diff --git a/cmd/tailscale/depaware.txt b/cmd/tailscale/depaware.txt index f814c8cf1..16ac6c224 100644 --- a/cmd/tailscale/depaware.txt +++ b/cmd/tailscale/depaware.txt @@ -37,7 +37,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep tailscale.com from tailscale.com/version tailscale.com/atomicfile from tailscale.com/ipn+ tailscale.com/client/tailscale from tailscale.com/cmd/tailscale/cli+ - tailscale.com/client/tailscale/apitype from tailscale.com/client/tailscale+ + tailscale.com/client/tailscale/apitype from tailscale.com/cmd/tailscale/cli+ tailscale.com/cmd/tailscale/cli from tailscale.com/cmd/tailscale tailscale.com/control/controlknobs from tailscale.com/net/portmapper tailscale.com/derp from tailscale.com/derp/derphttp @@ -82,6 +82,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep tailscale.com/types/structs from tailscale.com/ipn+ tailscale.com/types/views from tailscale.com/tailcfg+ tailscale.com/util/clientmetric from tailscale.com/net/netcheck+ + W tailscale.com/util/cmpver from tailscale.com/net/tshttpproxy tailscale.com/util/dnsname from tailscale.com/cmd/tailscale/cli+ W tailscale.com/util/endian from tailscale.com/net/netns tailscale.com/util/groupmember from tailscale.com/cmd/tailscale/cli diff --git a/cmd/tailscaled/depaware.txt b/cmd/tailscaled/depaware.txt index 2d6578031..d8142048d 100644 --- a/cmd/tailscaled/depaware.txt +++ b/cmd/tailscaled/depaware.txt @@ -73,7 +73,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de L github.com/insomniacslk/dhcp/rfc1035label from github.com/insomniacslk/dhcp/dhcpv4 L github.com/jmespath/go-jmespath from github.com/aws/aws-sdk-go-v2/service/ssm L github.com/josharian/native from github.com/mdlayher/netlink+ - L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/wgengine/monitor+ + L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces+ L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink github.com/klauspost/compress from github.com/klauspost/compress/zstd L github.com/klauspost/compress/flate from nhooyr.io/websocket @@ -172,7 +172,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/client/tailscale/apitype from tailscale.com/client/tailscale+ tailscale.com/cmd/tailscaled/childproc from tailscale.com/cmd/tailscaled+ tailscale.com/control/controlbase from tailscale.com/control/controlclient+ - tailscale.com/control/controlclient from tailscale.com/ipn/ipnlocal+ + tailscale.com/control/controlclient from tailscale.com/cmd/tailscaled+ tailscale.com/control/controlhttp from tailscale.com/control/controlclient tailscale.com/control/controlknobs from tailscale.com/control/controlclient+ tailscale.com/derp from tailscale.com/derp/derphttp+ @@ -196,19 +196,19 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/log/filelogger from tailscale.com/logpolicy tailscale.com/log/logheap from tailscale.com/control/controlclient tailscale.com/logpolicy from tailscale.com/cmd/tailscaled+ - tailscale.com/logtail from tailscale.com/logpolicy+ + tailscale.com/logtail from tailscale.com/cmd/tailscaled+ tailscale.com/logtail/backoff from tailscale.com/cmd/tailscaled+ tailscale.com/logtail/filch from tailscale.com/logpolicy 💣 tailscale.com/metrics from tailscale.com/derp+ tailscale.com/net/dns from tailscale.com/cmd/tailscaled+ tailscale.com/net/dns/resolvconffile from tailscale.com/net/dns+ - tailscale.com/net/dns/resolver from tailscale.com/net/dns+ + tailscale.com/net/dns/resolver from tailscale.com/ipn/ipnlocal+ tailscale.com/net/dnscache from tailscale.com/control/controlclient+ tailscale.com/net/dnsfallback from tailscale.com/control/controlclient+ tailscale.com/net/flowtrack from tailscale.com/net/packet+ 💣 tailscale.com/net/interfaces from tailscale.com/cmd/tailscaled+ tailscale.com/net/netcheck from tailscale.com/wgengine/magicsock - tailscale.com/net/neterror from tailscale.com/net/netcheck+ + tailscale.com/net/neterror from tailscale.com/net/dns/resolver+ tailscale.com/net/netknob from tailscale.com/logpolicy+ tailscale.com/net/netns from tailscale.com/cmd/tailscaled+ 💣 tailscale.com/net/netstat from tailscale.com/ipn/ipnserver @@ -219,7 +219,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/net/socks5 from tailscale.com/cmd/tailscaled tailscale.com/net/stun from tailscale.com/net/netcheck+ tailscale.com/net/tlsdial from tailscale.com/control/controlclient+ - tailscale.com/net/tsaddr from tailscale.com/ipn/ipnlocal+ + tailscale.com/net/tsaddr from tailscale.com/ipn+ tailscale.com/net/tsdial from tailscale.com/cmd/tailscaled+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/cmd/tailscaled+ tailscale.com/net/tstun from tailscale.com/cmd/tailscaled+ @@ -248,9 +248,9 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/types/persist from tailscale.com/control/controlclient+ tailscale.com/types/preftype from tailscale.com/ipn+ tailscale.com/types/structs from tailscale.com/control/controlclient+ - tailscale.com/types/views from tailscale.com/tailcfg+ - tailscale.com/util/clientmetric from tailscale.com/ipn/localapi+ - L tailscale.com/util/cmpver from tailscale.com/net/dns + tailscale.com/types/views from tailscale.com/ipn/ipnlocal+ + tailscale.com/util/clientmetric from tailscale.com/cmd/tailscaled+ + LW tailscale.com/util/cmpver from tailscale.com/net/dns+ 💣 tailscale.com/util/deephash from tailscale.com/ipn/ipnlocal+ tailscale.com/util/dnsname from tailscale.com/hostinfo+ LW tailscale.com/util/endian from tailscale.com/net/dns+ @@ -270,7 +270,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de W tailscale.com/wf from tailscale.com/cmd/tailscaled tailscale.com/wgengine from tailscale.com/cmd/tailscaled+ tailscale.com/wgengine/filter from tailscale.com/control/controlclient+ - tailscale.com/wgengine/magicsock from tailscale.com/wgengine+ + tailscale.com/wgengine/magicsock from tailscale.com/ipn/ipnlocal+ tailscale.com/wgengine/monitor from tailscale.com/cmd/tailscaled+ tailscale.com/wgengine/netstack from tailscale.com/cmd/tailscaled tailscale.com/wgengine/router from tailscale.com/cmd/tailscaled+ @@ -294,20 +294,20 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de golang.org/x/crypto/poly1305 from golang.zx2c4.com/wireguard/device golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+ LD golang.org/x/crypto/ssh from github.com/tailscale/ssh+ - golang.org/x/net/bpf from github.com/mdlayher/netlink+ + golang.org/x/net/bpf from github.com/mdlayher/genetlink+ golang.org/x/net/dns/dnsmessage from net+ - golang.org/x/net/http/httpguts from net/http+ + golang.org/x/net/http/httpguts from golang.org/x/net/http2+ golang.org/x/net/http/httpproxy from net/http golang.org/x/net/http2 from golang.org/x/net/http2/h2c+ golang.org/x/net/http2/h2c from tailscale.com/ipn/ipnlocal - golang.org/x/net/http2/hpack from net/http+ + golang.org/x/net/http2/hpack from golang.org/x/net/http2+ golang.org/x/net/idna from golang.org/x/net/http/httpguts+ golang.org/x/net/ipv4 from golang.zx2c4.com/wireguard/device golang.org/x/net/ipv6 from golang.zx2c4.com/wireguard/device+ golang.org/x/net/proxy from tailscale.com/net/netns D golang.org/x/net/route from net+ - golang.org/x/sync/errgroup from github.com/tailscale/goupnp/httpu+ - golang.org/x/sync/singleflight from tailscale.com/net/dnscache+ + golang.org/x/sync/errgroup from github.com/mdlayher/socket+ + golang.org/x/sync/singleflight from tailscale.com/control/controlclient+ golang.org/x/sys/cpu from golang.org/x/crypto/blake2b+ LD golang.org/x/sys/unix from github.com/insomniacslk/dhcp/interfaces+ W golang.org/x/sys/windows from github.com/go-ole/go-ole+ @@ -323,7 +323,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de bufio from compress/flate+ bytes from bufio+ compress/flate from compress/gzip+ - compress/gzip from internal/profile+ + compress/gzip from golang.org/x/net/http2+ container/heap from gvisor.dev/gvisor/pkg/tcpip/transport/tcp