Brad Fitzpatrick
169ff22a84
derp: set NotBefore and NotAfter in DERP server's metacert
...
Fixes regression from e4159912560d611ee23ba187ceb14c0de1ff3d82 that
only affected Windows users because Go only on Windows delegates x509
cert validation to the OS and Windows as unhappy with our "metacert"
lacking NotBefore and NotAfter.
Fixes #705
2020-08-24 14:57:44 -07:00
Dmytro Shynkevych
a903d6c2ed
tailcfg, tsdns: derive root domains from list of nodes ( #708 )
...
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-24 17:27:21 -04:00
renthraysk
10cad39abd
net/stun: Fix STUN attribute padding ( #710 )
...
net/stun: fix STUN attribute padding
Signed-off-by: RenThraysk <renthraysk@gmail.com>
2020-08-24 12:52:13 -07:00
Brad Fitzpatrick
9be1917c5b
net/tshttpproxy: discard secondary Windows proxies for now
2020-08-24 09:21:33 -07:00
Disconnect3d
44598e3e89
wgengine/monitor_freebsd.go: remove duplicated errcheck
...
Signed-off-by: disconnect3d <dominik.b.czarnota@gmail.com>
2020-08-21 09:48:22 -07:00
David Crawshaw
9e2e8c80af
tailcfg: more Clone methods
...
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-08-21 08:38:08 -04:00
Brad Fitzpatrick
7841c97af5
wgengine: make lazy wireguard on by default
...
It can still be explicitly enabled or disabled via the environment variable,
then via control.
But the default is to be lazy now.
2020-08-20 20:21:58 -07:00
Brad Fitzpatrick
557c23517b
version: bump date
2020-08-20 20:21:58 -07:00
Dmytro Shynkevych
6c71e5b851
tsdns: copy name when loewrcasing.
...
The previous approach modifies name in-place in the request slice to avoid an allocation.
This is incorrect: the question section of a DNS request
must be copied verbatim, without any such modification.
Software may rely on it (we rely on other resolvers doing it it in tsdns/forwarder).
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-20 19:02:23 -04:00
Dmytro Shynkevych
1886dfdca3
tsdns: lowercase the name in parseQuery.
...
Domains in DNS should be case-insensitive.
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-20 18:05:40 -04:00
Brad Fitzpatrick
309c15dfdd
types/key: restore Curve25519 clamping in NewPrivate
...
It was lost during a copy from wgcfg.NewPresharedKey (which doesn't
clamp) instead of wgcfg.NewPrivateKey (which does).
Fortunately this was only use for discovery messages (not WireGuard)
and only for ephemeral process-lifetime keys.
2020-08-20 14:25:28 -07:00
Brad Fitzpatrick
e415991256
derp, derp/derphttp: remove one RTT from DERP setup
...
* advertise server's DERP public key following its ServerHello
* have client look for that DEPR public key in the response
PeerCertificates
* let client advertise it's going into a "fast start" mode
if it finds it
* modify server to support that fast start mode, just not
sending the HTTP response header
Cuts down another round trip, bringing the latency of being able to
write our first DERP frame from SF to Bangalore from ~725ms
(3 RTT) to ~481ms (2 RTT: TCP and TLS).
Fixes #693
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-08-20 14:00:55 -07:00
Brad Fitzpatrick
9337a99dff
tailcfg, wgengine, controlclient: add control-side gating of lazy WG config
2020-08-20 13:21:25 -07:00
chungdaniel
4d56d19b46
control/controlclient, wgengine/filter: extract parsePacketFilter to … ( #696 )
...
control/controlclient, wgengine/filter: extract parsePacketFilter to new constructor in wgengine/filter
Signed-off-by: chungdaniel <daniel@tailscale.com>
2020-08-20 10:36:19 -07:00
Brad Fitzpatrick
9cb2df4ddd
derp/derpmap: add London, Dallas, Seattle
2020-08-19 20:49:23 -07:00
Brad Fitzpatrick
1e562886f5
net/netcheck: in verbose mode, probe all regions
...
So 'tailscale netcheck --verbose' shows all regions' latencies.
2020-08-19 20:47:17 -07:00
Brad Fitzpatrick
461db356b9
wgengine/router/dns: fix staticcheck error on Mac
2020-08-19 15:12:30 -07:00
Brad Fitzpatrick
805850add9
derp: remove JSON struct tags in comments
...
They don't work in comments.
Added a test too to show that there's no change in behavior.
