355 Commits (main)

Author	SHA1	Message	Date
Brad Fitzpatrick	b775a3799e	util/httpm, all: add a test to make sure httpm is used consistently ... Updates #cleanup Change-Id: I7dbf8a02de22fc6b317ab5e29cc97792dd75352c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Brad Fitzpatrick	5f5c9142cc	util/slicesx: add EqualSameNil, like slices.Equal but same nilness ... Then use it in tailcfg which had it duplicated a couple times. I think we have it a few other places too. And use slices.Equal in wgengine/router too. (found while looking for callers) Updates #cleanup Change-Id: If5350eee9b3ef071882a3db29a305081e4cd9d23 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Claire Wang	a56e58c244	util/syspolicy: add read boolean setting (#9592)	8 months ago
Chris Palmer	8833dc51f1	util/set: add some useful utility functions for Set (#9535) ... Also give each type of set its own file. Updates #cleanup Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	8 months ago
Claire Wang	32c0156311	util: add syspolicy package (#9550) ... Add a more generalized package for getting policies. Updates tailcale/corp#10967 Signed-off-by: Claire Wang <claire@tailscale.com> Co-authored-by: Adrian Dewhurst <adrian@tailscale.com>	8 months ago
James Tucker	2066f9fbb2	util/linuxfw: fix crash in DelSNATRule when no rules are found ... Appears to be a missing nil handling case. I looked back over other usage of findRule and the others all have nil guards. findRule returns nil when no rules are found matching the arguments. Fixes #9553 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Claire Wang	e3d6236606	winutil: refactor methods to get values from registry to also return (#9536) ... errors Updates tailscale/corp#14879 Signed-off-by: Claire Wang <claire@tailscale.com>	8 months ago
David Anderson	ed50f360db	util/lru: update c.head when deleting the most recently used entry ... Fixes tailscale/corp#14747 Signed-off-by: David Anderson <danderson@tailscale.com> Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: David Anderson <danderson@tailscale.com>	8 months ago
Brad Fitzpatrick	dc7aa98b76	all: use set.Set consistently instead of map[T]struct{} ... I didn't clean up the more idiomatic map[T]bool with true values, at least yet. I just converted the relatively awkward struct{}-valued maps. Updates #cleanup Change-Id: I758abebd2bb1f64bc7a9d0f25c32298f4679c14f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
David Anderson	95082a8dde	util/lru, util/limiter: add debug helper to dump state as HTML ... For use in tsweb debug handlers, so that we can easily inspect cache and limiter state when troubleshooting. Updates tailscale/corp#3601 Signed-off-by: David Anderson <danderson@tailscale.com>	8 months ago
Craig Rodrigues	8452d273e3	util/linuxfw: Fix comment which lists supported linux arches ... Only arm64 and amd64 are supported Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org>	8 months ago
David Anderson	0909e90890	util/lru: replace container/list with a custom ring implementation ... pre-generics container/list is quite unpleasant to use, and the pointer manipulation operations for an LRU are simple enough to implement directly now that we have generic types. With this change, the LRU uses a ring (aka circularly linked list) rather than a simple doubly-linked list as its internals, because the ring makes list manipulation edge cases more regular: the only remaining edge case is the transition between 0 and 1 elements, rather than also having to deal specially with manipulating the first and last members of the list. While the primary purpose was improved readability of the code, as it turns out removing the indirection through an interface box also speeds up the LRU: │ before.txt │ after.txt │ │ sec/op │ sec/op vs base │ LRU-32 67.05n ± 2% 59.73n ± 2% -10.90% (p=0.000 n=20) │ before.txt │ after.txt │ │ B/op │ B/op vs base │ LRU-32 21.00 ± 0% 10.00 ± 0% -52.38% (p=0.000 n=20) │ before.txt │ after.txt │ │ allocs/op │ allocs/op vs base │ LRU-32 0.000 ± 0% 0.000 ± 0% ~ (p=1.000 n=20) ¹ Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	8 months ago
David Anderson	472eb6f6f5	util/lru: add a microbenchmark ... The benchmark simulates an LRU being queries with uniformly random inputs, in a set that's too large for the LRU, which should stress the eviction codepath. Signed-off-by: David Anderson <danderson@tailscale.com>	8 months ago
David Anderson	96c2cd2ada	util/limiter: add a keyed token bucket rate limiter ... Updates tailscale/corp#3601 Signed-off-by: David Anderson <danderson@tailscale.com>	8 months ago
Anton Tolchanov	86b0fc5295	util/cmpver: add a few tests covering different OS versions ... Updates tailscale/corp#14491 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	9 months ago
Brad Fitzpatrick	7175f06e62	util/rands: add package with HexString func ... We use it a number of places in different repos. Might as well make one. Another use is coming. Updates #cleanup Change-Id: Ib7ce38de0db35af998171edee81ca875102349a4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Craig Rodrigues	8683ce78c2	client/web, clientupdate, util/linuxfw, wgengine/magicsock: Use %v verb for errors ... Replace %w verb with %v verb when logging errors. Use %w only for wrapping errors with fmt.Errorf() Fixes: #9213 Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org>	9 months ago
Maisem Ali	306b85b9a3	cmd/k8s-operator: add metrics to track usage ... Updates #502 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Brad Fitzpatrick	4af22f3785	util/deephash: add IncludeFields, ExcludeFields HasherForType Options ... Updates tailscale/corp#6198 Change-Id: Iafc18c5b947522cf07a42a56f35c0319cc7b1c94 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Aaron Klotz	6b6a8cf843	util/osdiag: add query for Windows page file configuration and status ... It's very common for OOM crashes on Windows to be caused by lack of page file space (the NT kernel does not overcommit). Since Windows automatically manages page file space by default, unless the machine is out of disk space, this is typically caused by manual page file configurations that are too small. This patch obtains the current page file size, the amount of free page file space, and also determines whether the page file is automatically or manually managed. Fixes #9090 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	9 months ago
Aaron Klotz	5fb1695bcb	util/osdiag, util/osdiag/internal/wsc: add code to probe the Windows Security Center for installed software ... The Windows Security Center is a component that manages the registration of security products on a Windows system. Only products that have obtained a special cert from Microsoft may register themselves using the WSC API. Practically speaking, most vendors do in fact sign up for the program as it enhances their legitimacy. From our perspective, this is useful because it gives us a high-signal source of information to query for the security products installed on the system. I've tied this query into the osdiag package and is run during bugreports. It uses COM bindings that were automatically generated by my prototype metadata processor, however that program still has a few bugs, so I had to make a few manual tweaks. I dropped those binding into an internal package because (for the moment, at least) they are effectively purpose-built for the osdiag use case. We also update the wingoes dependency to pick up BSTR. Fixes #10646 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	9 months ago
