Commit Graph

241 Commits

Author SHA1 Message Date
David Anderson
efc1feedc9 wgengine/router: include more information when iptables ops fail.
The iptables package we use doesn't include command output, so we're
left with guessing what went wrong most of the time. This will at
least narrow things down to which operation failed.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-10 22:14:33 +00:00
David Anderson
e16f7e48a3 wgengine: simplify wgcfg.* to netaddr.* conversion.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-09 03:30:37 +00:00
David Anderson
ccbd0937d0 wgengine: avoid v6 mapped v4 IPs when converting to netaddr types.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-08 23:32:06 +00:00
Wendi Yu
499c8fcbb3
Replace our ratelimiter with standard rate package (#359)
* Replace our ratelimiter with standard rate package

Signed-off-by: Wendi Yu <wendi.yu@yahoo.ca>
2020-05-08 12:30:22 -06:00
David Anderson
b01db109f5 wgengine/router: use inet.af/netaddr, not wgcfg.CIDR.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 23:40:03 -07:00
David Anderson
b8f01eed34 wgengine/router: remove wireguard-go config from settings.
Instead, pass in only exactly the relevant configuration pieces
that the OS network stack cares about.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 19:04:13 -07:00
David Anderson
8861bb5a19 wgengine/router: alter API to support multiple addrs, and use on linux.
FreeBSD and OpenBSD will error out with a complaint if we pass >1 address
right now, but we don't yet so that's okay.
2020-05-08 00:18:18 +00:00
David Anderson
6802481bf5 wgengine/router: don't use gateway routes on linux. 2020-05-07 19:22:50 +00:00
David Anderson
78b1ed39ea wgengine/router: add more documentation. 2020-05-07 18:30:37 +00:00
David Anderson
c9de43cd59 wgengine/router: fix typo.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 18:01:55 +00:00
David Anderson
89af51b84d wgengine: plumb locally advertised subnet routes.
With this change, advertising subnet routes configures the
firewall correctly.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 17:48:49 +00:00
David Anderson
89198b1691 wgengine/router: rewrite netfilter and routing logic.
New logic installs precise filters for subnet routes,
plays nice with other users of netfilter, and lays the
groundwork for fixing routing loops via policy routing.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-06 22:13:38 +00:00
David Anderson
7618d7e677 wgengine/router: simplify some cmd invocations.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-06 22:13:38 +00:00
Brad Fitzpatrick
fefd7e10dc types/structs: add structs.Incomparable annotation, use it where applicable
Shotizam before and output queries:

sqlite> select sum(size) from bin where func like 'type..%';
129067
=>
120216
2020-05-03 14:05:32 -07:00
David Anderson
755fd9253c wgengine/router: fix up docstring.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-30 13:37:40 -07:00
David Anderson
1ac570def7 wgengine/router: split out from wgengine.
The router implementations are logically separate, with their own API.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-30 13:31:24 -07:00
Avery Pennarun
ee3395e63a wgengine/filter: fix linter warning.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-30 06:16:53 -04:00
Avery Pennarun
65fbb9c303 wgengine/filter: support subnet mask rules, not just /32 IPs.
This depends on improved support from the control server, to send the
new subnet width (Bits) fields. If these are missing, we fall back to
assuming their value is /32.

Conversely, if the server sends Bits fields to an older client, it will
interpret them as /32 addresses. Since the only rules we allow are
"accept" rules, this will be narrower or equal to the intended rule, so
older clients will simply reject hosts on the wider subnet (fail
closed).

With this change, the internal filter.Matches format has diverged
from the wire format used by controlclient, so move the wire format
into tailcfg and convert it to filter.Matches in controlclient.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-30 04:56:43 -04:00
Avery Pennarun
85e675940d wgengine/filter: allow ICMP response packets.
Longer term, we should probably update the packet filter to be fully
stateful, for both TCP and ICMP. That is, only ICMP packets related to
a session *we* initiated should be allowed back in. But this is
reasonably secure for now, since wireguard is already trimming most
traffic. The current code would not protect against eg. Ping-of-Death style
attacks from VPN nodes.

