mirror of
https://github.com/tailscale/tailscale.git
synced 2025-08-11 13:18:53 +00:00
logpolicy, ipn/ipnserver: connect to logtail via tailscaled when needed
This is for use by the Windows GUI client to log via when an exit node is in use, so the logs don't go out via the exit node and instead go directly, like tailscaled's. The dialer tried to do that in the unprivileged GUI by binding to a specific interface, but the "Internet Kill Switch" installed by tailscaled for exit nodes precludes that from working and instead the GUI fails to dial out. So, go through tailscaled (with a CONNECT request) instead. Fixes tailscale/corp#3169 Change-Id: I17a8efdc1d4b8fed53a29d1c19995592b651b215 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
committed by
Brad Fitzpatrick
Brad Fitzpatrick
parent
5a9914a92f
commit
3dedcd1640
@@ -8,10 +8,12 @@
|
||||
package logpolicy
|
||||
|
||||
import (
|
||||
"bufio"
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
@@ -40,6 +42,7 @@ import (
|
||||
"tailscale.com/net/tlsdial"
|
||||
"tailscale.com/net/tshttpproxy"
|
||||
"tailscale.com/paths"
|
||||
"tailscale.com/safesocket"
|
||||
"tailscale.com/smallzstd"
|
||||
"tailscale.com/types/logger"
|
||||
"tailscale.com/util/clientmetric"
|
||||
@@ -67,6 +70,15 @@ func getLogTarget() string {
|
||||
return getLogTargetOnce.v
|
||||
}
|
||||
|
||||
// LogHost returns the hostname only (without port) of the configured
|
||||
// logtail server, or the default.
|
||||
func LogHost() string {
|
||||
if v := getLogTarget(); v != "" {
|
||||
return v
|
||||
}
|
||||
return logtail.DefaultHost
|
||||
}
|
||||
|
||||
// Config represents an instance of logs in a collection.
|
||||
type Config struct {
|
||||
Collection string
|
||||
@@ -616,6 +628,24 @@ func NewLogtailTransport(host string) *http.Transport {
|
||||
return c, nil
|
||||
}
|
||||
|
||||
if version.IsWindowsGUI() && strings.HasPrefix(netw, "tcp") {
|
||||
if c, err := safesocket.Connect(safesocket.DefaultConnectionStrategy("")); err == nil {
|
||||
fmt.Fprintf(c, "CONNECT %s HTTP/1.0\r\n\r\n", addr)
|
||||
br := bufio.NewReader(c)
|
||||
res, err := http.ReadResponse(br, nil)
|
||||
if err == nil && res.StatusCode != 200 {
|
||||
err = errors.New(res.Status)
|
||||
}
|
||||
if err != nil {
|
||||
log.Printf("logtail: CONNECT response from tailscaled: %v", err)
|
||||
c.Close()
|
||||
} else {
|
||||
log.Printf("logtail: connected via tailscaled")
|
||||
return c, nil
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// If we failed to dial, try again with bootstrap DNS.
|
||||
log.Printf("logtail: dial %q failed: %v (in %v), trying bootstrap...", addr, err, d)
|
||||
dnsCache := &dnscache.Resolver{
|
||||
|
||||
Reference in New Issue
Block a user