TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-25 19:15:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,622 Commits 706 Branches 157 Tags 102 MiB
fd7fddd44f
Commit Graph

326 Commits

Author SHA1 Message Date
David Anderson
f6b7d08aea net/dns: work around new NetworkManager in other selection paths. 
Further bits of #1788

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-23 22:09:00 -07:00
David Anderson
25ce9885a2 net/dns: don't use NM+resolved for NM >=1.26.6. 
NetworkManager fixed the bug that forced us to use NetworkManager
if it's programming systemd-resolved, and in the same release also
made NetworkManager ignore DNS settings provided for unmanaged
interfaces... Which breaks what we used to do. So, with versions
1.26.6 and above, we MUST NOT use NetworkManager to indirectly
program systemd-resolved, but thankfully we can talk to resolved
directly and get the right outcome.

Fixes #1788

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-23 21:13:19 -07:00
Brad Fitzpatrick
e41075dd4a net/interfaces: work around race fetching routing table 
Fixes #1345
Updates golang/go#45736

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-04-23 13:23:19 -07:00
David Anderson
30f5d706a1 net/dns/resolver: remove unnecessary/racy WaitGroup. 
Fixes #1663

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-22 19:17:37 -07:00
David Anderson
89c81c26c5 net/dns: fix resolved match domains when no nameservers are provided. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-20 17:10:39 -07:00
David Anderson
4be26b269f net/dns: correctly capture all traffic in non-split configs. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-20 16:57:46 -07:00
David Anderson
ca283ac899 net/dns: remove config in openresolv when given an empty DNS config. 
Part of #1720.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-20 16:19:34 -07:00
David Anderson
53213114ec net/dns: make debian_resolvconf correctly clear DNS configs. 
More of #1720.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-20 15:51:14 -07:00
David Anderson
3b1ab78954 net/dns: restore resolv.conf when given an empty config in directManager. 
Fixes #1720.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-20 15:14:40 -07:00
David Anderson
158328ba24 net/dns: remove ForceSplitDNSForTesting. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-20 12:50:08 -07:00
Naman Sood
71b7e48547
net/tsaddr: expand ephemeral nodes range to /64 
Signed-off-by: Naman Sood <mail@nsood.in>
 2021-04-19 15:54:53 -04:00
Naman Sood
b85d80b37f
net/tsaddr: add new IP range for ephemeral nodes in Tailscale ULA (#1715) 
Signed-off-by: Naman Sood <mail@nsood.in>
 2021-04-16 14:47:55 -04:00
David Anderson
bb0710d51d net/dns: add debugging traces to DNS manager selection on linux. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-14 15:52:41 -07:00
David Anderson
4b70c7b717 net/dns: fix inverted test for NetworkManager. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-14 15:52:22 -07:00
David Anderson
4849a4d3c8 net/dns: error out on linux if /etc/resolv.conf can't be read. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-14 15:35:32 -07:00
David Anderson
1f9b73a531 net/dns: fix freebsd DNS manager selection. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-14 15:34:59 -07:00
AdamKorcz
2243bb48c2 stun fuzzer: Small fix 
Signed-off-by: AdamKorcz <adam@adalogics.com>
 2021-04-14 08:17:46 -07:00
Brad Fitzpatrick
c2ca2ac8c4 net/dns: fix FreeBSD build 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-04-13 17:38:17 -07:00
David Anderson
84bd50329a net/dns: fix staticheck. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-13 17:28:37 -07:00
David Anderson
d6bb11b5bf net/dns: implement correct manager detection on linux. 
Part of #953.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-13 17:19:00 -07:00
David Anderson
9ef932517b net/dns: fix NM's GetBaseConfig when no configs exist. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-13 17:19:00 -07:00
David Anderson
fe3b1ab747 net/dns: refactor dbus connection setup in resolved manager. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-13 17:19:00 -07:00
David Anderson
854d5d36a1 net/dns: return error from NewOSManager, use it to initialize NM. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-12 15:51:37 -07:00
David Anderson
9aa33b43e6 net/dns: support split and unsplit DNS in NetworkManager. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-12 14:34:08 -07:00
David Anderson
87eb8384f5 net/dns: fix up NetworkManager configurator a bit. 
Clear LLMNR and mdns flags, update reasoning for our settings,
and set our override priority harder than before when we want
to be primary resolver.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-11 23:19:50 -07:00
David Anderson
3d81e6260b net/dns: set resolved DefaultRoute setting according to split-dns mode. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-11 20:53:28 -07:00
David Anderson
cca230cc23 net/dns: fix staticcheck errors. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-11 20:53:28 -07:00
Brad Fitzpatrick
4b47393e0c net/dns: pacify staticcheck for now 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-04-11 20:43:15 -07:00
David Anderson
a7340c2015 net/dns: support split DNS in systemd-resolved. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-11 18:14:23 -07:00
David Anderson
84430cdfa1 net/dns: improve NetworkManager detection, using more DBus. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-11 15:22:06 -07:00
David Anderson
9a48bac8ad net/dns: rename resolvconf.go to debian_resolvconf.go. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-10 23:31:14 -07:00
David Anderson
9831f1b183 net/dns: also include 'tail' and 'base' files when fixing up resolv.conf. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-10 23:01:11 -07:00
David Anderson
e43afe9140 net/dns: implement prior config reading for debian resolvconf. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-10 22:37:13 -07:00
David Anderson
143e5dd087 net/dns: rename script variable. 
Debian resolvconf is not legacy, it's alive and well,
just historically before the other implementations.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-10 21:28:27 -07:00
David Anderson
55b39fa945 net/dns: add documentation to openresolv's config fetch. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-10 20:21:05 -07:00
David Anderson
61b361bac0 net/dns: teach the openresolv manager to read DNS config. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-10 19:37:11 -07:00
David Anderson
58760f7b82 net/dns: split resolvconfManager into a debian and an openresolv manager. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-10 18:55:05 -07:00
David Anderson
5480189313 net/dns: implement a DNS override workaround for legacy resolvconf. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-10 17:58:13 -07:00
David Anderson
1a371b93be util/dnsname: add FQDN type, use throughout codebase. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-10 17:58:13 -07:00
AdamKorcz
7a1813fd24 Added 2 fuzzers 
Signed-off-by: AdamKorcz <adam@adalogics.com>
 2021-04-10 11:40:10 -07:00
David Anderson
e638a4d86b net/dns: make directManager support split DNS, and work in sandboxes. 
Fixes #1495, #683.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-09 02:52:21 -07:00
David Anderson
2685260ba1 net/dns: add temporary fallback to quad-9 resolver for split-DNS testing. 
This allows split-DNS configurations to not break clients on OSes that
haven't yet been ported to understand split DNS, by falling back to quad-9
as a global resolver when handed an "impossible to implement"
split-DNS config.

