tailscale

Commit Graph

Author	SHA1	Message	Date
David Anderson	7d84ee6c98	net/dns: unify the OS manager and internal resolver. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Josh Bleecher Snyder	b3ceca1dd7	wgengine/...: split into multiple receive functions Upstream wireguard-go has changed its receive model. NewDevice now accepts a conn.Bind interface. The conn.Bind is stateless; magicsock.Conns are stateful. To work around this, we add a connBind type that supports cheap teardown and bring-up, backed by a Conn. The new conn.Bind allows us to specify a set of receive functions, rather than having to shoehorn everything into ReceiveIPv4 and ReceiveIPv6. This lets us plumbing DERP messages directly into wireguard-go, instead of having to mux them via ReceiveIPv4. One consequence of the new conn.Bind layer is that closing the wireguard-go device is now indistinguishable from the routine bring-up and tear-down normally experienced by a conn.Bind. We thus have to explicitly close the magicsock.Conn when the close the wireguard-go device. One downside of this change is that we are reliant on wireguard-go to call receiveDERP to process DERP messages. This is fine for now, but is perhaps something we should fix in the future. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
David Anderson	90f82b6946	net/dns/resolver: add live reconfig, plumb through to ipnlocal. The resolver still only supports a single upstream config, and ipn/wgengine still have to split up the DNS config, but this moves closer to unifying the DNS configs. As a handy side-effect of the refactor, IPv6 MagicDNS records exist now. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	d99f5b1596	net/dns/resolver: factor the resolver out into a sub-package. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	588b70f468	net/tstun: merge in wgengine/tstun. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	018200aeba	net/tstun: rename from net/tun. We depend on wireguard-go/tun, identical leaf packages can be confusing in code. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	44d9929208	wgengine: remove Config.TUNName, require caller to create device. Also factors out device creation and associated OS workarounds to net/tun. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Adrian Dewhurst	04dd6d1dae	control/controlclient: sign RegisterRequest (#1549 ) control/controlclient: sign RegisterRequest Some customers wish to verify eligibility for devices to join their tailnets using machine identity certificates. TLS client certs could potentially fulfill this role but the initial customer for this feature has technical requirements that prevent their use. Instead, the certificate is loaded from the Windows local machine certificate store and uses its RSA public key to sign the RegisterRequest message. There is room to improve the flexibility of this feature in future and it is currently only tested on Windows (although Darwin theoretically works too), but this offers a reasonable starting place for now. Updates tailscale/coral#6 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	3 years ago
David Anderson	9f7f2af008	wgengine/router/dns: move to net/dns. Preparation for merging the APIs and whatnot. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	dad10fee9c	Revert "cmd/tailscaled: split package main into main shim + package" This reverts commit `b81bd8025b`. Not needed. See: https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module	3 years ago
Brad Fitzpatrick	82c4cb765c	cmd/tailscaled: split package main into main shim + package So we can empty import the guts of cmd/tailscaled from another module for go mod tidy reasons. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	01b90df2fa	net/packet, wgengine/filter: support SCTP Add proto to flowtrack.Tuple. Add types/ipproto leaf package to break a cycle. Server-side ACL work remains. Updates #1516 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	0a02aaf813	control, ipn, tailcfg: remove golang.org/x/oauth2 dep, add tailcfg.Oauth2Token golang.org/x/oauth2 pulls in App Engine and grpc module dependencies, screwing up builds that depend on this module. Some background on the problem: https://go.googlesource.com/proposal/+/master/design/36460-lazy-module-loading.md Fixes tailscale/corp#1471 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Aleksandar Pesic	7b57310966	net/interfaces: use windows API to get the default route instead of parsing `route print` output Fixes: #1470 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>	3 years ago
Christine Dodrill	a480b1baa5	logpolicy: set log target on windows based on a registry key (#1542 ) Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Brad Fitzpatrick	aa79a57f63	wgengine/netstack: use inet.af/netstack, remove 64-bit only limitation This reverts the revert commit `84aba349d9`. And changes us to use inet.af/netstack. Updates #1518 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	84aba349d9	Revert "wgengine/netstack: update gvisor to remove 64-bit only limitation" Breaks our corp repo due to gRPC dependency hell. This reverts commit `d42f8b7f9a`.	3 years ago
Brad Fitzpatrick	d42f8b7f9a	wgengine/netstack: update gvisor to remove 64-bit only limitation gVisor fixed their google/gvisor#1446 so we can include gVisor mode on 32-bit machines. A few minor upstream API changes, as normal. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	44ab0acbdb	net/portmapper, wgengine/monitor: cache gateway IP info until link changes Cuts down allocs & CPU in steady state (on regular STUN probes) when network is unchanging. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d491adbf09	cmd/tailscaled: on Synology, fall back to netstack if needed Updates tailscale/tailscale-synology#35 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Aleksandar Pesic	258d0e8d9a	wgengine/monitor: simplify the Windows monitor to make it more reliable Updates tailscale/tailscale#1414 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>	3 years ago
