Commit Graph

1445 Commits (cd6099113fa037ed43a71ce764506f608d6007c5)
 

Author SHA1 Message Date
Brad Fitzpatrick f65eb4e5c1 net/netstat: start of new netstat package, with Windows for now
This will be used in a future change to do localhost connection
authentication. This lets us quickly map a localhost TCP connection to
a PID. (A future change will then map a pid to a user)

TODO: pull portlist's netstat code into this package. Then portlist
will be fast on Windows without requiring shelling out to netstat.exe.
4 years ago
Brad Fitzpatrick 8b60936913 depaware: update deps 4 years ago
Brad Fitzpatrick edb47b98a8 scripts: don't descend into .git for license header check 4 years ago
Josh Bleecher Snyder a877dd575c wgengine/router/dns: remove unnecessary lint ignore line
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Josh Bleecher Snyder bf24d54143 syncs: add AssertLocked
This allows us to check lock invariants.

It was proposed upstream and rejected in:
https://github.com/golang/go/issues/1366

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 158202dbb1 go mod tidy 4 years ago
Brad Fitzpatrick 7795fcf464 Add tooldeps package to keep depaware pinned in go.mod. 4 years ago
Brad Fitzpatrick 22ed3c503e
Add depaware.txt files and GitHub checks. (#745)
See https://github.com/tailscale/depaware

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Josh Bleecher Snyder 2e40c4b564 tstest: don't log on success
This is particularly important for benchmarks,
where stray output disrupts tooling.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 913c1bd04f wgengine/router: on Windows, add a firewall rule to allow Tailscale
Updates tailscale/tailscale#454
4 years ago
Emmanuel T Odeke 688f923db1
log/logheap: properly document LogHeap as performing HTTP upload (#741)
LogHeap no longer logs to os.Stderr and instead uploads
the heap profile by means of an HTTP POST request to the
target URL endpoint.

While here, also ensured that an error from pprof.WriteHeapProfile
isn't ignored and will prevent the HTTP request from being made
if non-nil.

Signed-off-by: Emmanuel T Odeke <emmanuel@orijtech.com>
4 years ago
Josh Bleecher Snyder 96160973ce tailcfg: regenerate Clone methods
cmd/cloner has changed. Regenerate.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Josh Bleecher Snyder 7bd89359c9 cmd/cloner: generate a package-level Clone function
This Clone function knows how to clone any types
for which it has generated Clone methods.
This allows callers to efficiently clone
an inbound interface{} that might contain one of these types.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Josh Bleecher Snyder 99d223130c cmd/cloner: fix found type detection
This was causing any type to be reported as found,
as long as there were any type decls at all. Oops.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Josh Bleecher Snyder 2352690bde cmd/cloner: ensure cloner gets re-run when structs change
If you change a struct and don't re-run cloner,
your Cloner method might be inaccurate, leading to bad things.

To prevent this, write out the struct as it is at the moment that
cloner is caller, and attempt a conversion from that type.
If the struct gets changed in any way, this conversion will fail.