Fixes tailscale/tailscale#290.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
Brad Fitzpatrick
e1526b796e ipn: don't listen on the unspecified address in test
To avoid the Mac firewall dialog of (test) death.

See 4521a59f30
which I added to help debug this.
2020-04-28 19:20:02 -07:00
Brad Fitzpatrick
18017f7630 ipn, wgengine/magicsock: be more idle when in Stopped state with no peers
(Previously as #288, but with some more.)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-28 13:41:29 -07:00
fgergo
8296c934ac Update ifconfig_windows.go
OLE calls sometimes unexpectedly fail, but retries can succeed. Change panic() to return errors. This way ConfigureInterface() retries can succeed.
2020-04-27 19:57:57 -07:00
David Anderson
9669b85b41 wgengine/magicsock: wait for endpoint updater goroutine when closing.
Fixes #204.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-27 14:46:10 -07:00
Elias Naur
2dac4f2b24 wgengine/monitor: disable monitor on Android
Netlink is not supported on Android.

Signed-off-by: Elias Naur <mail@eliasnaur.com>
2020-04-24 06:35:31 -07:00
Brad Fitzpatrick
268d331cb5 wgengine/magicsock: prune key.Public-keyed on peer removals
Fixes #215
2020-04-18 08:48:01 -07:00
Brad Fitzpatrick
00d053e25a wgengine/magicsock: fix slow memory leak as peer endpoints move around
Updates #215
2020-04-18 08:28:10 -07:00
Brad Fitzpatrick
7fc97c5493 wgengine/magicsock: use netaddr more
In prep for deleting from the ever-growing maps.
2020-04-17 15:15:42 -07:00
Brad Fitzpatrick
6fb30ff543 wgengine/magicsock: start using inet.af/netaddr a bit 2020-04-17 13:51:52 -07:00
David Anderson
afbfe4f217 wgengine: drop wireguard MTU to 1280 bytes.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-14 16:36:28 -07:00
Avery Pennarun
dc9b39e3fb wgengine/windows: use new winipcfg.Sync{Addresses,Routes} functions.
This avoids flushing and reloading the whole list of addresses and
routes whenever remote node information changes.
2020-04-13 13:20:20 -04:00
Brad Fitzpatrick
adf74c75ed wgengine: also diagnose not-yet-rebooted system updates on Arch 2020-04-13 09:22:08 -07:00
Brad Fitzpatrick
45f2b53aca all: remove unnecessary trailing newlines in format patterns for consistency
And document on logger.Logf that it's unnecessary.
2020-04-11 08:35:34 -07:00
Brad Fitzpatrick
a7e7c7b548 wgengine/magicsock: close derp connections on rebind
Fixes #276

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-10 20:43:00 -07:00
Brad Fitzpatrick
614261d00d wgengine/magicsock: reset AddrSet states on Rebind
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-10 20:27:35 -07:00
Brad Fitzpatrick
c0697e1feb net/interfaces: add IsExpensive and up state to State
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-10 20:25:12 -07:00
Brad Fitzpatrick
a55c4217db wgengine: diagnose why CreateTUN might've failed for users
Fixes #273

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-10 20:16:27 -07:00
Brad Fitzpatrick
3a3b64301e wgengine: quiet some engine reconfig logging, make more consistent
Updates #282

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-10 13:53:01 -07:00
Brad Fitzpatrick
1ec27dbb5b wgengine: remove an allocation in reconfig
Minor.
2020-04-10 08:22:13 -07:00
David Crawshaw
5b95aa81ea wgengine: remove IpcSetOperation on LinkChange
This was only done occasionally, but was extremely disruptive
when done and is no longer necessary.

It used to be that when switching links, we had to immediately
generate handshakes to everyone we were communicating with to
punch a hole in any NAT we were talking through. (This ended up
not really working, because in the process we got rid of our
session keys and ended up having a futile conversation for many
seconds.)

