| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
So the type can be used in net/dns without introducing a tailcfg
dependency.
For #2596
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
|
|
This adds "//go:build" lines and tidies up existing "// +build" lines.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
crash
From integration tests elsewhere:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x70 pc=0x845c9b]
goroutine 226 [running]:
tailscale.com/control/controlclient.(*Direct).sendMapRequest(0xc00053e1e0, 0x16670f0, 0xc000353780, 0xffffffffffffffff, 0xc0003e5f10, 0x0, 0x0)
/home/runner/go/pkg/mod/tailscale.com@v1.1.1-0.20210715222212-1bb6abc604c1/control/controlclient/direct.go:803 +0x19bb
tailscale.com/control/controlclient.(*Direct).PollNetMap(...)
/home/runner/go/pkg/mod/tailscale.com@v1.1.1-0.20210715222212-1bb6abc604c1/control/controlclient/direct.go:574
tailscale.com/control/controlclient.(*Auto).mapRoutine(0xc00052a1e0)
/home/runner/go/pkg/mod/tailscale.com@v1.1.1-0.20210715222212-1bb6abc604c1/control/controlclient/auto.go:464 +0x571
created by tailscale.com/control/controlclient.(*Auto).Start
/home/runner/go/pkg/mod/tailscale.com@v1.1.1-0.20210715222212-1bb6abc604c1/control/controlclient/auto.go:151 +0x65
exit status 2
Also remove types/opt.Bool API addition which is now unnecessary.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Add in UPnP portmapping, using goupnp library in order to get the UPnP client and run the
portmapping functions. This rips out anywhere where UPnP used to be in portmapping, and has a
flow separate from PMP and PCP.
RELNOTE=portmapper now supports UPnP mappings
Fixes #682
Updates #2109
Signed-off-by: julianknodt <julianknodt@gmail.com>
|
|
Fix regression from 19c3e6cc9e9c8371f2aea1c8a19fe1e455038b0b
which made the locking coarser.
Found while debugging #2245, which ended up looking like a tswin/Windows
issue where Crawshaw had blocked cmd.exe's output.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
|
|
Add MarshalText-like appending variants. Like:
https://pkg.go.dev/inet.af/netaddr#IP.AppendTo
To be used by @josharian's pending deephash optimizations.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This lets us remote the types/strbuilder package,
which had only a single user.
And it's faster.
name old time/op new time/op delta
String/tcp4-8 175ns ± 0% 58ns ± 1% -66.95% (p=0.000 n=10+9)
String/tcp6-8 226ns ± 1% 136ns ± 1% -39.85% (p=0.000 n=10+10)
String/udp4-8 175ns ± 1% 58ns ± 1% -67.01% (p=0.000 n=10+9)
String/udp6-8 230ns ± 1% 140ns ± 0% -39.32% (p=0.000 n=10+9)
String/icmp4-8 164ns ± 0% 50ns ± 1% -69.89% (p=0.000 n=10+10)
String/icmp6-8 217ns ± 1% 129ns ± 0% -40.46% (p=0.000 n=10+10)
String/igmp-8 196ns ± 0% 56ns ± 1% -71.32% (p=0.000 n=10+10)
String/unknown-8 2.06ns ± 1% 2.06ns ± 2% ~ (p=0.985 n=10+10)
name old alloc/op new alloc/op delta
String/tcp4-8 32.0B ± 0% 32.0B ± 0% ~ (all equal)
String/tcp6-8 168B ± 0% 96B ± 0% -42.86% (p=0.000 n=10+10)
String/udp4-8 32.0B ± 0% 32.0B ± 0% ~ (all equal)
String/udp6-8 168B ± 0% 96B ± 0% -42.86% (p=0.000 n=10+10)
String/icmp4-8 32.0B ± 0% 32.0B ± 0% ~ (all equal)
String/icmp6-8 104B ± 0% 64B ± 0% -38.46% (p=0.000 n=10+10)
String/igmp-8 48.0B ± 0% 48.0B ± 0% ~ (all equal)
String/unknown-8 0.00B 0.00B ~ (all equal)
name old allocs/op new allocs/op delta
String/tcp4-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
String/tcp6-8 3.00 ± 0% 1.00 ± 0% -66.67% (p=0.000 n=10+10)
String/udp4-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
String/udp6-8 3.00 ± 0% 1.00 ± 0% -66.67% (p=0.000 n=10+10)
String/icmp4-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
String/icmp6-8 3.00 ± 0% 1.00 ± 0% -66.67% (p=0.000 n=10+10)
String/igmp-8 1.00 ± 0% 1.00 ± 0% ~ (all equal)
String/unknown-8 0.00 0.00 ~ (all equal)
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
This commit is a mishmash of automated edits using gofmt:
gofmt -r 'netaddr.IPPort{IP: a, Port: b} -> netaddr.IPPortFrom(a, b)' -w .
gofmt -r 'netaddr.IPPrefix{IP: a, Port: b} -> netaddr.IPPrefixFrom(a, b)' -w .
gofmt -r 'a.IP.Is4 -> a.IP().Is4' -w .
gofmt -r 'a.IP.As16 -> a.IP().As16' -w .
gofmt -r 'a.IP.Is6 -> a.IP().Is6' -w .
gofmt -r 'a.IP.As4 -> a.IP().As4' -w .
gofmt -r 'a.IP.String -> a.IP().String' -w .
