Commit Graph

2520 Commits

Author SHA1 Message Date
Josh Bleecher Snyder
f91c2dfaca wgengine/router: remove unused field
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-05-04 08:54:50 -07:00
Josh Bleecher Snyder
bfd2b71926 portlist: suppress staticcheck error
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-05-04 08:54:50 -07:00
Josh Bleecher Snyder
42c8b9ad53 net/tstun: remove unnecessary break statement
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-05-04 08:54:50 -07:00
Josh Bleecher Snyder
61e411344f logtail/filch: add staticcheck annotation
To work around a staticcheck bug when running with GOOS=windows.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-05-04 08:54:50 -07:00
Josh Bleecher Snyder
9360f36ebd all: use lower-case letters at the start of error message
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-05-04 08:54:50 -07:00
Brad Fitzpatrick
962bf74875 cmd/tailscale: fail if tailscaled closes the IPN connection
I was going to write a test for this using the tstest/integration test
stuff, but the testcontrol implementation isn't quite there yet (it
always registers nodes and doesn't provide AuthURLs). So, manually
tested for now.

Fixes #1843

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-05-04 07:51:23 -07:00
Brad Fitzpatrick
68fb51b833 tstest/integration: misc cleanups
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-05-03 14:22:18 -07:00
Brad Fitzpatrick
3237e140c4 tstest/integration: add testNode.AwaitListening, DERP+STUN, improve proxy trap
Updates #1840
2021-05-03 12:14:20 -07:00
David Crawshaw
1f48d3556f cmd/tailscale/cli: don't report outdated auth URL to web UI
This brings the web 'up' logic into line with 'tailscale up'.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2021-05-03 11:18:58 -07:00
David Crawshaw
1336ed8d9e cmd/tailscale/cli: skip new tab on web login
It doesn't work properly.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2021-05-03 11:18:58 -07:00
David Crawshaw
85beaa52b3 paths: add synology socket path
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2021-05-03 11:18:58 -07:00
Josh Bleecher Snyder
64047815b0 wgenengine/magicsock: delete cursed tests
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-05-03 11:09:44 -07:00
Brad Fitzpatrick
ca65c6cbdb cmd/tailscale: make 'file cp' have better error messages on bad targets
Say when target isn't owned by current user, and when target doesn't
exist in netmap.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-05-03 10:33:55 -07:00
Josh Bleecher Snyder
96ef8d34ef ipn/ipnlocal: switch from testify to quicktest
Per discussion, we want to have only one test assertion library,
and we want to start by exploring quicktest.

This was a mostly mechanical translation.
I think we could make this nicer by defining a few helper
closures at the beginning of the test. Later.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-05-03 10:09:13 -07:00
Brad Fitzpatrick
90002be6c0 cmd/tailscale: make pref-revert checks ignore OS-irrelevant prefs
This fixes #1833 in two ways:

* stop setting NoSNAT on non-Linux. It only matters on Linux and the flag
  is hidden on non-Linux, but the code was still setting it. Because of
  that, the new pref-reverting safety checks were failing when it was
  changing.

* Ignore the two Linux-only prefs changing on non-Linux.

Fixes #1833

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-05-03 09:37:50 -07:00
Brad Fitzpatrick
fb67d8311c cmd/tailscale: pull out, parameterize up FlagSet creation for tests
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-05-03 09:23:55 -07:00
Brad Fitzpatrick
98d7c28faa tstest/integration: start factoring test types out to clean things up
To enable easy multi-node testing (including inter-node traffic) later.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-30 20:27:05 -07:00
Brad Fitzpatrick
f6e3240dee cmd/tailscale/cli: add test to catch ipn.Pref additions 2021-04-30 13:29:06 -07:00
Avery Pennarun
6caa02428e cmd/tailscale/cli/up: "LoggedOut" pref is implicit.
There's no need to warn that it was not provided on the command line
after doing a sequence of up; logout; up --args. If you're asking for
tailscale to be up, you always mean that you prefer LoggedOut to become
false.

Fixes #1828

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 16:15:04 -04:00
Josh Bleecher Snyder
59026a291d wgengine/wglog: improve wireguard-go logging rate limiting
Prior to wireguard-go using printf-style logging,
all wireguard-go logging occurred using format string "%s".
We fixed that but continued to use %s when we rewrote
peer identifiers into Tailscale style.

This commit removes that %sl, which makes rate limiting work correctly.
As a happy side-benefit, it should generate less garbage.

Instead of replacing all wireguard-go peer identifiers
that might occur anywhere in a fully formatted log string,
assume that they only come from args.
Check all args for things that look like *device.Peers
and replace them with appropriately reformatted strings.