This will yield false positives: If you change a non-pointer field,
you will be forced to re-run cloner, even though the actual generated
code won't change. I think this is an acceptable cost: It is a minor
annoyance, which will prevent real bugs.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 8ecee476f6 ipn: simplify TestLocalLogLines, defer a Shutdown of its LocalBackend
The test's LocalBackend was not shut down (Shutdown both releases
resources and waits for its various goroutines to end). This should
fix the test race we were seeing. It definitely fixes the file
descriptor leak that preventing -race -count=500 from passing before.
4 years ago
Brad Fitzpatrick 7fddc33481 tstest: make LogLineTracker pass variadic format args through
Omitting the "..." passed a literal []interface{} to the underlying
logger always.
4 years ago
Brad Fitzpatrick 68c42530e9 tstest: rename LogListener to LogLineTracker
But mostly to rename tstest.ListenFor which has no mention of log lines in it.
It sounded like a net.Listener or something.
4 years ago
David Crawshaw 95cddfcc75 tailcfg: add Clone methods to Login and DNSConfig
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
4 years ago
David Crawshaw 3baa084548 tstest: take testing.TB in helper for benchmarks
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
4 years ago
Brad Fitzpatrick 468bb3afce cmd/tailscale/cli: add debug -derp mode 4 years ago
Brad Fitzpatrick 9c25968b63 net/tshttpproxy: fix typo in Windows code added at least second
I ran tests & vet & staticcheck, but for Linux, not Windows.
(#728 would be nice)
4 years ago
Brad Fitzpatrick 82a3721661 go.sum: update 4 years ago
Brad Fitzpatrick b026a638c7 net/tshttpproxy: if winhttp.GetProxyForURL blocks too long, use previous value
We currently have a chickend-and-egg situation in some environments
where we can set up routes that WinHTTP's WPAD/PAC resolution service
needs to download the PAC file to evaluate GetProxyForURL, but the PAC
file is behind a route for which we need to call GetProxyForURL to
e.g. dial a DERP server.

As a short-term fix, just assume that the most recently returned proxy
is good enough for such situations.
4 years ago
Josh Bleecher Snyder a570c27577 portlist: reduce log spam on macOS
Running tailscaled on my machine yields lots of entries like:

weird: missing {tcp 6060}

parsePortsNetstat is filtering out loopback addresses as uninteresting.
Then addProcesses is surprised to discover these listening ports,
which results in spurious logging.
Teach addProcesses to also ignore loopback addresses.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Josh Bleecher Snyder 3b05cbacfb go.mod: update wireguard-go version 4 years ago
Josh Bleecher Snyder 57e642648f wgengine/magicsock: fix typo in comment 4 years ago
Brad Fitzpatrick 6d14678009 wgengine/router: remove unnecessary newlines in log.Printf formats 4 years ago
Brad Fitzpatrick 09d56f54a7
wgengine/router: fix Windows route sorting that caused de-dup to not work (#727)
Updates #725

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 74ee374667 net/tshttpproxy: add more winhttp logging
Notably around duration of calls.
4 years ago
Brad Fitzpatrick 1e0be5a458 tshttp, derphttp: send Proxy-Authorization, not Authorization, to proxies
Whoops. But weirdly, sending Authorization sometimes worked?
4 years ago
halulu 3af2d671e6
cmd/tailscale/cli: add new flag --force-reauth to up subcommand (#717)
Signed-off-by: Halulu <lzjluzijie@gmail.com>
4 years ago
Brad Fitzpatrick 9b07517f18 wgengine: add Engine.SetLinkChangeCallback
Start of making the IPN state machine react to link changes and down
its DNS & routes if necessary to unblock proxy resolution (e.g. for
transitioning from public to corp networks where the corp network has
mandatory proxies and WPAD PAC files that can't be resolved while
using the DNS/routes configured previously)

This change should be a no-op. Just some callback plumbing.
4 years ago
halulu bd37e40d2b
cmd/tailscale/cli: status exit when disconnected (#720)
cmd/tailscale/cli: make status report stopped status, exit non-zero

Fixes #714
4 years ago
Dmytro Shynkevych cb5f3c0819
tsdns: log when settings upstreams.
It turns out that otherwise we don't know what exactly was set.

Also remove the now unused RootDomain config option.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Brad Fitzpatrick 5acbb149a2 ipn/ipnstate: include DNSName in tailscale status --json output 4 years ago
Brad Fitzpatrick 2bac125cad net/tshttpproxy: move the TS_DEBUG_FAKE_PROXY_AUTH knob up a level 4 years ago
Dmytro Shynkevych aa1da24f18
tsdns: remove now unused fields.
Missed in 7541982635.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Dmytro Shynkevych 7541982635
tsdns: remove forwarding queue.
Two levels of queueing are unnecessary.
The resulting implementation performs as follows
under request bursts (`count` packets sent concurrently):

lost  count            avg latency
   0 /  256 (00.00%) - 28ms
   0 /  512 (00.00%) - 146ms
   0 /  768 (00.00%) - 166ms
   0 / 1024 (00.00%) - 416ms
  11 / 1280 (00.86%) - 430ms
 145 / 1536 (09.44%) - 715ms
 364 / 2048 (17.77%) - 836ms

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Dmytro Shynkevych 34a7e7c12b
tsdns: be more strict with type validation.
Previously, a type AAAA query would be answered with an A record
if only an IPv4 address was available. This is irrelevant for us
while we only use IPv4, but it will be a bug one day,
so it's worth being precise about semantics.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Dmytro Shynkevych bc34788e65
tsdns: fix accidental rejection of all non-{A, AAAA} questions.
This is a bug introduced in a903d6c2ed.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Brad Fitzpatrick 28f9cd06f5 tshttpproxy, controlclient, derphttp, logpolicy: send Negotiate auth to proxies
For Windows only, and only when built with Tailscale's Go tree.

Updates tailscale/corp#583
4 years ago
Brad Fitzpatrick 756d6a72bd wgengine: lazily create peer wireguard configs more explicitly
Rather than consider bigs jumps in last-received-from activity as a
signal to possibly reconfigure the set of wireguard peers to have
configured, instead just track the set of peers that are currently
excluded from the configuration. Easier to reason about.

Also adds a bit more logging.

This might fix an error we saw on a machine running a recent unstable
build:

2020-08-26 17:54:11.528033751 +0000 UTC: 8.6M/92.6M magicsock: [unexpected] lazy endpoint not created for [UcppE], d:42a770f678357249
2020-08-26 17:54:13.691305296 +0000 UTC: 8.7M/92.6M magicsock: DERP packet received from idle peer [UcppE]; created=false
2020-08-26 17:54:13.691383687 +0000 UTC: 8.7M/92.6M magicsock: DERP packet from unknown key: [UcppE]

If it does happen again, though, we'll have more logs.
4 years ago
Brad Fitzpatrick 483141094c cmd/tailscale/cli: add basic 'down' subcommand
RELNOTE=yes
4 years ago
halulu f27a57911b
cmd/tailscale: add derp and endpoints status (#703)
cmd/tailscale: add local node's information to status output (by default)

RELNOTE=yes

Updates #477

Signed-off-by: Halulu <lzjluzijie@gmail.com>
4 years ago
Brad Fitzpatrick f915ab6552 net/tshttpproxy: add start of Kerberos Negotiate auth to proxies on Windows
For now only used by a new cmd/tailscale debug --get-url
subcommand. Not yet wired up to the places making HTTP requests.

Updates tailscale/corp#583
4 years ago
David Crawshaw dd2c61a519 magicsock: call RequestStatus when DERP connects
Second attempt.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
4 years ago
David Crawshaw a67b174da1 Revert "magicsock: call RequestStatus when DERP connects"
Seems to break linux CI builder. Cannot reproduce locally,
so attempting a rollback.

This reverts commit cd7bc02ab1.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
4 years ago
Wendi Yu a3fb422a39
ipn: tag and test for grinder log lines (#711)
Signed-off-by: Wendi <wendi.yu@yahoo.ca>
4 years ago
David Crawshaw cd7bc02ab1 magicsock: call RequestStatus when DERP connects
Without this, a freshly started ipn client will be stuck in the
"Starting" state until something triggers a call to RequestStatus.
Usually a UI does this, but until then we can sit in this state
until poked by an external event, as is evidenced by our e2e tests
locking up when DERP is attached.

(This only recently became a problem when we enabled lazy handshaking
everywhere, otherwise the wireugard tunnel creation would also
trigger a RequestStatus.)

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
4 years ago