Brad Fitzpatrick
28f9cd06f5
tshttpproxy, controlclient, derphttp, logpolicy: send Negotiate auth to proxies
...
For Windows only, and only when built with Tailscale's Go tree.
Updates tailscale/corp#583
2020-08-26 20:08:05 -07:00
Brad Fitzpatrick
9337a99dff
tailcfg, wgengine, controlclient: add control-side gating of lazy WG config
2020-08-20 13:21:25 -07:00
Brad Fitzpatrick
c5eb57f4d6
net/tshttpproxy: new package, support WPAD/PAC proxies on Windows
...
Updates tailscale/corp#553
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-08-18 15:40:56 -07:00
Brad Fitzpatrick
f6dc47efe4
tailcfg, controlclient, magicsock: add control feature flag to enable DRPO
...
Updates #150
2020-08-17 13:01:39 -07:00
Brad Fitzpatrick
696020227c
tailcfg, control/controlclient: support delta-encoded netmaps
...
Should greatly reduce bandwidth for large networks (including our
hello.ipn.dev node).
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-08-07 21:49:49 -07:00
Brad Fitzpatrick
5590daa97d
control/controlclient: reset timeout timer on non-keepalive map updates
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-08-06 21:30:17 -07:00
Dmytro Shynkevych
28e52a0492
all: dns refactor, add Proxied and PerDomain flags from control ( #615 )
...
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-07-31 16:27:09 -04:00
Dmytro Shynkevych
c7582dc234
ipn: fix netmap change tracking and dns map generation ( #609 )
...
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-07-28 21:47:23 -04:00
Brad Fitzpatrick
cd21ba0a71
tailcfg, control/controlclient: add GoArch, populate OSVersion on Linux
2020-07-27 21:14:28 -07:00
Brad Fitzpatrick
96994ec431
control/controlclient: fix a couple more data races
2020-07-09 11:42:43 -07:00
Brad Fitzpatrick
a8b95571fb
ipn, control/controlclient: fix some data races
...
More remain.
Fixes tailscale/corp#432
2020-07-08 16:51:17 -07:00
Brad Fitzpatrick
c9089c82e8
control/controlclient, tailcfg: turn active route discovery on by default
...
Updates #483
2020-07-03 13:55:33 -07:00
Brad Fitzpatrick
57e8931160
control/controlclient: fix copy/paste-o in debug knob accessor
...
Introduced in a975e86bb8
.
Only affected TS_DEBUG_* env users.
2020-07-02 10:51:23 -07:00
Brad Fitzpatrick
6233fd7ac3
control/controlclient: don't truncate AuthURL in log
...
It's useful to copy/paste directly from there, without using tailscale up.
If it's truncated for some specific reason, it doesn't say why.
2020-07-02 09:45:08 -07:00
Brad Fitzpatrick
a975e86bb8
wgengine/magicsock: add new endpoint type used for discovery-supporting peers
...
This adds a new magicsock endpoint type only used when both sides
support discovery (that is, are advertising a discovery
key). Otherwise the old code is used.
So far the new code only communicates over DERP as proof that the new
code paths are wired up. None of the actually discovery messaging is
implemented yet.
Support for discovery (generating and advertising a key) are still
behind an environment variable for now.
Updates #483
2020-06-29 13:59:54 -07:00
Brad Fitzpatrick
72bfea2ece
control/controlclient: remove IPv6 opt-out environment variable
...
It was temporary and 3 months has elapsed without problems.
2020-06-29 09:03:00 -07:00
Brad Fitzpatrick
b8edb7a5e9
control/controlclient: add Debug field to NetworkMap
...
As part of disabling background STUN packets when idle, we want an
emergency override switch to turn it back on, in case it interacts
poorly in the wild. We'll send that via control, but we'll want to
plumb it down to magicsock via NetworkMap.
Updates tailscale/corp#320
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-06-25 19:14:24 -07:00
Brad Fitzpatrick
53fb25fc2f
all: generate discovery key, plumb it around
...
