Otherwise we reset DNS configuration to empty after failing to collect
base OS configuration from dns.noopManager, e.g.
```
2025/05/08 05:48:08 wgengine: Reconfig: configuring DNS
2025/05/08 05:48:08 dns: Set: {DefaultResolvers:[] Routes:{cat-ray.ts.net.:[] ts.net.:[199.247.155.53 2620:111:8007::53]}+65arpa SearchDomains:[cat-ray.ts.net.] Hosts:50}
2025/05/08 05:48:08 health(warnable=dns-read-os-config-failed): error: Tailscale failed to fetch the DNS configuration of your device: getting OS base config is not supported
2025/05/08 05:48:08 health(warnable=dns): error: getting OS base config is not supported
2025/05/08 05:48:08 [v1] authReconfig: ra=false dns=true 0x00: getting OS base config is not supported
2025/05/08 05:48:08 [v1] authReconfig: ra=false dns=true 0x00: <nil>
```
It was removed for being unnecessary in 69cdc30c6d41aab2 in 2021
but now we need it for lopower.
Change-Id: I62aca850ad820a83475c8ef7655a08981f23a27f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This is a hack, but should suffice and be fast enough.
I really want to figure out what's keeping that writable fd open.
Fixes#15868
Change-Id: I285d836029355b11b7467841d31432cc5890a67e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Cleanup after #15866. It was using a mix of "b" and "c" before. But "b"
is ambiguous with LocalBackend's usual "b".
Updates #12614
Change-Id: I8c2e84597555ec3db0d783a00ac1c12549ce6706
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
As just discussed on Slack with @nickkhyl.
Updates #12614
Change-Id: I138dd7eaffb274494297567375d969b4122f3f50
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
relayManager will eventually be responsible for handling the allocation
and handshaking of UDP relay server endpoints.
relay servers are endpoint-independent, and Conn must already maintain
handshake state for all endpoints. This justifies a new data structure
to fill these roles.
Updates tailscale/corp#27502
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Previously all tests shared their tailscale+tailscaled binaries in
system /tmp directories, which often leaked, and required TestMain to
clean up (which feature/taildrop didn't use).
This makes it use testing.T.TempDir for the binaries, but still only
builds them once and efficiently as possible depending on the OS
copies them around between each test's temp dir.
Updates #15812
Change-Id: I0e2585613f272c3d798a423b8ad1737f8916f527
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Conn.handleDiscoMessage() now makes a distinction between relay
handshake disco messages and peer disco messages.
Updates tailscale/corp#27502
Signed-off-by: Jordan Whited <jordan@tailscale.com>
Taildrop has never had an end-to-end test since it was introduced.
This adds a basic one.
It caught two recent refactoring bugs & one from 2022 (0f7da5c7dc0).
This is prep for moving the rest of Taildrop out of LocalBackend, so
we can do more refactorings with some confidence.
Updates #15812
Change-Id: I6182e49c5641238af0bfdd9fea1ef0420c112738
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This fixes a refactoring bug introduced in 8b72dd7873201
Tests (that failed on this) are coming in a separate change.
Updates #15812
Change-Id: Ibbf461b4eaefe22ad3005fc243d0a918e8af8981
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
* util/linuxfw: fix delete snat rule
This pr is fixing the bug that in nftables mode setting snat-subnet-routes=false doesn't
delete the masq rule in nat table.
Updates #15661
Signed-off-by: Kevin Liang <kevinliang@tailscale.com>
* change index arithmetic in test to chunk
Signed-off-by: Kevin Liang <kevinliang@tailscale.com>
* reuse rule creation function in rule delete
Signed-off-by: Kevin Liang <kevinliang@tailscale.com>
* add test for deleting the masq rule
Signed-off-by: Kevin Liang <kevinliang@tailscale.com>
---------
Signed-off-by: Kevin Liang <kevinliang@tailscale.com>
This fixes the Taildrop deadlock from 8b72dd787320.
Fixes#15824
Change-Id: I5ca583de20dd0d0b513ce546439dc632408ca1f1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Conn.sendDiscoMessage() now verifies if the destination disco key is
associated with any known peer(s) in a thread-safe manner.
Updates #15844
Signed-off-by: Jordan Whited <jordan@tailscale.com>
And also validate opts for unknown types, before other side effects.
Fixes#15833
Change-Id: I4cabe16c49c5b7566dcafbec59f2cd1e0c8b4b3c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Instead of using the version package (which depends on
tailcfg.CurrentCapabilityVersion) to get the git commit hash, do it
directly using debug.BuildInfo. This way, when changing struct fields in
tailcfg, we can successfully `go generate` it without compiler errors.
Updates #9634
Updates https://github.com/tailscale/corp/issues/26717
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
TS_CONTROL_IS_PLAINTEXT_HTTP no longer does anything as of
8fd471ce5748d2129dba584b4fa14b0d29229299
Updates #13597
Change-Id: I32ae7f8c5f2a2632e80323b1302a36295ee00736
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