(It does case insensitive matching on parse anyway)
2020-08-19 14:36:43 -07:00
Dmytro Shynkevych
1af70e2468
tsdns: delegate requests asynchronously ( #687 )
...
Signed-Off-By: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-19 15:39:25 -04:00
Dmytro Shynkevych
a583e498b0
router/dns: set all domains on Windows ( #672 )
...
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-19 14:16:57 -04:00
Brad Fitzpatrick
287522730d
derp/derphttp: support standard-ish SSLKEYLOGFILE environment variable
...
For debugging.
2020-08-18 19:23:34 -07:00
Brad Fitzpatrick
862d223c39
Switch to Go 1.15.
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-08-18 15:48:30 -07:00
Brad Fitzpatrick
c5eb57f4d6
net/tshttpproxy: new package, support WPAD/PAC proxies on Windows
...
Updates tailscale/corp#553
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-08-18 15:40:56 -07:00
halulu
1835bb6f85
tsweb: rewrite JSONHandler without using reflect ( #684 )
...
Closes #656 #657
Signed-off-by: Zijie Lu <zijie@tailscale.com>
2020-08-18 17:37:01 -04:00
Brad Fitzpatrick
93ffc565e5
derp: remove protocol version 1 support
...
It hasn't existed for a long time and there are no current users.
Fixes #199
2020-08-17 16:17:56 -07:00
Brad Fitzpatrick
6b80bcf112
derp: remove a client round-trip waiting on serverInfo
...
It just has a version number in it and it's not really needed.
Instead just return it as a normal Recv message type for those
that care (currently only tests).
Updates #150 (in that it shares the same goal: initial DERP latency)
Updates #199 (in that it removes some DERP versioning)
2020-08-17 16:15:22 -07:00
Brad Fitzpatrick
f6dc47efe4
tailcfg, controlclient, magicsock: add control feature flag to enable DRPO
...
Updates #150
2020-08-17 13:01:39 -07:00
Brad Fitzpatrick
771e9541c7
cmd/tailscale/cli: appease staticcheck
2020-08-17 13:01:39 -07:00
Brad Fitzpatrick
337c86b89d
control/controlclient: don't crash on invalid filter CIDR from server
...
Fixes #691
2020-08-17 07:56:03 -07:00
Brad Fitzpatrick
e64ab89712
derp/derpmap: add Bangalore and Tokyo
2020-08-14 13:29:14 -07:00
Brad Fitzpatrick
adf4f3cce0
cmd/tailscale/cli: make netcheck sort regions, show full region names
2020-08-14 13:29:02 -07:00
Brad Fitzpatrick
80d0b88a89
derp/derpmap: fix constructor argument order
...
Fix of 3e2bfe48c323a434
2020-08-14 13:21:48 -07:00
Ross Zurowski
f90f35c123
Merge pull request #686 from tailscale/rosszurowski/add-region-name-to-derpmap
...
derpmap: add full region name
2020-08-14 16:11:29 -04:00
Ross Zurowski
3e2bfe48c3
derpmap: add full region name
...
We're beginning to reference DERP region names in the admin UI, so it's
best to consolidate this information in our DERP map.
Signed-off-by: Ross Zurowski <ross@rosszurowski.com>
2020-08-14 15:57:11 -04:00
Josh Bleecher Snyder
062bd67d3b
derp: use rand instead of crypto/rand to generate jitter
...
We don't need crypto/rand. Let the OS keep its entropy bits.
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2020-08-13 14:06:50 -07:00
Brad Fitzpatrick
dbb4c246fa
wgengine/monitor: add Windows linkchange monitor
...
Updates tailscale/corp#553
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-08-13 07:39:26 -07:00
Brad Fitzpatrick
85c3d17b3c
wgengine/magicsock: use disco ping src as a candidate endpoint
...
Consider:
Hard NAT (A) <---> Hard NAT w/ mapped port (B)
If A sends a packet to B's mapped port, A can disco ping B directly,
with low latency, without DERP.
But B couldn't establish a path back to A and needed to use DERP,
despite already logging about A's endpoint and adding a mapping to it
for other purposes (the wireguard conn.Endpoint lookup also needed
it).
This adds the tracking to discoEndpoint too so it'll be used for
finding a path back.
Fixes tailscale/corp#556
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-08-12 21:33:43 -07:00
Brad Fitzpatrick
0512fd89a1
wgengine/magicsock: simplify handlePingLocked
...
