Commit Graph

128 Commits

Author SHA1 Message Date
James Tucker
2afa1672ac ipn/ipnlocal: disallow unsigned peers from WoL
Unsigned peers should not be allowed to generate Wake-on-Lan packets,
only access Funnel.

Updates #6934
Updates #7515
Updates #6475

Signed-off-by: James Tucker <james@tailscale.com>
2023-01-10 15:54:48 -08:00
Joe Tsai
bd2995c14b
ipn/ipnlocal: simplify redactErr (#6716)
Use multierr.Range to iterate through an error tree
instead of multiple invocations of errors.As.
This scales better as we add more Go error types to the switch.

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
2022-12-12 17:51:03 -08:00
Mihai Parparita
47002d93a3 ipn/ipnlocal: add a few metrics for PeerAPI and LocalAPI
Mainly motivated by wanting to know how much Taildrop is used, but
also useful when tracking down how many invalid requests are
generated.

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
2022-12-12 10:07:18 -08:00
Andrew Dunham
a887ca7efe ipn/ipnlocal: improve redactErr to handle more cases
This handles the case where the inner *os.PathError is wrapped in
another error type, and additionally will redact errors of type
*os.LinkError. Finally, add tests to verify that redaction works.

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: Ie83424ff6c85cdb29fb48b641330c495107aab7c
2022-12-06 19:37:15 -05:00
Mihai Parparita
978d6af91a ipn/ipnlocal: tweak error handling in interfaces PeerAPI debug endpoint
We were writing the error when getting the default interface before
setting the content type, so we'd get HTML treated as plain text.

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
2022-11-30 17:47:37 -08:00
Brad Fitzpatrick
5bdca747b7 ipn/ipnlocal: fix netstack peerapi crash over IPv6
The peerapi IPv6 listener has a nil listener.
But we didn't need the listener's address anyway, so don't
try to use it.

Change-Id: I8e8a1a895046d129a3683973e732d9bed82f3b02
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-30 16:28:53 -08:00
Brad Fitzpatrick
b68d008fee envknob: add CanTaildrop (TS_DISABLE_TAILDROP) to disable taildrop on device
This matches CanSSHD (TS_DISABLE_SSH_SERVER) for administratively
disabling the code on a node, regardless of local or server configs.

This can be configured in /etc/default/tailscaled on Linux,
%ProgramData%\Tailscale\tailscaled-env.txt on Windows,
or /etc/tailscale/tailscaled-env.txt on Synology. (see getPlatformEnvFile)

Also delete some dead code and tidy up some docs.

Change-Id: I79a87c03e33209619466ea8aeb0f6651afcb8789
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-24 07:51:17 -08:00
Brad Fitzpatrick
6e6f27dd21 ipn/ipnlocal: lock down unsigned peers more
Apparently there's no tracking bug?

Updates tailscale/corp#7515 for ingress/funnel at least.

Change-Id: I03bc54fdc1f53f9832ab8b51475b2d676c38d897
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-23 18:20:39 -08:00
Brad Fitzpatrick
0480a925c1 ipn/ipnlocal: send Content-Security-Policy, etc to peerapi browser requests
Updates tailscale/corp#7948

Change-Id: Ie70e0d042478338a37b7789ac63225193e47a524
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-21 17:33:06 -08:00
Mihai Parparita
33520920c3 all: use strs.CutPrefix and strs.CutSuffix more
Updates places where we use HasPrefix + TrimPrefix to use the combined
function.

