Commit Graph

200 Commits (cf361bb9b1aac78350b29f11759bf4d687671308)

Author SHA1 Message Date
David Anderson cf361bb9b1 net/dns: remove PerDomain from Config.
It's currently unused, and no longer makes sense with the upcoming
DNS infrastructure. Keep it in tailcfg for now, since we need protocol
compat for a bit longer.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson f77ba75d6c wgengine/router: move DNS cleanup into the DNS package.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 9f105d3968 net/dns/resolver: teach the forwarder to do per-domain routing.
Given a DNS route map, the forwarder selects the right set of
upstreams for a given name.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 90f82b6946 net/dns/resolver: add live reconfig, plumb through to ipnlocal.
The resolver still only supports a single upstream config, and
ipn/wgengine still have to split up the DNS config, but this moves
closer to unifying the DNS configs.

As a handy side-effect of the refactor, IPv6 MagicDNS records exist
now.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson caeafc4a32 net/dns/resolver: fix package docstring.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson dbe4f6f42d net/dns/resolver: unexport Resolve and ResolveReverse.
They're only used internally and in tests, and have surprising
semantics in that they only resolve MagicDNS names, not upstream
resolver queries.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson cdeb8d6816 net/dns/resolver: fix staticcheck error.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson f185d62dc8 net/dns/resolver: unexport Packet, only use it internally.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 5fb9e00ecf net/dns/resolver: remove Start method, fully spin up in New instead.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 075fb93e69 net/dns/resolver: remove the Config struct.
In preparation for reintroducing a runtime reconfig Config struct.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson bc81dd4690 net/dns/resolver: rename ResolverConfig to just Config.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson d99f5b1596 net/dns/resolver: factor the resolver out into a sub-package.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Denton Gentry 09148c07ba interfaces: check correct error /proc/net/route
wrap io.EOF if we hit https://github.com/google/gvisor/issues/5732
Check for the correct err.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
4 years ago
Denton Gentry a9745a0b68 interfaces: try larger read from /proc/net/route
Work around https://github.com/google/gvisor/issues/5732
by trying to read /proc/net/route with a larger bufsize if
it fails the first time.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
4 years ago
Denton Gentry 54ba6194f7 interfaces: allow IPv6 ULA as a valid address.
IPv6 Unique Local Addresses are sometimes used with Network
Prefix Translation to reach the Internet. In that respect
their use is similar to the private IPv4 address ranges
10/8, 172.16/12, and 192.168/16.

Treat them as sufficient for AnyInterfaceUp(), but specifically
exclude Tailscale's own IPv6 ULA prefix to avoid mistakenly
trying to bootstrap Tailscale using Tailscale.

This helps in supporting Google Cloud Run, where the addresses
are 169.254.8.1/32 and fddf:3978:feb1:d745::c001/128 on eth1.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
4 years ago
Denton Gentry ecf310be3c net/tsaddr: IsUla() for IPv6 Unique Local Address
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
4 years ago
Brad Fitzpatrick 41e4e02e57 net/{packet,tstun}: send peerapi port in TSMP pongs
For discovery when an explicit hostname/IP is known. We'll still
also send it via control for finding peers by a list.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 25e0bb0a4e net/tstun: rename wrap_windows.go to tun_windows.go.
The code has nothing to do with wrapping, it's windows-specific
driver initialization code.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 22d53fe784 net/tstun: document exported function.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 016de16b2e net/tstun: rename TUN to Wrapper.
The tstun packagen contains both constructors for generic tun
Devices, and a wrapper that provides additional functionality.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 82ab7972f4 net/tstun: rename NewFakeTUN to NewFake.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 588b70f468 net/tstun: merge in wgengine/tstun.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 018200aeba net/tstun: rename from net/tun.
We depend on wireguard-go/tun, identical leaf packages can be
confusing in code.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 44d9929208 wgengine: remove Config.TUNName, require caller to create device.
Also factors out device creation and associated OS workarounds to
net/tun.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 7f174e84e6 net/interfaces: remove mutating methods, add EqualFiltered instead
Now callers (wgengine/monitor) don't need to mutate the state to remove
boring interfaces before calling State.Equal. Instead, the methods
to remove boring interfaces from the State are removed, as is
the reflect-using Equal method itself, and in their place is
a new EqualFiltered method that takes a func predicate to match
interfaces to compare.

And then the FilterInteresting predicate is added for use
with EqualFiltered to do the job that that wgengine/monitor
previously wanted.

Now wgengine/monitor can keep the full interface state around,
including the "boring" interfaces, which we'll need for peerapi on
macOS/iOS to bind to the interface index of the utunN device.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 7dc88e4c1e net/interfaces: track more interface metadata in State
We have it already but threw it away. But macOS/iOS code will
be needing the interface index, so hang on to it.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 6521f02ff6 Move DNS flush logic to net/dns.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 9f7f2af008 wgengine/router/dns: move to net/dns.
Preparation for merging the APIs and whatnot.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 8432999835 Move wgengine/tsdns to net/dns.
Straight move+fixup, no other changes. In prep for merging with
wgengine/router/dns.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 2384c112c9 net/packet, wgengine/{filter,tstun}: add TSMP ping
Fixes #1467

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick e2b3d9aa5f all: s/Magic DNS/MagicDNS/ for consistency
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 1eb95c7e32 net/packet, wgengine{,/filter}: remove net/packet IPProto forwarding consts
Only use the ones in types/ipproto now.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 01b90df2fa net/packet, wgengine/filter: support SCTP
Add proto to flowtrack.Tuple.

