David Anderson
41da7620af
go.mod: update wireguard-go to pick up roaming toggle
...
wgengine/wgcfg: introduce wgcfg.NewDevice helper to disable roaming
at all call sites (one real plus several tests).
Fixes tailscale/corp#3016 .
Signed-off-by: David Anderson <danderson@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-16 13:15:04 -08:00
Brad Fitzpatrick
400ed799e6
net/dns: work around old systemd-resolved setLinkDomain length limit
...
Don't set all the *.arpa. reverse DNS lookup domains if systemd-resolved
is old and can't handle them.
Fixes #3188
Change-Id: I283f8ce174daa8f0a972ac7bfafb6ff393dde41d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-16 12:54:21 -08:00
Brian Fallik
9fa6cdf7bf
fix minor typo
...
Signed-off-by: Brian Fallik <bfallik@gmail.com>
2021-11-16 11:03:43 -08:00
Brad Fitzpatrick
24ea365d48
netcheck, controlclient, magicsock: add more metrics
...
Updates #3307
Change-Id: Ibb33425764a75bde49230632f1b472f923551126
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-16 10:48:19 -08:00
Brad Fitzpatrick
3b541c833e
util/clientmetric, logtail: log metric changes
...
Updates #3307
Change-Id: I1399ebd786f6ff7defe6e11c0eb651144c071574
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-16 08:06:31 -08:00
Brad Fitzpatrick
68917fdb5d
cmd/tailscale/cli: add "debug metrics" subcommand
...
To let users inspect the tailscaled metrics easily.
Updates #3307
Change-Id: I922126ca0626659948c57de74c6ef62f40ef5f5f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-15 15:13:25 -08:00
Brad Fitzpatrick
945290cc3f
cmd/tailscale/cli: migrate hidden debug subcommand to use subcomands
...
It was a mess of flags. Use subcommands under "debug" instead.
And document loudly that it's not a stable interface.
Change-Id: Idcc58f6a6cff51f72cb5565aa977ac0cc30c3a03
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-15 15:03:58 -08:00
Brad Fitzpatrick
57b039c51d
util/clientmetrics: add new package to add metrics to the client
...
And annotate magicsock as a start.
And add localapi and debug handlers with the Prometheus-format
exporter.
Updates #3307
Change-Id: I47c5d535fe54424741df143d052760387248f8d3
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-15 13:46:05 -08:00
David Anderson
c5d572f371
net/dns: correctly handle NetworkManager-managed DNS that points to resolved.
...
Fixes #3304
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-15 12:21:25 -08:00
Brad Fitzpatrick
f7da8c77bd
tstest/integration/testcontrol: fix data race
...
Fix race from 1ec99e99f4e701fa1b9edef9eb0fbe022c5efebd
Fixes #3289
Change-Id: I58158d3f82339ac171fb14827c5f158d602327f4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-11 08:25:16 -08:00
David Anderson
5b94f67956
control/noise: make Conn.readNLocked less surprising.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
a34350ffda
control/noise: factor out nonce checking and incrementing into a type.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
d3acd35a90
control/noise: make message headers match the specification.
...
Only the initiation message should carry a protocol version, all
others are just type+len.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
a63c4ab378
control/noise: don't panic when handling ciphertext.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
4004b22fe5
control/noise: stop using poly1305 package constants.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
293431aaea
control/noise: use key.Machine{Public,Private} as appropriate.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
edb33d65c3
control/noise: don't cache mixer, just rebuild a BLAKE2s each time.
...
This should optimize out fine, and readability is preferable to performance
here.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
7e9e72887c
control/noise: add singleUseCHP, use it to simplify nonce/key tracking in handshake.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
cf90392174
control/noise: review fixups
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
0b392dbaf7
control/noise: adjust implementation to match revised spec.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
89a68a4c22
control/noise: include the protocol version in the Noise prologue.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
5e005a658f
control/noise: fix typo in docstring.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
eabca699ec
control/noise: remove allocations in the encrypt and decrypt paths.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
da7544bcc5
control/noise: implement the base transport for the 2021 control protocol.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
Brad Fitzpatrick
3e1daab704
hostinfo, control/controlclient: tell control when Ubuntu has disabled Tailscale's sources
...
