summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)AuthorFilesLines
2021-03-12cmd/tailscale: add up -json flagcrawshaw/upjsonDavid Crawshaw1-0/+25
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2021-03-12net/netcheck: add a few more STUN retries for prior DERP homeBrad Fitzpatrick2-1/+39
For #1310, maybe. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-12tailcfg, net/netcheck: let control mark "Avoid" bit on DERP regionsBrad Fitzpatrick2-0/+9
So a region can be used if needed, but won't be STUN-probed or used as its home. This gives us another possible debugging mechanism for #1310, or can be used as a short-term measure against DERP flip-flops for people equidistant between regions if our hysteresis still isn't good enough. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-12derp{,/derphttp},magicsock: tell DERP server when ping acks can be expectedBrad Fitzpatrick3-19/+48
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-12wgengine{,tsdns}: rebind MagicDNS forwarders on link changeBrad Fitzpatrick3-12/+46
Fixes #1480 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-12ipnstate, ipnlocal: add AuthURL to statusDavid Crawshaw2-0/+8
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2021-03-11control/controlclient: allow for an unset linkMon.David Anderson1-1/+1
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-11wgengine/router: don't touch interface routesDavid Anderson1-2/+33
Developed by a cast of dozens. Fixes #1448 Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-11wgengine/magicsock: delete unused WhoIs method that was moved elsewhereBrad Fitzpatrick1-19/+0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-11control/controlclient: report broken IP forwarding more precisely.David Anderson1-2/+16
IP forwarding is not required when advertising a machine's local IPs over Tailscale. Fixes #1435. Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-10wgengine/tsdns: truncate Map.PrettyDiffFrom string at 1KBBrad Fitzpatrick2-0/+33
Hello's were painful. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-09Revert "--advertise-routes option enabled in Mac tailscale CLI; it checks ↵Brad Fitzpatrick1-4/+3
for IP forwarding enabled" This reverts commit 08949d4ef1082a4373b552d3901351e7a297c62d. I think this code was aspirational. There's no code that sets up the appropriate NAT code using pfctl/etc. See #911 and #1475. Updates #1475 Updates #911
2021-03-09Merge branch 'main' of github.com:tailscale/tailscale into ↵David Anderson0-0/+0
danderson/filter-privacy
2021-03-09wgengine/filter: only log packets to/from non-default routes.David Anderson5-16/+181
Fixes tailscale/corp#1429. Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-09wgengine/filter: only log packets to/from non-default routes.David Anderson5-16/+181
Fixes tailscale/corp#1429. Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-09tailcfg, net/portmapper, wgengine/magicsock: add NetInfo.HavePortMapBrad Fitzpatrick5-2/+43
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-09wgengine/magicsock, derp, derp/derphttp: respond to DERP server->client pingsBrad Fitzpatrick5-3/+124
No server support yet, but we want Tailscale 1.6 clients to be able to respond to them when the server can do it. Updates #1310 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-09cmd/tailscale/cli: document how to see subcommand usageBrad Fitzpatrick2-2/+6
From user feedback. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-08wgengine/magicsock: fix Conn.Rebind race that let ErrClosed errors be readBrad Fitzpatrick2-19/+97
There was a logical race where Conn.Rebind could acquire the RebindingUDPConn mutex, close the connection, fail to rebind, release the mutex, and then because the mutex was no longer held, ReceiveIPv4 wouldn't retry reads that failed with net.ErrClosed, letting that error back to wireguard-go, which would then stop running that receive IP goroutine. Instead, keep the RebindingUDPConn mutex held for the entirety of the replacement in all cases. Updates tailscale/corp#1289 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-08net/interfaces, wgengine/monitor: fix false positives link changesBrad Fitzpatrick2-0/+25