Not actually used yet.
Updates #483
2020-06-19 12:12:00 -07:00
Dmytro Shynkevych
c12d87c54b
Fix concurrency issues in controlclient, ipn, types/logger ( #456 )
...
Signed-Off-By: Dmytro Shynkevych <dmytro@tailscale.com>
2020-06-15 19:04:12 -04:00
Brad Fitzpatrick
8edcab04d5
log/logheap: change to POST to a URL instead of logging
...
It's too big to log.
2020-06-12 10:13:08 -07:00
Brad Fitzpatrick
24009241bf
net/netns: move SOCKS dialing to netns for now
...
This lets control & logs also use SOCKS dials.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-06-01 11:00:03 -07:00
David Anderson
03682cb271
control/controlclient: use netns package to dial connections.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-29 00:06:08 +00:00
Brad Fitzpatrick
f0204098d8
Revert "control/controlclient: use "getprop net.hostname" for Android hostname"
...
This reverts commit afb9c6a6ab
.
Doesn't work. See:
https://github.com/tailscale/tailscale/issues/409#issuecomment-635241550
Looks pretty dire:
https://medium.com/capital-one-tech/how-to-get-an-android-device-nickname-d5eab12f4ced
Updates #409
2020-05-28 10:50:11 -07:00
Brad Fitzpatrick
afb9c6a6ab
control/controlclient: use "getprop net.hostname" for Android hostname
...
Updates #409
2020-05-27 12:50:41 -07:00
Brad Fitzpatrick
703d789005
tailcfg: add MapResponse.Debug mechanism to trigger logging heap pprof
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-05-25 15:22:13 -07:00
Brad Fitzpatrick
e6b84f2159
all: make client use server-provided DERP map, add DERP region support
...
Instead of hard-coding the DERP map (except for cmd/tailscale netcheck
for now), get it from the control server at runtime.
And make the DERP map support multiple nodes per region with clients
picking the first one that's available. (The server will balance the
order presented to clients for load balancing)
This deletes the stunner package, merging it into the netcheck package
instead, to minimize all the config hooks that would've been
required.
Also fix some test flakes & races.
Fixes #387 (Don't hard-code the DERP map)
Updates #388 (Add DERP region support)
Fixes #399 (wgengine: flaky tests)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-05-23 22:31:59 -07:00
Avery Pennarun
c5fcc38bf1
controlclient tests: fix more memory leaks and add resource checking.
...
I can now run these tests with -count=1000 without running out of RAM.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-05-20 11:23:26 -04:00
Avery Pennarun
d03de31404
controlclient/direct: fix a race condition accessing auth keys.
...
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-05-19 03:02:09 -04:00
Brad Fitzpatrick
fefd7e10dc
types/structs: add structs.Incomparable annotation, use it where applicable
...
Shotizam before and output queries:
sqlite> select sum(size) from bin where func like 'type..%';
129067
=>
120216
2020-05-03 14:05:32 -07:00
Avery Pennarun
65fbb9c303
wgengine/filter: support subnet mask rules, not just /32 IPs.
...
This depends on improved support from the control server, to send the
new subnet width (Bits) fields. If these are missing, we fall back to
assuming their value is /32.
Conversely, if the server sends Bits fields to an older client, it will
interpret them as /32 addresses. Since the only rules we allow are
"accept" rules, this will be narrower or equal to the intended rule, so
older clients will simply reject hosts on the wider subnet (fail
closed).
With this change, the internal filter.Matches format has diverged
from the wire format used by controlclient, so move the wire format
into tailcfg and convert it to filter.Matches in controlclient.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-30 04:56:43 -04:00
Brad Fitzpatrick
a464439658
control/controlclient: fix build break caused by overzealous gitting
2020-04-27 08:18:35 -07:00
Brad Fitzpatrick
172d72a060
Revert "net/tlsdial: add memory-optimized TLS cert verification path for iOS"
...
