Commit Graph

54 Commits

Author SHA1 Message Date
David Anderson
9ccbcda612 wgengine/router: rename config.Settings to config.Config, make pointer.
Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-12 15:58:33 -07:00
David Anderson
72cae5504c wgengine: generate and plumb router.Settings in from ipn.
This saves a layer of translation, and saves us having to
pass in extra bits and pieces of the netmap and prefs to
wgengine. Now it gets one Wireguard config, and one OS
network stack config.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-12 15:58:33 -07:00
Wendi Yu
3663797815 Reduce logspam from node with no peers
Signed-off-by: Wendi Yu <wendi.yu@yahoo.ca>
2020-05-12 12:28:51 -07:00
David Anderson
bfdc8175b1 wgengine/router: add a setting to disable SNAT for subnet routes.
Part of #320.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-11 20:17:13 +00:00
David Anderson
89af51b84d wgengine: plumb locally advertised subnet routes.
With this change, advertising subnet routes configures the
firewall correctly.

Signed-off-by: David Anderson <danderson@tailscale.com>
2020-05-07 17:48:49 +00:00
Avery Pennarun
9d1f48032a cmd/tailscale: add --advertise-tags option.
These will be used for dynamically changing the identity of a node, so
its ACL rights can be different from your own.

Note: Not all implemented yet on the server side, but we need this so
we can request the tagged rights in the first place.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-05-01 01:32:24 -04:00
Avery Pennarun
d6c34368e8 ipn/local: differentiate Shields Up from Uninitialized in logs.
We were printing "Shields Up" when the netmap wasn't initialized yet,
which while technically effectively true, turned out to be confusing
when trying to debug things.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-30 04:56:36 -04:00
Avery Pennarun
ced9b4008a ipn: clear the hostinfo.Services list when prefs.ShieldsUp==true.
When shields are up, no services are available to connect to, so hide
them all. This will also help them disappear from the UI menu on
other nodes.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
Avery Pennarun
d7429b9a8d Add prefs.ShieldsUp and --shields-up option.
This sets a default packet filter that blocks all incoming requests,
giving end users more control over who can get into their machine, even
if the admin hasn't set any central ACLs.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2020-04-29 05:25:45 -04:00
Brad Fitzpatrick
f4c7eb8c44 ipn: revert part of 18017f7630
In retrospect I don't trust it and I'm afraid might've caused some Mac flakiness.
I'd like more tests here before I work on this.

Updates #288
2020-04-28 14:04:45 -07:00
Brad Fitzpatrick
18017f7630 ipn, wgengine/magicsock: be more idle when in Stopped state with no peers
(Previously as #288, but with some more.)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-28 13:41:29 -07:00
Brad Fitzpatrick
45f2b53aca all: remove unnecessary trailing newlines in format patterns for consistency
And document on logger.Logf that it's unnecessary.
2020-04-11 08:35:34 -07:00
Brad Fitzpatrick
3a3b64301e wgengine: quiet some engine reconfig logging, make more consistent
Updates #282

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-10 13:53:01 -07:00
Brad Fitzpatrick
b24029717b ipn: outdent some code in if that's statically always true 2020-04-10 07:52:30 -07:00
David Crawshaw
1747d099e9 ipn: add auth key
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-04-09 20:17:09 +10:00
Brad Fitzpatrick
8ca796d144 ipn, ipn/policy: filter portlist to a short list of "interesting" ports
Adds new package ipn/policy to be shared between node client & control server.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-04-01 10:03:44 -07:00
Brad Fitzpatrick
a4ef345737 cmd/tailscale: add status subcommand
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-27 20:34:36 -07:00
Brad Fitzpatrick
322499473e cmd/tailscaled, wgengine, ipn: add /debug/ipn handler with world state
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-26 14:26:24 -07:00
Avery Pennarun
f53e78e0d5 wgengine: don't lose filter state on filter reconfig.
We were abandoning the UDP port LRU every time we got a new packet
filter from tailcontrol, which caused return packets to suddenly stop
arriving.
2020-03-25 04:52:41 -04:00
Avery Pennarun
4336de0d98 ipn/local: don't print packet filter every single time.
It's extremely noisy right now for domains with complex ACLs.
2020-03-25 04:52:41 -04:00
Brad Fitzpatrick
7740cbd8d9 ipn: call SetNetInfoCallback later, in Start
It was being called back into ultimately from magicsock before there
was a control client.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-23 22:19:40 -07:00
Brad Fitzpatrick
51b669e4bd ipn: skip tailscaled UDP ports in service list 2020-03-19 19:56:02 -07:00
David Crawshaw
addbdce296 wgengine, ipn: include number of active DERPs in status
Use this when making the ipn state transition from Starting to
Running. This way a network of quiet nodes with no active
handshaking will still transition to Active.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-19 17:55:16 +11:00
Brad Fitzpatrick
120273d7f6 portlist: document, clean up, fix an open fd spike, optimize a bit
I noticed portlist when looking at some profiles and hadn't looked at
the code much before. This is a first pass over it. It allocates a
fair bit. More love remains, but this does a bit:

name       old time/op    new time/op    delta
GetList-8    9.92ms ± 8%    9.64ms ±12%     ~     (p=0.247 n=10+10)

name       old alloc/op   new alloc/op   delta
GetList-8     931kB ± 0%     869kB ± 0%   -6.70%  (p=0.000 n=10+10)

name       old allocs/op  new allocs/op  delta
GetList-8     4.59k ± 0%     3.69k ± 1%  -19.71%  (p=0.000 n=10+10)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-13 21:06:41 -07:00
Brad Fitzpatrick
42e98d4edc Quiet two little log annoyances. 2020-03-13 09:42:09 -07:00
David Anderson
aeb88864e0 ipn: don't clobber netinfo in Start(). 2020-03-12 21:39:01 -07:00
Avery Pennarun
b4897e7de8 controlclient/netmap: write our own b.ConciseDiffFrom(a) function.
This removes the need for go-cmp, which is extremely bloaty so we had
to leave it out of iOS. As a result, we had also left it out of macOS,
and so we didn't print netmap diffs at all on darwin-based platforms.
Oops.

As a bonus, the output format of the new function is way better.

Minor oddity: because I used the dumbest possible diff algorithm, the
sort order is a bit dumb. We print all "removed" lines and then print
all "added" lines, rather than doing the usual diff-like thing of
interspersing them. This probably doesn't matter (maybe it's an
improvement).
2020-03-12 23:01:08 -04:00
David Crawshaw
57f220656c ipn: search for ErrStateNotExist with errors.Is
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-03-12 08:44:24 -04:00
Brad Fitzpatrick
eac62ec5ff ipn, wgengine/magicsock: add ipn.Prefs.DisableDERP bool
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-04 12:53:37 -08:00
Brad Fitzpatrick
b27d4c017a magicsock, wgengine, ipn, controlclient: plumb regular netchecks to map poll
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-03-04 08:19:45 -08:00
Brad Fitzpatrick
657f9593ae Reduce some logspam. 2020-03-02 14:55:12 -08:00
David Crawshaw
d133339216 ipn: always guard LocalBackend.prefs with mu
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-28 21:54:22 -05:00
Brad Fitzpatrick
bcf3719b9e netcheck: add hairpinning detection
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-28 14:26:51 -08:00
David Crawshaw
cdc10b74f1 ipn: always guard LocalBackend.endpoints with mu
For #112

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-28 15:13:01 -05:00
David Crawshaw
3425d8d84f ipn: always guard LocalBackend.engineStatus with mu
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-28 14:58:52 -05:00
David Crawshaw
e7cdc11654 ipn: always guard LocalBackend.netMapCache with mu
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-28 14:39:36 -05:00
Brad Fitzpatrick
25797c8c2a all: rename deep "Copy" methods to conventional Go name "Clone" 2020-02-27 12:20:29 -08:00
Brad Fitzpatrick
14559340ee Start of netcheck package & including network state in Hostinfo.
* adds new packet "netcheck" to do the checking of UDP, IPv6, and
  nearest DERP server, and the Report type for all that (and more
  in the future, probably pulling in danderson's natprobe)
* new tailcfg.NetInfo type
* cmd/tailscale netcheck subcommand (tentative name, likely to
  change/move) to print out the netcheck.Report.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-27 11:05:27 -08:00
Brad Fitzpatrick
eefafad9f8 ipn: fix some mutex/ownership issues
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 14:07:43 -08:00
Brad Fitzpatrick
3988ddc85d types/logger: add WithPrefix, use it in two places
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 11:35:46 -08:00
Brad Fitzpatrick
758744a4e3 Fix some Hostinfo value usages from the previous commit. 2020-02-25 11:01:20 -08:00
Brad Fitzpatrick
d8de11a01b control: make Hostinfo accessed by pointer
Fix potential races in copying aliased slices by value.

Also few little doc updates.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 10:35:51 -08:00
Brad Fitzpatrick
367ffde21a ipn: misc cleanup
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-25 10:05:14 -08:00
David Anderson
c47f907a27 ipn: use *Prefs rather than Prefs throughout.
Prefs has become a heavy object with non-memcpy copy
semantics. We should not pass such a thing by value.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-20 11:31:10 -08:00
David Anderson
0c55777fed ipn: temporary support for loading legacy relaynode configs.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-20 11:31:10 -08:00
David Anderson
cf1e386cbd ipn: move Options.ServerURL into Prefs.
We can't rely on a frontend to provide a control
server URL, so this naturally belongs in server-persisted
state.

Signed-off-by: David Anderson <dave@natulte.net>
2020-02-19 10:34:39 -08:00
David Anderson
47da432991 ipn: handle advertised routes provided by frontend.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-17 20:47:45 -08:00
Brad Fitzpatrick
2896be60db Move "logger" package to under types, now that we have it.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-14 20:23:05 -08:00
Brad Fitzpatrick
747c7d7ce2 types/empty: add Message, stop using mysterious *struct{}
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-02-14 13:35:49 -08:00
David Anderson
5f45b7c765 ipn: make LocalBackend.loadStateWithLock easier to follow.
Signed-off-by: David Anderson <dave@natulte.net>
2020-02-13 19:26:53 -08:00