mirrors/tailscale
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity
4,488 Commits 1 Branch 0 Tags
9b71008ef2053892eae7ca5e8d4679750e69de62
Commit Graph

221 Commits

Author SHA1 Message Date
Josh Bleecher Snyder
efb08e4fee all: use IsZero methods 
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2020-09-30 17:13:41 -07:00
Brad Fitzpatrick
c8f257df00 Revert "all: keep UserProfiles a slice instead of a map for longer" 
This reverts commit e5894aba42.

Breaks macOS/iOS build. Reverting per chat with Josh; he'll fix later today.
 2020-09-30 08:43:31 -07:00
Josh Bleecher Snyder
1fecf87363 control/controlclient: use wgcfg.PrivateKey.IsZero 
Generated by eg using template:

---

package p

import "github.com/tailscale/wireguard-go/wgcfg"

func before(k wgcfg.PrivateKey) bool { return k == wgcfg.PrivateKey{} }
func after(k wgcfg.PrivateKey) bool  { return k.IsZero() }


Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2020-09-29 17:50:40 -07:00
Josh Bleecher Snyder
e5894aba42 all: keep UserProfiles a slice instead of a map for longer 
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2020-09-29 11:36:35 -07:00
Josh Bleecher Snyder
4d4ca2e496 control/controlclient: remove Roles fields from client 
They are unused.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2020-09-29 11:36:35 -07:00
Brad Fitzpatrick
904a91038a tailcfg: add MapRequest.ReadOnly and OmitPeers; remove DebugForceDisco 
DebugForceDisco was a development & safety knob during the the transition
to discovery. It's no longer needed.

Add MapRequest.ReadOnly to prevent clients needing to do two
peer-spamming MapRequest at start-up.

This only adds the field, not the use of the field. (The control server
needs to support it first.)

Updates tailscale/corp#557

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-09-17 12:07:49 -07:00
Brad Fitzpatrick
88107b1287 control/controlclient: add TS_DEBUG_MAPRESPONSE to dump all MapResponses 
I'm always adding this by hand during development. Time to check it in.
 2020-09-15 09:54:52 -07:00
Brad Fitzpatrick
28f9cd06f5 tshttpproxy, controlclient, derphttp, logpolicy: send Negotiate auth to proxies 
For Windows only, and only when built with Tailscale's Go tree.

Updates tailscale/corp#583
 2020-08-26 20:08:05 -07:00
Brad Fitzpatrick
9337a99dff tailcfg, wgengine, controlclient: add control-side gating of lazy WG config 2020-08-20 13:21:25 -07:00
Brad Fitzpatrick
c5eb57f4d6 net/tshttpproxy: new package, support WPAD/PAC proxies on Windows 
Updates tailscale/corp#553

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-08-18 15:40:56 -07:00
Brad Fitzpatrick
f6dc47efe4 tailcfg, controlclient, magicsock: add control feature flag to enable DRPO 
Updates #150
 2020-08-17 13:01:39 -07:00
Brad Fitzpatrick
696020227c tailcfg, control/controlclient: support delta-encoded netmaps 
Should greatly reduce bandwidth for large networks (including our
hello.ipn.dev node).

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-08-07 21:49:49 -07:00
Brad Fitzpatrick
5590daa97d control/controlclient: reset timeout timer on non-keepalive map updates 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-08-06 21:30:17 -07:00
Dmytro Shynkevych
28e52a0492 all: dns refactor, add Proxied and PerDomain flags from control (#615) 
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
 2020-07-31 16:27:09 -04:00
Dmytro Shynkevych
c7582dc234 ipn: fix netmap change tracking and dns map generation (#609) 
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
 2020-07-28 21:47:23 -04:00
Brad Fitzpatrick
cd21ba0a71 tailcfg, control/controlclient: add GoArch, populate OSVersion on Linux 2020-07-27 21:14:28 -07:00
Brad Fitzpatrick
96994ec431 control/controlclient: fix a couple more data races 2020-07-09 11:42:43 -07:00
Brad Fitzpatrick
a8b95571fb ipn, control/controlclient: fix some data races 
More remain.

