Brad Fitzpatrick
b560386c1a
net/packet, wgengine, tstun: add inter-node TSMP protocol for connect errors
...
This adds a new IP Protocol type, TSMP on protocol number 99 for
sending inter-tailscale messages over WireGuard, currently just for
why a peer rejects TCP SYNs (ACL rejection, shields up, and in the
future: nothing listening, something listening on that port but wrong
interface, etc)
Updates #1094
Updates tailscale/corp#1185
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-15 14:03:57 -08:00
Denton Gentry
ac42757cd7
netcheck: use reflect in sortRegions test.
...
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-01-12 04:29:28 -08:00
Denton Gentry
43e060b0e5
netcheck: test sortRegions
...
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-01-12 04:29:28 -08:00
Brad Fitzpatrick
5eeaea9ef9
net/packet: add TCPFlag type and some more constants
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-11 22:09:09 -08:00
Brad Fitzpatrick
ad3fb6125d
net/flowtrack: add Tuple.String method
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-11 22:09:09 -08:00
Brad Fitzpatrick
676b5b7946
net/netcheck: improve the preferred DERP hysteresis
...
Users in Amsterdam (as one example) were flipping back and forth
between equidistant London & Frankfurt relays too much.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-11 14:50:47 -08:00
Brad Fitzpatrick
4d15e954bd
net/flowtrack: add new package to specialize groupcache/lru key type
...
Reduces allocs.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-11 13:08:03 -08:00
Brad Fitzpatrick
66be052a70
net/dnscache: work on IPv6-only hosts (again)
...
This fixes the regression where we had stopped working on IPv6-only
hosts.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-06 19:53:13 -08:00
Josh Bleecher Snyder
1e88050403
net/tsaddr: add ChromeOS contains tests
...
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-12-28 16:48:43 -08:00
David Anderson
cb96b14bf4
net/packet: remove the custom IP4/IP6 types in favor of netaddr.IP.
...
Upstream netaddr has a change that makes it alloc-free, so it's safe to
use in hot codepaths. This gets rid of one of the many IP types in our
codebase.
Performance is currently worse across the board. This is likely due in
part to netaddr.IP being a larger value type (4b -> 24b for IPv4,
16b -> 24b for IPv6), and in other part due to missing low-hanging fruit
optimizations in netaddr. However, the regression is less bad than
it looks at first glance, because we'd micro-optimized packet.IP* in
the past few weeks. This change drops us back to roughly where we
were at the 1.2 release, but with the benefit of a significant
code and architectural simplification.
name old time/op new time/op delta
pkg:tailscale.com/net/packet goos:linux goarch:amd64
Decode/tcp4-8 12.2ns ± 5% 29.7ns ± 2% +142.32% (p=0.008 n=5+5)
Decode/tcp6-8 12.6ns ± 3% 65.1ns ± 2% +418.47% (p=0.008 n=5+5)
Decode/udp4-8 11.8ns ± 3% 30.5ns ± 2% +157.94% (p=0.008 n=5+5)
Decode/udp6-8 27.1ns ± 1% 65.7ns ± 2% +142.36% (p=0.016 n=4+5)
Decode/icmp4-8 24.6ns ± 2% 30.5ns ± 2% +23.65% (p=0.016 n=4+5)
Decode/icmp6-8 22.9ns ±51% 65.5ns ± 2% +186.19% (p=0.008 n=5+5)
Decode/igmp-8 18.1ns ±44% 30.2ns ± 1% +66.89% (p=0.008 n=5+5)
Decode/unknown-8 20.8ns ± 1% 10.6ns ± 9% -49.11% (p=0.016 n=4+5)
pkg:tailscale.com/wgengine/filter goos:linux goarch:amd64
Filter/icmp4-8 30.5ns ± 1% 77.9ns ± 3% +155.01% (p=0.008 n=5+5)
Filter/tcp4_syn_in-8 43.7ns ± 3% 123.0ns ± 3% +181.72% (p=0.008 n=5+5)
Filter/tcp4_syn_out-8 24.5ns ± 2% 45.7ns ± 6% +86.22% (p=0.008 n=5+5)
Filter/udp4_in-8 64.8ns ± 1% 210.0ns ± 2% +223.87% (p=0.008 n=5+5)
Filter/udp4_out-8 119ns ± 0% 278ns ± 0% +133.78% (p=0.016 n=4+5)
Filter/icmp6-8 40.3ns ± 2% 204.4ns ± 4% +407.70% (p=0.008 n=5+5)
Filter/tcp6_syn_in-8 35.3ns ± 3% 199.2ns ± 2% +464.95% (p=0.008 n=5+5)
Filter/tcp6_syn_out-8 32.8ns ± 2% 81.0ns ± 2% +147.10% (p=0.008 n=5+5)
Filter/udp6_in-8 106ns ± 2% 290ns ± 2% +174.48% (p=0.008 n=5+5)
Filter/udp6_out-8 184ns ± 2% 314ns ± 3% +70.43% (p=0.016 n=4+5)
pkg:tailscale.com/wgengine/tstun goos:linux goarch:amd64
Write-8 9.02ns ± 3% 8.92ns ± 1% ~ (p=0.421 n=5+5)
name old alloc/op new alloc/op delta
pkg:tailscale.com/net/packet goos:linux goarch:amd64
Decode/tcp4-8 0.00B 0.00B ~ (all equal)
Decode/tcp6-8 0.00B 0.00B ~ (all equal)
Decode/udp4-8 0.00B 0.00B ~ (all equal)
Decode/udp6-8 0.00B 0.00B ~ (all equal)
Decode/icmp4-8 0.00B 0.00B ~ (all equal)
Decode/icmp6-8 0.00B 0.00B ~ (all equal)
Decode/igmp-8 0.00B 0.00B ~ (all equal)
Decode/unknown-8 0.00B 0.00B ~ (all equal)
pkg:tailscale.com/wgengine/filter goos:linux goarch:amd64
Filter/icmp4-8 0.00B 0.00B ~ (all equal)
Filter/tcp4_syn_in-8 0.00B 0.00B ~ (all equal)
Filter/tcp4_syn_out-8 0.00B 0.00B ~ (all equal)
Filter/udp4_in-8 0.00B 0.00B ~ (all equal)
Filter/udp4_out-8 16.0B ± 0% 64.0B ± 0% +300.00% (p=0.008 n=5+5)
Filter/icmp6-8 0.00B 0.00B ~ (all equal)
Filter/tcp6_syn_in-8 0.00B 0.00B ~ (all equal)
Filter/tcp6_syn_out-8 0.00B 0.00B ~ (all equal)
Filter/udp6_in-8 0.00B 0.00B ~ (all equal)
Filter/udp6_out-8 48.0B ± 0% 64.0B ± 0% +33.33% (p=0.008 n=5+5)
name old allocs/op new allocs/op delta
pkg:tailscale.com/net/packet goos:linux goarch:amd64
Decode/tcp4-8 0.00 0.00 ~ (all equal)
Decode/tcp6-8 0.00 0.00 ~ (all equal)
Decode/udp4-8 0.00 0.00 ~ (all equal)
Decode/udp6-8 0.00 0.00 ~ (all equal)
Decode/icmp4-8 0.00 0.00 ~ (all equal)
Decode/icmp6-8 0.00 0.00 ~ (all equal)
Decode/igmp-8 0.00 0.00 ~ (all equal)
Decode/unknown-8 0.00 0.00 ~ (all equal)
pkg:tailscale.com/wgengine/filter goos:linux goarch:amd64
Filter/icmp4-8 0.00 0.00 ~ (all equal)
Filter/tcp4_syn_in-8 0.00 0.00 ~ (all equal)
Filter/tcp4_syn_out-8 0.00 0.00 ~ (all equal)
Filter/udp4_in-8 0.00 0.00 ~ (all equal)
Filter/udp4_out-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
Filter/icmp6-8 0.00 0.00 ~ (all equal)
Filter/tcp6_syn_in-8 0.00 0.00 ~ (all equal)
Filter/tcp6_syn_out-8 0.00 0.00 ~ (all equal)
Filter/udp6_in-8 0.00 0.00 ~ (all equal)
Filter/udp6_out-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-12-22 14:44:36 -08:00
Brad Fitzpatrick
d0baece5fa
go.mod: bump inet.af/netaddr to non-allocating version
2020-12-22 14:25:32 -08:00
Brad Fitzpatrick
053a1d1340
all: annotate log verbosity levels on most egregiously spammy log prints
...
