summaryrefslogtreecommitdiffhomepage
path: root/appc
AgeCommit message (Collapse)AuthorFilesLines
2024-02-07appc: optimize dns response observation for large route tablesJames Tucker1-16/+40
Advertise DNS discovered addresses as a single preference update rather than one at a time. Sort the list of observed addresses and use binary search to consult the list. Updates tailscale/corp#16636 Signed-off-by: James Tucker <james@tailscale.com>
2024-02-01appc,ipn/ipnlocal: add app connector routes if any part of a CNAME chain is ↵James Tucker2-41/+197
routed If any domain along a CNAME chain matches any of the routed domains, add routes for the discovered domains. Fixes tailscale/corp#16928 Signed-off-by: James Tucker <james@tailscale.com>
2024-01-22appc: add test to ensure that individual IPs are not removed during route ↵James Tucker3-4/+45
updates If control advised the connector to advertise a route that had already been discovered by DNS it would be incorrectly removed. Now those routes are preserved. Updates tailscale/corp#16833 Signed-off-by: James Tucker <james@tailscale.com>
2024-01-22appc,ipn/ipnlocal: optimize preference adjustments when routes updateCharlotte Brandhorst-Satzkorn3-56/+78
This change allows us to perform batch modification for new route advertisements and route removals. Additionally, we now handle the case where newly added routes are covered by existing ranges. This change also introduces a new appctest package that contains some shared functions used for testing. Updates tailscale/corp#16833 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
2024-01-18ipn/ipnlocal: make app connector configuration concurrentJames Tucker2-14/+47
If there are routes changes as a side effect of an app connector configuration update, the connector configuration may want to reenter a lock, so must be started asynchronously. Updates tailscale/corp#16833 Signed-off-by: James Tucker <james@tailscale.com>
2024-01-17appc,ipn/ipnlocal,types/appctype: implement control provided routesJames Tucker2-1/+107
Control can now send down a set of routes along with the domains, and the routes will be advertised, with any newly overlapped routes being removed to reduce the size of the routing table. Fixes tailscale/corp#16833 Signed-off-by: James Tucker <james@tailscale.com>
2023-12-19appc,ipn: prevent undesirable route advertisementsJames Tucker1-3/+1
Individual route advertisements that are covered by existing routes are no longer advertised. If an upstream returns 0.0.0.0, 127.x, and other common unwanted addresses those are also rejected. Updates #16425 Signed-off-by: James Tucker <james@tailscale.com>
2023-11-15appc: fix DomainRoutes copyJames Tucker2-1/+17
The non-referential copy destination doesn't extend the map contents, but also the read of a non-key is returning a zero value not bound to the map contents in any way. Updates tailscale/corp#15657 Signed-off-by: James Tucker <james@tailscale.com>
2023-11-09appc: prevent duplication of wildcard entries on map updatesJames Tucker2-1/+14
Updates #15437 Signed-off-by: James Tucker <james@tailscale.com>
2023-11-09appc: add support for matching wildcard domainsJames Tucker2-8/+56
The app connector matches a configuration of "*.example.com" to mean any sub-domain of example.com. Updates #15437 Signed-off-by: James Tucker <james@tailscale.com>
2023-11-07tailcfg,ipn,appc: add c2n endpoint for appc domain routesCharlotte Brandhorst-Satzkorn1-0/+14
This change introduces a c2n endpoint that returns a map of domains to a slice of resolved IP addresses for the domain. Fixes tailscale/corp#15657 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
2023-11-02appc,cmd/sniproxy,ipn/ipnlocal: split sniproxy configuration code out of appcJames Tucker6-704/+16
The design changed during integration and testing, resulting in the earlier implementation growing in the appc package to be intended now only for the sniproxy implementation. That code is moved to it's final location, and the current App Connector code is now renamed. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>
2023-11-01appc,ipn/ipnlocal: add App Connector domain configuration from mapcapJames Tucker2-1/+12
The AppConnector is now configured by the mapcap from the control plane. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>
2023-11-01appc,ipn/ipnlocal,net/dns/resolver: add App Connector wiring when enabled in ↵James Tucker3-1/+284
prefs An EmbeddedAppConnector is added that when configured observes DNS responses from the PeerAPI. If a response is found matching a configured domain, routes are advertised when necessary. The wiring from a configuration in the netmap capmap is not yet done, so while the connector can be enabled, no domains can yet be added. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>
2023-10-31cmd/sniproxy: implement support for control configuration, multiple addressesTom DNetto1-4/+4
* Implement missing tests for sniproxy * Wire sniproxy to new appc package * Add support to tsnet for routing subnet router traffic into netstack, so it can be handled Updates: https://github.com/tailscale/corp/issues/15038 Signed-off-by: Tom DNetto <tom@tailscale.com>
2023-10-19appctype: move to types/appctypeTom DNetto2-2/+2
Having a types package at the top level was almost certainly unintentional. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: https://github.com/tailscale/corp/issues/15038
2023-10-19appc: implement app connector Server typeTom DNetto4-0/+686
This change refactors & moves the bulk of the app connector logic from ./cmd/sniproxy. A future change will delete the delta in sniproxy and wire it to this type. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: https://github.com/tailscale/corp/issues/15038
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.