| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This commit is a mishmash of automated edits using gofmt:
gofmt -r 'netaddr.IPPort{IP: a, Port: b} -> netaddr.IPPortFrom(a, b)' -w .
gofmt -r 'netaddr.IPPrefix{IP: a, Port: b} -> netaddr.IPPrefixFrom(a, b)' -w .
gofmt -r 'a.IP.Is4 -> a.IP().Is4' -w .
gofmt -r 'a.IP.As16 -> a.IP().As16' -w .
gofmt -r 'a.IP.Is6 -> a.IP().Is6' -w .
gofmt -r 'a.IP.As4 -> a.IP().As4' -w .
gofmt -r 'a.IP.String -> a.IP().String' -w .
And regexps:
\w*(.*)\.Port = (.*) -> $1 = $1.WithPort($2)
\w*(.*)\.IP = (.*) -> $1 = $1.WithIP($2)
And lots of manual fixups.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
For IPPort.MarshalText optimizations.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
|
|
https://github.com/tailscale/wireguard-go/compare/6cd106ab1339...030c638da3df
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Fixed upstream. Bump dep.
Updates #1345
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Per discussion, we want to have only one test assertion library,
and we want to start by exploring quicktest.
This was a mostly mechanical translation.
I think we could make this nicer by defining a few helper
closures at the beginning of the test. Later.
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
|
|
A very long unit test that verifies the way the controlclient and
ipn.Backend interact.
This is a giant sequential test of the state machine. The test passes,
but only because it's asserting all the wrong behaviour. I marked all
the behaviour I think is wrong with BUG comments, and several
additional test opportunities with TODO.
Note: the new test supercedes TestStartsInNeedsLoginState, which was
checking for incorrect behaviour (although the new test still checks
for the same incorrect behaviour) and assumed .Start() would converge
before returning, which it happens to do, but only for this very
specific case, for the current implementation. You're supposed to wait
for the notifications.
Updates: tailscale/corp#1660
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
This should be the last bump before 1.8.
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #1746
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Pull in minor upstream changes.
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
|
|
To pick up https://go-review.googlesource.com/c/sys/+/307129.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
To fix windows checkptr failures.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Upstream wireguard-go has changed its receive model.
NewDevice now accepts a conn.Bind interface.
The conn.Bind is stateless; magicsock.Conns are stateful.
To work around this, we add a connBind type that supports
cheap teardown and bring-up, backed by a Conn.
The new conn.Bind allows us to specify a set of receive functions,
rather than having to shoehorn everything into ReceiveIPv4 and ReceiveIPv6.
This lets us plumbing DERP messages directly into wireguard-go,
instead of having to mux them via ReceiveIPv4.
One consequence of the new conn.Bind layer is that
closing the wireguard-go device is now indistinguishable
from the routine bring-up and tear-down normally experienced
by a conn.Bind. We thus have to explicitly close the magicsock.Conn
when the close the wireguard-go device.
One downside of this change is that we are reliant on wireguard-go
to call receiveDERP to process DERP messages. This is fine for now,
but is perhaps something we should fix in the future.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Part of a temporary change to make merging wireguard-go easier.
See https://github.com/tailscale/wireguard-go/pull/45.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
|
|
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
control/controlclient: sign RegisterRequest
Some customers wish to verify eligibility for devices to join their
tailnets using machine identity certificates. TLS client certs could
potentially fulfill this role but the initial customer for this feature
has technical requirements that prevent their use. Instead, the
certificate is loaded from the Windows local machine certificate store
and uses its RSA public key to sign the RegisterRequest message.
There is room to improve the flexibility of this feature in future and
it is currently only tested on Windows (although Darwin theoretically
works too), but this offers a reasonable starting place for now.
Updates tailscale/coral#6
Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
|
|
Adapt to minor API changes in wireguard-go.
And factor out device.DeviceOptions variables.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
golang.org/x/oauth2 pulls in App Engine and grpc module dependencies,
screwing up builds that depend on this module.
Some background on the problem:
https://go.googlesource.com/proposal/+/master/design/36460-lazy-module-loading.md
Fixes tailscale/corp#1471
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This reverts the revert commit 84aba349d9a8d4e43585856c8155385f2569d35a.
And changes us to use inet.af/netstack.
Updates #1518
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
go.sum gets a bit wild, but tolerable.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
These ones don't have large dependency trees.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Breaks our corp repo due to gRPC dependency hell.
This reverts commit d42f8b7f9a29a288058a03ebdf740e11b843bf26.
|
|
gVisor fixed their google/gvisor#1446 so we can include gVisor mode
on 32-bit machines.
A few minor upstream API changes, as normal.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Adds FreeBSD support.
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Part of #1177, preparing for doing fancier set operations on
the allowed local nets.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: Matt Layher <mdlayher@gmail.com>
|
|
$ GOOS=openbsd GOARCH=arm64 go install tailscale.com/cmd/...@latest
pkg/mod/github.com/kr/pty@v1.1.4-0.20190131011033-7dc38fb350b1/pty_openbsd.go:24:10: undefined: ptmget
pkg/mod/github.com/kr/pty@v1.1.4-0.20190131011033-7dc38fb350b1/pty_openbsd.go:25:34: undefined: ioctl_PTMGET
"go mod tidy" did some unrelated work in go.sum, maybe because it was
not run with Go 1.16 before.
Signed-off-by: Filippo Valsorda <hi@filippo.io>
|
|
Fixes #1370
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
And open up socket permissions like Linux, now that we know who
connections are from.
This uses the new inet.af/peercred that supports Linux and Darwin at
the moment.
Fixes #1347
Fixes #1348
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
All changes are trivial.
|
|
|
|
Stabilization and performance improvements.
|
|
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
They are now unused.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
This is mostly code movement from the wireguard-go repo.
Most of the new wgcfg package corresponds to the wireguard-go wgcfg package.
wgengine/wgcfg/device{_test}.go was device/config{_test}.go.
There were substantive but simple changes to device_test.go to remove
internal package device references.
The API of device.Config (now wgcfg.DeviceConfig) grew an error return;
we previously logged the error and threw it away.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
|
|
|
|
22507adf5489a8293e03a5af06bd6af41d031468 stopped relying on
our fork of wireguard-go's UpdateDst callback.
As a result, we can unwind that code,
and the extra return value of ReceiveIPv{4,6}.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
This eliminates a dependency on wgcfg.Endpoint,
as part of the effort to eliminate our wireguard-go fork.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
|
|
netaddr.IP no longer allocates, so don't need a cache or all its associated
code/complexity.
This totally removes groupcache/lru from the deps.
Also go mod tidy.
|
|
* wengine/netstack: bump gvisor to latest version
Signed-off-by: Naman Sood <naman@tailscale.com>
* update dependencies
Signed-off-by: Naman Sood <naman@tailscale.com>
* Don't change hardcoded IP
Signed-off-by: Naman Sood <naman@tailscale.com>
|
|
Not usefully functional yet (mostly a proof of concept), but getting
it submitted for some work @namansood is going to do atop this.
Updates #707
Updates #634
Updates #48
Updates #835
|