Aaron Klotz	ea693eacb6	util/winutil: add RegisterForRestart, allowing programs to indicate their preferences to the Windows restart manager ... In order for the installer to restart the GUI correctly post-upgrade, we need the GUI to be able to register its restart preferences. This PR adds API support for doing so. I'm adding it to OSS so that it is available should we need to do any such registrations on OSS binaries in the future. Updates https://github.com/tailscale/corp/issues/13998 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	9 months ago
Brad Fitzpatrick	1b223566dd	util/linuxfw: fix typo in unexported doc comment ... And flesh it out and use idiomatic doc style ("whether" for bools) and end in a period while there anyway. Updates #cleanup Change-Id: Ieb82f13969656e2340c3510e7b102dc8e6932611 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	f35ff84ee2	util/deephash: relax an annoyingly needy test ... I'd added a test case of deephash against a tailcfg.Node to make sure it worked at all more than anything. We don't care what the exact bytes are in this test, just that it doesn't fail. So adjust for that. Then when we make changes to tailcfg.Node and types under it, we don't need to keep adjusting this test. Updates #cleanup Change-Id: Ibf4fa42820aeab8f5292fe65f9f92ffdb0b4407b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
KevinLiang10	b040094b90	util/linuxfw: reorganize nftables rules to allow it to work with ufw ... This commit tries to mimic the way iptables-nft work with the filewall rules. We follow the convention of using tables like filter, nat and the conventional chains, to make our nftables implementation work with ufw. Updates: #391 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	9 months ago
Brad Fitzpatrick	bc0eb6b914	all: import x/exp/maps as xmaps to distinguish from Go 1.21 "maps" ... Updates #8419 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	e8551d6b40	all: use Go 1.21 slices, maps instead of x/exp/{slices,maps} ... Updates #8419 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Aaron Klotz	c17a817769	util/osdiag: add logging for winsock layered service providers to Windows bugreports ... The Layered Service Provider (LSP) is a deprecated (but still supported) mechanism for inserting user-mode DLLs into a filter chain between the Winsock API surface (ie, ws2_32.dll) and the internal user-mode interface to the networking stack. While their use is becoming more rare due to the aforementioned deprecation, it is still possible for third-party software to install their DLLs into this filter chain and interfere with Winsock API calls. Knowing whether this is happening is useful for troubleshooting. Fixes https://github.com/tailscale/tailscale/issues/8142 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	9 months ago
Aaron Klotz	b07347640c	util/winutil/authenticode: add missing docs for CertSubjectError ... A #cleanup PR. Signed-off-by: Aaron Klotz <aaron@tailscale.com>	9 months ago
Brad Fitzpatrick	7a5263e6d0	util/linuxfw: rename ErrorFWModeNotSupported ... Go style is for error variables to start with "err" (or "Err") and for error types to end in "Error". Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Aaron Klotz	3d2e35c053	util/winutil/authenticode: fix an inaccurate doc comment ... A #cleanup PR Signed-off-by: Aaron Klotz <aaron@tailscale.com>	9 months ago
Brad Fitzpatrick	66f27c4beb	all: require Go 1.21 ... Updates #8419 Change-Id: I809b6a4d59d92a2ab6ec587ccbb9053376bf02c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Maisem Ali	682fd72f7b	util/testenv: add new package to hold InTest ... Removes duplicated code. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
KevinLiang10	ae63c51ff1	wgengine/router: add auto selection heuristic for iptables/nftables ... This commit replaces the TS_DEBUG_USE_NETLINK_NFTABLES envknob with a TS_DEBUG_FIREWALL_MODE that should be set to either 'iptables' or 'nftables' to select firewall mode manually, other wise tailscaled will automatically choose between iptables and nftables depending on environment and system availability. updates: #319 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	9 months ago
Aaron Klotz	37925b3e7a	go.mod, cmd/tailscaled, ipn/localapi, util/osdiag, util/winutil, util/winutil/authenticode: add Windows module list to OS-specific logs that are written upon bugreport ... * We update wingoes to pick up new version information functionality (See pe/version.go in the https://github.com/dblohm7/wingoes repo); * We move the existing LogSupportInfo code (including necessary syscall stubs) out of util/winutil into a new package, util/osdiag, and implement the public LogSupportInfo function may be implemented for other platforms as needed; * We add a new reason argument to LogSupportInfo and wire that into localapi's bugreport implementation; * We add module information to the Windows implementation of LogSupportInfo when reason indicates a bugreport. We enumerate all loaded modules in our process, and for each one we gather debug, authenticode signature, and version information. Fixes #7802 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	10 months ago
Aaron Klotz	7adf15f90e	cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support ... Previously, tailscale upgrade was doing the bare minimum for checking authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do better: * WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't determine *whose* signature is valid; tailscale upgrade should also ensure that the binary is actually signed *by us*. * I added the ability to check the signatures of MSI files. * In future PRs I will be adding diagnostic logging that lists details about every module (ie, DLL) loaded into our process. As part of that metadata, I want to be able to extract information about who signed the binaries. This code is modelled on some C++ I wrote for Firefox back in the day. See https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp for reference. Fixes #8284 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	10 months ago
David Anderson	52212f4323	all: update exp/slices and fix call sites ... slices.SortFunc suffered a late-in-cycle API breakage. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
