TUN-8861: Add session limiter to UDP session manager

## Summary In order to make cloudflared behavior more predictable and prevent an exhaustion of resources, we have decided to add session limits that can be configured by the user. This first commit introduces the session limiter and adds it to the UDP handling path. For now the limiter is set to run only in unlimited mode.
2025-07-28 19:59:57 +00:00 · 2025-01-20 02:52:32 -08:00
parent 8918b6729e
commit bf4954e96a
66 changed files with 3409 additions and 1184 deletions
--- a/vendor/golang.org/x/tools/go/packages/packages.go
+++ b/vendor/golang.org/x/tools/go/packages/packages.go
@@ -37,10 +37,20 @@ import (
 // A LoadMode controls the amount of detail to return when loading.
 // The bits below can be combined to specify which fields should be
 // filled in the result packages.
+//
 // The zero value is a special case, equivalent to combining
 // the NeedName, NeedFiles, and NeedCompiledGoFiles bits.
+//
 // ID and Errors (if present) will always be filled.
-// Load may return more information than requested.
+// [Load] may return more information than requested.
+//
+// Unfortunately there are a number of open bugs related to
+// interactions among the LoadMode bits:
+// - https://github.com/golang/go/issues/48226
+// - https://github.com/golang/go/issues/56633
+// - https://github.com/golang/go/issues/56677
+// - https://github.com/golang/go/issues/58726
+// - https://github.com/golang/go/issues/63517
 type LoadMode int

 const (
@@ -123,7 +133,14 @@ const (

 // A Config specifies details about how packages should be loaded.
 // The zero value is a valid configuration.
+//
 // Calls to Load do not modify this struct.
+//
+// TODO(adonovan): #67702: this is currently false: in fact,
+// calls to [Load] do not modify the public fields of this struct, but
+// may modify hidden fields, so concurrent calls to [Load] must not
+// use the same Config. But perhaps we should reestablish the
+// documented invariant.
 type Config struct {
 	// Mode controls the level of information returned for each package.
 	Mode LoadMode
@@ -199,13 +216,23 @@ type Config struct {
 	// setting Tests may have no effect.
 	Tests bool

-	// Overlay provides a mapping of absolute file paths to file contents.
-	// If the file with the given path already exists, the parser will use the
-	// alternative file contents provided by the map.
+	// Overlay is a mapping from absolute file paths to file contents.
 	//
-	// Overlays provide incomplete support for when a given file doesn't
-	// already exist on disk. See the package doc above for more details.
+	// For each map entry, [Load] uses the alternative file
+	// contents provided by the overlay mapping instead of reading
+	// from the file system. This mechanism can be used to enable
+	// editor-integrated tools to correctly analyze the contents
+	// of modified but unsaved buffers, for example.
+	//
+	// The overlay mapping is passed to the build system's driver
+	// (see "The driver protocol") so that it too can report
+	// consistent package metadata about unsaved files. However,
+	// drivers may vary in their level of support for overlays.
 	Overlay map[string][]byte
+
+	// goListOverlayFile is the JSON file that encodes the Overlay
+	// mapping, used by 'go list -overlay=...'
+	goListOverlayFile string
 }

 // Load loads and returns the Go packages named by the given patterns.
@@ -213,6 +240,20 @@ type Config struct {
 // Config specifies loading options;
 // nil behaves the same as an empty Config.
 //
+// The [Config.Mode] field is a set of bits that determine what kinds
+// of information should be computed and returned. Modes that require
+// more information tend to be slower. See [LoadMode] for details
+// and important caveats. Its zero value is equivalent to
+// NeedName | NeedFiles | NeedCompiledGoFiles.
+//
+// Each call to Load returns a new set of [Package] instances.
+// The Packages and their Imports form a directed acyclic graph.
+//
+// If the [NeedTypes] mode flag was set, each call to Load uses a new
+// [types.Importer], so [types.Object] and [types.Type] values from
+// different calls to Load must not be mixed as they will have
+// inconsistent notions of type identity.
+//
 // If any of the patterns was invalid as defined by the
 // underlying build system, Load returns an error.
 // It may return an empty list of packages without an error,
@@ -286,6 +327,17 @@ func defaultDriver(cfg *Config, patterns ...string) (*DriverResponse, bool, erro
 		// (fall through)
 	}

