Commit Graph

1870 Commits (0d0fad43ed3eb2879caef63a3c0be01f99e101d7)
 

Author SHA1 Message Date
Brad Fitzpatrick d3efe8caf6 safesocket, ipn/ipnserver: look up peer creds on Darwin
And open up socket permissions like Linux, now that we know who
connections are from.

This uses the new inet.af/peercred that supports Linux and Darwin at
the moment.

Fixes #1347
Fixes #1348

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 65815cc1ac wgengine/tsdns: skip test that requires local IPv6 when IPv6 unavailable
Fixes #1292

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 4ec01323c1 control/controlclient: note package type in Hostinfo
Fixes tailscale/corp#440

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 73552eb32e tailcfg: add Hostinfo.Package
Updates tailscale/corp#440
4 years ago
Brad Fitzpatrick dec01ef22b safesocket: make ConnectDefault use paths pkg, fixing tailscaled-on-macOS
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 7e00100a0a cmd/hello: make whois client work on macOS against GUI client
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick fdac0387a7 ipn/ipnserver, ipn/ipnlocal: move whois handler to new localapi package 4 years ago
Brad Fitzpatrick 36189e2704 wgengine/monitor: prevent shutdown hang in darwin link monitor 4 years ago
Brad Fitzpatrick bbb4631e04 safesocket, wgengine: add some darwin failure diagnostic hints 4 years ago
Brad Fitzpatrick f4ae745b0b net/{interfaces,netns}: add some new tests, missed from prior commit
I meant for these to be part of 52e24aa966.
4 years ago
Brad Fitzpatrick e923639feb net/interfaces: fix staticcheck error on darwin 4 years ago
Brad Fitzpatrick d7569863b5 cmd/tailscaled: fix up install-system-daemon on darwin, add uninstall too
Tangentially related to #987, #177, #594, #925, #505
4 years ago
Brad Fitzpatrick 52e24aa966 net/{interfaces,ns}: add tailscaled-mode darwin routing looping prevention
Fixes #1331

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 4f7d60ad42 wgengine/monitor: add a darwin implementation for tailscaled mode
Tangentially related to #987, #177, #594, #925, #505

Motivated by rebooting a launchd-controlled tailscaled and it going
into SetNetworkUp(false) mode immediately because there really is no
network up at system boot, but then it got stuck in that paused state
forever, without a monitor implementation.
4 years ago
Brad Fitzpatrick 29b028b9c4 cmd/tailscaled: add subcommand on darwin to install+start tailscaled under launchd
Tangentially related to #987, #177, #594, #925.
4 years ago
Brad Fitzpatrick 54e108ff4e paths: update some default paths for darwin 4 years ago
Brad Fitzpatrick 20e66c5b92 net/interfaces: reconcile interface filtering with address printing in logs
The interface.State logging tried to only log interfaces which had
interesting IPs, but the what-is-interesting checks differed between
the code that gathered the interface names to print and the printing
of their addresses.
4 years ago
Josh Bleecher Snyder c7e5ab8094 wgengine/magicsock: retry and re-send packets in TestTwoDevicePing
When a handshake race occurs, a queued data packet can get lost.
TestTwoDevicePing expected that the very first data packet would arrive.
This caused occasional flakes.

Change TestTwoDevicePing to repeatedly re-send packets
and succeed when one of them makes it through.

This is acceptable (vs making WireGuard not drop the packets)
because this only affects communication with extremely old clients.
And those extremely old clients will eventually connect,
because the kernel will retry sends on timeout.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick ca51529b81 derp/derphttp: return nicer errors from Recv on Close 4 years ago
Brad Fitzpatrick 741d654aa3 derp/derphttp: add a context and infoLogger option to RunWatchConnectionLoop 4 years ago
Josh Bleecher Snyder 1632f9fd6b wgengine/magicsock: reduce log spam during tests
Only do the type assertion to *net.UDPAddr when addr is non-nil.
This prevents a bunch of log spam during tests.
4 years ago
Josh Bleecher Snyder 88586ec4a4 wgengine/magicsock: remove an alloc from ReceiveIPvN
We modified the standard net package to not allocate a *net.UDPAddr
during a call to (*net.UDPConn).ReadFromUDP if the caller's use
of the *net.UDPAddr does not cause it to escape.
That is https://golang.org/cl/291390.

This is the companion change to magicsock.
There are two changes required.
First, call ReadFromUDP instead of ReadFrom, if possible.
ReadFrom returns a net.Addr, which is an interface, which always allocates.
Second, reduce the lifetime of the returned *net.UDPAddr.
We do this by immediately converting it into a netaddr.IPPort.

We left the existing RebindingUDPConn.ReadFrom method in place,
as it is required to satisfy the net.PacketConn interface.

With the upstream change and both of these fixes in place,
we have removed one large allocation per packet received.

name           old time/op    new time/op    delta
ReceiveFrom-8    16.7µs ± 5%    16.4µs ± 8%     ~     (p=0.310 n=5+5)

name           old alloc/op   new alloc/op   delta
ReceiveFrom-8      112B ± 0%       64B ± 0%  -42.86%  (p=0.008 n=5+5)

name           old allocs/op  new allocs/op  delta
ReceiveFrom-8      3.00 ± 0%      2.00 ± 0%  -33.33%  (p=0.008 n=5+5)

Co-authored-by: Sonia Appasamy <sonia@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Josh Bleecher Snyder 0c673c1344 wgengine/magicsock: unify on netaddr types in addrSet
addrSet maintained duplicate lists of netaddr.IPPorts and net.UDPAddrs.
Unify to use the netaddr type only.

This makes (*Conn).ReceiveIPvN a bit uglier,
but that'll be cleaned up in a subsequent commit.