Maisem Ali	1ecc16da5f	tailcfg,ipn/ipnlocal,wgengine: add values to PeerCapabilities ... Define PeerCapabilty and PeerCapMap as the new way of sending down inter-peer capability information. Previously, this was unstructured and you could only send down strings which got too limiting for certain usecases. Instead add the ability to send down raw JSON messages that are opaque to Tailscale but provide the applications to define them however they wish. Also update accessors to use the new values. Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Brad Fitzpatrick	88cc0ad9f7	util/linuxfw: remove yet-unused code to fix linux/arm64 crash ... The util/linuxfw/iptables.go had a bunch of code that wasn't yet used (in prep for future work) but because of its imports, ended up initializing code deep within gvisor that panicked on init on arm64 systems not using 4KB pages. This deletes the unused code to delete the imports and remove the panic. We can then cherry-pick this back to the branch and restore it later in a different way. A new test makes sure we don't regress in the future by depending on the panicking package in question. Fixes #8658 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
KevinLiang10	a3c7b21cd1	util/linuxfw: add nftables support ... This commit adds nftable rule injection for tailscaled. If tailscaled is started with envknob TS_DEBUG_USE_NETLINK_NFTABLES = true, the router will use nftables to manage firewall rules. Updates: #391 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	10 months ago
Brad Fitzpatrick	7b1c3dfd28	tailcfg,etc: remove unused tailcfg.Node.KeepAlive field ... The server hasn't sent it in ages. Updates #cleanup Change-Id: I9695ab0f074ec6fb006e11faf3cdfc5ca049fbf8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
KevinLiang10	6ebd87c669	util/linuxfw: add new arch build constraints ... Exclide GOARCHs including: mips, mips64, mips64le, mipsle, riscv64. These archs are not supported by gvisor.dev/gvisor/pkg/hostarch. Fixes: #391 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	11 months ago
Brad Fitzpatrick	b0a984dc26	util/lru: add a package for a typed LRU cache ... Updates tailscale/corp#7355 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
KevinLiang10	243ce6ccc1	util/linuxfw: decoupling IPTables logic from linux router ... This change is introducing new netfilterRunner interface and moving iptables manipulation to a lower leveled iptables runner. For #391 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	11 months ago
Maisem Ali	c11af12a49	.github: actually run tests in CI ... Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	11 months ago
Brad Fitzpatrick	7c1068b7ac	util/goroutines: let ScrubbedGoroutineDump get only current stack ... ScrubbedGoroutineDump previously only returned the stacks of all goroutines. I also want to be able to use this for only the current goroutine's stack. Add a bool param to support both ways. Updates tailscale/corp#5149 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Andrew Dunham	62130e6b68	util/slicesx: add Partition function ... Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: If97995ca9ee9fad40f327420dcb1857dd7ea2315	12 months ago
Brad Fitzpatrick	eefee6f149	all: use cmpx.Or where it made sense ... I left a few out where writing it explicitly was better for various reasons. Updates #8296 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	12 months ago
Brad Fitzpatrick	12f8c98823	util/cmpx: add package with cmp-like things from future Go releases ... Updates #8296 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	12 months ago
Aaron Klotz	2aa8299c37	cmd/tailscaled, util/winutil: log our registry keys during tailscaled startup ... In order to improve our ability to understand the state of policies and registry settings when troubleshooting, we enumerate all values in all subkeys. x/sys/windows does not already offer this, so we need to call RegEnumValue directly. For now we're just logging this during startup, however in a future PR I plan to also trigger this code during a bugreport. I also want to log more than just registry. Fixes #8141 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	12 months ago
Brad Fitzpatrick	b69059334b	util/set: add a basic map-based Set type ... We have two other types of Sets here. Add the basic obvious one too. Needed for a change elsewhere. Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	4f454f4122	util/codegen: support embedded fields ... I noticed cmd/{cloner,viewer} didn't support structs with embedded fields while working on a change in another repo. This adds support. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	280255acae	various: add golangci-lint, fix issues (#7905) ... This adds an initial and intentionally minimal configuration for golang-ci, fixes the issues reported, and adds a GitHub Action to check new pull requests against this linter configuration. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8f38fbc315836a19a094d0d3e986758b9313f163	1 year ago
Andrew Dunham	f352f8a0e6	util/set: move Slice type from corp to oss ... This is an exact copy of the files misc/set/set{,_test}.go from tailscale/corp@a5415daa9c, plus the license headers. For use in #7877 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I712d09c6d1a180c6633abe3acf8feb59b27e2866	1 year ago
Maisem Ali	64bbf1738e	tailcfg: make SelfNodeV4MasqAddrForThisPeer a pointer ... This makes `omitempty` actually work, and saves bytes in each map response. Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	c573bef0aa	tailcfg,wgengine: add initial support for WireGuard only peers ... A peer can have IsWireGuardOnly, which means it will not support DERP or Disco, and it must have Endpoints filled in order to be usable. In the present implementation only the first Endpoint will be used as the bestAddr. Updates tailscale/corp#10351 Co-authored-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com> Co-authored-by: James Tucker <james@tailscale.com> Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Mihai Parparita	f49b9f75b8	util/clientmetric: allow client metric values to be provided by a function ... Adds NewGaugeFunc and NewCounterFunc (inspired by expvar.Func) which change the current value to be reported by a function. This allows some client metric values to be computed on-demand during uploading (at most every 15 seconds), instead of being continuously updated. clientmetric uploading had a bunch of micro-optimizations for memory access (#3331) which are not possible with this approach. However, any performance hit from function-based metrics is contained to those metrics only, and we expect to have very few. Also adds a DisableDeltas() option for client metrics, so that absolute values are always reported. This makes server-side processing of some metrics easier to reason about. Updates tailscale/corp#9230 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Aaron Klotz	90fd04cbde	ipn/ipnlocal, util/winutil/policy: modify Windows profile migration to load legacy prefs from within tailscaled ... I realized that a lot of the problems that we're seeing around migration and LocalBackend state can be avoided if