tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	a573779c5c	version: bump date Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	5bf65c580d	version: fix Short when link-stamped And remove old SHORT, LONG deprecated variables. Fixes tailscale/corp#1905 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ecfb2639cc	ipn/ipnlocal: avoid initPeerAPIListener crash on certain concurrent actions We were crashing on in initPeerAPIListener when called from authReconfig when b.netMap is nil. But authReconfig already returns before the call to initPeerAPIListener when b.netMap is nil, but it releases the b.mu mutex before calling initPeerAPIListener which reacquires it and assumes it's still nil. The only thing that can be setting it to nil is setNetMapLocked, which is called by ResetForClientDisconnect, Logout/logout, or Start, all of which can happen during an authReconfig. So be more defensive. Fixes #1996 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	713c5c9ab1	net/{interfaces,netns}: change which build tag means mac/ios Network/System Extension We used to use "redo" for that, but it was pretty vague. Also, fix the build tags broken in interfaces_default_route_test.go from `a9745a0b68`, moving those Linux-specific tests to interfaces_linux_test.go. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Christine Dodrill	0a655309c6	tstest/integration/vms: only build binaries once (#2042 ) Previously this built the binaries for every distro. This is a bit overkill given we are using static binaries. This patch makes us only build once. There was also a weird issue with how processes were being managed. Previously we just killed qemu with Process.Kill(), however that was leaving behind zombies. This has been mended to not only kill qemu but also waitpid() the process so it doesn't become a zombie. Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Christine Dodrill	a282819026	tstest/integration/vms: fix OpenSUSE Leap 15.1 (#2038 ) The OpenSUSE 15.1 image we are using (and conseqentially the only one that is really available easily given it is EOL) has cloud-init hardcoded to use the OpenStack metadata thingy. Other OpenSUSE Leap images function fine with the NoCloud backend, but this one seems to just not work with it. No bother, we can just pretend to be OpenStack. Thanks to Okami for giving me an example OpenStack configuration seed image. Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Christine Dodrill	4da5e79c39	tstest/integration/vms: test on Arch Linux (#2040 ) Arch is a bit of a weirder distro, however as a side effect it is much more of a systemd purist experience. Adding it to our test suite will make sure that we are working in the systemd happy path. Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Maisem Ali	95e296fd96	cmd/tailscale/web: restrict web access to synology admins. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
David Anderson	5088af68cf	version: remove all the redo stuff, only support embedding via go ldflags. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	a321c24667	go.mod: update netaddr Involves minor IPSetBuilder.Set API change. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	9794be375d	tailcfg: add SetDNSRequest type Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Christine Dodrill	ca96357d4b	tstest/integration/vms: add OpenSUSE Leap 15.3 (#2026 ) This distro is about to be released. OpenSUSE has historically had the least coverage for functional testing, so this may prove useful in the future. Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
David Anderson	33bc06795b	go.mod: update for corp resync.	3 years ago
