Commit Graph

921 Commits (39ecb37fd67de2e1ba74d3409221879b0db6e8ea)
 

Author SHA1 Message Date
David Crawshaw 9258d64261 wgengine/router: do not call ifconfig up if SetRoutesFunc is set
The NetworkExtension brings up the interface itself and does not have
access to `ifconfig`, which the underlying BSD userspace router attempts
to use when Up is called.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
4 years ago
Brad Fitzpatrick 23e74a0f7a wgengine, magicsock, tstun: don't regularly STUN when idle (mobile only for now)
If there's been 5 minutes of inactivity, stop doing STUN lookups. That
means NAT mappings will expire, but they can resume later when there's
activity again.

We'll do this for all platforms later.

Updates tailscale/corp#320

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick fe50cd0c48 ipn, wgengine: plumb NetworkMap down to magicsock
Now we can have magicsock make decisions based on tailcfg.Debug
settings sent by the server.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick b8edb7a5e9 control/controlclient: add Debug field to NetworkMap
As part of disabling background STUN packets when idle, we want an
emergency override switch to turn it back on, in case it interacts
poorly in the wild. We'll send that via control, but we'll want to
plumb it down to magicsock via NetworkMap.

Updates tailscale/corp#320

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 0071888a17 types/opt: add Bool.EqualBool method
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 4732722b87 derp: add frameClosePeer to move around clients within a region
For various reasons (mostly during rollouts or config changes on our
side), nodes may end up connecting to a fallback DERP node in a
region, rather than the primary one we tell them about in the DERP
map.

Connecting to the "wrong" node is fine, but it's in our best interest
for all nodes in a domain to connect to the same node, to reduce
intra-region packet forwarding.

This adds a privileged frame type used by the control system that can
kick off a client connection when they're connected to the wrong node
in a region. Then they hopefully reconnect immediately to the correct
location. (If not, we can leave them alone and stop closing them.)

Updates tailscale/corp#372
4 years ago
Brad Fitzpatrick dd43d9bc5f derp: fix varz typo
Updates tailscale/corp#391
4 years ago
Brad Fitzpatrick 3553512a71 cmd/derper: fix embarassing bug introduced in earlier refactor
The remove hook implementation was copy/pasted from the line above and
I didn't change the body, resulting in packet forwarding routes never
being removed.

Fortunately we weren't using this path yet, but it led to stats being
off, and (very) slow memory growth.
4 years ago
Brad Fitzpatrick 36e9cb948f control/controlclient: cut down some NetworkMap stringification & diff allocations
And start of tests.
4 years ago
Brad Fitzpatrick 894e3bfc96 control/controlclient: trim /32 suffix a bit more succinctly 4 years ago
Brad Fitzpatrick 19d95e095a wgengine: fix blank line in interface method comment 4 years ago
Brad Fitzpatrick 5bc29e7388 ipn: add missing locking in LocalBackend.NetMap
Looks like it's only used by tests.
4 years ago
Brian Chu 2a8e064705 cmd/tailscale: Allow advertising subnet routes on *BSD.
Use sysctl to check IP forwarding state for better OS compatiblity.

Signed-off-by: Brian Chu <cynix@cynix.org>
4 years ago
Reinaldo de Souza a8635784bc wgengine: add BSD userspace router to darwin
Darwin and FreeBSD are compatible enough to share the userspace router.

The OSX router delegates to the BSD userspace router unless `SetRoutesFunc` is set.
That preserves the mechanism that allows `ipn-go-bridge` to specify its own routing behavior.

Fixes #177

Signed-off-by: Reinaldo de Souza <github@rei.nal.do>
4 years ago
Brad Fitzpatrick b87396b5d9 cmd/derper, derp: add some more varz and consistency check handler
I'm trying to hunt down a slow drift in numbers not agreeing.
4 years ago
Elias Naur c2682553ff version: add support for setting version with the -X Go linker flag
Updates tailscale/tailscale#486

Signed-off-by: Elias Naur <mail@eliasnaur.com>
4 years ago
Brad Fitzpatrick 6fbd1abcd3 derp: update peerGone code to work with regional DERP mesh clusters too
Updates #150
Updates #388
4 years ago
Dmytro Shynkevych de5f6d70a8 magicsock: eliminate logging race in test
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Brad Fitzpatrick 666d404066 ipn: put discovery key generation behind an environment flag for now
Later we'll want to use the presence of a discovery key as a signal
that the node knows how to participate in discovery. Currently the
code generates keys and sends them to the control server but doesn't
do anything with them, which is a bad state to stay in lest we release
this code and end up with nodes in the future that look like they're
functional with the new discovery protocol but aren't.

So for now, make this opt-in as a debug option for now, until the rest
of it is in.

Updates #483
4 years ago
Dmytro Shynkevych 00ca17edf4 ipn: fix race in enterState
Signed-Off-By: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Brad Fitzpatrick 53fb25fc2f all: generate discovery key, plumb it around
Not actually used yet.