Updates #5309

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
2022-11-21 14:32:16 -08:00
Maisem Ali
b0736fe6f7 ipn/ipnlocal: move selfNode from peerAPIServer to peerAPIHandler
The peerAPIHandler is instantiated per PeerAPI call so it is
guaranteed to have the latest selfNode.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-17 01:02:03 +05:00
Maisem Ali
296e712591 tailcfg: add CapabilityDebug
Updates tailscale/corp#7948

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-17 00:21:10 +05:00
Maisem Ali
1e78fc462c ipn/ipnlocal: add some validation to PeerAPI
Updates tailscale/corp#7948

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-16 23:33:53 +05:00
Maisem Ali
22238d897b all: standardize on PeerAPI
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-11-16 22:49:13 +05:00
Brad Fitzpatrick
7c285fe7ee ipn/ipnlocal: fix error message typo in ingress peerapi handler
Updates tailscale/corp#7515

Change-Id: I81edd7d9f8958eef61be71d3d34e545cd3347008
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-13 12:54:38 -08:00
Brad Fitzpatrick
9dfb0916c2 ipn/ipnlocal, tailcfg: wire up ingress peerapi
Updates tailscale/corp#7515

Co-authored-by: Shayne Sweeney <shayne@tailscale.com>
Change-Id: I7eac7b4ac37fd8e8a9e0469594c1e9e7dd0da666
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-11-10 09:48:10 -08:00
Josh Soref
d4811f11a0 all: fix spelling mistakes
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
2022-09-29 13:36:13 -07:00
Brad Fitzpatrick
4a82b317b7 ipn/{ipnlocal,localapi}: use strs.CutPrefix, add more domain validation
The GitHub CodeQL scanner flagged the localapi's cert domain usage as a problem
because user input in the URL made it to disk stat checks.

The domain is validated against the ipnstate.Status later, and only
authenticated root/configured users can hit this, but add some
paranoia anyway.

Change-Id: I373ef23832f1d8b3a27208bc811b6588ae5a1ddd
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-09-16 05:52:33 -07:00
Brad Fitzpatrick
4950fe60bd syncs, all: move to using Go's new atomic types instead of ours
Fixes #5185

Change-Id: I850dd532559af78c3895e2924f8237ccc328449d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-08-04 07:47:59 -07:00
Maisem Ali
9bb5a038e5 all: use atomic.Pointer
Also add some missing docs.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-08-03 21:42:52 -07:00
Brad Fitzpatrick
5f6abcfa6f all: migrate code from netaddr.FromStdAddr to Go 1.18
With caveat https://github.com/golang/go/issues/53607#issuecomment-1203466984
that then requires a new wrapper. But a simpler one at least.

Updates #5162

Change-Id: I0a5265065bfcd7f21e8dd65b2bd74cae90d76090
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-08-02 22:25:07 -07:00
Brad Fitzpatrick
a12aad6b47 all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
    perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
    goimports -w .

Then delete some stuff from the net/netaddr shim package which is no
longer neeed.

Updates #5162

Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 21:53:49 -07:00
Brad Fitzpatrick
6a396731eb all: use various net/netip parse funcs directly
Mechanical change with perl+goimports.

Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then
goimports -d .

Finally, removed the net/netaddr wrappers, to prevent future use.

Updates #5162

Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 21:12:28 -07:00
Brad Fitzpatrick
7eaf5e509f net/netaddr: start migrating to net/netip via new netaddr adapter package
Updates #5162

Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 16:20:43 -07:00
Tom DNetto
9dee6adfab cmd/tailscaled,ipn/ipnlocal,wgengine/...: pass dns.Manager into netstack
Needed for a following commit which moves magicDNS handling into
netstack.

Signed-off-by: Tom DNetto <tom@tailscale.com>
2022-04-30 10:18:59 -07:00
Maisem Ali
637cc1b5fc ipn/ipnlocal/peerapi: add endpoint to list local interfaces
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-27 06:44:58 -07:00
Brad Fitzpatrick
c88506caa6 ipn/ipnlocal: add Wake-on-LAN function to peerapi
No CLI support yet. Just the curl'able version if you know the peerapi
port. (like via a TSMP ping)

Updates #306

Change-Id: I0662ba6530f7ab58d0ddb24e3664167fcd1c4bcf
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-26 15:20:59 -07:00
Maisem Ali
1a19aed410 ipn/ipnlocal: do not initialize peer api listeners when shutting down
Updates tailscale/corp#4824

Signed-off-by: Maisem Ali <maisem@tailscale.com>
2022-04-25 11:08:03 -07:00
Brad Fitzpatrick
a2c330c496 ipn/ipnlocal: use the fake peerapi listener as fallback if netstack available
The previous commit (1b89662eff) this for Android, but we can also use
this on any platform if we we would otherwise fail.