David Anderson	c54cc24e87	util/dnsname: make ToFQDN take exactly 0 or 1 allocs for everything. name old time/op new time/op delta ToFQDN/www.tailscale.com.-32 9.55ns ± 2% 12.13ns ± 3% +27.03% (p=0.000 n=10+10) ToFQDN/www.tailscale.com-32 86.3ns ± 1% 40.7ns ± 1% -52.86% (p=0.000 n=10+9) ToFQDN/.www.tailscale.com-32 86.5ns ± 1% 40.4ns ± 1% -53.29% (p=0.000 n=10+9) ToFQDN/_ssh._tcp.www.tailscale.com.-32 12.8ns ± 2% 14.7ns ± 2% +14.24% (p=0.000 n=9+10) ToFQDN/_ssh._tcp.www.tailscale.com-32 104ns ± 1% 45ns ± 0% -57.16% (p=0.000 n=10+9) name old alloc/op new alloc/op delta ToFQDN/www.tailscale.com.-32 0.00B 0.00B ~ (all equal) ToFQDN/www.tailscale.com-32 72.0B ± 0% 24.0B ± 0% -66.67% (p=0.000 n=10+10) ToFQDN/.www.tailscale.com-32 72.0B ± 0% 24.0B ± 0% -66.67% (p=0.000 n=10+10) ToFQDN/_ssh._tcp.www.tailscale.com.-32 0.00B 0.00B ~ (all equal) ToFQDN/_ssh._tcp.www.tailscale.com-32 112B ± 0% 32B ± 0% -71.43% (p=0.000 n=10+10) name old allocs/op new allocs/op delta ToFQDN/www.tailscale.com.-32 0.00 0.00 ~ (all equal) ToFQDN/www.tailscale.com-32 2.00 ± 0% 1.00 ± 0% -50.00% (p=0.000 n=10+10) ToFQDN/.www.tailscale.com-32 2.00 ± 0% 1.00 ± 0% -50.00% (p=0.000 n=10+10) ToFQDN/_ssh._tcp.www.tailscale.com.-32 0.00 0.00 ~ (all equal) ToFQDN/_ssh._tcp.www.tailscale.com-32 2.00 ± 0% 1.00 ± 0% -50.00% (p=0.000 n=10+10) Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	d7f6ef3a79	util/dnsname: add a benchmark for ToFQDN. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	caaefa00a0	util/dnsname: don't validate the contents of DNS labels. DNS names consist of labels, but outside of length limits, DNS itself permits any content within the labels. Some records require labels to conform to hostname limitations (which is what we implemented before), but not all. Fixes #2024. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Christine Dodrill	2802a01b81	tstest/integration/vms: test vms as they are ready (#2022 ) Instead of testing all the VMs at once when they are all ready, this patch changes the testing logic so that the vms are tested as soon as they register with testcontrol. Also limit the amount of VM ram used at once with the `-ram-limit` flag. That uses a semaphore to guard resource use. Also document CentOS' sins. Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Avery Pennarun	eaa6507cc9	ipnlocal: in Start() fast path, don't forget to send Prefs. The resulting empty Prefs had AllowSingleHosts=false and Routeall=false, so that on iOS if you did these steps: - Login and leave running - Terminate the frontend - Restart the frontend (fast path restart, missing prefs) - Set WantRunning=false - Set WantRunning=true ...then you would have Tailscale running, but with no routes. You would also accidentally disable the ExitNodeID/IP prefs (symptom: the current exit node setting didn't appear in the UI), but since nothing else worked either, you probably didn't notice. The fix was easy enough. It turns out we already knew about the problem, so this also fixes one of the BUG entries in state_test. Fixes: #1918 (BUG-1) and some as-yet-unreported bugs with exit nodes. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	3 years ago
Avery Pennarun	8a7d35594d	ipnlocal: don't assume NeedsLogin immediately after StartLogout(). Previously, there was no server round trip required to log out, so when you asked ipnlocal to Logout(), it could clear the netmap immediately and switch to NeedsLogin state. In v1.8, we added a true Logout operation. ipn.Logout() would trigger an async cc.StartLogout() and also immediately switch to NeedsLogin. Unfortunately, some frontends would see NeedsLogin and immediately trigger a new StartInteractiveLogin() operation, before the controlclient auth state machine actually acted on the Logout command, thus accidentally invalidating the entire logout operation, retaining the netmap, and violating the user's expectations. Instead, add a new LogoutFinished signal from controlclient (paralleling LoginFinished) and, upon starting a logout, don't update the ipn state machine until it's received. Updates: #1918 (BUG-2) Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	3 years ago
