TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-12-01 22:15:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,999 Commits 713 Branches 157 Tags 108 MiB
a4c679e646
Commit Graph

183 Commits

Author SHA1 Message Date
Josh Bleecher Snyder
7c1a9e8616 net/nettest: de-flake tests on Windows 
Windows has a low resolution timer.
Some of the tests assumed that unblock takes effect immediately.

Consider:

t := time.Now()
elapsed := time.Now().After(t)

It seems plausible that elapsed should always be true.
However, with a low resolution timer, that might fail.

Change time.Now().After to !time.Now().Before,
so that unblocking always takes effect immediately.

Fixes #873.
 2021-01-15 18:21:56 -08:00
Josh Bleecher Snyder
a64d06f15c net/nettest: remove pointless checks in tests 
If err == nil, then !errors.Is(err, anything).
 2021-01-15 18:21:56 -08:00
Josh Bleecher Snyder
503db5540f net/nettest: add missing check at end of TestLimit 
This appears to have been an oversight.
 2021-01-15 18:21:56 -08:00
Brad Fitzpatrick
b560386c1a net/packet, wgengine, tstun: add inter-node TSMP protocol for connect errors 
This adds a new IP Protocol type, TSMP on protocol number 99 for
sending inter-tailscale messages over WireGuard, currently just for
why a peer rejects TCP SYNs (ACL rejection, shields up, and in the
future: nothing listening, something listening on that port but wrong
interface, etc)

Updates #1094
Updates tailscale/corp#1185

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-01-15 14:03:57 -08:00
Denton Gentry
ac42757cd7 netcheck: use reflect in sortRegions test. 
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2021-01-12 04:29:28 -08:00
Denton Gentry
43e060b0e5 netcheck: test sortRegions 
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2021-01-12 04:29:28 -08:00
Brad Fitzpatrick
5eeaea9ef9 net/packet: add TCPFlag type and some more constants 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-01-11 22:09:09 -08:00
Brad Fitzpatrick
ad3fb6125d net/flowtrack: add Tuple.String method 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-01-11 22:09:09 -08:00
Brad Fitzpatrick
676b5b7946 net/netcheck: improve the preferred DERP hysteresis 
Users in Amsterdam (as one example) were flipping back and forth
between equidistant London & Frankfurt relays too much.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-01-11 14:50:47 -08:00
Brad Fitzpatrick
4d15e954bd net/flowtrack: add new package to specialize groupcache/lru key type 
Reduces allocs.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-01-11 13:08:03 -08:00
Brad Fitzpatrick
66be052a70 net/dnscache: work on IPv6-only hosts (again) 
This fixes the regression where we had stopped working on IPv6-only
hosts.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-01-06 19:53:13 -08:00
Josh Bleecher Snyder
1e88050403 net/tsaddr: add ChromeOS contains tests 
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2020-12-28 16:48:43 -08:00
David Anderson
cb96b14bf4 net/packet: remove the custom IP4/IP6 types in favor of netaddr.IP. 
Upstream netaddr has a change that makes it alloc-free, so it's safe to
use in hot codepaths. This gets rid of one of the many IP types in our
codebase.

Performance is currently worse across the board. This is likely due in
part to netaddr.IP being a larger value type (4b -> 24b for IPv4,
16b -> 24b for IPv6), and in other part due to missing low-hanging fruit
optimizations in netaddr. However, the regression is less bad than
it looks at first glance, because we'd micro-optimized packet.IP* in
the past few weeks. This change drops us back to roughly where we
were at the 1.2 release, but with the benefit of a significant
code and architectural simplification.