Now we have DERP, our link change propogates to the other side
as a new list of endpoints, so they start spraying packets.
We will definitely get one thanks to DERP, which will cause us
to spray, opening any NAT we are behind.

The result is that for good connections, we don't trash session
keys and cause an interruption.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-04-10 15:07:20 +10:00
Brad Fitzpatrick
922d9546bf wgengine: don't allocate so much in userspaceEngine.getStatus
It was one of the top garbage producers on my phone.

It's slated to be deleted and replaced anyway, but this helps in the
meantime.

The go.sum changes look scary, but the new dep only adds 240 bytes to
the binary. The go.sum noise is just cmd/go being aggressive in
including a lot of stuff (which is being fixed in Go 1.15, for what I
understand). And I ran a go mod tidy, which added some too. (I had to
write a custom wrapper around go mod tidy because this mod tidy
normally breaks on tailscale.io/control being missing but referenced
in tests)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-09 12:49:17 -07:00
Brad Fitzpatrick
0f64d7f9cc wgengine: remove a tiny allocation
Drop in the bucket compared to the larger issues, but noticed it
when looking at pprof.
2020-04-07 22:23:40 -07:00
Blake Gentry
e19287f60f wgengine/magicsock: fix Conn docs type reference
The docs on magicsock.Conn stated that they implemented the
wireguard/device.Bind interface, yet this type does not exist. In
reality, the Conn type implements the wireguard/conn.Bind interface.

I also fixed a small typo in the same file.

Signed-off-by: Blake Gentry <blakesgentry@gmail.com>
2020-04-06 15:11:56 -07:00
Brad Fitzpatrick
50aeb5b9ad wgengine: unexport some windows funcs 2020-04-05 08:23:53 -07:00
Brad Fitzpatrick
322499473e cmd/tailscaled, wgengine, ipn: add /debug/ipn handler with world state
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-26 14:26:24 -07:00
Brad Fitzpatrick
2d48f92a82 wgengine/magicsock: re-stun every [20,27] sec, not 28
28 is cutting it close, and we think jitter will help some spikes
we're seeing.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-25 14:25:33 -07:00
Brad Fitzpatrick
577f321c38 wgengine/magicsock: revise derp fallback logic
Revision to earlier 6284454ae5

Don't be sticky if we have no peers.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-25 13:09:18 -07:00
Brad Fitzpatrick
2e420ad8b6 wgengine, wgengine/filter: minor doc, style, performance, locking changes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-25 08:41:01 -07:00
Brad Fitzpatrick
6284454ae5 wgengine/magicsock: if UDP blocked, pick DERP where most peers are
Updates #207

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-25 08:00:44 -07:00
Avery Pennarun
f53e78e0d5 wgengine: don't lose filter state on filter reconfig.
We were abandoning the UDP port LRU every time we got a new packet
filter from tailcontrol, which caused return packets to suddenly stop
arriving.
2020-03-25 04:52:41 -04:00
Brad Fitzpatrick
d321190578 wgengine/magicsock: stringify [IPv6]:port normally in AddrSet.String 2020-03-24 13:40:43 -07:00
Brad Fitzpatrick
3c3ea8bc8a wgengine/magicsock: finish IPv6 transport support
DEBUG_INCLUDE_IPV6=1 is still required, but works now.

