| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
To not allocate 1MB up front on iOS.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
To reduce binary size on iOS.
Updates tailscale/corp#2238
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
crash
From integration tests elsewhere:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x70 pc=0x845c9b]
goroutine 226 [running]:
tailscale.com/control/controlclient.(*Direct).sendMapRequest(0xc00053e1e0, 0x16670f0, 0xc000353780, 0xffffffffffffffff, 0xc0003e5f10, 0x0, 0x0)
/home/runner/go/pkg/mod/tailscale.com@v1.1.1-0.20210715222212-1bb6abc604c1/control/controlclient/direct.go:803 +0x19bb
tailscale.com/control/controlclient.(*Direct).PollNetMap(...)
/home/runner/go/pkg/mod/tailscale.com@v1.1.1-0.20210715222212-1bb6abc604c1/control/controlclient/direct.go:574
tailscale.com/control/controlclient.(*Auto).mapRoutine(0xc00052a1e0)
/home/runner/go/pkg/mod/tailscale.com@v1.1.1-0.20210715222212-1bb6abc604c1/control/controlclient/auto.go:464 +0x571
created by tailscale.com/control/controlclient.(*Auto).Start
/home/runner/go/pkg/mod/tailscale.com@v1.1.1-0.20210715222212-1bb6abc604c1/control/controlclient/auto.go:151 +0x65
exit status 2
Also remove types/opt.Bool API addition which is now unnecessary.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Add in UPnP portmapping, using goupnp library in order to get the UPnP client and run the
portmapping functions. This rips out anywhere where UPnP used to be in portmapping, and has a
flow separate from PMP and PCP.
RELNOTE=portmapper now supports UPnP mappings
Fixes #682
Updates #2109
Signed-off-by: julianknodt <julianknodt@gmail.com>
|
|
Updates #2268
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Turns out we never reliably log the control plane URL a client connects
to. Do it here, and include the server public key, which might
inadvertently tell us something interesting some day.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
|
|
And make it cheaper, so other parts of the code can check the
environment.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Thanks to @normanr for noticing.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #2079
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Missed one comment from https://github.com/tailscale/tailscale/pull/1868
should be isAWSLambda not isAwsLambda
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
AWS Lambda uses Docker containers but does not
have the string "docker" in its /proc/1/cgroup.
Infer AWS Lambda via the environment variables
it sets.
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Plumbs down a pinger to the direct to enable client to client Ping
functionality from control.
Signed-off-by: Simeng He <simeng@tailscale.com>
|
|
Updates #1235
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Previously, there was no server round trip required to log out, so when
you asked ipnlocal to Logout(), it could clear the netmap immediately
and switch to NeedsLogin state.
In v1.8, we added a true Logout operation. ipn.Logout() would trigger
an async cc.StartLogout() and *also* immediately switch to NeedsLogin.
Unfortunately, some frontends would see NeedsLogin and immediately
trigger a new StartInteractiveLogin() operation, before the
controlclient auth state machine actually acted on the Logout command,
thus accidentally invalidating the entire logout operation, retaining
the netmap, and violating the user's expectations.
Instead, add a new LogoutFinished signal from controlclient
(paralleling LoginFinished) and, upon starting a logout, don't update
the ipn state machine until it's received.
Updates: #1918 (BUG-2)
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
The cyolosecurity fork of certstore did not update its module name and
thus can only be used with a replace directive. This interferes with
installing using `go install` so I created a tailscale fork with an
updated module name.
Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
|
|
This commit is a mishmash of automated edits using gofmt:
gofmt -r 'netaddr.IPPort{IP: a, Port: b} -> netaddr.IPPortFrom(a, b)' -w .
gofmt -r 'netaddr.IPPrefix{IP: a, Port: b} -> netaddr.IPPrefixFrom(a, b)' -w .
gofmt -r 'a.IP.Is4 -> a.IP().Is4' -w .
gofmt -r 'a.IP.As16 -> a.IP().As16' -w .
gofmt -r 'a.IP.Is6 -> a.IP().Is6' -w .
gofmt -r 'a.IP.As4 -> a.IP().As4' -w .
gofmt -r 'a.IP.String -> a.IP().String' -w .
And regexps:
\w*(.*)\.Port = (.*) -> $1 = $1.WithPort($2)
\w*(.*)\.IP = (.*) -> $1 = $1.WithIP($2)
And lots of manual fixups.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Well, that was anticlimactic.
Fixes tailscale/corp#461.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
Without this, macOS would fail to display its menu state correctly if you
started it while !WantRunning. It relies on the netmap in order to show
the logged-in username.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
This will let us create a mock or fake Client implementation for use
with ipn.Backend.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
No changes other than moving stuff around.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
Fixes #1774
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #1759
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
All MapResponse fields can not be omitted and are tagged "omitempty".
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
So the NetworkMap-from-incremental-MapResponses can be tested easily.
And because direct.go was getting too big.
No change in behavior at this point. Just movement.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
tailscale/corp#1582
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
MapResponse.OnlineChange
And fix PeerSeenChange bug where it was ignored unless there were
other peer changes.
Updates tailscale/corp#1574
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #971
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Track endpoints internally with a new tailcfg.Endpoint type that
includes a typed netaddr.IPPort (instead of just a string) and
includes a type for how that endpoint was discovered (STUN, local,
etc).
Use []tailcfg.Endpoint instead of []string internally.
At the last second, send it to the control server as the existing
[]string for endpoints, but also include a new parallel
MapRequest.EndpointType []tailcfg.EndpointType, so the control server
can start filtering out less-important endpoint changes from
new-enough clients. Notably, STUN-discovered endpoints can be filtered
out from 1.6+ clients, as they can discover them amongst each other
via CallMeMaybe disco exchanges started over DERP. And STUN endpoints
change a lot, causing a lot of MapResposne updates. But portmapped
endpoints are worth keeping for now, as they they work right away
without requiring the firewall traversal extra RTT dance.
End result will be less control->client bandwidth. (despite negligible
increase in client->control bandwidth)
Updates tailscale/corp#1543
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
unchanged (mapver15)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
of serverURL.Host
Signed-off-by: Simon Kirillov <svkirillov3@gmail.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
When searching for the matching client identity, the returned
certificate chain was accidentally set to that of the last identity
returned by the certificate store instead of the one corresponding to
the selected identity.
Also, add some extra error checking for invalid certificate chains, just
in case.
Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
|
|
Recent LXC support no longer has "lxc" in /proc/1/cgroup:
# cat /proc/1/cgroup
12:freezer:/
11:rdma:/
10:cpuset:/
9:pids:/
8:blkio:/
7:devices:/
6:perf_event:/
5:net_cls,net_prio:/
4:memory:/
3:hugetlb:/
2:cpu,cpuacct:/
1:name=systemd:/init.scope
0::/init.scope
Look for fuse.lxcfs in /proc.mounts in addition:
# grep lxc /proc/mounts
lxcfs /proc/cpuinfo fuse.lxcfs ...
lxcfs /proc/diskstats fuse.lxcfs ...
lxcfs /proc/loadavg fuse.lxcfs ...
lxcfs /proc/meminfo fuse.lxcfs ...
lxcfs /proc/stat fuse.lxcfs ...
lxcfs /proc/swaps fuse.lxcfs ...
lxcfs /proc/uptime fuse.lxcfs ...
lxcfs /sys/devices/system/cpu/online fuse.lxcfs ...
Add Knative detection by looking for the environment variables
which are part of its container contract.
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Instead of having the CLI check whether IP forwarding is enabled, ask
tailscaled. It has a better idea. If it's netstack, for instance, the
sysctl values don't matter. And it's possible that only the daemon has
permission to know.
Fixes #1626
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
It's not done in the caller yet, but the controlclient does it now.
Updates #1573
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
The concrete type being encoded changed from a value to pointer
earlier and this was never adjusted.
(People don't frequently use TS_DEBUG_MAP to see requests, so it went
unnoticed until now.)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
control/controlclient: sign RegisterRequest
Some customers wish to verify eligibility for devices to join their
tailnets using machine identity certificates. TLS client certs could
potentially fulfill this role but the initial customer for this feature
has technical requirements that prevent their use. Instead, the
certificate is loaded from the Windows local machine certificate store
and uses its RSA public key to sign the RegisterRequest message.
There is room to improve the flexibility of this feature in future and
it is currently only tested on Windows (although Darwin theoretically
works too), but this offers a reasonable starting place for now.
Updates tailscale/coral#6
Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
|
|
golang.org/x/oauth2 pulls in App Engine and grpc module dependencies,
screwing up builds that depend on this module.
Some background on the problem:
https://go.googlesource.com/proposal/+/master/design/36460-lazy-module-loading.md
Fixes tailscale/corp#1471
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
The direct client already logs it in JSON form. Then it's immediately
logged again in an unformatted dump, so this removes that unformatted
one.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #1505
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
To atone for 1d7f9d5b4a59b3e, the revert of 4224b3f73110f6f.
At least it's fast again, even if it's shelling out to cmd.exe (once now).
Updates #1478
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This reverts commit 4224b3f73110f6f0c6268eb1ae943bc24cf89baf.
From https://github.com/tailscale/tailscale/pull/1494#discussion_r594852889 ...
> Actually, I want all four numbers back. I spent the evening
> debugging an issue for a user running an old version of Windows
> and then going to to
> https://en.wikipedia.org/wiki/Windows_10_version_history_(version_1809)
> and reading all the revision notes in the footnotes of that wikipedia
> page.
>
> I'm going to revert this for now for Tailscale 1.6. We can land it
> again later when we figure out how to get the fourth numbers.
Updates #1478
|
