Maisem Ali
0f31a0fc76
control/controlclient: add Noise client
...
Updates #3488
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2022-03-07 15:43:19 -08:00
Maisem Ali
249758df90
control/controlclient: start fetching the server noise key
...
Updates #3488
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2022-03-07 11:29:27 -08:00
Brad Fitzpatrick
d5f8f38ac6
tailcfg: rename map request version to "capability version"
...
And add a CapabilityVersion type, primarily for documentation.
This makes MapRequest.Version, RegisterRequest.Version, and
SetDNSRequest.Version all use the same version, which will avoid
confusing in the future if Register or SetDNS ever changed their
semantics on Version change. (Currently they're both always 1)
This will requre a control server change to allow a
SetDNSRequest.Version value other than 1 to be deployed first.
Change-Id: I073042a216e0d745f52ee2dbc45cf336b9f84b7c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2022-03-06 14:29:08 -08:00
Brad Fitzpatrick
5d085a6f41
controlhttp: add some docs, change Dial's path from /switch to /ts2021
...
When I deployed server-side changes, I put the upgrade handler at /ts2021
instead of /switch. We could move the server to /switch, but ts2021 seems
more specific and better, but I don't feel strongly.
Updates #3488
Change-Id: Ifbf8ea60a815fd2fa1bfbe1b7af1ac2a27218354
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2022-02-26 12:44:29 -08:00
Josh Bleecher Snyder
823d970d60
control/controlclient: use structured logging for MapResponse.ControlTime
...
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com >
2022-02-18 13:05:42 -08:00
Josh Bleecher Snyder
8c3c5e80b7
tailcfg: make MapResponse.ControlTime a pointer
...
Otherwise omitempty doesn't work.
This is wire-compatible with a non-pointer type, so switching
is safe, now and in the future.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com >
2022-02-18 10:37:27 -08:00
Josh Bleecher Snyder
8cf6d0a17b
tailcfg: add MapResponse.ControlTime field
...
And log it when provided in map responses.
The test uses the date on which I joined Tailscale. :)
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com >
2022-02-16 20:18:03 -08:00
Maisem Ali
72d8672ef7
tailcfg: make Node.Hostinfo a HostinfoView
...
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2022-02-16 12:55:57 -08:00
Brad Fitzpatrick
57115e923e
tailcfg: add start of SSH policy to be sent from control plane to nodes
...
Updates #3802
Change-Id: Iec58f35d445aaa267d0f7e7e2f30c049c1df4c0e
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2022-02-15 16:05:42 -08:00
Brad Fitzpatrick
3a94ece30c
control/controlclient: remove dummy endpoint in endpoint stripping mode
...
The TODO is done. Magicsock doesn't require any endpoints to create an
*endpoint now. Verified both in code and empirically: I can use the
env knob and access everything.
Change-Id: I4fe7ed5b11c5c5e94b21ef3d77be149daeab998a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2022-02-12 16:36:04 -08:00
Brad Fitzpatrick
86a902b201
all: adjust some log verbosity
...
Updates #1548
Change-Id: Ia55f1b5dc7dfea09a08c90324226fb92cd10fa00
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2022-02-12 08:51:16 -08:00
Adrian Dewhurst
adda2d2a51
control/controlclient: select newer certificate
...
If multiple certificates match when selecting a certificate, use the one
issued the most recently (as determined by the NotBefore timestamp).
This also adds some tests for the function that performs that
comparison.
Updates tailscale/coral#6
Signed-off-by: Adrian Dewhurst <adrian@tailscale.com >
2022-02-11 23:00:22 -05:00
Brad Fitzpatrick
b3d268c5a1
control/controlclient: turn off Go's implicit compression
...
We don't use it anyway, so be explicit that we're not using it.
Change-Id: Iec953271ef0169a2e227811932f5b65b479624af
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2022-02-07 13:55:42 -08:00
Brad Fitzpatrick
41fd4eab5c
envknob: add new package for all the strconv.ParseBool(os.Getenv(..))
...
A new package can also later record/report which knobs are checked and
set. It also makes the code cleaner & easier to grep for env knobs.
Change-Id: Id8a123ab7539f1fadbd27e0cbeac79c2e4f09751
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2022-01-24 11:51:23 -08:00
David Anderson
96f008cf87
control/controlhttp: package to get a controlbase.Conn over HTTP(S).
...
Updates #3488
Signed-off-by: David Anderson <danderson@tailscale.com >
2022-01-17 23:52:27 +00:00
David Anderson
d5a7eabcd0
control/controlbase: enable asynchronous client handshaking.
...
With this change, the client can obtain the initial handshake message
separately from the rest of the handshake, for embedding into another
protocol. This enables things like RTT reduction by stuffing the
handshake initiation message into an HTTP header.
Similarly, the server API optionally accepts a pre-read Noise initiation
message, in addition to reading the message directly off a net.Conn.
Updates #3488
Signed-off-by: David Anderson <danderson@tailscale.com >
2022-01-17 23:52:27 +00:00
David Anderson
6cd180746f
control/controlbase: rename from control/noise.
...
Updates #3488
Signed-off-by: David Anderson <danderson@tailscale.com >
2022-01-17 23:52:27 +00:00
Josh Bleecher Snyder
25eab78573
control/noise: clean up resources in TestNoReuse
...