Updates #483
4 years ago
Brad Fitzpatrick 88c305c8af tailcfg: add DiscoKey, unify some code, add some tests
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick d9054da86a wgengine: disambiguate Reconfig logging paths 4 years ago
David Anderson 0ecaf7b5ed control/controlclient: make netmap generation use rate-limited logger. 4 years ago
David Anderson 401e2ec307 control/controlclient: delete unused function. 4 years ago
Brad Fitzpatrick 58c9591a49 version: bump date 4 years ago
David Anderson 10368ef4c0 go.mod: bump wireguard-go version. 5 years ago
Dmytro Shynkevych c12d87c54b
Fix concurrency issues in controlclient, ipn, types/logger (#456)
Signed-Off-By: Dmytro Shynkevych <dmytro@tailscale.com>
5 years ago
Brad Fitzpatrick c8cf3169ba cmd/derper, derp/derphttp: move bulk of derp mesh code into derphttp
To be reused in various other tools.
5 years ago
Brad Fitzpatrick 7cbf6ab771 cmd/derper: remove unused parameter in runMeshClient 5 years ago
Avery Pennarun 5d4415399b Merge remote-tracking branch 'origin/master' into main
* origin/master:
  Fix staticcheck warning, add Makefile with staticcheck targets, lock in staticcheck version in go.mod
5 years ago
Brad Fitzpatrick 6757c990a8 Fix staticcheck warning, add Makefile with staticcheck targets, lock in staticcheck version in go.mod 5 years ago
Brad Fitzpatrick 08a6eeb55a Fix staticcheck warning, add Makefile with staticcheck targets, lock in staticcheck version in go.mod 5 years ago
Avery Pennarun d9fd5db1e1 Rename master -> main.
Background:
https://www.zdnet.com/article/github-to-replace-master-with-alternative-term-to-avoid-slavery-references/
5 years ago
Brad Fitzpatrick abd79ea368 derp: reduce DERP memory use; don't require callers to pass in memory to use
The magicsock derpReader was holding onto 65KB for each DERP
connection forever, just in case.

Make the derp{,http}.Client be in charge of memory instead. It can
reuse its bufio.Reader buffer space.
5 years ago
Quoc-Viet Nguyen 15a23ce65f net/stun: Remove unreachable code
- Reuse IP length constants from net package.
- Remove beu16 to make endianness functions consistent.

Signed-off-by: Quoc-Viet Nguyen <afelion@gmail.com>
5 years ago
Brad Fitzpatrick a036c8c718 version: add blank line to separate comment from package line
So it's not a package comment.
5 years ago
David Anderson 0371848097 Revert "version: delete GENERATE.go."
This reverts commit a447caebf8.
5 years ago
David Anderson 4c23b5e4ea version: remove leftover debug print.
Signed-off-by: David Anderson <danderson@tailscale.com>
5 years ago
David Anderson 03aa319762 version: add an AtLeast helper to compare versions.
Signed-off-by: David Anderson <danderson@tailscale.com>
5 years ago
David Anderson 9dd3544e84 version: bump oss datestamp.
Signed-off-by: David Anderson <danderson@tailscale.com>
5 years ago
David Anderson 1f4ccae591 version: remove comment about being unused.
version.SHORT is now being used in various places.

Signed-off-by: David Anderson <danderson@tailscale.com>
5 years ago
David Anderson a447caebf8 version: delete GENERATE.go.
It existed previously to persuade Go that redo-ful directory was
a Go package prior to the first build. But now we have other Go
files in the directory that will fulfil that function.

Signed-off-by: David Anderson <danderson@tailscale.com>
5 years ago
Brad Fitzpatrick 50b2e5ffe6 log/logheap: appease staticcheck 5 years ago
Brad Fitzpatrick 8edcab04d5 log/logheap: change to POST to a URL instead of logging
It's too big to log.
5 years ago
Brad Fitzpatrick 51f421946f tailcfg: add some example strings in comments 5 years ago
Brad Fitzpatrick deb113838e net/netcheck: use logger.ArgWriter in logConciseReport, fix comma bug, add tests 5 years ago
Brad Fitzpatrick 280e8884dd wgengine/magicsock: limit redundant log spam on packets from low-pri addresses
Fixes #407

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
David Anderson d05b0500ac wgengine: loop back tuntap packets destined for local IPs.
macOS incorrectly sends packets for the local Tailscale IP
into our tunnel interface. We have to turn the packets around
and send them back to the kernel.

Fixes tailscale/corp#189.

Signed-off-by: David Anderson <danderson@tailscale.com>
5 years ago
Zijie Lu d1a30be275 tsweb: JSONHandler: supports HTTPError
Signed-off-by: Zijie Lu <zijie@tailscale.com>
5 years ago