Fixes #3177
Updates #2500
Change-Id: Iff2a8e27ec7d36a1c210263d6218f20ebed37924
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-10 09:56:58 -08:00
Brad Fitzpatrick
d2ef73ed82
control/controlclient: rename a variable to not shadow a package name
...
Change-Id: I1bcb577cb2c47e936d545ad57f308e57399de323
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-10 08:11:29 -08:00
Maisem Ali
d6dde5a1ac
ipn/ipnlocal: handle key extensions after key has already expired
...
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-11-08 18:15:09 -08:00
Maisem Ali
eccc2ac6ee
net/interfaces/windows: update Tailscale interface detection logic to
...
account for new wintun naming.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-11-08 07:44:33 -08:00
Brad Fitzpatrick
ad63fc0510
control/controlclient: make js/wasm work with Go 1.18+
...
Updates #3157
Change-Id: I2d67e582842ab3638d720bb5db4701b878ad4473
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-07 13:49:55 -08:00
Brad Fitzpatrick
87137405e5
ipn/ipnserver: grant js/wasm all localapi permissions
...
Updates #3157
Change-Id: I3b63762583a4d655eac33ce3dfda37a1f5135a57
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-07 12:13:15 -08:00
Brad Fitzpatrick
40e13c316c
paths: add missing js/wasm stub
...
Change-Id: Iae4838f5fa1dc0cd491d5a3ac906fd3cdacb173c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-07 12:13:15 -08:00
Brad Fitzpatrick
0edd2d1cd5
safesocket: add js/wasm implementation with in-memory net.Conn
...
Updates #3157
Change-Id: Ia35b1e259011fb86f8c4e01f62146f9fd4c9b7c6
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-07 12:13:14 -08:00
Brad Fitzpatrick
01bd789c26
ipn/ipnserver: add Server.LocalBackend accessor
...
Was done as part of e6fbc0cd54906c85f58f8d69fb5872886db8811d for ssh
work, but wasn't committed yet. Including it here both to minimize the
ssh diff size, and because I need it for a separate change.
Change-Id: If6eb54a2ca7150ace96488ed14582c2c05ca3422
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-07 11:31:52 -08:00
Michael Stapelberg
b3abdc381d
tsnet: set varRoot state directory field
...
This makes tsnet work on https://gokrazy.org ! 🎉
Signed-off-by: Michael Stapelberg <michael@stapelberg.de>
2021-11-07 10:56:23 -08:00
Brad Fitzpatrick
e6fbc0cd54
cmd/tailscaled, ipn/ipnserver: refactor ipnserver
...
More work towards removing the massive ipnserver.Run and ipnserver.Options
and making composable pieces.
Work remains. (The getEngine retry loop on Windows complicates things.)
For now some duplicate code exists. Once the Windows side is fixed
to either not need the retry loop or to move the retry loop into a
custom wgengine.Engine wrapper, then we can unify tailscaled_windows.go
too.
Change-Id: If84d16e3cd15b54ead3c3bb301f27ae78d055f80
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-05 15:00:02 -07:00
Brad Fitzpatrick
5f36ab8a90
tstest/integration: go generate
...
Change-Id: I49d19007a16261e447240e149deac24c15c93fce
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-05 14:43:51 -07:00
Brad Fitzpatrick
2b082959db
safesocket: add WindowsLocalPort const
...
Remove all the 41112 references.
Change-Id: I2d7ed330d457e3bb91b7e6416cfb2667611e50c4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-05 14:05:13 -07:00
Denton Gentry
1ec99e99f4
tstest: extend node key expiration integration test.
