Commit Graph

80 Commits

Author SHA1 Message Date
Avery Pennarun
d7429b9a8d Add prefs.ShieldsUp and --shields-up option.
This sets a default packet filter that blocks all incoming requests,
giving end users more control over who can get into their machine, even
if the admin hasn't set any central ACLs.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
Avery Pennarun
dbc1f71e5d ipn/message: fix some message encoding problems.
- Reset() was not including a Version field, so was getting rejected;
  the Logout operation no longer happened when the client got disconnected.

- Don't crash if we can't decode 0-byte messages, which I suspect might
  sometimes come through on EOF.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
David Anderson
0038223632 tstest: rename from testy.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-04-28 20:45:12 -07:00
Brad Fitzpatrick
e1526b796e ipn: don't listen on the unspecified address in test
To avoid the Mac firewall dialog of (test) death.

See 4521a59f30
which I added to help debug this.
2020-04-28 19:20:02 -07:00
David Crawshaw
d2b7cb1e45 ipn, controlclient: add control.New parameter
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-04-29 08:06:06 +10:00
Brad Fitzpatrick
f4c7eb8c44 ipn: revert part of 18017f7630
In retrospect I don't trust it and I'm afraid might've caused some Mac flakiness.
I'd like more tests here before I work on this.

Updates #288
2020-04-28 14:04:45 -07:00
Brad Fitzpatrick
18017f7630 ipn, wgengine/magicsock: be more idle when in Stopped state with no peers
(Previously as #288, but with some more.)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-28 13:41:29 -07:00
Brad Fitzpatrick
45f2b53aca all: remove unnecessary trailing newlines in format patterns for consistency
And document on logger.Logf that it's unnecessary.
2020-04-11 08:35:34 -07:00
Brad Fitzpatrick
3a3b64301e wgengine: quiet some engine reconfig logging, make more consistent
Updates #282

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-10 13:53:01 -07:00
Brad Fitzpatrick
b24029717b ipn: outdent some code in if that's statically always true 2020-04-10 07:52:30 -07:00
David Crawshaw
1747d099e9 ipn: add auth key
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-04-09 20:17:09 +10:00
Brad Fitzpatrick
8ca796d144 ipn, ipn/policy: filter portlist to a short list of "interesting" ports
Adds new package ipn/policy to be shared between node client & control server.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-01 10:03:44 -07:00
David Crawshaw
0590ad68be controlclient, ipn: adjust tests for authURL semantic changes
The tests cheat at filling out web forms by directly POSTing to
the target. The target for authURLs has changed slightly, the base
authURL now redirects the user to the login page.

Additionally, the authURL cycle now checks the cookie is set
correctly, so we add cookie jars where necessary to pass the
cookie through.
2020-03-30 15:51:46 +11:00
Brad Fitzpatrick
a4ef345737 cmd/tailscale: add status subcommand
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-27 20:34:36 -07:00
Brad Fitzpatrick
f51f18b42b ipn: move FakeBackend to a test-only file 2020-03-27 13:02:33 -07:00
Brad Fitzpatrick
322499473e cmd/tailscaled, wgengine, ipn: add /debug/ipn handler with world state
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-26 14:26:24 -07:00
Avery Pennarun
f53e78e0d5 wgengine: don't lose filter state on filter reconfig.
We were abandoning the UDP port LRU every time we got a new packet
filter from tailcontrol, which caused return packets to suddenly stop
arriving.
2020-03-25 04:52:41 -04:00
Avery Pennarun
4336de0d98 ipn/local: don't print packet filter every single time.
It's extremely noisy right now for domains with complex ACLs.
2020-03-25 04:52:41 -04:00
Brad Fitzpatrick
7740cbd8d9 ipn: call SetNetInfoCallback later, in Start
It was being called back into ultimately from magicsock before there
was a control client.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-23 22:19:40 -07:00
Brad Fitzpatrick
51b669e4bd ipn: skip tailscaled UDP ports in service list 2020-03-19 19:56:02 -07:00
David Crawshaw
addbdce296 wgengine, ipn: include number of active DERPs in status
Use this when making the ipn state transition from Starting to
Running. This way a network of quiet nodes with no active
handshaking will still transition to Active.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-19 17:55:16 +11:00
David Crawshaw
5a0822eefd controlclient, ipn: fix tests for new control param 2020-03-18 08:35:34 +11:00
Brad Fitzpatrick
e085aec8ef all: update to wireguard-go API changes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-17 08:53:05 -07:00
Brad Fitzpatrick
120273d7f6 portlist: document, clean up, fix an open fd spike, optimize a bit
I noticed portlist when looking at some profiles and hadn't looked at
the code much before. This is a first pass over it. It allocates a
fair bit. More love remains, but this does a bit:

name       old time/op    new time/op    delta
GetList-8    9.92ms ± 8%    9.64ms ±12%     ~     (p=0.247 n=10+10)

