Commit Graph

7080 Commits

Author SHA1 Message Date
Avery Pennarun
d6c34368e8 ipn/local: differentiate Shields Up from Uninitialized in logs.
We were printing "Shields Up" when the netmap wasn't initialized yet,
which while technically effectively true, turned out to be confusing
when trying to debug things.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-30 04:56:36 -04:00
Avery Pennarun
64db026c8b backoff: add a LogLongerThan configuration.
Some programs use frequent short-duration backoffs even under non-error
conditions. They can set this to avoid logging short backoffs when
things are operating normally, but still get messages when longer
backoffs kick in.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:41:39 -04:00
Avery Pennarun
ced9b4008a ipn: clear the hostinfo.Services list when prefs.ShieldsUp==true.
When shields are up, no services are available to connect to, so hide
them all. This will also help them disappear from the UI menu on
other nodes.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
Avery Pennarun
d7429b9a8d Add prefs.ShieldsUp and --shields-up option.
This sets a default packet filter that blocks all incoming requests,
giving end users more control over who can get into their machine, even
if the admin hasn't set any central ACLs.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
Avery Pennarun
85e675940d wgengine/filter: allow ICMP response packets.
Longer term, we should probably update the packet filter to be fully
stateful, for both TCP and ICMP. That is, only ICMP packets related to
a session *we* initiated should be allowed back in. But this is
reasonably secure for now, since wireguard is already trimming most
traffic. The current code would not protect against eg. Ping-of-Death style
attacks from VPN nodes.

Fixes tailscale/tailscale#290.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
Avery Pennarun
dbc1f71e5d ipn/message: fix some message encoding problems.
- Reset() was not including a Version field, so was getting rejected;
  the Logout operation no longer happened when the client got disconnected.

- Don't crash if we can't decode 0-byte messages, which I suspect might
  sometimes come through on EOF.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
David Crawshaw
2372530964 logtail/backoff: only log backoffs > 2sec
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-04-29 17:41:48 +10:00
David Anderson
0038223632 tstest: rename from testy.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-28 20:45:12 -07:00
Brad Fitzpatrick
e1526b796e ipn: don't listen on the unspecified address in test
To avoid the Mac firewall dialog of (test) death.

See 4521a59f30
which I added to help debug this.
2020-04-28 19:20:02 -07:00
David Crawshaw
d2b7cb1e45 ipn, controlclient: add control.New parameter
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-04-29 08:06:06 +10:00
Brad Fitzpatrick
f4c7eb8c44 ipn: revert part of 18017f7630
In retrospect I don't trust it and I'm afraid might've caused some Mac flakiness.
I'd like more tests here before I work on this.

Updates #288
2020-04-28 14:04:45 -07:00
Brad Fitzpatrick
18017f7630 ipn, wgengine/magicsock: be more idle when in Stopped state with no peers
(Previously as #288, but with some more.)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-28 13:41:29 -07:00
David Anderson
66c7875974 control/controlclient: wait for c1 to receive a netmap.
This strictly sequences things such that c1 is fully registered in
the control server before c2 creates its poll. Failure to do this
can cause an inversion where c2's poll finishes establishing
before c1's poll starts, which results in c2 getting disconnected
rather than c1, and the test times out waiting for c1 to get kicked.

Fixes #98.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-27 23:06:02 -07:00
David Anderson
cbb1e2e853 control/controlclient: document test TestClientsReusingKeys.
The test is straightforward, but it's a little perplexing if you're
not overly familiar with controlclient.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-27 22:48:40 -07:00
fgergo
8296c934ac Update ifconfig_windows.go
OLE calls sometimes unexpectedly fail, but retries can succeed. Change panic() to return errors. This way ConfigureInterface() retries can succeed.
2020-04-27 19:57:57 -07:00
David Anderson
9669b85b41 wgengine/magicsock: wait for endpoint updater goroutine when closing.
Fixes #204.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-27 14:46:10 -07:00
Elias Naur
ad0795efc2 net/dnscache: don't use the Go resolver on Android
The local resolver is not available for apps on Android.

