summaryrefslogtreecommitdiffhomepage
path: root/net/tshttpproxy
AgeCommit message (Collapse)AuthorFilesLines
2021-03-03net/tshttpproxy: call winhttp calls from a fixed OS threadBrad Fitzpatrick1-0/+4
We often see things in logs like: 2021-03-02 17:52:45.2456258 +0800 +0800: winhttp: Open: The parameter is incorrect. 2021-03-02 17:52:45.2506261 +0800 +0800: tshttpproxy: winhttp: GetProxyForURL("https://log.tailscale.io/c/tailnode.log.tailscale.io/5037bb42f4bc330e2d6143e191a7ff7e837c6be538139231de69a439536e0d68"): ERROR_INVALID_PARAMETER [unexpected] I have a hunch that WinHTTP has thread-local state. If so, this would fix it. If not, this is pretty harmless. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-18net/tshttpproxy: support HTTP proxy environment credentials on Windows tooBrad Fitzpatrick2-16/+18
and some minor style nits. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-17net/tshttpproxy: support basic auth when available (#1354)Christine Dodrill2-0/+61
This allows proxy URLs such as: http://azurediamond:hunter2@192.168.122.154:38274 to be used in order to dial out to control, logs or derp servers. Signed-off-by: Christine Dodrill <xe@tailscale.com>
2020-11-03net/tshttpproxy: aggressively rate-limit error logs in Transport.Proxy pathBrad Fitzpatrick1-3/+18
Otherwise log upload HTTP requests generate proxy errrors which generate logs which generate HTTP requests which generate proxy errors which generate more logs, etc. Fixes #879
2020-09-21net/tshttpproxy: appease staticcheckBrad Fitzpatrick1-0/+2
2020-09-21net/tshttpproxy: add GetProxyForURL negative cacheBrad Fitzpatrick2-1/+38
Otherwise when PAC server is down, we log, and each log entry is a new HTTP request (from logtail) and a new GetProxyForURL call, which again logs, non-stop. This is also nicer to the WinHTTP service. Then also hook up link change notifications to the cache to reset it if there's a chance the network might work sooner.
2020-09-02net/tshttpproxy: fix typo in Windows code added at least secondBrad Fitzpatrick1-1/+1
I ran tests & vet & staticcheck, but for Linux, not Windows. (#728 would be nice)
2020-09-02net/tshttpproxy: if winhttp.GetProxyForURL blocks too long, use previous valueBrad Fitzpatrick1-26/+66
We currently have a chickend-and-egg situation in some environments where we can set up routes that WinHTTP's WPAD/PAC resolution service needs to download the PAC file to evaluate GetProxyForURL, but the PAC file is behind a route for which we need to call GetProxyForURL to e.g. dial a DERP server. As a short-term fix, just assume that the most recently returned proxy is good enough for such situations.
2020-08-28net/tshttpproxy: add more winhttp loggingBrad Fitzpatrick1-1/+7
Notably around duration of calls.
2020-08-28tshttp, derphttp: send Proxy-Authorization, not Authorization, to proxiesBrad Fitzpatrick1-1/+13
Whoops. But weirdly, sending Authorization sometimes worked?
2020-08-27net/tshttpproxy: move the TS_DEBUG_FAKE_PROXY_AUTH knob up a levelBrad Fitzpatrick2-4/+4
2020-08-26tshttpproxy, controlclient, derphttp, logpolicy: send Negotiate auth to proxiesBrad Fitzpatrick2-0/+50
For Windows only, and only when built with Tailscale's Go tree. Updates tailscale/corp#583
2020-08-25net/tshttpproxy: add start of Kerberos Negotiate auth to proxies on WindowsBrad Fitzpatrick2-0/+31
For now only used by a new cmd/tailscale debug --get-url subcommand. Not yet wired up to the places making HTTP requests. Updates tailscale/corp#583
2020-08-24net/tshttpproxy: discard secondary Windows proxies for nowBrad Fitzpatrick1-0/+4
2020-08-18net/tshttpproxy: new package, support WPAD/PAC proxies on WindowsBrad Fitzpatrick2-0/+175
Updates tailscale/corp#553 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.