Commit Graph

11 Commits (638127530bd1ab2e67542d7d59aa798bf5cd3565)

Author SHA1 Message Date
Brad Fitzpatrick 963b927d5b net/tshttpproxy: appease staticcheck 4 years ago
Brad Fitzpatrick 5bcac4eaac net/tshttpproxy: add GetProxyForURL negative cache
Otherwise when PAC server is down, we log, and each log entry is a new
HTTP request (from logtail) and a new GetProxyForURL call, which again
logs, non-stop. This is also nicer to the WinHTTP service.

Then also hook up link change notifications to the cache to reset it
if there's a chance the network might work sooner.
4 years ago
Brad Fitzpatrick 9c25968b63 net/tshttpproxy: fix typo in Windows code added at least second
I ran tests & vet & staticcheck, but for Linux, not Windows.
(#728 would be nice)
4 years ago
Brad Fitzpatrick b026a638c7 net/tshttpproxy: if winhttp.GetProxyForURL blocks too long, use previous value
We currently have a chickend-and-egg situation in some environments
where we can set up routes that WinHTTP's WPAD/PAC resolution service
needs to download the PAC file to evaluate GetProxyForURL, but the PAC
file is behind a route for which we need to call GetProxyForURL to
e.g. dial a DERP server.

As a short-term fix, just assume that the most recently returned proxy
is good enough for such situations.
4 years ago
Brad Fitzpatrick 74ee374667 net/tshttpproxy: add more winhttp logging
Notably around duration of calls.
4 years ago
Brad Fitzpatrick 1e0be5a458 tshttp, derphttp: send Proxy-Authorization, not Authorization, to proxies
Whoops. But weirdly, sending Authorization sometimes worked?
4 years ago
Brad Fitzpatrick 2bac125cad net/tshttpproxy: move the TS_DEBUG_FAKE_PROXY_AUTH knob up a level 4 years ago
Brad Fitzpatrick 28f9cd06f5 tshttpproxy, controlclient, derphttp, logpolicy: send Negotiate auth to proxies
For Windows only, and only when built with Tailscale's Go tree.

Updates tailscale/corp#583
4 years ago
Brad Fitzpatrick f915ab6552 net/tshttpproxy: add start of Kerberos Negotiate auth to proxies on Windows
For now only used by a new cmd/tailscale debug --get-url
subcommand. Not yet wired up to the places making HTTP requests.

Updates tailscale/corp#583
4 years ago
Brad Fitzpatrick 9be1917c5b net/tshttpproxy: discard secondary Windows proxies for now 4 years ago
Brad Fitzpatrick c5eb57f4d6 net/tshttpproxy: new package, support WPAD/PAC proxies on Windows
Updates tailscale/corp#553

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago