summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)AuthorFilesLines
2024-08-08tstest/natlab/vnet: treat network wan/lan interface separatelybradfitz/vnet2Maisem Ali2-33/+53
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-08tstest/natlab/vnet: capture wan interfaces tooMaisem Ali3-47/+91
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-08natlab: add easyAFBrad Fitzpatrick3-4/+116
Change-Id: I1ec88301acafcb79bf878f9600a7286e8af0f173
2024-08-08tstest/natlab/vnet: fix first packet pcap handlingMaisem Ali1-11/+11
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-08tstest/natlab/vnet: use pcapngMaisem Ali3-4/+23
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-08tstest/natlab/vnet: add pcap supportMaisem Ali4-9/+101
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-08cmd/{tta,vnet}: proxy to gokrazy UIMaisem Ali2-12/+46
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-08gokrazy: bumpMaisem Ali4-11/+22
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-08sameLANBrad Fitzpatrick2-4/+43
Change-Id: I575dcab31ca812edf7d04fa126772611cf89b9a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-08gridBrad Fitzpatrick1-1/+90
Change-Id: I41d1c2bf20ae6dfbb071020d9dc2b742e7995835 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-08go.toolchain.rev: bump Go toolchain for net pkg resolv.conf fixBrad Fitzpatrick1-1/+1
Updates tailscale/corp#22206 Change-Id: I9d995d408d4be3fd552a0d6e12bf79db8461d802 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-08reduce some log spamBrad Fitzpatrick3-16/+83
Change-Id: I76038a90dfde10a82063988a5b54190074d4b5c5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-08fix port mapping (w/ maisem + andrew)Brad Fitzpatrick2-7/+38
Change-Id: I703b39f05af2e3e1a979be8e77091586cb9ec3eb Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-08tstest/integration/nat: stream daemon logs directlyMaisem Ali2-33/+37
2024-08-08add network.logfBrad Fitzpatrick2-17/+21
Change-Id: Ia5a9359b8bfa18264d64600dfa1ef01eb8728dc2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-08portmap fixesBrad Fitzpatrick3-9/+40
Change-Id: Ia847580ba523acacadcb5fa8f87ccea98dc7ce41 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-08don't hard-code bradfitz or maisem in pathsBrad Fitzpatrick3-4/+44
Change-Id: Ie8c7591fac3800bb3b7f8c35356cce309fd3c164 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-07tstest/natlab/vnet: add port mapping that might not work yetBrad Fitzpatrick3-5/+148
Change-Id: Iaf274d250398973790873534b236d5cbb34fbe0e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-07natlab: add NodeAgentClientMaisem Ali4-101/+56
This adds a new NodeAgentClient type that can be used to invoke the LocalAPI using the LocalClient instead of handcrafted URLs. However, there are certain cases where it does make sense for the node agent to provide more functionality than whats possible with just the LocalClient, as such it also exposes a http.Client to make requests directly. Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-07hostinfo.IsNATLabGuestVM, don't upload to logcatcherBrad Fitzpatrick4-33/+20
Change-Id: Ie1ce0139788036b8ecc1804549a9b5d326c5fef5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-07more WIPBrad Fitzpatrick3-33/+90
Change-Id: I228007b4f361a2b63766689f09b1932f86955d0b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-07WIPBrad Fitzpatrick6-27/+375
Change-Id: Ib6804b5c56d8d8da4eb850ef09bc86fc3610ba92 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-07add stateful firewallBrad Fitzpatrick1-7/+19
Change-Id: I4a963f144f24481746c50a2aa97671b7bfc1f267 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-06MOREBrad Fitzpatrick5-18/+149
Change-Id: Icd65b34c5f03498b5a7109785bb44692bce8911a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-06tstest/natlab/vnet: add start of virtual network-based NAT LabBrad Fitzpatrick11-4/+2062
Updates #13038 Change-Id: I3c74120d73149c1329288621f6474bbbcaa7e1a6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-06cmd/derper: move 204 handler from package main to derphttpBrad Fitzpatrick3-31/+34
Updates #13038 Change-Id: I28a8284dbe49371cae0e9098205c7c5f17225b40 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-08-06wgengine/magicsock: refactor batchingUDPConn to batchingConn interface (#13042)Jordan Whited9-655/+693
This commit adds a batchingConn interface, and renames batchingUDPConn to linuxBatchingConn. tryUpgradeToBatchingConn() may return a platform- specific implementation of batchingConn. So far only a Linux implementation of this interface exists, but this refactor is being done in anticipation of a Windows implementation. Updates tailscale/corp#21874 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2024-08-06control/controlhttp: extract the last network connectionAnton Tolchanov2-12/+60
The same context we use for the HTTP request here might be re-used by the dialer, which could result in `GotConn` being called multiple times. We only care about the last one. Fixes #13009 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-08-06cmd/derpprobe: use a status page from the prober libraryAnton Tolchanov1-27/+7
Updates tailscale/corp#20583 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-08-06prober: support JSON response in RunHandlerAnton Tolchanov2-2/+119
Updates tailscale/corp#20583 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-08-06prober: add a status page handlerAnton Tolchanov2-0/+256
This change adds an HTTP handler with a table showing a list of all probes, their status, and a button that allows triggering a specific probe. Updates tailscale/corp#20583 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-08-06prober: add an HTTP endpoint for triggering a probeAnton Tolchanov2-40/+311
- Keep track of the last 10 probe results and successful probe latencies; - Add an HTTP handler that triggers a given probe by name and returns it result as a plaintext HTML page, showing recent probe results as a baseline Updates tailscale/corp#20583 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-08-05{control,net}: close idle connections of custom transportsAnton Tolchanov3-0/+5