Signed-off-by: Elias Naur <mail@eliasnaur.com>
2020-04-27 12:04:39 -07:00
Brad Fitzpatrick
a464439658 control/controlclient: fix build break caused by overzealous gitting 2020-04-27 08:18:35 -07:00
Brad Fitzpatrick
2244cca5ff net/tlsdial: update package doc to say it's now somewhat useless 2020-04-27 08:17:18 -07:00
Brad Fitzpatrick
58e83d8f66 tempfork/x509: moved to tailscale/go's crypto/x509 instead 2020-04-27 08:14:54 -07:00
Brad Fitzpatrick
172d72a060 Revert "net/tlsdial: add memory-optimized TLS cert verification path for iOS"
This reverts commit 6fcbd4c4d4.

Decided to put it in tailscale/go's crypto/x509 instead.
2020-04-27 08:13:37 -07:00
Brad Fitzpatrick
5d67365cc9 logtail: add PrivateID.IsZero method 2020-04-27 07:33:23 -07:00
Brad Fitzpatrick
9497921f52 logpolicy: also set up TLS dialing (for iOS) for log uploads
This was the last of the three places that do TLS from clients (logs,
control, derp). With this, iOS should be able to use the
memory-efficient x509 root CertPool.
2020-04-26 08:31:14 -07:00
Brad Fitzpatrick
c726c1eec9 logtail: add const DefaultHost with default server name 2020-04-26 08:31:07 -07:00
Brad Fitzpatrick
1a0f6fea58 go.mod, go.sum: bump wireguard-go, tidy 2020-04-26 08:06:06 -07:00
Brad Fitzpatrick
95a658e1e3 control/controlclient: also rename HTTPC in the tests 2020-04-26 07:51:54 -07:00
Brad Fitzpatrick
eb6de2bd88 control/controlclient: restore Options.HTTPC as Options.HTTPTestClient
I removed the HTTPC field in b6fa5a69be but it was apparently still
used in [oss-skipped] tests.

Restore it, but name it so it's more obvious that it's only for
tests. (It currently is, and I'd like to keep it like that for now.)
2020-04-26 07:48:26 -07:00
Brad Fitzpatrick
6fcbd4c4d4 net/tlsdial: add memory-optimized TLS cert verification path for iOS
Behind a build tag for now.
2020-04-25 13:55:51 -07:00
Brad Fitzpatrick
b6fa5a69be net/tlsdial: add package for TLS dials, and make DERP & controlclient use it
This will do the iOS-optimized cert checking in a following change.
2020-04-25 13:24:53 -07:00
Brad Fitzpatrick
d427fc023e tempfork/x509: remove the bundle tag in our fork
We want to be able to omit from only one (not both)
2020-04-25 10:00:10 -07:00
Brad Fitzpatrick
28c632c97b tempfork/x509: store certs for iOS compressed in binary, parse lazily 2020-04-25 08:54:01 -07:00
Brad Fitzpatrick
8fd8fc9c7d tempfork/x509: fix build on darwin and windows
These fixes were originally in the updates to CL 229917 after
Trybots failed there.
See https://go-review.googlesource.com/c/go/+/229917/1..3
2020-04-25 08:03:10 -07:00
Brad Fitzpatrick
bfc1261ab6 crypto/x509: keep smaller root cert representation in memory until needed
(from patchset 1, c12c890c64dd6372b3893af1e6f5ab11802c9e81, of
https://go-review.googlesource.com/c/go/+/230025/1, with merges fixes
due to parent commit's differents from its ps1..ps3)

Instead of parsing the PEM files and then storing the *Certificate
values forever, still parse them to see if they're valid and pick out
some fields, but then only store the decoded pem.Block.Bytes until
that cert is first needed.

Saves about 500K of memory on my (Debian stable) machine after doing a
tls.Dial or calling x509.SystemCertPool.

A more aggressive version of this is still possible: we can not keep
the pem.Block.Bytes in memory either, and re-read them from disk when
necessary. But dealing with files disappearing and even large
multi-cert PEM files changing (with offsets sliding around) made this
conservative version attractive. It doesn't change the
slurp-roots-on-startup semantics. It just does so with less memory
retained.

