Brad Fitzpatrick
e8db43e8fa
wgengine/router: demote TestDebugListRules fail to skip
...
Updates #3360
Change-Id: Ic5c98ea03f3171c13ab9293a0ae74d17fd04d149
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-22 11:04:45 -08:00
David Anderson
937e96f43d
cmd/derper: enable HSTS when serving over HTTPS.
...
Starting with a short lifetime, to verify nothing breaks.
Updates #3373
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-22 09:57:34 -08:00
dependabot[bot]
f76a8d93da
go.mod: bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
...
Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus ) from 5.0.5 to 5.0.6.
- [Release notes](https://github.com/godbus/dbus/releases )
- [Commits](https://github.com/godbus/dbus/compare/v5.0.5...v5.0.6 )
---
updated-dependencies:
- dependency-name: github.com/godbus/dbus/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2021-11-22 08:40:09 -08:00
Brad Fitzpatrick
2ea765e5d8
go.mod: bump inet.af/netstack
...
Updates #2642 (I'd hoped, but doesn't seem to fix it)
Change-Id: Id54af7c90a1206bc7018215957e20e954782b911
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-21 09:18:31 -08:00
AdamKorcz
def659d1ec
Fuzzing: Add CIFuzz
...
Signed-off-by: AdamKorcz <adam@adalogics.com>
2021-11-19 13:06:20 -08:00
Brad Fitzpatrick
946dfec98a
wgengine/router: fix checkIPRuleSupportsV6 to actually use IPv6
...
Updates #3358 (should fix it)
Updates #391
Change-Id: Ia62437dfa81247b0b5994d554cf279c3d540e4e7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-19 11:37:05 -08:00
Brad Fitzpatrick
9259377a7f
wgengine/router: don't assume Linux was built with IP_MULTIPLE_TABLES
...
Updates #3351
Updates #391
Change-Id: I7e66b686e05f3c970846513679cc62556ebe322a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-19 11:19:03 -08:00
David Anderson
88b8a09d37
net/dns: make constants for the various DBus strings.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-19 11:09:32 -08:00
David Anderson
6c82cebe57
health: add a health state for net/dns.OSConfigurator.
...
Lets the systemd-resolved OSConfigurator report health changes
for out of band config resyncs.
Updates #3327
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-19 11:09:32 -08:00
David Anderson
4ef3fed100
net/dns: resync config to systemd-resolved when it restarts.
...
Fixes #3327
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-19 11:09:32 -08:00
David Anderson
cf9169e4be
net/dns: remove unused Config struct element.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-19 11:09:32 -08:00
Brad Fitzpatrick
0350cf0438
wgengine{,/router}: annotate some more errors
...
Updates #3351
Change-Id: I8b4f957d2051b3e29401bb449dbadbdada3a7c46
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-19 10:46:01 -08:00
Brad Fitzpatrick
5294125e7a
cmd/tailscaled: disambiguate some startup failure error messages
...
Updates #3351
Change-Id: I0afead4a084623567f56b19187574fa97b295b2a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-19 08:58:29 -08:00
Josh Bleecher Snyder
758c37b83d
net/netns: thread logf into control functions
...
So that darwin can log there without panicking during tests.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-18 15:09:51 -08:00
Josh Bleecher Snyder
85184a58ed
wgengine/wgcfg: recover from mismatched PublicKey/Endpoints
...
In rare circumstances (tailscale/corp#3016 ), the PublicKey
and Endpoints can diverge.
This by itself doesn't cause any harm, but our early exit
in response did, because it prevented us from recovering from it.
Remove the early exit.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-18 14:28:41 -08:00
Denton Gentry
9fc4e876e3
VERSION.txt: this is v1.19.0
...
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-11-18 12:12:48 -08:00
Brad Fitzpatrick
8ec44d0d5f
wgengine/magicsock: remove some log spam
...
Fixes tailscale/corp#3070
Change-Id: Ie50031800ec8669e0596ad6d59d1e329a5c88516
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-18 11:01:51 -08:00
Brad Fitzpatrick
61d0435ed9
wgengine/monitor: reduce Windows log spam
...
Fixes #3345
Change-Id: Icde9c92f88f98bb3b030d39b0424a7d389bceb88
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-18 10:57:27 -08:00
Brad Fitzpatrick
0653efb092
cmd/tailscaled: remove a redundant date prefix on Windows logs
...
Change-Id: I28e122d4384697f51a748d67829409276c00b11e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-18 10:23:41 -08:00
Brad Fitzpatrick
49a3fcae78
log/filelogger: make filelogger remove redundant date before adding a date
...
At some point since filelogger was added on Windows, the log hierarchy
above it changed such that a log.Printf writes to filelogger and includes
the log package's own date. But then filelogger adds another.
Rather than debug everything above and risk removing the prefix when
run by tailscaled, instead just remove the log package's prefix
very late right before we go to add the filelogger's own.
