tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	5f807c389e	wgengine/filter: drop multicast packets out, don't log about them Eventually we'll probably support multicast. For now it's just log spam. Fixes #629	4 years ago
Brad Fitzpatrick	bbb56f2303	wgengine/router: fix tests on Debian Buster as regular user on machine with IPv6	4 years ago
David Anderson	fddbcb0c7b	wgengine/router: support various degrees of broken IPv6. Gracefully skips touching the v6 NAT table on systems that don't have it, and doesn't configure IPv6 at all if IPv6 is globally disabled. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	0d80904fc2	wgengine/router: set up basic IPv6 routing/firewalling. Part of #19. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Josh Bleecher Snyder	f0ef561049	wgengine/tsdns: use netns to obtain a socket Fixes #789 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Josh Bleecher Snyder	6e8328cba5	wgengine/tsdns: replace connections when net link changes (macOS) When the network link changes, existing UDP sockets fail immediately and permanently on macOS. The forwarder set up a single UDP conn and never changed it. As a result, any time there was a network link change, all forwarded DNS queries failed. To fix this, create a new connection when send requests fail because of network unreachability. This change is darwin-only, although extended it to other platforms should be straightforward. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Josh Bleecher Snyder	1fd10061fd	wgengine/tsdns: delegate bonjour service rdns requests While we're here, parseQuery into a plain function. This is helpful for fuzzing. (Which I did a bit of. Didn't find anything.) And clean up a few minor things. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	2d0ed99672	wgengine, wgengine/router: add a bunch of (temporary?) engine creation logging Trying to debug what's slow on a user's machine. Updates #785	4 years ago
Brad Fitzpatrick	7c11f71ac5	wgengine/router: ignore errors deleting 169.254.255.255/32 route on Windows Updates #785	4 years ago
David Anderson	b7e0ff598a	wgengine: don't close tundev in NewUserspaceEngine. newUserspaceEngineAdvanced closes the tun device on error already. Fixes #783. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	5d8b88be88	control/controlclient, version/distro, wgengine: recognize OpenWrt And help out with missing packages. Thanks to @willangley for tips. Updates #724	4 years ago
Brad Fitzpatrick	3528d28ed1	wgengine/router: move Tailscale's winipcfg additions into wgengine/router Part of unforking our winipcfg-go and using upstream (#760), move our additions into our repo. (We might upstream them later if upstream has interest) Originally these were: @apenwarr: "Add ifc.SyncAddresses() and SyncRoutes()." `609dcf2df5` @bradfitz: "winipcfg: make Interface.AddRoutes do as much as possible, return combined error" `e9f93d53f3` @bradfitz: "prevent unnecessary Interface.SyncAddresses work; normalize IPNets in deltaNets" `decb9ee8e1`	4 years ago
Brad Fitzpatrick	fd77268770	wgengine/router: enumerate all interfaces when finding Tailscale adapter by GUID Might fix it. I've spent too much time failing to reproduce the issue. This doesn't seem to make it worse, though (it still runs for me), so I'll include this and see if it helps others while I still work on a reliable way to reproduce it. Updates tailscale/corp#474	4 years ago
Brad Fitzpatrick	5bcac4eaac	net/tshttpproxy: add GetProxyForURL negative cache Otherwise when PAC server is down, we log, and each log entry is a new HTTP request (from logtail) and a new GetProxyForURL call, which again logs, non-stop. This is also nicer to the WinHTTP service. Then also hook up link change notifications to the cache to reset it if there's a chance the network might work sooner.	4 years ago
Brad Fitzpatrick	64a24e796b	wgengine/tstun: fix 32-bit alignment again	4 years ago
Brad Fitzpatrick	afb2be71de	wgengine: add two missing TUN close calls	4 years ago
Brad Fitzpatrick	abe095f036	wgengine/tstun: make Close safe for concurrent use	4 years ago
