tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	bcf571ec97	wgengine/monitor: fix OpenBSD build Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	7f174e84e6	net/interfaces: remove mutating methods, add EqualFiltered instead Now callers (wgengine/monitor) don't need to mutate the state to remove boring interfaces before calling State.Equal. Instead, the methods to remove boring interfaces from the State are removed, as is the reflect-using Equal method itself, and in their place is a new EqualFiltered method that takes a func predicate to match interfaces to compare. And then the FilterInteresting predicate is added for use with EqualFiltered to do the job that that wgengine/monitor previously wanted. Now wgengine/monitor can keep the full interface state around, including the "boring" interfaces, which we'll need for peerapi on macOS/iOS to bind to the interface index of the utunN device. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	672731ac6f	many: gofmt. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	6521f02ff6	Move DNS flush logic to net/dns. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	9f7f2af008	wgengine/router/dns: move to net/dns. Preparation for merging the APIs and whatnot. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	8432999835	Move wgengine/tsdns to net/dns. Straight move+fixup, no other changes. In prep for merging with wgengine/router/dns. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	81143b6d9a	ipn/ipnlocal: start of peerapi between nodes Also some necessary refactoring of the ipn/ipnstate too. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	28af46fb3b	wgengine: pass logger as a separate arg to device.NewDevice Adapt to minor API changes in wireguard-go. And factor out device.DeviceOptions variables. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	2384c112c9	net/packet, wgengine/{filter,tstun}: add TSMP ping Fixes #1467 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	4b77eca2de	wgengine/magicsock: check returned error in addTestEndpoint Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	c99f260e40	wgengine/magicsock: prefer IPv6 transport if roughly equivalent latency Fixes #1566 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	e2b3d9aa5f	all: s/Magic DNS/MagicDNS/ for consistency Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	9643d8b34d	wgengine/magicsock: add an addrLatency type to combine an IPPort+time.Duration Updates #1566 (but no behavior changes as of this change) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	96dfeb2d7f	wgengine: log tailscale pings Fixes #1561 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	85138d3183	health: track whether any network interface is up Fixes #1562 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	0994a9f7c4	wgengine{,/magicsock}: fix, improve "tailscale ping" to default routes and subnets e.g. $ tailscale ping 1.1.1.1 exit node found but not enabled $ tailscale ping 10.2.200.2 node "tsbfvlan2" found, but not using its 10.2.200.0/24 route $ sudo tailscale up --accept-routes $ tailscale ping 10.2.200.2 pong from tsbfvlan2 (100.124.196.94) via 10.2.200.34:41641 in 1ms $ tailscale ping mon.ts.tailscale.com pong from monitoring (100.88.178.64) via DERP(sfo) in 83ms pong from monitoring (100.88.178.64) via DERP(sfo) in 21ms pong from monitoring (100.88.178.64) via [2604:a880:4:d1::37:d001]:41641 in 22ms This necessarily moves code up from magicsock to wgengine, so we can look at the actual wireguard config. Fixes #1564 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	7e0d12e7cc	wgengine/magicsock: don't update control if only endpoint order changes Updates #1559 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	1eb95c7e32	net/packet, wgengine{,/filter}: remove net/packet IPProto forwarding consts Only use the ones in types/ipproto now. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	01b90df2fa	net/packet, wgengine/filter: support SCTP Add proto to flowtrack.Tuple. Add types/ipproto leaf package to break a cycle. Server-side ACL work remains. Updates #1516 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	90a6fb7ffe	tailcfg: add FilterRule.IPProto Updates #1516 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	32562a82a9	wgengine/magicsock: annotate a few more disco logs as verbose Fixes #1540 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	c19ed37b0f	wgengine/magicsock: mark some legacy debug log output as verbose Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	aa79a57f63	wgengine/netstack: use inet.af/netstack, remove 64-bit only limitation This reverts the revert commit `84aba349d9`. And changes us to use inet.af/netstack. Updates #1518 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	84aba349d9	Revert "wgengine/netstack: update gvisor to remove 64-bit only limitation" Breaks our corp repo due to gRPC dependency hell. This reverts commit `d42f8b7f9a`.	3 years ago