Change-Id: I9db518f42c603ef83017f74827270f124fdf5c14
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-18 10:23:41 -08:00
Brad Fitzpatrick
4a59a2781a
ipn/ipnlocal: export client metrics over peerapi to owner
...
Updates #3307
Change-Id: I41b1f3c16af5f385575e8d6cea70ae8386504dd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-18 08:04:00 -08:00
Brad Fitzpatrick
d24ed3f68e
wgengine/router: add debug knob to resort to Linux "ip" command usage
...
Tailscale 1.18 uses netlink instead of the "ip" command to program the
Linux kernel.
The old way was kept primarily for tests, but this also adds a
TS_DEBUG_USE_IP_COMMAND environment knob to force the old way
temporarily for debugging anybody who might have problems with the
new way in 1.18.
Updates #391
Change-Id: I0236fbfda6c9c05dcb3554fcc27ec0c86456efd9
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-18 08:01:22 -08:00
Josh Bleecher Snyder
b3d6704aa3
wgengine/magicsock: fix data race on endpoint.discoKey
...
endpoint.discoKey is protected by endpoint.mu.
endpoint.sendDiscoMessage was reading it without holding the lock.
This showed up in a CI failure and is readily reproducible locally.
The fix is in two parts.
First, for Conn.enqueueCallMeMaybe, eliminate the one-line helper method endpoint.sendDiscoMessage; call Conn.sendDiscoMessage directly.
This makes it more natural to read endpoint.discoKey in a context
in which endpoint.mu is already held.
Second, for endpoint.sendDiscoPing, explicitly pass the disco key
as an argument. Again, this makes it easier to read endpoint.discoKey
in a context in which endpoint.mu is already held.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-17 17:49:33 -08:00
Brad Fitzpatrick
cf06f9df37
net/tstun, wgengine: add packet-level and drop metrics
...
Primarily tstun work, but some MagicDNS stuff spread into wgengine.
No wireguard reconfig metrics (yet).
Updates #3307
Change-Id: Ide768848d7b7d0591e558f118b553013d1ec94ad
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-17 16:18:52 -08:00
Brad Fitzpatrick
ec036b3561
logpolicy: use bootstrap DNS for logtail dialer
...
Fixes #3332
Change-Id: Ie45efb448e5508c3ece48dd1d8d7e9a39e2e9dc1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-17 14:37:43 -08:00
Brad Fitzpatrick
7901289578
wgengine/magicsock: add a stress test
...
And add a peerMap validate method that checks its internal invariants.
Updates tailscale/corp#3016
Change-Id: I23708e68ed44d81986d9e2be82029d4555547592
Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-17 14:37:28 -08:00
Josh Bleecher Snyder
5a60781919
wgengine/magicsock: increase TestDiscokeyChange connection timeout
...
I believe that this should eliminate the flakiness.
If GitHub CI manages to be even slower that can be believed
(and I can believe a lot at this point),
then we should roll this back and make some more invasive changes.
Updates #654
Fixes #3247 (I hope)
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-17 14:13:58 -08:00
Brad Fitzpatrick
5b5f032c9a
util/clientmetric: optimize memory layout for finding updates
...
Updates #3307
Change-Id: I2840b190583467cc3f00688b96ce3d170df46a46
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-17 12:30:49 -08:00
Josh Bleecher Snyder
773af7292b
wgengine/magicsock: simplify peerMap.upsertEndpoint
...
We can do the "maybe delete" check unilaterally:
In the case of an insert, both oldDiscoKey
and ep.discoKey will be the zero value.
And since we don't use pi again, we can skip
giving it a name, which makes scoping clearer.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-16 15:15:49 -08:00
Josh Bleecher Snyder
9da22dac3d
wgengine/magicsock: fix bug in peerMap.upsertEndpoint
...
Found by inspection by David Crawshaw while
investigating tailscale/corp#3016 .
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-16 15:15:49 -08:00
Josh Bleecher Snyder
16870cb754
wgengine/magicsock: fix typo in comment
...
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-16 15:15:49 -08:00
Brad Fitzpatrick
36b1df1241
cmd/tailscale/cli: add --watch flag to "debug metrics" subcommand
...
This adds a new --watch flag that prints out a block of metric changes
every second, if anything changed.