Change-Id: I4cd78b40e9e77fca5cc8e717dd48ac173101bed4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-20 13:41:44 -07:00
Brad Fitzpatrick
1b89662eff ipn/ipnlocal: make peerapi listener on Android avoid the kernel
We intercept the peerapi port in netstack anyway, so there's no reason
the linux kernel on Android needs to know about it. It's only getting
in the way and causing problems for reasons we don't fully understand.
But we don't even need to understand it because it's not relevant
anymore.

Instead, provide a dummy net.Listener that just sits and blocks to
pacify the rest of the code that assumes it can be stuck in a
Listener.Accept call and call Listener.Close and Listener.Addr.

We'll likely do this for all platforms in the future, if/when we also
link in netstack on iOS.

Updates #4449
Updates #4293
Updates #3986

Change-Id: Ic2d3fe2f3cee60fc527356a3368830f17aeb75ae
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-20 12:31:12 -07:00
Brad Fitzpatrick
e96dd00652 ipn/ipnlocal: add capability for debugging peers over peerapi
The default is still users can debug their own nodes. But like
cd916b728b did, this adds support for admins to grant additional
capabilities with the new tailcfg.CapabilityDebugPeer cap.

Updates #4217

Change-Id: Ifce3d9a1f8e8845797970a4f97b393194663d35f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-18 10:21:42 -07:00
Brad Fitzpatrick
cd916b728b ipn/ipnlocal: add start of inter-user Taildrop
Controlled by server-sent capability policy.

To be initially used for SSH servers to record sessions to other
nodes. Not yet productized into something user-accessible. (Notably,
the list of Taildrop targets from the sender side isn't augmented
yet.) This purely permits expanding the set of expands a node will
accept a drop from.

Updates #3802
Updates #4217

Change-Id: Id7a5bccd686490f8ef2cdc7dae7c07c440dc0085
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-04-17 10:07:07 -07:00
Josh Bleecher Snyder
0868329936 all: use any instead of interface{}
My favorite part of generics.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2022-03-17 11:35:09 -07:00
Brad Fitzpatrick
bb94561c96 net/netutil: fix regression where peerapi would get closed after 1st req
I introduced a bug in 8fe503057d when unifying oneConnListener
implementations.

The NewOneConnListenerFrom API was easy to misuse (its Close method
closes the underlying Listener), and we did (via http.Serve, which
closes the listener after use, which meant we were close the peerapi's
listener, even though we only wanted its Addr)

Instead, combine those two constructors into one and pass in the Addr
explicitly, without delegating through to any Listener.

Change-Id: I061d7e5f842e0cada416e7b2dd62100d4f987125
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-22 13:52:18 -08:00
Brad Fitzpatrick
8fe503057d net/netutil: unify two oneConnListeners into a new package
I was about to add a third copy, so unify them now instead.

Change-Id: I3b93896aa1249b1250a6b1df4829d57717f2311a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-02-13 14:57:27 -08:00
Brad Fitzpatrick
bd90781b34 ipn/ipnlocal, wgengine/netstack: use netstack for peerapi server
We're finding a bunch of host operating systems/firewalls interact poorly
with peerapi. We either get ICMP errors from the host or users need to run
commands to allow the peerapi port:

https://github.com/tailscale/tailscale/issues/3842#issuecomment-1025133727

... even though the peerapi should be an internal implementation detail.

