Fixes https://github.com/tailscale/corp/issues/5198
The upstream forwarder will block indefinitely on `udpconn.ReadFrom` if no
reply is recieved, due to the lack of deadline on the connection object.
There still isn't a deadline on the connection object, but the automatic closing
of the context on deadline expiry will close the connection via `closeOnCtxDone`,
unblocking the read and resulting in a normal teardown.
Signed-off-by: Tom DNetto <tom@tailscale.com>
This fixes the "tailscale up --authkey=... --ssh" path (or any "up"
path that used Start instead of EditPrefs) which wasn't setting the
bit.
Updates #3802
Change-Id: Ifca532ec58296fedcedb5582312dfee884367ed7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Profiling identified this as a fairly hot path for growing a slice.
Given this is only used in control & when a new packet filter is received, this shouldnt be hot in the client.
The prefix is a signal to tsweb to treat this as a gauge metric when
generating the Prometheus version.
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
We were marking them as gauges, but they are only ever incremented,
thus counter is more appropriate.
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
Enables the behavior described in the statepath flag, where if only
statedir is passed, then state is statedir/tailscaled.state.
Signed-off-by: James Tucker <james@tailscale.com>
For bb6009ec7c
(The cherry-picked fix for golang/go#51776)
Change-Id: Ib4a67c0f82256c62989fbba2cc9c15b728313ebd
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This has the added benefit of displaying the MOTD and reducing our
dependency on the DBus interface.
Fixes#4627
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
The hujson package transition to just being a pure AST
parser and formatter for HuJSON and not an unmarshaler.
Thus, parse HuJSON as such, convert it to JSON,
and then use the standard JSON unmarshaler.
Signed-off-by: Joe Tsai <joetsai@digital-static.net>
* net/dns, wgengine: implement DNS over TCP
Signed-off-by: Tom DNetto <tom@tailscale.com>
* wgengine/netstack: intercept only relevant port/protocols to quad-100
Signed-off-by: Tom DNetto <tom@tailscale.com>
It's unused and we've decided it's not what we want.
Change-Id: I425a0104e8869630b498a0adfd0f455876d6f92b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
There has been a lot of talk about Bees at Tailscale recently, and
naturally, with it being Tailscale, we thought to ourselves:
Do Bees have a tail and/or scales?
Tailscale has a long track record of scientific rigor around the
validity of the inclusions on the tails and scales list, and this time
will be no exception.
Our research has found that Bees, in particular the Honey Bee, produces
wax scales on their abdomens and thus should be included. As for tails;
'Stabby-tails' - Tailscale Employee, 2022
No further justification needed, it will be included.
This change includes Bee in both tails.txt and scales.txt.
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
Currently, when SetNetInfo is called it sets the value on
hostinfo.NetInfo. However, when SetHostInfo is called it overwrites the
hostinfo field which may mean it also clears out the NetInfo it had just
received.
This commit stores NetInfo separately and combines it into Hostinfo as
needed so that control is always notified of the latest values.
Also, remove unused copies of Hostinfo from ipn.Status and
controlclient.Auto.
Updates #tailscale/corp#4824 (maybe fixes)
Signed-off-by: Maisem Ali <maisem@tailscale.com>
This were intended to be pushed to #4408, but in my excitement I
forgot to git push :/ better late than never.
Signed-off-by: Tom DNetto <tom@tailscale.com>
This change wires netstack with a hook for traffic coming from the host
into the tun, allowing interception and handling of traffic to quad-100.
With this hook wired, magicDNS queries over UDP are now handled within
netstack. The existing logic in wgengine to handle magicDNS remains for now,
but its hook operates after the netstack hook so the netstack implementation
takes precedence. This is done in case we need to support platforms with
netstack longer than expected.
Signed-off-by: Tom DNetto <tom@tailscale.com>
A subsequent commit implements handling of magicDNS traffic via netstack.
Implementing this requires a hook for traffic originating from the host and
hitting the tun, so we make another hook to support this.
Signed-off-by: Tom DNetto <tom@tailscale.com>
Moves magicDNS-specific handling out of Resolver & into dns.Manager. This
greatly simplifies the Resolver to solely issuing queries and returning
responses, without channels.
Enforcement of max number of in-flight magicDNS queries, assembly of
synthetic UDP datagrams, and integration with wgengine for
recieving/responding to magicDNS traffic is now entirely in Manager.
This path is being kept around, but ultimately aims to be deleted and
replaced with a netstack-based path.
This commit is part of a series to implement magicDNS using netstack.
Signed-off-by: Tom DNetto <tom@tailscale.com>
This was work done Nov-Dec 2020 by @c22wen and @chungdaniel.
This is just moving it to another repo.
Co-Authored-By: Christina Wen <37028905+c22wen@users.noreply.github.com>
Co-Authored-By: Christina Wen <christina@tailscale.com>
Co-Authored-By: Daniel Chung <chungdaniel@users.noreply.github.com>
Co-Authored-By: Daniel Chung <daniel@tailscale.com>
Change-Id: I6da3b05b972b54771f796b5be82de5aa463635ca
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Currently the ssh session isn't terminated cleanly, instead the packets
are just are no longer routed to the in-proc SSH server. This makes it
so that clients get a disconnection when the `RunSSH` pref changes to
`false`.
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>