tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	2244cca5ff	net/tlsdial: update package doc to say it's now somewhat useless	4 years ago
Brad Fitzpatrick	58e83d8f66	tempfork/x509: moved to tailscale/go's crypto/x509 instead	4 years ago
Brad Fitzpatrick	172d72a060	Revert "net/tlsdial: add memory-optimized TLS cert verification path for iOS" This reverts commit `6fcbd4c4d4`. Decided to put it in tailscale/go's crypto/x509 instead.	4 years ago
Brad Fitzpatrick	5d67365cc9	logtail: add PrivateID.IsZero method	4 years ago
Brad Fitzpatrick	9497921f52	logpolicy: also set up TLS dialing (for iOS) for log uploads This was the last of the three places that do TLS from clients (logs, control, derp). With this, iOS should be able to use the memory-efficient x509 root CertPool.	4 years ago
Brad Fitzpatrick	c726c1eec9	logtail: add const DefaultHost with default server name	4 years ago
Brad Fitzpatrick	1a0f6fea58	go.mod, go.sum: bump wireguard-go, tidy	4 years ago
Brad Fitzpatrick	95a658e1e3	control/controlclient: also rename HTTPC in the tests	4 years ago
Brad Fitzpatrick	eb6de2bd88	control/controlclient: restore Options.HTTPC as Options.HTTPTestClient I removed the HTTPC field in `b6fa5a69be` but it was apparently still used in [oss-skipped] tests. Restore it, but name it so it's more obvious that it's only for tests. (It currently is, and I'd like to keep it like that for now.)	4 years ago
Brad Fitzpatrick	6fcbd4c4d4	net/tlsdial: add memory-optimized TLS cert verification path for iOS Behind a build tag for now.	4 years ago
Brad Fitzpatrick	b6fa5a69be	net/tlsdial: add package for TLS dials, and make DERP & controlclient use it This will do the iOS-optimized cert checking in a following change.	4 years ago
Brad Fitzpatrick	d427fc023e	tempfork/x509: remove the bundle tag in our fork We want to be able to omit from only one (not both)	4 years ago
Brad Fitzpatrick	28c632c97b	tempfork/x509: store certs for iOS compressed in binary, parse lazily	4 years ago
Brad Fitzpatrick	8fd8fc9c7d	tempfork/x509: fix build on darwin and windows These fixes were originally in the updates to CL 229917 after Trybots failed there. See https://go-review.googlesource.com/c/go/+/229917/1..3	4 years ago
Brad Fitzpatrick	bfc1261ab6	crypto/x509: keep smaller root cert representation in memory until needed (from patchset 1, c12c890c64dd6372b3893af1e6f5ab11802c9e81, of https://go-review.googlesource.com/c/go/+/230025/1, with merges fixes due to parent commit's differents from its ps1..ps3) Instead of parsing the PEM files and then storing the *Certificate values forever, still parse them to see if they're valid and pick out some fields, but then only store the decoded pem.Block.Bytes until that cert is first needed. Saves about 500K of memory on my (Debian stable) machine after doing a tls.Dial or calling x509.SystemCertPool. A more aggressive version of this is still possible: we can not keep the pem.Block.Bytes in memory either, and re-read them from disk when necessary. But dealing with files disappearing and even large multi-cert PEM files changing (with offsets sliding around) made this conservative version attractive. It doesn't change the slurp-roots-on-startup semantics. It just does so with less memory retained. Change-Id: I3aea333f4749ae3b0026042ec3ff7ac015c72204	4 years ago
Brad Fitzpatrick	f5993f2440	crypto/x509: add support for CertPool to load certs lazily (from patchset 1, 7cdc3c3e7427c9ef69e19224d6036c09c5ea1723, of https://go-review.googlesource.com/c/go/+/229917/1) This will allow building CertPools that consume less memory. (Most certs are never accessed. Different users/programs access different ones, but not many.) This CL only adds the new internal mechanism (and uses it for the old AddCert) but does not modify any existing root pool behavior. (That is, the default Unix roots are still all slurped into memory as of this CL) Change-Id: Ib3a42e4050627b5e34413c595d8ced839c7bfa14	4 years ago
Brad Fitzpatrick	6b232b5a79	Disable staticcheck for tempfork packages.	4 years ago
Numerous Gophers	3bab226299	Add fork of Go 1.15-dev's crypto/x509 Snapshotted from Go commit 619c7a48a38b28b521591b490fd14ccb7ea5e821 (https://go-review.googlesource.com/c/go/+/229762, "crypto/x509: add x509omitbundledroots build tag to not embed roots") With 975c01342a25899962969833d8b2873dc8856a4f (https://go-review.googlesource.com/c/go/+/220721) removed, because it depends on other stuff in Go std that doesn't yet exist in a Go release. Also, add a subset fork of Go's internal/testenv, for use by x509's tests.	4 years ago
Elias Naur	2dac4f2b24	wgengine/monitor: disable monitor on Android Netlink is not supported on Android. Signed-off-by: Elias Naur <mail@eliasnaur.com>	4 years ago
David Anderson	eccae0cd0c	tsweb: add ReturnHandlerFunc. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	0a50ecbad3	control/controlclient: add missing vlog, for consistency with other sites	4 years ago
Brad Fitzpatrick	b8594dc937	control/controlclient: fix deadlock in timeout+keepalive race Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
wardn	d052586da7	cmd/taillogin: delete it Signed-off-by: wardn <wardn@users.noreply.github.com>	4 years ago
David Anderson	108e3af76f	github: use Go 1.14 in CI. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	268d331cb5	wgengine/magicsock: prune key.Public-keyed on peer removals Fixes #215	4 years ago
Brad Fitzpatrick	00d053e25a	wgengine/magicsock: fix slow memory leak as peer endpoints move around Updates #215	4 years ago
Brad Fitzpatrick	7fc97c5493	wgengine/magicsock: use netaddr more In prep for deleting from the ever-growing maps.	4 years ago
Brad Fitzpatrick	6fb30ff543	wgengine/magicsock: start using inet.af/netaddr a bit	4 years ago
David Anderson	42e62a7eb2	testy: fix clock initialization when Start is provided. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	ccfc4e0634	go.mod: bump wireguard-go version. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	afbfe4f217	wgengine: drop wireguard MTU to 1280 bytes. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	b925e18f70	tstime: hand-implement parseInt for specific needs of rfc3339 parsing. Makes parsing 4.6x faster. name old time/op new time/op delta ParseInt-12 32.1ns ± 1% 6.9ns ± 2% -78.55% (p=0.000 n=10+9) Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Avery Pennarun	dc9b39e3fb	wgengine/windows: use new winipcfg.Sync{Addresses,Routes} functions. This avoids flushing and reloading the whole list of addresses and routes whenever remote node information changes.	4 years ago
Brad Fitzpatrick	adf74c75ed	wgengine: also diagnose not-yet-rebooted system updates on Arch	4 years ago
Brad Fitzpatrick	3464114b88	logtail: add ParsePublicID that doesn't allocate	4 years ago
Brad Fitzpatrick	780deb9996	go.mod, go.sum: update go4.org/mem to its new home in its own module Cleans up our go.sum, not that it really matters.	4 years ago
Brad Fitzpatrick	614eec174f	derp/derphttp: avoid endless reconnect race on failure Originally from @stablebits (Dmitry Adamushko) in: https://github.com/tailscale/tailscale/pull/264	4 years ago
Brad Fitzpatrick	347a926ac4	control/controlclient: add opt-in netmap verbose debugging env var	4 years ago
Brad Fitzpatrick	45f2b53aca	all: remove unnecessary trailing newlines in format patterns for consistency And document on logger.Logf that it's unnecessary.	4 years ago
Brad Fitzpatrick	a7e7c7b548	wgengine/magicsock: close derp connections on rebind Fixes #276 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	614261d00d	wgengine/magicsock: reset AddrSet states on Rebind Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	c0697e1feb	net/interfaces: add IsExpensive and up state to State Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	a55c4217db	wgengine: diagnose why CreateTUN might've failed for users Fixes #273 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	3a3b64301e	wgengine: quiet some engine reconfig logging, make more consistent Updates #282 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Dmitry Adamushko	806645ea0e	derp: prevent readFrame() from reading more than len(b) bytes. Signed-off-by: Dmitry Adamushko <da@stablebits.net>	4 years ago
Dmitry Adamushko	f2c2d0de68	derp/derp_server: unregisterClient() for replaced client connections. When unregistering a replaced client connection, move the still-connected peers to the current client connecition. Inform the peers that we've gone only when unregistering the active client connection. Signed-off-by: Dmitry Adamushko <da@stablebits.net>	4 years ago
Brad Fitzpatrick	39ae80a2e7	version: bump date	4 years ago
Brad Fitzpatrick	1ec27dbb5b	wgengine: remove an allocation in reconfig Minor.	4 years ago
Brad Fitzpatrick	b24029717b	ipn: outdent some code in if that's statically always true	4 years ago
David Crawshaw	5b95aa81ea	wgengine: remove IpcSetOperation on LinkChange This was only done occasionally, but was extremely disruptive when done and is no longer necessary. It used to be that when switching links, we had to immediately generate handshakes to everyone we were communicating with to punch a hole in any NAT we were talking through. (This ended up not really working, because in the process we got rid of our session keys and ended up having a futile conversation for many seconds.) Now we have DERP, our link change propogates to the other side as a new list of endpoints, so they start spraying packets. We will definitely get one thanks to DERP, which will cause us to spray, opening any NAT we are behind. The result is that for good connections, we don't trash session keys and cause an interruption. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago

1 2 3 4 5 ...

562 Commits (2244cca5ff6d2e45804773d56b28e07e2382995f) All Branches Search

562 Commits (2244cca5ff6d2e45804773d56b28e07e2382995f)

All Branches