David Anderson	793cb131f0	wgengine/router: toggle killswitch when using default routes on windows. Fixes #1398. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	9df4185c94	control/controlclient, net/{dnscache,dnsfallback}: add DNS fallback mechanism Updates #1405 Updates #1403 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	38dc6fe758	cmd/tailscaled, wgengine: remove --fake, replace with netstack And add a --socks5-server flag. And fix a race in SOCKS5 replies where the response header was written concurrently with the copy from the backend. Co-authored with Naman Sood. Updates #707 Updates #504 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Naman Sood	fec9dcbda1	wgengine/netstack: start SOCKS5 server in netstack mode Updates #707 Updates #504 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Naman Sood	517c90d7e5	wgengine, cmd/tailscaled: refactor netstack, forward TCP to hello as demo (#1301 ) Updates #707 Updates #504 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Brad Fitzpatrick	c64bd587ae	net/portmapper: add NAT-PMP client, move port mapping service probing * move probing out of netcheck into new net/portmapper package * use PCP ANNOUNCE op codes for PCP discovery, rather than causing short-lived (sub-second) side effects with a 1-second-expiring map + delete. * track when we heard things from the router so we can be less wasteful in querying the router's port mapping services in the future * use portmapper from magicsock to map a public port Fixes #1298 Fixes #1080 Fixes #1001 Updates #864 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Matt Layher	2c500cee23	go.mod: bump github.com/mdlayher/netlink, github.com/jsimonetti/rtnetlink Signed-off-by: Matt Layher <mdlayher@gmail.com>	3 years ago
Brad Fitzpatrick	86d3a6c9a6	Switch to Go 1.16. Fixes #1370 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	fd8e070d01	health, control/controlclient, wgengine: report when router unhealthy Updates tailscale/corp#1338 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d3efe8caf6	safesocket, ipn/ipnserver: look up peer creds on Darwin And open up socket permissions like Linux, now that we know who connections are from. This uses the new inet.af/peercred that supports Linux and Darwin at the moment. Fixes #1347 Fixes #1348 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	fdac0387a7	ipn/ipnserver, ipn/ipnlocal: move whois handler to new localapi package	3 years ago
Brad Fitzpatrick	52e24aa966	net/{interfaces,ns}: add tailscaled-mode darwin routing looping prevention Fixes #1331 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	1e7a35b225	types/netmap: split controlclient.NetworkMap off into its own leaf package Updates #1278 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ddfcc4326c	types/persist: split controlclient.Persist into a small leaf package This one alone doesn't modify the global dependency map much (depaware.txt if anything looks slightly worse), but it leave controlclient as only containing NetworkMap: bradfitz@tsdev:~/src/tailscale.com/ipn$ grep -F "controlclient." .go backend.go: NetMap controlclient.NetworkMap // new netmap received fake_test.go: b.notify(Notify{NetMap: &controlclient.NetworkMap{}}) fake_test.go: b.notify(Notify{NetMap: &controlclient.NetworkMap{}}) handle.go: netmapCache controlclient.NetworkMap handle.go:func (h Handle) NetMap() *controlclient.NetworkMap { Once that goes into a leaf package, then ipn doesn't depend on controlclient at all, and then the client gets smaller. Updates #1278	3 years ago
Brad Fitzpatrick	6064b6ff47	wgengine/wgcfg/nmcfg: split control/controlclient/netmap.go into own package It couldn't move to ipnlocal due to test dependency cycles. Updates #1278 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	a7562be5e1	cmd/tailscaled: move more of the Windows server setup code into tailscaled Updates #1232	3 years ago
Brad Fitzpatrick	6f7974b7f2	cmd/tailscaled: add missing depaware.txt update	3 years ago
Josh Bleecher Snyder	aa6856a9eb	wgengine: adapt to wireguard-go changes Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	d76334d2f0	ipn: split LocalBackend off into new ipn/ipnlocal package And move a couple other types down into leafier packages. Now cmd/tailscale doesn't bring in netlink, magicsock, wgengine, etc. Fixes #1181 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	6254efb9ef	cmd/tailscale{,d}: move debug subcommand to tailscaled Work on reducing the size of the tailscale binary, which is currently pulling in most of the same code as tailscaled. Updates #1181	3 years ago
Josh Bleecher Snyder	fe7c3e9c17	all: move wgcfg from wireguard-go This is mostly code movement from the wireguard-go repo. Most of the new wgcfg package corresponds to the wireguard-go wgcfg package. wgengine/wgcfg/device{_test}.go was device/config{_test}.go. There were substantive but simple changes to device_test.go to remove internal package device references. The API of device.Config (now wgcfg.DeviceConfig) grew an error return; we previously logged the error and threw it away. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Sonia Appasamy	567c5a6d9e	tailcfg, controlclient: add DisplayName field to tailcfg.Node and populate it from controlclient (#1191 ) Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	3 years ago
Brad Fitzpatrick	9ce92aad3e	cmd/tailscaled: update depaware.txt	3 years ago
Josh Bleecher Snyder	d5baeeed5c	wgengine: use Tailscale-style peer identifiers in logs Rewrite log lines on the fly, based on the set of known peers. This enables us to use upstream wireguard-go logging, but maintain the Tailscale-style peer public key identifiers that the rest of our systems (and people) expect. Fixes #1183 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	9541886856	wgengine/magicsock: disable regular STUNs for all platforms by default Reduces background CPU & network. Updates #1034 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	654b5f1570	all: convert from []wgcfg.Endpoint to string This eliminates a dependency on wgcfg.Endpoint, as part of the effort to eliminate our wireguard-go fork. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
David Anderson	9abcb18061	wgengine/magicsock: import more of wireguard-go, update docstrings. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	22507adf54	wgengine/magicsock: stop depending on UpdateDst in legacy codepaths. This makes connectivity between ancient and new tailscale nodes slightly worse in some cases, but only in cases where the ancient version would likely have failed to get connectivity anyway. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	85e54af0d7	wgengine: on TCP connect fail/timeout, log some clues about why it failed So users can see why things aren't working. A start. More diagnostics coming. Updates #1094	3 years ago

1 2

86 Commits (3089081349c9cf670dbac6bb733bc4c74f2f1dd9)