Commit Graph

1752 Commits (ca51529b81cc604bc5b57dfdbf3f67bdf61f7d5a)
 

Author SHA1 Message Date
Brad Fitzpatrick f7eed25bb9 wgengine/magicsock: filter disco packets and packets when stopped from wireguard
Fixes #1167
Fixes tailscale/corp#219

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Christine Dodrill 81466eef81
Add an environment variable to enable customizing the log target (#1243)
Signed-off-by: Christine Dodrill <xe@tailscale.com>
4 years ago
David Anderson 45fe06a89f Revert "tailcfg: remove v6-overlay debug option."
This reverts commit da4ec54756.

Since v6 got disabled for Windows nodes, I need the debug flag back
to figure out why it was broken.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Josh Bleecher Snyder e8cd7bb66f tstest: simplify goroutine leak tests
Use tb.Cleanup to simplify both the API and the implementation.

One behavior change: When the number of goroutines shrinks, don't log.
I've never found these logs to be useful, and they frequently add noise.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 9a70789853 cmd/tailscale: fix IPN message reading stall in tailscale status -web
Fixes #1234
Updates #1254
4 years ago
Brad Fitzpatrick a2aa6cd2ed wgengine/router: clarify disabled IPv6 message on Linux 4 years ago
David Crawshaw d139fa9c92 net/interfaces: use a uint32_t for ipv4 address
The code was using a C "int", which is a signed 32-bit integer.
That means some valid IP addresses were negative numbers.
(In particular, the default router address handed out by AT&T
fiber: 192.168.1.254. No I don't know why they do that.)
A negative number is < 255, and so was treated by the Go code
as an error.

This fixes the unit test failure:

	$ go test -v -run=TestLikelyHomeRouterIPSyscallExec ./net/interfaces
	=== RUN   TestLikelyHomeRouterIPSyscallExec
	    interfaces_darwin_cgo_test.go:15: syscall() = invalid IP, false, netstat = 192.168.1.254, true
	--- FAIL: TestLikelyHomeRouterIPSyscallExec (0.00s)

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
4 years ago
David Anderson 267531e4f8 wgengine/router: probe better for v6 policy routing support.
Previously we disabled v6 support if the disable_policy knob was
missing in /proc, but some kernels support policy routing without
exposing the toggle. So instead, treat disable_policy absence as a
"maybe", and make the direct `ip -6 rule` probing a bit more
elaborate to compensate.

Fixes #1241.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Josh Bleecher Snyder 717c715c96 wgengine/wglog: don't log failure to send data packets
Fixes #1239
4 years ago
Josh Bleecher Snyder 516e8a4838 tsweb: add num_goroutines expvar
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Josh Bleecher Snyder dd10babaed wgenginer/magicsock: remove Addrs methods
They are now unused.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick c7d4bf2333 cmd/tailscale/cli: recommend sudo for 'tailscale up' on failure
Fixes #1220
4 years ago
Brad Fitzpatrick 2889fabaef cmd/tailscaled/tailscaled.service: revert recent hardening for now
It broke Debian Stretch. We'll try again later.

Updates #1245

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 761188e5d2 wgengine/wgcfg: fix validateEndpoints of empty string
Updates tailscale/corp#1238
4 years ago
Brad Fitzpatrick 914a486af6 safesocket: refactor macOS auth code, pull out separate LocalTCPPortAndToken 4 years ago
Brad Fitzpatrick 60e189f699 cmd/hello: use safesocket client to connect 4 years ago
Brad Fitzpatrick 006a224f50 ipn/ipnserver, cmd/hello: do whois over unix socket, not debug http
Start of a local HTTP API. Not a stable interface yet.
4 years ago
Josh Bleecher Snyder fe7c3e9c17 all: move wgcfg from wireguard-go
This is mostly code movement from the wireguard-go repo.

Most of the new wgcfg package corresponds to the wireguard-go wgcfg package.

wgengine/wgcfg/device{_test}.go was device/config{_test}.go.
There were substantive but simple changes to device_test.go to remove
internal package device references.

The API of device.Config (now wgcfg.DeviceConfig) grew an error return;
we previously logged the error and threw it away.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 0bc73f8e4f cmd/hello: new hello.ipn.dev server
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick c611d8480b cmd/tailscaled: add whois/identd-ish debug handler 4 years ago
Brad Fitzpatrick c7fc4a06da wgengine/router: don't configure IPv6 on Linux when IPv6 is unavailable
Fixes #1214

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson de497358b8 cmd/tailscaled: add /run to the allowed paths for iptables.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Josh Bleecher Snyder 1e28207a15 types/logger: fix rateFree interaction with verbosity prefixes
We log lines like this:

c.logf("[v1] magicsock: disco: %v->%v (%v, %v) sent %v", c.discoShort, dstDisco.ShortString(), dstKey.ShortString(), derpStr(dst.String()), disco.MessageSummary(m))

The leading [v1] causes it to get unintentionally rate limited.
Until we have a proper fix, work around it.