Close the server and client.
Without this, we leak system threads.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com >
2021-12-01 12:50:21 -08:00
Josh Bleecher Snyder
d9c21936c3
control/controlclient: stop logging about goal.url invariant
...
This isn't the ideal solution, but it's good enough for now.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com >
2021-11-29 14:00:53 -08:00
Josh Bleecher Snyder
758c37b83d
net/netns: thread logf into control functions
...
So that darwin can log there without panicking during tests.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com >
2021-11-18 15:09:51 -08:00
Brad Fitzpatrick
24ea365d48
netcheck, controlclient, magicsock: add more metrics
...
Updates #3307
Change-Id: Ibb33425764a75bde49230632f1b472f923551126
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-11-16 10:48:19 -08:00
David Anderson
5b94f67956
control/noise: make Conn.readNLocked less surprising.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
a34350ffda
control/noise: factor out nonce checking and incrementing into a type.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
d3acd35a90
control/noise: make message headers match the specification.
...
Only the initiation message should carry a protocol version, all
others are just type+len.
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
a63c4ab378
control/noise: don't panic when handling ciphertext.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
4004b22fe5
control/noise: stop using poly1305 package constants.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
293431aaea
control/noise: use key.Machine{Public,Private} as appropriate.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
edb33d65c3
control/noise: don't cache mixer, just rebuild a BLAKE2s each time.
...
This should optimize out fine, and readability is preferable to performance
here.
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
7e9e72887c
control/noise: add singleUseCHP, use it to simplify nonce/key tracking in handshake.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
cf90392174
control/noise: review fixups
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
0b392dbaf7
control/noise: adjust implementation to match revised spec.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
89a68a4c22
control/noise: include the protocol version in the Noise prologue.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
5e005a658f
control/noise: fix typo in docstring.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
eabca699ec
control/noise: remove allocations in the encrypt and decrypt paths.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
David Anderson
da7544bcc5
control/noise: implement the base transport for the 2021 control protocol.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-10 12:13:54 -08:00
Brad Fitzpatrick
3e1daab704
hostinfo, control/controlclient: tell control when Ubuntu has disabled Tailscale's sources
...
Fixes #3177
Updates #2500
Change-Id: Iff2a8e27ec7d36a1c210263d6218f20ebed37924
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-11-10 09:56:58 -08:00
Brad Fitzpatrick
d2ef73ed82
control/controlclient: rename a variable to not shadow a package name
...
Change-Id: I1bcb577cb2c47e936d545ad57f308e57399de323
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-11-10 08:11:29 -08:00
Brad Fitzpatrick
ad63fc0510
control/controlclient: make js/wasm work with Go 1.18+
...
Updates #3157
Change-Id: I2d67e582842ab3638d720bb5db4701b878ad4473
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-11-07 13:49:55 -08:00
Brad Fitzpatrick
337757a819
ipn/ipnlocal, control/controlclient: don't propagate all map errors to UI
...
Fixes regression from 81cabf48ec
which made
all map errors be sent to the frontend UI.
Fixes #3230
Change-Id: I7f142c801c7d15e268a24ddf901c3e6348b6729c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-11-03 17:56:54 -07:00
David Anderson
0532eb30db
all: replace tailcfg.DiscoKey with key.DiscoPublic.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-03 14:00:16 -07:00
David Anderson
7e6a1ef4f1
tailcfg: use key.NodePublic in wire protocol types.
...
Updates #3206 .
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-02 09:11:43 -07:00
David Anderson
d6e7cec6a7
types/netmap: use key.NodePublic instead of tailcfg.NodeKey.
...
Update #3206
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-11-01 17:07:40 -07:00
Brad Fitzpatrick
ff597e773e
tailcfg, control/controlclient: add method to exit client from control plane
...
Change-Id: Ic28ef283ba63396b68fab86bfb0a8ee8f432474c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-11-01 11:59:04 -07:00
David Anderson
418adae379
various: use NodePublic.AsNodeKey() instead of tailcfg.NodeKeyFromNodePublic()
...
Updates #3206
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-10-29 16:19:27 -07:00
David Anderson
4d38194c21
control/controlclient: stop using wgkey.
...
Updates #3206
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-10-28 14:22:51 -07:00
Brad Fitzpatrick
ada8cd99af
control/controlclient: add a LoginEphemeral LoginFlags bit
...
Change-Id: Ib9029ea0c49aa2ee1b6aac6e464ab1f16aef92e8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com >
2021-10-28 13:21:35 -07:00
David Anderson
6e5175373e
types/netmap: use new node key type.
...
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-10-28 10:44:34 -07:00
David Anderson
0c546a28ba
types/persist: use new node key type.
...
Updates #3206
Signed-off-by: David Anderson <danderson@tailscale.com >
2021-10-28 10:29:43 -07:00
Maisem Ali
81cabf48ec
control/controlclient,tailcfg: propagate registration errors to the frontend
...
Signed-off-by: Maisem Ali <maisem@tailscale.com >
2021-10-27 06:57:26 -07:00
nicksherron
f01ff18b6f
all: fix spelling mistakes
...
Signed-off-by: nicksherron <nsherron90@gmail.com >
2021-10-12 21:23:14 -07:00