Commit Graph

1846 Commits (b4cf837d8adc447233bac47e3425d5a3bcda87a5)
 

Author SHA1 Message Date
Dmitry Adamushko 44434fdc82 derp/derp_server: fixed unbalanced {register,unregister}Client() calls.
Signed-off-by: Dmitry Adamushko <da@stablebits.net>
5 years ago
Blake Gentry e19287f60f wgengine/magicsock: fix Conn docs type reference
The docs on magicsock.Conn stated that they implemented the
wireguard/device.Bind interface, yet this type does not exist. In
reality, the Conn type implements the wireguard/conn.Bind interface.

I also fixed a small typo in the same file.

Signed-off-by: Blake Gentry <blakesgentry@gmail.com>
5 years ago
Brad Fitzpatrick 71d6738333 tstime: change an Errorf+return to Fatalf in subtest
Forgot to git add this during review. Fail.
5 years ago
Brad Fitzpatrick febdac0499 tstime: write Parse3339 parse that doesn't use time.Parse
It doesn't allocate and it's half the time of time.Parse (which
allocates), and 2/3rds the time of time.ParseInLocation (which
doesn't).

Go with a UTC time:

BenchmarkGoParse3339/Z-8                 2200995               534 ns/op               0 B/op          0 allocs/op
BenchmarkGoParse3339/Z-8                 2254816               554 ns/op               0 B/op          0 allocs/op
BenchmarkGoParse3339/Z-8                 2159504               522 ns/op               0 B/op          0 allocs/op

Go allocates with a "-08:00" suffix instead of ending in "Z":

BenchmarkGoParse3339/TZ-8                1276491               884 ns/op             144 B/op          3 allocs/op
BenchmarkGoParse3339/TZ-8                1355858               942 ns/op             144 B/op          3 allocs/op
BenchmarkGoParse3339/TZ-8                1385484               911 ns/op             144 B/op          3 allocs/op

Go doesn't allocate if you use time.ParseInLocation, but then you need
to parse the string to find the location anyway, so might as well go
all the way (below).

BenchmarkGoParse3339InLocation-8         1912254               597 ns/op               0 B/op          0 allocs/op
BenchmarkGoParse3339InLocation-8         1980043               612 ns/op               0 B/op          0 allocs/op
BenchmarkGoParse3339InLocation-8         1891366               612 ns/op               0 B/op          0 allocs/op

Parsing RFC3339 ourselves, UTC:

BenchmarkParse3339/Z-8                   3889220               307 ns/op               0 B/op          0 allocs/op
BenchmarkParse3339/Z-8                   3718500               309 ns/op               0 B/op          0 allocs/op
BenchmarkParse3339/Z-8                   3621231               303 ns/op               0 B/op          0 allocs/op

Parsing RFC3339 ourselves, with timezone (w/ *time.Location fetched
from sync.Map)

BenchmarkParse3339/TZ-8                  3019612               418 ns/op               0 B/op          0 allocs/op
BenchmarkParse3339/TZ-8                  2921618               401 ns/op               0 B/op          0 allocs/op
BenchmarkParse3339/TZ-8                  3031671               408 ns/op               0 B/op          0 allocs/op

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 02948d2c86 Dockerfile: add some usage docs, bump to Go 1.14 5 years ago
Brad Fitzpatrick d503dee6f1 tstime: add new package for time utilities, starting with Parse3339
Go's time.Parse always allocates a FixedZone for time strings not in
UTC (ending in "Z"). This avoids that allocation, at the cost of
adding a cache.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
David Anderson 4e0ee141e8 derp/derpmap: add derp5 (Sydney) to prod map.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
Brad Fitzpatrick 996bf9cae7 logtail: don't send a User-Agent
Just useless bytes on the wire. Especially with HTTP/1.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 7bf436ba30 tsweb: add some Benchmarks
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 64334143a1 tsweb: rename Handler to ReturnHandler
The name's been bugging me for a long time.

I liked neither the overlap between tsweb.Handler and http.Handler,
nor the name "ServeHTTPErr" which sounds like it's an error being
returned, like it's an error handler and not sometimes a happy path.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick bdc55d7091 logtail: add ParsePrivateID 5 years ago
Brad Fitzpatrick 50aeb5b9ad wgengine: unexport some windows funcs 5 years ago
David Anderson b446de103a tsweb: fix tests.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Anderson af3a9dfad6 tsweb: add a StdHandler that doesn't log 200 responses.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Anderson ba2774ea27 cmd/mkpkg: support depending on stuff.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Anderson 362d6af4e2 cmd/tailscaled: set CacheDirectory in service.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
Brad Fitzpatrick e71a7c7a2c logtail: read to EOF on chunked response
We'll be fixing the server so this won't trigger in practice,
but it demos the connection reuse problem.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick fcb6a34f4b logtail: reduce allocations encoding text
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 2863e49db9 tsweb: don't flush, treat no-op Handler as 200, like Go
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 3b4b17d239 logpolicy: log on dials, add knob to force HTTP/1 for log uploads
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
David Anderson 5d995d9d6b tsweb: add a test case for nil child errors in tsweb.Error.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Anderson 2c2dff9559 tsweb: don't panic if we get a tsweb.Error with no embedded error.
It's technically weird to return a tsweb.Error with no child err,
but it's a sensible thing to want to do, and we shouldn't panic
if it happens.

Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Crawshaw 2f8719741e controlclient: do not send duplicate hostinfo/netinfo
This should never happen, so log when it does so we can fix it.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
5 years ago
David Anderson 48d7ee1c6a cmd/microproxy: adjust to export node stats and a Go expvar server's stats.
This is a temporary specialization to what tailscale prod needs right now,
it'll go back to something more generic later.
5 years ago
Brad Fitzpatrick 8ca796d144 ipn, ipn/policy: filter portlist to a short list of "interesting" ports
Adds new package ipn/policy to be shared between node client & control server.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick c6aa5b639f tailcfg: clarify Hostinfo.OS doc 5 years ago
Brad Fitzpatrick 4524dcf51e version: move runtime.OS to tailscale OS mapping func to version
So other code can use this without duplicating the policy.
5 years ago
David Anderson c14bc028ac cmd/microproxy: tiny TLS proxy that borrows autocert x509 certs. 5 years ago
Brad Fitzpatrick 1df3c8d02a derp, netcheck: make tests listen on localhost only
avoid macOS firewall pop-ups
5 years ago
Brad Fitzpatrick 5362e952e1 safesocket: gofmt
Was developed on a random machine without my normal environment.
5 years ago
Brad Fitzpatrick fee2d9fad4 safesocket: connect to the macOS network extension on darwin (as last resort)
(For cmd/tailscale CLI support on macOS)

Signed-off-by: Brad Fitzpatrick <brad@danga.com>
5 years ago
David Crawshaw 0590ad68be controlclient, ipn: adjust tests for authURL semantic changes
The tests cheat at filling out web forms by directly POSTing to
the target. The target for authURLs has changed slightly, the base
authURL now redirects the user to the login page.

Additionally, the authURL cycle now checks the cookie is set
correctly, so we add cookie jars where necessary to pass the
cookie through.
5 years ago
Brad Fitzpatrick a4ef345737 cmd/tailscale: add status subcommand
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 810c1e9704 types/key: make Public implement TextMarshaler, TextUnmarshaler
So it can be a map key with encoding/json
5 years ago
Brad Fitzpatrick f51f18b42b ipn: move FakeBackend to a test-only file 5 years ago
Brad Fitzpatrick 8ebee05fbd cmd/tailscale: remove unnecessary logpolicy/logtail logging 5 years ago
David Anderson 80261b02ba testy: make safe for concurrent use.
Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
David Anderson 1fdadf06f1 testy: don't give Clock.Step==0 magical behavior.
Turns out it's sometimes useful to stop time entirely.

Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
Brad Fitzpatrick 8b3f6be008 control/controlclient: flip IPv6 to be on by default
The DEBUG_INCLUDE_IPV6 environment variable is now an opt-out.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 322499473e cmd/tailscaled, wgengine, ipn: add /debug/ipn handler with world state
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
David Anderson dbca186a64 stunner: fix data race.
In very low-latency conditions, a STUN request can complete before
the startup loop has finished firing off goroutines, leading to
a concurrent map mutation.
5 years ago
Brad Fitzpatrick 7fb8d873ac logpolicy: don't log timestamp when running under systemd
It'll do it anyway.

Makes journalctl -fu cleaner.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 2d48f92a82 wgengine/magicsock: re-stun every [20,27] sec, not 28
28 is cutting it close, and we think jitter will help some spikes
we're seeing.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 2c7ddd0828 go.mod, go.sum: tidy 5 years ago
Brad Fitzpatrick 577f321c38 wgengine/magicsock: revise derp fallback logic
Revision to earlier 6284454ae5

Don't be sticky if we have no peers.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
David Anderson cbd8aceb95 go.mod: bump wireguard-go version.
Fixes #219.

Signed-off-by: David Anderson <dave@natulte.net>
5 years ago
Brad Fitzpatrick 2e420ad8b6 wgengine, wgengine/filter: minor doc, style, performance, locking changes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 6284454ae5 wgengine/magicsock: if UDP blocked, pick DERP where most peers are
Updates #207

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Avery Pennarun f53e78e0d5 wgengine: don't lose filter state on filter reconfig.
We were abandoning the UDP port LRU every time we got a new packet
filter from tailcontrol, which caused return packets to suddenly stop
arriving.
5 years ago
Avery Pennarun 4336de0d98 ipn/local: don't print packet filter every single time.
It's extremely noisy right now for domains with complex ACLs.
5 years ago