...
Can produce the problem in #2515 , preparing to test a fix.
Marked as t.Skip() until we have a fix.
Updates https://github.com/tailscale/tailscale/issues/2515
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-11-04 11:46:42 -07:00
dependabot[bot]
12148dcf48
go.mod: bump github.com/frankban/quicktest from 1.13.1 to 1.14.0
...
Bumps [github.com/frankban/quicktest](https://github.com/frankban/quicktest ) from 1.13.1 to 1.14.0.
- [Release notes](https://github.com/frankban/quicktest/releases )
- [Commits](https://github.com/frankban/quicktest/compare/v1.13.1...v1.14.0 )
---
updated-dependencies:
- dependency-name: github.com/frankban/quicktest
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-04 09:39:31 -07:00
Brad Fitzpatrick
337757a819
ipn/ipnlocal, control/controlclient: don't propagate all map errors to UI
...
Fixes regression from 81cabf48ec1f0d306f7dcf0c8a58a6eae6594c76 which made
all map errors be sent to the frontend UI.
Fixes #3230
Change-Id: I7f142c801c7d15e268a24ddf901c3e6348b6729c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-03 17:56:54 -07:00
David Anderson
0532eb30db
all: replace tailcfg.DiscoKey with key.DiscoPublic.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-03 14:00:16 -07:00
Mangirdas
f771327f0c
Add multiarch image make target
...
Updates #3112
Signed-off-by: Mangirdas <mangirdas@judeikis.lt>
2021-11-03 13:13:20 -07:00
Brad Fitzpatrick
649f7556e8
cmd/tailscaled, ipn: add tailscaled --statedir flag for var directory
...
Fixes #2932
Change-Id: I1aa2b323ad542386d140f8336bcc4dcbb8310bd0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-03 13:12:38 -07:00
Brad Fitzpatrick
c7bff35fee
ipn/ipnlocal: add owner-only debug handler to get process env
...
For debugging Synology. Like the existing goroutines handler, in that
it's owner-only.
Change-Id: I852f0626be8e1c0b6794c1e062111d14adc3e6ac
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-03 13:12:32 -07:00
Brad Fitzpatrick
6d82a18916
tstest/integration: don't include stdlib deps in go generate output
...
Causes too much churn for zero benefit.
Change-Id: I838f8cdb5723f122f11dd4bbce5e9c07755c3cd9
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-03 11:59:59 -07:00
Josh Bleecher Snyder
c467ed0b62
wgengine/wgcfg: always close io.Pipe
...
In DeviceConfig, we did not close r after calling FromUAPI.
If FromUAPI returned early due to an error, then it might
not have read all the data that IpcGetOperation wanted to write.
As a result, IpcGetOperation could hang, as in #3220 .
We were also closing the wrong end of the pipe after IpcSetOperation
in ReconfigDevice.
To ensure that we get all available information to diagnose
such a situation, include all errors anytime something goes wrong.
This should fix the immediate crashing problem in #3220 .
We'll then need to figure out why IpcGetOperation was failing.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-02 17:50:15 -07:00
Josh Bleecher Snyder
3fd5f4380f
util/multierr: new package
...
github.com/go-multierror/multierror served us well.
But we need a few feature from it (implement Is),
and it's not worth maintaining a fork of such a small module.
Instead, I did a clean room implementation inspired by its API.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-02 17:50:15 -07:00
David Anderson
17b5782b3a
types/key: delete legacy NodeKey type.
...
Fixes #3206
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-02 14:14:32 -07:00
David Anderson
7e6a1ef4f1
tailcfg: use key.NodePublic in wire protocol types.
...
Updates #3206 .
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-02 09:11:43 -07:00
David Anderson
7e8d5ed6f3
ipn: use key.NodePublic instead of tailcfg.NodeKey
...
Updates #3206
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-01 20:32:10 -07:00