name                   old time/op    new time/op    delta
pkg:tailscale.com/net/packet goos:linux goarch:amd64
Decode/tcp4-8            12.2ns ± 5%    29.7ns ± 2%  +142.32%  (p=0.008 n=5+5)
Decode/tcp6-8            12.6ns ± 3%    65.1ns ± 2%  +418.47%  (p=0.008 n=5+5)
Decode/udp4-8            11.8ns ± 3%    30.5ns ± 2%  +157.94%  (p=0.008 n=5+5)
Decode/udp6-8            27.1ns ± 1%    65.7ns ± 2%  +142.36%  (p=0.016 n=4+5)
Decode/icmp4-8           24.6ns ± 2%    30.5ns ± 2%   +23.65%  (p=0.016 n=4+5)
Decode/icmp6-8           22.9ns ±51%    65.5ns ± 2%  +186.19%  (p=0.008 n=5+5)
Decode/igmp-8            18.1ns ±44%    30.2ns ± 1%   +66.89%  (p=0.008 n=5+5)
Decode/unknown-8         20.8ns ± 1%    10.6ns ± 9%   -49.11%  (p=0.016 n=4+5)
pkg:tailscale.com/wgengine/filter goos:linux goarch:amd64
Filter/icmp4-8           30.5ns ± 1%    77.9ns ± 3%  +155.01%  (p=0.008 n=5+5)
Filter/tcp4_syn_in-8     43.7ns ± 3%   123.0ns ± 3%  +181.72%  (p=0.008 n=5+5)
Filter/tcp4_syn_out-8    24.5ns ± 2%    45.7ns ± 6%   +86.22%  (p=0.008 n=5+5)
Filter/udp4_in-8         64.8ns ± 1%   210.0ns ± 2%  +223.87%  (p=0.008 n=5+5)
Filter/udp4_out-8         119ns ± 0%     278ns ± 0%  +133.78%  (p=0.016 n=4+5)
Filter/icmp6-8           40.3ns ± 2%   204.4ns ± 4%  +407.70%  (p=0.008 n=5+5)
Filter/tcp6_syn_in-8     35.3ns ± 3%   199.2ns ± 2%  +464.95%  (p=0.008 n=5+5)
Filter/tcp6_syn_out-8    32.8ns ± 2%    81.0ns ± 2%  +147.10%  (p=0.008 n=5+5)
Filter/udp6_in-8          106ns ± 2%     290ns ± 2%  +174.48%  (p=0.008 n=5+5)
Filter/udp6_out-8         184ns ± 2%     314ns ± 3%   +70.43%  (p=0.016 n=4+5)
pkg:tailscale.com/wgengine/tstun goos:linux goarch:amd64
Write-8                  9.02ns ± 3%    8.92ns ± 1%      ~     (p=0.421 n=5+5)

name                   old alloc/op   new alloc/op   delta
pkg:tailscale.com/net/packet goos:linux goarch:amd64
Decode/tcp4-8             0.00B          0.00B           ~     (all equal)
Decode/tcp6-8             0.00B          0.00B           ~     (all equal)
Decode/udp4-8             0.00B          0.00B           ~     (all equal)
Decode/udp6-8             0.00B          0.00B           ~     (all equal)
Decode/icmp4-8            0.00B          0.00B           ~     (all equal)
Decode/icmp6-8            0.00B          0.00B           ~     (all equal)
Decode/igmp-8             0.00B          0.00B           ~     (all equal)
Decode/unknown-8          0.00B          0.00B           ~     (all equal)
pkg:tailscale.com/wgengine/filter goos:linux goarch:amd64
Filter/icmp4-8            0.00B          0.00B           ~     (all equal)
Filter/tcp4_syn_in-8      0.00B          0.00B           ~     (all equal)
Filter/tcp4_syn_out-8     0.00B          0.00B           ~     (all equal)
Filter/udp4_in-8          0.00B          0.00B           ~     (all equal)
Filter/udp4_out-8         16.0B ± 0%     64.0B ± 0%  +300.00%  (p=0.008 n=5+5)
Filter/icmp6-8            0.00B          0.00B           ~     (all equal)
Filter/tcp6_syn_in-8      0.00B          0.00B           ~     (all equal)
Filter/tcp6_syn_out-8     0.00B          0.00B           ~     (all equal)
Filter/udp6_in-8          0.00B          0.00B           ~     (all equal)
Filter/udp6_out-8         48.0B ± 0%     64.0B ± 0%   +33.33%  (p=0.008 n=5+5)

