Commit Graph

487 Commits (main)

Author SHA1 Message Date
Brad Fitzpatrick 23e74a0f7a wgengine, magicsock, tstun: don't regularly STUN when idle (mobile only for now)
If there's been 5 minutes of inactivity, stop doing STUN lookups. That
means NAT mappings will expire, but they can resume later when there's
activity again.

We'll do this for all platforms later.

Updates tailscale/corp#320

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 53fb25fc2f all: generate discovery key, plumb it around
Not actually used yet.

Updates #483
4 years ago
Brad Fitzpatrick 88c305c8af tailcfg: add DiscoKey, unify some code, add some tests
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 8edcab04d5 log/logheap: change to POST to a URL instead of logging
It's too big to log.
5 years ago
Brad Fitzpatrick 51f421946f tailcfg: add some example strings in comments 5 years ago
Brad Fitzpatrick 096d7a50ff tailcfg: remove unused, unimplemented DERPNode.CertFingerprint for now 5 years ago
Brad Fitzpatrick 703d789005 tailcfg: add MapResponse.Debug mechanism to trigger logging heap pprof
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick e6b84f2159 all: make client use server-provided DERP map, add DERP region support
Instead of hard-coding the DERP map (except for cmd/tailscale netcheck
for now), get it from the control server at runtime.

And make the DERP map support multiple nodes per region with clients
picking the first one that's available. (The server will balance the
order presented to clients for load balancing)

This deletes the stunner package, merging it into the netcheck package
instead, to minimize all the config hooks that would've been
required.

Also fix some test flakes & races.

Fixes #387 (Don't hard-code the DERP map)
Updates #388 (Add DERP region support)
Fixes #399 (wgengine: flaky tests)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Wendi Yu bb55694c95
wgengine: log node IDs when peers are added/removed (#381)
Also stop logging data sent/received from nodes we're not connected to (ie all those `x`s being logged in the `peers: ` line)
Signed-off-by: Wendi <wendi.yu@yahoo.ca>
5 years ago
Brad Fitzpatrick cff53c6e6d tailcfg: add DERP map structures
Updates #387
Updates #388

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick fefd7e10dc types/structs: add structs.Incomparable annotation, use it where applicable
Shotizam before and output queries:

sqlite> select sum(size) from bin where func like 'type..%';
129067
=>
120216
5 years ago
Avery Pennarun 9d1f48032a cmd/tailscale: add --advertise-tags option.
These will be used for dynamically changing the identity of a node, so
its ACL rights can be different from your own.

Note: Not all implemented yet on the server side, but we need this so
we can request the tagged rights in the first place.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
5 years ago
Avery Pennarun 65fbb9c303 wgengine/filter: support subnet mask rules, not just /32 IPs.
This depends on improved support from the control server, to send the
new subnet width (Bits) fields. If these are missing, we fall back to
assuming their value is /32.

Conversely, if the server sends Bits fields to an older client, it will
interpret them as /32 addresses. Since the only rules we allow are
"accept" rules, this will be narrower or equal to the intended rule, so
older clients will simply reject hosts on the wider subnet (fail
closed).

With this change, the internal filter.Matches format has diverged
from the wire format used by controlclient, so move the wire format
into tailcfg and convert it to filter.Matches in controlclient.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
5 years ago
David Crawshaw 22a0acff39 tailcfg: add auth key to RegisterRequest
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
Brad Fitzpatrick c6aa5b639f tailcfg: clarify Hostinfo.OS doc 5 years ago
David Crawshaw e60b433831 tailcfg: NetInfo.String: handle nil object without panicing
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
Brad Fitzpatrick f9cc4e8f53 tailcfg: restore MapRequest.IncludeIPv6 bool
Partially restores 0be475ba46
5 years ago
David Anderson 0be475ba46 Revert "tailcfg, controlclient, magicsock: request IPv6 endpoints, but ignore them"
Breaks something deep in wireguard or magicsock's brainstem, no packets at all
can flow. All received packets fail decryption with "invalid mac1".

This reverts commit 94024355ed.

Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
Brad Fitzpatrick 94024355ed tailcfg, controlclient, magicsock: request IPv6 endpoints, but ignore them
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick b1d5548fa7 tailcfg: make NodeKey.IsZero have a value receiver 5 years ago
Brad Fitzpatrick 073bb8de80 control/controlclient: don't use Node as value type 5 years ago
David Crawshaw 73cae4eb11 tailcfg, controlclient: standardize on wgcfg ShortString key printing
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
Brad Fitzpatrick e085aec8ef all: update to wireguard-go API changes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
David Crawshaw 290f83e9f6 tailcfg: fix test
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Crawshaw 7a57ab1793 tailcfg: add a per-peer KeepAlive field 5 years ago
Avery Pennarun 7dd63abaed tailcfg.NetInfo: add a .String() renderer.
For pretty printing purposes in logs.
5 years ago
Brad Fitzpatrick b27d4c017a magicsock, wgengine, ipn, controlclient: plumb regular netchecks to map poll
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
David Crawshaw 61529ac459 controlclient, tailcfg: deliver DERP addresses in a separate field
We still include them directly in the controlclient network map
just where we have been. Client plumbing we can do later.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
Brad Fitzpatrick bcf3719b9e netcheck: add hairpinning detection
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 25797c8c2a all: rename deep "Copy" methods to conventional Go name "Clone" 5 years ago
Brad Fitzpatrick 14559340ee Start of netcheck package & including network state in Hostinfo.
* adds new packet "netcheck" to do the checking of UDP, IPv6, and
  nearest DERP server, and the Report type for all that (and more
  in the future, probably pulling in danderson's natprobe)
* new tailcfg.NetInfo type
* cmd/tailscale netcheck subcommand (tentative name, likely to
  change/move) to print out the netcheck.Report.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick d8de11a01b control: make Hostinfo accessed by pointer
Fix potential races in copying aliased slices by value.

Also few little doc updates.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
David Crawshaw a23a0d9c9f tailcfg: add RegisterRequest.Copy
Add some docs while I'm here.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Anderson 47da432991 ipn: handle advertised routes provided by frontend.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
Brad Fitzpatrick 769e25e37b derp: use new types/key package
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
wardn 09fbae01a9 tailcfg: don't panic on node equal check
Signed-off-by: wardn <wardn@users.noreply.github.com>
5 years ago
Earl Lee a8d8b8719a Move Linux client & common packages into a public repo. 5 years ago