Commit Graph

921 Commits

Author SHA1 Message Date
Brad Fitzpatrick
14abc82033 stun: check high bits in Is, add tests
Also use new stun.TxID type in stunner.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-26 11:34:01 -08:00
Brad Fitzpatrick
2489ea4268 stun: fix IPv6 bug, refactor a bit
Fixes #104

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-26 09:20:46 -08:00
David Crawshaw
6879581891 controlclient: adjust user expiry test
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-26 09:44:42 -05:00
Brad Fitzpatrick
eefafad9f8 ipn: fix some mutex/ownership issues
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 14:07:43 -08:00
David Crawshaw
6d2ac01464 go.mod: bump wireguard-go version
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-25 17:03:20 -05:00
David Crawshaw
44670d0da9 wgengine: revert wgdev.Close on Close from last commit
Causes as-yet-unknown problems in some tests.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-25 17:00:37 -05:00
wardn
9390a3ef55 wgengine: properly clean up freebsd routes and interfaces on close
Signed-off-by: wardn <wardn@users.noreply.github.com>
2020-02-25 16:40:10 -05:00
David Crawshaw
7a3be96199 wgengine: add pinger to generate initial spray packets
For 3 seconds after a successful handshake, wgengine will send a
ping packet every 300ms to its peer. This ensures the spray logic
in magicsock has something to spray.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-25 15:09:08 -05:00
Brad Fitzpatrick
3988ddc85d types/logger: add WithPrefix, use it in two places
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 11:35:46 -08:00
Brad Fitzpatrick
758744a4e3 Fix some Hostinfo value usages from the previous commit. 2020-02-25 11:01:20 -08:00
Brad Fitzpatrick
d8de11a01b control: make Hostinfo accessed by pointer
Fix potential races in copying aliased slices by value.

Also few little doc updates.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 10:35:51 -08:00
Brad Fitzpatrick
824f825552 tsweb, cmd/derper: move common web/debug stuff from derper to new tsweb
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 10:06:56 -08:00
Brad Fitzpatrick
367ffde21a ipn: misc cleanup
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 10:05:14 -08:00
Brad Fitzpatrick
04e6b77774 safesocket: delete incorrect build tag
Leftover from copying one file to another to create safesocket.go
in the earlier documentation change (29f7d64091).
2020-02-25 09:02:52 -08:00
Brad Fitzpatrick
29f7d64091 safesocket: document
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 08:46:34 -08:00
David Crawshaw
a6ad3c46e2 magicsock: spray some normal packets after a handshake
In particular, this is designed to catch the case where a
HandshakeInitiation packet is sent out but the intermediate NATs
have not been primed, so the packet passes over DERP.
In that case, the HandshakeResponse also comes back over DERP,
and the connection proceeds via DERP without ever trying to punch
through the NAT.

With this change, the HandshakeResponse (which was sprayed out
and so primed one NAT) triggers an UpdateDst, which triggers
the extra spray logic.

(For this to work, there has to be an initial supply of packets
to send on to a peer for the three seconds following a handshake.
The source of these packets is left as a future exercise.)