There is a variety of ways that this could go wrong
(unusual format verbs or modifiers, peer identifiers
occurring as part of a larger printed object, future API changes),
but none of them occur now, are likely to be added,
or would be hard to work around if they did.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-04-30 09:45:10 -07:00
Josh Bleecher Snyder
1f94d43b50 wgengine/wglog: delay formatting
The "stop phrases" we use all occur in wireguard-go in the format string.
We can avoid doing a bunch of fmt.Sprintf work when they appear.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-04-30 09:45:10 -07:00
Brad Fitzpatrick
544d8d0ab8 ipn/ipnlocal: remove NewLocalBackendWithClientGen
This removes the NewLocalBackendWithClientGen constructor added in
b4d04a065f and instead adds
LocalBackend.SetControlClientGetterForTesting, mirroring
LocalBackend.SetHTTPTestClient. NewLocalBackendWithClientGen was
weird in being exported but taking an unexported type. This was noted
during code review:

https://github.com/tailscale/tailscale/pull/1818#discussion_r623155669

which ended in:

"I'll leave it for y'all to clean up if you find some way to do it elegantly."

This is more idiomatic.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-30 07:36:53 -07:00
Avery Pennarun
0181a4d0ac ipnlocal: don't pause the controlclient until we get at least one netmap.
Without this, macOS would fail to display its menu state correctly if you
started it while !WantRunning. It relies on the netmap in order to show
the logged-in username.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 09:18:13 -04:00
Avery Pennarun
4ef207833b ipn: !WantRunning + !LoggedOut should not be idle on startup.
There was logic that would make a "down" tailscale backend (ie.
!WantRunning) refuse to do any network activity. Unfortunately, this
makes the macOS and iOS UI unable to render correctly if they start
while !WantRunning.

Now that we have Prefs.LoggedOut, use that instead. So `tailscale down`
will still allow the controlclient to connect its authroutine, but
pause the maproutine. `tailscale logout` will entirely stop all
activity.

This new behaviour is not obviously correct; it's a bit annoying that
`tailsale down` doesn't terminate all activity like you might expect.
Maybe we should redesign the UI code to render differently when
disconnected, and then revert this change.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 09:18:13 -04:00
Avery Pennarun
4f3315f3da ipnlocal: setting WantRunning with EditPrefs was special.
EditPrefs should be just a wrapper around the action of changing prefs,
but someone had added a side effect of calling Login() sometimes. The
side effect happened *after* running the state machine, which would
sometimes result in us going into NeedsLogin immediately before calling
cc.Login().

This manifested as the macOS app not being able to Connect if you
launched it with LoggedOut=false and WantRunning=false. Trying to
Connect() would sent us to the NeedsLogin state instead.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 09:18:13 -04:00
Avery Pennarun
2a4d1cf9e2 Add prefs.LoggedOut to fix several state machine bugs.
Fixes: tailscale/corp#1660

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 09:18:13 -04:00
Avery Pennarun
b0382ca167 ipn/ipnlocal: some state_test cleanups.
This doesn't change the actual functionality. Just some additional
comments and fine tuning.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 09:18:12 -04:00
Avery Pennarun
ac9cd48c80 ipnlocal: fix deadlock when calling Shutdown() from Start().
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 09:17:47 -04:00
Avery Pennarun
ecdba913d0 Revert "ipn/ipnlocal: be authoritative for the entire MagicDNS record tree."
Unfortunately this broke MagicDNS almost entirely.

Updates: tailscale/corp#1706

This reverts commit 1d7e7b49eb.
2021-04-30 06:16:58 -04:00
Brad Fitzpatrick
5e9e11a77d tstest/integration/testcontrol: add start of test control server
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-29 22:51:22 -07:00
Avery Pennarun
19c3e6cc9e types/logger: rate limited: more hysteresis, better messages.
- Switch to our own simpler token bucket, since x/time/rate is missing
  necessary stuff (can't provide your own time func; can't check the
  current bucket contents) and it's overkill anyway.

- Add tests that actually include advancing time.

- Don't remove the rate limit on a message until there's enough room to
  print at least two more of them. When we do, we'll also print how
  many we dropped, as a contextual reminder that some were previously
  lost. (This is more like how the Linux kernel does it.)

- Reformat the [RATE LIMITED] messages to be shorter, and to not
  corrupt original message. Instead, we print the message, then print
  its format string.

- Use %q instead of \"%s\", for more accurate parsing later, if the
  format string contained quotes.

Fixes #1772

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 01:01:15 -04:00
Josh Bleecher Snyder
20e04418ff net/dns: add GOOS build tags
Fixes #1786

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-04-29 21:34:55 -07:00
Avery Pennarun
b7e31ab1a4 ipn: mock controlclient.Client; big ipn.Backend state machine test.
A very long unit test that verifies the way the controlclient and
ipn.Backend interact.

