Commit Graph

5141 Commits (72cc70ebfc6e425a3eca077b4850dbd7916cbfb2)
 

Author SHA1 Message Date
Brad Fitzpatrick 19a1704abd netcheck: use best DERP server in past 5 minutes to avoid flip-flopping
Fixes #162
5 years ago
Brad Fitzpatrick 6de37f4cc0 tsweb: move some comments, add a TODO 5 years ago
David Anderson df4636567f tsweb: adjust names and docs of the "handler with errors" functions.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Crawshaw 131541c06d derp: deflake test
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Anderson 52d9613b42 github: add license check to CI.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Anderson 315a5e5355 scripts: add a license header checker.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Anderson 3e2fadf872 version: add license header to input for generated file.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Anderson 98eceae55e tsweb: add a Handler type.
Handler is like http.Handler, but returns errors. ErrHandler
converts back to an http.Handler, with added error handling
and logging.

Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
Brad Fitzpatrick f8d67bb591 portlist: ignore ports bound to localhost
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick c706731dc7 tsweb: add copyright header
And fix an unlikely but potential crash.
5 years ago
David Anderson a567c56971 tsweb: pull in tlog data structures from corp repo.
This is a prelude to having logging helpers in tsweb.

Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Crawshaw 5a0822eefd controlclient, ipn: fix tests for new control param 5 years ago
Brad Fitzpatrick e085aec8ef all: update to wireguard-go API changes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
David Anderson dd14b658a2 version: bump again, for 0.97.0. 5 years ago
David Anderson 9ea445acd1 version: bump for 0.96.1 tag. 5 years ago
David Anderson 5758d8d48f Merge branch 'master' of github.com:tailscale/tailscale into HEAD 5 years ago
David Anderson bf98913106 go.mod: bump wireguard-go version.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
Brad Fitzpatrick 8f9fa6a842 logtail: minor style/simplification changes 5 years ago
Brad Fitzpatrick 8de67844bd cmd/tailscale: make failure message when tailscaled down less technical 5 years ago
Brad Fitzpatrick 5aafe0ee96 cmd/tailscale: don't crash on too many non-flag args 5 years ago
Brad Fitzpatrick d348b94505 stun, stunner: clarify an error log message more
But two earlier changes mean this doesn't show up anymore anyway.
But if it does, it'll be a nice message.
5 years ago
David Crawshaw 1b2be3f1c8 controlclient: test peer keepalive directive
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Crawshaw 8712164a0a controlclient: use per-peer KeepAlive signal
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Crawshaw 290f83e9f6 tailcfg: fix test
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Crawshaw 7a57ab1793 tailcfg: add a per-peer KeepAlive field 5 years ago
David Anderson ea0836dce9 cmd/tailscaled: remove default user/group from systemd. 5 years ago
Brad Fitzpatrick 120273d7f6 portlist: document, clean up, fix an open fd spike, optimize a bit
I noticed portlist when looking at some profiles and hadn't looked at
the code much before. This is a first pass over it. It allocates a
fair bit. More love remains, but this does a bit:

name       old time/op    new time/op    delta
GetList-8    9.92ms ± 8%    9.64ms ±12%     ~     (p=0.247 n=10+10)

name       old alloc/op   new alloc/op   delta
GetList-8     931kB ± 0%     869kB ± 0%   -6.70%  (p=0.000 n=10+10)

name       old allocs/op  new allocs/op  delta
GetList-8     4.59k ± 0%     3.69k ± 1%  -19.71%  (p=0.000 n=10+10)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 6c3820e8c4 cmd/tailscaled: rename relaynode reference in defaults file comment 5 years ago
Brad Fitzpatrick 19cc4f8b8e control/controlclient: remove a number literal in string slice offset 5 years ago
Brad Fitzpatrick 42e98d4edc Quiet two little log annoyances. 5 years ago
Brad Fitzpatrick db2436c7ff wgengine/magicsock: don't interrupt endpoint updates, merge all mutex into one
Before, endpoint updates were constantly being interrupted and resumed
on Linux due to tons of LinkChange messages from over-zealous Linux
netlink messages (from router_linux.go)

Now that endpoint updates are fast and bounded in time anyway, just
let them run to completion, but note that another needs to be
scheduled after.

Now logs went from pages of noise to just:

root@taildoc:~# grep -i -E 'stun|endpoint update' log
2020/03/13 08:51:29 magicsock.Conn: starting endpoint update (initial)
2020/03/13 08:51:30 magicsock.Conn.ReSTUN: endpoint update active, need another later ("link-change-minor")
2020/03/13 08:51:31 magicsock.Conn: starting endpoint update (link-change-minor)
2020/03/13 08:51:31 magicsock.Conn.ReSTUN: endpoint update active, need another later ("link-change-minor")
2020/03/13 08:51:33 magicsock.Conn: starting endpoint update (link-change-minor)
2020/03/13 08:51:33 magicsock.Conn.ReSTUN: endpoint update active, need another later ("link-change-minor")
2020/03/13 08:51:35 magicsock.Conn: starting endpoint update (link-change-minor)
2020/03/13 08:51:35 magicsock.Conn.ReSTUN: endpoint update active, need another later ("link-change-minor")

Or, seen in another run:

2020/03/13 08:45:41 magicsock.Conn: starting endpoint update (periodic)
2020/03/13 08:46:09 magicsock.Conn: starting endpoint update (periodic)
2020/03/13 08:46:21 magicsock.Conn: starting endpoint update (link-change-major)
2020/03/13 08:46:37 magicsock.Conn: starting endpoint update (periodic)
2020/03/13 08:47:05 magicsock.Conn: starting endpoint update (periodic)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick db31550854 wgengine: don't Reconfig on boring link changes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Avery Pennarun 7dd63abaed tailcfg.NetInfo: add a .String() renderer.
For pretty printing purposes in logs.
5 years ago
Avery Pennarun b23cb11eaf ipn: Prefs.String(): print the current derp setting. 5 years ago
David Anderson aeb88864e0 ipn: don't clobber netinfo in Start(). 5 years ago
Avery Pennarun 8b8e3f08a0 Fix staticcheck complaint. 5 years ago
Avery Pennarun b4897e7de8 controlclient/netmap: write our own b.ConciseDiffFrom(a) function.
This removes the need for go-cmp, which is extremely bloaty so we had
to leave it out of iOS. As a result, we had also left it out of macOS,
and so we didn't print netmap diffs at all on darwin-based platforms.
Oops.

As a bonus, the output format of the new function is way better.

Minor oddity: because I used the dumbest possible diff algorithm, the
sort order is a bit dumb. We print all "removed" lines and then print
all "added" lines, rather than doing the usual diff-like thing of
interspersing them. This probably doesn't matter (maybe it's an
improvement).
5 years ago
Avery Pennarun 96bb05ce2f controlclient: reformat netmap.Concise() and add DERP server info.
The .Concise() view had grown hard to read over time. Originally, we
assumed a peer almost always had just one endpoint and one-or-more
allowedips. With magicsock, we now almost always have multiple
endpoints per peer. And empirically, almost every peer has only one
allowedip.

Change their order so we can line up allowedips vertically. Also do
some tweaking to make multiple endpoints easier to read.

While we're here, add a column to show the home DERP server of each
peer, if any.
5 years ago
Avery Pennarun f2e2ffa423 controlclient: log the entire netmap up to every 5 minutes.
We log it once upon receiving the first copy of the map, then
subsequently when a new one appears, but only if we haven't logged one
less than 5 minutes ago.

This avoids overly cluttering the log (as we did before, logging the
netmap every time one appeared, which could be hundreds of lines every
few seconds), but still gives the log enough context to help in
diagnosing problems retroactively.
5 years ago
Brad Fitzpatrick b9c6d3ceb8 netcheck: work behind UDP-blocked networks again, add tests
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick a87ee4168a stunner: quiet a harmless log warning 5 years ago
Brad Fitzpatrick bc73dcf204 wgengine/magicsock: don't block in Send waiting for derphttp.Send
Fixes #137
Updates #109
Updates #162
Updates #163

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 8807913be9 wgengine/magicsock: wait for previous DERP goroutines to end before new ones
Updates #109 (hopefully fixes, will wait for graphs to be happy)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick eff6dcdb4e wgengine/magicsock: log more about why we're re-STUNing 5 years ago
David Crawshaw 5ad947c761 cmd/derper: set a write timeout
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Crawshaw 72dbf26f63 derp: test that client a->b and a->c relaying do not interfere
Without the recent write deadline introduction, this test fails.

They still do interfere, but the interference is now bound by
the write deadline. Many improvements are possible.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Crawshaw e838b3fb59 derp: use a write timeout when sending to clients
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Crawshaw 3df1b97ea8 derp: do not treat failure to relay as the fault of the sender
If Alice attempts to send a packet to Bob and the DERP server
encounters an error on the socket to Bob, we should not disconnect
Alice for that.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Crawshaw 43aa8595dd derp: introduce Conn interface
This lets us test with something other than a net.Conn.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Crawshaw 41ac4a79d6 net/nettest: new package with net-like testing primitives
This is a lot like wiring up a local UDP socket, read and write
deadlines work. The big difference is the Block feature, which
lets you stop the packet flow without breaking the connection.
This lets you emulate broken sockets and test timeouts actually
work.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago