This sets a default packet filter that blocks all incoming requests,
giving end users more control over who can get into their machine, even
if the admin hasn't set any central ACLs.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
- Reset() was not including a Version field, so was getting rejected;
the Logout operation no longer happened when the client got disconnected.
- Don't crash if we can't decode 0-byte messages, which I suspect might
sometimes come through on EOF.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
The tests cheat at filling out web forms by directly POSTing to
the target. The target for authURLs has changed slightly, the base
authURL now redirects the user to the login page.
Additionally, the authURL cycle now checks the cookie is set
correctly, so we add cookie jars where necessary to pass the
cookie through.
Use this when making the ipn state transition from Starting to
Running. This way a network of quiet nodes with no active
handshaking will still transition to Active.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
I noticed portlist when looking at some profiles and hadn't looked at
the code much before. This is a first pass over it. It allocates a
fair bit. More love remains, but this does a bit:
name old time/op new time/op delta
GetList-8 9.92ms ± 8% 9.64ms ±12% ~ (p=0.247 n=10+10)
name old alloc/op new alloc/op delta
GetList-8 931kB ± 0% 869kB ± 0% -6.70% (p=0.000 n=10+10)
name old allocs/op new allocs/op delta
GetList-8 4.59k ± 0% 3.69k ± 1% -19.71% (p=0.000 n=10+10)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This removes the need for go-cmp, which is extremely bloaty so we had
to leave it out of iOS. As a result, we had also left it out of macOS,
and so we didn't print netmap diffs at all on darwin-based platforms.
Oops.
As a bonus, the output format of the new function is way better.
Minor oddity: because I used the dumbest possible diff algorithm, the
sort order is a bit dumb. We print all "removed" lines and then print
all "added" lines, rather than doing the usual diff-like thing of
interspersing them. This probably doesn't matter (maybe it's an
improvement).
We weren't setting UsePacketFilter, so the synthetic ping packets
used to establish a connection were never being sent.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
* adds new packet "netcheck" to do the checking of UDP, IPv6, and
nearest DERP server, and the Report type for all that (and more
in the future, probably pulling in danderson's natprobe)
* new tailcfg.NetInfo type
* cmd/tailscale netcheck subcommand (tentative name, likely to
change/move) to print out the netcheck.Report.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>