| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Used as an app frontend UI on Synology.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
|
|
And add a put handler.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
wgengine/netstack: Allow userspace networking mode to expose subnets
Updates #504
Updates #707
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
... to force rebinds of TCP connections
Fixes #1555
Updates tailscale/felicity#4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
"Fake" doesn't mean a lot any more, given that many components
of the engine can be faked out, including in valid production
configurations like userspace-networking.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
This makes setup more explicit in prod codepaths, without
requiring a bunch of arguments or helpers for tests and
userspace mode.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
On macOS/iOS, this removes a map lookup per outgoing packet.
Noticed it while reading code, not from profiles, but can't hurt.
BenchmarkGenLocalAddrFunc
BenchmarkGenLocalAddrFunc/map1
BenchmarkGenLocalAddrFunc/map1-4 16184868 69.78 ns/op
BenchmarkGenLocalAddrFunc/map2
BenchmarkGenLocalAddrFunc/map2-4 16878140 70.73 ns/op
BenchmarkGenLocalAddrFunc/or1
BenchmarkGenLocalAddrFunc/or1-4 623055721 1.950 ns/op
BenchmarkGenLocalAddrFunc/or2
BenchmarkGenLocalAddrFunc/or2-4 472493098 2.589 ns/op
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
|
|
The Windows CI machine experiences significant random execution delays.
For example, in this code from watchdog.go:
done := make(chan bool)
go func() {
start := time.Now()
mu.Lock()
There was a 500ms delay from initializing done to locking mu.
This test checks that we receive a sufficient number of events quickly enough.
In the face of random 500ms delays, unsurprisingly, the test fails.
There's not much principled we can do about it.
We could build a system of retries or attempt to detect these random delays,
but that game isn't worth the candle.
Skip the test.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
This works around the close syscall being slow.
We can revert this if we find a fix or if Apple makes close fast again.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
The code has nothing to do with wrapping, it's windows-specific
driver initialization code.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
The tstun packagen contains both constructors for generic tun
Devices, and a wrapper that provides additional functionality.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
We depend on wireguard-go/tun, identical leaf packages can be
confusing in code.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
So handlers can vary based on whether owner of peer matches owner of
local node.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Also factors out device creation and associated OS workarounds to
net/tun.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
IPv4 and IPv6 both work remotely, but IPv6 doesn't yet work from the
machine itself due to routing mysteries.
Untested yet on iOS, but previous prototype worked on iOS, so should
work the same.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Now callers (wgengine/monitor) don't need to mutate the state to remove
boring interfaces before calling State.Equal. Instead, the methods
to remove boring interfaces from the State are removed, as is
the reflect-using Equal method itself, and in their place is
a new EqualFiltered method that takes a func predicate to match
interfaces to compare.
And then the FilterInteresting predicate is added for use
with EqualFiltered to do the job that that wgengine/monitor
previously wanted.
Now wgengine/monitor can keep the full interface state around,
including the "boring" interfaces, which we'll need for peerapi on
macOS/iOS to bind to the interface index of the utunN device.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
We have it already but threw it away. But macOS/iOS code will
be needing the interface index, so hang on to it.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
control/controlclient: sign RegisterRequest
Some customers wish to verify eligibility for devices to join their
tailnets using machine identity certificates. TLS client certs could
potentially fulfill this role but the initial customer for this feature
has technical requirements that prevent their use. Instead, the
certificate is loaded from the Windows local machine certificate store
and uses its RSA public key to sign the RegisterRequest message.
There is room to improve the flexibility of this feature in future and
it is currently only tested on Windows (although Darwin theoretically
works too), but this offers a reasonable starting place for now.
Updates tailscale/coral#6
Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Preparation for merging the APIs and whatnot.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Straight move+fixup, no other changes. In prep for merging with
wgengine/router/dns.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Also some necessary refactoring of the ipn/ipnstate too.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This reverts commit b81bd8025b71f35295201d18011855c1cfae630e.
Not needed. See:
https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module
|
|
So we can empty import the guts of cmd/tailscaled from another
module for go mod tidy reasons.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Adapt to minor API changes in wireguard-go.
And factor out device.DeviceOptions variables.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
This adds an easy and portable way for us to document how to get
your Tailscale IP address.
$ tailscale ip
100.74.70.3
fd7a:115c:a1e0:ab12:4843:cd96:624a:4603
$ tailscale ip -4
100.74.70.3
$ tailscale ip -6
fd7a:115c:a1e0:ab12:4843:cd96:624a:4603
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #1467
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
We are now on 1.16.
And wgconn.NetErrClosed has been removed upstream.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Fixes #1566
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #1566 (but no behavior changes as of this change)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #1561
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #1562
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
subnets
e.g.
$ tailscale ping 1.1.1.1
exit node found but not enabled
$ tailscale ping 10.2.200.2
node "tsbfvlan2" found, but not using its 10.2.200.0/24 route
$ sudo tailscale up --accept-routes
$ tailscale ping 10.2.200.2
pong from tsbfvlan2 (100.124.196.94) via 10.2.200.34:41641 in 1ms
$ tailscale ping mon.ts.tailscale.com
pong from monitoring (100.88.178.64) via DERP(sfo) in 83ms
pong from monitoring (100.88.178.64) via DERP(sfo) in 21ms
pong from monitoring (100.88.178.64) via [2604:a880:4:d1::37:d001]:41641 in 22ms
This necessarily moves code up from magicsock to wgengine, so we can
look at the actual wireguard config.
Fixes #1564
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