Rather than fight the host OS & firewalls, this change handles the
server side of peerapi entirely in netstack (except on iOS), so it
never makes its way to the host OS where it might be messed with. Two
main downsides are:

1) netstack isn't as fast, but we don't really need speed for peerapi.
   And actually, with fewer trips to/from the kernel, we might
   actually make up for some of the netstack performance loss by
   staying in userspace.

2) tcpdump / Wireshark etc packet captures will no longer see the peerapi
   traffic. Oh well. Crawshaw's been wanting to add packet capture server
   support to tailscaled, so we'll probably do that sooner now.

A future change might also then use peerapi for the client-side
(except on iOS).

Updates #3842 (probably fixes, as well as many exit node issues I bet)

Change-Id: Ibc25edbb895dc083d1f07bd3cab614134705aa39
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-01-31 14:20:08 -08:00
Brad Fitzpatrick
0aa4c6f147 net/dns/resolver: add debug HTML handler to see what DNS traffic was forwarded
Change-Id: I6b790e92dcc608515ac8b178f2271adc9fd98f78
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-12-21 14:32:36 -08:00
Brad Fitzpatrick
ae319b4636 wgengine/magicsock: add HTML debug handler to see magicsock state
Change-Id: Ibc46f4e9651e1c86ec6f5d139f5e9bdc7a488415
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-12-21 14:26:52 -08:00
Brad Fitzpatrick
d3d503d997 ipn/ipnlocal: add HTTP/2 h2c server support to peerapi on non-mobile platforms
To make ExitDNS cheaper.

Might not finish client-side support in December before 1.20, but at
least server support can start rolling out ahead of clients being
ready for it.

Tested with curl against peerapi.

Updates #1713

Change-Id: I676fed5fb1aef67e78c542a3bc93bddd04dd11fe
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-12-06 16:39:14 -08:00
Brad Fitzpatrick
abc00e9c8d ipn/{ipnserver,ipnlocal}: support incoming Taildrop on Synology
If the user has a "Taildrop" shared folder on startup and
the "tailscale" system user has read/write access to it,
then the user can "tailscale file cp" to their NAS.

Updates #2179 (would be fixes, but not super ideal/easy yet)

Change-Id: I68e59a99064b302abeb6d8cc84f7d2a09f764990
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-12-06 16:36:24 -08:00
Brad Fitzpatrick
43983a4a3b ipn/ipnlocal: run peerapi even if Taildrop storage not configured
Change-Id: I77f9ecbe4617d01d13aa1127fa59c83f2aa3e1b8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-12-01 16:45:09 -08:00
Brad Fitzpatrick
c7fb26acdb net/tsdial: also plumb TUN name and monitor into tsdial.Dialer
In prep for moving stuff out of LocalBackend.

Change-Id: I9725aa9c3ebc7275f8c40e040b326483c0340127
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-12-01 10:36:55 -08:00
Brad Fitzpatrick
16abd7e07c ipn/ipnlocal: fix Content-Length in DoH DNS proxy response
Updates #1713

Change-Id: I912d90383b751ad97b32bcec55e8fedbcf4d3db8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-30 17:01:09 -08:00
Brad Fitzpatrick
135580a5a8 tailcfg, ipn/ipnlocal, net/dns: forward exit node DNS on Unix to system DNS
Updates #1713

Change-Id: I4c073fec0992d9e01a9a4ce97087d5af0efdc68d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-29 15:25:41 -08:00
Brad Fitzpatrick
c2efe46f72 ipn/ipnlocal: restrict exit node DoH server based on ACL'ed packet filter
Don't be a DoH DNS server to peers unless the Tailnet admin has permitted
that peer autogroup:internet access.

