Commit Graph

176 Commits (ed5d5f920f9e9574602e00aa605a526b32017212)

Author SHA1 Message Date
Brad Fitzpatrick 12e28aa87d ipn: on transition from no PAC to PAC, reset state
So previous routes aren't shadowing resources that the operating
system might need (Windows Domain Controller, DNS server, corp HTTP
proxy, WinHTTP fetching the PAC file itself, etc).

This effectively detects when we're transitioning from, say, public
wifi to corp wifi and makes Tailscale remove all its routes and stops
its TCP connections and tries connecting to everything anew.

Updates tailscale/corp#653
4 years ago
Brad Fitzpatrick b5a3850d29 control/controlclient, ipn: store machine key separately from user prefs/persist
Updates #610 (fixes after some win/xcode changes in a separate repo)
4 years ago
Brad Fitzpatrick c8f257df00 Revert "all: keep UserProfiles a slice instead of a map for longer"
This reverts commit e5894aba42.

Breaks macOS/iOS build. Reverting per chat with Josh; he'll fix later today.
4 years ago
Brad Fitzpatrick 90b7293b3b ipn: add/move some constants, update a comment
And make the StateStore implementations be Stringers, for error messages.
4 years ago
Josh Bleecher Snyder e5894aba42 all: keep UserProfiles a slice instead of a map for longer
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
4 years ago
Brad Fitzpatrick 3bdcfa7193 ipn: remove DisableDERP pref
We depend on DERP for NAT traversal now[0] so disabling it entirely can't
work.

What we'll do instead in the future is let people specify
alternate/additional DERP servers. And perhaps in the future we could
also add a pref for nodes to say when they expect to never need/want
to use DERP for data (but allow it for NAT traversal communication).

But this isn't the right pref and it doesn't work, so delete it.

Fixes #318

[0] https://tailscale.com/blog/how-nat-traversal-works/
4 years ago
Brad Fitzpatrick c41947903a ipn: don't log if legacy prefs don't exist (the normal case these days) 4 years ago
Brad Fitzpatrick 96fd20e3c0 ipn: bail out a bit earlier when a peer doesn't have a DNS name
It's properly handled later in tsdns.NewMap anyway, but there's work
done in the meantime that can be skipped when a peer lacks a DNS name.
It's also more clear that it's okay for it to be blank.
4 years ago
David Anderson 8f5b52e571 net/netns: add windows support.
Also remove rebinding logic from the windows router. Magicsock will
instead rebind based on link change signals.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 4f71319f7c ipn/ipnserver: make ipnserver also be an HTTP server for localhost clients
For now it just says hello to show auth works. More later.
4 years ago
Brad Fitzpatrick 3af64765fd ipn: fix Windows crash from improperly strict assertion 4 years ago
Brad Fitzpatrick 8ecee476f6 ipn: simplify TestLocalLogLines, defer a Shutdown of its LocalBackend
The test's LocalBackend was not shut down (Shutdown both releases
resources and waits for its various goroutines to end). This should
fix the test race we were seeing. It definitely fixes the file
descriptor leak that preventing -race -count=500 from passing before.
4 years ago
Brad Fitzpatrick 68c42530e9 tstest: rename LogListener to LogLineTracker
But mostly to rename tstest.ListenFor which has no mention of log lines in it.
It sounded like a net.Listener or something.
4 years ago
Brad Fitzpatrick 9b07517f18 wgengine: add Engine.SetLinkChangeCallback
Start of making the IPN state machine react to link changes and down
its DNS & routes if necessary to unblock proxy resolution (e.g. for
transitioning from public to corp networks where the corp network has
mandatory proxies and WPAD PAC files that can't be resolved while
using the DNS/routes configured previously)

This change should be a no-op. Just some callback plumbing.
4 years ago
Brad Fitzpatrick 5acbb149a2 ipn/ipnstate: include DNSName in tailscale status --json output 4 years ago
Brad Fitzpatrick 483141094c cmd/tailscale/cli: add basic 'down' subcommand
RELNOTE=yes
4 years ago
halulu f27a57911b
cmd/tailscale: add derp and endpoints status (#703)
cmd/tailscale: add local node's information to status output (by default)