we drive Windows pref migration entirely from within tailscaled. By doing it this way, tailscaled can automatically perform the migration as soon as the connection with the client frontend is established. Since tailscaled is already running as LocalSystem, it already has access to the user's local AppData directory. The profile manager already knows which user is connected, so we simply need to resolve the user's prefs file and read it from there. Of course, to properly migrate this information we need to also check system policies. I moved a bunch of policy resolution code out of the GUI and into a new package in util/winutil/policy. Updates #7626 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Andrew Dunham	8d3acc9235	util/sysresources, magicsock: scale DERP buffer based on system memory ... This adds the util/sysresources package, which currently only contains a function to return the total memory size of the current system. Then, we modify magicsock to scale the number of buffered DERP messages based on the system's available memory, ensuring that we never use a value lower than the previous constant of 32. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ib763c877de4d0d4ee88869078e7d512f6a3a148d	1 year ago
Josh Bleecher Snyder	3ba9f8dd04	util/codegen: add -copyright to control presence of copyright headers ... Fixes #7702 Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>	1 year ago
Anton Tolchanov	2a933c1903	cmd/tailscale: extend hostname validation (#7678) ... In addition to checking the total hostname length, validate characters used in each DNS label and label length. Updates https://github.com/tailscale/corp/issues/10012 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Maisem Ali	f61b306133	tailcfg: add Node.SelfNodeV4MasqAddrForThisPeer ... This only adds the field, to be used in a future commit. Updates tailscale/corp#8020 Co-authored-by: Melanie Warrick <warrick@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
M. J. Fromberger	a75360ccd6	util: add truncate package (#7490) ... This package handles cases where we need to truncate human-readable text to fit a length constraint without leaving "ragged" multi-byte rune fragments at the end of the truncated value. Change-Id: Id972135d1880485f41b1fedfb65c2b8cc012d416 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	1 year ago
Maisem Ali	1a30b2d73f	all: use tstest.Replace more ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Andrew Dunham	73fa7dd7af	util/slicesx: add package for generic slice functions, use ... Now that we're using rand.Shuffle in a few locations, create a generic shuffle function and use it instead. While we're at it, move the interleaveSlices function to the same package for use. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0b00920e5b3eea846b6cedc30bd34d978a049fd3	1 year ago
Andrew Dunham	e220fa65dd	util/ringbuffer: move generic ringbuffer from corp repo ... Also add some basic tests for this implementation. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I307ebb6db91d0c172657befb276b38ccb638f828	1 year ago
Andrew Dunham	6927a844b1	util/linuxfw: add build constraints excluding GOARCH=arm ... This isn't currently supported due to missing support in upstream dependencies, and also we don't use this package anywhere right now. Just conditionally skip this for now. Fixes #7268 Change-Id: Ie7389c2c0816b39b410c02a7276051a4c18b6450 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	1 year ago
Andrew Dunham	ba48ec5e39	util/linuxfw: initial implementation of package ... This package is an initial implementation of something that can read netfilter and iptables rules from the Linux kernel without needing to shell out to an external utility; it speaks directly to the kernel using syscalls and parses the data returned. Currently this is read-only since it only knows how to parse a subset of the available data. Signed-off-by: Andrew Dunham <andrew@tailscale.com> Change-Id: Iccadf5dcc081b73268d8ccf8884c24eb6a6f1ff5	1 year ago
Andrew Dunham	2dc3dc21a8	util/multierr: implement Go 1.20+'s multiple error Unwrap ... Now that Go 1.20 is released, multierr.Error can implement Unwrap() []error Updates #7123 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ic28c2579de6799801836c447afbca8cdcba732cf	1 year ago
Brad Fitzpatrick	b1248442c3	all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork ... Updates #7123 Updates #5309 Change-Id: I90bcd87a2fb85a91834a0dd4be6e03db08438672 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Will Norris	10085063fb	util/vizerror: add As function to get wrapped Error ... Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	648aa00a28	fixup! util/vizerror: add new package for visible errors ... Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	a6c6979b85	fixup! util/vizerror: add new package for visible errors ... Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	598ec463bc	fixup! util/vizerror: add new package for visible errors ... Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	8e6a1ab175	util/vizerror: add new package for visible errors ... Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	947c14793a	all: update tools that manage copyright headers ... Update all code generation tools, and those that check for license headers to use the new standard header. Also update copyright statement in LICENSE file. Fixes #6865 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	71029cea2d	all: update copyright and license headers ... This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Mihai Parparita	8c20da2568	util/httpm: add another HTTP method ... Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Brad Fitzpatrick	a1b4ab34e6	util/httpm: add new package for prettier HTTP method constants ... See package doc. Change-Id: Ibbfc8e1f98294217c56f3a9452bd93ffa3103572 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	9bd6a2fb8d	cmd/k8s-operator: support setting a custom hostname. ... Updates #502 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	6edf357b96	all: start groundwork for using capver for localapi & peerapi ... Updates #7015 Change-Id: I3d4c11b42a727a62eaac3262a879f29bb4ce82dd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	d9144c73a8	cmd/tailscale: add start of "tailscale update" command ... Goal: one way for users to update Tailscale, downgrade, switch tracks, regardless of platform (Windows, most Linux distros, macOS, Synology). This is a start. Updates #755, etc Change-Id: I23466da1ba41b45f0029ca79a17f5796c2eedd92 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	1e67947cfa	control/controlclient, tailcfg: add Node.Expired field, set for expired nodes ... Nodes that are expired, taking into account the time delta calculated from MapResponse.ControlTime have the newly-added Expired boolean set. For additional defense-in-depth, also replicate what control does and clear the Endpoints and DERP fields, and additionally set the node key to a bogus value. Updates #6932 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ia2bd6b56064416feee28aef5699ca7090940662a	1 year ago
