a5da4ed981
all: gofmt with Go 1.17
...
This adds "//go:build" lines and tidies up existing "// +build" lines.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com >
2021-08-05 15:54:00 -07:00
10f48087f4
net/tshttpproxy: call winhttp calls from a fixed OS thread
...
We often see things in logs like:
2021-03-02 17:52:45.2456258 +0800 +0800: winhttp: Open: The parameter is incorrect.
2021-03-02 17:52:45.2506261 +0800 +0800: tshttpproxy: winhttp: GetProxyForURL("https://log.tailscale.io/c/tailnode.log.tailscale.io/5037bb42f4bc330e2d6143e191a7ff7e837c6be538139231de69a439536e0d68 "): ERROR_INVALID_PARAMETER [unexpected]
I have a hunch that WinHTTP has thread-local state. If so, this would fix it.
If not, this is pretty harmless.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-03 19:16:04 -08:00
6a2c6541da
net/tshttpproxy: support HTTP proxy environment credentials on Windows too
...
and some minor style nits.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-02-18 08:27:37 -08:00
3e5c3e932c
net/tshttpproxy: support basic auth when available ( #1354 )
...
This allows proxy URLs such as:
http://azurediamond:hunter2@192.168.122.154:38274
to be used in order to dial out to control, logs or derp servers.
Signed-off-by: Christine Dodrill <xe@tailscale.com >
2021-02-17 16:01:47 -05:00
1036f51a56
net/tshttpproxy: aggressively rate-limit error logs in Transport.Proxy path
...
Otherwise log upload HTTP requests generate proxy errrors which
generate logs which generate HTTP requests which generate proxy
errors which generate more logs, etc.
Fixes #879
2020-11-03 09:23:57 -08:00
963b927d5b
net/tshttpproxy: appease staticcheck
2020-09-21 15:01:30 -07:00
5bcac4eaac
net/tshttpproxy: add GetProxyForURL negative cache
...
Otherwise when PAC server is down, we log, and each log entry is a new
HTTP request (from logtail) and a new GetProxyForURL call, which again
logs, non-stop. This is also nicer to the WinHTTP service.
Then also hook up link change notifications to the cache to reset it
if there's a chance the network might work sooner.
2020-09-21 14:05:28 -07:00
9c25968b63
net/tshttpproxy: fix typo in Windows code added at least second
...
I ran tests & vet & staticcheck, but for Linux, not Windows.
(#728 would be nice)
2020-09-02 21:25:38 -07:00
b026a638c7
net/tshttpproxy: if winhttp.GetProxyForURL blocks too long, use previous value
...
We currently have a chickend-and-egg situation in some environments
where we can set up routes that WinHTTP's WPAD/PAC resolution service
needs to download the PAC file to evaluate GetProxyForURL, but the PAC
file is behind a route for which we need to call GetProxyForURL to
e.g. dial a DERP server.
As a short-term fix, just assume that the most recently returned proxy
is good enough for such situations.
2020-09-02 21:15:36 -07:00
74ee374667
net/tshttpproxy: add more winhttp logging
...
Notably around duration of calls.
2020-08-28 21:37:49 -07:00
1e0be5a458
tshttp, derphttp: send Proxy-Authorization, not Authorization, to proxies
...
Whoops. But weirdly, sending Authorization sometimes worked?
2020-08-28 21:01:00 -07:00
2bac125cad
net/tshttpproxy: move the TS_DEBUG_FAKE_PROXY_AUTH knob up a level
2020-08-27 08:17:57 -07:00
28f9cd06f5
tshttpproxy, controlclient, derphttp, logpolicy: send Negotiate auth to proxies
...
For Windows only, and only when built with Tailscale's Go tree.
Updates tailscale/corp#583
2020-08-26 20:08:05 -07:00
f915ab6552
net/tshttpproxy: add start of Kerberos Negotiate auth to proxies on Windows
...
For now only used by a new cmd/tailscale debug --get-url
subcommand. Not yet wired up to the places making HTTP requests.
Updates tailscale/corp#583
2020-08-25 13:49:06 -07:00
9be1917c5b
net/tshttpproxy: discard secondary Windows proxies for now
2020-08-24 09:21:33 -07:00
c5eb57f4d6
net/tshttpproxy: new package, support WPAD/PAC proxies on Windows
...
Updates tailscale/corp#553
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2020-08-18 15:40:56 -07:00
