Commit Graph

3151 Commits

Author SHA1 Message Date
Josh Bleecher Snyder
93284209bc logtail/filch: preallocate a scanner buffer
Scanning log lines is a frequent source of allocations.
Pre-allocate a re-usable buffer.

This still doesn't help when there are giant log lines.
Those will still be problematic from an iOS memory perspective.
For more on that, see https://github.com/tailscale/corp/issues/2423.

(For those who cannot follow that link, it is a discussion
of particular problematic types of log lines for
particular categories of customers. The "categories of customers"
part is the reason that it is a private issue.)

There is also a latent bug here. If we ever encounter
a log line longer than bufio.MaxScanTokenSize,
then bufio.Scan will return an error,
and we'll truncate the file and discard the rest of the log.
That's not good, but bufio.MaxScanTokenSize is really big,
so it probably doesn't matter much in practice now.
Unfortunately, it does prevent us from easily capping the potential
memory usage here, on pain of losing log entries.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-08-17 12:32:10 -07:00
Matt Layher
8ab44b339e net/tstun: use unix.Ifreq type for Linux TAP interface configuration
Signed-off-by: Matt Layher <mdlayher@gmail.com>
2021-08-17 12:17:51 -07:00
Josh Bleecher Snyder
6da6d47a83 all: simplify build tags involving iOS
Prior to Go 1.16, iOS used GOOS=darwin,
so we had to distinguish macOS from iOS during GOARCH.

We now require Go 1.16 in our go.mod, so we can simplify.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-08-17 11:13:03 -07:00
Josh Bleecher Snyder
a24cee0d67 all: simplify ts_macext build tags
Now that we have the easier-to-parse go:build build tags,
it is straightforward to simplify them. Yay.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-08-17 11:13:03 -07:00
Josh Bleecher Snyder
d2aa144dcc syncs: bump known good version to include Go 1.17
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-08-17 11:13:03 -07:00
Brad Fitzpatrick
25e060a841 cmd/tailscale/cli: fix cert fetch WaitOrder retry loop, misc cleanups
Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-16 14:54:41 -07:00
Brad Fitzpatrick
833200da6f net/tstun: don't exec uname -r on Linux in TUN failure diagnostics
Fixes https://twitter.com/zekjur/status/1425557520513486848

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-16 12:18:40 -07:00
Brad Fitzpatrick
e804ab29fd net/tstun: move TUN failure diagnostics to OS-specific files
Mostly so the Linux one can use Linux-specific stuff in package
syscall and not use os/exec for uname for portability.

But also it helps deps a tiny bit on iOS.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-16 11:24:25 -07:00
Brad Fitzpatrick
b2eea1ee00 cmd/tailscale/cli: make cert fetch registration automatic, show valid domains
Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-16 10:45:05 -07:00
Brad Fitzpatrick
39610aeb09 wgengine/magicsock: move debug knobs to their own file, compile out on iOS
No need for these knobs on iOS where you can set the environment
variables anyway.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-15 13:21:22 -07:00
Denton Gentry
98d557dd24 Dockerfile: use alpine:3.14
golang:1.16-alpine has updated to Alpine 3.14,
update the system image to match.

Reported by @kubeworm
https://twitter.com/kubeworm/status/1426751941519020033

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-08-14 22:46:34 -07:00
Denton Gentry
3e7ff5ff98 cmd/tailscaled: enable hybrid netstack mode for FreeBSD.
Allows FreeBSD to function as an exit node in the same way
that Windows and Tailscaled-on-MacOS do.

RELNOTE=FreeBSD can now function as an exit node.

Fixes https://github.com/tailscale/tailscale/issues/2498

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-08-14 20:26:38 -07:00
Brad Fitzpatrick
954867fef5 words: fix parser to handle missing newline at end
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-13 19:37:47 -07:00
Brad Fitzpatrick
c992504375 words: group some scales, support comments
Not sure how we missed mixolydian.

Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-13 15:46:52 -07:00
Brad Fitzpatrick
1bca722824 words: add five types of tales, best dog
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-13 15:32:13 -07:00
Brad Fitzpatrick
00b4c2331b words: add accessors and tests for a few of our favorite words
Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-13 15:30:10 -07:00
Charlotte Brandhorst-Satzkorn
9547669787 words: these are a few more of my favorite words
Updates #1235

Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@catzkorn.dev>
2021-08-13 16:26:36 -04:00
Charlotte Brandhorst-Satzkorn
b5a41ff381 words: these are a few of my favorite words
Updates #1235

Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@catzkorn.dev>
2021-08-13 15:58:59 -04:00
Brad Fitzpatrick
ec9f3f4cc0 cmd/tailscale: update depaware
Missing from prior commit.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-13 08:56:29 -07:00
Brad Fitzpatrick
c68a12afe9 cmd/tailscale: add temporary debug command for getting DNS-01 LetsEncrypt cert
Not even close to usable or well integrated yet, but submitting this before
it bitrots or I lose it.

Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-13 08:49:49 -07:00
David Anderson
d2d55bd63c cmd/microproxy: delete.
Thank goodness.

Fixes #2635

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-08-12 14:17:42 -07:00
Brad Fitzpatrick
c6740da624 tsweb: make VarzHandler support untyped expvar.Maps for compatibility
Updates #2635

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-12 13:35:31 -07:00
Brad Fitzpatrick
7c7eb8094b tsweb: make VarzHandler support expvar.Funcs returning ints/floats
Updates #2635
2021-08-12 13:07:34 -07:00
Brad Fitzpatrick
5aba620fb9 tsweb: make VarzHandler capable of walking structs with reflect
To be used by control, per linked bug's plan.

Updates #2635

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-11 18:31:54 -07:00
julianknodt
b9bd7dbc5d net/portmapper: log upnp information
This logs some basic statistics for UPnP, so that tailscale can better understand what routers
are being used and how to connect to them.

Signed-off-by: julianknodt <julianknodt@gmail.com>
2021-08-10 22:45:00 -07:00
julianknodt
26b6fe7f02 net/portmapper: add PCP integration test
This adds a PCP test to the IGD test server, by hardcoding in a few observed packets from
Denton's box.

Signed-off-by: julianknodt <julianknodt@gmail.com>
2021-08-10 15:14:46 -07:00
Brad Fitzpatrick
3700cf9ea4 tsweb: also support LabelMaps from expvar.Map, without metrics
We want to use tsweb to format Prometheus-style metrics from
our temporary golang.org/x/net/http2 fork, but we don't want http2
to depend on the tailscale.com module to use the concrete type
tailscale.com/metrics.LabelMap. Instead, let a expvar.Map be used
instead of it's annotated sufficiently in its name.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-10 14:31:54 -07:00
Brad Fitzpatrick
5f45d8f8e6 tsweb: add VarzHandler tests
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-10 13:41:16 -07:00
Josh Bleecher Snyder
a4e19f2233 version: remove rsc.io/goversion dependency
rsc.io/goversion is really expensive.
Running version.ReadExe on tailscaled on darwin
allocates 47k objects, almost 11mb.

All we want is the module info. For that, all we need to do
is scan through the binary looking for the magic start/end strings
and then grab the bytes in between them.

We can do that easily and quickly with nothing but a 64k buffer.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-08-09 22:46:01 -07:00
Brad Fitzpatrick
bdb93c5942 net/portmapper: actually test something in TestProbeIntegration
And use dynamic port numbers in tests, as Linux on GitHub Actions and
Windows in general have things running on these ports.

Co-Author: Julian Knodt <julianknodt@gmail.com>
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-09 19:49:02 -07:00
Denton Gentry
26c1183941 hostinfo: add fly.io detection
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-08-09 09:54:24 -07:00
Denton Gentry
0796c53404 tsnet: add AuthKey support.
Set a TS_AUTHKEY environment variable to "tskey-01234..."

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-08-09 09:30:09 -07:00
Adrian Dewhurst
8bdf878832 net/dns/resolver: use forwarded dns txid directly
Previously, we hashed the question and combined it with the original
txid which was useful when concurrent queries were multiplexed on a
single local source port. We encountered some situations where the DNS
server canonicalizes the question in the response (uppercase converted
to lowercase in this case), which resulted in responses that we couldn't
match to the original request due to hash mismatches. This includes a
new test to cover that situation.

Fixes #2597

Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
2021-08-06 14:56:11 -04:00
David Crawshaw
360223fccb types/dnstype: introduce new package for Resolver
So the type can be used in net/dns without introducing a tailcfg
dependency.

For #2596

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2021-08-06 08:54:33 -07:00
Christine Dodrill
4d19db7c9f
scripts/installer: work on Oracle Linux (#2604)
Before we didn't detect it properly. Since Oracle Linux is diet centos,
we can just make the centos logic detect Oracle linux and everything
should be fine.

Signed-off-by: Christine Dodrill <xe@tailscale.com>
2021-08-06 11:47:04 -04:00
Brad Fitzpatrick
e6d4ab2dd6 net/portmapper: add start of self-contained portmapper integration tests
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-06 08:34:45 -07:00
julianknodt
98d36ee18d net/portmapper: add hook for use with prev ip
PCP handles external IPs by allowing the client to specify them in the packet, which is more
explicit than requiring 2 packets from PMP, so allow for future changes to add it in easily.

Signed-off-by: julianknodt <julianknodt@gmail.com>
2021-08-06 07:51:30 -07:00
julianknodt
85304d7392 net/portmapper: check disable flags
Signed-off-by: julianknodt <julianknodt@gmail.com>
2021-08-06 07:51:30 -07:00
julianknodt
777b711d96 net/portmapper: add pcp portmapping
This adds PCP portmapping, hooking into the existing PMP portmapping.

Signed-off-by: julianknodt <julianknodt@gmail.com>
2021-08-06 07:51:30 -07:00
julianknodt
5c98b1b8d0 net/portmapper: move pcp code to separate file
This moves all the PCP code to a separate file in preparation for portmapping with PCP.

Signed-off-by: julianknodt <julianknodt@gmail.com>
2021-08-06 07:51:30 -07:00
Josh Bleecher Snyder
eee6b85b9b cmd/tailscaled: don't require root for --cleanup
Without this, the integration tests fail locally for me:

--- FAIL: TestCollectPanic (7.61s)
    integration.go:74: built [tailscale.com/cmd/tailscaled tailscale.com/cmd/tailscale] in 1.59s
    integration_test.go:102: initial run: tailscaled requires root; use sudo tailscaled (or use --tun=userspace-networking)
    integration_test.go:108: cleanup failed: exit status 1: "tailscaled requires root; use sudo tailscaled (or use --tun=userspace-networking)\n"
    stuntest.go:64: STUN server shutdown
FAIL
FAIL	tailscale.com/tstest/integration	9.678s
FAIL

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-08-05 15:55:11 -07:00
Josh Bleecher Snyder
a5da4ed981 all: gofmt with Go 1.17
This adds "//go:build" lines and tidies up existing "// +build" lines.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-08-05 15:54:00 -07:00
Brad Fitzpatrick
a729070252 net/tstun: add start of Linux TAP support, with DHCP+ARP server
Still very much a prototype (hard-coded IPs, etc) but should be
non-invasive enough to submit at this point and iterate from here.

Updates #2589

Co-Author: David Crawshaw <crawshaw@tailscale.com>
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-05 10:01:45 -07:00
Brad Fitzpatrick
fd7b738e5b derp: use pad32 package for padding, reduce duplication
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-04 14:43:01 -07:00
Brad Fitzpatrick
fdc081c291 net/portmapper: fix UPnP probing, work against all ports
Prior to Tailscale 1.12 it detected UPnP on any port.
Starting with Tailscale 1.11.x, it stopped detecting UPnP on all ports.

Then start plumbing its discovered Location header port number to the
code that was assuming port 5000.

Fixes #2109

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-04 12:49:49 -07:00
Josh Bleecher Snyder
f013960d87 tstime/mono: make json.Unmarshal of a zero time.Time yield a zero Time
This was the proximate cause of #2579.
#2582 is a deeper fix, but this will remain
as a footgun, so may as well fix it too.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-08-04 11:22:58 -07:00
Brad Fitzpatrick
f3c96df162 ipn/ipnstate: move tailscale status "active" determination to tailscaled
Fixes #2579

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-04 09:10:49 -07:00
Brad Fitzpatrick
0858673f1f tstest/integration: regenerate test deps
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-04 08:39:10 -07:00
Joe Tsai
9d0c86b6ec
util/deephash: remove unnecessary formatting for structs and slices (#2571)
The index for every struct field or slice element and
the number of fields for the struct is unncessary.

The hashing of Go values is unambiguous because every type (except maps)
encodes in a parsable manner. So long as we know the type information,
we could theoretically decode every value (except for maps).

At a high level:
* numbers are encoded as fixed-width records according to precision.
* strings (and AppendTo output) are encoded with a fixed-width length,
followed by the contents of the buffer.
* slices are prefixed by a fixed-width length, followed by the encoding
of each value. So long as we know the type of each element, we could
theoretically decode each element.
* arrays are encoded just like slices, but elide the length
since it is determined from the Go type.
* maps are encoded first with a byte indicating whether it is a cycle.
If a cycle, it is followed by a fixed-width index for the pointer,
otherwise followed by the SHA-256 hash of its contents. The encoding of maps
is not decodeable, but a SHA-256 hash is sufficient to avoid ambiguities.
* interfaces are encoded first with a byte indicating whether it is nil.
If not nil, it is followed by a fixed-width index for the type,
and then the encoding for the underlying value. Having the type be encoded
first ensures that the value could theoretically be decoded next.
* pointers are encoded first with a byte indicating whether it is
1) nil, 2) a cycle, or 3) newly seen. If a cycle, it is followed by
a fixed-width index for the pointer. If newly seen, it is followed by
the encoding for the pointed-at value.

Removing unnecessary details speeds up hashing:

	name              old time/op    new time/op    delta
	Hash-8              76.0µs ± 1%    55.8µs ± 2%  -26.62%        (p=0.000 n=10+10)
	HashMapAcyclic-8    61.9µs ± 0%    62.0µs ± 0%     ~             (p=0.666 n=9+9)
	TailcfgNode-8       10.2µs ± 1%     7.5µs ± 1%  -26.90%         (p=0.000 n=10+9)
	HashArray-8         1.07µs ± 1%    0.70µs ± 1%  -34.67%         (p=0.000 n=10+9)

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
2021-08-03 20:35:57 -07:00
Brad Fitzpatrick
1db9032ff5 cmd/tailscaled: let portmap debug mode have an gateway/IP override knob
For testing pfSense clients "behind" pfSense on Digital Ocean where
the main interface still exists. This is easier for debugging.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-08-03 19:34:58 -07:00