Brad Fitzpatrick	e0f2796b43	wgengine: don't diagnose iOS NWPathMonitor connection probe timeouts Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	0f90586da8	wgengine/monitor: skip more route messages on darwin Should help iOS battery life on NEProvider.wake/skip events with useless route updates that shouldn't cause re-STUNs. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d42f8b7f9a	wgengine/netstack: update gvisor to remove 64-bit only limitation gVisor fixed their google/gvisor#1446 so we can include gVisor mode on 32-bit machines. A few minor upstream API changes, as normal. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	232cfda280	wgengine/router: report to control when setPrivateNetwork fails Fixes #1503 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ba8c6d0775	health, controlclient, ipn, magicsock: tell health package state of things Not yet checking anything. Just plumbing states into the health package. Updates #1505 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Naman Sood	770aa71ffb	client, cmd/hello, ipn, wgengine: fix whois for netstack-forwarded connections Updates #504 Updates #707 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Brad Fitzpatrick	44ab0acbdb	net/portmapper, wgengine/monitor: cache gateway IP info until link changes Cuts down allocs & CPU in steady state (on regular STUN probes) when network is unchanging. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d580b3f09e	wgengine/router: fix go vet failure on BSDs Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Aleksandar Pesic	25d2dd868b	wgengine/router: flushdns in windows when router config changes Fixes: https://github.com/tailscale/tailscale/issues/1430 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>	3 years ago
Brad Fitzpatrick	c81814e4f8	derp{,/derphttp},magicsock: tell DERP server when ping acks can be expected Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	f9f3b67f3a	wgengine{,tsdns}: rebind MagicDNS forwarders on link change Fixes #1480 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	fa6110e47b	wgengine/router: don't touch interface routes Developed by a cast of dozens. Fixes #1448 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	c576fea60e	wgengine/magicsock: delete unused WhoIs method that was moved elsewhere Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	0430c2dd12	wgengine/tsdns: truncate Map.PrettyDiffFrom string at 1KB Hello's were painful. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	d79a2f3809	wgengine/filter: only log packets to/from non-default routes. Fixes tailscale/corp#1429. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	ef7bac2895	tailcfg, net/portmapper, wgengine/magicsock: add NetInfo.HavePortMap Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	79d8288f0a	wgengine/magicsock, derp, derp/derphttp: respond to DERP server->client pings No server support yet, but we want Tailscale 1.6 clients to be able to respond to them when the server can do it. Updates #1310 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	387e83c8fe	wgengine/magicsock: fix Conn.Rebind race that let ErrClosed errors be read There was a logical race where Conn.Rebind could acquire the RebindingUDPConn mutex, close the connection, fail to rebind, release the mutex, and then because the mutex was no longer held, ReceiveIPv4 wouldn't retry reads that failed with net.ErrClosed, letting that error back to wireguard-go, which would then stop running that receive IP goroutine. Instead, keep the RebindingUDPConn mutex held for the entirety of the replacement in all cases. Updates tailscale/corp#1289 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	fee74e7ea7	net/interfaces, wgengine/monitor: fix false positives link changes interfaces.State.String tries to print a concise summary of the network state, removing any interfaces that don't have any or any interesting IP addresses. On macOS and iOS, for instance, there are a ton of misc things. But the link monitor based its are-there-changes decision on interfaces.State.Equal, which just used reflect.DeepEqual, including comparing all the boring interfaces. On macOS, when turning wifi on or off, there are a ton of misc boring interface changes, resulting in hitting an earlier check I'd added on suspicion this was happening: [unexpected] network state changed, but stringification didn't This fixes that by instead adding a new interfaces.State.RemoveUninterestingInterfacesAndAddresses method that does, uh, that. Then use that in the monitor. So then when Equal is used later, it's DeepEqualing the already-cleaned version with only interesting interfaces. This makes cmd/tailscaled debug --monitor much less noisy. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	04e72f95cc	wgengine/router: add OpenBSD IPv6 support. Similar to FreeBSD in https://github.com/tailscale/tailscale/issues/1307, add IPv6 addresses with a prefix length of 48. Fixes https://github.com/tailscale/tailscale/issues/1372 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Brad Fitzpatrick	c445e3d327	wgengine/magicsock: fix typo in comment	3 years ago