Example output:
magicsock_disco_recv_ping +1 => 254
magicsock_disco_recv_pong +1 => 218
magicsock_disco_recv_udp +2 => 472
magicsock_disco_send_udp +2 => 536
magicsock_disco_sent_udp +2 => 536
magicsock_recv_data_ipv6 +1 => 82
magicsock_send_data +1 => 86
magicsock_send_udp +3 => 620
magicsock_recv_data_ipv6 +1 => 83
magicsock_send_data +1 => 87
magicsock_send_udp +1 => 621
magicsock_disco_recv_ping +1 => 255
magicsock_disco_recv_pong +1 => 219
magicsock_disco_recv_udp +2 => 474
magicsock_disco_send_udp +2 => 538
magicsock_disco_sent_udp +2 => 538
magicsock_recv_data_ipv6 +1 => 84
magicsock_send_data +1 => 88
magicsock_send_udp +3 => 624
magicsock_recv_data_ipv6 +1 => 85
magicsock_send_data +1 => 89
magicsock_send_udp +1 => 625
controlclient_map_response_map +1 => 207
controlclient_map_response_map_delta +1 => 204
controlclient_map_response_message +1 => 275
magicsock_disco_recv_ping +3 => 258
magicsock_disco_recv_pong +2 => 221
magicsock_disco_recv_udp +5 => 479
magicsock_disco_send_derp +1 => 6
magicsock_disco_send_udp +7 => 545
magicsock_disco_sent_derp +1 => 6
magicsock_disco_sent_udp +7 => 545
magicsock_recv_data_ipv6 +1 => 86
magicsock_send_data +1 => 90
magicsock_send_derp +1 => 12
magicsock_send_derp_queued +1 => 12
magicsock_send_udp +8 => 633
Updates #3307
Change-Id: I5ac2511e3ad24fa1e6ea958c3946fecebe4f79a7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-16 13:48:21 -08:00
David Anderson
41da7620af
go.mod: update wireguard-go to pick up roaming toggle
...
wgengine/wgcfg: introduce wgcfg.NewDevice helper to disable roaming
at all call sites (one real plus several tests).
Fixes tailscale/corp#3016 .
Signed-off-by: David Anderson <danderson@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-11-16 13:15:04 -08:00
Brad Fitzpatrick
400ed799e6
net/dns: work around old systemd-resolved setLinkDomain length limit
...
Don't set all the *.arpa. reverse DNS lookup domains if systemd-resolved
is old and can't handle them.
Fixes #3188
Change-Id: I283f8ce174daa8f0a972ac7bfafb6ff393dde41d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-16 12:54:21 -08:00
Brian Fallik
9fa6cdf7bf
fix minor typo
...
Signed-off-by: Brian Fallik <bfallik@gmail.com>
2021-11-16 11:03:43 -08:00
Brad Fitzpatrick
24ea365d48
netcheck, controlclient, magicsock: add more metrics
...
Updates #3307
Change-Id: Ibb33425764a75bde49230632f1b472f923551126
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-16 10:48:19 -08:00
Brad Fitzpatrick
3b541c833e
util/clientmetric, logtail: log metric changes
...
Updates #3307
Change-Id: I1399ebd786f6ff7defe6e11c0eb651144c071574
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-16 08:06:31 -08:00
Brad Fitzpatrick
68917fdb5d
cmd/tailscale/cli: add "debug metrics" subcommand
...
To let users inspect the tailscaled metrics easily.
Updates #3307
Change-Id: I922126ca0626659948c57de74c6ef62f40ef5f5f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-15 15:13:25 -08:00
Brad Fitzpatrick
945290cc3f
cmd/tailscale/cli: migrate hidden debug subcommand to use subcomands
...
It was a mess of flags. Use subcommands under "debug" instead.
And document loudly that it's not a stable interface.
Change-Id: Idcc58f6a6cff51f72cb5565aa977ac0cc30c3a03
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-15 15:03:58 -08:00
Brad Fitzpatrick
57b039c51d
util/clientmetrics: add new package to add metrics to the client
...
And annotate magicsock as a start.
And add localapi and debug handlers with the Prometheus-format
exporter.
Updates #3307
Change-Id: I47c5d535fe54424741df143d052760387248f8d3
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-15 13:46:05 -08:00
David Anderson
c5d572f371
net/dns: correctly handle NetworkManager-managed DNS that points to resolved.
...
Fixes #3304
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-15 12:21:25 -08:00
Brad Fitzpatrick
f7da8c77bd
tstest/integration/testcontrol: fix data race
...
Fix race from 1ec99e99f4
Fixes #3289
Change-Id: I58158d3f82339ac171fb14827c5f158d602327f4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-11 08:25:16 -08:00
David Anderson
5b94f67956
control/noise: make Conn.readNLocked less surprising.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
a34350ffda
control/noise: factor out nonce checking and incrementing into a type.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
d3acd35a90
control/noise: make message headers match the specification.
...
Only the initiation message should carry a protocol version, all
others are just type+len.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
a63c4ab378
control/noise: don't panic when handling ciphertext.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
4004b22fe5
control/noise: stop using poly1305 package constants.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
293431aaea
control/noise: use key.Machine{Public,Private} as appropriate.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
edb33d65c3
control/noise: don't cache mixer, just rebuild a BLAKE2s each time.
...
This should optimize out fine, and readability is preferable to performance
here.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00
David Anderson
7e9e72887c
control/noise: add singleUseCHP, use it to simplify nonce/key tracking in handshake.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-11-10 12:13:54 -08:00