Brad Fitzpatrick	b2b8e62476	util/codegen: permit running in directories without copyright headers ... It broke in our corp repo that lacks copyright headers. Change-Id: Iafc433e6b6affe83b45477899455527658dc4f12 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	aad6830df0	util/codegen, all: use latest year, not time.Now, in generated files ... Updates #6865 Change-Id: I6b86c646968ebbd4553cf37df5e5612fbf5c5f7d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Aaron Klotz	3c452b9880	util/winutil: fix erroneous condition in implementation of getRegIntegerInternal ... We only want to log when err != registry.ErrNotExist. The condition was backward. Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Joe Tsai	350aab05e5	util/multierr: optimize New for nil cases (#6750) ... Consider the following pattern: err1 := foo() err2 := bar() err3 := baz() return multierr.New(err1, err2, err3) If err1, err2, and err3 are all nil, then multierr.New should not allocate. Thus, modify the logic of New to count the number of distinct error values and allocate the exactly needed slice. This also speeds up non-empty error situation since repeatedly growing with append is slow. Performance: name old time/op new time/op delta Empty-24 41.8ns ± 2% 6.4ns ± 1% -84.73% (p=0.000 n=10+10) NonEmpty-24 120ns ± 3% 69ns ± 1% -42.01% (p=0.000 n=9+10) name old alloc/op new alloc/op delta Empty-24 64.0B ± 0% 0.0B -100.00% (p=0.000 n=10+10) NonEmpty-24 168B ± 0% 88B ± 0% -47.62% (p=0.000 n=10+10) name old allocs/op new allocs/op delta Empty-24 1.00 ± 0% 0.00 -100.00% (p=0.000 n=10+10) NonEmpty-24 3.00 ± 0% 2.00 ± 0% -33.33% (p=0.000 n=10+10) Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
Brad Fitzpatrick	ca08e316af	util/endian: delete package; use updated josharian/native instead ... See josharian/native#3 Updates golang/go#57237 Change-Id: I238c04c6654e5b9e7d9cfb81a7bbc5e1043a84a2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Joe Tsai	c47578b528	util/multierr: add Range (#6643) ... Errors in Go are no longer viewed as a linear chain, but a tree. See golang/go#53435. Add a Range function that iterates through an error in a pre-order, depth-first order. This matches the iteration order of errors.As in Go 1.20. This adds the logic (but currently commented out) for having Error implement the multi-error version of Unwrap in Go 1.20. It is commented out currently since it causes "go vet" to complain about having the "wrong" signature. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
Brad Fitzpatrick	197a4f1ae8	types/ptr: move all the ptrTo funcs to one new package's ptr.To ... Change-Id: Ia0b820ffe7aa72897515f19bd415204b6fe743c7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Aaron Klotz	6e33d2da2b	ipn/ipnauth, util/winutil: add temporary LookupPseudoUser workaround to address os/user.LookupId errors on Windows ... I added util/winutil/LookupPseudoUser, which essentially consists of the bits that I am in the process of adding to Go's standard library. We check the provided SID for "S-1-5-x" where 17 <= x <= 20 (which are the known pseudo-users) and then manually populate a os/user.User struct with the correct information. Fixes https://github.com/tailscale/tailscale/issues/869 Fixes https://github.com/tailscale/tailscale/issues/2894 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Brad Fitzpatrick	ea25ef8236	util/set: add new set package for SetHandle type ... We use this pattern in a number of places (in this repo and elsewhere) and I was about to add a fourth to this repo which was crossing the line. Add this type instead so they're all the same. Also, we have another Set type (SliceSet, which tracks its keys in order) in another repo we can move to this package later. Change-Id: Ibbdcdba5443fae9b6956f63990bdb9e9443cefa9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	0af61f7c40	cmd/tailscale, util/quarantine: set quarantine flags on files from Taildrop ... This sets the "com.apple.quarantine" flag on macOS, and the "Zone.Identifier" alternate data stream on Windows. Change-Id: If14f805467b0e2963067937d7f34e08ba1d1fa85 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
ysicing	cba1312dab	util/endian: add support on Loongnix-Server (loong64) ... Change-Id: I8275d158779c749a4cae2b4457d390871b4b8e3c Signed-off-by: ysicing <i@ysicing.me>	2 years ago
Brad Fitzpatrick	db2cc393af	util/dirwalk, metrics, portlist: add new package for fast directory walking ... This is similar to the golang.org/x/tools/internal/fastwalk I'd previously written but not recursive and using mem.RO. The metrics package already had some Linux-specific directory reading code in it. Move that out to a new general package that can be reused by portlist too, which helps its scanning of all /proc files: name old time/op new time/op delta FindProcessNames-8 2.79ms ± 6% 2.45ms ± 7% -12.11% (p=0.000 n=10+10) name old alloc/op new alloc/op delta FindProcessNames-8 62.9kB ± 0% 33.5kB ± 0% -46.76% (p=0.000 n=9+10) name old allocs/op new allocs/op delta FindProcessNames-8 2.25k ± 0% 0.38k ± 0% -82.98% (p=0.000 n=9+10) Change-Id: I75db393032c328f12d95c39f71c9742c375f207a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	da8def8e13	all: remove old +build tags ... The //go:build syntax was introduced in Go 1.17: https://go.dev/doc/go1.17#build-lines gofmt has kept the +build and go:build lines in sync since then, but enough time has passed. Time to remove them. Done with: perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build') Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Adrian Dewhurst	c3a5489e72	util/winutil: remove log spam for missing registry keys ... It's normal for HKLM\SOFTWARE\Policies\Tailscale to not exist but that currently produces a lot of log spam. Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Brad Fitzpatrick	e55ae53169	tailcfg: add Node.UnsignedPeerAPIOnly to let server mark node as peerapi-only ... capver 48 Change-Id: I20b2fa81d61ef8cc8a84e5f2afeefb68832bd904 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Mihai Parparita	63ad49890f	cmd/tsconnect: pre-compress main.wasm when building the NPM package ... This way we can do that once (out of band, in the GitHub action), instead of increasing the time of each deploy that uses the package. .wasm is removed from the list of automatically pre-compressed extensions, an OSS bump and small change on the corp side is needed to make use of this change. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Cuong Manh Le	a7efc7bd17	util/singleflight: sync with upstream ... Sync with golang.org/x/sync/singleflight at commit 8fcdb60fdcc0539c5e357b2308249e4e752147f1 Fixes #5790 Signed-off-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>	2 years ago
Josh Soref	d4811f11a0	all: fix spelling mistakes ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2 years ago