name                   old allocs/op  new allocs/op  delta
pkg:tailscale.com/net/packet goos:linux goarch:amd64
Decode/tcp4-8              0.00           0.00           ~     (all equal)
Decode/tcp6-8              0.00           0.00           ~     (all equal)
Decode/udp4-8              0.00           0.00           ~     (all equal)
Decode/udp6-8              0.00           0.00           ~     (all equal)
Decode/icmp4-8             0.00           0.00           ~     (all equal)
Decode/icmp6-8             0.00           0.00           ~     (all equal)
Decode/igmp-8              0.00           0.00           ~     (all equal)
Decode/unknown-8           0.00           0.00           ~     (all equal)
pkg:tailscale.com/wgengine/filter goos:linux goarch:amd64
Filter/icmp4-8             0.00           0.00           ~     (all equal)
Filter/tcp4_syn_in-8       0.00           0.00           ~     (all equal)
Filter/tcp4_syn_out-8      0.00           0.00           ~     (all equal)
Filter/udp4_in-8           0.00           0.00           ~     (all equal)
Filter/udp4_out-8          1.00 ± 0%      1.00 ± 0%      ~     (all equal)
Filter/icmp6-8             0.00           0.00           ~     (all equal)
Filter/tcp6_syn_in-8       0.00           0.00           ~     (all equal)
Filter/tcp6_syn_out-8      0.00           0.00           ~     (all equal)
Filter/udp6_in-8           0.00           0.00           ~     (all equal)
Filter/udp6_out-8          1.00 ± 0%      1.00 ± 0%      ~     (all equal)

Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-12-22 14:44:36 -08:00
Brad Fitzpatrick
d0baece5fa go.mod: bump inet.af/netaddr to non-allocating version 2020-12-22 14:25:32 -08:00
Brad Fitzpatrick
053a1d1340 all: annotate log verbosity levels on most egregiously spammy log prints 
Fixes #924
Fixes #282

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-12-21 12:59:33 -08:00
David Anderson
baa7937998 net/interfaces: return IPv6 addresses from LocalAddresses. 
In practice, we already provide IPv6 endpoint addresses via netcheck,
and that address is likely to match a local address anyway (i.e. no NAT66).
The comment at that piece of the code mentions needing to figure out a
good priority ordering, but that only applies to non-active-discovery
clients, who already don't do anything with IPv6 addresses.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-12-19 13:50:44 -08:00
David Anderson
aa353b8d0f net/packet: add an IP6 constructor from a raw byte array. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-12-19 13:50:44 -08:00
Josh Bleecher Snyder
a6cad71fb2 go.mod: upgrade staticcheck to 0.1.0 
Also run go.mod and fix some staticcheck warnings.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2020-12-14 14:01:29 -08:00
Brad Fitzpatrick
08f94b3b50 net/netcheck: fix offset of unspecified address in PCP request packet 
Fixes #810
 2020-12-08 15:22:26 -08:00
Brad Fitzpatrick
05e5233e07 net/netcheck: don't send flood of PCP unmap requests to router 
Updates #810
 2020-12-06 19:46:11 -08:00
Josh Bleecher Snyder
1ebbaaaebb net/interfaces: make syscall and netstat agree when multiple gateways are present 
likelyHomeRouterIPDarwinSyscall iterates through the list of routes,
looking for a private gateway, returning the first one it finds.

likelyHomeRouterIPDarwinExec does the same thing,
except that it returns the last one it finds.

As a result, when there are multiple gateways,
TestLikelyHomeRouterIPSyscallExec fails.
(At least, I think that that is what is happening;
I am going inferring from observed behavior.)

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2020-11-19 12:14:58 -08:00
Brad Fitzpatrick
5d96ecd5e6 net/netstat: remove a bit more unsafe 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-11-17 13:49:24 -08:00
David Anderson
3c508a58cc wgengine/filter: don't filter GCP DNS. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-16 14:08:27 -08:00
Brad Fitzpatrick
7a01cd27ca net/netstat: remove some unsafe 
Just removing any unnecessary unsafe while auditing unsafe usage for #921.
 2020-11-14 21:24:09 -08:00
Brad Fitzpatrick
45d96788b5 net/netns: remove use of unsafe on Windows 
Found while auditing unsafe for #921 via the list at:

https://github.com/tailscale/tailscale/issues/921#issuecomment-727365383

No need for unsafe here, so remove it.
 2020-11-14 19:53:10 -08:00
Josh Bleecher Snyder
b0526e8284 net/packet: remove unnecessary mark 
There's no need to mask out the bottom four bits
of b[0] if we are about to shift them away.
 2020-11-13 18:31:38 -08:00
Josh Bleecher Snyder
efad55cf86 net/packet: speed up packet decoding 
The compiler is failing to draw the connection between
slice cap and slice len, so is missing some obvious BCE opportunities.
Give it a hint by making the cap equal to the length.
The generated code is smaller and cleaner, and a bit faster.