I noticed a few places with custom http.Transport where we are not closing idle connections when transport is no longer used. Updates tailscale/corp#21609 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-08-05net/socks5: support UDPVimT2-81/+484
Updates #7581 Signed-off-by: VimT <me@vimt.me>
2024-08-05words: raccoon dog, dog with the raccoon in 'imKot C1-0/+2
Signed-off-by: Kot C <kot@yukata.dev>
2024-08-05licenses: update license noticesLicense Updater3-14/+14
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
2024-08-05cmd/tailscale/cli: fix `revoke-keys` command name in CLI outputAnton Tolchanov1-3/+3
During review of #8644 the `recover-compromised-key` command was renamed to `revoke-key`, but the old name remained in some messages printed by the command. Fixes tailscale/corp#19446 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-08-03net/captivedetection: mark TestAllEndpointsAreUpAndReturnExpectedResponse ↵Jordan Whited1-0/+2
flaky (#13021) Updates #13019 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2024-08-03wgengine/netstack: use build tags to exclude gVisor GRO importation on iOS ↵Jordan Whited3-2/+47
(#13015) Updates tailscale/corp#22125 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2024-08-03tstest/integration: mark TestNATPing flakyMaisem Ali1-0/+1
Updates #12169 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-03wgengine/capture: fix v6 field typo in wireshark dissectorMaisem Ali1-3/+3
It was using a v4 field for a v6 address. Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-03tsweb: mark TestStdHandler_ConnectionClosedDuringBody flakyMaisem Ali1-0/+2
Updates #13107 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-03go.mod.sri: update SRI hash for go.mod changesFlakes Updater3-3/+3
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
2024-08-03net/packet/checksum: fix v6 NATMaisem Ali3-6/+34
We were copying 12 out of the 16 bytes which meant that the 1:1 NAT required would only work if the last 4 bytes happened to match between the new and old address, something that our tests accidentally had. Fix it by copying the full 16 bytes and make the tests also verify the addr and use rand addresses. Updates #9511 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-03util/linuxfw: return nil interface not concrete typeMaisem Ali2-3/+17
It was returning a nil `*iptablesRunner` instead of a nil `NetfilterRunner` interface which would then fail checks later. Fixes #13012 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-08-02util/winutil/gp: fix a busy loop bugNick Khyl1-0/+1
Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>
2024-08-02wgengine/netstack: increase gVisor's TCP send and receive buffer sizes (#12994)Jordan Whited3-3/+87
This commit increases gVisor's TCP max send (4->6MiB) and receive (4->8MiB) buffer sizes on all platforms except iOS. These values are biased towards higher throughput on high bandwidth-delay product paths. The iperf3 results below demonstrate the effect of this commit between two Linux computers with i5-12400 CPUs. 100ms of RTT latency is introduced via Linux's traffic control network emulator queue discipline. The first set of results are from commit f0230ce prior to TCP buffer resizing. gVisor write direction: Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 180 MBytes 151 Mbits/sec 0 sender [ 5] 0.00-10.10 sec 179 MBytes 149 Mbits/sec receiver gVisor read direction: Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.10 sec 337 MBytes 280 Mbits/sec 20 sender [ 5] 0.00-10.00 sec 323 MBytes 271 Mbits/sec receiver The second set of results are from this commit with increased TCP buffer sizes. gVisor write direction: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 297 MBytes 249 Mbits/sec 0 sender [ 5] 0.00-10.10 sec 297 MBytes 247 Mbits/sec receiver gVisor read direction: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.10 sec 501 MBytes 416 Mbits/sec 17 sender [ 5] 0.00-10.00 sec 485 MBytes 407 Mbits/sec receiver Updates #9707 Updates tailscale/corp#22119 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2024-08-02wgengine/magicsock: use cloud metadata to get public IPsAndrew Dunham5-9/+360
Updates #12774 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I1661b6a2da7966ab667b075894837afd96f4742f
2024-08-02net/captivedetection: exclude cellular data interfaces (#13002)Andrea Gottardo1-1/+7
Updates tailscale/tailscale#1634 This PR optimizes captive portal detection on Android and iOS by excluding cellular data interfaces (`pdp*` and `rmnet`). As cellular networks do not present captive portals, frequent network switches between Wi-Fi and cellular would otherwise trigger captive detection unnecessarily, causing battery drain. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
2024-08-02go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GRO for Linux (#12921)Jordan Whited8-48/+307
This commit implements TCP GRO for packets being written to gVisor on Linux. Windows support will follow later. The wireguard-go dependency is updated in order to make use of newly exported IP checksum functions. gVisor is updated in order to make use of newly exported stack.PacketBuffer GRO logic. TCP throughput towards gVisor, i.e. TUN write direction, is dramatically improved as a result of this commit. Benchmarks show substantial improvement, sometimes as high as 2x. High bandwidth-delay product paths remain receive window limited, bottlenecked by gVisor's default TCP receive socket buffer size. This will be addressed in a follow-on commit. The iperf3 results below demonstrate the effect of this commit between two Linux computers with i5-12400 CPUs. There is roughly ~13us of round trip latency between them. The first result is from commit 57856fc without TCP GRO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 4.77 GBytes 4.10 Gbits/sec 20 sender [ 5] 0.00-10.00 sec 4.77 GBytes 4.10 Gbits/sec receiver The second result is from this commit with TCP GRO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 10.6 GBytes 9.14 Gbits/sec 20 sender [ 5] 0.00-10.00 sec 10.6 GBytes 9.14 Gbits/sec receiver Updates #6816 Signed-off-by: Jordan Whited <jordan@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.