Christina Wen	f0e9dcdc0a	wgengine/router: restore /etc/resolv.conf after tailscale down is called This change is to restore /etc/resolv.conf after tailscale down is called. This is done by setting the dns.Manager before errors occur. Error collection is also added. Fixes #723	4 years ago
Brad Fitzpatrick	acafe9811f	wgengine/router: run netsh advfirewall less, rename, document setFirewall	4 years ago
Christina Wen	48fbe93e72	wgengine/magicsock: clarify pre-disco 'tailscale ping' error message This change clarifies the error message when a user pings a peer that is using an outdated version of Tailscale.	4 years ago
Christina Wen	e862f90e34	wgengine/router/router_linux.go: fixed " route del failed" error (#756 ) * wgengine/router/router_linux.go: Switched `cidrDiff("addr")` and `cidrDiff("route")` order Signed-off-by: Christina Wen <christina@tailscale.com> Co-authored-by: Christina Wen <christina@tailscale.com>	4 years ago
Brad Fitzpatrick	7e9d1f7808	wgengine/router: tighten isMissingIPv6Err So it doesn't false positive if misused. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
David Anderson	8f5b52e571	net/netns: add windows support. Also remove rebinding logic from the windows router. Magicsock will instead rebind based on link change signals. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Josh Bleecher Snyder	a5d701095b	wgengine/magicsock: increase test timeout to reduce flakiness Updates #654. See that issue for a discussion of why this timeout reduces flakiness, and what next steps are. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Josh Bleecher Snyder	0c0239242c	wgengine/magicsock: make discoPingPurpose a stringer It was useful for debugging once, it'll probably be useful again. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Josh Bleecher Snyder	6e38d29485	wgengine/magicsock: improve test logging output This fixes line numbers and reduces timestamp precision to overwhelming the output. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	a084c44afc	wgengine, wgengine/router, cmd/tailscale: force netfilter mode off on Synology For now. Get it working again so it's not stuck on 0.98. Subnet relay can come later. Updates #451 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	31c13013ae	wgengine/router: tolerate disabled IPv6 on Windows Fixes #412 Updates #524 (maybe fixes?) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	37b40b035b	wgengine/router/dns: appease staticcheck (again)	4 years ago
Josh Bleecher Snyder	a877dd575c	wgengine/router/dns: remove unnecessary lint ignore line Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	913c1bd04f	wgengine/router: on Windows, add a firewall rule to allow Tailscale Updates tailscale/tailscale#454	4 years ago
Josh Bleecher Snyder	57e642648f	wgengine/magicsock: fix typo in comment	4 years ago
Brad Fitzpatrick	6d14678009	wgengine/router: remove unnecessary newlines in log.Printf formats	4 years ago
Brad Fitzpatrick	09d56f54a7	wgengine/router: fix Windows route sorting that caused de-dup to not work (#727 ) Updates #725 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	9b07517f18	wgengine: add Engine.SetLinkChangeCallback Start of making the IPN state machine react to link changes and down its DNS & routes if necessary to unblock proxy resolution (e.g. for transitioning from public to corp networks where the corp network has mandatory proxies and WPAD PAC files that can't be resolved while using the DNS/routes configured previously) This change should be a no-op. Just some callback plumbing.	4 years ago
Dmytro Shynkevych	cb5f3c0819	tsdns: log when settings upstreams. It turns out that otherwise we don't know what exactly was set. Also remove the now unused RootDomain config option. Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>	4 years ago
Dmytro Shynkevych	aa1da24f18	tsdns: remove now unused fields. Missed in `7541982635`. Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>	4 years ago
Dmytro Shynkevych	7541982635	tsdns: remove forwarding queue. Two levels of queueing are unnecessary. The resulting implementation performs as follows under request bursts (`count` packets sent concurrently): lost count avg latency 0 / 256 (00.00%) - 28ms 0 / 512 (00.00%) - 146ms 0 / 768 (00.00%) - 166ms 0 / 1024 (00.00%) - 416ms 11 / 1280 (00.86%) - 430ms 145 / 1536 (09.44%) - 715ms 364 / 2048 (17.77%) - 836ms Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>	4 years ago