Updates #1713

Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-29 09:56:59 -08:00
Brad Fitzpatrick
25525b7754 net/dns/resolver, ipn/ipnlocal: wire up peerapi DoH server to DNS forwarder
Updates #1713

Change-Id: Ia4ed9d8c9cef0e70aa6d30f2852eaab80f5f695a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-23 18:59:36 -08:00
Brad Fitzpatrick
283ae702c1 ipn/ipnlocal: start adding DoH DNS server to peerapi when exit node
Updates #1713

Change-Id: I8d9c488f779e7acc811a9bc18166a2726198a429
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-23 08:21:41 -08:00
Brad Fitzpatrick
4a59a2781a ipn/ipnlocal: export client metrics over peerapi to owner
Updates #3307

Change-Id: I41b1f3c16af5f385575e8d6cea70ae8386504dd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-18 08:04:00 -08:00
Brad Fitzpatrick
c7bff35fee ipn/ipnlocal: add owner-only debug handler to get process env
For debugging Synology. Like the existing goroutines handler, in that
it's owner-only.

Change-Id: I852f0626be8e1c0b6794c1e062111d14adc3e6ac
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-11-03 13:12:32 -07:00
Josh Bleecher Snyder
25df067dd0 all: adapt to opaque netaddr types
This commit is a mishmash of automated edits using gofmt:

gofmt -r 'netaddr.IPPort{IP: a, Port: b} -> netaddr.IPPortFrom(a, b)' -w .
gofmt -r 'netaddr.IPPrefix{IP: a, Port: b} -> netaddr.IPPrefixFrom(a, b)' -w .

gofmt -r 'a.IP.Is4 -> a.IP().Is4' -w .
gofmt -r 'a.IP.As16 -> a.IP().As16' -w .
gofmt -r 'a.IP.Is6 -> a.IP().Is6' -w .
gofmt -r 'a.IP.As4 -> a.IP().As4' -w .
gofmt -r 'a.IP.String -> a.IP().String' -w .

And regexps:

\w*(.*)\.Port = (.*)  ->  $1 = $1.WithPort($2)
\w*(.*)\.IP = (.*)  ->  $1 = $1.WithIP($2)

And lots of manual fixups.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-05-16 14:52:00 -07:00
Brad Fitzpatrick
4066c606df ipn/ipnlocal: update peerapi logging of received PUTs
Clarify direction and add duration.

(per chat with Avery)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-05-04 11:09:02 -07:00
Brad Fitzpatrick
f5bccc0746 ipn/ipnlocal: redact more errors
Updates tailscale/corp#1636

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-05-04 09:58:09 -07:00
Brad Fitzpatrick
138921ae40 ipn/ipnlocal: always write files to partial files, even in buffered mode
The intention was always that files only get written to *.partial
files and renamed at the end once fully received, but somewhere in the
process that got lost in buffered mode and *.partial files were only
being used in direct receive mode. This fix prevents WaitingFiles
from returning files that are still being transferred.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-26 11:34:05 -07:00
Brad Fitzpatrick
5e268e6153 ipn/ipnlocal: use delete marker files to work around Windows delete problems
If DeleteFile fails on Windows due to another process (anti-virus,
probably) having our file open, instead leave a marker file that the
file is logically deleted, and remove it from API calls and clean it
up lazily later.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-26 10:59:25 -07:00
Brad Fitzpatrick
86e85d8934 ipn/ipnlocal: add peerapi goroutine fetch
Between owners.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-22 13:11:51 -07:00
Brad Fitzpatrick
2d786821f6 ipn/ipnlocal: put a retry loop around Windows file deletes
oh, Windows.

Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-22 10:04:50 -07:00
Brad Fitzpatrick
529ef98b2a ipn/ipnlocal: fix approxSize operator precedence
Whoops.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-22 08:44:50 -07:00
Brad Fitzpatrick
b03c23d2ed ipn/ipnlocal: log on DeleteFile error
Updates tailscale/corp#1626

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-22 07:48:18 -07:00
Brad Fitzpatrick
3d0599fca0 ipn{,/ipnlocal}: in direct file receive mode, don't rename partial file
Let caller (macOS) do it so Finder progress bar can be dismissed
without races.

Updates tailscale/corp#1575

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-20 12:40:42 -07:00
Brad Fitzpatrick
8570f82c8b ipn/ipnlocal: finish/fix up filename validation & encoding on disk
It used to just store received files URL-escaped on disk, but that was
a half done lazy implementation, and pushed the burden to callers to
validate and write things to disk in an unescaped way.

Instead, do all the validation in the receive handler and only
accept filenames that are UTF-8 and in the intersection of valid
names that all platforms support.

Fixes tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 22:39:53 -07:00
Brad Fitzpatrick
cad8df500c ipn/ipnlocal: add some more peerapi handlePeerPut tests
Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:01:04 -07:00
Brad Fitzpatrick
0d1550898e ipn/ipnlocal: add some peerapi tests
Updates tailscale/corp#1594

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 20:28:53 -07:00
Brad Fitzpatrick
b993d9802a ipn/ipnlocal, etc: require file sharing capability to send/recv files
tailscale/corp#1582

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-16 10:58:19 -07:00
Brad Fitzpatrick
b91f3c4191 ipn/ipnlocal: fix peerapi printf arg mismatch
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-13 08:56:26 -07:00
Brad Fitzpatrick
db5e269463 client/tailscale/apitype: move local API types to new apitype package
They were scattered/duplicated in misc places before.

It can't be in the client package itself for circular dep reasons.

This new package is basically tailcfg but for localhost
communications, instead of to control.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-13 08:13:46 -07:00
Brad Fitzpatrick
8e75c8504c ipn/ipnlocal: in direct file mode, don't readdir
And don't even allow attempts at Open/Delete.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 15:12:47 -07:00
Brad Fitzpatrick
f5742b0647 ipn/ipnlocal: add LocalBackend.SetDirectFileRoot
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12 14:29:45 -07:00
Brad Fitzpatrick
6d01d3bece ipn/ipnlocal: provide IPN bus updates as files arrive
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-08 20:09:52 -07:00
Brad Fitzpatrick
6266cf8e36 ipn/ipnlocal: fix peerapi6 port being report as 0 in netstack mode
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-01 22:04:46 -07:00
Brad Fitzpatrick
6d1a9017c9 ipn/{ipnlocal,localapi}, client/tailscale: add file get/delete APIs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-30 12:56:51 -07:00
Brad Fitzpatrick
672b9fd4bd ipn{,/ipnlocal}: set new Notify.FilesWaiting when server has file(s)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-30 11:36:12 -07:00
Brad Fitzpatrick
f01091babe ipn/ipnlocal: make peerapi work in netstack mode
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-30 09:55:01 -07:00
Brad Fitzpatrick
9659ab81e0 ipn/ipnlocal: send peerapi port(s) in Hostinfo.Services
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-29 12:51:19 -07:00
Brad Fitzpatrick
35596ae5ce ipn/ipnlocal: push down a user-specific root dir to peerapi handler
And add a put handler.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-29 11:33:35 -07:00
Brad Fitzpatrick
f26dfd054a ipn/ipnlocal: rename/document peerapi stuff a bit, pass self identity
So handlers can vary based on whether owner of peer matches owner of
local node.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-26 21:36:39 -07:00
Brad Fitzpatrick
1642dfdb07 ipn/ipnlocal: get peerapi ~working in macOS/iOS NetworkExtension sandbox
IPv4 and IPv6 both work remotely, but IPv6 doesn't yet work from the
machine itself due to routing mysteries.

Untested yet on iOS, but previous prototype worked on iOS, so should
work the same.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-26 13:46:01 -07:00
Brad Fitzpatrick
5a62aa8047 ipn/ipnlocal: pass down interface state to peerapi ListenConfig hook
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-26 09:11:48 -07:00
Brad Fitzpatrick
81143b6d9a ipn/ipnlocal: start of peerapi between nodes
Also some necessary refactoring of the ipn/ipnstate too.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-25 16:00:35 -07:00