This is preparatory work to remove an allocation from ReceiveIPv4.

Co-authored-by: Sonia Appasamy <sonia@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Josh Bleecher Snyder 4cd9218351 wgengine/magicsock: prevent logging while running benchmarks
Co-authored-by: Sonia Appasamy <sonia@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick be906dabd4 version: bump date 4 years ago
Brad Fitzpatrick 6680976b50 cmd/tailscaled: pick automatic tun device name on darwin 4 years ago
Brad Fitzpatrick 88ab0173a7 wgengine/router: fix BSD router to support multiple local addrs, IPv6
Fixes #1201
4 years ago
Ross Zurowski 25321cbd01
cmd/hello: truncate long strings (#1328)
Signed-off-by: Ross Zurowski <ross@rosszurowski.com>
4 years ago
Brad Fitzpatrick 5378776043 cmd/hello: chop DNS name at first dot 4 years ago
Ross Zurowski 6075135e0a
cmd/hello: style welcome message (#1325)
Signed-off-by: Ross Zurowski <ross@rosszurowski.com>
4 years ago
Brad Fitzpatrick 917307a90c wgengine/tstun: reply to MagicDNS pings
Fixes #849

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 34ffd4f7c6 cmd/hello: serve fake data in dev mode on whois failure 4 years ago
Brad Fitzpatrick de3001bc79 cmd/hello: in dev mode, live reload template 4 years ago
Josh Bleecher Snyder 11bbfbd8bb go.mod: update to latest wireguard-go
All changes are trivial.
4 years ago
Josh Bleecher Snyder 635e4c7435 wgengine/magicsock: increase legacy ping timeout again
I based my estimation of the required timeout based on locally
observed behavior. But CI machines are worse than my local machine.
16s was enough to reduce flakiness but not eliminate it. Bump it up again.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 1ec64bc94d wgengine/router: add another Windows firewall rule to allow incoming UDP
Based on @sailorfrag's research.

Fixes #1312

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 7e201806b1 wgengine/magicsock: reconnect to DERP home after network comes back up
Updates #1310
4 years ago
Josh Bleecher Snyder 1f0fa8b814 go.mod: pull in upstream wireguard-go bug fixes 4 years ago
moncho e101d8396d portlist, version: update build tags for Go 1.16, Apple M1
Build tags have been updated to build native Apple M1 binaries, existing build
tags for ios have been changed from darwin,arm64 to ios,arm64.

With this change, running go build cmd/tailscale{,d}/tailscale{,d}.go on an Apple
machine with the new processor works and resulting binaries show the expected
architecture, e.g. tailscale: Mach-O 64-bit executable arm64.

Tested using go version go1.16beta1 darwin/arm64.

Updates #943

Signed-off-by: moncho <50428+moncho@users.noreply.github.com>
4 years ago
Brad Fitzpatrick cbd6224ca4 wgengine/winnet: don't build on non-windows
It only affects 'go install ./...', etc, and only on darwin/arm64 (M1 Macs) where
the go-ole package doesn't compile.

No need to build it.

Updates #943
4 years ago
Josh Bleecher Snyder 4a82e36491 go.mod: bump to latest wireguard-go
Stabilization and performance improvements.
4 years ago
Brad Fitzpatrick 9b4e50cec0 wgengine/magicsock: fix typo in comment 4 years ago
Naman Sood 07c3df13c6 wgengine/tstun: inform userspaceEngine about injected outbound packets in tundev
Signed-off-by: Naman Sood <mail@nsood.in>
4 years ago
Josh Bleecher Snyder e7caad61fb wgengine: remove IpcGetOperation filter
This was in place because retrieved allowed_ips was very expensive.
Upstream changed the data structure to make them cheaper to compute.

This commit is an experiment to find out whether they're now cheap enough.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 6b365b0239 wgengine/magicsock: fix DERP reader hang regression during concurrent reads
Fixes #1282

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Josh Bleecher Snyder e1f773ebba wgengine/magicsock: allow more time for pings to transit
We removed the "fast retry" code from our wireguard-go fork.
As a result, pings can take longer to transit when retries are required. 
Allow that.

Fixes #1277

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 6d2b8df06d wgengine/magicsock: add disabled failing (deadlocking) test for #1282
The fix can make this test run unconditionally.

This moves code from 5c619882bc for
testability but doesn't fix it yet. The #1282 problem remains (when I
wrote its wake-up mechanism, I forgot there were N DERP readers
funneling into 1 UDP reader, and the code just isn't correct at all
for that case).

Also factor out some test helper code from BenchmarkReceiveFrom.

The refactoring in magicsock.go for testability should have no
behavior change.
4 years ago
David Anderson e86b39b73f ipn/ipnlocal: don't short-circuit default route filtering.
If no exit node is specified, the filter must still run to remove
offered default routes from all peers.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 1e7a35b225 types/netmap: split controlclient.NetworkMap off into its own leaf package
Updates #1278

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick ddfcc4326c types/persist: split controlclient.Persist into a small leaf package
This one alone doesn't modify the global dependency map much
(depaware.txt if anything looks slightly worse), but it leave
controlclient as only containing NetworkMap:

bradfitz@tsdev:~/src/tailscale.com/ipn$ grep -F "controlclient." *.go
backend.go:     NetMap        *controlclient.NetworkMap // new netmap received
fake_test.go:   b.notify(Notify{NetMap: &controlclient.NetworkMap{}})
fake_test.go:   b.notify(Notify{NetMap: &controlclient.NetworkMap{}})
handle.go:      netmapCache       *controlclient.NetworkMap
handle.go:func (h *Handle) NetMap() *controlclient.NetworkMap {

Once that goes into a leaf package, then ipn doesn't depend on
controlclient at all, and then the client gets smaller.

Updates #1278
4 years ago