Commit Graph

1343 Commits (420838f90e76ce592038bb086c6113ef03e594f6)
 

Author SHA1 Message Date
Brad Fitzpatrick 420838f90e log/filelogger: move our Windows disk file writing+rotation package here
It's still Windows-only for now but it's easy to de-Windows-ify when needed.

Moving it out of corp repo and into tailscale/tailscale so we can use
it in ipnserver.BabysitProc.

Updates #726
4 years ago
Brad Fitzpatrick 508f5c3ae0 wgengine/router: fix bug where getInterfaceRoutes always returned an empty list
Regression from f2ce64f0c6 (r43710860)

Fixes #870
4 years ago
Brad Fitzpatrick 38bde61b3d wgengine/router: make Windows firewall configuration async
Updating the Windows firewall is usually reasonably fast, but
sometimes blocks for 20 seconds, 4 minutes, etc. Not sure why.

Until we understand that's happening, configure it in the background
without blocking the normal control flow.

Updates #785

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick c64718e9a0 ipn/ipnserver: work around os/user.LookupId failure on Windows
If we can't find the mapping from SID ("user ID") -> username, don't
treat that as a fatal. Apparently that happens in the wild for Reasons.
Ignore it for now. It's just a nice-to-have for error messages in the
rare multi-user case.

Updates #869

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 09721fede8 version: fix documentation. 4 years ago
David Anderson 54e6c3a290 version: use OSS repo's version when building.
When building with redo, also include the git commit hash
from the proprietary repo, so that we have a precise commit
that identifies all build info (including Go toolchain version).

Add a top-level build script demonstrating to downstream distros
how to burn the right information into builds.

Adjust `tailscale version` to print commit hashes when available.

Fixes #841.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick a1ccaa9658 .github/workflows: add tests on Windows
Fixes #50

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 4a92fc9dc5 portlist: fix tests on Windows when not running as Administrator
Updates #50
4 years ago
Brad Fitzpatrick 7ac91c15bd net/netcheck: fix tests on Windows
Updates #50
4 years ago
Brad Fitzpatrick fd2a30cd32 wgengine/magicsock: make test pass on Windows and without firewall dialog box
Updates #50
4 years ago
Brad Fitzpatrick cd07437ade cmd/tailscale/cli, tailcfg: allow tag without "tag:" prefix in 'tailscale up'
Fixes #861
4 years ago
Brad Fitzpatrick d6ad41dcea ipn: send machine key to clients so they can downgrade to 1.0.x if needed
Fixes #732

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick e72f480d22 ipn: convert an int to a bool 4 years ago
Brad Fitzpatrick a3f17b8108 control/controlclient: also log active account in netmaps
Updates tailscale/corp#461
4 years ago
Brad Fitzpatrick 999bc93a4d ipn: log active account on change
Updates tailscale/corp#461
4 years ago
Brad Fitzpatrick 66d196326f ipn: rename 'new' variable to 'newp'
Both to avoid shadowing new and because new is a little vague for such
a long method handling multiple new & old things.
4 years ago
Brad Fitzpatrick 5b1d03f016 control/controlclient: remove prior temporary macos debugging
It was an x/net/http2 bug, since fixed.
4 years ago
Brad Fitzpatrick f33da73a82 go.sum: update 4 years ago
Alex Brainman 311899709b version: skip TestMkversion on windows
TestMkversion requires UNIX shell to run mkversion.sh. No such shell
is present on Windows. Just skip the test.

Updates #50

Signed-off-by: Alex Brainman <alex.brainman@gmail.com>
4 years ago
David Anderson 3d34128171 go.mod: update to new wireguard-go. 4 years ago
Brad Fitzpatrick 4f55ebf2d9 tailcfg: add some comments, remove some redundant types in literal 4 years ago
Brad Fitzpatrick c44e244276 control/controlclient: add some temporary debugging for #839 4 years ago
Brad Fitzpatrick 9957c45995 tailcfg: bump, document MapRequest.Version value
Fixes tailscale/corp#634

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 3909c82f3d control/controlclient: rename map debug knob, make it do both request+response
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 6b1d2a5630 ipn: don't set DebugFlags to len 1 slice of empty string [""]
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 691f1d5c1d types/flagtype: fix bug showing the default port value (shown in --help) 4 years ago
David Anderson 62d941dc26 tailcfg: add a DebugFlags field for experiments and debugging.
Also replaces the IPv6Overlay bool with use of DebugFlags, since
it's currently an experimental configuration.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick ac866054c7 wgengine/magicsock: add a backoff on DERP reconnects
Fixes #808
4 years ago
Brad Fitzpatrick 22024a38c3 control/controlclient: log Hostinfo on change
Fixes #830

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 7c8ca28c74 ipn: use cmd/cloner for Prefs.Clone
Also, make cmd/cloner's top-level "func Clone" generation opt-in.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 6cc6e251a9 logpolicy: add debug knob to force logging time to terminal 4 years ago
Brad Fitzpatrick 86c271caba types/logger: move RusagePrefixLog to logger package, disable by default
The RusagePrefixLog is rarely useful, hasn't been useful in a long
time, is rarely the measurement we need, and is pretty spammy (and
syscall-heavy). Disable it by default. We can enable it when we're
debugging memory.
4 years ago
David Anderson ff0cf6340a wgengine/router: fix configuration of loopback netfilter rules for v6.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 5c35c35e7f tsaddr: add helpers for the Tailscale IPv6 range, and 4to6 conversion.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson c6dbd24f67 tailcfg: add a field to advertise support for IPv6 tailscale config.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 7a2a3955d3 logtail/filch: skip a broken test on Windows
Add a TODO with some notes about why it's skipped for now.

Updates #50
4 years ago
Brad Fitzpatrick a6c34bdc28 control/controlclient: also include our own profile (for when no self-owned peers)
Fix from regression in previous commit
(0e3048d8e0) that was caught by e2e
tests.

In that previous commit, the user's own profile was omitted from the
NetworkMap in the case where the user only had one node.
4 years ago
Brad Fitzpatrick 0e3048d8e0 control/controlclient: support delta userprofiles from control
I was going to make support for this advertised from the client, but
turns out only "tailscale status" even uses the UserProfiles field and
fails gracefully (omits that field) if a user profile for a user is
missing, so I think we can just reuse the DeltaPeers field from the
client to ask the control server to also delta encode the user
profiles.

For the few users running 1.1.x (unstable) versions between DeltaPeers
support (1.1.82) and this (~1.1.541), they'll just sometimes have
missing names in "tailscale status --json" or "tailscale status --web"
(the only places the UserProfile is used).
4 years ago
Brad Fitzpatrick 82f2fdc194 control/controlclient: adjust some logging point names
The previous code read too explicitly like log.Printf("I am here1"),
log.Printf("I am here2"). It still is with this change, but prettier, and
less subject to code rearranging order.
4 years ago
Brad Fitzpatrick 1fd9958e9d ipn: wait for initial portpoll result before starting controlclient
We were creating the controlclient and starting the portpoll concurrently,
which frequently resulted in the first controlclient connection being canceled
by the firsdt portpoll result ~milliseconds later, resulting in another
HTTP request.

Instead, wait a bit for the first portpoll result so it's much less likely to
interrupt our controlclient connection.

Updates tailscale/corp#557
4 years ago
Brad Fitzpatrick 1819f6f8c8 control/controlclient: set MapRequest.ReadOnly on initial empty endpoint request
On startup, clients do a MapRequest with empty endpoints while they
learn the DERP map to discover the STUN servers they then query to
learn their endpoints.

Set MapRequest.ReadOnly on those initial queries to not broadcast the
empty endpoints out to peers. The read results will come a half second
later (or less).

Updates tailscale/corp#557
4 years ago
Brad Fitzpatrick 105a820622 wgengine/magicsock: skip an endpoint update at start-up
At startup the client doesn't yet have the DERP map so can't do STUN
queries against DERP servers, so it only knows it local interface
addresses, not its STUN-mapped addresses.

We were reporting the interface-local addresses to control, getting
the DERP map, and then immediately reporting the full set of
updates. That was an extra HTTP request to control, but worse: it was
an extra broadcast from control out to all the peers in the network.

Now, skip the initial update if there are no stun results and we don't
have a DERP map.

More work remains optimizing start-up requests/map updates, but this
is a start.

Updates tailscale/corp#557
4 years ago
Brad Fitzpatrick 551e1e99e9 net/netns: don't bind to device for localhost connections
Fixes derphttp test failures on Windows (for #50).
4 years ago
Brad Fitzpatrick 746f03669c wgengine: fix lazy wireguard config bug when disco keys change
There was a bug with the lazy wireguard config code where, if the
minimum set of peers to tell wireguard didn't change, we skipped
calling userspaceEngine.updateActivityMapsLocked which updated
the various data structures that matched incoming traffic to later
reconfigure the minimum config.

That meant if an idle peer restarted and changed discovery keys, we
skipped updating our maps of disco keys/IPs that would caused us to
lazily inflate the config for that peer later if/when it did send
traffic.
4 years ago
Brad Fitzpatrick 2076a50862 wgengine/magicsock: finish a comment sentence that ended prematurely 4 years ago
Brad Fitzpatrick 371f1a9502 go.sum: add a missing entry that Go keeps adding 4 years ago
Alex Brainman f2ce64f0c6 wgengine/router: unfork winipcfg-go package, use upstream
Use golang.zx2c4.com/wireguard/windows/tunnel/winipcfg
instead of github.com/tailscale/winipcfg-go package.

Updates #760

Signed-off-by: Alex Brainman <alex.brainman@gmail.com>
4 years ago
Brad Fitzpatrick 515866d7c6 ipn, ipnserver, cmd/tailscale: add "server mode" support on Windows
This partially (but not yet fully) migrates Windows to tailscaled's
StateStore storage system.

This adds a new bool Pref, ForceDaemon, defined as:

// ForceDaemon specifies whether a platform that normally
// operates in "client mode" (that is, requires an active user
// logged in with the GUI app running) should keep running after the
// GUI ends and/or the user logs out.
//
// The only current applicable platform is Windows. This
// forced Windows to go into "server mode" where Tailscale is
// running even with no users logged in. This might also be
// used for macOS in the future. This setting has no effect
// for Linux/etc, which always operate in daemon mode.

Then, when ForceDaemon becomes true, we now write use the StateStore
to track which user started it in server mode, and store their prefs
under that key.

The ipnserver validates the connections/identities and informs that
LocalBackend which userid is currently in charge.

The GUI can then enable/disable server mode at runtime, without using
the CLI.

But the "tailscale up" CLI was also fixed, so Windows users can use
authkeys or ACL tags, etc.

Updates #275
4 years ago
Josh Bleecher Snyder d027cd81df tailcfg: restore Roles field to UserProfile 4 years ago
Brad Fitzpatrick 638127530b ipn/ipnserver: prevent use by multiple Windows users, add HTML status page
It was previously possible for two different Windows users to connect
to the IPN server at once, but it didn't really work. They mostly
stepped on each other's toes and caused chaos.

Now only one can control it, but it can be active for everybody else.

Necessary dependency step for Windows server/headless mode (#275)

While here, finish wiring up the HTTP status page on Windows, now that
all the dependent pieces are available.
4 years ago