tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	08f94b3b50	net/netcheck: fix offset of unspecified address in PCP request packet Fixes #810	4 years ago
Brad Fitzpatrick	05e5233e07	net/netcheck: don't send flood of PCP unmap requests to router Updates #810	4 years ago
Josh Bleecher Snyder	1ebbaaaebb	net/interfaces: make syscall and netstat agree when multiple gateways are present likelyHomeRouterIPDarwinSyscall iterates through the list of routes, looking for a private gateway, returning the first one it finds. likelyHomeRouterIPDarwinExec does the same thing, except that it returns the last one it finds. As a result, when there are multiple gateways, TestLikelyHomeRouterIPSyscallExec fails. (At least, I think that that is what is happening; I am going inferring from observed behavior.) Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	5d96ecd5e6	net/netstat: remove a bit more unsafe Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
David Anderson	3c508a58cc	wgengine/filter: don't filter GCP DNS. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	7a01cd27ca	net/netstat: remove some unsafe Just removing any unnecessary unsafe while auditing unsafe usage for #921.	4 years ago
Brad Fitzpatrick	45d96788b5	net/netns: remove use of unsafe on Windows Found while auditing unsafe for #921 via the list at: https://github.com/tailscale/tailscale/issues/921#issuecomment-727365383 No need for unsafe here, so remove it.	4 years ago
Josh Bleecher Snyder	b0526e8284	net/packet: remove unnecessary mark There's no need to mask out the bottom four bits of b[0] if we are about to shift them away.	4 years ago
Josh Bleecher Snyder	efad55cf86	net/packet: speed up packet decoding The compiler is failing to draw the connection between slice cap and slice len, so is missing some obvious BCE opportunities. Give it a hint by making the cap equal to the length. The generated code is smaller and cleaner, and a bit faster. name old time/op new time/op delta Decode/tcp4-8 12.2ns ± 1% 11.6ns ± 3% -5.31% (p=0.000 n=28+29) Decode/tcp6-8 12.5ns ± 2% 11.9ns ± 2% -4.84% (p=0.000 n=30+30) Decode/udp4-8 11.5ns ± 1% 11.1ns ± 1% -3.11% (p=0.000 n=25+24) Decode/udp6-8 11.8ns ± 3% 11.4ns ± 1% -3.08% (p=0.000 n=30+26) Decode/icmp4-8 11.0ns ± 3% 10.6ns ± 1% -3.38% (p=0.000 n=25+30) Decode/icmp6-8 11.4ns ± 1% 11.1ns ± 2% -2.29% (p=0.000 n=27+30) Decode/igmp-8 10.3ns ± 0% 10.0ns ± 1% -3.26% (p=0.000 n=19+23) Decode/unknown-8 8.68ns ± 1% 8.38ns ± 1% -3.55% (p=0.000 n=28+29)	4 years ago
David Anderson	2d604b3791	net/packet: represent IP6 as two uint64s. For the operations we perform on these types (mostly net6.Contains), this encoding is much faster. Part of #19. name old time/op new time/op delta Filter/icmp4-8 27.5ns ± 1% 28.0ns ± 2% +1.89% (p=0.016 n=5+5) Filter/tcp4_syn_in-8 38.8ns ± 2% 38.3ns ± 1% -1.24% (p=0.024 n=5+5) Filter/tcp4_syn_out-8 27.6ns ±12% 24.6ns ± 1% ~ (p=0.063 n=5+5) Filter/udp4_in-8 71.5ns ± 5% 65.9ns ± 1% -7.94% (p=0.008 n=5+5) Filter/udp4_out-8 132ns ±13% 119ns ± 1% -10.29% (p=0.008 n=5+5) Filter/icmp6-8 169ns ±10% 54ns ± 1% -68.35% (p=0.008 n=5+5) Filter/tcp6_syn_in-8 149ns ± 6% 43ns ± 1% -71.11% (p=0.008 n=5+5) Filter/tcp6_syn_out-8 37.7ns ± 4% 24.3ns ± 3% -35.51% (p=0.008 n=5+5) Filter/udp6_in-8 179ns ± 5% 103ns ± 1% -42.75% (p=0.008 n=5+5) Filter/udp6_out-8 156ns ± 3% 191ns ± 1% +22.54% (p=0.008 n=5+5) Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	04ff3c91ee	wgengine/filter: add full IPv6 support. Part of #19. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	a2d78b4d3e	net/dnscache, control/controlclient: use DNS cache when dialing control Cache DNS results of earlier login.tailscale.com control dials, and use them for future dials if DNS is slow or broken. Fixes various issues with trickier setups with the domain's DNS server behind a subnet router. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	97e82c6cc0	net/netcheck: remove unused DNSCache from netcheck It's easy to add back later if/when the TODO is implemented.	4 years ago