Fixes #924
Fixes #282
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-12-21 12:59:33 -08:00
David Anderson
baa7937998
net/interfaces: return IPv6 addresses from LocalAddresses.
...
In practice, we already provide IPv6 endpoint addresses via netcheck,
and that address is likely to match a local address anyway (i.e. no NAT66).
The comment at that piece of the code mentions needing to figure out a
good priority ordering, but that only applies to non-active-discovery
clients, who already don't do anything with IPv6 addresses.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-12-19 13:50:44 -08:00
David Anderson
aa353b8d0f
net/packet: add an IP6 constructor from a raw byte array.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-12-19 13:50:44 -08:00
Josh Bleecher Snyder
a6cad71fb2
go.mod: upgrade staticcheck to 0.1.0
...
Also run go.mod and fix some staticcheck warnings.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-12-14 14:01:29 -08:00
Brad Fitzpatrick
08f94b3b50
net/netcheck: fix offset of unspecified address in PCP request packet
...
Fixes #810
2020-12-08 15:22:26 -08:00
Brad Fitzpatrick
05e5233e07
net/netcheck: don't send flood of PCP unmap requests to router
...
Updates #810
2020-12-06 19:46:11 -08:00
Josh Bleecher Snyder
1ebbaaaebb
net/interfaces: make syscall and netstat agree when multiple gateways are present
...
likelyHomeRouterIPDarwinSyscall iterates through the list of routes,
looking for a private gateway, returning the first one it finds.
likelyHomeRouterIPDarwinExec does the same thing,
except that it returns the last one it finds.
As a result, when there are multiple gateways,
TestLikelyHomeRouterIPSyscallExec fails.
(At least, I think that that is what is happening;
I am going inferring from observed behavior.)
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-11-19 12:14:58 -08:00
Brad Fitzpatrick
5d96ecd5e6
net/netstat: remove a bit more unsafe
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-11-17 13:49:24 -08:00
David Anderson
3c508a58cc
wgengine/filter: don't filter GCP DNS.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-16 14:08:27 -08:00
Brad Fitzpatrick
7a01cd27ca
net/netstat: remove some unsafe
...
Just removing any unnecessary unsafe while auditing unsafe usage for #921 .
2020-11-14 21:24:09 -08:00
Brad Fitzpatrick
45d96788b5
net/netns: remove use of unsafe on Windows
...
Found while auditing unsafe for #921 via the list at:
https://github.com/tailscale/tailscale/issues/921#issuecomment-727365383
No need for unsafe here, so remove it.
2020-11-14 19:53:10 -08:00
Josh Bleecher Snyder
b0526e8284
net/packet: remove unnecessary mark
...
There's no need to mask out the bottom four bits
of b[0] if we are about to shift them away.
2020-11-13 18:31:38 -08:00
Josh Bleecher Snyder
efad55cf86
net/packet: speed up packet decoding
...
The compiler is failing to draw the connection between
slice cap and slice len, so is missing some obvious BCE opportunities.
Give it a hint by making the cap equal to the length.
The generated code is smaller and cleaner, and a bit faster.
name old time/op new time/op delta
Decode/tcp4-8 12.2ns ± 1% 11.6ns ± 3% -5.31% (p=0.000 n=28+29)
Decode/tcp6-8 12.5ns ± 2% 11.9ns ± 2% -4.84% (p=0.000 n=30+30)
Decode/udp4-8 11.5ns ± 1% 11.1ns ± 1% -3.11% (p=0.000 n=25+24)
Decode/udp6-8 11.8ns ± 3% 11.4ns ± 1% -3.08% (p=0.000 n=30+26)
Decode/icmp4-8 11.0ns ± 3% 10.6ns ± 1% -3.38% (p=0.000 n=25+30)
Decode/icmp6-8 11.4ns ± 1% 11.1ns ± 2% -2.29% (p=0.000 n=27+30)
Decode/igmp-8 10.3ns ± 0% 10.0ns ± 1% -3.26% (p=0.000 n=19+23)
Decode/unknown-8 8.68ns ± 1% 8.38ns ± 1% -3.55% (p=0.000 n=28+29)
2020-11-13 18:31:38 -08:00
David Anderson
2d604b3791
net/packet: represent IP6 as two uint64s.