Fixes #1216

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
David Anderson 7a16ac80b7 VERSION.txt: this is 1.5.0. 4 years ago
Brad Fitzpatrick 4d943536f1 wgengine: don't leak TUN device in NewUserspaceEngine error path
Updates #1187

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 9f5b0d058f wgengine: fix bugs from earlier fix
Fixes a regression from e970ed0995 that wasn't covered by tests
in this repo. (Our end-to-end tests in another repo caught this.)

Updates #1204
4 years ago
Sonia Appasamy 4dab0c1702
tailcfg: update node display name fields and methods (#1207)
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>

Consolidates the node display name logic from each of the clients into
tailcfg.Node. UI clients can use these names directly, rather than computing
them independently.
4 years ago
Brad Fitzpatrick 35e10c78fc net/interfaces: don't send over zt* interfaces
Fixes #1208

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 692a011b54 net/interfaces: remove IsTailscaleIP, make callers use tsaddr.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick e970ed0995 wgengine: fix crash reading long UAPI lines from legacy peers
Also don't log.Fatalf in a function returning an error.

Fixes #1204

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick a7edcd0872 ipn/ipnstate: update tailscale status -web to match CLI 4 years ago
Brad Fitzpatrick a98538f84a Merge branch 'main' of github.com:tailscale/tailscale into main 4 years ago
Brad Fitzpatrick c3c59445ff ipn/ipnserver: on Windows in unattended mode, wait for Engine forever
Updates #1187
4 years ago
Brad Fitzpatrick 0dde8fa0a8 ipn/ipnserver: rearrange some code
No functional change. Make a future diff easier to read.
4 years ago
Brad Fitzpatrick 4d3c09ced4 ipn/ipnserver: on Windows in unattended mode, wait for Engine forever
Updates #1187
4 years ago
Sonia Appasamy 567c5a6d9e
tailcfg, controlclient: add DisplayName field to tailcfg.Node and populate it from controlclient (#1191)
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
4 years ago
Brad Fitzpatrick 4fea604979 wgengine/router: stop setPrivateNetwork goroutine on configureInterface failure
On Windows, configureInterface starts a goroutine reconfiguring the
Windows firewall.

But if configureInterface fails later, that goroutine kept running and
likely failing forever, spamming logs. Make it stop quietly if its
launching goroutine filed.
4 years ago
Andrey Petrov bf6205d200 LICENSE: Reformat for Github
Should be equivalent to the license before, but compatible with the library Github uses to detect the license for the project's metadata: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/licensing-a-repository#detecting-a-license

Signed-off-by: Andrey Petrov <andrey.petrov@shazow.net>
4 years ago
David Anderson 9f7cbf6cf1 wgengine/filter: add a Clone method.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 9ce92aad3e cmd/tailscaled: update depaware.txt 4 years ago
Brad Fitzpatrick fa3543d629 control/controlclient: use more direct way of getting the MagicDNS suffix
Suggested by Avery earlier. Ends up fixing bug in "tailscale status" when
MagicDNS if off too:
https://forum.tailscale.com/t/1-3-293-is-released-a-1-4-0-pre-release/349/11?u=bradfitz
4 years ago
Brad Fitzpatrick e7bf144c3f ipn, wgengine/filter: fix Shields Up recent regression and old bug
Fixes #1192 (regression)
Fixes #1193 (old bug)
4 years ago
Brad Fitzpatrick 97496a83af wgengine/tstun: also support DropSilently on PostFilterIn
Not a problem (yet). But should be consistent with other places that support both
types of drops.
4 years ago
Brad Fitzpatrick eb47cba435 cmd/tailscaled: don't require --state for --cleanup 4 years ago
Brad Fitzpatrick daf2c70a08 go.mod: bump wireguard-go 4 years ago
Josh Bleecher Snyder d5baeeed5c wgengine: use Tailscale-style peer identifiers in logs
Rewrite log lines on the fly, based on the set of known peers.

This enables us to use upstream wireguard-go logging,
but maintain the Tailscale-style peer public key identifiers
that the rest of our systems (and people) expect.

Fixes #1183

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 4306433d1c cmd/tailscale: make "tailscale ping" also resolve names without DNS
This lets "tailscale ping $NAME" work even if MagicDNS is off, letting you
ping a name that shows up in "tailscale status".

More user friendly.
4 years ago
Brad Fitzpatrick 9541886856 wgengine/magicsock: disable regular STUNs for all platforms by default
Reduces background CPU & network.

Updates #1034

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 49d00b6a28 tailcfg: add StableID to Node. #1178
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 54d0d83b67 safesocket: on Linux, make /var/run/tailscale be 0755
Continuation of earlier two umask changes,
5611f290eb and
d6e9fb1df0.

This change mostly affects us, running tailscaled as root by hand (wit
a umask of 0077), not under systemd. End users running tailscaled
under systemd won't have a umask.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago