Commit Graph

4047 Commits

Author SHA1 Message Date
Brad Fitzpatrick
23f01174ea util/pidowner: new package to map from process ID to its user ID 2020-09-11 08:19:21 -07:00
Brad Fitzpatrick
40e12c17ec net/netcheck: remove mistaken double Mutex.Unlock in error path
Thanks to @dotaheor for noticing.

Fixes #751
2020-09-11 07:55:49 -07:00
Brad Fitzpatrick
f65eb4e5c1 net/netstat: start of new netstat package, with Windows for now
This will be used in a future change to do localhost connection
authentication. This lets us quickly map a localhost TCP connection to
a PID. (A future change will then map a pid to a user)

TODO: pull portlist's netstat code into this package. Then portlist
will be fast on Windows without requiring shelling out to netstat.exe.
2020-09-10 15:24:49 -07:00
Brad Fitzpatrick
8b60936913 depaware: update deps 2020-09-10 09:29:15 -07:00
Brad Fitzpatrick
edb47b98a8 scripts: don't descend into .git for license header check 2020-09-10 09:23:33 -07:00
Josh Bleecher Snyder
a877dd575c wgengine/router/dns: remove unnecessary lint ignore line
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-09-09 12:27:52 -07:00
Josh Bleecher Snyder
bf24d54143 syncs: add AssertLocked
This allows us to check lock invariants.

It was proposed upstream and rejected in:
https://github.com/golang/go/issues/1366

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-09-09 12:27:52 -07:00
Brad Fitzpatrick
158202dbb1 go mod tidy 2020-09-09 12:17:44 -07:00
Brad Fitzpatrick
7795fcf464 Add tooldeps package to keep depaware pinned in go.mod. 2020-09-09 12:13:30 -07:00
Brad Fitzpatrick
22ed3c503e
Add depaware.txt files and GitHub checks. (#745)
See https://github.com/tailscale/depaware

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-09-09 12:11:46 -07:00
Josh Bleecher Snyder
2e40c4b564 tstest: don't log on success
This is particularly important for benchmarks,
where stray output disrupts tooling.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-09-08 15:18:36 -07:00
Brad Fitzpatrick
913c1bd04f wgengine/router: on Windows, add a firewall rule to allow Tailscale
Updates tailscale/tailscale#454
2020-09-08 13:24:02 -07:00
Emmanuel T Odeke
688f923db1
log/logheap: properly document LogHeap as performing HTTP upload (#741)
LogHeap no longer logs to os.Stderr and instead uploads
the heap profile by means of an HTTP POST request to the
target URL endpoint.

While here, also ensured that an error from pprof.WriteHeapProfile
isn't ignored and will prevent the HTTP request from being made
if non-nil.

Signed-off-by: Emmanuel T Odeke <emmanuel@orijtech.com>
2020-09-07 19:17:53 -07:00
Josh Bleecher Snyder
96160973ce tailcfg: regenerate Clone methods
cmd/cloner has changed. Regenerate.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-09-04 16:25:18 -07:00
Josh Bleecher Snyder
7bd89359c9 cmd/cloner: generate a package-level Clone function
This Clone function knows how to clone any types
for which it has generated Clone methods.
This allows callers to efficiently clone
an inbound interface{} that might contain one of these types.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-09-04 16:25:18 -07:00
Josh Bleecher Snyder
99d223130c cmd/cloner: fix found type detection
This was causing any type to be reported as found,
as long as there were any type decls at all. Oops.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-09-04 13:43:17 -07:00
Josh Bleecher Snyder
2352690bde cmd/cloner: ensure cloner gets re-run when structs change
If you change a struct and don't re-run cloner,
your Cloner method might be inaccurate, leading to bad things.

To prevent this, write out the struct as it is at the moment that
cloner is caller, and attempt a conversion from that type.
If the struct gets changed in any way, this conversion will fail.

This will yield false positives: If you change a non-pointer field,
you will be forced to re-run cloner, even though the actual generated
code won't change. I think this is an acceptable cost: It is a minor
annoyance, which will prevent real bugs.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-09-04 13:11:21 -07:00
Brad Fitzpatrick
8ecee476f6 ipn: simplify TestLocalLogLines, defer a Shutdown of its LocalBackend
The test's LocalBackend was not shut down (Shutdown both releases
resources and waits for its various goroutines to end). This should
fix the test race we were seeing. It definitely fixes the file
descriptor leak that preventing -race -count=500 from passing before.
2020-09-04 08:36:07 -07:00
Brad Fitzpatrick
7fddc33481 tstest: make LogLineTracker pass variadic format args through
Omitting the "..." passed a literal []interface{} to the underlying
logger always.
2020-09-04 08:31:43 -07:00
Brad Fitzpatrick
68c42530e9 tstest: rename LogListener to LogLineTracker
But mostly to rename tstest.ListenFor which has no mention of log lines in it.
It sounded like a net.Listener or something.
2020-09-04 08:09:56 -07:00
David Crawshaw
95cddfcc75 tailcfg: add Clone methods to Login and DNSConfig
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-09-04 07:48:45 -04:00
David Crawshaw
3baa084548 tstest: take testing.TB in helper for benchmarks
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-09-04 07:48:45 -04:00
Brad Fitzpatrick
468bb3afce cmd/tailscale/cli: add debug -derp mode 2020-09-03 09:09:23 -07:00
Brad Fitzpatrick
9c25968b63 net/tshttpproxy: fix typo in Windows code added at least second
I ran tests & vet & staticcheck, but for Linux, not Windows.
(#728 would be nice)
2020-09-02 21:25:38 -07:00
Brad Fitzpatrick
82a3721661 go.sum: update 2020-09-02 21:25:28 -07:00
Brad Fitzpatrick
b026a638c7 net/tshttpproxy: if winhttp.GetProxyForURL blocks too long, use previous value
We currently have a chickend-and-egg situation in some environments
where we can set up routes that WinHTTP's WPAD/PAC resolution service
needs to download the PAC file to evaluate GetProxyForURL, but the PAC
file is behind a route for which we need to call GetProxyForURL to
e.g. dial a DERP server.

As a short-term fix, just assume that the most recently returned proxy
is good enough for such situations.
2020-09-02 21:15:36 -07:00
Josh Bleecher Snyder
a570c27577 portlist: reduce log spam on macOS
Running tailscaled on my machine yields lots of entries like:

weird: missing {tcp 6060}

parsePortsNetstat is filtering out loopback addresses as uninteresting.
Then addProcesses is surprised to discover these listening ports,
which results in spurious logging.
Teach addProcesses to also ignore loopback addresses.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2020-09-02 15:44:55 -07:00
Josh Bleecher Snyder
3b05cbacfb go.mod: update wireguard-go version 2020-09-02 12:22:49 -07:00
Josh Bleecher Snyder
57e642648f wgengine/magicsock: fix typo in comment 2020-09-02 11:34:20 -07:00
Brad Fitzpatrick
6d14678009 wgengine/router: remove unnecessary newlines in log.Printf formats 2020-09-01 13:27:42 -07:00
Brad Fitzpatrick
09d56f54a7
wgengine/router: fix Windows route sorting that caused de-dup to not work (#727)
Updates #725

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2020-09-01 13:24:58 -07:00
Brad Fitzpatrick
74ee374667 net/tshttpproxy: add more winhttp logging
Notably around duration of calls.
2020-08-28 21:37:49 -07:00
Brad Fitzpatrick
1e0be5a458 tshttp, derphttp: send Proxy-Authorization, not Authorization, to proxies
Whoops. But weirdly, sending Authorization sometimes worked?
2020-08-28 21:01:00 -07:00
halulu
3af2d671e6
cmd/tailscale/cli: add new flag --force-reauth to up subcommand (#717)
Signed-off-by: Halulu <lzjluzijie@gmail.com>
2020-08-28 20:49:14 +08:00
Brad Fitzpatrick
9b07517f18 wgengine: add Engine.SetLinkChangeCallback
Start of making the IPN state machine react to link changes and down
its DNS & routes if necessary to unblock proxy resolution (e.g. for
transitioning from public to corp networks where the corp network has
mandatory proxies and WPAD PAC files that can't be resolved while
using the DNS/routes configured previously)

This change should be a no-op. Just some callback plumbing.
2020-08-27 21:25:17 -07:00
halulu
bd37e40d2b
cmd/tailscale/cli: status exit when disconnected (#720)
cmd/tailscale/cli: make status report stopped status, exit non-zero

Fixes #714
2020-08-27 19:02:32 -07:00
Dmytro Shynkevych
cb5f3c0819
tsdns: log when settings upstreams.
It turns out that otherwise we don't know what exactly was set.

