TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-25 19:15:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

*: use WireGuard where logged, printed or named

Browse Source 
Signed-off-by: James Tucker <james@tailscale.com>
This commit is contained in:
James Tucker 2022-05-04 12:10:17 -07:00 committed by James Tucker
parent 2d1849a7b9
commit f9e86e64b7
9 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/tailscale/cli/ping.go
View File

@ -49,8 +49,8 @@
fs := newFlagSet("ping") fs := newFlagSet("ping")
fs.BoolVar(&pingArgs.verbose, "verbose", false, "verbose output") fs.BoolVar(&pingArgs.verbose, "verbose", false, "verbose output")
fs.BoolVar(&pingArgs.untilDirect, "until-direct", true, "stop once a direct path is established") fs.BoolVar(&pingArgs.untilDirect, "until-direct", true, "stop once a direct path is established")
fs.BoolVar(&pingArgs.tsmp, "tsmp", false, "do a TSMP-level ping (through wireguard, but not either host OS stack)") fs.BoolVar(&pingArgs.tsmp, "tsmp", false, "do a TSMP-level ping (through WireGuard, but not either host OS stack)")
fs.BoolVar(&pingArgs.icmp, "icmp", false, "do a ICMP-level ping (through wireguard, but not the local host OS stack)") fs.BoolVar(&pingArgs.icmp, "icmp", false, "do a ICMP-level ping (through WireGuard, but not the local host OS stack)")
fs.IntVar(&pingArgs.num, "c", 10, "max number of pings to send") fs.IntVar(&pingArgs.num, "c", 10, "max number of pings to send")
fs.DurationVar(&pingArgs.timeout, "timeout", 5*time.Second, "timeout before giving up on a ping") fs.DurationVar(&pingArgs.timeout, "timeout", 5*time.Second, "timeout before giving up on a ping")
return fs return fs

2
derp/derp_client.go
View File

@ -485,7 +485,7 @@ func (c *Client) recvTimeout(timeout time.Duration) (m ReceivedMessage, err erro
c.peeked = int(n) c.peeked = int(n)
} else { } else {
// But if for some reason we read a large DERP message (which isn't necessarily // But if for some reason we read a large DERP message (which isn't necessarily
// a Wireguard packet), then just allocate memory for it. // a WireGuard packet), then just allocate memory for it.
// TODO(bradfitz): use a pool if large frames ever happen in practice. // TODO(bradfitz): use a pool if large frames ever happen in practice.
b = make([]byte, n) b = make([]byte, n)
_, err = io.ReadFull(c.br, b) _, err = io.ReadFull(c.br, b)

2
net/packet/tsmp.go
View File

@ -5,7 +5,7 @@
// TSMP is our ICMP-like "Tailscale Message Protocol" for signaling // TSMP is our ICMP-like "Tailscale Message Protocol" for signaling
// Tailscale-specific messages between nodes. It uses IP protocol 99 // Tailscale-specific messages between nodes. It uses IP protocol 99
// (reserved for "any private encryption scheme") within // (reserved for "any private encryption scheme") within
// Wireguard's normal encryption between peers and never hits the host // WireGuard's normal encryption between peers and never hits the host
// network stack. // network stack.
package packet package packet

10
net/tstun/wrap.go
View File

@ -110,9 +110,9 @@ type Wrapper struct {
// inbound packets arrive via UDP and are written into the TUN device; // inbound packets arrive via UDP and are written into the TUN device;
// outbound packets are read from the TUN device and sent out via UDP. // outbound packets are read from the TUN device and sent out via UDP.
// This queue is needed because although inbound writes are synchronous, // This queue is needed because although inbound writes are synchronous,
// the other direction must wait on a Wireguard goroutine to poll it. // the other direction must wait on a WireGuard goroutine to poll it.
// //
// Empty reads are skipped by Wireguard, so it is always legal // Empty reads are skipped by WireGuard, so it is always legal
// to discard an empty packet instead of sending it through t.outbound. // to discard an empty packet instead of sending it through t.outbound.
// //
// Close closes outbound. There may be outstanding sends to outbound // Close closes outbound. There may be outstanding sends to outbound
@ -554,7 +554,7 @@ func (t *Wrapper) Read(buf []byte, offset int) (int, error) {
response := t.filterOut(p) response := t.filterOut(p)
if response != filter.Accept { if response != filter.Accept {
metricPacketOutDrop.Add(1) metricPacketOutDrop.Add(1)
// Wireguard considers read errors fatal; pretend nothing was read // WireGuard considers read errors fatal; pretend nothing was read
return 0, nil return 0, nil
} }
} }
@ -713,7 +713,7 @@ func (t *Wrapper) SetFilter(filt *filter.Filter) {
// This path is typically used to deliver synthesized packets to the // This path is typically used to deliver synthesized packets to the
// host networking stack. // host networking stack.
func (t *Wrapper) InjectInboundPacketBuffer(pkt *stack.PacketBuffer) error { func (t *Wrapper) InjectInboundPacketBuffer(pkt *stack.PacketBuffer) error {
buf := make([]byte, PacketStartOffset + pkt.Size()) buf := make([]byte, PacketStartOffset+pkt.Size())
n := copy(buf[PacketStartOffset:], pkt.NetworkHeader().View()) n := copy(buf[PacketStartOffset:], pkt.NetworkHeader().View())
n += copy(buf[PacketStartOffset+n:], pkt.TransportHeader().View()) n += copy(buf[PacketStartOffset+n:], pkt.TransportHeader().View())
@ -733,7 +733,7 @@ func (t *Wrapper) InjectInboundPacketBuffer(pkt *stack.PacketBuffer) error {
// //
// The packet contents are to start at &buf[offset]. // The packet contents are to start at &buf[offset].
// offset must be greater or equal to PacketStartOffset. // offset must be greater or equal to PacketStartOffset.
// The space before &buf[offset] will be used by Wireguard. // The space before &buf[offset] will be used by WireGuard.
func (t *Wrapper) InjectInboundDirect(buf []byte, offset int) error { func (t *Wrapper) InjectInboundDirect(buf []byte, offset int) error {
if len(buf) > MaxPacketSize { if len(buf) > MaxPacketSize {
return errPacketTooBig return errPacketTooBig