name       old alloc/op   new alloc/op   delta
GetList-8     931kB ± 0%     869kB ± 0%   -6.70%  (p=0.000 n=10+10)

name       old allocs/op  new allocs/op  delta
GetList-8     4.59k ± 0%     3.69k ± 1%  -19.71%  (p=0.000 n=10+10)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-13 21:06:41 -07:00
Brad Fitzpatrick
42e98d4edc Quiet two little log annoyances. 2020-03-13 09:42:09 -07:00
Avery Pennarun
b23cb11eaf ipn: Prefs.String(): print the current derp setting. 2020-03-13 00:43:19 -04:00
David Anderson
aeb88864e0 ipn: don't clobber netinfo in Start(). 2020-03-12 21:39:01 -07:00
Avery Pennarun
b4897e7de8 controlclient/netmap: write our own b.ConciseDiffFrom(a) function.
This removes the need for go-cmp, which is extremely bloaty so we had
to leave it out of iOS. As a result, we had also left it out of macOS,
and so we didn't print netmap diffs at all on darwin-based platforms.
Oops.

As a bonus, the output format of the new function is way better.

Minor oddity: because I used the dumbest possible diff algorithm, the
sort order is a bit dumb. We print all "removed" lines and then print
all "added" lines, rather than doing the usual diff-like thing of
interspersing them. This probably doesn't matter (maybe it's an
improvement).
2020-03-12 23:01:08 -04:00
David Crawshaw
57f220656c ipn: search for ErrStateNotExist with errors.Is
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-12 08:44:24 -04:00
Brad Fitzpatrick
39c0ae1dba derp/derpmap: new DERP config package, merge netcheck into magicsock more
Fixes #153
Updates #162
Updates #163

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-10 10:37:25 -07:00
David Crawshaw
5f2a17482b ipn: when enforcing defaults, set UsePacketFilter=true
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-09 14:58:20 -04:00
David Crawshaw
f5e0407e97 ipn: exercise logout in e2e test
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-08 09:03:27 -04:00
David Crawshaw
1dee36a984 ipn: put e2e login section in its own subtest
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-08 09:03:27 -04:00
David Crawshaw
66505358c0 ipn: move e2e test skipping into subtests
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-08 09:03:07 -04:00
David Crawshaw
5562fae9f0 ipn: use NewPrefs in e2e_test
We weren't setting UsePacketFilter, so the synthetic ping packets
used to establish a connection were never being sent.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-06 14:43:24 -05:00
Brad Fitzpatrick
eac62ec5ff ipn, wgengine/magicsock: add ipn.Prefs.DisableDERP bool
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-04 12:53:37 -08:00
Brad Fitzpatrick
b27d4c017a magicsock, wgengine, ipn, controlclient: plumb regular netchecks to map poll
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-04 08:19:45 -08:00
Brad Fitzpatrick
4cf5ac3060 ipn/ipnserver: remove unnecessary closure parameter 2020-03-03 19:38:01 -08:00
Brad Fitzpatrick
68ff31a0ba ipn: have NewFileStore try to create directories as needed 2020-03-03 11:51:44 -08:00
Brad Fitzpatrick
06092a3af3 ipn/ipnserver: document potential race, start on test for it 2020-03-03 09:15:11 -08:00
Brad Fitzpatrick
ef1f967ec0 ipn: remove an unnecessary named parameter in doc 2020-03-03 08:05:11 -08:00
Brad Fitzpatrick
657f9593ae Reduce some logspam. 2020-03-02 14:55:12 -08:00
David Crawshaw
d133339216 ipn: always guard LocalBackend.prefs with mu
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-28 21:54:22 -05:00
Brad Fitzpatrick
bcf3719b9e netcheck: add hairpinning detection
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-28 14:26:51 -08:00
David Crawshaw
cdc10b74f1 ipn: always guard LocalBackend.endpoints with mu
For #112

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-28 15:13:01 -05:00
David Crawshaw
3425d8d84f ipn: always guard LocalBackend.engineStatus with mu
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-28 14:58:52 -05:00
David Crawshaw
e7cdc11654 ipn: always guard LocalBackend.netMapCache with mu
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-28 14:39:36 -05:00
Brad Fitzpatrick
25797c8c2a all: rename deep "Copy" methods to conventional Go name "Clone" 2020-02-27 12:20:29 -08:00
Brad Fitzpatrick
14559340ee Start of netcheck package & including network state in Hostinfo.
* adds new packet "netcheck" to do the checking of UDP, IPv6, and
  nearest DERP server, and the Report type for all that (and more
  in the future, probably pulling in danderson's natprobe)
* new tailcfg.NetInfo type
* cmd/tailscale netcheck subcommand (tentative name, likely to
  change/move) to print out the netcheck.Report.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-27 11:05:27 -08:00
Brad Fitzpatrick
eefafad9f8 ipn: fix some mutex/ownership issues
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 14:07:43 -08:00