name              old time/op    new time/op    delta
Decode/tcp4-8       12.2ns ± 1%    11.6ns ± 3%  -5.31%  (p=0.000 n=28+29)
Decode/tcp6-8       12.5ns ± 2%    11.9ns ± 2%  -4.84%  (p=0.000 n=30+30)
Decode/udp4-8       11.5ns ± 1%    11.1ns ± 1%  -3.11%  (p=0.000 n=25+24)
Decode/udp6-8       11.8ns ± 3%    11.4ns ± 1%  -3.08%  (p=0.000 n=30+26)
Decode/icmp4-8      11.0ns ± 3%    10.6ns ± 1%  -3.38%  (p=0.000 n=25+30)
Decode/icmp6-8      11.4ns ± 1%    11.1ns ± 2%  -2.29%  (p=0.000 n=27+30)
Decode/igmp-8       10.3ns ± 0%    10.0ns ± 1%  -3.26%  (p=0.000 n=19+23)
Decode/unknown-8    8.68ns ± 1%    8.38ns ± 1%  -3.55%  (p=0.000 n=28+29)
 2020-11-13 18:31:38 -08:00
David Anderson
2d604b3791 net/packet: represent IP6 as two uint64s. 
For the operations we perform on these types (mostly net6.Contains),
this encoding is much faster.

Part of #19.

name                   old time/op    new time/op    delta
Filter/icmp4-8           27.5ns ± 1%    28.0ns ± 2%   +1.89%  (p=0.016 n=5+5)
Filter/tcp4_syn_in-8     38.8ns ± 2%    38.3ns ± 1%   -1.24%  (p=0.024 n=5+5)
Filter/tcp4_syn_out-8    27.6ns ±12%    24.6ns ± 1%     ~     (p=0.063 n=5+5)
Filter/udp4_in-8         71.5ns ± 5%    65.9ns ± 1%   -7.94%  (p=0.008 n=5+5)
Filter/udp4_out-8         132ns ±13%     119ns ± 1%  -10.29%  (p=0.008 n=5+5)
Filter/icmp6-8            169ns ±10%      54ns ± 1%  -68.35%  (p=0.008 n=5+5)
Filter/tcp6_syn_in-8      149ns ± 6%      43ns ± 1%  -71.11%  (p=0.008 n=5+5)
Filter/tcp6_syn_out-8    37.7ns ± 4%    24.3ns ± 3%  -35.51%  (p=0.008 n=5+5)
Filter/udp6_in-8          179ns ± 5%     103ns ± 1%  -42.75%  (p=0.008 n=5+5)
Filter/udp6_out-8         156ns ± 3%     191ns ± 1%  +22.54%  (p=0.008 n=5+5)

Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-12 21:41:21 -08:00
David Anderson
04ff3c91ee wgengine/filter: add full IPv6 support. 
Part of #19.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-12 21:41:15 -08:00
Brad Fitzpatrick
a2d78b4d3e net/dnscache, control/controlclient: use DNS cache when dialing control 
Cache DNS results of earlier login.tailscale.com control dials, and use
them for future dials if DNS is slow or broken.

Fixes various issues with trickier setups with the domain's DNS server
behind a subnet router.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-11-11 12:50:04 -08:00
Brad Fitzpatrick
97e82c6cc0 net/netcheck: remove unused DNSCache from netcheck 
It's easy to add back later if/when the TODO is implemented.
 2020-11-11 11:52:35 -08:00
Brad Fitzpatrick
19b0cfe89e all: prepare for GOOS=ios in Go 1.16 
Work with either way for now on iOS (darwin/arm64 vs ios/arm64).

In February when Go 1.16 comes out we'll have a universal binary for
darwin/arm64 (macOS) and will drop support for Go 1.15 and its
darwin/amd64 meaning iOS. (it'll mean macOS).