Add types/ipproto leaf package to break a cycle.

Server-side ACL work remains.

Updates #1516

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Aleksandar Pesic 7b57310966 net/interfaces: use windows API to get the default route instead of parsing `route print` output
Fixes: #1470

Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>
4 years ago
David Anderson 6fb5d4080c net/portmapper: silently handle PCP NOT_AUTHORIZED responses.
Fixes #1525.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick d5fd373f09 net/interfaces: skip IPv6 link-local interfaces like we do for IPv4
We strip them control-side anyway, and we already strip IPv4 link
local, so there's no point uploading them.  And iOS has a ton of them,
which results in somewhat silly amount of traffic in the MapRequest.

We'll be doing same-LAN-inter-tailscaled link-local traffic a
different way, with same-LAN discovery.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 44ab0acbdb net/portmapper, wgengine/monitor: cache gateway IP info until link changes
Cuts down allocs & CPU in steady state (on regular STUN probes) when network
is unchanging.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 974be2ec5c net/interfaces: rewrite the darwin likelyHomeRouterIP from C to Go
We basically already had the RIB-parsing Go code for this in both
net/interfaces and wgengine/monitor, for other reasons.

Fixes #1426
Fixes #1471

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick c6358f2247 net/netcheck: add a few more STUN retries for prior DERP home
For #1310, maybe.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 0a84359d2d tailcfg, net/netcheck: let control mark "Avoid" bit on DERP regions
So a region can be used if needed, but won't be STUN-probed or used as
its home.

This gives us another possible debugging mechanism for #1310, or can
be used as a short-term measure against DERP flip-flops for people
equidistant between regions if our hysteresis still isn't good enough.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson d79a2f3809 wgengine/filter: only log packets to/from non-default routes.
Fixes tailscale/corp#1429.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick ef7bac2895 tailcfg, net/portmapper, wgengine/magicsock: add NetInfo.HavePortMap
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick fee74e7ea7 net/interfaces, wgengine/monitor: fix false positives link changes
interfaces.State.String tries to print a concise summary of the
network state, removing any interfaces that don't have any or any
interesting IP addresses. On macOS and iOS, for instance, there are a
ton of misc things.

But the link monitor based its are-there-changes decision on
interfaces.State.Equal, which just used reflect.DeepEqual, including
comparing all the boring interfaces. On macOS, when turning wifi on or off, there
are a ton of misc boring interface changes, resulting in hitting an earlier
check I'd added on suspicion this was happening:

    [unexpected] network state changed, but stringification didn't

This fixes that by instead adding a new
interfaces.State.RemoveUninterestingInterfacesAndAddresses method that
does, uh, that. Then use that in the monitor. So then when Equal is
used later, it's DeepEqualing the already-cleaned version with only
interesting interfaces.

This makes cmd/tailscaled debug --monitor much less noisy.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick b14ea68754 net/interfaces: log why when we failed to look up gateway on macOS
Not beautiful, but I'm debugging connectivity problems on
NEProvider.sleep+wake and need more clues.

Updates #1426
Updates tailscale/corp#1289

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick d37b3b02cd net/dnsfallback: fix infinite loop and limit number of candidates
Updates #1455 (fixes the DNS spin part, but other things aren't ideal there)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 829eb8363a net/interfaces: sort returned addresses from LocalAddresses
Also change the type to netaddr.IP while here, because it made sorting
easier.

Updates tailscale/corp#1397

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 10f48087f4 net/tshttpproxy: call winhttp calls from a fixed OS thread
We often see things in logs like:

2021-03-02 17:52:45.2456258 +0800 +0800: winhttp: Open: The parameter is incorrect.
2021-03-02 17:52:45.2506261 +0800 +0800: tshttpproxy: winhttp: GetProxyForURL("https://log.tailscale.io/c/tailnode.log.tailscale.io/5037bb42f4bc330e2d6143e191a7ff7e837c6be538139231de69a439536e0d68"): ERROR_INVALID_PARAMETER [unexpected]

I have a hunch that WinHTTP has thread-local state. If so, this would fix it.
If not, this is pretty harmless.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 8a55d463c8 net/interfaces: merge darwin files for DefaultRouteInterface in sandbox
DefaultRouteInterface was previously guarded by build tags such that
it was only accessible to tailscaled-on-macos, but there was no reason
for that. It runs fine in the sandbox and gives better default info,
so merge its file into interfaces_darwin.go.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 8d77dfdacb wgengine/router: add a dummy IPv6 address if needed for default routing.
Fixes #1339

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 63ed4dd6c9 net/portmapper: fix typo
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago