HandlePacket and Inject now receive/take Packets. This is a handy
container for the packet, and the attached Trace method can be used
to print traces from custom packet handlers that integrate nicely
with natlab's internal traces.
Signed-off-by: David Anderson <danderson@tailscale.com>
The firewall provides a ProcessPacket handler, and implements an
address-and-port endpoint dependent firewall that allows all
traffic to egress from the trusted interface, and only allows
inbound traffic if corresponding outbound traffic was previously
seen.
Signed-off-by: David Anderson <danderson@tailscale.com>
Requires a bunch of refactoring so that Networks only ever
refer to Interfaces that have been attached to them, and
Interfaces know about both their Network and Machine.
Signed-off-by: David Anderson <danderson@tailscale.com>
I added them earlier while fighting our redo+xcode build which wasn't
picking up these files on incremental builds. It still isn't, but now I've
verified with full builds that no quotes is correct.
We want the macOS Network Extension to share fate with the UI frontend,
so we need the backend to know when the frontend disappears.
One easy way to do that is to reuse the existing TCP server it's
already running (for tailscale status clietns).
We now tell the frontend our ephemeral TCP port number, and then have
the UI connect to it, so the backend can know when it disappears.
There are likely Swift ways of doing this, but I couldn't find them
quickly enough, so I reached for the hammer I knew.
Our primary version format is git describe --long --abbrev=9.
Our Apple scheme is:
(major+100).minor.(patch*10,000+gitDescribeCommits).
This CL gets rid of the third, which was:
major.minor.(patch*10,000+gitDescribeCommits).
Now the "About" box in the macOS app shows the same version that we
show on pkgs.tailscale.com, userz, changelog, etc.
This will be more important once/if we get standalone DMG downloads
for macOS on pkgs.tailscale.com.
Fixestailscale/corp#364
This change adds to tsdns the ability to delegate lookups to upstream nameservers.
This is crucial for setting Magic DNS as the system resolver.
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
Never return "nil, nil" anymore. The caller expected a usable
interface now. I missed some of these earlier.
Also, handle address deletion now.
Updates #532
At least the Apple Airport Extreme doesn't allow hairpin
sends from a private socket until it's seen traffic from
that src IP:port to something else out on the internet.
See https://github.com/tailscale/tailscale/issues/188#issuecomment-600728643
And it seems that even sending to a likely-filtered RFC 5737
documentation-only IPv4 range is enough to set up the mapping.
So do that for now. In the future we might want to classify networks
that do and don't require this separately. But for now help it.
I've confirmed that this is enough to fix the hairpin check on Avery's
home network, even using the RFC 5737 IP.
Fixes#188
There's a lot of confusion around what tailscale status shows, so make it better:
show region names, last write time, and put stars around DERP too if active.
Now stars are always present if activity, and always somewhere.
* fix tailscale status for peers using discovery
* as part of that, pull out disco address selection into reusable
and testable discoEndpoint.addrForSendLocked
* truncate ping/pong logged hex txids in half to eliminate noise
* move a bunch of random time constants into named constants
with docs
* track a history of per-endpoint pong replies for future use &
status display
* add "send" and " got" prefix to discovery message logging
immediately before the frame type so it's easier to read than
searching for the "<-" or "->" arrows earlier in the line; but keep
those as the more reasily machine readable part for later.
Updates #483