Context:

* https://tip.golang.org/doc/go1.16#darwin
* https://github.com/golang/go/issues/38485
* https://github.com/golang/go/issues/42100
 2020-11-11 09:17:04 -08:00
David Anderson
a38e28da07 net/packet: documentation pass. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-10 22:29:00 -08:00
David Anderson
c2cc3acbaf net/packet: remove NewIP, offer only a netaddr constructor. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-10 22:03:47 -08:00
David Anderson
d7ee3096dd net/packet: documentation cleanups. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-10 21:12:55 -08:00
David Anderson
9ef39af2f2 net/packet: fix panic on invalid IHL field. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-10 20:23:54 -08:00
David Anderson
22bf48f37c net/packet: remove {get,put}{16,32} indirection to encoding/binary. 
name              old time/op    new time/op    delta
Decode/tcp4-8       28.8ns ± 2%    13.1ns ± 4%  -54.44%  (p=0.008 n=5+5)
Decode/tcp6-8       20.6ns ± 1%    12.6ns ± 2%  -38.72%  (p=0.008 n=5+5)
Decode/udp4-8       28.2ns ± 1%    12.1ns ± 4%  -57.01%  (p=0.008 n=5+5)
Decode/udp6-8       20.0ns ± 6%    12.1ns ± 2%  -39.38%  (p=0.008 n=5+5)
Decode/icmp4-8      21.7ns ± 2%    11.5ns ± 1%  -47.01%  (p=0.008 n=5+5)
Decode/icmp6-8      14.1ns ± 2%    11.8ns ± 4%  -16.60%  (p=0.008 n=5+5)
Decode/unknown-8    9.43ns ± 2%    9.30ns ± 3%     ~     (p=0.222 n=5+5)

Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-10 20:23:54 -08:00
David Anderson
55b1221db2 net/packet: support full IPv6 decoding. 
The packet filter still rejects all IPv6, but decodes enough from v6
packets to do something smarter in a followup.

name              time/op
Decode/tcp4-8     28.8ns ± 2%
Decode/tcp6-8     20.6ns ± 1%
Decode/udp4-8     28.2ns ± 1%
Decode/udp6-8     20.0ns ± 6%
Decode/icmp4-8    21.7ns ± 2%
Decode/icmp6-8    14.1ns ± 2%
Decode/unknown-8  9.43ns ± 2%

Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-10 20:23:54 -08:00
David Anderson
89894c6930 net/packet: add IPv6 source and destination IPs to Parsed. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-10 20:23:54 -08:00
Brad Fitzpatrick
d192bd0f86 net/interfaces: ignore bogus proxy URLs from winhttp [windows] 
Updates tailscale/corp#853
 2020-11-10 11:30:18 -08:00
David Anderson
6e52633c53 net/packet: record allocations in benchmark. 2020-11-10 02:19:55 -08:00
David Anderson
093431f5dd net/packet: s/ParsedPacket/Parsed/ to avoid package stuttering. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-09 23:52:54 -08:00
David Anderson
427bf2134f net/packet: rename from wgengine/packet. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-11-09 16:25:24 -08:00
Brad Fitzpatrick
1036f51a56 net/tshttpproxy: aggressively rate-limit error logs in Transport.Proxy path 
Otherwise log upload HTTP requests generate proxy errrors which
generate logs which generate HTTP requests which generate proxy
errors which generate more logs, etc.

Fixes #879
 2020-11-03 09:23:57 -08:00
Brad Fitzpatrick
7ac91c15bd net/netcheck: fix tests on Windows 
Updates #50
 2020-10-28 09:10:35 -07:00
Brad Fitzpatrick
fd2a30cd32 wgengine/magicsock: make test pass on Windows and without firewall dialog box 
Updates #50
 2020-10-28 09:02:08 -07:00
David Anderson
5c35c35e7f tsaddr: add helpers for the Tailscale IPv6 range, and 4to6 conversion. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-10-15 15:15:24 -07:00
Brad Fitzpatrick
551e1e99e9 net/netns: don't bind to device for localhost connections 
Fixes derphttp test failures on Windows (for #50).
 2020-10-13 15:24:07 -07:00
Alex Brainman
f2ce64f0c6 wgengine/router: unfork winipcfg-go package, use upstream 
Use golang.zx2c4.com/wireguard/windows/tunnel/winipcfg
instead of github.com/tailscale/winipcfg-go package.

Updates #760

Signed-off-by: Alex Brainman <alex.brainman@gmail.com>
 2020-10-13 09:21:22 -07:00
Brad Fitzpatrick
6ee219a25d ipn, wgengine, magicsock, tsdns: be quieter and less aggressive when offline 
If no interfaces are up, calm down and stop spamming so much. It was
noticed as especially bad on Windows, but probably was bad
everywhere. I just have the best network conditions testing on a
Windows VM.

