,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/net/dns/resolver                               from tailscale.com/net/dns+
         tailscale.com/net/dnscache                                   from tailscale.com/control/controlclient+
         tailscale.com/net/dnsfallback                                from tailscale.com/cmd/tailscaled+
-        tailscale.com/net/flowtrack                                  from tailscale.com/net/packet+
+        tailscale.com/net/flowtrack                                  from tailscale.com/wgengine/filter
         tailscale.com/net/ipset                                      from tailscale.com/ipn/ipnlocal+
         tailscale.com/net/netaddr                                    from tailscale.com/ipn+
         tailscale.com/net/netcheck                                   from tailscale.com/ipn/ipnlocal+

cmd/tailscaled/depaware.txt

@@ -335,7 +335,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/net/dns/resolver                               from tailscale.com/net/dns+
         tailscale.com/net/dnscache                                   from tailscale.com/control/controlclient+
         tailscale.com/net/dnsfallback                                from tailscale.com/cmd/tailscaled+
-        tailscale.com/net/flowtrack                                  from tailscale.com/net/packet+
+        tailscale.com/net/flowtrack                                  from tailscale.com/wgengine+
         tailscale.com/net/ipset                                      from tailscale.com/ipn/ipnlocal+
         tailscale.com/net/netaddr                                    from tailscale.com/ipn+
         tailscale.com/net/netcheck                                   from tailscale.com/wgengine/magicsock+

cmd/tsidp/depaware.txt

@@ -181,7 +181,7 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
         tailscale.com/net/dns/resolver                               from tailscale.com/net/dns+
         tailscale.com/net/dnscache                                   from tailscale.com/control/controlclient+
         tailscale.com/net/dnsfallback                                from tailscale.com/control/controlclient+
-        tailscale.com/net/flowtrack                                  from tailscale.com/net/packet+
+        tailscale.com/net/flowtrack                                  from tailscale.com/wgengine+
         tailscale.com/net/ipset                                      from tailscale.com/ipn/ipnlocal+
         tailscale.com/net/memnet                                     from tailscale.com/tsnet
         tailscale.com/net/netaddr                                    from tailscale.com/ipn+

net/packet/tsmp.go

@@ -15,7 +15,6 @@ import (
 	"fmt"
 	"net/netip"
 
-	"tailscale.com/net/flowtrack"
 	"tailscale.com/types/ipproto"
 )
 
@@ -58,10 +57,6 @@ type TailscaleRejectedHeader struct {
 
 const rejectFlagBitMaybeBroken = 0x1
 
-func (rh TailscaleRejectedHeader) Flow() flowtrack.Tuple {
-	return flowtrack.MakeTuple(rh.Proto, rh.Src, rh.Dst)
-}
-
 func (rh TailscaleRejectedHeader) String() string {
 	return fmt.Sprintf("TSMP-reject-flow{%s %s > %s}: %s", rh.Proto, rh.Src, rh.Dst, rh.Reason)
 }

tsnet/depaware.txt

@@ -177,7 +177,7 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
         tailscale.com/net/dns/resolver                               from tailscale.com/net/dns+
         tailscale.com/net/dnscache                                   from tailscale.com/control/controlclient+
         tailscale.com/net/dnsfallback                                from tailscale.com/control/controlclient+
-        tailscale.com/net/flowtrack                                  from tailscale.com/net/packet+
+        tailscale.com/net/flowtrack                                  from tailscale.com/wgengine+
         tailscale.com/net/ipset                                      from tailscale.com/ipn/ipnlocal+
         tailscale.com/net/memnet                                     from tailscale.com/tsnet
         tailscale.com/net/netaddr                                    from tailscale.com/ipn+

wgengine/pendopen.go

@@ -1,6 +1,8 @@
 // Copyright (c) Tailscale Inc & AUTHORS
 // SPDX-License-Identifier: BSD-3-Clause
 
+//go:build !ts_omit_debug
+
 package wgengine
 
 import (
@@ -20,6 +22,8 @@ import (
 	"tailscale.com/wgengine/filter"
 )
 
+type flowtrackTuple = flowtrack.Tuple
+
 const tcpTimeoutBeforeDebug = 5 * time.Second
 
 type pendingOpenFlow struct {
@@ -56,6 +60,10 @@ func (e *userspaceEngine) noteFlowProblemFromPeer(f flowtrack.Tuple, problem pac
 	of.problem = problem
 }
 
+func tsRejectFlow(rh packet.TailscaleRejectedHeader) flowtrack.Tuple {
+	return flowtrack.MakeTuple(rh.Proto, rh.Src, rh.Dst)
+}
+
 func (e *userspaceEngine) trackOpenPreFilterIn(pp *packet.Parsed, t *tstun.Wrapper) (res filter.Response) {
 	res = filter.Accept // always
 
@@ -66,8 +74,8 @@ func (e *userspaceEngine) trackOpenPreFilterIn(pp *packet.Parsed, t *tstun.Wrapp
 			return
 		}
 		if rh.MaybeBroken {
-			e.noteFlowProblemFromPeer(rh.Flow(), rh.Reason)
-		} else if f := rh.Flow(); e.removeFlow(f) {
+			e.noteFlowProblemFromPeer(tsRejectFlow(rh), rh.Reason)
+		} else if f := tsRejectFlow(rh); e.removeFlow(f) {
 			e.logf("open-conn-track: flow %v %v > %v rejected due to %v", rh.Proto, rh.Src, rh.Dst, rh.Reason)
 		}
 		return

wgengine/pendopen_omit.go

@@ -0,0 +1,24 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+//go:build ts_omit_debug
+
+package wgengine
+
+import (
+	"tailscale.com/net/packet"
+	"tailscale.com/net/tstun"
+	"tailscale.com/wgengine/filter"
+)
+
+type flowtrackTuple = struct{}
+
+type pendingOpenFlow struct{}
+
+func (*userspaceEngine) trackOpenPreFilterIn(pp *packet.Parsed, t *tstun.Wrapper) (res filter.Response) {
+	panic("unreachable")
+}
+
+func (*userspaceEngine) trackOpenPostFilterOut(pp *packet.Parsed, t *tstun.Wrapper) (res filter.Response) {
+	panic("unreachable")
+}

wgengine/userspace.go

@@ -29,7 +29,6 @@ import (
 	"tailscale.com/ipn/ipnstate"
 	"tailscale.com/net/dns"
 	"tailscale.com/net/dns/resolver"
-	"tailscale.com/net/flowtrack"
 	"tailscale.com/net/ipset"
 	"tailscale.com/net/netmon"
 	"tailscale.com/net/packet"
@@ -147,7 +146,7 @@ type userspaceEngine struct {
 	statusCallback StatusCallback
 	peerSequence   []key.NodePublic
 	endpoints      []tailcfg.Endpoint
-	pendOpen       map[flowtrack.Tuple]*pendingOpenFlow // see pendopen.go
+	pendOpen       map[flowtrackTuple]*pendingOpenFlow // see pendopen.go
 
 	// pongCallback is the map of response handlers waiting for disco or TSMP
 	// pong callbacks. The map key is a random slice of bytes.