It's no longer true that 'de may be nil'
2020-08-12 19:25:38 -07:00
David Anderson
37c19970b3
derp: add a debug option to verbosely log drops to a destination.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-08-12 15:27:01 -07:00
Josh Bleecher Snyder
909c165382
derp: remove two key.Public allocations
...
Reading and writing a [32]byte key to a bufio.Reader/bufio.Writer
can easily by done without allocating. Do so.
It is slower; on my machine, it adds about 100ns per read/write.
However, the overall request takes a minimum of several µs,
and it cuts allocations meaningfully, so it is probably worth it.
name old time/op new time/op delta
SendRecv/msgsize=10-8 9.21µs ± 9% 9.08µs ± 8% ~ (p=0.250 n=15+15)
SendRecv/msgsize=100-8 6.51µs ± 9% 6.60µs ± 7% ~ (p=0.259 n=15+13)
SendRecv/msgsize=1000-8 7.24µs ±13% 7.61µs ±36% ~ (p=1.000 n=11+15)
SendRecv/msgsize=10000-8 19.5µs ±15% 19.9µs ±25% ~ (p=0.890 n=14+15)
name old speed new speed delta
SendRecv/msgsize=10-8 1.09MB/s ± 8% 1.10MB/s ± 8% ~ (p=0.286 n=15+15)
SendRecv/msgsize=100-8 15.4MB/s ± 8% 15.1MB/s ± 6% ~ (p=0.129 n=15+12)
SendRecv/msgsize=1000-8 139MB/s ±15% 135MB/s ±28% ~ (p=1.000 n=11+15)
SendRecv/msgsize=10000-8 516MB/s ±17% 506MB/s ±21% ~ (p=0.880 n=14+15)
name old alloc/op new alloc/op delta
SendRecv/msgsize=10-8 170B ± 1% 108B ± 1% -36.63% (p=0.000 n=15+15)
SendRecv/msgsize=100-8 265B ± 1% 203B ± 1% -23.34% (p=0.000 n=15+15)
SendRecv/msgsize=1000-8 1.18kB ± 1% 1.12kB ± 0% -5.31% (p=0.000 n=14+14)
SendRecv/msgsize=10000-8 18.8kB ± 2% 18.8kB ± 2% ~ (p=0.443 n=12+12)
name old allocs/op new allocs/op delta
SendRecv/msgsize=10-8 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.000 n=15+15)
SendRecv/msgsize=100-8 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.000 n=15+15)
SendRecv/msgsize=1000-8 4.00 ± 0% 2.00 ± 0% -50.00% (p=0.000 n=15+15)
SendRecv/msgsize=10000-8 5.00 ± 0% 3.00 ± 0% -40.00% (p=0.000 n=13+14)
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
2020-08-12 15:15:58 -07:00
Brad Fitzpatrick
b983e5340f
wgengine/monitor: add, clean up netlink logging on route changes
...
Updates #643
2020-08-12 13:27:14 -07:00
Mike Kramlich
6fa7a9a055
wgengine/router/router_userspace_bsd: on Mac the route program syntax expects delete not del -- this had caused router reconfig to fail in some cases. Fixes #673
...
Signed-off-by: Mike Kramlich <groglogic@gmail.com>
2020-08-12 13:22:19 -07:00
Dmytro Shynkevych
95a18f815c
router/dns: detect host endianness for NetworkManager.
...
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-12 16:13:05 -04:00
Brad Fitzpatrick
b97aac1718
net/interfaces: include DefaultRouteInterface in interfaces.State
...
And log it in wgengine on change. Changing bug in #643 .
Updates #643
2020-08-12 12:48:34 -07:00
Brad Fitzpatrick
75225368a4
derp: fix 32-bit struct field alignment
2020-08-11 13:50:16 -07:00
David Anderson
15949ad77d
derp: export the new expvar.
2020-08-11 19:59:08 +00:00
David Anderson
13661e195a
derp: rename "wireguard" packet type to "other".
...
Strictly speaking, we don't know that it's a wireguard packet, just that
it doesn't look like a disco packet.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-08-11 19:30:39 +00:00
David Anderson
1b5b59231b
derp: break down received packets by kind (disco vs. wireguard).
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-08-11 19:16:28 +00:00
David Anderson
c2b63ba363
cmd/microproxy: add a quick hack for some malformed variables.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-08-11 17:22:45 +00:00
Brad Fitzpatrick
5a0c37aafd
logpolicy: consider /var/lib/tailscale when no STATE_DIRECTORY
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-08-10 20:44:32 -07:00