RELNOTE=yes

Updates #477

Signed-off-by: Halulu <lzjluzijie@gmail.com>
4 years ago
Wendi Yu a3fb422a39
ipn: tag and test for grinder log lines (#711)
Signed-off-by: Wendi <wendi.yu@yahoo.ca>
4 years ago
Dmytro Shynkevych a903d6c2ed
tailcfg, tsdns: derive root domains from list of nodes (#708)
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Brad Fitzpatrick 84dc891843 cmd/tailscale/cli: add ping subcommand
For example:

$ tailscale ping -h
USAGE
  ping <hostname-or-IP>

FLAGS
  -c 10                   max number of pings to send
  -stop-once-direct true  stop once a direct path is established
  -verbose false          verbose output

$ tailscale ping mon.ts.tailscale.com
pong from monitoring (100.88.178.64) via DERP(sfo) in 65ms
pong from monitoring (100.88.178.64) via DERP(sfo) in 252ms
pong from monitoring (100.88.178.64) via [2604:a880:2:d1::36:d001]:41641 in 33ms

Fixes #661

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick a275b9d7aa control/controlclient: use less battery when stopped, stop map requests
Updates #604

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick dd97111d06 backoff: update to Go style, document a bit, make 30s explicit
Also, bit of behavior change: on non-nil err but expired context,
don't reset the consecutive failure count. I don't think the old
behavior was intentional.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick b62b07bc2d ipn: jack up the MaxMessageSize from 1MB to 10MB
hello.ipn.dev has a 2.5MB network map
4 years ago
Dmytro Shynkevych 934c63115e
ipn: put Magic DNS domains first
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
David Anderson d64de1ddf7 Revert "cmd/tailscaled: exit gracefully on SIGPIPE"
tailscaled receives a SIGPIPE when CLIs disconnect from it. We shouldn't
shut down in that case.

This reverts commit 43b271cb26.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 358cd3fd92 ipn: fix incorrect change tracking for packet filter.
ORder of operations to trigger a problem:
 - Start an already authed tailscaled, verify you can ping stuff.
 - Run `tailscale up`. Notice you can no longer ping stuff.

The problem is that `tailscale up` stops the IPN state machine before
restarting it, which zeros out the packet filter but _not_ the packet
filter hash. Then, upon restarting IPN, the uncleared hash incorrectly
makes the code conclude that the filter doesn't need updating, and so
we stay with a zero filter (reject everything) for ever.

The fix is simply to update the filterHash correctly in all cases,
so that running -> stopped -> running correctly changes the filter
at every transition.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Dmytro Shynkevych 28e52a0492
all: dns refactor, add Proxied and PerDomain flags from control (#615)
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Avery Pennarun 60c00605d3 ipn/setClientStatus: fix inverted prefsChanged check.
We need to emit Prefs when it *has* changed, not when it hasn't.

Test is added in our e2e test, separately.

Fixes: #620

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
4 years ago
Brad Fitzpatrick cbf71d5eba ipn/ipnserver: fix bug in earlier commit where conn can be stranded
If a connection causes getEngine to transition from broken to fixed,
that connection was getting lost.
4 years ago
Brad Fitzpatrick 9ff5b380cb ipn/ipnserver: staticcheck is not wrong
shamecube.gif
4 years ago
Brad Fitzpatrick 4aba86cc03 ipn/ipnserver: make Engine argument a func that tries again for each connection
So a backend in server-an-error state (as used by Windows) can try to
create a new Engine again each time somebody re-connects, relaunching
the GUI app.

(The proper fix is actually fixing Windows issues, but this makes things better
in the short term)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Dmytro Shynkevych c7582dc234
ipn: fix netmap change tracking and dns map generation (#609)
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
David Anderson 0249236cc0 ipn/ipnstate: record assigned Tailscale IPs.
wgengine/magicsock: use ipnstate to find assigned Tailscale IPs.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Elias Naur 0a42b0a726 ipn: add OSVersion, DeviceModel fields to Prefs and propagate to Hostinfos
Needed for Android.