Updates #604
 2020-10-06 15:26:53 -07:00
Brad Fitzpatrick
587bdc4280 ipn, wgengine: disable subnet routes if network has PAC configuration 
Not configurable yet.

Updates tailscale/corp#653

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-10-05 21:04:23 -07:00
Brad Fitzpatrick
ed5d5f920f net/interfaces: add interfaces.State.String method 2020-10-02 12:15:05 -07:00
Brad Fitzpatrick
cab3eb995f net/interfaces: quiet PAC detection logging in no-PAC case, add benchmark 2020-10-01 22:02:39 -07:00
Brad Fitzpatrick
8051ecff55 net/interfaces: add State.PAC field, populate it on Windows 
Not used for anything yet (except logging), but populate the current
proxy autoconfig PAC URL in Interfaces.State.

A future change will do things based on it.
 2020-10-01 15:33:37 -07:00
Brad Fitzpatrick
8893c2ee78 net/interfaces, net/netns: move default route interface code to interfaces 
To populate interfaces.State.DefaultRouteInterface.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-09-22 19:02:17 -07:00
Brad Fitzpatrick
fda9dc8815 net/netns: document Windows socket binding a bit more 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-09-22 13:05:26 -07:00
Brad Fitzpatrick
963b927d5b net/tshttpproxy: appease staticcheck 2020-09-21 15:01:30 -07:00
Brad Fitzpatrick
5bcac4eaac net/tshttpproxy: add GetProxyForURL negative cache 
Otherwise when PAC server is down, we log, and each log entry is a new
HTTP request (from logtail) and a new GetProxyForURL call, which again
logs, non-stop. This is also nicer to the WinHTTP service.

Then also hook up link change notifications to the cache to reset it
if there's a chance the network might work sooner.
 2020-09-21 14:05:28 -07:00
David Anderson
8f5b52e571 net/netns: add windows support. 
Also remove rebinding logic from the windows router. Magicsock will
instead rebind based on link change signals.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-09-14 16:28:49 -07:00
Brad Fitzpatrick
40e12c17ec net/netcheck: remove mistaken double Mutex.Unlock in error path 
Thanks to @dotaheor for noticing.

Fixes #751
 2020-09-11 07:55:49 -07:00
Brad Fitzpatrick
f65eb4e5c1 net/netstat: start of new netstat package, with Windows for now 
This will be used in a future change to do localhost connection
authentication. This lets us quickly map a localhost TCP connection to
a PID. (A future change will then map a pid to a user)

TODO: pull portlist's netstat code into this package. Then portlist
will be fast on Windows without requiring shelling out to netstat.exe.
 2020-09-10 15:24:49 -07:00
Brad Fitzpatrick
9c25968b63 net/tshttpproxy: fix typo in Windows code added at least second 
I ran tests & vet & staticcheck, but for Linux, not Windows.
(#728 would be nice)
 2020-09-02 21:25:38 -07:00
Brad Fitzpatrick
b026a638c7 net/tshttpproxy: if winhttp.GetProxyForURL blocks too long, use previous value 
We currently have a chickend-and-egg situation in some environments
where we can set up routes that WinHTTP's WPAD/PAC resolution service
needs to download the PAC file to evaluate GetProxyForURL, but the PAC
file is behind a route for which we need to call GetProxyForURL to
e.g. dial a DERP server.

As a short-term fix, just assume that the most recently returned proxy
is good enough for such situations.
 2020-09-02 21:15:36 -07:00
Brad Fitzpatrick
74ee374667 net/tshttpproxy: add more winhttp logging 
Notably around duration of calls.
 2020-08-28 21:37:49 -07:00
Brad Fitzpatrick
1e0be5a458 tshttp, derphttp: send Proxy-Authorization, not Authorization, to proxies 
Whoops. But weirdly, sending Authorization sometimes worked?
 2020-08-28 21:01:00 -07:00
Brad Fitzpatrick
2bac125cad net/tshttpproxy: move the TS_DEBUG_FAKE_PROXY_AUTH knob up a level 2020-08-27 08:17:57 -07:00
Brad Fitzpatrick
28f9cd06f5 tshttpproxy, controlclient, derphttp, logpolicy: send Negotiate auth to proxies 
For Windows only, and only when built with Tailscale's Go tree.

Updates tailscale/corp#583
 2020-08-26 20:08:05 -07:00
Brad Fitzpatrick
f915ab6552 net/tshttpproxy: add start of Kerberos Negotiate auth to proxies on Windows 
For now only used by a new cmd/tailscale debug --get-url
subcommand. Not yet wired up to the places making HTTP requests.

Updates tailscale/corp#583
 2020-08-25 13:49:06 -07:00
renthraysk
10cad39abd
net/stun: Fix STUN attribute padding (#710) 
net/stun: fix STUN attribute padding

Signed-off-by: RenThraysk <renthraysk@gmail.com>
 2020-08-24 12:52:13 -07:00
Brad Fitzpatrick
9be1917c5b net/tshttpproxy: discard secondary Windows proxies for now 2020-08-24 09:21:33 -07:00
Brad Fitzpatrick
1e562886f5 net/netcheck: in verbose mode, probe all regions 
So 'tailscale netcheck --verbose' shows all regions' latencies.
 2020-08-19 20:47:17 -07:00
Brad Fitzpatrick
c5eb57f4d6 net/tshttpproxy: new package, support WPAD/PAC proxies on Windows 
Updates tailscale/corp#553

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-08-18 15:40:56 -07:00
Brad Fitzpatrick
dbb4c246fa wgengine/monitor: add Windows linkchange monitor 
Updates tailscale/corp#553

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-08-13 07:39:26 -07:00
Brad Fitzpatrick
b97aac1718 net/interfaces: include DefaultRouteInterface in interfaces.State 
And log it in wgengine on change. Changing bug in #643.

Updates #643
 2020-08-12 12:48:34 -07:00
Josh Bleecher Snyder
a9b1e3f9e8 net/interfaces: remove old debug old 
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2020-08-10 14:28:16 -07:00
Brad Fitzpatrick
25b021388b net/netns, net/interfaces: move defaultRouteInterface, add Android fallback 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-08-10 13:02:47 -07:00
Josh Bleecher Snyder
a16a793605 net/interfaces: use syscalls to find private gateway IP address 
iOS doesn't let you run subprocesses,
which means we can't use netstat to get routing information.
Instead, use syscalls and grub around in the results.
We keep the old netstat version around,
both for use in non-cgo builds,
and for use testing the syscall-based version.

Note that iOS doesn't ship route.h,
so we include a copy here from the macOS 10.15 SDK
(which is itself unchanged from the 10.14 SDK).

I have tested manually that this yields the correct
gateway IP address on my own macOS and iOS devices.
More coverage would be most welcome.

Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
 2020-08-04 15:45:56 -07:00
Dmytro Shynkevych
28e52a0492
all: dns refactor, add Proxied and PerDomain flags from control (#615) 
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
 2020-07-31 16:27:09 -04:00
Brad Fitzpatrick
c253d4f948 net/interfaces: don't try to fork on iOS in likelyHomeRouterIPDarwin 
No subprocesses allowed on iOS. Will need to do this differently later.
 2020-07-31 10:35:15 -07:00
Brad Fitzpatrick
33a748bec1 net/interfaces: fix likelyHomeRouterIP on Android 2020-07-28 09:12:04 -07:00
David Anderson
a2b4ad839b net/netcheck: lower the hairpin check timeout to 100ms. 
This single check is the long pole for netcheck, and significantly slows down magicsock
tests.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-07-27 14:09:54 -07:00
David Anderson
25288567ec net/netcheck: centralize all clock values in one place. 
This makes it easier to see how long a netcheck might take, and what
the slow bits might be.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-07-27 14:09:54 -07:00
David Anderson
d60917c0f1 wgengine/router: switch packet marks to avoid conflict with Weave Net. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2020-07-22 01:24:46 +00:00
Brad Fitzpatrick
10ac066013 all: fix vet warnings 2020-07-16 08:39:38 -07:00
Brad Fitzpatrick
723b9eecb0 net/interfaces: set SysProcAttr.HideWindow to prevent cmd.exe flash on Windows 2020-07-15 12:43:48 -07:00
Brad Fitzpatrick
6c74065053 wgengine/magicsock, tstest/natlab: start hooking up natlab to magicsock 
Also adds ephemeral port support to natlab.

Work in progress.