Aleksandar Pesic	258d0e8d9a	wgengine/monitor: simplify the Windows monitor to make it more reliable Updates tailscale/tailscale#1414 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>	3 years ago
Naman Sood	4c80344e27	wgengine/netstack: stop UDP forwarding when one side dies Updates #504 Updates #707 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Naman Sood	7325b5a7ba	wgengine/netstack: add support for incoming UDP connections Updates #504 Updates #707 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Denton Gentry	bcea88da46	wgengine: support FreeBSD with IPv6. Fixes https://github.com/tailscale/tailscale/issues/1307 for keepsies. We cannot set the tun interface address as a /128 on FreeBSD, due to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218508 Instead we set the interface address as a /48, which is enabled by commit `82edf94df7`. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Denton Gentry	c8af6bc009	Revert "freebsd: ignore IPv6 for now" This reverts commit `061422affc`. We have a way to support IPv6 on FreeBSD now. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Brad Fitzpatrick	602f92ec30	wgengine/monitor: log warning if state changes but stringification doesn't Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	a6d098c750	wgengine/magicsock: log when DERP connection succeeds Updates #1310	3 years ago
Brad Fitzpatrick	829eb8363a	net/interfaces: sort returned addresses from LocalAddresses Also change the type to netaddr.IP while here, because it made sorting easier. Updates tailscale/corp#1397 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ffa70a617d	wgengine{,/monitor}: restore Engine.LinkChange, add Mon.InjectEvent The Engine.LinkChange method was recently removed in `e3df29d488` while misremembering how Android's link state mechanism worked. Rather than do some last minute rearchitecting of link state on Android before Tailscale 1.6, restore the old Engine.LinkChange hook for now so the Android client doesn't need any changes. But change how it's implemented to instead inject an event into the link monitor. Fixes #1427 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	061422affc	freebsd: ignore IPv6 for now FreeBSD tun devices don't work with the way we implement IPv6 https://github.com/tailscale/tailscale/issues/1307 At least for now, remove any IPv6 addresses from the netmap. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
David Anderson	1cb0ffc3ff	wgengine/router: make windows gracefully handle disabled IPv4 or IPv6. This is necessary because either protocol can be disabled globally by a Windows registry policy, at which point trying to touch that address family results in "Element not found" errors. This change skips programming address families that Windows tell us are unavailable. Fixes #1396. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	f858b0d25f	wgengine/netstack: remove some v2 logging by default Even with [v2], it still logtails and takes time to format. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Naman Sood	d01c60dad5	wgengine/netstack: use system dialer to contact servers on localhost Updates #504 Updates #707 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Brad Fitzpatrick	7461dded88	wgengine/monitor: on unsupported platforms, use a polling implementation Not great, but lets people working on new ports get going more quickly without having to do everything up front. As the link monitor is getting used more, I felt bad having a useless implementation. Updates #815 Updates #1427 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	8d77dfdacb	wgengine/router: add a dummy IPv6 address if needed for default routing. Fixes #1339 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	c3e5903b91	wgengine/magicsock: remove leftover portmapper debug logging It's already logged at the right time in logEndpointChange. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Naman Sood	95c03d1ead	wgengine/netstack: forward incoming connections to localhost Updates #707 Updates #504 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Brad Fitzpatrick	471f0c470a	wgengine/monitor: skip some macOS route updates, fix debounce regression Debound was broken way back in `5c1e443d34` and we never noticed. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	f304a45481	wgengine/monitor: add skipped failing test for Darwin route message bug Updates #1416 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	31721759f3	wgengine/monitor: don't return nil, nil in darwin monitor We used to allow that, but now it just crashes. Separately I need to figure out why it got into this path at all, which is #1416. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Christine Dodrill	b89c757817	wgengine/tsdns: explicitly reject .onion lookups Tor has a location-hidden service feature that enables users to host services from inside the Tor network. Each of these gets a unique DNS name that ends with .onion. As it stands now, if a misbehaving application somehow manages to make a .onion DNS request to our DNS server, we will forward that to the DNS server, which could leak that to malicious third parties. See the recent bug Brave had with this[1] for more context. RFC 7686 suggests that name resolution APIs and libraries MUST respond with NXDOMAIN unless they can actually handle Tor lookups. We can't handle .onion lookups, so we reject them. [1]: https://twitter.com/albinowax/status/1362737949872431108 Fixes tailscale/corp#1351 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Brad Fitzpatrick	24fa616e73	wgengine/monitor: make Darwin monitor shut down cleanly, add test Don't use os.NewFile or (*os.File).Close on the AF_ROUTE socket. It apparently does weird things to the fd and at least doesn't seem to close it. Just use the unix package. The test doesn't actually fail reliably before the fix, though. It was an attempt. But this fixes the integration tests. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	487c520109	wgengine: fix bug from earlier commit Commit `e3df29d488` introduced this bug where the interfaces-were-changed-or-not bit got lost. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	793cb131f0	wgengine/router: toggle killswitch when using default routes on windows. Fixes #1398. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	e3df29d488	wgengine{,/monitor}: move interface state fetching/comparing to monitor Gets it out of wgengine so the Engine isn't responsible for being a callback registration hub for it. This also removes the Engine.LinkChange method, as it's no longer necessary. The monitor tells us about changes; it doesn't seem to need any help. (Currently it was only used by Swift, but as of `14dc790137` we just do the same from Go) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	a038e8690c	wgengine/netstack: fix 32-bit build broken from prior commit Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	38dc6fe758	cmd/tailscaled, wgengine: remove --fake, replace with netstack And add a --socks5-server flag. And fix a race in SOCKS5 replies where the response header was written concurrently with the copy from the backend. Co-authored with Naman Sood. Updates #707 Updates #504 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d74cddcc56	wgengine/netstack: add Magic DNS + DNS resolution to SOCKS5 dialing Updates #707 Updates #504 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	34188d93d4	wgengine/monitor: start moving interface state accessor into monitor Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	14dc790137	wgengine/monitor: make the darwin link monitor work in the sandbox too Previously tailscaled on macOS was running "/sbin/route monitor" as a child process, but child processes aren't allowed in the Network Extension / App Store sandbox. Instead, just do what "/sbin/route monitor" itself does: unix.Socket(unix.AF_ROUTE, unix.SOCK_RAW, 0) and read that. We also parse it now, but don't do anything with the parsed results yet. We will over time, as we have with Linux netlink messages over time. Currently any message is considered a signal to poll and see what changed. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	a55a03d5ff	wgengine: let LinkMonitor be passed in to NewUserspaceEngine Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ee6475a44d	wgengine: unify NewUserspaceEngine, NewUserspaceEngineAdvanced Also rename EngineConfig to Config to avoid wgengine.EngineConfig stutter. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	dda03a911e	wgengine/monitor: change API to permit multiple independent callbakcks Currently it assumes exactly 1 registered callback. This changes it to support 0, 1, or more than 1. This is a step towards plumbing wgengine/monitor into more places (and moving some of wgengine's interface state fetching into monitor in a later step) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	0eea490724	wgengine: also close link monitor on NewUserspaceEngineAdvanced error Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Naman Sood	fec9dcbda1	wgengine/netstack: start SOCKS5 server in netstack mode Updates #707 Updates #504 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Naman Sood	517c90d7e5	wgengine, cmd/tailscaled: refactor netstack, forward TCP to hello as demo (#1301 ) Updates #707 Updates #504 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Aleksandar Pesic	daf6de4f14	wgengine: make NewUserspaceEngine wait for TUN interface to be up on Windows Updates #474 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>	3 years ago
Brad Fitzpatrick	ea3715e3ce	wgengine/magicsock: remove TODO about endpoints-over-DERP It was done in Tailscale 1.4 with CallMeMaybe disco messages containing endpoints. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	54d7070121	wgengine/router: correctly read IPv6 routes when diffing. Fixes #1185. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	2404c0ffad	ipn/ipnlocal: only filter out default routes when computing the local wg config. UIs need to see the full unedited netmap in order to know what exit nodes they can offer to the user. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	e9e4f1063d	wgengine/magicsock: fix discoEndpoint caching bug when a node key changes Fixes #1391 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	c64bd587ae	net/portmapper: add NAT-PMP client, move port mapping service probing * move probing out of netcheck into new net/portmapper package * use PCP ANNOUNCE op codes for PCP discovery, rather than causing short-lived (sub-second) side effects with a 1-second-expiring map + delete. * track when we heard things from the router so we can be less wasteful in querying the router's port mapping services in the future * use portmapper from magicsock to map a public port Fixes #1298 Fixes #1080 Fixes #1001 Updates #864 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	d038a5295d	wgengine/wglog: drop 1/s "interface is up" messages. Fixes #1388. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	188bb14269	wgengine: consistently close things when NewUserspaceEngineAdvanced errors Fixes #1363 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	6e42430ad8	wgengine/monitor: don't log any single-IP routes added to the tailscale table. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	df5adb2e23	wgengine/monitor: on linux, also monitor for IPv6 changes. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	b83c273737	wgengine/filter: use IPSet for localNets instead of prefixes. Part of #1177, preparing for doing fancier set operations on the allowed local nets. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	fd8e070d01	health, control/controlclient, wgengine: report when router unhealthy Updates tailscale/corp#1338 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	2d96215d97	wgengine/router: make Linux delRoute idempotent, cidrDiff fail late as possible This makes cidrDiff do as much as possible before failing, and makes a delete of an already-deleted rule be a no-op. We should never do this ourselves, but other things on the system can, and this should help us recover a bit. Also adds the start of root-requiring tests. TODO: hook into wgengine/monitor and notice when routes are changed behind our back, and invalidate our routes map and re-read from kernel (via the ip command) at least on the next reconfig call. Updates tailscale/corp#1338 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	96a488e37e	wgengine/router: simplify func normalizeCIDR using netaddr method	3 years ago
Brad Fitzpatrick	d98ef5699d	wgengine/filter: remove redundant code no generated code change.	3 years ago
Brad Fitzpatrick	65815cc1ac	wgengine/tsdns: skip test that requires local IPv6 when IPv6 unavailable Fixes #1292 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	36189e2704	wgengine/monitor: prevent shutdown hang in darwin link monitor	3 years ago
Brad Fitzpatrick	bbb4631e04	safesocket, wgengine: add some darwin failure diagnostic hints	3 years ago
Brad Fitzpatrick	4f7d60ad42	wgengine/monitor: add a darwin implementation for tailscaled mode Tangentially related to #987, #177, #594, #925, #505 Motivated by rebooting a launchd-controlled tailscaled and it going into SetNetworkUp(false) mode immediately because there really is no network up at system boot, but then it got stuck in that paused state forever, without a monitor implementation.	3 years ago

1 2 3 4 5 ...

768 Commits (3167e55ddf3575afadec6ea9ef408702a8e07180)