David Anderson
da4cc8bbb4
net/dns: handle all possible translations of high-level DNS config.
...
With this change, all OSes can sort-of do split DNS, except that the
default upstream is hardcoded to 8.8.8.8 pending further plumbing.
Additionally, Windows 8-10 can do split DNS fully correctly, without
the 8.8.8.8 hack.
Part of #953 .
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-04-07 15:40:31 -07:00
Brad Fitzpatrick
939861773d
net/tstun: accept peerapi connections through the filter
...
Fixes tailscale/corp#1545
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-07 12:29:20 -07:00
Brad Fitzpatrick
950fc28887
ipn, paths, cmd/tailscaled: remove LegacyConfigPath, relaynode migration
...
It is time.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-07 10:15:45 -07:00
Brad Fitzpatrick
d581ee2536
ipn: remove Options.HTTPTestClient, move to LocalBackend
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-07 09:20:51 -07:00
Brad Fitzpatrick
50b309c1eb
ipn/localapi, cmd/tailscale: add API to get prefs, CLI debug command to show
...
Updates #1436
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-07 08:28:11 -07:00
Brad Fitzpatrick
799973a68d
ipn: move Options.Notify to its own method
...
We already had SetNotifyCallback elsewhere on controlclient, so use
that name.
Baby steps towards some CLI refactor work.
Updates tailscale/tailscale#1436
2021-04-06 22:12:40 -07:00
Brad Fitzpatrick
d488678fdc
cmd/tailscaled, wgengine{,/netstack}: add netstack hybrid mode, add to Windows
...
For #707
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-06 21:37:28 -07:00
Brad Fitzpatrick
1f99f889e1
ipn/{ipnlocal,localapi}: add localapi handler to dial/proxy file PUTs
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-06 21:31:50 -07:00
Brad Fitzpatrick
d717499ac4
ipn/localapi: add API for getting file targets
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-06 11:01:30 -07:00
David Anderson
f89dc1c903
ipn/ipnlocal: don't install any magicdns names if not proxying.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-04-02 14:24:47 -07:00
Brad Fitzpatrick
9b57cd53ba
ipn/ipnlocal: lazily connect to control, lazily generate machine key
...
Fixes #1573
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-02 08:21:40 -07:00
Brad Fitzpatrick
d50406f185
ipn/ipnlocal: simplify loadStateLocked control flow a bit, restore logging
...
The common Linux start-up path (fallback file defined but not
existing) was missing the log print of initializing Prefs. The code
was too twisty. Simplify a bit.
Updates #1573
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-02 07:56:07 -07:00
David Anderson
6ad44f9fdf
wgengine: take in dns.Config, split out to resolver.Config and dns.OSConfig.
...
Stepping stone towards having the DNS package handle the config splitting.
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-04-02 00:59:44 -07:00
David Anderson
8af9d770cf
net/dns: rename Config to OSConfig.
...
Making way for a new higher level config struct.
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-04-02 00:59:44 -07:00
David Anderson
cf361bb9b1
net/dns: remove PerDomain from Config.
...
It's currently unused, and no longer makes sense with the upcoming
DNS infrastructure. Keep it in tailcfg for now, since we need protocol
compat for a bit longer.
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-04-01 22:55:44 -07:00
Brad Fitzpatrick
6266cf8e36
ipn/ipnlocal: fix peerapi6 port being report as 0 in netstack mode
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-04-01 22:04:46 -07:00
David Anderson
90f82b6946
net/dns/resolver: add live reconfig, plumb through to ipnlocal.
...
The resolver still only supports a single upstream config, and
ipn/wgengine still have to split up the DNS config, but this moves
closer to unifying the DNS configs.
As a handy side-effect of the refactor, IPv6 MagicDNS records exist
now.
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-04-01 01:44:03 -07:00
David Anderson
d99f5b1596
net/dns/resolver: factor the resolver out into a sub-package.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-03-31 23:12:30 -07:00
Brad Fitzpatrick
53cfff109b
ipn: replace SetWantRunning(bool) with EditPrefs(MaskedPrefs)
...