Pairing with @danderson.
 2020-07-10 14:32:58 -07:00
Brad Fitzpatrick
ecf5d69c7c net/netcheck: add missing comment asked for in earlier code review 2020-07-08 15:26:56 -07:00
Brad Fitzpatrick
742b8b44a8 net/tsaddr: new package to hold Tailscale-specific IPs/ranges 
And update existing callers with (near) duplicated cases.
 2020-07-06 22:33:29 -07:00
Brad Fitzpatrick
5c6d8e3053 netcheck, tailcfg, interfaces, magicsock: survey UPnP, NAT-PMP, PCP 
Don't do anything with UPnP, NAT-PMP, PCP yet, but see how common they
are in the wild.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-07-06 15:25:35 -07:00
Brad Fitzpatrick
32156330a8 net/interfaces: add func LikelyHomeRouterIP 
For discovering where we might direct NAT-PMP/PCP/UPnP queries at in
the future.
 2020-07-06 10:38:00 -07:00
Brad Fitzpatrick
cf74e9039e net/netcheck: add an informative payload in the netcheck UDP helper packets 
Per comment from @normanr:
0a5ab533c1 (r40401954)

Updates #188
 2020-07-06 09:55:11 -07:00
Brad Fitzpatrick
0a5ab533c1 net/netcheck: send dummy packet out to help airport extreme in hairpin check 
At least the Apple Airport Extreme doesn't allow hairpin
sends from a private socket until it's seen traffic from
that src IP:port to something else out on the internet.

See https://github.com/tailscale/tailscale/issues/188#issuecomment-600728643

And it seems that even sending to a likely-filtered RFC 5737
documentation-only IPv4 range is enough to set up the mapping.
So do that for now. In the future we might want to classify networks
that do and don't require this separately. But for now help it.

I've confirmed that this is enough to fix the hairpin check on Avery's
home network, even using the RFC 5737 IP.

Fixes #188
 2020-07-06 08:24:22 -07:00
Brad Fitzpatrick
2d6e84e19e net/netcheck, wgengine/magicsock: replace more UDPAddr with netaddr.IPPort 2020-06-30 13:25:13 -07:00
Quoc-Viet Nguyen
15a23ce65f net/stun: Remove unreachable code 
- Reuse IP length constants from net package.
- Remove beu16 to make endianness functions consistent.

Signed-off-by: Quoc-Viet Nguyen <afelion@gmail.com>
 2020-06-15 07:55:21 -07:00
Brad Fitzpatrick
deb113838e net/netcheck: use logger.ArgWriter in logConciseReport, fix comma bug, add tests 2020-06-11 21:37:15 -07:00
Brad Fitzpatrick
24009241bf net/netns: move SOCKS dialing to netns for now 
This lets control & logs also use SOCKS dials.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2020-06-01 11:00:03 -07:00
Brad Fitzpatrick
cf0d19f0ab net/tlsdial, derp/derphttp: finish DERPNode.CertName validation 2020-06-01 09:01:37 -07:00
Brad Fitzpatrick
a5d6c9d616 net/netns: optimize defaultRouteInterface a bit 
It'll be called a bunch, so worth a bit of effort. Could go further, but not yet.
(really, should hook into wgengine/monitor and only re-read on netlink changes?)

name                     old time/op    new time/op    delta
DefaultRouteInterface-8    60.8µs ±11%    44.6µs ± 5%  -26.65%  (p=0.000 n=20+19)

name                     old alloc/op   new alloc/op   delta
DefaultRouteInterface-8    3.29kB ± 0%    0.55kB ± 0%  -83.21%  (p=0.000 n=20+20)

name                     old allocs/op  new allocs/op  delta
DefaultRouteInterface-8      9.00 ± 0%      6.00 ± 0%  -33.33%  (p=0.000 n=20+20)
 2020-05-31 15:37:09 -07:00
Brad Fitzpatrick
becce82246 net/netns, misc tests: remove TestOnlySkipPrivilegedOps, argv checks 
The netns UID check is sufficient for now. We can do something else
later if/when needed.
 2020-05-31 14:40:18 -07:00
Brad Fitzpatrick
7a410f9236 net/netns: unindent, refactor to remove some redunant code 
Also:
* always error on Control failing. That's very unexpected.
* pull out sockopt funcs into their own funcs for easier future testing
 2020-05-31 14:29:54 -07:00