container/list from crypto/tls+ context from crypto/tls+ @@ -344,10 +344,10 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de crypto/sha256 from crypto/tls+ crypto/sha512 from crypto/ecdsa+ crypto/subtle from crypto/aes+ - crypto/tls from github.com/tcnksm/go-httpstat+ + crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+ crypto/x509 from crypto/tls+ crypto/x509/pkix from crypto/x509+ - embed from tailscale.com/net/dns+ + embed from crypto/elliptic+ encoding from encoding/json+ encoding/asn1 from crypto/x509+ encoding/base64 from encoding/json+ @@ -355,7 +355,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de encoding/hex from crypto/x509+ encoding/json from expvar+ encoding/pem from crypto/tls+ - encoding/xml from github.com/tailscale/goupnp+ + encoding/xml from github.com/aws/aws-sdk-go-v2/aws/protocol/xml+ errors from bufio+ expvar from tailscale.com/derp+ flag from tailscale.com/cmd/tailscaled+ @@ -380,20 +380,20 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de net from crypto/tls+ net/http from expvar+ net/http/httptrace from github.com/tcnksm/go-httpstat+ - net/http/httputil from tailscale.com/cmd/tailscaled+ + net/http/httputil from github.com/aws/smithy-go/transport/http+ net/http/internal from net/http+ net/http/pprof from tailscale.com/cmd/tailscaled+ - net/netip from net+ - net/textproto from golang.org/x/net/http/httpguts+ + net/netip from golang.zx2c4.com/wireguard/conn+ + net/textproto from github.com/aws/aws-sdk-go-v2/aws/signer/v4+ net/url from crypto/x509+ os from crypto/rand+ - os/exec from github.com/coreos/go-iptables/iptables+ + os/exec from github.com/aws/aws-sdk-go-v2/credentials/processcreds+ os/signal from tailscale.com/cmd/tailscaled+ os/user from github.com/godbus/dbus/v5+ path from github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds+ path/filepath from crypto/x509+ reflect from crypto/x509+ - regexp from github.com/coreos/go-iptables/iptables+ + regexp from github.com/aws/aws-sdk-go-v2/internal/endpoints/v2+ regexp/syntax from regexp runtime/debug from github.com/klauspost/compress/zstd+ runtime/pprof from net/http/pprof+ diff --git a/net/tshttpproxy/tshttpproxy_windows.go b/net/tshttpproxy/tshttpproxy_windows.go index 5f68ba81e..d647f153b 100644 --- a/net/tshttpproxy/tshttpproxy_windows.go +++ b/net/tshttpproxy/tshttpproxy_windows.go @@ -14,13 +14,16 @@ import ( "runtime" "strings" "sync" + "sync/atomic" "syscall" "time" "unsafe" "github.com/alexbrainman/sspi/negotiate" "golang.org/x/sys/windows" + "tailscale.com/hostinfo" "tailscale.com/types/logger" + "tailscale.com/util/cmpver" ) var ( @@ -146,6 +149,7 @@ func proxyFromWinHTTP(ctx context.Context, urlStr string) (proxy *url.URL, err e var userAgent = windows.StringToUTF16Ptr("Tailscale") const ( + winHTTP_ACCESS_TYPE_DEFAULT_PROXY = 0 winHTTP_ACCESS_TYPE_AUTOMATIC_PROXY = 4 winHTTP_AUTOPROXY_ALLOW_AUTOCONFIG = 0x00000100 winHTTP_AUTOPROXY_AUTO_DETECT = 1 @@ -153,13 +157,34 @@ const ( winHTTP_AUTO_DETECT_TYPE_DNS_A = 0x00000002 ) +// Windows 8.1 is actually Windows 6.3 under the hood. Yay, marketing! +const win8dot1Ver = "6.3" + +// accessType is the flag we must pass to WinHttpOpen for proxy resolution +// depending on whether or not we're running Windows < 8.1 +var accessType atomic.Value // of uint32 + +func getAccessFlag() uint32 { + if flag, ok := accessType.Load().(uint32); ok { + return flag + } + var flag uint32 + if cmpver.Compare(hostinfo.GetOSVersion(), win8dot1Ver) < 0 { + flag = winHTTP_ACCESS_TYPE_DEFAULT_PROXY + } else { + flag = winHTTP_ACCESS_TYPE_AUTOMATIC_PROXY + } + accessType.Store(flag) + return flag +} + func winHTTPOpen() (winHTTPInternet, error) { if err := httpOpenProc.Find(); err != nil { return 0, err } r, _, err := httpOpenProc.Call( uintptr(unsafe.Pointer(userAgent)), - winHTTP_ACCESS_TYPE_AUTOMATIC_PROXY, + uintptr(getAccessFlag()), 0, /* WINHTTP_NO_PROXY_NAME */ 0, /* WINHTTP_NO_PROXY_BYPASS */ 0)