interfaces.State.String tries to print a concise summary of the network state, removing any interfaces that don't have any or any interesting IP addresses. On macOS and iOS, for instance, there are a ton of misc things. But the link monitor based its are-there-changes decision on interfaces.State.Equal, which just used reflect.DeepEqual, including comparing all the boring interfaces. On macOS, when turning wifi on or off, there are a ton of misc boring interface changes, resulting in hitting an earlier check I'd added on suspicion this was happening: [unexpected] network state changed, but stringification didn't This fixes that by instead adding a new interfaces.State.RemoveUninterestingInterfacesAndAddresses method that does, uh, that. Then use that in the monitor. So then when Equal is used later, it's DeepEqualing the already-cleaned version with only interesting interfaces. This makes cmd/tailscaled debug --monitor much less noisy. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-08cmd/tailscaled: fix monitor debug tool's outputBrad Fitzpatrick1-1/+1
Logic was backwards, introduced in earlier monitor refactoring last week in e3df29d488f5ce50e. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-08wgengine/router: add OpenBSD IPv6 support.Denton Gentry1-26/+76
Similar to FreeBSD in https://github.com/tailscale/tailscale/issues/1307, add IPv6 addresses with a prefix length of 48. Fixes https://github.com/tailscale/tailscale/issues/1372 Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-03-08wgengine/magicsock: fix typo in commentBrad Fitzpatrick1-1/+1
2021-03-08wgengine/monitor: simplify the Windows monitor to make it more reliableAleksandar Pesic2-225/+76
Updates tailscale/tailscale#1414 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>
2021-03-08wgengine/netstack: stop UDP forwarding when one side diesNaman Sood1-5/+8
Updates #504 Updates #707 Signed-off-by: Naman Sood <mail@nsood.in>
2021-03-08wgengine/netstack: add support for incoming UDP connectionsNaman Sood1-9/+67
Updates #504 Updates #707 Signed-off-by: Naman Sood <mail@nsood.in>
2021-03-05ipn/ipnserver: refactor permissions checks a bit, document more, fix WindowsBrad Fitzpatrick1-21/+46
Windows was only running the localapi on the debug port which was a stopgap at the time while doing peercreds work. Removed that, and wired it up correctly, with some more docs. More clean-up to do after 1.6, moving the localhost TCP auth code into the peercreds package. But that's too much for now, so the docs will have to suffice, even if it's at a bit of an awkward stage with the newly-renamed "NotWindows" field, which still isn't named well, but it's better than its old name of "Unknown" which hasn't been accurate since unix sock peercreds work anyway. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-05wgengine: support FreeBSD with IPv6.Denton Gentry1-1/+12
Fixes https://github.com/tailscale/tailscale/issues/1307 for keepsies. We cannot set the tun interface address as a /128 on FreeBSD, due to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218508 Instead we set the interface address as a /48, which is enabled by commit 82edf94df72a52bcdc95fe37b20217e6003d92c0. Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-03-05Revert "freebsd: ignore IPv6 for now"Denton Gentry5-108/+0
This reverts commit 061422affcc4278d0400c248432f39ee60fcf16e. We have a way to support IPv6 on FreeBSD now. Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-03-05tailcfg, control/controlclient: add MapResponse.PingRequestBrad Fitzpatrick2-1/+54
So the control server can test whether a client's actually present. Most clients are over HTTP/2, so these pings (to the same host) are super cheap. This mimics the earlier goroutine dump mechanism. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-05safesocket: use right version of gofmtBrad Fitzpatrick1-3/+3
sigh Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-05safesocket: support finding tailscale port/auth token from sandboxed CLIBrad Fitzpatrick1-3/+37
Previously the CLI could only find the HTTP auth token when running the CLI outside the sandbox, not like /Applications/Tailscale.app/Contents/MacOS/Tailscale when that was from the App Store. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-05cmd/tailscale: fix depaware.txtBrad Fitzpatrick1-1/+2
git fail. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-05cmd/tailscale/cli: restore hidden debug subcommandBrad Fitzpatrick2-0/+57