Part of #953. Needs to be removed before shipping 1.8.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-08 23:26:22 -07:00
David Anderson
b9e194c14b net/dns: add missing FQDN qualification. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-08 23:07:16 -07:00
David Anderson
b74a8994ca net/dns: make FQDN dot style consistent in more places. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-08 22:03:32 -07:00
David Anderson
6def647514 net/dns/resolver: don't avoid tailscale routes for DNS forwarding. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-08 12:20:42 -07:00
David Anderson
4a64d2a603 net/dns: some post-review cleanups. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-07 15:40:31 -07:00
David Anderson
720c1ad0f0 net/dns: insert OS base config when emulating split DNS. 
Part of #953.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-07 15:40:31 -07:00
David Anderson
e560be6443 net/dns: sort matchDomains to avoid test flake. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-07 15:40:31 -07:00
David Anderson
68f76e9aa1 net/dns: add GetBaseConfig to OSConfigurator interface. 
Part of #953, required to make split DNS work on more basic
platforms.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-07 15:40:31 -07:00
David Anderson
fe9cd61d71 net/dns: add tests for DNS config generation. 
Part of #953.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-07 15:40:31 -07:00
David Anderson
0ba6d03768 net/dns/resolver: add a test helper to get at the resolver config. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-07 15:40:31 -07:00
David Anderson
da4cc8bbb4 net/dns: handle all possible translations of high-level DNS config. 
With this change, all OSes can sort-of do split DNS, except that the
default upstream is hardcoded to 8.8.8.8 pending further plumbing.
Additionally, Windows 8-10 can do split DNS fully correctly, without
the 8.8.8.8 hack.

Part of #953.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-07 15:40:31 -07:00
Brad Fitzpatrick
939861773d net/tstun: accept peerapi connections through the filter 
Fixes tailscale/corp#1545

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-04-07 12:29:20 -07:00
Maisem Ali
57756ef673 net/nettest: make nettest.NewConn pass x/net/nettest.TestConn. 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2021-04-06 15:34:29 -07:00
David Anderson
e0e677a8f6 net/dns: split out search domains and match domains in OSConfig. 
It seems that all the setups that support split DNS understand
this distinction, and it's an important one when translating
high-level configuration.