Updates #18 (fixes it, once env var gate is removed)
2020-03-24 10:56:22 -07:00
Brad Fitzpatrick
82ed7e527e wgengine/magicsock: remove log allocation
This was the whole point but I goofed at the last line.
2020-03-24 08:14:47 -07:00
Brad Fitzpatrick
8454bbbda5 wgengine/magicsock: more logging improvements
* remove endpoint discovery noise when results unchanged
* consistently spell derp nodes as "derp-N"
* replace "127.3.3.40:" with "derp-" in CreateEndpoint log output
* stop early DERP setup before SetPrivateKey is called;
  it just generates log nosie
* fix stringification of peer ShortStrings (it had an old %x on it,
  rendering it garbage)
* describe why derp routes are changing, with one of:
  shared home, their home, our home, alt
2020-03-24 08:12:55 -07:00
Brad Fitzpatrick
680311b3df wgengine/magicsock: fix few remaining logs without package prefix 2020-03-23 22:11:49 -07:00
Brad Fitzpatrick
c473927558 wgengine/magicsock: clean up, add, improve DERP logs 2020-03-23 21:57:58 -07:00
Brad Fitzpatrick
ea9310403d wgengine/magicsock: re-STUN on DERP connection death
Fixes #201
2020-03-23 13:19:33 -07:00
Brad Fitzpatrick
1ab5b31c4b derp, magicsock: send new "peer gone" frames when previous sender disconnects
Updates #150 (not yet enabled by default in magicsock)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-22 21:00:47 -07:00
Brad Fitzpatrick
b6f77cc48d wgengine/magicsock: return early, outdent in derpWriteChanOfAddr 2020-03-22 14:08:59 -07:00
Brad Fitzpatrick
dd31285ad4 wgengine/magicsock: send IPv6 using pconn6, if available
In prep for IPv6 support. Nothing should make it this far yet.
2020-03-20 14:30:12 -07:00
Brad Fitzpatrick
af277a6762 controlclient, magicsock: add debug knob to request IPv6 endpoints
Add opt-in method to request IPv6 endpoints from the control plane.
For now they should just be skipped. A previous version of this CL was
unconditional and reportedly had problems that I can't reproduce. So
make it a knob until the mystery is solved.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-20 14:27:24 -07:00
Brad Fitzpatrick
221e7d7767 wgengine/magicsock: make log message include DERP port (node) 2020-03-20 13:51:20 -07:00
Brad Fitzpatrick
33bdcabf03 wgengine/magicsock: call stun callback w/ only valid part of STUN packet 2020-03-20 13:44:27 -07:00
David Anderson
0be475ba46 Revert "tailcfg, controlclient, magicsock: request IPv6 endpoints, but ignore them"
Breaks something deep in wireguard or magicsock's brainstem, no packets at all
can flow. All received packets fail decryption with "invalid mac1".

This reverts commit 94024355ed.

Signed-off-by: David Anderson <dave@natulte.net>
2020-03-20 03:26:17 -07:00
Brad Fitzpatrick
94024355ed tailcfg, controlclient, magicsock: request IPv6 endpoints, but ignore them
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-19 21:01:52 -07:00
Brad Fitzpatrick
60ea635c6d wgengine/magicsock: delete inaccurate comment
I meant to include this in the earlier commit.
2020-03-19 19:48:02 -07:00
Brad Fitzpatrick
a184e05290 wgengine/magicsock: listen on udp6, use it for STUN, report endpoint
More steps towards IPv6 transport.

We now send it to tailcontrol, which ignores it.

But it doesn't actually actually support IPv6 yet (outside of STUN).

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-19 13:54:38 -07:00
Brad Fitzpatrick
7caa288213 wgengine/magicsock: rename pconn field to pconn4, in prep for pconn6 2020-03-19 08:49:30 -07:00
David Crawshaw
addbdce296 wgengine, ipn: include number of active DERPs in status
Use this when making the ipn state transition from Starting to
Running. This way a network of quiet nodes with no active
handshaking will still transition to Active.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-19 17:55:16 +11:00
David Crawshaw
1ad78ce698 magicsock: reconnect to home DERP on key change
Typically the home DERP server is found and set on startup before
magicsock's SetPrivateKey can be called, so no DERP connection is
established. Make sure one is by kicking the home DERP tires in
SetPrivateKey.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-19 17:53:44 +11:00
David Crawshaw
455ba751d9 magicsock: start connection to HOME derp immediately
The code as written intended to do this, but it repeated the
comparison of derpNum and c.myDerp after c.myDerp had been
updated, so it never executed.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-19 17:36:30 +11:00
David Anderson
315a5e5355 scripts: add a license header checker.
Signed-off-by: David Anderson <dave@natulte.net>
2020-03-17 21:34:44 -07:00
Brad Fitzpatrick
e085aec8ef all: update to wireguard-go API changes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-17 08:53:05 -07:00
Brad Fitzpatrick
db2436c7ff wgengine/magicsock: don't interrupt endpoint updates, merge all mutex into one
Before, endpoint updates were constantly being interrupted and resumed
on Linux due to tons of LinkChange messages from over-zealous Linux
netlink messages (from router_linux.go)

Now that endpoint updates are fast and bounded in time anyway, just
let them run to completion, but note that another needs to be
scheduled after.

Now logs went from pages of noise to just:

root@taildoc:~# grep -i -E 'stun|endpoint update' log
2020/03/13 08:51:29 magicsock.Conn: starting endpoint update (initial)
2020/03/13 08:51:30 magicsock.Conn.ReSTUN: endpoint update active, need another later ("link-change-minor")
2020/03/13 08:51:31 magicsock.Conn: starting endpoint update (link-change-minor)
2020/03/13 08:51:31 magicsock.Conn.ReSTUN: endpoint update active, need another later ("link-change-minor")
2020/03/13 08:51:33 magicsock.Conn: starting endpoint update (link-change-minor)
2020/03/13 08:51:33 magicsock.Conn.ReSTUN: endpoint update active, need another later ("link-change-minor")
2020/03/13 08:51:35 magicsock.Conn: starting endpoint update (link-change-minor)
2020/03/13 08:51:35 magicsock.Conn.ReSTUN: endpoint update active, need another later ("link-change-minor")

Or, seen in another run:

2020/03/13 08:45:41 magicsock.Conn: starting endpoint update (periodic)
2020/03/13 08:46:09 magicsock.Conn: starting endpoint update (periodic)
2020/03/13 08:46:21 magicsock.Conn: starting endpoint update (link-change-major)
2020/03/13 08:46:37 magicsock.Conn: starting endpoint update (periodic)
2020/03/13 08:47:05 magicsock.Conn: starting endpoint update (periodic)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-13 09:34:11 -07:00
Brad Fitzpatrick
db31550854 wgengine: don't Reconfig on boring link changes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-13 07:45:59 -07:00
Brad Fitzpatrick
b9c6d3ceb8 netcheck: work behind UDP-blocked networks again, add tests
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-12 14:49:06 -07:00
Brad Fitzpatrick
bc73dcf204 wgengine/magicsock: don't block in Send waiting for derphttp.Send
Fixes #137
Updates #109
Updates #162
Updates #163

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-12 12:19:12 -07:00
Brad Fitzpatrick
8807913be9 wgengine/magicsock: wait for previous DERP goroutines to end before new ones
Updates #109 (hopefully fixes, will wait for graphs to be happy)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-12 12:19:12 -07:00
Brad Fitzpatrick
eff6dcdb4e wgengine/magicsock: log more about why we're re-STUNing 2020-03-12 12:09:25 -07:00
Brad Fitzpatrick
b3ddf51a15 wgengine/magicsock: add a pointer value for logging
Updates #109

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-11 15:12:19 -07:00
Brad Fitzpatrick
b0f8931d26 wgengine/magicsock: make a test signature a bit more explicit 2020-03-11 09:51:33 -07:00
David Crawshaw
7ec54e0064 wgengine/magicsock: remove TODO
The TODO above derphttp.NewClient suggests it does network I/O,
but the derphttp client connects lazily and so creating one is
very cheap.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-11 12:17:37 -04:00
Brad Fitzpatrick
01b4bec33f stunner: re-do how Stunner works
It used to make assumptions based on having Anycast IPs that are super
near. Now we're intentionally going to a bunch of different distant
IPs to measure latency.