Brad Fitzpatrick	19b0cfe89e	all: prepare for GOOS=ios in Go 1.16 Work with either way for now on iOS (darwin/arm64 vs ios/arm64). In February when Go 1.16 comes out we'll have a universal binary for darwin/arm64 (macOS) and will drop support for Go 1.15 and its darwin/amd64 meaning iOS. (it'll mean macOS). Context: * https://tip.golang.org/doc/go1.16#darwin * https://github.com/golang/go/issues/38485 * https://github.com/golang/go/issues/42100	4 years ago
David Anderson	a38e28da07	net/packet: documentation pass. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	c2cc3acbaf	net/packet: remove NewIP, offer only a netaddr constructor. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	d7ee3096dd	net/packet: documentation cleanups. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	9ef39af2f2	net/packet: fix panic on invalid IHL field. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	22bf48f37c	net/packet: remove {get,put}{16,32} indirection to encoding/binary. name old time/op new time/op delta Decode/tcp4-8 28.8ns ± 2% 13.1ns ± 4% -54.44% (p=0.008 n=5+5) Decode/tcp6-8 20.6ns ± 1% 12.6ns ± 2% -38.72% (p=0.008 n=5+5) Decode/udp4-8 28.2ns ± 1% 12.1ns ± 4% -57.01% (p=0.008 n=5+5) Decode/udp6-8 20.0ns ± 6% 12.1ns ± 2% -39.38% (p=0.008 n=5+5) Decode/icmp4-8 21.7ns ± 2% 11.5ns ± 1% -47.01% (p=0.008 n=5+5) Decode/icmp6-8 14.1ns ± 2% 11.8ns ± 4% -16.60% (p=0.008 n=5+5) Decode/unknown-8 9.43ns ± 2% 9.30ns ± 3% ~ (p=0.222 n=5+5) Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	55b1221db2	net/packet: support full IPv6 decoding. The packet filter still rejects all IPv6, but decodes enough from v6 packets to do something smarter in a followup. name time/op Decode/tcp4-8 28.8ns ± 2% Decode/tcp6-8 20.6ns ± 1% Decode/udp4-8 28.2ns ± 1% Decode/udp6-8 20.0ns ± 6% Decode/icmp4-8 21.7ns ± 2% Decode/icmp6-8 14.1ns ± 2% Decode/unknown-8 9.43ns ± 2% Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	89894c6930	net/packet: add IPv6 source and destination IPs to Parsed. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	d192bd0f86	net/interfaces: ignore bogus proxy URLs from winhttp [windows] Updates tailscale/corp#853	4 years ago
David Anderson	6e52633c53	net/packet: record allocations in benchmark.	4 years ago
David Anderson	093431f5dd	net/packet: s/ParsedPacket/Parsed/ to avoid package stuttering. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	427bf2134f	net/packet: rename from wgengine/packet. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	1036f51a56	net/tshttpproxy: aggressively rate-limit error logs in Transport.Proxy path Otherwise log upload HTTP requests generate proxy errrors which generate logs which generate HTTP requests which generate proxy errors which generate more logs, etc. Fixes #879	4 years ago
Brad Fitzpatrick	7ac91c15bd	net/netcheck: fix tests on Windows Updates #50	4 years ago
Brad Fitzpatrick	fd2a30cd32	wgengine/magicsock: make test pass on Windows and without firewall dialog box Updates #50	4 years ago
David Anderson	5c35c35e7f	tsaddr: add helpers for the Tailscale IPv6 range, and 4to6 conversion. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	551e1e99e9	net/netns: don't bind to device for localhost connections Fixes derphttp test failures on Windows (for #50).	4 years ago
Alex Brainman	f2ce64f0c6	wgengine/router: unfork winipcfg-go package, use upstream Use golang.zx2c4.com/wireguard/windows/tunnel/winipcfg instead of github.com/tailscale/winipcfg-go package. Updates #760 Signed-off-by: Alex Brainman <alex.brainman@gmail.com>	4 years ago
Brad Fitzpatrick	6ee219a25d	ipn, wgengine, magicsock, tsdns: be quieter and less aggressive when offline If no interfaces are up, calm down and stop spamming so much. It was noticed as especially bad on Windows, but probably was bad everywhere. I just have the best network conditions testing on a Windows VM. Updates #604	4 years ago