+	// go list fallback
+	//
+	// Write overlays once, as there are many calls
+	// to 'go list' (one per chunk plus others too).
+	overlay, cleanupOverlay, err := gocommand.WriteOverlays(cfg.Overlay)
+	if err != nil {
+		return nil, false, err
+	}
+	defer cleanupOverlay()
+	cfg.goListOverlayFile = overlay
+
 	response, err := callDriverOnChunks(goListDriver, cfg, chunks)
 	if err != nil {
 		return nil, false, err
@@ -365,6 +417,9 @@ func mergeResponses(responses ...*DriverResponse) *DriverResponse {
 }

 // A Package describes a loaded Go package.
+//
+// It also defines part of the JSON schema of [DriverResponse].
+// See the package documentation for an overview.
 type Package struct {
 	// ID is a unique identifier for a package,
 	// in a syntax provided by the underlying build system.
@@ -423,6 +478,13 @@ type Package struct {
 	// to corresponding loaded Packages.
 	Imports map[string]*Package

+	// Module is the module information for the package if it exists.
+	//
+	// Note: it may be missing for std and cmd; see Go issue #65816.
+	Module *Module
+
+	// -- The following fields are not part of the driver JSON schema. --
+
 	// Types provides type information for the package.
 	// The NeedTypes LoadMode bit sets this field for packages matching the
 	// patterns; type information for dependencies may be missing or incomplete,
@@ -431,15 +493,15 @@ type Package struct {
 	// Each call to [Load] returns a consistent set of type
 	// symbols, as defined by the comment at [types.Identical].
 	// Avoid mixing type information from two or more calls to [Load].
-	Types *types.Package
+	Types *types.Package `json:"-"`

 	// Fset provides position information for Types, TypesInfo, and Syntax.
 	// It is set only when Types is set.
-	Fset *token.FileSet
+	Fset *token.FileSet `json:"-"`

 	// IllTyped indicates whether the package or any dependency contains errors.
 	// It is set only when Types is set.
-	IllTyped bool
+	IllTyped bool `json:"-"`

 	// Syntax is the package's syntax trees, for the files listed in CompiledGoFiles.
 	//
@@ -449,26 +511,28 @@ type Package struct {
 	//
 	// Syntax is kept in the same order as CompiledGoFiles, with the caveat that nils are
 	// removed.  If parsing returned nil, Syntax may be shorter than CompiledGoFiles.
-	Syntax []*ast.File
+	Syntax []*ast.File `json:"-"`

 	// TypesInfo provides type information about the package's syntax trees.
 	// It is set only when Syntax is set.
-	TypesInfo *types.Info
+	TypesInfo *types.Info `json:"-"`

 	// TypesSizes provides the effective size function for types in TypesInfo.
-	TypesSizes types.Sizes
+	TypesSizes types.Sizes `json:"-"`
+
+	// -- internal --

 	// forTest is the package under test, if any.
 	forTest string

 	// depsErrors is the DepsErrors field from the go list response, if any.
 	depsErrors []*packagesinternal.PackageError
-
-	// module is the module information for the package if it exists.
-	Module *Module
 }

 // Module provides module information for a package.
+//
+// It also defines part of the JSON schema of [DriverResponse].
+// See the package documentation for an overview.
 type Module struct {
 	Path      string       // module path
 	Version   string       // module version
@@ -601,6 +665,7 @@ func (p *Package) UnmarshalJSON(b []byte) error {
 		OtherFiles:      flat.OtherFiles,
 		EmbedFiles:      flat.EmbedFiles,
 		EmbedPatterns:   flat.EmbedPatterns,
+		IgnoredFiles:    flat.IgnoredFiles,
 		ExportFile:      flat.ExportFile,
 	}
 	if len(flat.Imports) > 0 {