The debub subcommand was moved in 6254efb9ef43e37f80a6dc3ee3484d61f550a585 because the monitor brought in tons of dependencies to the cmd/tailscale binary, but there wasn't any need to remove the whole subcommand itself. Add it back, with a tool to dump the local daemon's goroutines. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-05ipn/localapi, client/tailscale: add a goroutine dump handlerBrad Fitzpatrick2-0/+36
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-05ipn/ipnserver: set PermitWrite on localapi handlerBrad Fitzpatrick1-4/+5
The TODO was easy now with peerCreds and the isReadonlyConn func. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-05build_docker.sh, Dockerfile: fix bug with shell quotingSteve Coffman2-5/+16
Fixes #1449 Signed-off-by: Steve Coffman <steve@khanacademy.org>
2021-03-05wgengine/monitor: log warning if state changes but stringification doesn'tBrad Fitzpatrick1-1/+16
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-05net/interfaces: log why when we failed to look up gateway on macOSBrad Fitzpatrick1-0/+2
Not beautiful, but I'm debugging connectivity problems on NEProvider.sleep+wake and need more clues. Updates #1426 Updates tailscale/corp#1289 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-04ipn/ipnlocal, control/controlclient: propagate link monitor to controlclientBrad Fitzpatrick2-0/+5
Don't use it yet, but get it down there. Updates #1455 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-04net/dnsfallback: fix infinite loop and limit number of candidatesBrad Fitzpatrick1-8/+22
Updates #1455 (fixes the DNS spin part, but other things aren't ideal there) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-04portlist: collect IPv6 listening sockets on linux.David Anderson2-42/+137
This is important because some of those v6 sockets are actually dual-stacked sockets, so this is our only chance of discovering some services. Fixes #1443. Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-04ipn/ipnlocal: make IPv6 OS routes be a single /48 for our ULA spaceBrad Fitzpatrick2-5/+135
And if we have over 10,000 CGNAT routes, just route the entire CGNAT range. (for the hello test server) Fixes #1450 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-04wgengine/magicsock: log when DERP connection succeedsBrad Fitzpatrick1-1/+4
Updates #1310
2021-03-04net/interfaces: sort returned addresses from LocalAddressesBrad Fitzpatrick2-5/+11
Also change the type to netaddr.IP while here, because it made sorting easier. Updates tailscale/corp#1397 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-03portlist: report a better process name for .Net on linux.David Anderson4-11/+82
Fixes #1440. Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-03wgengine{,/monitor}: restore Engine.LinkChange, add Mon.InjectEventBrad Fitzpatrick5-7/+63
The Engine.LinkChange method was recently removed in e3df29d488f5ce50ee396b1f05a92e9cf1abb006 while misremembering how Android's link state mechanism worked. Rather than do some last minute rearchitecting of link state on Android before Tailscale 1.6, restore the old Engine.LinkChange hook for now so the Android client doesn't need any changes. But change how it's implemented to instead inject an event into the link monitor. Fixes #1427 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-03net/tshttpproxy: call winhttp calls from a fixed OS threadBrad Fitzpatrick1-0/+4
We often see things in logs like: 2021-03-02 17:52:45.2456258 +0800 +0800: winhttp: Open: The parameter is incorrect. 2021-03-02 17:52:45.2506261 +0800 +0800: tshttpproxy: winhttp: GetProxyForURL("https://log.tailscale.io/c/tailnode.log.tailscale.io/5037bb42f4bc330e2d6143e191a7ff7e837c6be538139231de69a439536e0d68"): ERROR_INVALID_PARAMETER [unexpected] I have a hunch that WinHTTP has thread-local state. If so, this would fix it. If not, this is pretty harmless. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-03freebsd: ignore IPv6 for nowDenton Gentry5-0/+108
FreeBSD tun devices don't work with the way we implement IPv6 https://github.com/tailscale/tailscale/issues/1307 At least for now, remove any IPv6 addresses from the netmap. Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-03-03safesocket: add FreeBSD to PlatformUsesPeerCredsDenton Gentry1-1/+1
FreeBSD is supported by peercred now. Signed-off-by: Denton Gentry <dgentry@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.