Signed-off-by: Elias Naur <mail@eliasnaur.com>
4 years ago
Brad Fitzpatrick 3b0514ef6d control/controlclient: rename uflags, give it a type, remove dead code 4 years ago
Dmytro Shynkevych 218de6d530
ipn: load hostname in Start.
This prevents hostname being forced to os.Hostname despite override
when control is contacted for the first time after starting tailscaled.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Brad Fitzpatrick de11f90d9d ipn: remove unused parameter to func LoadPrefs, fix godoc subject 4 years ago
Brad Fitzpatrick 1f923124bf ipn/ipnserver: support simultaneous connections
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 7ba148e54e cmd/tailscale: make tailscale status -active also filter in -json mode 4 years ago
Dmytro Shynkevych d9ac2ada45
ipn: add self to dns map
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Dmytro Shynkevych 30bbbe9467
wgengine/router: dns: unify on *BSD, multimode on Linux, Magic DNS (#536)
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Elias Naur 6e8f0860af ipn: add Login backend command for sign-in with token
The StartLoginInteractive command is for delegating the sign-in flow
to a browser. The Android Gooogle Sign-In SDK inverts the flow by
giving the client ID tokens.

Add a new backend command for accepting such tokens by exposing the existing
controlclient.Client.Login support for OAuth2 tokens. Introduce a custom
TokenType to distinguish ID tokens from other OAuth2 tokens.

Signed-off-by: Elias Naur <mail@eliasnaur.com>
4 years ago
Dmytro Shynkevych 61abab999e
cmd/tailscaled: graceful shutdown (#534)
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Brad Fitzpatrick 96d806789f ipn: add Notify.LocalTCPPort field for macOS Network Extension to use
We want the macOS Network Extension to share fate with the UI frontend,
so we need the backend to know when the frontend disappears.

One easy way to do that is to reuse the existing TCP server it's
already running (for tailscale status clietns).

We now tell the frontend our ephemeral TCP port number, and then have
the UI connect to it, so the backend can know when it disappears.

There are likely Swift ways of doing this, but I couldn't find them
quickly enough, so I reached for the hammer I knew.
4 years ago
Brad Fitzpatrick a8b95571fb ipn, control/controlclient: fix some data races
More remain.

Fixes tailscale/corp#432
4 years ago
Brad Fitzpatrick 3984f9be2f ipn, ipn/ipnserver: add support for serving in error-message-only mode
So Windows service failures can be propagated to the Windows UI client.
4 years ago
Dmytro Shynkevych 67ebba90e1
tsdns: dual resolution mode, IPv6 support (#526)
This change adds to tsdns the ability to delegate lookups to upstream nameservers.
This is crucial for setting Magic DNS as the system resolver.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
4 years ago
Brad Fitzpatrick 6196b7e658 wgengine/magicsock: change API to not permit disco key changes
Generate the disco key ourselves and give out the public half instead.

Fixes #525
4 years ago
Brad Fitzpatrick 630379a1d0 cmd/tailscale: add tailscale status region name, last write, consistently star
There's a lot of confusion around what tailscale status shows, so make it better:
show region names, last write time, and put stars around DERP too if active.

Now stars are always present if activity, and always somewhere.
4 years ago
David Anderson 9cd4e65191 smallzstd: new package that constructs zstd small encoders/decoders.
It's just a config wrapper that passes "use less memory at the
expense of compression" parameters by default, so that we don't
accidentally construct resource-hungry (de)compressors.

Also includes a benchmark that measures the memory cost of the
small variants vs. the stock variants. The savings are significant
on both compressors (~8x less memory) and decompressors (~1.4x less,
not including the savings from the significantly smaller
window on the compression side - with those savings included it's
more like ~140x smaller).

BenchmarkSmallEncoder-8            	   56174	     19354 ns/op	      31 B/op	       0 allocs/op
BenchmarkSmallEncoderWithBuild-8   	    2900	    382940 ns/op	 1746547 B/op	      36 allocs/op
BenchmarkStockEncoder-8            	   48921	     25761 ns/op	     286 B/op	       0 allocs/op
BenchmarkStockEncoderWithBuild-8   	     426	   2630241 ns/op	13843842 B/op	     124 allocs/op
BenchmarkSmallDecoder-8            	  123814	      9344 ns/op	       0 B/op	       0 allocs/op
BenchmarkSmallDecoderWithBuild-8   	   41547	     27455 ns/op	   27694 B/op	      31 allocs/op
BenchmarkStockDecoder-8            	  129832	      9417 ns/op	       1 B/op	       0 allocs/op
BenchmarkStockDecoderWithBuild-8   	   25561	     51751 ns/op	   39607 B/op	      92 allocs/op

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago