| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This was in place because retrieved allowed_ips was very expensive.
Upstream changed the data structure to make them cheaper to compute.
This commit is an experiment to find out whether they're now cheap enough.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
We removed the "fast retry" code from our wireguard-go fork.
As a result, pings can take longer to transit when retries are required.
Allow that.
Fixes #1277
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
The fix can make this test run unconditionally.
This moves code from 5c619882bc4911a2c9e7d0bb491b9e50d27afcd7 for
testability but doesn't fix it yet. The #1282 problem remains (when I
wrote its wake-up mechanism, I forgot there were N DERP readers
funneling into 1 UDP reader, and the code just isn't correct at all
for that case).
Also factor out some test helper code from BenchmarkReceiveFrom.
The refactoring in magicsock.go for testability should have no
behavior change.
|
|
If no exit node is specified, the filter must still run to remove
offered default routes from all peers.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #1278
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This one alone doesn't modify the global dependency map much
(depaware.txt if anything looks slightly worse), but it leave
controlclient as only containing NetworkMap:
bradfitz@tsdev:~/src/tailscale.com/ipn$ grep -F "controlclient." *.go
backend.go: NetMap *controlclient.NetworkMap // new netmap received
fake_test.go: b.notify(Notify{NetMap: &controlclient.NetworkMap{}})
fake_test.go: b.notify(Notify{NetMap: &controlclient.NetworkMap{}})
handle.go: netmapCache *controlclient.NetworkMap
handle.go:func (h *Handle) NetMap() *controlclient.NetworkMap {
Once that goes into a leaf package, then ipn doesn't depend on
controlclient at all, and then the client gets smaller.
Updates #1278
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
It couldn't move to ipnlocal due to test dependency cycles.
Updates #1278
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Upstream wireguard-go decided to use errors.Is(err, net.ErrClosed)
instead of checking the error string.
It also provided an unsafe linknamed version of net.ErrClosed
for clients running Go 1.15. Switch to that.
This reduces the time required for the wgengine/magicsock tests
on my machine from ~35s back to the ~13s it was before
456cf8a3765948d6f1992162993eaf3844371592.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Magicsock started dropping all traffic internally when Tailscale is
shut down, to avoid spurious wireguard logspam. This made the benchmark
not receive anything. Setting a dummy private key is sufficient to get
magicsock to pass traffic for benchmarking purposes.
Fixes #1270.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Part of #1153, #1154. Fixes #1224.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #1232
|
|
For the migration to tailscaled.exe on Windows, don't create a new logid
if one existed under the old filename.
Updates #1232
|
|
This was the other half of the #1271 problem.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #1232
|
|
|
|
Updates #1232
|
|
Fixes #1271
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
And move a couple other types down into leafier packages.
Now cmd/tailscale doesn't bring in netlink, magicsock, wgengine, etc.
Fixes #1181
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Work on reducing the size of the tailscale binary, which is
currently pulling in most of the same code as tailscaled.
Updates #1181
|
|
Missed review feedback from just-submitted d37058af728c.
|
|
Unused for now, but I want to backport this commit to 1.4 so 1.6 can
start sending these and then at least 1.4 logs will stringify nicely.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-Off-By: Christine Dodrill <xe@tailscale.com>
|
|
Fixes #1167
Fixes tailscale/corp#219
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Christine Dodrill <xe@tailscale.com>
|
|
This reverts commit da4ec54756d1f8970679872d093fe9fc0c2df417.
Since v6 got disabled for Windows nodes, I need the debug flag back
to figure out why it was broken.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Use tb.Cleanup to simplify both the API and the implementation.
One behavior change: When the number of goroutines shrinks, don't log.
I've never found these logs to be useful, and they frequently add noise.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Fixes #1234
Updates #1254
|
|
|
|
The code was using a C "int", which is a signed 32-bit integer.
That means some valid IP addresses were negative numbers.
(In particular, the default router address handed out by AT&T
fiber: 192.168.1.254. No I don't know why they do that.)
A negative number is < 255, and so was treated by the Go code
as an error.
This fixes the unit test failure:
$ go test -v -run=TestLikelyHomeRouterIPSyscallExec ./net/interfaces
=== RUN TestLikelyHomeRouterIPSyscallExec
interfaces_darwin_cgo_test.go:15: syscall() = invalid IP, false, netstat = 192.168.1.254, true
--- FAIL: TestLikelyHomeRouterIPSyscallExec (0.00s)
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
|
|
Previously we disabled v6 support if the disable_policy knob was
missing in /proc, but some kernels support policy routing without
exposing the toggle. So instead, treat disable_policy absence as a
"maybe", and make the direct `ip -6 rule` probing a bit more
elaborate to compensate.
Fixes #1241.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Fixes #1239
|
|
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
They are now unused.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Fixes #1220
|
|
It broke Debian Stretch. We'll try again later.
Updates #1245
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates tailscale/corp#1238
|
|
|
|
|
|
Start of a local HTTP API. Not a stable interface yet.
|
|
This is mostly code movement from the wireguard-go repo.
Most of the new wgcfg package corresponds to the wireguard-go wgcfg package.
wgengine/wgcfg/device{_test}.go was device/config{_test}.go.
There were substantive but simple changes to device_test.go to remove
internal package device references.
The API of device.Config (now wgcfg.DeviceConfig) grew an error return;
we previously logged the error and threw it away.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
|
|
Fixes #1214
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
We log lines like this:
c.logf("[v1] magicsock: disco: %v->%v (%v, %v) sent %v", c.discoShort, dstDisco.ShortString(), dstKey.ShortString(), derpStr(dst.String()), disco.MessageSummary(m))
The leading [v1] causes it to get unintentionally rate limited.
Until we have a proper fix, work around it.
Fixes #1216
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
|
|
Updates #1187
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes a regression from e970ed09951a that wasn't covered by tests
in this repo. (Our end-to-end tests in another repo caught this.)
Updates #1204
|
