summaryrefslogtreecommitdiffhomepage
path: root/control/controlclient
AgeCommit message (Collapse)AuthorFilesLines
2021-05-16all: adapt to opaque netaddr typesJosh Bleecher Snyder2-4/+4
This commit is a mishmash of automated edits using gofmt: gofmt -r 'netaddr.IPPort{IP: a, Port: b} -> netaddr.IPPortFrom(a, b)' -w . gofmt -r 'netaddr.IPPrefix{IP: a, Port: b} -> netaddr.IPPrefixFrom(a, b)' -w . gofmt -r 'a.IP.Is4 -> a.IP().Is4' -w . gofmt -r 'a.IP.As16 -> a.IP().As16' -w . gofmt -r 'a.IP.Is6 -> a.IP().Is6' -w . gofmt -r 'a.IP.As4 -> a.IP().As4' -w . gofmt -r 'a.IP.String -> a.IP().String' -w . And regexps: \w*(.*)\.Port = (.*) -> $1 = $1.WithPort($2) \w*(.*)\.IP = (.*) -> $1 = $1.WithIP($2) And lots of manual fixups. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
2021-05-12controlclient: update Persist.LoginName when it changes.Avery Pennarun1-2/+2
Well, that was anticlimactic. Fixes tailscale/corp#461. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30ipnlocal: don't pause the controlclient until we get at least one netmap.apenwarr/statefixAvery Pennarun1-1/+2
Without this, macOS would fail to display its menu state correctly if you started it while !WantRunning. It relies on the netmap in order to show the logged-in username. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-30controlclient: extract a Client interface and rename Client->Auto.Avery Pennarun5-53/+134
This will let us create a mock or fake Client implementation for use with ipn.Backend. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-29controlclient: extract State and Status stuff into its own file.Avery Pennarun2-73/+88
No changes other than moving stuff around. Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
2021-04-22control/controlclient: fix signRegisterRequest log suppression check on WindowsBrad Fitzpatrick1-1/+1
Fixes #1774 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-21control/controlclient, tailcfg: add Debug.SleepSeconds (mapver 19)Brad Fitzpatrick1-4/+41
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-21ipn/ipnlocal: on fresh lazy-connecting install, start in state NeedsLoginBrad Fitzpatrick1-0/+3
Fixes #1759 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19tailcfg, control/controlclient: accept nil MapResponse.Node (mapver 18)Brad Fitzpatrick3-12/+57
All MapResponse fields can not be omitted and are tagged "omitempty". Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19tailcfg, control/controlclient: allow empty MapResponse.Domain (mapver17)Brad Fitzpatrick2-1/+25
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-18control/controlclient: add start of some MapResponse->NetworkMap testsBrad Fitzpatrick3-7/+99
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-18control/controlclient: break direct.go into map.go (+tests), add mapSessionBrad Fitzpatrick5-388/+461
So the NetworkMap-from-incremental-MapResponses can be tested easily. And because direct.go was getting too big. No change in behavior at this point. Just movement. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-16ipn/ipnlocal, etc: require file sharing capability to send/recv filesBrad Fitzpatrick1-0/+5
tailscale/corp#1582 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-15tailcfg, control/controlclient: (mapver 16) add Node.Online, ↵Brad Fitzpatrick2-41/+123
MapResponse.OnlineChange And fix PeerSeenChange bug where it was ignored unless there were other peer changes. Updates tailscale/corp#1574 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-15control/controlclient: only use a single DNS label as the hostname.David Anderson1-0/+2
Fixes #971 Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-13tailcfg: add Endpoint, EndpointType, MapRequest.EndpointTypeBrad Fitzpatrick3-21/+41
Track endpoints internally with a new tailcfg.Endpoint type that includes a typed netaddr.IPPort (instead of just a string) and includes a type for how that endpoint was discovered (STUN, local, etc). Use []tailcfg.Endpoint instead of []string internally. At the last second, send it to the control server as the existing []string for endpoints, but also include a new parallel MapRequest.EndpointType []tailcfg.EndpointType, so the control server can start filtering out less-important endpoint changes from new-enough clients. Notably, STUN-discovered endpoints can be filtered out from 1.6+ clients, as they can discover them amongst each other via CallMeMaybe disco exchanges started over DERP. And STUN endpoints change a lot, causing a lot of MapResposne updates. But portmapped endpoints are worth keeping for now, as they they work right away without requiring the firewall traversal extra RTT dance. End result will be less control->client bandwidth. (despite negligible increase in client->control bandwidth) Updates tailscale/corp#1543 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-12tailcfg, control/controlclient: make nil MapResponse.DNSConfig mean ↵Brad Fitzpatrick1-1/+5