Part of #953.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-06 15:27:09 -07:00
David Anderson
a8dcda9c9a net/dns: start of compat hacks for Windows 7. 
Correctly reports that Win7 cannot do split DNS, and has a helper to
discover the "base" resolvers for the system.

Part of #953

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-06 15:27:09 -07:00
David Anderson
3e915ac783 net/dns: implement OS-level split DNS for Windows. 
Part of #953.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 22:53:10 -07:00
David Anderson
c16a926bf2 net/dns: set OSConfig.Primary. 
OS implementations are going to support split DNS soon.
Until they're all in place, hardcode Primary=true to get
the old behavior.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 22:53:10 -07:00
David Anderson
bc4381447f net/tstun: return the real interface name at device creation. 
This is usually the same as the requested interface, but on some
unixes can vary based on device number allocation, and on Windows
it's the GUID instead of the pretty name, since everything relating
to configuration wants the GUID.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 22:53:10 -07:00
David Anderson
de6dc4c510 net/dns: add a Primary field to OSConfig. 
Currently ignored.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 13:05:47 -07:00
David Anderson
b2a597b288 net/dns: rename Set to SetDNS in OSConfigurator. 
wgengine/router.CallbackRouter needs to support both the Router
and OSConfigurator interfaces, so the setters can't both be called
Set.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 10:55:35 -07:00
David Anderson
7d84ee6c98 net/dns: unify the OS manager and internal resolver. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 10:55:35 -07:00
David Anderson
1bf91c8123 net/dns/resolver: remove unused err return value. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 10:55:35 -07:00
David Anderson
6a206fd0fb net/dns: rename impl to os. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 10:55:35 -07:00
David Anderson
c4530971db net/dns/resolver: remove leftover debug print. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 10:55:35 -07:00
David Anderson
4c61ebacf4 wgengine: move DNS configuration out of wgengine/router. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-05 10:55:35 -07:00
David Anderson
748670f1e9 net/dns: fix typo in docstring. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-02 18:44:02 -07:00
David Anderson
a39d2403bc net/dns: disable NetworkManager and resolved configurators temporarily. 
They need some rework to do the right thing, in the meantime the direct
and resolvconf managers will work out.

The resolved implementation was never selected due to control-side settings.
The networkmanager implementation mostly doesn't get selected due to
unforeseen interactions with `resolvconf` on many platforms.
Both implementations also need rework to support the various routing modes
they're capable of.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-02 02:41:33 -07:00
David Anderson
befd8e4e68 net/dns: replace managerImpl with OSConfigurator in code. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-02 02:34:40 -07:00
David Anderson
077d4dc8c7 net/dns: add an OSConfigurator interface. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-02 01:49:17 -07:00
David Anderson
6ad44f9fdf wgengine: take in dns.Config, split out to resolver.Config and dns.OSConfig. 
Stepping stone towards having the DNS package handle the config splitting.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-02 00:59:44 -07:00
David Anderson
2edb57dbf1 net/dns: add new Config that captures tailscale+OS DNS config. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-02 00:59:44 -07:00
David Anderson
8af9d770cf net/dns: rename Config to OSConfig. 
Making way for a new higher level config struct.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-02 00:59:44 -07:00
David Anderson
fcfc0d3a08 net/dns: remove ManagerConfig, pass relevant args directly. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-01 23:26:52 -07:00
David Anderson
0ca04f1e01 net/dns: put noop.go back, limit with build tags for staticcheck. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-01 23:14:13 -07:00
David Anderson
95470c3448 net/dns: remove Cleanup manager parameter. 
It's only use to skip some optional initialization during cleanup,
but that work is very minor anyway, and about to change drastically.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-01 23:06:56 -07:00
David Anderson
cf361bb9b1 net/dns: remove PerDomain from Config. 
It's currently unused, and no longer makes sense with the upcoming
DNS infrastructure. Keep it in tailcfg for now, since we need protocol
compat for a bit longer.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-01 22:55:44 -07:00
David Anderson
f77ba75d6c wgengine/router: move DNS cleanup into the DNS package. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-01 22:35:34 -07:00
David Anderson
9f105d3968 net/dns/resolver: teach the forwarder to do per-domain routing. 
Given a DNS route map, the forwarder selects the right set of
upstreams for a given name.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-01 19:42:48 -07:00
David Anderson
90f82b6946 net/dns/resolver: add live reconfig, plumb through to ipnlocal. 
The resolver still only supports a single upstream config, and
ipn/wgengine still have to split up the DNS config, but this moves
closer to unifying the DNS configs.

