tailscale

Commit Graph

Author	SHA1	Message	Date
David Anderson	e8b3a5e7a1	wgengine/filter: implement a destination IP pre-filter. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Avery Pennarun	3ed2124356	ipn: Resolve some resource leaks in test. Updates tailscale/corp#255. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	4 years ago
Avery Pennarun	ea8f92b312	ipn/local: get rid of some straggling calls to the log module. Use b.logf() instead. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	4 years ago
David Anderson	c97c45f268	ipn: sprinkle documentation and clarity rewrites through LocalBackend. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Wendi Yu	bb55694c95	wgengine: log node IDs when peers are added/removed (#381 ) Also stop logging data sent/received from nodes we're not connected to (ie all those `x`s being logged in the `peers: ` line) Signed-off-by: Wendi <wendi.yu@yahoo.ca>	4 years ago
David Anderson	0fe262f093	ipn: plumb NetfilterMode all the way out to the CLI. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	292606a975	wgengine/router: support multiple levels of netfilter involvement. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Avery Pennarun	08acb502e5	Add tstest.PanicOnLog(), and fix various problems detected by this. If a test calls log.Printf, 'go test' horrifyingly rearranges the output to no longer be in chronological order, which makes debugging virtually impossible. Let's stop that from happening by making log.Printf panic if called from any module, no matter how deep, during tests. This required us to change the default error handler in at least one http.Server, as well as plumbing a bunch of logf functions around, especially in magicsock and wgengine, but also in logtail and backoff. To add insult to injury, 'go test' also rearranges the output when a parent test has multiple sub-tests (all the sub-test's t.Logf is always printed after all the parent tests t.Logf), so we need to screw around with a special Logf that can point at the "current" t (current_t.Logf) in some places. Probably our entire way of using subtests is wrong, since 'go test' would probably like to run them all in parallel if you called t.Parallel(), but it definitely can't because the're all manipulating the shared state created by the parent test. They should probably all be separate toplevel tests instead, with common setup/teardown logic. But that's a job for another time. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	4 years ago
David Anderson	9ccbcda612	wgengine/router: rename config.Settings to config.Config, make pointer. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	72cae5504c	wgengine: generate and plumb router.Settings in from ipn. This saves a layer of translation, and saves us having to pass in extra bits and pieces of the netmap and prefs to wgengine. Now it gets one Wireguard config, and one OS network stack config. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Wendi Yu	3663797815	Reduce logspam from node with no peers Signed-off-by: Wendi Yu <wendi.yu@yahoo.ca>	4 years ago
David Anderson	bfdc8175b1	wgengine/router: add a setting to disable SNAT for subnet routes. Part of #320. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	89af51b84d	wgengine: plumb locally advertised subnet routes. With this change, advertising subnet routes configures the firewall correctly. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Avery Pennarun	9d1f48032a	cmd/tailscale: add --advertise-tags option. These will be used for dynamically changing the identity of a node, so its ACL rights can be different from your own. Note: Not all implemented yet on the server side, but we need this so we can request the tagged rights in the first place. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	4 years ago
Avery Pennarun	d6c34368e8	ipn/local: differentiate Shields Up from Uninitialized in logs. We were printing "Shields Up" when the netmap wasn't initialized yet, which while technically effectively true, turned out to be confusing when trying to debug things. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	4 years ago
Avery Pennarun	ced9b4008a	ipn: clear the hostinfo.Services list when prefs.ShieldsUp==true. When shields are up, no services are available to connect to, so hide them all. This will also help them disappear from the UI menu on other nodes. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	4 years ago
Avery Pennarun	d7429b9a8d	Add prefs.ShieldsUp and --shields-up option. This sets a default packet filter that blocks all incoming requests, giving end users more control over who can get into their machine, even if the admin hasn't set any central ACLs. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>	4 years ago
Brad Fitzpatrick	f4c7eb8c44	ipn: revert part of `18017f7630` In retrospect I don't trust it and I'm afraid might've caused some Mac flakiness. I'd like more tests here before I work on this. Updates #288	4 years ago
Brad Fitzpatrick	18017f7630	ipn, wgengine/magicsock: be more idle when in Stopped state with no peers (Previously as #288, but with some more.) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	45f2b53aca	all: remove unnecessary trailing newlines in format patterns for consistency And document on logger.Logf that it's unnecessary.	4 years ago