Also remove the now unused RootDomain config option.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-27 17:01:59 -04:00
Brad Fitzpatrick
5acbb149a2 ipn/ipnstate: include DNSName in tailscale status --json output 2020-08-27 13:25:05 -07:00
Brad Fitzpatrick
2bac125cad net/tshttpproxy: move the TS_DEBUG_FAKE_PROXY_AUTH knob up a level 2020-08-27 08:17:57 -07:00
Dmytro Shynkevych
aa1da24f18
tsdns: remove now unused fields.
Missed in 7541982635.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-27 03:21:36 -04:00
Dmytro Shynkevych
7541982635
tsdns: remove forwarding queue.
Two levels of queueing are unnecessary.
The resulting implementation performs as follows
under request bursts (`count` packets sent concurrently):

lost  count            avg latency
   0 /  256 (00.00%) - 28ms
   0 /  512 (00.00%) - 146ms
   0 /  768 (00.00%) - 166ms
   0 / 1024 (00.00%) - 416ms
  11 / 1280 (00.86%) - 430ms
 145 / 1536 (09.44%) - 715ms
 364 / 2048 (17.77%) - 836ms

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-27 03:18:17 -04:00
Dmytro Shynkevych
34a7e7c12b
tsdns: be more strict with type validation.
Previously, a type AAAA query would be answered with an A record
if only an IPv4 address was available. This is irrelevant for us
while we only use IPv4, but it will be a bug one day,
so it's worth being precise about semantics.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-27 00:45:30 -04:00
Dmytro Shynkevych
bc34788e65
tsdns: fix accidental rejection of all non-{A, AAAA} questions.
This is a bug introduced in a903d6c2ed.

Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
2020-08-27 00:42:56 -04:00
Brad Fitzpatrick
28f9cd06f5 tshttpproxy, controlclient, derphttp, logpolicy: send Negotiate auth to proxies
For Windows only, and only when built with Tailscale's Go tree.

Updates tailscale/corp#583
2020-08-26 20:08:05 -07:00
Brad Fitzpatrick
756d6a72bd wgengine: lazily create peer wireguard configs more explicitly
Rather than consider bigs jumps in last-received-from activity as a
signal to possibly reconfigure the set of wireguard peers to have
configured, instead just track the set of peers that are currently
excluded from the configuration. Easier to reason about.

Also adds a bit more logging.

This might fix an error we saw on a machine running a recent unstable
build:

2020-08-26 17:54:11.528033751 +0000 UTC: 8.6M/92.6M magicsock: [unexpected] lazy endpoint not created for [UcppE], d:42a770f678357249
2020-08-26 17:54:13.691305296 +0000 UTC: 8.7M/92.6M magicsock: DERP packet received from idle peer [UcppE]; created=false
2020-08-26 17:54:13.691383687 +0000 UTC: 8.7M/92.6M magicsock: DERP packet from unknown key: [UcppE]

If it does happen again, though, we'll have more logs.
2020-08-26 12:26:06 -07:00
Brad Fitzpatrick
483141094c cmd/tailscale/cli: add basic 'down' subcommand
RELNOTE=yes
2020-08-25 18:54:29 -07:00
halulu
f27a57911b
cmd/tailscale: add derp and endpoints status (#703)
cmd/tailscale: add local node's information to status output (by default)

RELNOTE=yes

Updates #477

Signed-off-by: Halulu <lzjluzijie@gmail.com>
2020-08-25 16:26:10 -07:00
Brad Fitzpatrick
f915ab6552 net/tshttpproxy: add start of Kerberos Negotiate auth to proxies on Windows
For now only used by a new cmd/tailscale debug --get-url
subcommand. Not yet wired up to the places making HTTP requests.

Updates tailscale/corp#583
2020-08-25 13:49:06 -07:00
David Crawshaw
dd2c61a519 magicsock: call RequestStatus when DERP connects
Second attempt.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-08-25 16:35:28 -04:00
David Crawshaw
a67b174da1 Revert "magicsock: call RequestStatus when DERP connects"
Seems to break linux CI builder. Cannot reproduce locally,
so attempting a rollback.

This reverts commit cd7bc02ab1.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-08-25 15:15:37 -04:00