unchanged (mapver15) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-10control/controlclient: create tls client config with server hostname instead ↵Simon Kirillov1-1/+1
of serverURL.Host Signed-off-by: Simon Kirillov <svkirillov3@gmail.com>
2021-04-09ipn/{ipnlocal,localapi}, cmd/tailscale: add logout commandBrad Fitzpatrick2-31/+95
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07control/controlclient: refactor some internalsBrad Fitzpatrick1-22/+30
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07control/controlclient: return correct certificateAdrian Dewhurst1-20/+41
When searching for the matching client identity, the returned certificate chain was accidentally set to that of the last identity returned by the certificate store instead of the one corresponding to the selected identity. Also, add some extra error checking for invalid certificate chains, just in case. Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
2021-04-06hostifo: update LXC, add Cloud Run.Denton Gentry1-0/+20
Recent LXC support no longer has "lxc" in /proc/1/cgroup: # cat /proc/1/cgroup 12:freezer:/ 11:rdma:/ 10:cpuset:/ 9:pids:/ 8:blkio:/ 7:devices:/ 6:perf_event:/ 5:net_cls,net_prio:/ 4:memory:/ 3:hugetlb:/ 2:cpu,cpuacct:/ 1:name=systemd:/init.scope 0::/init.scope Look for fuse.lxcfs in /proc.mounts in addition: # grep lxc /proc/mounts lxcfs /proc/cpuinfo fuse.lxcfs ... lxcfs /proc/diskstats fuse.lxcfs ... lxcfs /proc/loadavg fuse.lxcfs ... lxcfs /proc/meminfo fuse.lxcfs ... lxcfs /proc/stat fuse.lxcfs ... lxcfs /proc/swaps fuse.lxcfs ... lxcfs /proc/uptime fuse.lxcfs ... lxcfs /sys/devices/system/cpu/online fuse.lxcfs ... Add Knative detection by looking for the environment variables which are part of its container contract. Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-03-31cmd/tailscale, ipn/localapi: move IP forwarding check to tailscaled, APIBrad Fitzpatrick1-1/+14
Instead of having the CLI check whether IP forwarding is enabled, ask tailscaled. It has a better idea. If it's netstack, for instance, the sysctl values don't matter. And it's possible that only the daemon has permission to know. Fixes #1626 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-31control/controlclient: support lazy machine key generationBrad Fitzpatrick2-32/+50
It's not done in the caller yet, but the controlclient does it now. Updates #1573 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-31control/controlclient: document a few thingsBrad Fitzpatrick2-3/+14
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-29control/controlclient: fix TS_DEBUG_MAP on requestsBrad Fitzpatrick1-1/+1
The concrete type being encoded changed from a value to pointer earlier and this was never adjusted. (People don't frequently use TS_DEBUG_MAP to see requests, so it went unnoticed until now.) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-26control/controlclient: sign RegisterRequest (#1549)Adrian Dewhurst4-0/+224
control/controlclient: sign RegisterRequest Some customers wish to verify eligibility for devices to join their tailnets using machine identity certificates. TLS client certs could potentially fulfill this role but the initial customer for this feature has technical requirements that prevent their use. Instead, the certificate is loaded from the Windows local machine certificate store and uses its RSA public key to sign the RegisterRequest message. There is room to improve the flexibility of this feature in future and it is currently only tested on Windows (although Darwin theoretically works too), but this offers a reasonable starting place for now. Updates tailscale/coral#6 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
2021-03-19control, ipn, tailcfg: remove golang.org/x/oauth2 dep, add tailcfg.Oauth2TokenBrad Fitzpatrick2-10/+8
golang.org/x/oauth2 pulls in App Engine and grpc module dependencies, screwing up builds that depend on this module. Some background on the problem: https://go.googlesource.com/proposal/+/master/design/36460-lazy-module-loading.md Fixes tailscale/corp#1471 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-18control/controlclient: remove redundant Hostinfo logBrad Fitzpatrick1-1/+0
The direct client already logs it in JSON form. Then it's immediately logged again in an unformatted dump, so this removes that unformatted one. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-16health, ipn/ipnlocal: track, log overall healthBrad Fitzpatrick1-2/+5
Updates #1505 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-15control/controlclient: cache Windows versionBrad Fitzpatrick1-0/+9
To atone for 1d7f9d5b4a59b3e, the revert of 4224b3f73110f6f. At least it's fast again, even if it's shelling out to cmd.exe (once now). Updates #1478 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-15Revert "control/controlclient: use API to get Windows version number"Brad Fitzpatrick2-33/+15