Fixes tailscale/corp#432
 2020-07-08 16:51:17 -07:00
Brad Fitzpatrick
c9089c82e8 control/controlclient, tailcfg: turn active route discovery on by default 
Updates #483
 2020-07-03 13:55:33 -07:00
Brad Fitzpatrick
57e8931160 control/controlclient: fix copy/paste-o in debug knob accessor 
Introduced in a975e86bb8.

Only affected TS_DEBUG_* env users.
 2020-07-02 10:51:23 -07:00
Brad Fitzpatrick
6233fd7ac3 control/controlclient: don't truncate AuthURL in log 
It's useful to copy/paste directly from there, without using tailscale up.
If it's truncated for some specific reason, it doesn't say why.
 2020-07-02 09:45:08 -07:00
Brad Fitzpatrick
a975e86bb8 wgengine/magicsock: add new endpoint type used for discovery-supporting peers 
This adds a new magicsock endpoint type only used when both sides
support discovery (that is, are advertising a discovery
key). Otherwise the old code is used.

So far the new code only communicates over DERP as proof that the new
code paths are wired up. None of the actually discovery messaging is
implemented yet.

Support for discovery (generating and advertising a key) are still
behind an environment variable for now.

Updates #483
 2020-06-29 13:59:54 -07:00
Brad Fitzpatrick
72bfea2ece control/controlclient: remove IPv6 opt-out environment variable 
It was temporary and 3 months has elapsed without problems.
 2020-06-29 09:03:00 -07:00
Brad Fitzpatrick
b8edb7a5e9 control/controlclient: add Debug field to NetworkMap 
As part of disabling background STUN packets when idle, we want an
emergency override switch to turn it back on, in case it interacts
poorly in the wild. We'll send that via control, but we'll want to
plumb it down to magicsock via NetworkMap.

Updates tailscale/corp#320

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-06-25 19:14:24 -07:00
Brad Fitzpatrick
53fb25fc2f all: generate discovery key, plumb it around 
Not actually used yet.

Updates #483
 2020-06-19 12:12:00 -07:00
Dmytro Shynkevych
c12d87c54b Fix concurrency issues in controlclient, ipn, types/logger (#456) 
Signed-Off-By: Dmytro Shynkevych <dmytro@tailscale.com>
 2020-06-15 19:04:12 -04:00
Brad Fitzpatrick
8edcab04d5 log/logheap: change to POST to a URL instead of logging 
It's too big to log.
 2020-06-12 10:13:08 -07:00
Brad Fitzpatrick
24009241bf net/netns: move SOCKS dialing to netns for now 
This lets control & logs also use SOCKS dials.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-06-01 11:00:03 -07:00
David Anderson
03682cb271 control/controlclient: use netns package to dial connections. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-05-29 00:06:08 +00:00
Brad Fitzpatrick
f0204098d8 Revert "control/controlclient: use "getprop net.hostname" for Android hostname" 
This reverts commit afb9c6a6ab.

Doesn't work. See:

    https://github.com/tailscale/tailscale/issues/409#issuecomment-635241550

Looks pretty dire:

    https://medium.com/capital-one-tech/how-to-get-an-android-device-nickname-d5eab12f4ced

Updates #409
 2020-05-28 10:50:11 -07:00
Brad Fitzpatrick
afb9c6a6ab control/controlclient: use "getprop net.hostname" for Android hostname 
Updates #409
 2020-05-27 12:50:41 -07:00
Brad Fitzpatrick
703d789005 tailcfg: add MapResponse.Debug mechanism to trigger logging heap pprof 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-05-25 15:22:13 -07:00
Brad Fitzpatrick
e6b84f2159 all: make client use server-provided DERP map, add DERP region support 
Instead of hard-coding the DERP map (except for cmd/tailscale netcheck
for now), get it from the control server at runtime.

And make the DERP map support multiple nodes per region with clients
picking the first one that's available. (The server will balance the
order presented to clients for load balancing)

This deletes the stunner package, merging it into the netcheck package
instead, to minimize all the config hooks that would've been
required.

Also fix some test flakes & races.