Change-Id: I3aea333f4749ae3b0026042ec3ff7ac015c72204
2020-04-24 21:27:48 -07:00
Brad Fitzpatrick
f5993f2440 crypto/x509: add support for CertPool to load certs lazily
(from patchset 1, 7cdc3c3e7427c9ef69e19224d6036c09c5ea1723, of
https://go-review.googlesource.com/c/go/+/229917/1)

This will allow building CertPools that consume less memory. (Most
certs are never accessed. Different users/programs access different
ones, but not many.)

This CL only adds the new internal mechanism (and uses it for the
old AddCert) but does not modify any existing root pool behavior.
(That is, the default Unix roots are still all slurped into memory as
of this CL)

Change-Id: Ib3a42e4050627b5e34413c595d8ced839c7bfa14
2020-04-24 21:27:48 -07:00
Brad Fitzpatrick
6b232b5a79 Disable staticcheck for tempfork packages. 2020-04-24 20:46:06 -07:00
Numerous Gophers
3bab226299 Add fork of Go 1.15-dev's crypto/x509
Snapshotted from Go commit 619c7a48a38b28b521591b490fd14ccb7ea5e821
(https://go-review.googlesource.com/c/go/+/229762,
"crypto/x509: add x509omitbundledroots build tag to not embed roots")

With 975c01342a25899962969833d8b2873dc8856a4f
(https://go-review.googlesource.com/c/go/+/220721) removed, because it
depends on other stuff in Go std that doesn't yet exist in a Go
release.

Also, add a subset fork of Go's internal/testenv, for use by x509's tests.
2020-04-24 20:19:41 -07:00
Elias Naur
2dac4f2b24 wgengine/monitor: disable monitor on Android
Netlink is not supported on Android.

Signed-off-by: Elias Naur <mail@eliasnaur.com>
2020-04-24 06:35:31 -07:00
David Anderson
eccae0cd0c tsweb: add ReturnHandlerFunc.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-22 15:34:28 -07:00
Brad Fitzpatrick
0a50ecbad3 control/controlclient: add missing vlog, for consistency with other sites 2020-04-21 15:36:46 -07:00
Brad Fitzpatrick
b8594dc937 control/controlclient: fix deadlock in timeout+keepalive race
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-21 15:22:58 -07:00
wardn
d052586da7 cmd/taillogin: delete it
Signed-off-by: wardn <wardn@users.noreply.github.com>
2020-04-19 21:40:52 -07:00
David Anderson
108e3af76f github: use Go 1.14 in CI.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-19 14:46:24 -07:00
Brad Fitzpatrick
268d331cb5 wgengine/magicsock: prune key.Public-keyed on peer removals
Fixes #215
2020-04-18 08:48:01 -07:00
Brad Fitzpatrick
00d053e25a wgengine/magicsock: fix slow memory leak as peer endpoints move around
Updates #215
2020-04-18 08:28:10 -07:00
Brad Fitzpatrick
7fc97c5493 wgengine/magicsock: use netaddr more
In prep for deleting from the ever-growing maps.
2020-04-17 15:15:42 -07:00
Brad Fitzpatrick
6fb30ff543 wgengine/magicsock: start using inet.af/netaddr a bit 2020-04-17 13:51:52 -07:00
David Anderson
42e62a7eb2 testy: fix clock initialization when Start is provided.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-17 13:20:09 -07:00
David Anderson
ccfc4e0634 go.mod: bump wireguard-go version.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-16 12:53:58 -07:00
David Anderson
afbfe4f217 wgengine: drop wireguard MTU to 1280 bytes.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-14 16:36:28 -07:00
David Anderson
b925e18f70 tstime: hand-implement parseInt for specific needs of rfc3339 parsing.
Makes parsing 4.6x faster.

name         old time/op  new time/op  delta
ParseInt-12  32.1ns ± 1%   6.9ns ± 2%  -78.55%  (p=0.000 n=10+9)

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-14 12:36:55 -07:00