This adds a new ipn.MaskedPrefs embedding a ipn.Prefs, along with a
bunch of "has bits", kept in sync with tests & reflect.
Then it adds a Prefs.ApplyEdits(MaskedPrefs) method.
Then the ipn.Backend interface loses its weirdo SetWantRunning(bool)
method (that I added in 483141094c
for "tailscale down")
and replaces it with EditPrefs (alongside the existing SetPrefs for now).
Then updates 'tailscale down' to use EditPrefs instead of SetWantRunning.
In the future, we can use this to do more interesting things with the
CLI, reconfiguring only certain properties without the reset-the-world
"tailscale up".
Updates #1436
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-31 22:14:11 -07:00
Brad Fitzpatrick
4ed6b62c7a
ipn/ipnlocal: refactor to unindent a bit
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-31 16:03:23 -07:00
Brad Fitzpatrick
1f583a895e
ipn/ipnlocal: stop sending machine key to frontends
...
We were going to remove this in Tailscale 1.3 but forgot.
This means Tailscale 1.8 users won't be able to downgrade to Tailscale
1.0, but that's fine.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-31 15:51:51 -07:00
Brad Fitzpatrick
c3bee0b722
ipn/ipnlocal: make peerapi work on iOS again
...
It didn't have a storage directory.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-31 14:09:06 -07:00
Brad Fitzpatrick
1bd14a072c
cmd/tailscale, ipn/localapi: move IP forwarding check to tailscaled, API
...
Instead of having the CLI check whether IP forwarding is enabled, ask
tailscaled. It has a better idea. If it's netstack, for instance, the
sysctl values don't matter. And it's possible that only the daemon has
permission to know.
Fixes #1626
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-31 12:09:16 -07:00
Brad Fitzpatrick
a998fe7c3d
control/controlclient: support lazy machine key generation
...
It's not done in the caller yet, but the controlclient does it now.
Updates #1573
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-31 08:52:57 -07:00
Brad Fitzpatrick
cf2beafbcd
ipn/ipnlocal: on Windows peerapi bind failures, try again on link change
...
Updates #1620
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-30 13:49:37 -07:00
Brad Fitzpatrick
6d1a9017c9
ipn/{ipnlocal,localapi}, client/tailscale: add file get/delete APIs
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-30 12:56:51 -07:00
Brad Fitzpatrick
672b9fd4bd
ipn{,/ipnlocal}: set new Notify.FilesWaiting when server has file(s)
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-30 11:36:12 -07:00
Brad Fitzpatrick
f01091babe
ipn/ipnlocal: make peerapi work in netstack mode
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-30 09:55:01 -07:00
Brad Fitzpatrick
41e4e02e57
net/{packet,tstun}: send peerapi port in TSMP pongs
...
For discovery when an explicit hostname/IP is known. We'll still
also send it via control for finding peers by a list.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-29 15:18:23 -07:00
Brad Fitzpatrick
9659ab81e0
ipn/ipnlocal: send peerapi port(s) in Hostinfo.Services
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-29 12:51:19 -07:00
Brad Fitzpatrick
35596ae5ce
ipn/ipnlocal: push down a user-specific root dir to peerapi handler
...
And add a put handler.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-29 11:33:35 -07:00
Brad Fitzpatrick
f26dfd054a
ipn/ipnlocal: rename/document peerapi stuff a bit, pass self identity
...
So handlers can vary based on whether owner of peer matches owner of
local node.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-26 21:36:39 -07:00
Brad Fitzpatrick
1642dfdb07
ipn/ipnlocal: get peerapi ~working in macOS/iOS NetworkExtension sandbox
...
IPv4 and IPv6 both work remotely, but IPv6 doesn't yet work from the
machine itself due to routing mysteries.