Fixes #387 (Don't hard-code the DERP map)
Updates #388 (Add DERP region support)
Fixes #399 (wgengine: flaky tests)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-05-23 22:31:59 -07:00
Avery Pennarun
c5fcc38bf1 controlclient tests: fix more memory leaks and add resource checking. 
I can now run these tests with -count=1000 without running out of RAM.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
 2020-05-20 11:23:26 -04:00
Avery Pennarun
d03de31404 controlclient/direct: fix a race condition accessing auth keys. 
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
 2020-05-19 03:02:09 -04:00
Brad Fitzpatrick
fefd7e10dc types/structs: add structs.Incomparable annotation, use it where applicable 
Shotizam before and output queries:

sqlite> select sum(size) from bin where func like 'type..%';
129067
=>
120216
 2020-05-03 14:05:32 -07:00
Avery Pennarun
65fbb9c303 wgengine/filter: support subnet mask rules, not just /32 IPs. 
This depends on improved support from the control server, to send the
new subnet width (Bits) fields. If these are missing, we fall back to
assuming their value is /32.

Conversely, if the server sends Bits fields to an older client, it will
interpret them as /32 addresses. Since the only rules we allow are
"accept" rules, this will be narrower or equal to the intended rule, so
older clients will simply reject hosts on the wider subnet (fail
closed).

With this change, the internal filter.Matches format has diverged
from the wire format used by controlclient, so move the wire format
into tailcfg and convert it to filter.Matches in controlclient.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
 2020-04-30 04:56:43 -04:00
Brad Fitzpatrick
a464439658 control/controlclient: fix build break caused by overzealous gitting 2020-04-27 08:18:35 -07:00
Brad Fitzpatrick
172d72a060 Revert "net/tlsdial: add memory-optimized TLS cert verification path for iOS" 
This reverts commit 6fcbd4c4d4.

Decided to put it in tailscale/go's crypto/x509 instead.
 2020-04-27 08:13:37 -07:00
Brad Fitzpatrick
eb6de2bd88 control/controlclient: restore Options.HTTPC as Options.HTTPTestClient 
I removed the HTTPC field in b6fa5a69be but it was apparently still
used in [oss-skipped] tests.

Restore it, but name it so it's more obvious that it's only for
tests. (It currently is, and I'd like to keep it like that for now.)
 2020-04-26 07:48:26 -07:00
Brad Fitzpatrick
6fcbd4c4d4 net/tlsdial: add memory-optimized TLS cert verification path for iOS 
Behind a build tag for now.
 2020-04-25 13:55:51 -07:00
Brad Fitzpatrick
b6fa5a69be net/tlsdial: add package for TLS dials, and make DERP & controlclient use it 
This will do the iOS-optimized cert checking in a following change.
 2020-04-25 13:24:53 -07:00
Brad Fitzpatrick
0a50ecbad3 control/controlclient: add missing vlog, for consistency with other sites 2020-04-21 15:36:46 -07:00
Brad Fitzpatrick
b8594dc937 control/controlclient: fix deadlock in timeout+keepalive race 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-04-21 15:22:58 -07:00
Brad Fitzpatrick
347a926ac4 control/controlclient: add opt-in netmap verbose debugging env var 2020-04-11 09:22:33 -07:00
Brad Fitzpatrick
45f2b53aca all: remove unnecessary trailing newlines in format patterns for consistency 
And document on logger.Logf that it's unnecessary.
 2020-04-11 08:35:34 -07:00
David Crawshaw
3f087466f5 controlclient: add auth key 
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
 2020-04-09 20:17:09 +10:00
David Crawshaw
2f8719741e controlclient: do not send duplicate hostinfo/netinfo 
This should never happen, so log when it does so we can fix it.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
 2020-04-02 13:12:29 +11:00
Brad Fitzpatrick
4524dcf51e version: move runtime.OS to tailscale OS mapping func to version 
So other code can use this without duplicating the policy.
 2020-04-01 08:50:56 -07:00
Brad Fitzpatrick
8b3f6be008 control/controlclient: flip IPv6 to be on by default 
The DEBUG_INCLUDE_IPV6 environment variable is now an opt-out.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-03-26 22:02:56 -07:00