tailscale

Commit Graph

Author	SHA1	Message	Date
David Anderson	418adae379	various: use NodePublic.AsNodeKey() instead of tailcfg.NodeKeyFromNodePublic() Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	eeb97fd89f	various: remove remaining uses of key.NewPrivate. Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	429632d32c	ipn/ipnlocal: treat js/wasm interative logins as ephemeral for now At least until js/wasm starts using browser LocalStorage or something. But for the foreseeable future, any login from a browser should be considered ephemeral as the tab can close at any time and lose the wireguard key, never to be seen again. Updates #3157 Change-Id: I6c410d86dc7f9f233c3edd623313d9dee2085aac Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	c1d009b9e9	ipn/ipnstate: use key.NodePublic instead of the generic key.Public. Updates #3206. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	96ad68c5d6	ipn: remove mention of wgkey in comment. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	0c546a28ba	types/persist: use new node key type. Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	22dbaa0894	ipn/ipnserver: add New, Server.Server Change-Id: I1dc85a5131b9a628d7fc780fde7103492cd3f1f8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d381bc2b6c	ipn/ipnserver: move the unserved connection logic to a Listener So future refactors can only deal with a net.Listener and be unconcerned with their caller's (Windows-specific) struggles. Change-Id: I0af588b9a769ab65c59b0bd21f8a0c99abfa1784 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	c23a378f63	ipn/ipnserver: start refactoring ipnserver.Run into smaller pieces I'll keep ipnserver.Run for compatibility, but it'll be a wrapper around several smaller pieces. (more testable too) For now, start untangling some things in preparation. Plan is to have to have a constructor for the just-exported ipnserver.Server type that takes a LocalBackend and can accept (in a new method) on a provided listener. Change-Id: Ide73aadaac1a82605c97a2af1321d0d8f60b2a8c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	869999955d	ipn/ipnserver: export server type as Server It's all opaque, there's no constructor, and no exported methods, so it's useless at this point, but this is one small refactoring step. Change-Id: Id961e8880cf0c84f1a0a989eefff48ecb3735add Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	81cabf48ec	control/controlclient,tailcfg: propagate registration errors to the frontend Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Aaron Klotz	6425f497b1	ipn/ipnserver paths: add paths.LegacyStateFilePath Moving this information into a centralized place so that it is accessible to code in subsequent commits. Updates #3011 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Joe Tsai	9af27ba829	cmd/cloner: mangle "go:generate" in cloner.go The "go generate" command blindly looks for "//go:generate" anywhere in the file regardless of whether it is truly a comment. Prevent this false positive in cloner.go by mangling the string to look less like "//go:generate". Signed-off-by: Joe Tsai <joetsai@digital-static.net>	3 years ago
Maisem Ali	c6d3f622e9	ipn/ipnlocal: use netaddr.IPSetBuilder when constructing list of interface IPPrefixes. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	ddf3394b40	ipn/ipnlocal: don't try to block localhost traffic when using exit nodes Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	751c42c097	ipn: fix formatting of ExitNodeIP in MaskedPrefs %#v on a netaddr.IP showed the netaddr.IP innards. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
nicksherron	f01ff18b6f	all: fix spelling mistakes Signed-off-by: nicksherron <nsherron90@gmail.com>	3 years ago
Maxime VISONNEAU	4528f448d6	ipn/store/aws, cmd/tailscaled: add AWS SSM ipn.StateStore implementation From https://github.com/tailscale/tailscale/pull/1919 with edits by bradfitz@. This change introduces a new storage provider for the state file. It allows users to leverage AWS SSM parameter store natively within tailscaled, like: $ tailscaled --state=arn:aws:ssm:eu-west-1:123456789:parameter/foo Known limitations: - it is not currently possible to specific a custom KMS key ID RELNOTE=tailscaled on Linux supports using AWS SSM for state Edits-By: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Maxime VISONNEAU <maxime.visonneau@gmail.com>	3 years ago
Brad Fitzpatrick	cb4a2c00d1	ipn: remove unused Prefs.OSVersion and Prefs.DeviceModel iOS and Android no longer use these. They both now (as of today) use the hostinfo.SetFoo setters instead. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	67e5fabdbd	hostinfo, ipn/ipnlocal: add SetPackage, remove ipnlocal hacks Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	81269fad28	hostinfo: add SetOSVersion like SetDeviceModel, deprecate ipn.Prefs way Turns out the iOS client has been only sending the OS version it first started at. This whole hostinfo-via-prefs mechanism was never a good idea. Start removing it. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	22a1a5d7cf	ipn/ipnlocal: for IPv6-only nodes, publish IPv6 MagicDNS records of peers See https://github.com/tailscale/tailscale/issues/2970#issuecomment-931885268 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	6d43cbc325	ipn/ipnlocal: make sure mobile clients don't use the old control server URL The new frontends are better for battery. Updates #2442 Updates tailscale/corp#2750 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	173bbaa1a1	all: disable TCP keep-alives on iOS/Android Updates #2442 Updates tailscale/corp#2750 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	3b3994f0db	ipn{,/localapi,ipnlocal}: infer cert dir from state file location This fixes "tailscale cert" on Synology where the var directory is typically like /volume2/@appdata/Tailscale, or any other tailscaled user who specifies a non-standard state file location. This is a interim fix on the way to #2932. Fixes #2927 Updates #2932 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	3a72ebb109	ipn: test TestFileStore in a fresh subdirectory Fixes #2923 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Aaron Klotz	21e9f98fc1	ipn, paths: unconditionally attempt to set state dir perms, but only if the state dir is ours We unconditionally set appropriate perms on the statefile dir. We look at the basename of the statefile dir, and if it is "tailscale", then we set perms as appropriate. Fixes #2925 Updates #2856 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Brad Fitzpatrick	efb84ca60d	ipn/localapi, cmd/tailscale: add CPU & memory profile support, debug command This was already possible on Linux if you ran tailscaled with --debug (which runs net/http/pprof), but it requires the user have the Go toolchain around. Also, it wasn't possible on macOS, as there's no way to run the IPNExtension with a debug server (it doesn't run tailscaled). And on Windows it's super tedious: beyond what users want to do or what we want to explain. Instead, put it in "tailscale debug" so it works and works the same on all platforms. Then we can ask users to run it when we're debugging something and they can email us the output files. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	1eabb5b2d9	ipn: don't log IPN messages that may contain an authkey. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Aaron Klotz	9ebb5d4205	ipn, paths: ensure that the state directory for Windows has the correct perms ProgramData has a permissive ACL. For us to safely store machine-wide state information, we must set a more restrictive ACL on our state directory. We set the ACL so that only talescaled's user (ie, LocalSystem) and the Administrators group may access our directory. We must include Administrators to ensure that logs continue to be easily accessible; omitting that group would force users to use special tools to log in interactively as LocalSystem, which is not ideal. (Note that the ACL we apply matches the ACL that was used for LocalSystem's AppData\Local). There are two cases where we need to reset perms: One is during migration from the old location to the new. The second case is for clean installations where we are creating the file store for the first time. Updates #2856 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Brad Fitzpatrick	7d8227e7a6	logpolicy: don't use C:\ProgramData use for tailscale-ipn GUI's log dir tailscale-ipn.exe (the GUI) shouldn't use C:\ProgramData. Also, migrate the earlier misnamed wg32/wg64 conf files if they're present. (That was stopped in `2db877caa3`, but the files exist from fresh 1.14 installs) Updates #2856 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	280c84e46a	ipn/ipnserver, paths, logpolicy: move Window config files out of %LocalAppData% C:\WINDOWS\system32\config\systemprofile\AppData\Local\ is frequently cleared for almost any reason: Windows updates, System Restore, even various System Cleaner utilities. The server-state.conf file in AppData\Local could be deleted at any time, which would break login until the node is removed from the Admin Panel allowing it to create a new key. Carefully copy any AppData state to ProgramData at startup. If copying the state fails, continue to use AppData so at least there will be connectivity. If there is no state, use ProgramData. We also migrate the log.conf file. Very old versions of Tailscale named the EXE tailscale-ipn, so the log conf was tailscale-ipn.log.conf and more recent versions preserved this filename and cmdName in logs. In this migration we always update the filename to c:\ProgramData\Tailscale\tailscaled.log.conf Updates https://github.com/tailscale/tailscale/issues/2856 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Brad Fitzpatrick	aae622314e	tailcfg, health: add way for control plane to add problems to health check So if the control plane knows that something's broken about the node, it can include problem(s) in MapResponse and "tailscale status" will show it. (and GUIs in the future, as it's in ipnstate.Status/JSON) This also bumps the MapRequest.Version, though it's not strictly required. Doesn't hurt. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	d5ab18b2e6	cmd/cloner: add Clone context to regen struct assignments Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	07c09f470d	ipn/ipnlocal: do not shut down the backend halfway through TestStateMachine LocalBackend.Shutdown's docs say: > The backend can no longer be used after Shutdown returns. Nevertheless, TestStateMachine blithely calls Shutdown, talks some smack, and continues on, expecting things to work. Other uses of Shutdown in the codebase are as intended. Things mostly kinda work anyway, except that the wgengine.Engine has been shut down, so calls to Reconfig fail. Those get logged: > local.go:603: wgengine status error: engine closing; no status but otherwise ignored. However, the Reconfig failure caused one fewer call to pause/unpause than normal. Now the assertCalls lines match the equivalent ones earlier in the test. I don't see an obvious correct replacement for Shutdown in the context of this test; I'm not sure entirely what it is trying to accomplish. It is possible that many of the tests remaining after the prior call to Shutdown are now extraneous. They don't harm anything, though, so err on the side of safety and leave them for now. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	f834a4ade5	ipn/ipnlocal: fix minor typo in comment Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	221cc5f8f2	ipn/ipnlocal: reduce line noise in tests Use helpers and variadic functions to make the call sites a lot easier to read, since they occur a lot. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	45d3174c0d	ipn/ipnlocal: add LocalBackend.broadcastStatusChanged To reduce repetition. Also, document why we acquire the lock. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	b7ede14396	Revert "ipn/ipnlocal: remove locks around sync.Cond.Broadcast call" Reason for revert: Causes ipnlocal tests to deadlock intermittently. This reverts commit `1b15349e01`. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	3ea8cf9c62	ipn/ipnlocal: use quicktest.IsNotNil in tests This didn't exist when the test was written. Now it does (frankban/quicktest#94); use it. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	1b15349e01	ipn/ipnlocal: remove locks around sync.Cond.Broadcast call They are unnecessary. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	3b58c118dd	ipn/ipnlocal: inline LocalBackend.getEngineStatus For uniformity. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	0f4c0e558b	ipn/ipnlocal: use a switch statement instead of an else-if chain For clarity. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	7421ba91ec	ipn/ipnlocal: only call UpdateEndpoints when the endpoints change Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	b681edc572	ipn/ipnlocal: add failing test Concurrent calls to LocalBackend.setWgengineStatus could result in some of the status updates being dropped. This was exacerbated by `92077ae78c`, which increases the probability of concurrent status updates, causing test failures (tailscale/corp#2579). It's going to take a bit of work to fix this test. The ipnlocal state machine is difficult to reason about, particularly in the face of concurrency. We could fix the test trivially by throwing a new mutex around setWgengineStatus to serialize calls to it, but I'd like to at least try to do better than cosmetics. In the meantime, commit the test. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	7693d36aed	all: close fake userspace engines when tests complete We were leaking FDs. In a few places, switch from defer to t.Cleanup. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	4bbf5a8636	cmd/cloner: reduce diff noise when changing command Spelling out the command to run for every type means that changing the command makes for a large, repetitive diff. Stop doing that. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	640134421e	all: update tests to use tstest.MemLogger And give MemLogger a mutex, as one caller had, which does match the logf contract better. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	48933b0382	ipn/ipnlocal: flesh out the dnsConfigForNetmap tests Follow-up to #2805 and #2806 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	7fe6ecf165	ipn/ipnlocal: add MagicDNS records for IPv6-only nodes Updates #2268 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago

1 2 3 4 5 ...

516 Commits (6422789ea0059b9f589e2bcc41aa7fdd4f90e27e)