This is a giant sequential test of the state machine. The test passes,
but only because it's asserting all the wrong behaviour. I marked all
the behaviour I think is wrong with BUG comments, and several
additional test opportunities with TODO.

Note: the new test supercedes TestStartsInNeedsLoginState, which was
checking for incorrect behaviour (although the new test still checks
for the same incorrect behaviour) and assumed .Start() would converge
before returning, which it happens to do, but only for this very
specific case, for the current implementation. You're supposed to wait
for the notifications.

Updates: tailscale/corp#1660

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 00:09:35 -04:00
Avery Pennarun
b4d04a065f controlclient: extract a Client interface and rename Client->Auto.
This will let us create a mock or fake Client implementation for use
with ipn.Backend.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30 00:09:35 -04:00
Avery Pennarun
cc3119e27e controlclient: extract State and Status stuff into its own file.
No changes other than moving stuff around.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-29 23:18:25 -04:00
Brad Fitzpatrick
a07a504b16 tstest/integration: use go binary from runtime.GOROOT
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-29 17:04:29 -07:00
David Anderson
bf5fc8edda go.mod: update wireguard-go.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-29 16:36:55 -07:00
David Anderson
1d7e7b49eb ipn/ipnlocal: be authoritative for the entire MagicDNS record tree.
With this change, shared node names resolve correctly on split DNS-supporting
operating systems.

Fixes tailscale/corp#1706

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-29 16:06:01 -07:00
Brad Fitzpatrick
f342d10dc5 tstest/integration: set an HTTP_PROXY to catch bogus requests
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-29 16:00:02 -07:00
Brad Fitzpatrick
80429b97e5 testing: add start of an integration test
Only minimal tailscale + tailscaled for now.

And a super minimal in-memory logcatcher.

No control ... yet.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-29 15:32:27 -07:00
Brad Fitzpatrick
08782b92f7 tstest: add WaitFor helper
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-29 14:43:46 -07:00
Josh Bleecher Snyder
4037fc25c5 types/wgkey: use value receiver with MarshalJSON
Pointer receivers used with MarshalJSON are code rakes.

https://github.com/golang/go/issues/22967
https://github.com/dominikh/go-tools/issues/911

I just stepped on one, and it hurt. Turn it over.
While we're here, optimize the code a bit.

name           old time/op    new time/op    delta
MarshalJSON-8     184ns ± 0%      44ns ± 0%  -76.03%  (p=0.000 n=20+19)

name           old alloc/op   new alloc/op   delta
MarshalJSON-8      184B ± 0%       80B ± 0%  -56.52%  (p=0.000 n=20+20)

name           old allocs/op  new allocs/op  delta
MarshalJSON-8      4.00 ± 0%      1.00 ± 0%  -75.00%  (p=0.000 n=20+20)

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-04-29 14:14:34 -07:00
Josh Bleecher Snyder
7ee891f5fd all: delete wgcfg.Key and wgcfg.PrivateKey
For historical reasons, we ended up with two near-duplicate
copies of curve25519 key types, one in the wireguard-go module
(wgcfg) and one in the tailscale module (types/wgkey).
Then we moved wgcfg to the tailscale module.
We can now remove the wgcfg key type in favor of wgkey.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-04-29 14:14:34 -07:00
David Anderson
bf9ef1ca27 net/dns: stop NetworkManager breaking v6 connectivity when setting DNS.
Tentative fix for #1699

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-29 12:25:47 -07:00
David Anderson
72b6d98298 net/interfaces: return all Tailscale addresses from Tailscale().
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-29 12:25:47 -07:00
Brad Fitzpatrick
b7a497a30b ipn/ipnlocal: make FileTargets check IPN state first
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-29 10:26:53 -07:00
Denton Gentry
b9f8dc7867 workflows: remove coverage
This workflow has been disabled for some time.
It can come back later, when appropriate.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-04-28 17:04:30 -07:00
Brad Fitzpatrick
0c5c16327d version: add IsMacSysExt func
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-28 14:57:04 -07:00
Josh Bleecher Snyder
ae36b57b71 go.mod: upgrade wireguard-go
This should be the last bump before 1.8.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-04-28 11:25:52 -07:00
Josh Bleecher Snyder
9d542e08e2 wgengine/magicsock: always run ReceiveIPv6
One of the consequences of the 	bind refactoring in 6f23087175
is that attempting to bind an IPv6 socket will always
result in c.pconn6.pconn being non-nil.
If the bind fails, it'll be set to a placeholder packet conn
that blocks forever.

As a result, we can always run ReceiveIPv6 and health check it.
This removes IPv4/IPv6 asymmetry and also will allow health checks
to detect any IPv6 receive func failures.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2021-04-28 11:07:14 -07:00