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-24 17:29:35 -05:00
Brad Fitzpatrick
8696b17b5f wgengine/magicsock: turn off DERP log spamminess by default
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-24 10:24:12 -08:00
David Anderson
accf868130 cmd/mkpkg: add flags for debian scripts. 2020-02-24 09:37:06 -08:00
Brad Fitzpatrick
f473965ca1 go.sum: update
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-24 08:48:06 -08:00
Brad Fitzpatrick
7a3b91390b wgengine/magicsock: fix crash in Send when Endpoint isn't an AddrSet
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-24 08:47:20 -08:00
David Crawshaw
868cfae84f wgengine, magicsock: adjust for wireguard-go conn/device package split
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-24 07:30:14 -05:00
David Crawshaw
8994a59e20 go.mod: update wireguard-go version
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-23 13:49:21 -05:00
wardn
c51b8c206d wgengine: resolv.conf spelling corrections
Signed-off-by: wardn <wardn@users.noreply.github.com>
2020-02-22 06:44:56 -08:00
David Crawshaw
ebc70acac7 go.mod: update wireguard-go version 2020-02-21 21:30:00 -05:00
Brad Fitzpatrick
cc7b9b0dff control/controlclient: fix priority of DERP server, add comment 2020-02-21 14:47:05 -08:00
Brad Fitzpatrick
3317531021 derp: fix JSON field typo, sort fields to make it easier to see inconsistencies 2020-02-21 14:18:09 -08:00
Brad Fitzpatrick
6cd81d5d1f derp: add more derp stats for dropped and received packets
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-21 14:13:50 -08:00
Brad Fitzpatrick
c02f4b5a1f control/controlclient: add temporary mechanism to force derp on
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-21 14:09:24 -08:00
Brad Fitzpatrick
525bf1f3d2 wgengine/magicsock: remember fixed port number preference
So LinkChange events rebind to the same port when possible.
2020-02-21 13:51:18 -08:00
Brad Fitzpatrick
c763901b1a cmd/derper: provide debug access over port 80 to trusted (tailscale) IPs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-21 11:52:27 -08:00
David Anderson
cc44e8a443 cmd/mkpkg: add small wrapper around nfpm to build deb/rpm packages.
Signed-Off-By: David Anderson <dave@natulte.net>
2020-02-21 10:45:59 -08:00
Brad Fitzpatrick
2612e54ad1 derp, cmd/derper: add debug handlers, stats
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-21 09:35:53 -08:00
Brad Fitzpatrick
433b917977 interfaces, cmd/tsshd: move interface lookup from tsshd to its own package
For reuse by derper, etc.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-21 08:13:21 -08:00
Brad Fitzpatrick
37e115834e cmd/derper: support logging to logtail
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-21 07:53:22 -08:00
Brad Fitzpatrick
379a3125fd derp, wgengine/magicsock: support more than just packets from Client.Recv
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 22:08:13 -08:00
Brad Fitzpatrick
88f1cc0c98 derp, cmd/derper: add rate limiting support, add default 5Mbps limit
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 15:26:30 -08:00
Brad Fitzpatrick
1166c34f6c derp: fix staticcheck warning
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 14:49:47 -08:00
Brad Fitzpatrick
322cb58b14 derp: deflake test I flaked up in earlier change
I broke an invariant in 11048b8932 (it was even nicely
documented then).

Also clean up the test a bit from while I was debugging it.

Fixes #84

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 14:41:39 -08:00
Brad Fitzpatrick
f029c4c82d derp: change the protocol framing to always include a length
Addresses one of crawshaw's TODOs.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 13:37:44 -08:00
David Anderson
c47f907a27 ipn: use *Prefs rather than Prefs throughout.
Prefs has become a heavy object with non-memcpy copy
semantics. We should not pass such a thing by value.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-20 11:31:10 -08:00
David Anderson
0c55777fed ipn: temporary support for loading legacy relaynode configs.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-20 11:31:10 -08:00
David Crawshaw
4ebc0fa70f wgengine: incremental update of peers on network map change
This is the first, and easier, part of incremental wireguard-go
reconfiguration. It means that a new node appearing on the
network does not cause all existing nodes to re-handshake with
the other nodes they are talking to.

(This code has been running on hello.ipn.dev for a few weeks and
peers have successfully reconnected to it through many network
map updates.)

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-20 13:48:34 -05:00
Brad Fitzpatrick
11048b8932 derp: add docs on current protocol overview, break accept apart a bit
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 09:57:05 -08:00
Brad Fitzpatrick
79af6054bf derp: don't start sending keepalives to client until after serverInfo sent
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 09:34:01 -08:00
Brad Fitzpatrick
1155716318 derp: rename some things in the client, add some docs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 09:11:56 -08:00
Brad Fitzpatrick
4b461c2e77 derp: rename some things in the server, add some docs 2020-02-20 08:50:25 -08:00
Brad Fitzpatrick
d298d5b1f8 wgengine/magicsock: support multiple derp servers, and not just for handshakes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-20 08:10:12 -08:00
Martin Baillie
a9bff99a9b wgengine: add OpenBSD router DNS update handling
Also removes validated TODO comments.

Signed-off-by: Martin Baillie <martin@baillie.email>
2020-02-20 08:03:07 -08:00
David Anderson
5868dd1a77 Lint: remove unused function.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-19 22:09:12 -08:00
Avery Pennarun
57bbafde84 cmd/relaynode: drop local --acl-file in favour of central packet filter.
relaynode itself is not long for this world, deprecated in favour of
tailscale/tailscaled. But now that the control server supports central
distribution of packet filters, let's actually take advantage of it in
a final, backward compatible release of relaynode.
2020-02-20 00:15:43 -05:00