...
For the operations we perform on these types (mostly net6.Contains),
this encoding is much faster.
Part of #19 .
name old time/op new time/op delta
Filter/icmp4-8 27.5ns ± 1% 28.0ns ± 2% +1.89% (p=0.016 n=5+5)
Filter/tcp4_syn_in-8 38.8ns ± 2% 38.3ns ± 1% -1.24% (p=0.024 n=5+5)
Filter/tcp4_syn_out-8 27.6ns ±12% 24.6ns ± 1% ~ (p=0.063 n=5+5)
Filter/udp4_in-8 71.5ns ± 5% 65.9ns ± 1% -7.94% (p=0.008 n=5+5)
Filter/udp4_out-8 132ns ±13% 119ns ± 1% -10.29% (p=0.008 n=5+5)
Filter/icmp6-8 169ns ±10% 54ns ± 1% -68.35% (p=0.008 n=5+5)
Filter/tcp6_syn_in-8 149ns ± 6% 43ns ± 1% -71.11% (p=0.008 n=5+5)
Filter/tcp6_syn_out-8 37.7ns ± 4% 24.3ns ± 3% -35.51% (p=0.008 n=5+5)
Filter/udp6_in-8 179ns ± 5% 103ns ± 1% -42.75% (p=0.008 n=5+5)
Filter/udp6_out-8 156ns ± 3% 191ns ± 1% +22.54% (p=0.008 n=5+5)
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-12 21:41:21 -08:00
David Anderson
04ff3c91ee
wgengine/filter: add full IPv6 support.
...
Part of #19 .
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-12 21:41:15 -08:00
Brad Fitzpatrick
a2d78b4d3e
net/dnscache, control/controlclient: use DNS cache when dialing control
...
Cache DNS results of earlier login.tailscale.com control dials, and use
them for future dials if DNS is slow or broken.
Fixes various issues with trickier setups with the domain's DNS server
behind a subnet router.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-11-11 12:50:04 -08:00
Brad Fitzpatrick
97e82c6cc0
net/netcheck: remove unused DNSCache from netcheck
...
It's easy to add back later if/when the TODO is implemented.
2020-11-11 11:52:35 -08:00
Brad Fitzpatrick
19b0cfe89e
all: prepare for GOOS=ios in Go 1.16
...
Work with either way for now on iOS (darwin/arm64 vs ios/arm64).
In February when Go 1.16 comes out we'll have a universal binary for
darwin/arm64 (macOS) and will drop support for Go 1.15 and its
darwin/amd64 meaning iOS. (it'll mean macOS).
Context:
* https://tip.golang.org/doc/go1.16#darwin
* https://github.com/golang/go/issues/38485
* https://github.com/golang/go/issues/42100
2020-11-11 09:17:04 -08:00
David Anderson
a38e28da07
net/packet: documentation pass.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-10 22:29:00 -08:00
David Anderson
c2cc3acbaf
net/packet: remove NewIP, offer only a netaddr constructor.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-10 22:03:47 -08:00
David Anderson
d7ee3096dd
net/packet: documentation cleanups.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-10 21:12:55 -08:00
David Anderson
9ef39af2f2
net/packet: fix panic on invalid IHL field.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-10 20:23:54 -08:00
David Anderson
22bf48f37c
net/packet: remove {get,put}{16,32} indirection to encoding/binary.
...
name old time/op new time/op delta
Decode/tcp4-8 28.8ns ± 2% 13.1ns ± 4% -54.44% (p=0.008 n=5+5)
Decode/tcp6-8 20.6ns ± 1% 12.6ns ± 2% -38.72% (p=0.008 n=5+5)
Decode/udp4-8 28.2ns ± 1% 12.1ns ± 4% -57.01% (p=0.008 n=5+5)
Decode/udp6-8 20.0ns ± 6% 12.1ns ± 2% -39.38% (p=0.008 n=5+5)
Decode/icmp4-8 21.7ns ± 2% 11.5ns ± 1% -47.01% (p=0.008 n=5+5)
Decode/icmp6-8 14.1ns ± 2% 11.8ns ± 4% -16.60% (p=0.008 n=5+5)
Decode/unknown-8 9.43ns ± 2% 9.30ns ± 3% ~ (p=0.222 n=5+5)
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-10 20:23:54 -08:00
David Anderson
55b1221db2
net/packet: support full IPv6 decoding.
...
The packet filter still rejects all IPv6, but decodes enough from v6
packets to do something smarter in a followup.
name time/op
Decode/tcp4-8 28.8ns ± 2%
Decode/tcp6-8 20.6ns ± 1%
Decode/udp4-8 28.2ns ± 1%
Decode/udp6-8 20.0ns ± 6%
Decode/icmp4-8 21.7ns ± 2%
Decode/icmp6-8 14.1ns ± 2%
Decode/unknown-8 9.43ns ± 2%
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-10 20:23:54 -08:00
David Anderson
89894c6930
net/packet: add IPv6 source and destination IPs to Parsed.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-10 20:23:54 -08:00
Brad Fitzpatrick
d192bd0f86
net/interfaces: ignore bogus proxy URLs from winhttp [windows]
...
Updates tailscale/corp#853
2020-11-10 11:30:18 -08:00
David Anderson
6e52633c53
net/packet: record allocations in benchmark.
2020-11-10 02:19:55 -08:00
David Anderson
093431f5dd
net/packet: s/ParsedPacket/Parsed/ to avoid package stuttering.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-09 23:52:54 -08:00
David Anderson
427bf2134f
net/packet: rename from wgengine/packet.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-11-09 16:25:24 -08:00
Brad Fitzpatrick
1036f51a56
net/tshttpproxy: aggressively rate-limit error logs in Transport.Proxy path
...
Otherwise log upload HTTP requests generate proxy errrors which
generate logs which generate HTTP requests which generate proxy
errors which generate more logs, etc.
Fixes #879
2020-11-03 09:23:57 -08:00
Brad Fitzpatrick
7ac91c15bd
net/netcheck: fix tests on Windows
...
Updates #50
2020-10-28 09:10:35 -07:00
Brad Fitzpatrick
fd2a30cd32
wgengine/magicsock: make test pass on Windows and without firewall dialog box
...
Updates #50
2020-10-28 09:02:08 -07:00
David Anderson
5c35c35e7f
tsaddr: add helpers for the Tailscale IPv6 range, and 4to6 conversion.
...
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-10-15 15:15:24 -07:00
Brad Fitzpatrick
551e1e99e9
net/netns: don't bind to device for localhost connections
...
Fixes derphttp test failures on Windows (for #50 ).
2020-10-13 15:24:07 -07:00
Alex Brainman
f2ce64f0c6
wgengine/router: unfork winipcfg-go package, use upstream
...
Use golang.zx2c4.com/wireguard/windows/tunnel/winipcfg
instead of github.com/tailscale/winipcfg-go package.
Updates #760
Signed-off-by: Alex Brainman <alex.brainman@gmail.com>
2020-10-13 09:21:22 -07:00
Brad Fitzpatrick
6ee219a25d
ipn, wgengine, magicsock, tsdns: be quieter and less aggressive when offline
...
If no interfaces are up, calm down and stop spamming so much. It was
noticed as especially bad on Windows, but probably was bad
everywhere. I just have the best network conditions testing on a
Windows VM.
Updates #604
2020-10-06 15:26:53 -07:00
Brad Fitzpatrick
587bdc4280
ipn, wgengine: disable subnet routes if network has PAC configuration
...
Not configurable yet.
Updates tailscale/corp#653
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-10-05 21:04:23 -07:00
Brad Fitzpatrick
ed5d5f920f
net/interfaces: add interfaces.State.String method
2020-10-02 12:15:05 -07:00
Brad Fitzpatrick
cab3eb995f
net/interfaces: quiet PAC detection logging in no-PAC case, add benchmark
2020-10-01 22:02:39 -07:00