This reverts commit 6fcbd4c4d4
.
Decided to put it in tailscale/go's crypto/x509 instead.
2020-04-27 08:13:37 -07:00
Brad Fitzpatrick
eb6de2bd88
control/controlclient: restore Options.HTTPC as Options.HTTPTestClient
...
I removed the HTTPC field in b6fa5a69be
but it was apparently still
used in [oss-skipped] tests.
Restore it, but name it so it's more obvious that it's only for
tests. (It currently is, and I'd like to keep it like that for now.)
2020-04-26 07:48:26 -07:00
Brad Fitzpatrick
6fcbd4c4d4
net/tlsdial: add memory-optimized TLS cert verification path for iOS
...
Behind a build tag for now.
2020-04-25 13:55:51 -07:00
Brad Fitzpatrick
b6fa5a69be
net/tlsdial: add package for TLS dials, and make DERP & controlclient use it
...
This will do the iOS-optimized cert checking in a following change.
2020-04-25 13:24:53 -07:00
Brad Fitzpatrick
0a50ecbad3
control/controlclient: add missing vlog, for consistency with other sites
2020-04-21 15:36:46 -07:00
Brad Fitzpatrick
b8594dc937
control/controlclient: fix deadlock in timeout+keepalive race
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-21 15:22:58 -07:00
Brad Fitzpatrick
347a926ac4
control/controlclient: add opt-in netmap verbose debugging env var
2020-04-11 09:22:33 -07:00
Brad Fitzpatrick
45f2b53aca
all: remove unnecessary trailing newlines in format patterns for consistency
...
And document on logger.Logf that it's unnecessary.
2020-04-11 08:35:34 -07:00
David Crawshaw
3f087466f5
controlclient: add auth key
...
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-04-09 20:17:09 +10:00
David Crawshaw
2f8719741e
controlclient: do not send duplicate hostinfo/netinfo
...
This should never happen, so log when it does so we can fix it.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-04-02 13:12:29 +11:00
Brad Fitzpatrick
4524dcf51e
version: move runtime.OS to tailscale OS mapping func to version
...
So other code can use this without duplicating the policy.
2020-04-01 08:50:56 -07:00
Brad Fitzpatrick
8b3f6be008
control/controlclient: flip IPv6 to be on by default
...
The DEBUG_INCLUDE_IPV6 environment variable is now an opt-out.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-26 22:02:56 -07:00
David Anderson
73fccd8b06
control/controlclient: remove old compat PacketFilter initialization.
...
Signed-off-by: David Anderson <dave@natulte.net>
2020-03-24 16:00:41 -07:00
Brad Fitzpatrick
af277a6762
controlclient, magicsock: add debug knob to request IPv6 endpoints
...
Add opt-in method to request IPv6 endpoints from the control plane.
For now they should just be skipped. A previous version of this CL was
unconditional and reportedly had problems that I can't reproduce. So
make it a knob until the mystery is solved.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-20 14:27:24 -07:00
David Crawshaw
13eed1e88b
controlclient: remove common log on very quiet nodes
...
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-21 07:11:10 +11:00
David Anderson
0be475ba46
Revert "tailcfg, controlclient, magicsock: request IPv6 endpoints, but ignore them"
...
Breaks something deep in wireguard or magicsock's brainstem, no packets at all
can flow. All received packets fail decryption with "invalid mac1".
This reverts commit 94024355ed
.
Signed-off-by: David Anderson <dave@natulte.net>
2020-03-20 03:26:17 -07:00
Brad Fitzpatrick
94024355ed
tailcfg, controlclient, magicsock: request IPv6 endpoints, but ignore them
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-19 21:01:52 -07:00
Brad Fitzpatrick
073bb8de80
control/controlclient: don't use Node as value type
2020-03-19 13:19:02 -07:00
David Crawshaw
73cae4eb11
tailcfg, controlclient: standardize on wgcfg ShortString key printing
...
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-19 09:17:34 +11:00