Commit Graph

2191 Commits (fe3b1ab7478bfe48c60a140fd060db88ec7c5f35)
 

Author SHA1 Message Date
David Anderson fe3b1ab747 net/dns: refactor dbus connection setup in resolved manager.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 2df6372b67 portlist: de-dup services on same (proto, port) on both IPv4/IPv6
Fixes #1703

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick a8d95a18b2 cmd/tailscale/cli: add up --unattended for Windows
RELNOTE=Windows CLI behavior change: ForceDaemon now off by default

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 34d2f5a3d9 tailcfg: add Endpoint, EndpointType, MapRequest.EndpointType
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).

Use []tailcfg.Endpoint instead of []string internally.

At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.

End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)

Updates tailscale/corp#1543

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick b91f3c4191 ipn/ipnlocal: fix peerapi printf arg mismatch
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick a08d978476 cmd/tailscale/cli: make push get peerapi base via localapi, not TSMP ping
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 1dc2cf4835 cmd/tailscale/cli: add push --targets to list possible targets
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 1f4cf1a4f4 ipn/localapi: only require read access to list file targets
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick d17f96b586 cmd/tailscale/cli: restore SIGINT/SIGTERM on context cancel
This fixes Ctrl-C not interrupting "tailscale push".

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick db5e269463 client/tailscale/apitype: move local API types to new apitype package
They were scattered/duplicated in misc places before.

It can't be in the client package itself for circular dep reasons.

This new package is basically tailcfg but for localhost
communications, instead of to control.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Maisem Ali 1b9d8771dc ipn/ipnlocal,wgengine/router,cmd/tailscale: add flag to allow local lan access when routing traffic via an exit node.
For #1527

Signed-off-by: Maisem Ali <maisem@tailscale.com>
4 years ago
David Anderson 854d5d36a1 net/dns: return error from NewOSManager, use it to initialize NM.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Maisem Ali 4d142ebe06 derp: handle net.ErrClosed in TestSendFreeze
Signed-off-by: Maisem Ali <maisem@tailscale.com>
4 years ago
Brad Fitzpatrick 8e75c8504c ipn/ipnlocal: in direct file mode, don't readdir
And don't even allow attempts at Open/Delete.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 9972c02b60 cmd/tailscale/cli: don't let up change prefs based on implicit flag values
This changes the behavior of "tailscale up".

Previously "tailscale up" always did a new Start and reset all the settings.

Now "tailscale up" with no flags just brings the world [back] up.
(The opposite of "tailscale down").

But with flags, "tailscale up" now only is allowed to change
preferences if they're explicitly named in the flags. Otherwise it's
an error. Or you need to use --reset to explicitly nuke everything.

RELNOTE=tailscale up change

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 9aa33b43e6 net/dns: support split and unsplit DNS in NetworkManager.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick f5742b0647 ipn/ipnlocal: add LocalBackend.SetDirectFileRoot
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 64c80129f1 types/netmap: add some docs/warning to NetworkMap
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick ccb322db04 tailcfg, control/controlclient: make nil MapResponse.DNSConfig mean unchanged (mapver15)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick a3113a793a ipn: add hostname to Prefs.Pretty output
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 4c3f7c06fc ipn/ipnlocal: be consistent in not logging when no notify registered
Some paths already didn't. And in the future I hope to shut all the
notify funcs down end-to-end when nothing is connected (as in the
common case in tailscaled).  Then we can save some JSON encoding work.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 7c0e58c537 ipn/ipnlocal: remove redundant notify nil check
send does it.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick d9ee9a0d3f ipn: set BackendServer's notify earlier; don't require Start
We've been slowly making Start less special and making IPN a
multi-connection "watch" bus of changes, but this Start specialness
had remained.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 8e4d1e3f2c ipn: include err in Notify decode fatal path
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick d5d70ae9ea wgengine/monitor: reduce Linux log spam on down
Fixes #1689

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick c0befee188 portlist: use windows OpenCurrentProcessToken, not GetCurrentProcessToken
The latter only works on Windows 8+.

Also add a TODO to get do this all more efficiently.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick e619296ece portlist: filter out all of 127.0.0.0/8, not just 127.0.0.1/32
Per user private bug report.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick f325aa7e38 portlist: exclude services bound to IPv6 loopback address
Fixes #1683

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 87eb8384f5 net/dns: fix up NetworkManager configurator a bit.
Clear LLMNR and mdns flags, update reasoning for our settings,
and set our override priority harder than before when we want
to be primary resolver.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 303805a389 ipn/localapi: require write access to PATCH prefs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 3d81e6260b net/dns: set resolved DefaultRoute setting according to split-dns mode.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson cca230cc23 net/dns: fix staticcheck errors.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 79109f4965 ipn/ipnlocal: use PATCH for EditPrefs, not POST
Addendum to earlier 00d641d9fc.

Reserve POST for SetPrefs in the future.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
Brad Fitzpatrick 4b47393e0c net/dns: pacify staticcheck for now
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson a7340c2015 net/dns: support split DNS in systemd-resolved.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
Brad Fitzpatrick 00d641d9fc ipn/localapi: move EditPrefs to localapi
Follow-up/revision to recent 53cfff109b which
added EditPrefs.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
4 years ago
David Anderson 84430cdfa1 net/dns: improve NetworkManager detection, using more DBus.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 9a48bac8ad net/dns: rename resolvconf.go to debian_resolvconf.go.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 9831f1b183 net/dns: also include 'tail' and 'base' files when fixing up resolv.conf.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson e43afe9140 net/dns: implement prior config reading for debian resolvconf.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 143e5dd087 net/dns: rename script variable.
Debian resolvconf is not legacy, it's alive and well,
just historically before the other implementations.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 55b39fa945 net/dns: add documentation to openresolv's config fetch.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 61b361bac0 net/dns: teach the openresolv manager to read DNS config.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 19eca34f47 wgengine/router: fix FreeBSD configuration failure on the v6 /48.
On FreeBSD, we add the interface IP as a /48 to work around a kernel
bug, so we mustn't then try to add a /48 route to the Tailscale ULA,
since that will fail as a dupe.

Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 58760f7b82 net/dns: split resolvconfManager into a debian and an openresolv manager.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 5480189313 net/dns: implement a DNS override workaround for legacy resolvconf.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
David Anderson 1a371b93be util/dnsname: add FQDN type, use throughout codebase.
Signed-off-by: David Anderson <danderson@tailscale.com>
4 years ago
AdamKorcz 7a1813fd24 Added 2 fuzzers
Signed-off-by: AdamKorcz <adam@adalogics.com>
4 years ago
Daniel Chung 5e90037f1a api.md: clarify response behaviour for ACL POST endpoint
Signed-off-by: Daniel Chung <daniel@tailscale.com>
4 years ago
Simon Kirillov a64b57e2fb control/controlclient: create tls client config with server hostname instead of serverURL.Host
Signed-off-by: Simon Kirillov <svkirillov3@gmail.com>
4 years ago