tailscale

Commit Graph

Author	SHA1	Message	Date
Avery Pennarun	0181a4d0ac	ipnlocal: don't pause the controlclient until we get at least one netmap. Without this, macOS would fail to display its menu state correctly if you started it while !WantRunning. It relies on the netmap in order to show the logged-in username. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	3 years ago
Avery Pennarun	4ef207833b	ipn: !WantRunning + !LoggedOut should not be idle on startup. There was logic that would make a "down" tailscale backend (ie. !WantRunning) refuse to do any network activity. Unfortunately, this makes the macOS and iOS UI unable to render correctly if they start while !WantRunning. Now that we have Prefs.LoggedOut, use that instead. So `tailscale down` will still allow the controlclient to connect its authroutine, but pause the maproutine. `tailscale logout` will entirely stop all activity. This new behaviour is not obviously correct; it's a bit annoying that `tailsale down` doesn't terminate all activity like you might expect. Maybe we should redesign the UI code to render differently when disconnected, and then revert this change. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	3 years ago
Avery Pennarun	4f3315f3da	ipnlocal: setting WantRunning with EditPrefs was special. EditPrefs should be just a wrapper around the action of changing prefs, but someone had added a side effect of calling Login() sometimes. The side effect happened after running the state machine, which would sometimes result in us going into NeedsLogin immediately before calling cc.Login(). This manifested as the macOS app not being able to Connect if you launched it with LoggedOut=false and WantRunning=false. Trying to Connect() would sent us to the NeedsLogin state instead. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	3 years ago
Avery Pennarun	2a4d1cf9e2	Add prefs.LoggedOut to fix several state machine bugs. Fixes: tailscale/corp#1660 Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	3 years ago
Avery Pennarun	ac9cd48c80	ipnlocal: fix deadlock when calling Shutdown() from Start(). Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	3 years ago
Avery Pennarun	ecdba913d0	Revert "ipn/ipnlocal: be authoritative for the entire MagicDNS record tree." Unfortunately this broke MagicDNS almost entirely. Updates: tailscale/corp#1706 This reverts commit `1d7e7b49eb`.	3 years ago
Avery Pennarun	b4d04a065f	controlclient: extract a Client interface and rename Client->Auto. This will let us create a mock or fake Client implementation for use with ipn.Backend. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	3 years ago
David Anderson	1d7e7b49eb	ipn/ipnlocal: be authoritative for the entire MagicDNS record tree. With this change, shared node names resolve correctly on split DNS-supporting operating systems. Fixes tailscale/corp#1706 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	b7a497a30b	ipn/ipnlocal: make FileTargets check IPN state first Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	306a094d4b	ipn/ipnlocal: remove IPv6 records from MagicDNS. Fixes #1813. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	3bdc9e9cb2	ipn/ipnlocal: prevent a now-expected [unexpected] log message on Windows Updates #1620 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Aleksandar Pesic	7c985e4944	ipn/ipnlocal: add file sharing to windows shell Updates: tailscale/winmin#33 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>	3 years ago
Brad Fitzpatrick	fe53a714bd	ipn/ipnlocal: add a LocalBackend.Start fast path if already running Updates tailscale/corp#1621 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ad1a595a75	ipn/ipnlocal: close peer API listeners on transition away from Running Updates tailscale/corp#1621 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	36d030cc36	ipn/ipnlocal: use fallback default DNS whenever exit nodes are on. Fixes #1625 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	2f17a34242	ipn/ipnlocal: fix tailscale status --json AuthURL field It was getting cleared on notify. Document that authURL is cleared on notify and add a new field that isn't, using the new field for the JSON status. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	09891b9868	ipn/ipnlocal: on fresh lazy-connecting install, start in state NeedsLogin Fixes #1759 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	6fd9e28bd0	ipn/ipnlocal: add arpa suffixes to MagicDNS for reverse lookups. This used to not be necessary, because MagicDNS always did full proxying. But with split DNS, we need to know which names to route to our resolver, otherwise reverse lookups break. This captures the entire CGNAT range, as well as our Tailscale ULA. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	48d4f14652	ipn/ipnlocal: only set authoritative domains when using MagicDNS. Otherwise, the existence of authoritative domains forces full DNS proxying even when no other DNS config is present. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	f99e63bb17	ipn: don't Logout when Windows GUI disconnects Logout used to be a no-op, so the ipnserver previously synthensized a Logout on disconnect. Now that Logout actually invalidates the node key that was forcing all GUI closes to log people out. Instead, add a method to LocalBackend to specifically mean "the Windows GUI closed, please forget all the state". Fixes tailscale/corp#1591 (ignoring the notification issues, tracked elsewhere) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	1e5c608fae	ipn/ipnlocal: plumb fallback DNS in as a workaround for split DNS issues. Cause of #1743. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	a58fbb4da9	ipn/ipnlocal: only fix peerapiListener on Windows when running It's just logspam otherwise. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	36fa29feec	ipn/ipnlocal: restrict local lan access to linux machines. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	8f3e453356	ipn, cmd/tailscale/cli: add pref to configure sudo-free operator user From discussion with @danderson. Fixes #1684 (in a different way) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	49808ae6ea	ipn{,/ipnlocal}, cmd/tailscale/cli: don't check pref reverts on initial up The ipn.NewPrefs func returns a populated ipn.Prefs for historical reasons. It's not used or as important as it once was, but it hasn't yet been removed. Meanwhile, it contains some default values that are used on some platforms. Notably, for this bug (#1725), Windows/Mac use its Prefs.RouteAll true value (to accept subnets), but Linux users have always gotten a "false" value for that, because that's what cmd/tailscale's CLI default flag is _for all operating systems_. That meant that "tailscale up" was rightfully reporting that the user was changing an implicit setting: RouteAll was changing from true with false with the user explicitly saying so. An obvious fix might be to change ipn.NewPrefs to return Prefs.RouteAll == false on some platforms, but the logic is complicated by darwin: we want RouteAll true on windows, android, ios, and the GUI mac app, but not the CLI tailscaled-on-macOS mode. But even if we used build tags (e.g. the "redo" build tag) to determine what the default is, that then means we have duplicated and differing "defaults" between both the CLI up flags and ipn.NewPrefs. Furthering that complication didn't seem like a good idea. So, changing the NewPrefs defaults is too invasive at this stage of the release, as is removing the NewPrefs func entirely. Instead, tweak slightly the semantics of the ipn.Prefs.ControlURL field. This now defines that a ControlURL of the empty string means both "we're uninitialized" and also "just use the default". Then, once we have the "empty-string-means-unintialized" semantics, use that to suppress "tailscale up"'s recent implicit-setting-revert checking safety net, if we've never initialized Tailscale yet. And update/add tests. Fixes #1725 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	b993d9802a	ipn/ipnlocal, etc: require file sharing capability to send/recv files tailscale/corp#1582 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d6a95d807a	ipn/ipnlocal: advertise netstack to control server Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	762180595d	ipn/ipnstate: add PeerStatus.TailscaleIPs slice, deprecate TailAddr Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	34d2f5a3d9	tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType Track endpoints internally with a new tailcfg.Endpoint type that includes a typed netaddr.IPPort (instead of just a string) and includes a type for how that endpoint was discovered (STUN, local, etc). Use []tailcfg.Endpoint instead of []string internally. At the last second, send it to the control server as the existing []string for endpoints, but also include a new parallel MapRequest.EndpointType []tailcfg.EndpointType, so the control server can start filtering out less-important endpoint changes from new-enough clients. Notably, STUN-discovered endpoints can be filtered out from 1.6+ clients, as they can discover them amongst each other via CallMeMaybe disco exchanges started over DERP. And STUN endpoints change a lot, causing a lot of MapResposne updates. But portmapped endpoints are worth keeping for now, as they they work right away without requiring the firewall traversal extra RTT dance. End result will be less control->client bandwidth. (despite negligible increase in client->control bandwidth) Updates tailscale/corp#1543 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	db5e269463	client/tailscale/apitype: move local API types to new apitype package They were scattered/duplicated in misc places before. It can't be in the client package itself for circular dep reasons. This new package is basically tailcfg but for localhost communications, instead of to control. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	1b9d8771dc	ipn/ipnlocal,wgengine/router,cmd/tailscale: add flag to allow local lan access when routing traffic via an exit node. For #1527 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	9972c02b60	cmd/tailscale/cli: don't let up change prefs based on implicit flag values This changes the behavior of "tailscale up". Previously "tailscale up" always did a new Start and reset all the settings. Now "tailscale up" with no flags just brings the world [back] up. (The opposite of "tailscale down"). But with flags, "tailscale up" now only is allowed to change preferences if they're explicitly named in the flags. Otherwise it's an error. Or you need to use --reset to explicitly nuke everything. RELNOTE=tailscale up change Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	f5742b0647	ipn/ipnlocal: add LocalBackend.SetDirectFileRoot Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	4c3f7c06fc	ipn/ipnlocal: be consistent in not logging when no notify registered Some paths already didn't. And in the future I hope to shut all the notify funcs down end-to-end when nothing is connected (as in the common case in tailscaled). Then we can save some JSON encoding work. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	7c0e58c537	ipn/ipnlocal: remove redundant notify nil check send does it. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	00d641d9fc	ipn/localapi: move EditPrefs to localapi Follow-up/revision to recent `53cfff109b` which added EditPrefs. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	1a371b93be	util/dnsname: add FQDN type, use throughout codebase. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	3167e55ddf	ipn/{ipnlocal,localapi}, cmd/tailscale: add logout command Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	11127666b2	ipn/ipnlocal: fix deadlock from `227f73284` Sigh. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	227f73284f	ipn/ipnlocal: eagerly announce peerapi service(s) on change We were previously only doing it as a side effect of the port poller, which doesn't run on e.g. iOS. Updates tailscale/corp#1559	3 years ago
Brad Fitzpatrick	fe23506471	ipn/ipnlocal: avoid unneeded initPeerAPIListener work if no changes Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	20e7646b8d	ipn/ipnlocal: always set Notify.FilesWaiting, set IncomingFiles non-nil when empty	3 years ago
Brad Fitzpatrick	6d01d3bece	ipn/ipnlocal: provide IPN bus updates as files arrive Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	2f398106e2	ipn/ipnlocal: allow setting MagicDNS without DefaultResolvers. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	fad21af01c	tailcfg: add DNS routes and advanced resolver config. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	a9a3d3b4c1	ipn/ipnlocal: don't filter by time in FileTargets Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	71432c6449	ipn/ipnlocal: some more variable renames Missed in earlier commit. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	e86b7752ef	ipn/ipnlocal: rename some variables to be consistent Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	da4cc8bbb4	net/dns: handle all possible translations of high-level DNS config. With this change, all OSes can sort-of do split DNS, except that the default upstream is hardcoded to 8.8.8.8 pending further plumbing. Additionally, Windows 8-10 can do split DNS fully correctly, without the 8.8.8.8 hack. Part of #953. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	939861773d	net/tstun: accept peerapi connections through the filter Fixes tailscale/corp#1545 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago

1 2 3

110 Commits (0181a4d0ac46152917476e58c9df8d25c14cbb54)