Brad Fitzpatrick	587bdc4280	ipn, wgengine: disable subnet routes if network has PAC configuration Not configurable yet. Updates tailscale/corp#653 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	ed5d5f920f	net/interfaces: add interfaces.State.String method	4 years ago
Brad Fitzpatrick	cab3eb995f	net/interfaces: quiet PAC detection logging in no-PAC case, add benchmark	4 years ago
Brad Fitzpatrick	8051ecff55	net/interfaces: add State.PAC field, populate it on Windows Not used for anything yet (except logging), but populate the current proxy autoconfig PAC URL in Interfaces.State. A future change will do things based on it.	4 years ago
Brad Fitzpatrick	8893c2ee78	net/interfaces, net/netns: move default route interface code to interfaces To populate interfaces.State.DefaultRouteInterface. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	fda9dc8815	net/netns: document Windows socket binding a bit more Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	963b927d5b	net/tshttpproxy: appease staticcheck	4 years ago
Brad Fitzpatrick	5bcac4eaac	net/tshttpproxy: add GetProxyForURL negative cache Otherwise when PAC server is down, we log, and each log entry is a new HTTP request (from logtail) and a new GetProxyForURL call, which again logs, non-stop. This is also nicer to the WinHTTP service. Then also hook up link change notifications to the cache to reset it if there's a chance the network might work sooner.	4 years ago
David Anderson	8f5b52e571	net/netns: add windows support. Also remove rebinding logic from the windows router. Magicsock will instead rebind based on link change signals. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	40e12c17ec	net/netcheck: remove mistaken double Mutex.Unlock in error path Thanks to @dotaheor for noticing. Fixes #751	4 years ago
Brad Fitzpatrick	f65eb4e5c1	net/netstat: start of new netstat package, with Windows for now This will be used in a future change to do localhost connection authentication. This lets us quickly map a localhost TCP connection to a PID. (A future change will then map a pid to a user) TODO: pull portlist's netstat code into this package. Then portlist will be fast on Windows without requiring shelling out to netstat.exe.	4 years ago
Brad Fitzpatrick	9c25968b63	net/tshttpproxy: fix typo in Windows code added at least second I ran tests & vet & staticcheck, but for Linux, not Windows. (#728 would be nice)	4 years ago
Brad Fitzpatrick	b026a638c7	net/tshttpproxy: if winhttp.GetProxyForURL blocks too long, use previous value We currently have a chickend-and-egg situation in some environments where we can set up routes that WinHTTP's WPAD/PAC resolution service needs to download the PAC file to evaluate GetProxyForURL, but the PAC file is behind a route for which we need to call GetProxyForURL to e.g. dial a DERP server. As a short-term fix, just assume that the most recently returned proxy is good enough for such situations.	4 years ago
Brad Fitzpatrick	74ee374667	net/tshttpproxy: add more winhttp logging Notably around duration of calls.	4 years ago
Brad Fitzpatrick	1e0be5a458	tshttp, derphttp: send Proxy-Authorization, not Authorization, to proxies Whoops. But weirdly, sending Authorization sometimes worked?	4 years ago
Brad Fitzpatrick	2bac125cad	net/tshttpproxy: move the TS_DEBUG_FAKE_PROXY_AUTH knob up a level	4 years ago
Brad Fitzpatrick	28f9cd06f5	tshttpproxy, controlclient, derphttp, logpolicy: send Negotiate auth to proxies For Windows only, and only when built with Tailscale's Go tree. Updates tailscale/corp#583	4 years ago
Brad Fitzpatrick	f915ab6552	net/tshttpproxy: add start of Kerberos Negotiate auth to proxies on Windows For now only used by a new cmd/tailscale debug --get-url subcommand. Not yet wired up to the places making HTTP requests. Updates tailscale/corp#583	4 years ago

1 2 3

115 Commits (bradfitz/expiry_spin)