Dmytro Shynkevych	34a7e7c12b	tsdns: be more strict with type validation. Previously, a type AAAA query would be answered with an A record if only an IPv4 address was available. This is irrelevant for us while we only use IPv4, but it will be a bug one day, so it's worth being precise about semantics. Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>	4 years ago
Dmytro Shynkevych	bc34788e65	tsdns: fix accidental rejection of all non-{A, AAAA} questions. This is a bug introduced in `a903d6c2ed`. Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>	4 years ago
Brad Fitzpatrick	756d6a72bd	wgengine: lazily create peer wireguard configs more explicitly Rather than consider bigs jumps in last-received-from activity as a signal to possibly reconfigure the set of wireguard peers to have configured, instead just track the set of peers that are currently excluded from the configuration. Easier to reason about. Also adds a bit more logging. This might fix an error we saw on a machine running a recent unstable build: 2020-08-26 17:54:11.528033751 +0000 UTC: 8.6M/92.6M magicsock: [unexpected] lazy endpoint not created for [UcppE], d:42a770f678357249 2020-08-26 17:54:13.691305296 +0000 UTC: 8.7M/92.6M magicsock: DERP packet received from idle peer [UcppE]; created=false 2020-08-26 17:54:13.691383687 +0000 UTC: 8.7M/92.6M magicsock: DERP packet from unknown key: [UcppE] If it does happen again, though, we'll have more logs.	4 years ago
halulu	f27a57911b	cmd/tailscale: add derp and endpoints status (#703 ) cmd/tailscale: add local node's information to status output (by default) RELNOTE=yes Updates #477 Signed-off-by: Halulu <lzjluzijie@gmail.com>	4 years ago
David Crawshaw	dd2c61a519	magicsock: call RequestStatus when DERP connects Second attempt. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
David Crawshaw	a67b174da1	Revert "magicsock: call RequestStatus when DERP connects" Seems to break linux CI builder. Cannot reproduce locally, so attempting a rollback. This reverts commit `cd7bc02ab1`. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
David Crawshaw	cd7bc02ab1	magicsock: call RequestStatus when DERP connects Without this, a freshly started ipn client will be stuck in the "Starting" state until something triggers a call to RequestStatus. Usually a UI does this, but until then we can sit in this state until poked by an external event, as is evidenced by our e2e tests locking up when DERP is attached. (This only recently became a problem when we enabled lazy handshaking everywhere, otherwise the wireugard tunnel creation would also trigger a RequestStatus.) Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
Brad Fitzpatrick	24d1a38e81	wgengine/monitor: add a poller to the Windows link change monitor The poller is slow by default, but speeds up for a bit after a network change, in case WPAD/PAC files are still loading.	4 years ago
Dmytro Shynkevych	a903d6c2ed	tailcfg, tsdns: derive root domains from list of nodes (#708 ) Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>	4 years ago
Disconnect3d	44598e3e89	wgengine/monitor_freebsd.go: remove duplicated errcheck Signed-off-by: disconnect3d <dominik.b.czarnota@gmail.com>	4 years ago
Brad Fitzpatrick	7841c97af5	wgengine: make lazy wireguard on by default It can still be explicitly enabled or disabled via the environment variable, then via control. But the default is to be lazy now.	4 years ago
Dmytro Shynkevych	6c71e5b851	tsdns: copy name when loewrcasing. The previous approach modifies name in-place in the request slice to avoid an allocation. This is incorrect: the question section of a DNS request must be copied verbatim, without any such modification. Software may rely on it (we rely on other resolvers doing it it in tsdns/forwarder). Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>	4 years ago

1 2 3 4 5 ...

437 Commits (5f807c389e4d332fc43a1fc6349f2db1e16092ca)