Brad Fitzpatrick	3a3b64301e	wgengine: quiet some engine reconfig logging, make more consistent Updates #282 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	b24029717b	ipn: outdent some code in if that's statically always true	4 years ago
David Crawshaw	1747d099e9	ipn: add auth key Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
Brad Fitzpatrick	8ca796d144	ipn, ipn/policy: filter portlist to a short list of "interesting" ports Adds new package ipn/policy to be shared between node client & control server. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	a4ef345737	cmd/tailscale: add status subcommand Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	322499473e	cmd/tailscaled, wgengine, ipn: add /debug/ipn handler with world state Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Avery Pennarun	f53e78e0d5	wgengine: don't lose filter state on filter reconfig. We were abandoning the UDP port LRU every time we got a new packet filter from tailcontrol, which caused return packets to suddenly stop arriving.	4 years ago
Avery Pennarun	4336de0d98	ipn/local: don't print packet filter every single time. It's extremely noisy right now for domains with complex ACLs.	4 years ago
Brad Fitzpatrick	7740cbd8d9	ipn: call SetNetInfoCallback later, in Start It was being called back into ultimately from magicsock before there was a control client. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	51b669e4bd	ipn: skip tailscaled UDP ports in service list	4 years ago
David Crawshaw	addbdce296	wgengine, ipn: include number of active DERPs in status Use this when making the ipn state transition from Starting to Running. This way a network of quiet nodes with no active handshaking will still transition to Active. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
Brad Fitzpatrick	120273d7f6	portlist: document, clean up, fix an open fd spike, optimize a bit I noticed portlist when looking at some profiles and hadn't looked at the code much before. This is a first pass over it. It allocates a fair bit. More love remains, but this does a bit: name old time/op new time/op delta GetList-8 9.92ms ± 8% 9.64ms ±12% ~ (p=0.247 n=10+10) name old alloc/op new alloc/op delta GetList-8 931kB ± 0% 869kB ± 0% -6.70% (p=0.000 n=10+10) name old allocs/op new allocs/op delta GetList-8 4.59k ± 0% 3.69k ± 1% -19.71% (p=0.000 n=10+10) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	42e98d4edc	Quiet two little log annoyances.	4 years ago
David Anderson	aeb88864e0	ipn: don't clobber netinfo in Start().	4 years ago
Avery Pennarun	b4897e7de8	controlclient/netmap: write our own b.ConciseDiffFrom(a) function. This removes the need for go-cmp, which is extremely bloaty so we had to leave it out of iOS. As a result, we had also left it out of macOS, and so we didn't print netmap diffs at all on darwin-based platforms. Oops. As a bonus, the output format of the new function is way better. Minor oddity: because I used the dumbest possible diff algorithm, the sort order is a bit dumb. We print all "removed" lines and then print all "added" lines, rather than doing the usual diff-like thing of interspersing them. This probably doesn't matter (maybe it's an improvement).	4 years ago
David Crawshaw	57f220656c	ipn: search for ErrStateNotExist with errors.Is Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
Brad Fitzpatrick	eac62ec5ff	ipn, wgengine/magicsock: add ipn.Prefs.DisableDERP bool Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	b27d4c017a	magicsock, wgengine, ipn, controlclient: plumb regular netchecks to map poll Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	657f9593ae	Reduce some logspam.	4 years ago
David Crawshaw	d133339216	ipn: always guard LocalBackend.prefs with mu Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
Brad Fitzpatrick	bcf3719b9e	netcheck: add hairpinning detection Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
David Crawshaw	cdc10b74f1	ipn: always guard LocalBackend.endpoints with mu For #112 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
David Crawshaw	3425d8d84f	ipn: always guard LocalBackend.engineStatus with mu Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
David Crawshaw	e7cdc11654	ipn: always guard LocalBackend.netMapCache with mu Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
Brad Fitzpatrick	25797c8c2a	all: rename deep "Copy" methods to conventional Go name "Clone"	4 years ago
Brad Fitzpatrick	14559340ee	Start of netcheck package & including network state in Hostinfo. * adds new packet "netcheck" to do the checking of UDP, IPv6, and nearest DERP server, and the Report type for all that (and more in the future, probably pulling in danderson's natprobe) * new tailcfg.NetInfo type * cmd/tailscale netcheck subcommand (tentative name, likely to change/move) to print out the netcheck.Report. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	eefafad9f8	ipn: fix some mutex/ownership issues Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	3988ddc85d	types/logger: add WithPrefix, use it in two places Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	758744a4e3	Fix some Hostinfo value usages from the previous commit.	4 years ago
Brad Fitzpatrick	d8de11a01b	control: make Hostinfo accessed by pointer Fix potential races in copying aliased slices by value. Also few little doc updates. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago

1 2

62 Commits (e8b3a5e7a1528b1db04c348baa305757b865204e)