As a handy side-effect of the refactor, IPv6 MagicDNS records exist
now.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-04-01 01:44:03 -07:00
David Anderson
caeafc4a32 net/dns/resolver: fix package docstring. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-31 23:42:28 -07:00
David Anderson
dbe4f6f42d net/dns/resolver: unexport Resolve and ResolveReverse. 
They're only used internally and in tests, and have surprising
semantics in that they only resolve MagicDNS names, not upstream
resolver queries.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-31 23:35:26 -07:00
David Anderson
cdeb8d6816 net/dns/resolver: fix staticcheck error. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-31 23:19:09 -07:00
David Anderson
f185d62dc8 net/dns/resolver: unexport Packet, only use it internally. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-31 23:12:31 -07:00
David Anderson
5fb9e00ecf net/dns/resolver: remove Start method, fully spin up in New instead. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-31 23:12:31 -07:00
David Anderson
075fb93e69 net/dns/resolver: remove the Config struct. 
In preparation for reintroducing a runtime reconfig Config struct.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-31 23:12:31 -07:00
David Anderson
bc81dd4690 net/dns/resolver: rename ResolverConfig to just Config. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-31 23:12:31 -07:00
David Anderson
d99f5b1596 net/dns/resolver: factor the resolver out into a sub-package. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-31 23:12:30 -07:00
Denton Gentry
09148c07ba interfaces: check correct error /proc/net/route 
wrap io.EOF if we hit https://github.com/google/gvisor/issues/5732
Check for the correct err.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2021-03-31 14:37:26 -07:00
Denton Gentry
a9745a0b68 interfaces: try larger read from /proc/net/route 
Work around https://github.com/google/gvisor/issues/5732
by trying to read /proc/net/route with a larger bufsize if
it fails the first time.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2021-03-30 12:33:53 -07:00
Denton Gentry
54ba6194f7 interfaces: allow IPv6 ULA as a valid address. 
IPv6 Unique Local Addresses are sometimes used with Network
Prefix Translation to reach the Internet. In that respect
their use is similar to the private IPv4 address ranges
10/8, 172.16/12, and 192.168/16.

Treat them as sufficient for AnyInterfaceUp(), but specifically
exclude Tailscale's own IPv6 ULA prefix to avoid mistakenly
trying to bootstrap Tailscale using Tailscale.

This helps in supporting Google Cloud Run, where the addresses
are 169.254.8.1/32 and fddf:3978:feb1:d745::c001/128 on eth1.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2021-03-30 12:33:53 -07:00
Denton Gentry
ecf310be3c net/tsaddr: IsUla() for IPv6 Unique Local Address 
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2021-03-30 12:33:53 -07:00
Brad Fitzpatrick
41e4e02e57 net/{packet,tstun}: send peerapi port in TSMP pongs 
For discovery when an explicit hostname/IP is known. We'll still
also send it via control for finding peers by a list.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-03-29 15:18:23 -07:00
David Anderson
25e0bb0a4e net/tstun: rename wrap_windows.go to tun_windows.go. 
The code has nothing to do with wrapping, it's windows-specific
driver initialization code.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-26 23:17:59 -07:00
David Anderson
22d53fe784 net/tstun: document exported function. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-26 23:17:01 -07:00
David Anderson
016de16b2e net/tstun: rename TUN to Wrapper. 
The tstun packagen contains both constructors for generic tun
Devices, and a wrapper that provides additional functionality.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-26 23:15:22 -07:00
David Anderson
82ab7972f4 net/tstun: rename NewFakeTUN to NewFake. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-26 22:46:47 -07:00
David Anderson
588b70f468 net/tstun: merge in wgengine/tstun. 
Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-26 22:31:54 -07:00
David Anderson
018200aeba net/tstun: rename from net/tun. 
We depend on wireguard-go/tun, identical leaf packages can be
confusing in code.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-26 22:31:54 -07:00
David Anderson
44d9929208 wgengine: remove Config.TUNName, require caller to create device. 
Also factors out device creation and associated OS workarounds to
net/tun.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-03-26 21:08:11 -07:00