Christine Dodrill	36cb69002a	tstest/integration/vms: regex-match distros using a flag (#2021 ) If you set `-distro-regex` to match a subset of distros, only those distros will be tested. Ex: $ go test -run-vm-tests -distro-regex='opensuse' Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Christine Dodrill	e1b994f7ed	tstest/integration/vms: maintain distro info (#2020 ) This lets us see the names of distros in our tests. Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Brad Fitzpatrick	fa548c5b96	tstest/integration/vms: fix bindhost lookup (#2012 ) Don't try to do heuristics on the name. Use the net/interfaces package which we already have to do this sort of stuff. Fixes #2011 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Christine Dodrill	14c1113d2b	tstest/integration/vms: copy locally built binaries (#2006 ) Instead of pulling packages from pkgs.tailscale.com, we should use the tailscale binaries that are local to this git commit. This exposes a bit of the integration testing stack in order to copy the binaries correctly. This commit also bumps our version of github.com/pkg/sftp to the latest commit. If you run into trouble with yaml, be sure to check out the commented-out alpine linux image complete with instructions on how to use it. Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Brad Fitzpatrick	ca455ac84b	net/tsaddr: simplify TailscaleServiceIP netaddr allocated at the time this was written. No longer. name old time/op new time/op delta TailscaleServiceAddr-4 5.46ns ± 4% 1.83ns ± 3% -66.52% (p=0.008 n=5+5) A bunch of the others can probably be simplified too, but this was the only one with just an IP and not an IPPrefix. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	f21982f854	tstest/integration/vms: skip a test for now Updates #2011 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	ddf6c8c729	wgengine/magicsock: delete dead code Co-authored-by: Adrian Dewhurst <adrian@tailscale.com> Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Christine Dodrill	4cfaf489ac	tstest/integration/vms: t.Log for VM output (#2007 ) Previously we spewed a lot of output to stdout and stderr, even when `-v` wasn't set. This is sub-optimal for various reasons. This patch shunts that output to test logs so it only shows up when `-v` is set. Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Adrian Dewhurst	6d6cf88d82	control/controlclient: use our fork of certstore The cyolosecurity fork of certstore did not update its module name and thus can only be used with a replace directive. This interferes with installing using `go install` so I created a tailscale fork with an updated module name. Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	3 years ago
Christine Dodrill	1f72b6f812	tstest/integration/vms: use dynamically discovered bindhost (#1992 ) Instead of relying on a libvirtd bridge address that you probably won't have on your system. Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Christine Dodrill	35749ec297	tstest/integration/vms: small cleanups (#1989 ) Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Brad Fitzpatrick	a04801e037	ipn/ipnlocal: ignore NetfilterMode pref on Synology On clean installs we didn't set use iptables, but during upgrades it looks like we could use old prefs that directed us to go into the iptables paths that might fail on Synology. Updates #1995 Fixes tailscale/tailscale-synology#57 (I think) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Crawshaw	82b217f82e	cmd/tailscale: have web POST wait for authURL Fixes #1939 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	3 years ago
David Crawshaw	50c976d3f1	cmd/tailscale: show web 'login' error message For #1939 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	3 years ago
Brad Fitzpatrick	d2c4e75099	cmd/tailscale/cli: update URL in error message for Synology unsupported feature Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	cdd231cb7d	cmd/tailscale/cli: don't warn about iptables=off on Synology We don't use iptables on Synology, so don't scare the user. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Christine Dodrill	ba59c0391b	tstest/integration: add experimental integration test (#1966 ) This will spin up a few vms and then try and make them connect to a testcontrol server. Updates #1988 Signed-off-by: Christine Dodrill <xe@tailscale.com>	3 years ago
Josh Bleecher Snyder	60e920bf18	go.mod: go mod tidy Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	bb8ce48a6b	logtail: allow changing log level concurrently When tailscaled starts up, these lines run: func run() error { // ... pol := logpolicy.New("tailnode.log.tailscale.io") pol.SetVerbosityLevel(args.verbose) // ... } If there are old log entries present, they immediate start getting uploaded. This races with the call to pol.SetVerbosityLevel. This manifested itself as a test failure in tailscale.com/tstest/integration when run with -race: WARNING: DATA RACE Read at 0x00c0001bc970 by goroutine 24: tailscale.com/logtail.(Logger).Write() /Users/josh/t/corp/oss/logtail/logtail.go:517 +0x27c log.(Logger).Output() /Users/josh/go/ts/src/log/log.go:184 +0x2b8 log.Printf() /Users/josh/go/ts/src/log/log.go:323 +0x94 tailscale.com/logpolicy.newLogtailTransport.func1() /Users/josh/t/corp/oss/logpolicy/logpolicy.go:509 +0x36c net/http.(Transport).dial() /Users/josh/go/ts/src/net/http/transport.go:1168 +0x238 net/http.(Transport).dialConn() /Users/josh/go/ts/src/net/http/transport.go:1606 +0x21d0 net/http.(Transport).dialConnFor() /Users/josh/go/ts/src/net/http/transport.go:1448 +0xe4 Previous write at 0x00c0001bc970 by main goroutine: tailscale.com/logtail.(Logger).SetVerbosityLevel() /Users/josh/t/corp/oss/logtail/logtail.go:131 +0x98 tailscale.com/logpolicy.(Policy).SetVerbosityLevel() /Users/josh/t/corp/oss/logpolicy/logpolicy.go:463 +0x60 main.run() /Users/josh/t/corp/oss/cmd/tailscaled/tailscaled.go:178 +0x50 main.main() /Users/josh/t/corp/oss/cmd/tailscaled/tailscaled.go:163 +0x71c Goroutine 24 (running) created at: net/http.(Transport).queueForDial() /Users/josh/go/ts/src/net/http/transport.go:1417 +0x4d8 net/http.(Transport).getConn() /Users/josh/go/ts/src/net/http/transport.go:1371 +0x5b8 net/http.(Transport).roundTrip() /Users/josh/go/ts/src/net/http/transport.go:585 +0x7f4 net/http.(Transport).RoundTrip() /Users/josh/go/ts/src/net/http/roundtrip.go:17 +0x30 net/http.send() /Users/josh/go/ts/src/net/http/client.go:251 +0x4f0 net/http.(Client).send() /Users/josh/go/ts/src/net/http/client.go:175 +0x148 net/http.(Client).do() /Users/josh/go/ts/src/net/http/client.go:717 +0x1d0 net/http.(Client).Do() /Users/josh/go/ts/src/net/http/client.go:585 +0x358 tailscale.com/logtail.(Logger).upload() /Users/josh/t/corp/oss/logtail/logtail.go:367 +0x334 tailscale.com/logtail.(Logger).uploading() /Users/josh/t/corp/oss/logtail/logtail.go:289 +0xec Rather than complicate the logpolicy API, allow the verbosity to be adjusted concurrently. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	1ece91cede	go.mod: upgrade wireguard-windows, de-fork wireguard-go Pull in the latest version of wireguard-windows. Switch to upstream wireguard-go. This requires reverting all of our import paths. Unfortunately, this has to happen at the same time. The wireguard-go change is very low risk, as that commit matches our fork almost exactly. (The only changes are import paths, CI files, and a go.mod entry.) So if there are issues as a result of this commit, the first place to look is wireguard-windows changes. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	ceaaa23962	wgengine/wglog: cache strings We repeat many peers each time we call SetPeers. Instead of constructing strings for them from scratch every time, keep strings alive across iterations. name old time/op new time/op delta SetPeers-8 3.58µs ± 1% 2.41µs ± 1% -32.60% (p=0.000 n=9+10) name old alloc/op new alloc/op delta SetPeers-8 2.53kB ± 0% 1.30kB ± 0% -48.73% (p=0.000 n=10+10) name old allocs/op new allocs/op delta SetPeers-8 99.0 ± 0% 16.0 ± 0% -83.84% (p=0.000 n=10+10) We could reduce alloc/op 12% and allocs/op 23% if strs had type map[string]strCache instead of map[string]*strCache, but that wipes out the execution time impact. Given that re-use is the most common scenario, let's optimize for it. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	c065cc6169	internal/deephash: remove remaining type special cases Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	4b51fbf48c	internal/deephash: increase scratch space size `e66d4e4c81` added AppendTo methods to some key types. Their marshaled form is longer than 64 bytes. name old time/op new time/op delta Hash-8 15.5µs ± 1% 14.8µs ± 1% -4.17% (p=0.000 n=9+9) name old alloc/op new alloc/op delta Hash-8 1.18kB ± 0% 0.47kB ± 0% -59.87% (p=0.000 n=10+10) name old allocs/op new allocs/op delta Hash-8 12.0 ± 0% 6.0 ± 0% -50.00% (p=0.000 n=10+10) This is still a bit worse than explicitly handling the types, but much nicer. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	e66d4e4c81	tailcfg, types/wgkey: add AppendTo methods on some types Add MarshalText-like appending variants. Like: https://pkg.go.dev/inet.af/netaddr#IP.AppendTo To be used by @josharian's pending deephash optimizations. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	b340beff8e	internal/deephash: reset scratch before appending to it Oops. In practice this doesn't matter, but it's still wrong. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	15a7ff83de	internal/deephash: remove netaddr special cases All netaddr types that we are concerned with now implement AppendTo. Use the AppendTo method if available, and remove all references to netaddr. This is slower but cleaner, and more readily re-usable by others. name old time/op new time/op delta Hash-8 12.6µs ± 0% 14.8µs ± 1% +18.05% (p=0.000 n=8+10) HashMapAcyclic-8 21.4µs ± 1% 21.9µs ± 1% +2.39% (p=0.000 n=10+9) name old alloc/op new alloc/op delta Hash-8 408B ± 0% 408B ± 0% ~ (p=1.000 n=10+10) HashMapAcyclic-8 1.00B ± 0% 1.00B ± 0% ~ (all equal) name old allocs/op new allocs/op delta Hash-8 6.00 ± 0% 6.00 ± 0% ~ (all equal) HashMapAcyclic-8 0.00 0.00 ~ (all equal) Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	051d2f47e5	internal/deephash: re-use MapIter name old time/op new time/op delta Hash-8 12.4µs ± 0% 12.4µs ± 0% -0.33% (p=0.002 n=10+9) HashMapAcyclic-8 21.2µs ± 0% 21.3µs ± 0% +0.45% (p=0.000 n=8+8) name old alloc/op new alloc/op delta Hash-8 793B ± 0% 408B ± 0% -48.55% (p=0.000 n=10+10) HashMapAcyclic-8 128B ± 0% 0B -100.00% (p=0.000 n=10+10) name old allocs/op new allocs/op delta Hash-8 9.00 ± 0% 6.00 ± 0% -33.33% (p=0.000 n=10+10) HashMapAcyclic-8 1.00 ± 0% 0.00 -100.00% (p=0.000 n=10+10) Depends on https://github.com/golang/go/issues/46293. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	c06ec45f09	internal/deephash: document MapIter shims These exist so we can use the optimized MapIter APIs while still working with released versions of Go. They're pretty simple, but some docs won't hurt. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Elias Naur	adfe8cf41d	paths: generalize IOSSharedDir to cover Android Also fix an error message while here. Signed-off-by: Elias Naur <mail@eliasnaur.com>	3 years ago
Josh Bleecher Snyder	73adbb7a78	wgengine: pass an addressable value to deephash.UpdateHash This makes deephash more efficient. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	ce7a87e5e4	internal/deephash: use hash.BlockSize instead of a constant Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago

1 2 3 4 5 ...

2524 Commits (a573779c5c37dd36a6fdf8b2e0abf0de71cb9f2f) All Branches Search

2524 Commits (a573779c5c37dd36a6fdf8b2e0abf0de71cb9f2f)

All Branches