4
wgengine/magicsock/magicsock.go
View File

@ -493,7 +493,7 @@ type Options struct {
// whenever it receives a packet from a a peer if it's been more // whenever it receives a packet from a a peer if it's been more
// than ~10 seconds since the last one. (10 seconds is somewhat // than ~10 seconds since the last one. (10 seconds is somewhat
// arbitrary; the sole user just doesn't need or want it called on // arbitrary; the sole user just doesn't need or want it called on
// every packet, just every minute or two for Wireguard timeouts, // every packet, just every minute or two for WireGuard timeouts,
// and 10 seconds seems like a good trade-off between often enough // and 10 seconds seems like a good trade-off between often enough
// and not too often.) // and not too often.)
// The provided func is likely to call back into // The provided func is likely to call back into
@ -1864,7 +1864,7 @@ func (c *Conn) handleDiscoMessage(msg []byte, src netaddr.IPPort, derpNodeSrc ke
} }
// If the first four parts are the prefix of disco.Magic // If the first four parts are the prefix of disco.Magic
// (0x5453f09f) then it's definitely not a valid Wireguard // (0x5453f09f) then it's definitely not a valid WireGuard
// packet (which starts with little-endian uint32 1, 2, 3, 4). // packet (which starts with little-endian uint32 1, 2, 3, 4).
// Use naked returns for all following paths. // Use naked returns for all following paths.
isDiscoMsg = true isDiscoMsg = true

2
wgengine/netstack/netstack.go
View File

@ -162,7 +162,7 @@ func Create(logf logger.Logf, tundev *tstun.Wrapper, e wgengine.Engine, mc *magi
// registered to it. Since in some cases we dynamically register IPs // registered to it. Since in some cases we dynamically register IPs
// based on the packets that arrive, the NIC needs to accept all // based on the packets that arrive, the NIC needs to accept all
// incoming packets. The NIC won't receive anything it isn't meant to // incoming packets. The NIC won't receive anything it isn't meant to
// since Wireguard will only send us packets that are meant for us. // since WireGuard will only send us packets that are meant for us.
ipstack.SetPromiscuousMode(nicID, true) ipstack.SetPromiscuousMode(nicID, true)
// Add IPv4 and IPv6 default routes, so all incoming packets from the Tailscale side // Add IPv4 and IPv6 default routes, so all incoming packets from the Tailscale side
// are handled by the one fake NIC we use. // are handled by the one fake NIC we use.

2
wgengine/pendopen.go
View File

@ -189,7 +189,7 @@ func (e *userspaceEngine) onOpenTimeout(flow flowtrack.Tuple) {
// node. // node.
return return
} }
e.logf("open-conn-track: timeout opening %v; target node %v in netmap but unknown to wireguard", flow, n.Key.ShortString()) e.logf("open-conn-track: timeout opening %v; target node %v in netmap but unknown to WireGuard", flow, n.Key.ShortString())
return return
} }