Also, optimize how the hairpin detection works. No need to STUN on
that socket. Just use that separate socket for sending, once we know
the other UDP4 socket's endpoint. The trick is: make our test probe
also a STUN packet, so it fits through magicsock's existing STUN
routing.

This drops netcheck from ~5 seconds to ~250-500ms.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-11 08:08:48 -07:00
David Anderson
77af7e5436 wgengine/magicsock: mark test logfunc as a helper.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-03-10 18:00:37 -07:00
David Anderson
7eda3af034 wgengine/magicsock: clean up derp http servers on shutdown.
Failure to do this leads to fd exhaustion at -count=10000,
and increasingly poor execution north of -count=100.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-03-10 18:00:37 -07:00
David Anderson
d651715528 wgengine/magicsock: synchronize test STUN shutdown.
Failure to do so triggers either a data race or a panic
in the testing package, due to racey use of t.Logf.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-03-10 18:00:37 -07:00
David Anderson
86baf60bd4 wgengine/magicsock: synchronize epUpdate cleanup on shutdown.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-03-10 18:00:37 -07:00
Brad Fitzpatrick
023df9239e Move linkstate boring change filtering to magicsock
So we can at least re-STUN on boring updates.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-10 12:50:03 -07:00
David Anderson
592fec7606 wgengine/magicsock: move device close to uncursed portion of test.
Device close used to suffer from deadlocks, but no longer.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-03-10 11:57:57 -07:00
Brad Fitzpatrick
a265d7cbff wgengine/magicsock: in STUN-disabled test mode, let endpoint discovery proceed 2020-03-10 11:35:43 -07:00
Brad Fitzpatrick
5c1e443d34 wgengine/monitor: don't call LinkChange when interfaces look unchanged
Basically, don't trust the OS-level link monitor to only tell you
interesting things. Sanity check it.

Also, move the interfaces package into the net directory now that we
have it.
2020-03-10 11:03:19 -07:00
Brad Fitzpatrick
39c0ae1dba derp/derpmap: new DERP config package, merge netcheck into magicsock more
Fixes #153
Updates #162
Updates #163

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-10 10:37:25 -07:00
Brad Fitzpatrick
4800926006 wgengine/magicsock: add AddrSet appendDests+UpdateDst tests 2020-03-09 09:13:28 -07:00
David Crawshaw
e201f63230 magicsock: unskip tests that are reliable
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-08 09:29:37 -04:00
David Crawshaw
0f73070a57 wgengine: shut down wireguard on Close
This was (presumably) missing from wgengine because the
interactions between magicsock and wireguard-go meant that the
shutdown never worked. Now those are fixed, actually shut down.

Fixes occasional flake in expanded ipn/e2e_test.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-08 09:03:27 -04:00
David Crawshaw
ce7f6b2df1 wgengine: have pinger use all single-IP routes
Fixes #139

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-08 07:09:38 -04:00
Martin Baillie
8ae3ba0cf5 wgengine: define default tunname for each platform
The device name "tailscale0" will be used for all platforms except for
OpenBSD where "tun" is enforced by the kernel. `CreateTUN()` in
`wireguard-go` will select the next available "tunX" device name on the
OpenBSD system.

Signed-off-by: Martin Baillie <martin@baillie.email>
2020-03-07 21:40:01 -08:00
David Anderson
bb93d7aaba wgengine/magicsock: plumb logf throughout, and expose in Options.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-03-07 14:11:28 -08:00
Brad Fitzpatrick
f42b9b6c9a wgengine/magicsock: don't discard UDP packet on UDP+DERP race
Fixes #155

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-07 14:09:06 -08:00
David Anderson
e3172ae267 wgengine/magicsock: uncurse TestDeviceStartStop, let CI run it.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-03-06 20:43:57 -08:00
David Anderson
f265603110 wgengine/magicsock: fix data race in ReceiveIPv4.
The UDP reader goroutine was clobbering `n` and `err` from the
main goroutine, whose accesses are not synchronized the way `b` is.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-03-06 20:41:15 -08:00