Untested yet on iOS, but previous prototype worked on iOS, so should
work the same.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-26 13:46:01 -07:00
Brad Fitzpatrick
5a62aa8047
ipn/ipnlocal: pass down interface state to peerapi ListenConfig hook
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-26 09:11:48 -07:00
David Anderson
9f7f2af008
wgengine/router/dns: move to net/dns.
...
Preparation for merging the APIs and whatnot.
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-03-25 16:25:30 -07:00
David Anderson
8432999835
Move wgengine/tsdns to net/dns.
...
Straight move+fixup, no other changes. In prep for merging with
wgengine/router/dns.
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-03-25 16:25:30 -07:00
Brad Fitzpatrick
81143b6d9a
ipn/ipnlocal: start of peerapi between nodes
...
Also some necessary refactoring of the ipn/ipnstate too.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-25 16:00:35 -07:00
Brad Fitzpatrick
2384c112c9
net/packet, wgengine/{filter,tstun}: add TSMP ping
...
Fixes #1467
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-24 09:50:01 -07:00
David Anderson
8c0a0450d9
ipn/ipnlocal: allow client access to exit node's public IPs.
...
"public IP" is defined as an IP address configured on the exit node
itself that isn't in the list of forbidden ranges (RFC1918, CGNAT,
Tailscale).
Fixes #1522 .
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-03-19 11:54:15 -07:00
Brad Fitzpatrick
0a02aaf813
control, ipn, tailcfg: remove golang.org/x/oauth2 dep, add tailcfg.Oauth2Token
...
golang.org/x/oauth2 pulls in App Engine and grpc module dependencies,
screwing up builds that depend on this module.
Some background on the problem:
https://go.googlesource.com/proposal/+/master/design/36460-lazy-module-loading.md
Fixes tailscale/corp#1471
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-19 10:40:48 -07:00
Brad Fitzpatrick
439d70dce2
cmd/tailscale, ipn/localapi: get daemon version from localapi status
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-18 21:14:10 -07:00
Brad Fitzpatrick
d0dffe33c0
cmd/tailscale, ipn/localapi: use localapi for status, not IPN acrobatics
...
Yay simpler code.
Tested on Linux, macOS and Windows.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-18 19:51:02 -07:00
Brad Fitzpatrick
27c4dd9a97
Revert "cmd/tailscaled, ipn/{ipnlocal,ipnserver}: let netstack get access to LocalBackend"
...
This reverts commit 2bc518dcb2
.
@namansood didn't end up needing it in his 770aa71ffb
.
2021-03-16 12:33:13 -07:00
Brad Fitzpatrick
9eb65601ef
health, ipn/ipnlocal: track, log overall health
...
Updates #1505
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-16 09:12:39 -07:00
Brad Fitzpatrick
ba8c6d0775
health, controlclient, ipn, magicsock: tell health package state of things
...
Not yet checking anything. Just plumbing states into the health package.
Updates #1505
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-15 15:20:55 -07:00
Naman Sood
770aa71ffb
client, cmd/hello, ipn, wgengine: fix whois for netstack-forwarded connections
...
Updates #504
Updates #707
Signed-off-by: Naman Sood <mail@nsood.in >
2021-03-15 18:14:09 -04:00
Brad Fitzpatrick
2bc518dcb2
cmd/tailscaled, ipn/{ipnlocal,ipnserver}: let netstack get access to LocalBackend
...
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-15 09:31:25 -07:00
David Crawshaw
bdb91a20eb
ipnstate, ipnlocal: add AuthURL to status
...
Signed-off-by: David Crawshaw <crawshaw@tailscale.com >
2021-03-12 08:07:20 -08:00
David Anderson
d79a2f3809
wgengine/filter: only log packets to/from non-default routes.
...
Fixes tailscale/corp#1429 .
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-03-09 16:24:09 -08:00
Brad Fitzpatrick
affd859121
ipn/ipnlocal, control/controlclient: propagate link monitor to controlclient
...
Don't use it yet, but get it down there.
Updates #1455
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-03-04 20:11:55 -08:00