14
wgengine/userspace.go
View File

@ -77,7 +77,7 @@
// packetSendRecheckWireguardThreshold controls how long we can go // packetSendRecheckWireguardThreshold controls how long we can go
// between packet sends to an IP before checking to see // between packet sends to an IP before checking to see
// whether this IP address needs to be added back to the // whether this IP address needs to be added back to the
// Wireguard peer oconfig. // WireGuard peer oconfig.
packetSendRecheckWireguardThreshold = 1 * time.Minute packetSendRecheckWireguardThreshold = 1 * time.Minute
) )
@ -221,7 +221,7 @@ type Config struct {
} }
func NewFakeUserspaceEngine(logf logger.Logf, listenPort uint16) (Engine, error) { func NewFakeUserspaceEngine(logf logger.Logf, listenPort uint16) (Engine, error) {
logf("Starting userspace wireguard engine (with fake TUN device)") logf("Starting userspace WireGuard engine (with fake TUN device)")
return NewUserspaceEngine(logf, Config{ return NewUserspaceEngine(logf, Config{
ListenPort: listenPort, ListenPort: listenPort,
RespondToPing: true, RespondToPing: true,
@ -410,7 +410,7 @@ func NewUserspaceEngine(logf logger.Logf, conf Config) (_ Engine, reterr error)
} }
// wgdev takes ownership of tundev, will close it when closed. // wgdev takes ownership of tundev, will close it when closed.
e.logf("Creating wireguard device...") e.logf("Creating WireGuard device...")
e.wgdev = wgcfg.NewDevice(e.tundev, e.magicConn.Bind(), e.wgLogger.DeviceLogger) e.wgdev = wgcfg.NewDevice(e.tundev, e.magicConn.Bind(), e.wgLogger.DeviceLogger)
closePool.addFunc(e.wgdev.Close) closePool.addFunc(e.wgdev.Close)
closePool.addFunc(func() { closePool.addFunc(func() {
@ -435,7 +435,7 @@ func NewUserspaceEngine(logf logger.Logf, conf Config) (_ Engine, reterr error)
} }
}() }()
e.logf("Bringing wireguard device up...") e.logf("Bringing WireGuard device up...")
if err := e.wgdev.Up(); err != nil { if err := e.wgdev.Up(); err != nil {
return nil, fmt.Errorf("wgdev.Up: %w", err) return nil, fmt.Errorf("wgdev.Up: %w", err)
} }
@ -614,12 +614,12 @@ func (e *userspaceEngine) noteRecvActivity(nk key.NodePublic) {
// If the last activity time jumped a bunch (say, at least // If the last activity time jumped a bunch (say, at least
// half the idle timeout) then see if we need to reprogram // half the idle timeout) then see if we need to reprogram
// Wireguard. This could probably be just // WireGuard. This could probably be just
// lazyPeerIdleThreshold without the divide by 2, but // lazyPeerIdleThreshold without the divide by 2, but
// maybeReconfigWireguardLocked is cheap enough to call every // maybeReconfigWireguardLocked is cheap enough to call every
// couple minutes (just not on every packet). // couple minutes (just not on every packet).
if e.trimmedNodes[nk] { if e.trimmedNodes[nk] {
e.logf("wgengine: idle peer %v now active, reconfiguring wireguard", nk.ShortString()) e.logf("wgengine: idle peer %v now active, reconfiguring WireGuard", nk.ShortString())
e.maybeReconfigWireguardLocked(nil) e.maybeReconfigWireguardLocked(nil)
} }
} }
@ -733,7 +733,7 @@ func (e *userspaceEngine) maybeReconfigWireguardLocked(discoChanged map[key.Node
} }
} }
e.logf("wgengine: Reconfig: configuring userspace wireguard config (with %d/%d peers)", len(min.Peers), len(full.Peers)) e.logf("wgengine: Reconfig: configuring userspace WireGuard config (with %d/%d peers)", len(min.Peers), len(full.Peers))
if err := wgcfg.ReconfigDevice(e.wgdev, &min, e.logf); err != nil { if err := wgcfg.ReconfigDevice(e.wgdev, &min, e.logf); err != nil {
e.logf("wgdev.Reconfig: %v", err) e.logf("wgdev.Reconfig: %v", err)
return err return err

2
wgengine/wgcfg/nmcfg/nmcfg.go
View File

@ -49,7 +49,7 @@ func cidrIsSubnet(node *tailcfg.Node, cidr netaddr.IPPrefix) bool {
return true return true
} }
// WGCfg returns the NetworkMaps's Wireguard configuration. // WGCfg returns the NetworkMaps's WireGuard configuration.
func WGCfg(nm *netmap.NetworkMap, logf logger.Logf, flags netmap.WGConfigFlags, exitNode tailcfg.StableNodeID) (*wgcfg.Config, error) { func WGCfg(nm *netmap.NetworkMap, logf logger.Logf, flags netmap.WGConfigFlags, exitNode tailcfg.StableNodeID) (*wgcfg.Config, error) {
cfg := &wgcfg.Config{ cfg := &wgcfg.Config{
Name: "tailscale", Name: "tailscale",