Aaron Klotz	44f13d32d7	cmd/tailscaled, util/winutil: log Windows service diagnostics when the wintun device fails to install ... I added new functions to winutil to obtain the state of a service and all its depedencies, serialize them to JSON, and write them to a Logf. When tstun.New returns a wrapped ERROR_DEVICE_NOT_AVAILABLE, we know that wintun installation failed. We then log the service graph rooted at "NetSetupSvc". We are interested in that specific service because network devices will not install if that service is not running. Updates https://github.com/tailscale/tailscale/issues/5531 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Andrew Dunham	4b996ad5e3	util/deephash: add AppendSum method (#5768) ... This method can be used to obtain the hex-formatted deephash.Sum instance without allocations. Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Brad Fitzpatrick	9bdf0cd8cd	ipn/ipnlocal: add c2n /debug/{goroutines,prefs,metrics} ... * and move goroutine scrubbing code to its own package for reuse * bump capver to 45 Change-Id: I9b4dfa5af44d2ecada6cc044cd1b5674ee427575 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Aaron Klotz	acc7baac6d	tailcfg, util/deephash: add DataPlaneAuditLogID to Node and DomainDataPlaneAuditLogID to MapResponse ... We're adding two log IDs to facilitate data-plane audit logging: a node-specific log ID, and a domain-specific log ID. Updated util/deephash/deephash_test.go with revised expectations for tailcfg.Node. Updates https://github.com/tailscale/corp/issues/6991 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Brad Fitzpatrick	f3ce1e2536	util/mak: deprecate NonNil, add type-safe NonNilSliceForJSON, NonNilMapForJSON ... And put the rationale in the name too to save the callers the need for a comment. Change-Id: I090f51b749a5a0641897ee89a8fb2e2080c8b782 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Dunham	70ed22ccf9	util/uniq: add ModifySliceFunc (#5504) ... Follow-up to #5491. This was used in control... oops! Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Andrew Dunham	e945d87d76	util/uniq: use generics instead of reflect (#5491) ... This takes 75% less time per operation per some benchmarks on my mac. Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Joe Tsai	7e40071571	util/deephash: handle slice edge-cases (#5471) ... It is unclear whether the lack of checking nil-ness of slices was an oversight or a deliberate feature. Lacking a comment, the assumption is that this was an oversight. Also, expand the logic to perform cycle detection for recursive slices. We do this on a per-element basis since a slice is semantically equivalent to a list of pointers. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Andrew Dunham	58cc049a9f	util/cstruct: add package for decoding padded C structures (#5429) ... I was working on my "dump iptables rules using only syscalls" branch and had a bunch of C structure decoding to do. Rather than manually calculating the padding or using unsafe trickery to actually cast variable-length structures to Go types, I'd rather use a helper package that deals with padding for me. Padding rules were taken from the following article: http://www.catb.org/esr/structure-packing/ Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Joe Tsai	9bf13fc3d1	util/deephash: remove getTypeInfo (#5469) ... Add a new lookupTypeHasher function that is just a cached front-end around the makeTypeHasher function. We do not need to worry about the recursive type cycle issue that made getTypeInfo more complicated since makeTypeHasher is not directly recursive. All calls to itself happen lazily through a sync.Once upon first use. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	ab7e6f3f11	util/deephash: require pointer in API (#5467) ... The entry logic of Hash has extra complexity to make sure we always have an addressable value on hand. If not, we heap allocate the input. For this reason we document that there are performance benefits to always providing a pointer. Rather than documenting this, just enforce it through generics. Also, delete the unused HasherForType function. It's an interesting use of generics, but not well tested. We can resurrect it from code history if there's a need for it. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	c5b1565337	util/deephash: move pointer and interface logic to separate function (#5465) ... This helps pprof better identify which Go kinds take the most time since the kind is always in the function name. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	d2e2d8438b	util/deephash: move map logic to separate function (#5464) ... This helps pprof better identify which Go kinds take the most time since the kind is always in the function name. There is a minor adjustment where we hash the length of the map to be more on the cautious side. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	23c3831ff9	util/deephash: coalesce struct logic (#5466) ... Rather than having two copies []fieldInfo, just maintain one and perform merging in the same pass. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	296b008b9f	util/deephash: move array and slice logic to separate function (#5463) ... This helps pprof better identify which Go kinds take the most time since the kind is always in the function name. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	31bf3874d6	util/deephash: use unsafe.Pointer instead of reflect.Value (#5459) ... Use of reflect.Value.SetXXX panics if the provided argument was obtained from an unexported struct field. Instead, pass an unsafe.Pointer around and convert to a reflect.Value when necessary (i.e., for maps and interfaces). Converting from unsafe.Pointer to reflect.Value guarantees that none of the read-only bits will be populated. When running in race mode, we attach type information to the pointer so that we can type check every pointer operation. This also type-checks that direct memory hashing is within the valid range of a struct value. We add test cases that previously caused deephash to panic, but now pass. Performance: name old time/op new time/op delta Hash 14.1µs ± 1% 14.1µs ± 1% ~ (p=0.590 n=10+9) HashPacketFilter 2.53µs ± 2% 2.44µs ± 1% -3.79% (p=0.000 n=9+10) TailcfgNode 1.45µs ± 1% 1.43µs ± 0% -1.36% (p=0.000 n=9+9) HashArray 318ns ± 2% 318ns ± 2% ~ (p=0.541 n=10+10) HashMapAcyclic 32.9µs ± 1% 31.6µs ± 1% -4.16% (p=0.000 n=10+9) There is a slight performance gain due to the use of unsafe.Pointer over reflect.Value methods. Also, passing an unsafe.Pointer (1 word) on the stack is cheaper than passing a reflect.Value (3 words). Performance gains are diminishing since SHA-256 hashing now dominates the runtime. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	e0c5ac1f02	util/deephash: add debug printer (#5460) ... When built with "deephash_debug", print the set of HashXXX methods. Example usage: $ go test -run=GetTypeHasher/string_slice -tags=deephash_debug U64(2)+U64(3)+S("foo")+U64(3)+S("bar")+FIN Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	70f9fc8c7a	util/deephash: rely on direct memory hashing for primitive kinds (#5457) ... Rather than separate functions to hash each kind, just rely on the fact that these are direct memory hashable, thus simplifying the code. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	531ccca648	util/deephash: delete slow path (#5423) ... Every implementation of typeHasherFunc always returns true, which implies that the slow path is no longer executed. Delete it. h.hashValueWithType(v, ti, ...) is deleted as it is equivalent to: ti.hasher()(h, v) h.hashValue(v, ...) is deleted as it is equivalent to: ti := getTypeInfo(v.Type()) ti.hasher()(h, v) Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	3fc8683585	util/deephash: expand fast-path capabilities (#5404) ... Add support for maps and interfaces to the fast path. Add cycle-detection to the pointer handling logic. This logic is mostly copied from the slow path. A future commit will delete the slow path once the fast path never falls back to the slow path. Performance: name old time/op new time/op delta Hash-24 18.5µs ± 1% 14.9µs ± 2% -19.52% (p=0.000 n=10+10) HashPacketFilter-24 2.54µs ± 1% 2.60µs ± 1% +2.19% (p=0.000 n=10+10) HashMapAcyclic-24 31.6µs ± 1% 30.5µs ± 1% -3.42% (p=0.000 n=9+8) TailcfgNode-24 1.44µs ± 2% 1.43µs ± 1% ~ (p=0.171 n=10+10) HashArray-24 324ns ± 1% 324ns ± 2% ~ (p=0.425 n=9+9) The additional cycle detection logic doesn't incur much slow down since it only activates if a type is recursive, which does not apply for any of the types that we care about. There is a notable performance boost since we switch from the fath path to the slow path less often. Most notably, a struct with a field that could not be handled by the fast path would previously cause the entire struct to go through the slow path. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Tom DNetto	18edd79421	control/controlclient,tailcfg: [capver 40] create KeySignature field in tailcfg.Node ... We calve out a space to put the node-key signature (used on tailnets where network lock is enabled). Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Joe Tsai	d32700c7b2	util/deephash: specialize for netip.Addr and drop AppendTo support (#5402) ... There are 5 types that we care about that implement AppendTo: key.DiscoPublic key.NodePublic netip.Prefix netipx.IPRange netip.Addr The key types are thin wrappers around [32]byte and are memory hashable. The netip.Prefix and netipx.IPRange types are thin wrappers over netip.Addr and are hashable by default if netip.Addr is hashable. The netip.Addr type is the only one with a complex structure where the default behavior of deephash does not hash it correctly due to the presence of the intern.Value type. Drop support for AppendTo and instead add specialized hashing for netip.Addr that would be semantically equivalent to == on the netip.Addr values. The AppendTo support was already broken prior to this change. It was fully removed (intentionally or not) in #4870. It was partially restored in #4858 for the fast path, but still broken in the slow path. Just drop support for it altogether. This does mean we lack any ability for types to self-hash themselves. In the future we can add support for types that implement: interface { DeepHash() Sum } Test and fuzz cases were added for the relevant types that used to rely on the AppendTo method. FuzzAddr has been executed on 1 billion samples without issues. Signed-off-by: Joe Tsai joetsai@digital-static.net	2 years ago
Joe Tsai	03f7e4e577	util/hashx: move from sha256x (#5388)	2 years ago
Joe Tsai	f061d20c9d	util/sha256x: rename Hash as Block512 (#5351) ... Rename Hash as Block512 to indicate that this is a general-purpose hash.Hash for any algorithm that operates on 512-bit block sizes. While we rename the package as hashx in this commit, a subsequent commit will move the sha256x package to hashx. This is done separately to avoid confusing git. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	44d62b65d0	util/deephash: move typeIsRecursive and canMemHash to types.go (#5386) ... Also, rename canMemHash to typeIsMemHashable to be consistent. There are zero changes to the semantics. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	d53eb6fa11	util/deephash: simplify typeIsRecursive (#5385) ... Any type that is memory hashable must not be recursive since there are definitely no pointers involved to make a cycle. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	23ec3c104a	util/deephash: remove unused stack slice in typeIsRecursive (#5363) ... No operation ever reads from this variable. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	c200229f9e	util/deephash: simplify canMemHash (#5384) ... Put the t.Size() == 0 check first since this is applicable in all cases. Drop the last struct field conditional since this is covered by the sumFieldSize check at the end. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	32a1a3d1c0	util/deephash: avoid variadic argument for Update (#5372) ... Hashing []any is slow since hashing of interfaces is slow. Hashing of interfaces is slow since we pessimistically assume that cycles can occur through them and start cycle tracking. Drop the variadic signature of Update and fix callers to pass in an anonymous struct so that we are hashing concrete types near the root of the value tree. Signed-off-by: Joe Tsai <joetsai@digital-static.net> Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Maisem Ali	545639ee44	util/winutil: consolidate interface specific registry keys ... Code movement to allow reuse in a follow up PR. Updates #1659 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Joe Tsai	548fa63e49	util/deephash: use binary encoding of time.Time (#5352) ... Formatting a time.Time as RFC3339 is slow. See https://go.dev/issue/54093 Now that we have efficient hashing of fixed-width integers, just hash the time.Time as a binary value. Performance: Hash-24 19.0µs ± 1% 18.6µs ± 1% -2.03% (p=0.000 n=10+9) TailcfgNode-24 1.79µs ± 1% 1.40µs ± 1% -21.74% (p=0.000 n=10+9) Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	1f7479466e	util/deephash: use sha256x (#5339) ... Switch deephash to use sha256x.Hash. We add sha256x.HashString to efficiently hash a string. It uses unsafe under the hood to convert a string to a []byte. We also modify sha256x.Hash to export the underlying hash.Hash for testing purposes so that we can intercept all hash.Hash calls. Performance: name old time/op new time/op delta Hash-24 19.8µs ± 1% 19.2µs ± 1% -3.01% (p=0.000 n=10+10) HashPacketFilter-24 2.61µs ± 0% 2.53µs ± 1% -3.01% (p=0.000 n=8+10) HashMapAcyclic-24 31.3µs ± 1% 29.8µs ± 0% -4.80% (p=0.000 n=10+9) TailcfgNode-24 1.83µs ± 1% 1.82µs ± 2% ~ (p=0.305 n=10+10) HashArray-24 344ns ± 2% 323ns ± 1% -6.02% (p=0.000 n=9+10) The performance gains is not as dramatic as sha256x over sha256 due to: 1. most of the hashing already occurring through the direct memory hashing logic, and 2. what does not go through direct memory hashing is slowed down by reflect. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	77a92f326d	util/deephash: avoid using sync.Pool for reflect.MapIter (#5333) ... In Go 1.19, the reflect.Value.MapRange method uses "function outlining" so that the allocation of reflect.MapIter is inlinable by the caller. If the iterator doesn't escape the caller, it can be stack allocated. See https://go.dev/cl/400675 Performance: name old time/op new time/op delta HashMapAcyclic-24 31.9µs ± 2% 32.1µs ± 1% ~ (p=0.075 n=10+10) name old alloc/op new alloc/op delta HashMapAcyclic-24 0.00B 0.00B ~ (all equal) Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	1c3c6b5382	util/sha256x: make Hash.Sum non-escaping (#5338) ... Since Hash is a concrete type, we can make it such that Sum never escapes the input. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	76b0e578c5	util/sha256x: new package (#5337) ... The hash.Hash provided by sha256.New is much more efficient if we always provide it with data a multiple of the block size. This avoids double-copying of data into the internal block of sha256.digest.x. Effectively, we are managing a block ourselves to ensure we only ever call hash.Hash.Write with full blocks. Performance: name old time/op new time/op delta Hash 33.5µs ± 1% 20.6µs ± 1% -38.40% (p=0.000 n=10+9) The logic has gone through CPU-hours of fuzzing. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	539c5e44c5	util/deephash: always keep values addressable (#5328) ... The logic of deephash is both simpler and easier to reason about if values are always addressable. In Go, the composite kinds are slices, arrays, maps, structs, interfaces, pointers, channels, and functions, where we define "composite" as a Go value that encapsulates some other Go value (e.g., a map is a collection of key-value entries). In the cases of pointers and slices, the sub-values are always addressable. In the cases of arrays and structs, the sub-values are always addressable if and only if the parent value is addressable. In the case of maps and interfaces, the sub-values are never addressable. To make them addressable, we need to copy them onto the heap. For the purposes of deephash, we do not care about channels and functions. For all non-composite kinds (e.g., strings and ints), they are only addressable if obtained from one of the composite kinds that produce addressable values (i.e., pointers, slices, addressable arrays, and addressable structs). A non-addressible, non-composite kind can be made addressable by allocating it on the heap, obtaining a pointer to it, and dereferencing it. Thus, if we can ensure that values are addressable at the entry points, and shallow copy sub-values whenever we encounter an interface or map, then we can ensure that all values are always addressable and assume such property throughout all the logic. Performance: name old time/op new time/op delta Hash-24 21.5µs ± 1% 19.7µs ± 1% -8.29% (p=0.000 n=9+9) HashPacketFilter-24 2.61µs ± 1% 2.62µs ± 0% +0.29% (p=0.037 n=10+9) HashMapAcyclic-24 30.8µs ± 1% 30.9µs ± 1% ~ (p=0.400 n=9+10) TailcfgNode-24 1.84µs ± 1% 1.84µs ± 2% ~ (p=0.928 n=10+10) HashArray-24 324ns ± 2% 332ns ± 2% +2.45% (p=0.000 n=10+10) Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Maisem Ali	40ec8617ac	util/must: rename Do->Get, add Do ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	01e8ef7293	util/strs: add new package for string utility funcs ... Updates #5309 Change-Id: I677cc6e01050b6e10d8d6907d961b11c7a787a05 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Joe Tsai	622d80c007	util/must: new package (#5307) ... The Do function assists in calling functions that must succeed. It only interacts well with functions that return (T, err). Signatures with more return arguments are not supported. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Maisem Ali	a9f6cd41fd	all: use syncs.AtomicValue ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Mihai Parparita	4aa88bc2c0	cmd/tsconnect,util/precompress: move precompression to its own package ... We have very similar code in corp, moving it to util/precompress allows it to be reused. Updates #5133 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Brad Fitzpatrick	8725b14056	all: migrate more code code to net/netip directly ... Instead of going through the tailscale.com/net/netaddr transitional wrappers. Updates #5162 Change-Id: I3dafd1c2effa1a6caa9b7151ecf6edd1a3fda3dd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	116f55ff66	all: gofmt for Go 1.19 ... Updates #5210 Change-Id: Ib02cd5e43d0a8db60c1f09755a8ac7b140b670be Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	04cf46a762	util/deephash: fix unexported time.Time hashing ... Updates tailscale/corp#6311 Change-Id: I33cd7e4040966261c2f2eb3d32f29936aeb7f632 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	a12aad6b47	all: convert more code to use net/netip directly ... perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.) perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. ) goimports -w . Then delete some stuff from the net/netaddr shim package which is no longer neeed. Updates #5162 Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6a396731eb	all: use various net/netip parse funcs directly ... Mechanical change with perl+goimports. Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then goimports -d . Finally, removed the net/netaddr wrappers, to prevent future use. Updates #5162 Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	7eaf5e509f	net/netaddr: start migrating to net/netip via new netaddr adapter package ... Updates #5162 Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	2a22ea3e83	util/deephash: generate type-specific hasher funcs ... name old time/op new time/op delta Hash-8 71.1µs ± 2% 71.5µs ± 1% ~ (p=0.114 n=9+8) HashPacketFilter-8 8.39µs ± 1% 4.83µs ± 2% -42.38% (p=0.000 n=8+9) HashMapAcyclic-8 56.2µs ± 1% 56.9µs ± 2% +1.17% (p=0.035 n=10+9) TailcfgNode-8 6.49µs ± 2% 3.54µs ± 1% -45.37% (p=0.000 n=9+9) HashArray-8 729ns ± 2% 566ns ± 3% -22.30% (p=0.000 n=10+10) name old alloc/op new alloc/op delta Hash-8 24.0B ± 0% 24.0B ± 0% ~ (all equal) HashPacketFilter-8 24.0B ± 0% 24.0B ± 0% ~ (all equal) HashMapAcyclic-8 0.00B 0.00B ~ (all equal) TailcfgNode-8 0.00B 0.00B ~ (all equal) HashArray-8 0.00B 0.00B ~ (all equal) name old allocs/op new allocs/op delta Hash-8 1.00 ± 0% 1.00 ± 0% ~ (all equal) HashPacketFilter-8 1.00 ± 0% 1.00 ± 0% ~ (all equal) HashMapAcyclic-8 0.00 0.00 ~ (all equal) TailcfgNode-8 0.00 0.00 ~ (all equal) HashArray-8 0.00 0.00 ~ (all equal) Change-Id: I34c4e786e748fe60280646d40cc63a2adb2ea6fe Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Mihai Parparita	e37167b3ef	ipn/localapi: add API for uploading client metrics ... Clients may have platform-specific metrics they would like uploaded (e.g. extracted from MetricKit on iOS). Add a new local API endpoint that allows metrics to be updated by a simple name/value JSON-encoded struct. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago