tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	7629cd6120	net/tsaddr: add NewContainsIPFunc (move from wgengine) I want to use this from netstack but it's not exported. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	bb2141e0cf	wgengine: periodically poll engine status for logging side effect Fixes tailscale/corp#1560 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	3c9dea85e6	wgengine: update a log line from 'weird' to conventional 'unexpected' Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	99705aa6b7	net/tstun: split TUN events channel into up/down and MTU We had a long-standing bug in which our TUN events channel was being received from simultaneously in two places. The first is wireguard-go. At wgengine/userspace.go:366, we pass e.tundev to wireguard-go, which starts a goroutine (RoutineTUNEventReader) that receives from that channel and uses events to adjust the MTU and bring the device up/down. At wgengine/userspace.go:374, we launch a goroutine that receives from e.tundev, logs MTU changes, and triggers state updates when up/down changes occur. Events were getting delivered haphazardly between the two of them. We don't really want wireguard-go to receive the up/down events; we control the state of the device explicitly by calling device.Up. And the userspace.go loop MTU logging duplicates logging that wireguard-go does when it received MTU updates. So this change splits the single TUN events channel into up/down and other (aka MTU), and sends them to the parties that ought to receive them. I'm actually a bit surprised that this hasn't caused more visible trouble. If a down event went to wireguard-go but the subsequent up event went to userspace.go, we could end up with the wireguard-go device disappearing. I believe that this may also (somewhat accidentally) be a fix for #1790. Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>	3 years ago
Brad Fitzpatrick	34d2f5a3d9	tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType Track endpoints internally with a new tailcfg.Endpoint type that includes a typed netaddr.IPPort (instead of just a string) and includes a type for how that endpoint was discovered (STUN, local, etc). Use []tailcfg.Endpoint instead of []string internally. At the last second, send it to the control server as the existing []string for endpoints, but also include a new parallel MapRequest.EndpointType []tailcfg.EndpointType, so the control server can start filtering out less-important endpoint changes from new-enough clients. Notably, STUN-discovered endpoints can be filtered out from 1.6+ clients, as they can discover them amongst each other via CallMeMaybe disco exchanges started over DERP. And STUN endpoints change a lot, causing a lot of MapResposne updates. But portmapped endpoints are worth keeping for now, as they they work right away without requiring the firewall traversal extra RTT dance. End result will be less control->client bandwidth. (despite negligible increase in client->control bandwidth) Updates tailscale/corp#1543 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	854d5d36a1	net/dns: return error from NewOSManager, use it to initialize NM. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	84430cdfa1	net/dns: improve NetworkManager detection, using more DBus. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	d488678fdc	cmd/tailscaled, wgengine{,/netstack}: add netstack hybrid mode, add to Windows For #707 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	7d84ee6c98	net/dns: unify the OS manager and internal resolver. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	1bf91c8123	net/dns/resolver: remove unused err return value. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	f007a9dd6b	health: add DNS subsystem and plumb errors in. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	4c61ebacf4	wgengine: move DNS configuration out of wgengine/router. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Josh Bleecher Snyder	b3ceca1dd7	wgengine/...: split into multiple receive functions Upstream wireguard-go has changed its receive model. NewDevice now accepts a conn.Bind interface. The conn.Bind is stateless; magicsock.Conns are stateful. To work around this, we add a connBind type that supports cheap teardown and bring-up, backed by a Conn. The new conn.Bind allows us to specify a set of receive functions, rather than having to shoehorn everything into ReceiveIPv4 and ReceiveIPv6. This lets us plumbing DERP messages directly into wireguard-go, instead of having to mux them via ReceiveIPv4. One consequence of the new conn.Bind layer is that closing the wireguard-go device is now indistinguishable from the routine bring-up and tear-down normally experienced by a conn.Bind. We thus have to explicitly close the magicsock.Conn when the close the wireguard-go device. One downside of this change is that we are reliant on wireguard-go to call receiveDERP to process DERP messages. This is fine for now, but is perhaps something we should fix in the future. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
David Anderson	6ad44f9fdf	wgengine: take in dns.Config, split out to resolver.Config and dns.OSConfig. Stepping stone towards having the DNS package handle the config splitting. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Josh Bleecher Snyder	1df162b05b	wgengine/magicsock: adapt CreateEndpoint signature to match wireguard-go Part of a temporary change to make merging wireguard-go easier. See https://github.com/tailscale/wireguard-go/pull/45. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
David Anderson	90f82b6946	net/dns/resolver: add live reconfig, plumb through to ipnlocal. The resolver still only supports a single upstream config, and ipn/wgengine still have to split up the DNS config, but this moves closer to unifying the DNS configs. As a handy side-effect of the refactor, IPv6 MagicDNS records exist now. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	f185d62dc8	net/dns/resolver: unexport Packet, only use it internally. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	5fb9e00ecf	net/dns/resolver: remove Start method, fully spin up in New instead. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	075fb93e69	net/dns/resolver: remove the Config struct. In preparation for reintroducing a runtime reconfig Config struct. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	bc81dd4690	net/dns/resolver: rename ResolverConfig to just Config. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	d99f5b1596	net/dns/resolver: factor the resolver out into a sub-package. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	4c83bbf850	wgengine: add IsNetstack func and test So we have a documented & tested way to check whether we're in netstack mode. To be used by future commits. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	91bc723817	wgengine: add temp workaround for netstack WhoIs registration race Updates #1616 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	41e4e02e57	net/{packet,tstun}: send peerapi port in TSMP pongs For discovery when an explicit hostname/IP is known. We'll still also send it via control for finding peers by a list. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	07bf4eb685	wgengine: rename Fake to RespondToPing. "Fake" doesn't mean a lot any more, given that many components of the engine can be faked out, including in valid production configurations like userspace-networking. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	0fb738760f	wgengine: make Tun optional again, default to fake. This makes setup more explicit in prod codepaths, without requiring a bunch of arguments or helpers for tests and userspace mode. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	e18c3a7d84	wgengine: optimize isLocalAddr a bit On macOS/iOS, this removes a map lookup per outgoing packet. Noticed it while reading code, not from profiles, but can't hurt. BenchmarkGenLocalAddrFunc BenchmarkGenLocalAddrFunc/map1 BenchmarkGenLocalAddrFunc/map1-4 16184868 69.78 ns/op BenchmarkGenLocalAddrFunc/map2 BenchmarkGenLocalAddrFunc/map2-4 16878140 70.73 ns/op BenchmarkGenLocalAddrFunc/or1 BenchmarkGenLocalAddrFunc/or1-4 623055721 1.950 ns/op BenchmarkGenLocalAddrFunc/or2 BenchmarkGenLocalAddrFunc/or2-4 472493098 2.589 ns/op Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	93a4aa697c	wgengine: default Router to a no-op router. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	440effb21a	wgengine: remove Config.TUN argument.	3 years ago
David Anderson	2df8adef9d	wgengine: make the tun.Device required at construction. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	016de16b2e	net/tstun: rename TUN to Wrapper. The tstun packagen contains both constructors for generic tun Devices, and a wrapper that provides additional functionality. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	82ab7972f4	net/tstun: rename NewFakeTUN to NewFake. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	588b70f468	net/tstun: merge in wgengine/tstun. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	2b4bfeda1a	wgengine: pass in an explicit router.Router, rather than a generator. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	44d9929208	wgengine: remove Config.TUNName, require caller to create device. Also factors out device creation and associated OS workarounds to net/tun. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	0a84aaca0a	wgengine/router: remove unused wireguard *Device argument. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	672731ac6f	many: gofmt. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	8432999835	Move wgengine/tsdns to net/dns. Straight move+fixup, no other changes. In prep for merging with wgengine/router/dns. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Josh Bleecher Snyder	28af46fb3b	wgengine: pass logger as a separate arg to device.NewDevice Adapt to minor API changes in wireguard-go. And factor out device.DeviceOptions variables. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	2384c112c9	net/packet, wgengine/{filter,tstun}: add TSMP ping Fixes #1467 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	96dfeb2d7f	wgengine: log tailscale pings Fixes #1561 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	85138d3183	health: track whether any network interface is up Fixes #1562 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	0994a9f7c4	wgengine{,/magicsock}: fix, improve "tailscale ping" to default routes and subnets e.g. $ tailscale ping 1.1.1.1 exit node found but not enabled $ tailscale ping 10.2.200.2 node "tsbfvlan2" found, but not using its 10.2.200.0/24 route $ sudo tailscale up --accept-routes $ tailscale ping 10.2.200.2 pong from tsbfvlan2 (100.124.196.94) via 10.2.200.34:41641 in 1ms $ tailscale ping mon.ts.tailscale.com pong from monitoring (100.88.178.64) via DERP(sfo) in 83ms pong from monitoring (100.88.178.64) via DERP(sfo) in 21ms pong from monitoring (100.88.178.64) via [2604:a880:4:d1::37:d001]:41641 in 22ms This necessarily moves code up from magicsock to wgengine, so we can look at the actual wireguard config. Fixes #1564 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	1eb95c7e32	net/packet, wgengine{,/filter}: remove net/packet IPProto forwarding consts Only use the ones in types/ipproto now. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Naman Sood	770aa71ffb	client, cmd/hello, ipn, wgengine: fix whois for netstack-forwarded connections Updates #504 Updates #707 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Brad Fitzpatrick	44ab0acbdb	net/portmapper, wgengine/monitor: cache gateway IP info until link changes Cuts down allocs & CPU in steady state (on regular STUN probes) when network is unchanging. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	f9f3b67f3a	wgengine{,tsdns}: rebind MagicDNS forwarders on link change Fixes #1480 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ffa70a617d	wgengine{,/monitor}: restore Engine.LinkChange, add Mon.InjectEvent The Engine.LinkChange method was recently removed in `e3df29d488` while misremembering how Android's link state mechanism worked. Rather than do some last minute rearchitecting of link state on Android before Tailscale 1.6, restore the old Engine.LinkChange hook for now so the Android client doesn't need any changes. But change how it's implemented to instead inject an event into the link monitor. Fixes #1427 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	487c520109	wgengine: fix bug from earlier commit Commit `e3df29d488` introduced this bug where the interfaces-were-changed-or-not bit got lost. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	e3df29d488	wgengine{,/monitor}: move interface state fetching/comparing to monitor Gets it out of wgengine so the Engine isn't responsible for being a callback registration hub for it. This also removes the Engine.LinkChange method, as it's no longer necessary. The monitor tells us about changes; it doesn't seem to need any help. (Currently it was only used by Swift, but as of `14dc790137` we just do the same from Go) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago

1 2 3 4 5

202 Commits (7629cd6120345dbdbbee3b5a48c6f7ac9576cdfe)