Commit Graph

22 Commits (bb55694c95fe63899c580bcc24526229a05da2a2)

Author SHA1 Message Date
halulu 874be6566d
netcheck: DERP latency over HTTPS when UDP is blocked
* netcheck: DERP letency over HTTPS when UDP failed

Updates #207

Signed-off-by: Zijie Lu <zijie@tailscale.com>

* netcheck: async DERP latency check over HTTPS

Updates #207

Signed-off-by: Zijie Lu <zijie@tailscale.com>

* netcheck: DERP latency check over HTTPS: fix concurrent map

Updates #207

Signed-off-by: Zijie Lu <zijie@tailscale.com>

* netcheck: DERP latency check over HTTPS: some improvements

Updates #207

Signed-off-by: Zijie Lu <zijie@tailscale.com>

* netcheck: DERP latency check over HTTPS: use timeout context

Updates #207

Signed-off-by: Zijie Lu <zijie@tailscale.com>

* netcheck: DERP latency check over HTTPS: use report mutex

Updates #207

Signed-off-by: Zijie Lu <zijie@tailscale.com>

* netcheck: DERP latency check over HTTPS if UDP is BLOCKED

Updates #207

Signed-off-by: Zijie Lu <zijie@tailscale.com>

* netcheck: DERP latency check over HTTPS: new function measureHTTPSLatency

Updates #207

Signed-off-by: Zijie Lu <zijie@tailscale.com>
5 years ago
Brad Fitzpatrick 44b07aa708 netcheck: STUN less aggressively to known distant servers
If Australia's far away and not going to be used, it's still going to
be far away a minute later. No need to send backup
just-in-case-UDP-gets-lost STUN packets to the known far away
destinations. Those are the ones most likely to trigger retries due to
delay anyway (in random 50-250ms, currently). But we'll keep sending 1
packet to them, just in case our airplane landed.

Likewise, be less aggressive with IPv6. The main point is just to see
whether IPv6 works. No need to send up to 10 packets every round. Max
two is enough (except for the first round). This does mean our STUN
traffic graphs for IPv4-vs-IPv6 will change shape. Oh well. It was a
weird eyeball metric for IPv6 connectivity anyway and we have better
metrics.

We can tweak this policy over time. It's factored out and has tests
now.
5 years ago
Brad Fitzpatrick 495796fff1 derp/derpmap: add World.ForeachServer, check STUN server validity earlier 5 years ago
Brad Fitzpatrick 73249f8032 netcheck: aggregate spammy logging onto one concise line 5 years ago
Brad Fitzpatrick 1df3c8d02a derp, netcheck: make tests listen on localhost only
avoid macOS firewall pop-ups
5 years ago
Brad Fitzpatrick 19a1704abd netcheck: use best DERP server in past 5 minutes to avoid flip-flopping
Fixes #162
5 years ago
Brad Fitzpatrick 42e98d4edc Quiet two little log annoyances. 5 years ago
Brad Fitzpatrick b9c6d3ceb8 netcheck: work behind UDP-blocked networks again, add tests
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick afc3479d04 netcheck: fix data races for staggler STUN packets arriving after GetReport
Fixes #179
5 years ago
Brad Fitzpatrick 0d3f42e1d8 netcheck: ignore IPv4 STUN failures if we saw at least one reply
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick ed7e088729 netcheck: ignore IPv6 STUN failures
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 01b4bec33f stunner: re-do how Stunner works
It used to make assumptions based on having Anycast IPs that are super
near. Now we're intentionally going to a bunch of different distant
IPs to measure latency.

Also, optimize how the hairpin detection works. No need to STUN on
that socket. Just use that separate socket for sending, once we know
the other UDP4 socket's endpoint. The trick is: make our test probe
also a STUN packet, so it fits through magicsock's existing STUN
routing.

This drops netcheck from ~5 seconds to ~250-500ms.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 5c1e443d34 wgengine/monitor: don't call LinkChange when interfaces look unchanged
Basically, don't trust the OS-level link monitor to only tell you
interesting things. Sanity check it.

Also, move the interfaces package into the net directory now that we
have it.
5 years ago
Brad Fitzpatrick 39c0ae1dba derp/derpmap: new DERP config package, merge netcheck into magicsock more
Fixes #153
Updates #162
Updates #163

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 2cff9016e4 net/dnscache: add overly simplistic DNS cache package for selective use
I started to write a full DNS caching resolver and I realized it was
overkill and wouldn't work on Windows even in Go 1.14 yet, so I'm
doing this tiny one instead for now, just for all our netcheck STUN
derp lookups, and connections to DERP servers. (This will be caching a
exactly 8 DNS entries, all ours.)

Fixes #145 (can be better later, of course)
5 years ago
Brad Fitzpatrick ff6b3c2c38 netcheck: include two more DERP nodes, show more in CLI report 5 years ago
Brad Fitzpatrick 596fd449b9 netcheck: add TODO about alternate timing strategies 5 years ago
Brad Fitzpatrick b27d4c017a magicsock, wgengine, ipn, controlclient: plumb regular netchecks to map poll
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 844d991baf netcheck: add Report.Clone, return cloned report to avoid races on late replies 5 years ago
Brad Fitzpatrick bcf3719b9e netcheck: add hairpinning detection
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick f3c0ea23d9 netcheck, stunner: reduce log spam
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago
Brad Fitzpatrick 14559340ee Start of netcheck package & including network state in Hostinfo.
* adds new packet "netcheck" to do the checking of UDP, IPv6, and
  nearest DERP server, and the Report type for all that (and more
  in the future, probably pulling in danderson's natprobe)
* new tailcfg.NetInfo type
* cmd/tailscale netcheck subcommand (tentative name, likely to
  change/move) to print out the netcheck.Report.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
5 years ago