| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Also use go:generate and https://golang.org/s/generatedcode header style.
|
|
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
|
|
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
|
|
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
|
|
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
|
|
That's what I meant to do when I added "tailscale version" but
apparently I didn't.
|
|
Fixes #448
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
|
|
|
|
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
|
|
Signed-Off-By: Dmytro Shynkevych <dmytro@tailscale.com>
|
|
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
|
|
|
|
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
|
|
|
|
cmd/tailscale's package main is now just a few lines.
This'll let us embed the CLI in the Mac and Windows clients.
Updates #541
|
|
|
|
That's what's used in the Windows GUI version and seems special. If we don't use
that, Windows tries to rename it and fails.
|
|
Avoids confusing logspam on Windows.
|
|
Signed-off-by: Dmytro Shynkevych <dmytro@tailscale.com>
|
|
peers
|
|
Don't do anything with UPnP, NAT-PMP, PCP yet, but see how common they
are in the wild.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
For discovering where we might direct NAT-PMP/PCP/UPnP queries at in
the future.
|
|
There's a lot of confusion around what tailscale status shows, so make it better:
show region names, last write time, and put stars around DERP too if active.
Now stars are always present if activity, and always somewhere.
|
|
The remove hook implementation was copy/pasted from the line above and
I didn't change the body, resulting in packet forwarding routes never
being removed.
Fortunately we weren't using this path yet, but it led to stats being
off, and (very) slow memory growth.
|
|
Use sysctl to check IP forwarding state for better OS compatiblity.
Signed-off-by: Brian Chu <cynix@cynix.org>
|
|
I'm trying to hunt down a slow drift in numbers not agreeing.
|
|
To be reused in various other tools.
|
|
|
|
The magicsock derpReader was holding onto 65KB for each DERP
connection forever, just in case.
Make the derp{,http}.Client be in charge of memory instead. It can
reuse its bufio.Reader buffer space.
|
|
Updates #388
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #388
|
|
|
|
This lets a trusted DERP client that knows a pre-shared key subscribe
to the connection list. Upon subscribing, they get the current set
of connected public keys, and then all changes over time.
This lets a set of DERP server peers within a region all stay connected to
each other and know which clients are connected to which nodes.
Updates #388
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
The flags were --no-blah for a brief time, then we switched them to
--blah=true/false with a default of true, but didn't fix the boolean
inversions in the code. So up was down, true was false, etc.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
|
|
--no-snat becomes --snat-subnet-routes
--no-single-routes becomes --host-routes
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
|
|
Also:
* add -verbose flag to cmd/tailscale netcheck
* remove some API from the interfaces package
* convert some of the interfaces package to netaddr.IP
* don't even send IPv4 probes on machines with no IPv4 (or only v4
loopback)
* and once three regions have replied, stop waiting for other probes
at 2x the slowest duration.
Updates #376
|
|
|
|
On startup, and when switching into =off and =nodivert, we were
deleting netfilter rules even if we weren't the ones that added them.
In order to avoid interfering with rules added by the sysadmin, we have
to be sure to delete rules only in the case that we added them in the
first place.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
Let's actually list the file we checked
(/proc/sys/net/ipv4/ip_forward). That gives the admin something
specific to look for when they get this message.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
We would print a message about "nothing more to do", which some people
thought was an error or warning. Let's only print a message after
authenticating if we previously asked for interaction, and let's
shorten that message to just "Success," which is what it means.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
Signed-off-by: Dmytro Shynkevych <dm.shynk@gmail.com>
|
|
|
|
Instead of hard-coding the DERP map (except for cmd/tailscale netcheck
for now), get it from the control server at runtime.
And make the DERP map support multiple nodes per region with clients
picking the first one that's available. (The server will balance the
order presented to clients for load balancing)
This deletes the stunner package, merging it into the netcheck package
instead, to minimize all the config hooks that would've been
required.
Also fix some test flakes & races.
Fixes #387 (Don't hard-code the DERP map)
Updates #388 (Add DERP region support)
Fixes #399 (wgengine: flaky tests)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
- Reformat the warning about a message being rate limited to print the
format string, rather than the formatted message. This helps give a
clue what "type" of message is being limited.
- Change the rate limit warning to be [RATE LIMITED] in all caps. This
uses less space on each line, plus is more noticeable.
- In tailscaled, change the frequency to be less often (once every 5
seconds per format string) but to allow bursts of up to 5 messages.
This greatly reduces the number of messages that are rate limited
during startup, but allows us to tighten the limit even further during
normal runtime.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
This cuts RSS from ~30MB to ~20MB on my machine, after the previous fix
to get rid of unnecessary zstd buffers.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
Also stop logging data sent/received from nodes we're not connected to (ie all those `x`s being logged in the `peers: ` line)
Signed-off-by: Wendi <wendi.yu@yahoo.ca>
|