This reverts commit 4224b3f73110f6f0c6268eb1ae943bc24cf89baf. From https://github.com/tailscale/tailscale/pull/1494#discussion_r594852889 ... > Actually, I want all four numbers back. I spent the evening > debugging an issue for a user running an old version of Windows > and then going to to > https://en.wikipedia.org/wiki/Windows_10_version_history_(version_1809) > and reading all the revision notes in the footnotes of that wikipedia > page. > > I'm going to revert this for now for Tailscale 1.6. We can land it > again later when we figure out how to get the fourth numbers. Updates #1478
2021-03-15wgengine/router: report to control when setPrivateNetwork failsBrad Fitzpatrick1-0/+3
Fixes #1503 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-15health, controlclient, ipn, magicsock: tell health package state of thingsBrad Fitzpatrick2-1/+10
Not yet checking anything. Just plumbing states into the health package. Updates #1505 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-15control/controlclient: use API to get Windows version numberAleksandar Pesic2-15/+33
Fixes #1478 Signed-off-by: Aleksandar Pesic <peske.nis@gmail.com>
2021-03-11control/controlclient: allow for an unset linkMon.David Anderson1-1/+1
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-11control/controlclient: report broken IP forwarding more precisely.David Anderson1-2/+16
IP forwarding is not required when advertising a machine's local IPs over Tailscale. Fixes #1435. Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-05tailcfg, control/controlclient: add MapResponse.PingRequestBrad Fitzpatrick1-0/+30
So the control server can test whether a client's actually present. Most clients are over HTTP/2, so these pings (to the same host) are super cheap. This mimics the earlier goroutine dump mechanism. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-04ipn/ipnlocal, control/controlclient: propagate link monitor to controlclientBrad Fitzpatrick1-0/+4
Don't use it yet, but get it down there. Updates #1455 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-03tailcfg, control/controlclient: add goroutine dump debug featureBrad Fitzpatrick3-0/+83
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-03-01control/controlclient, net/{dnscache,dnsfallback}: add DNS fallback mechanismBrad Fitzpatrick1-3/+6
Updates #1405 Updates #1403 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-18health, control/controlclient, wgengine: report when router unhealthyBrad Fitzpatrick2-1/+20
Updates tailscale/corp#1338 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-15control/controlclient: note package type in HostinfoBrad Fitzpatrick1-0/+16
Fixes tailscale/corp#440 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-05types/netmap: split controlclient.NetworkMap off into its own leaf packageBrad Fitzpatrick5-581/+23
Updates #1278 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-05types/persist: split controlclient.Persist into a small leaf packageBrad Fitzpatrick4-183/+8
This one alone doesn't modify the global dependency map much (depaware.txt if anything looks slightly worse), but it leave controlclient as only containing NetworkMap: bradfitz@tsdev:~/src/tailscale.com/ipn$ grep -F "controlclient." *.go backend.go: NetMap *controlclient.NetworkMap // new netmap received fake_test.go: b.notify(Notify{NetMap: &controlclient.NetworkMap{}}) fake_test.go: b.notify(Notify{NetMap: &controlclient.NetworkMap{}}) handle.go: netmapCache *controlclient.NetworkMap handle.go:func (h *Handle) NetMap() *controlclient.NetworkMap { Once that goes into a leaf package, then ipn doesn't depend on controlclient at all, and then the client gets smaller. Updates #1278
2021-02-05wgengine/wgcfg/nmcfg: split control/controlclient/netmap.go into own packageBrad Fitzpatrick1-117/+0
It couldn't move to ipnlocal due to test dependency cycles. Updates #1278 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-05ipn: program exit node into the data plane according to user pref.David Anderson1-11/+6
Part of #1153, #1154. Fixes #1224. Signed-off-by: David Anderson <danderson@tailscale.com>
2021-02-05control/controlclient: don't call lite endpoint update path when logged outBrad Fitzpatrick1-1/+1
This was the other half of the #1271 problem. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-04control/controlclient: avoid crash sending map request with zero node keyBrad Fitzpatrick1-0/+3
Fixes #1271 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-29all: move wgcfg from wireguard-goJosh Bleecher Snyder1-1/+1
This is mostly code movement from the wireguard-go repo. Most of the new wgcfg package corresponds to the wireguard-go wgcfg package. wgengine/wgcfg/device{_test}.go was device/config{_test}.go. There were substantive but simple changes to device_test.go to remove internal package device references. The API of device.Config (now wgcfg.DeviceConfig) grew an error return; we previously logged the error and threw it away. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.