And regexps:
\w*(.*)\.Port = (.*) -> $1 = $1.WithPort($2)
\w*(.*)\.IP = (.*) -> $1 = $1.WithIP($2)
And lots of manual fixups.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
name old time/op new time/op delta
ShortString-8 82.6ns ± 0% 15.6ns ± 0% -81.07% (p=0.008 n=5+5)
name old alloc/op new alloc/op delta
ShortString-8 104B ± 0% 8B ± 0% -92.31% (p=0.008 n=5+5)
name old allocs/op new allocs/op delta
ShortString-8 3.00 ± 0% 1.00 ± 0% -66.67% (p=0.008 n=5+5)
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Instead of calling ParseHex, do the hex.Decode directly.
name old time/op new time/op delta
UnmarshalJSON-8 86.9ns ± 0% 42.6ns ± 0% -50.94% (p=0.000 n=15+14)
name old alloc/op new alloc/op delta
UnmarshalJSON-8 128B ± 0% 0B -100.00% (p=0.000 n=15+15)
name old allocs/op new allocs/op delta
UnmarshalJSON-8 2.00 ± 0% 0.00 -100.00% (p=0.000 n=15+15)
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Fixes tailscale/corp#1725
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #1749
Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Upstream wireguard-go renamed the interface method
from CreateEndpoint to ParseEndpoint.
I updated the log call site but not the allowlist.
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
|
|
- Switch to our own simpler token bucket, since x/time/rate is missing
necessary stuff (can't provide your own time func; can't check the
current bucket contents) and it's overkill anyway.
- Add tests that actually include advancing time.
- Don't remove the rate limit on a message until there's enough room to
print at least two more of them. When we do, we'll also print how
many we dropped, as a contextual reminder that some were previously
lost. (This is more like how the Linux kernel does it.)
- Reformat the [RATE LIMITED] messages to be shorter, and to not
corrupt original message. Instead, we print the message, then print
its format string.
- Use %q instead of \"%s\", for more accurate parsing later, if the
format string contained quotes.
Fixes #1772
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
Pointer receivers used with MarshalJSON are code rakes.
https://github.com/golang/go/issues/22967
https://github.com/dominikh/go-tools/issues/911
I just stepped on one, and it hurt. Turn it over.
While we're here, optimize the code a bit.
name old time/op new time/op delta
MarshalJSON-8 184ns ± 0% 44ns ± 0% -76.03% (p=0.000 n=20+19)
name old alloc/op new alloc/op delta
MarshalJSON-8 184B ± 0% 80B ± 0% -56.52% (p=0.000 n=20+20)
name old allocs/op new allocs/op delta
MarshalJSON-8 4.00 ± 0% 1.00 ± 0% -75.00% (p=0.000 n=20+20)
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
|
|
For historical reasons, we ended up with two near-duplicate
copies of curve25519 key types, one in the wireguard-go module
(wgcfg) and one in the tailscale module (types/wgkey).
Then we moved wgcfg to the tailscale module.
We can now remove the wgcfg key type in favor of wgkey.
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Add proto to flowtrack.Tuple.
Add types/ipproto leaf package to break a cycle.
Server-side ACL work remains.
Updates #1516
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
* move probing out of netcheck into new net/portmapper package
* use PCP ANNOUNCE op codes for PCP discovery, rather than causing
short-lived (sub-second) side effects with a 1-second-expiring map +
delete.
* track when we heard things from the router so we can be less wasteful
in querying the router's port mapping services in the future
* use portmapper from magicsock to map a public port
Fixes #1298
Fixes #1080
Fixes #1001
Updates #864
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #1278
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This one alone doesn't modify the global dependency map much
(depaware.txt if anything looks slightly worse), but it leave
controlclient as only containing NetworkMap:
bradfitz@tsdev:~/src/tailscale.com/ipn$ grep -F "controlclient." *.go
backend.go: NetMap *controlclient.NetworkMap // new netmap received
fake_test.go: b.notify(Notify{NetMap: &controlclient.NetworkMap{}})
fake_test.go: b.notify(Notify{NetMap: &controlclient.NetworkMap{}})
handle.go: netmapCache *controlclient.NetworkMap
handle.go:func (h *Handle) NetMap() *controlclient.NetworkMap {
Once that goes into a leaf package, then ipn doesn't depend on
controlclient at all, and then the client gets smaller.
Updates #1278
|
|
And move a couple other types down into leafier packages.
Now cmd/tailscale doesn't bring in netlink, magicsock, wgengine, etc.
Fixes #1181
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
We log lines like this:
c.logf("[v1] magicsock: disco: %v->%v (%v, %v) sent %v", c.discoShort, dstDisco.ShortString(), dstKey.ShortString(), derpStr(dst.String()), disco.MessageSummary(m))
The leading [v1] causes it to get unintentionally rate limited.
Until we have a proper fix, work around it.
Fixes #1216
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
This is a big hammer approach to helping with #1132.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
This makes connectivity between ancient and new tailscale nodes slightly
worse in some cases, but only in cases where the ancient version would
likely have failed to get connectivity anyway.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Here's an example log line in the new format:
[RATE LIMITED] format string "open-conn-track: timeout opening %v; no associated peer node" (example: "open-conn-track: timeout opening ([ip] => [ip]); no associated peer node")
This should make debugging logging issues a bit easier, and give more
context as to why something was rate limited. This change was proposed
in a comment on #1110.
Signed-off-by: Smitty <me@smitop.com>
|
|
The log lines that wireguard-go prints as it starts
and stops its worker routines are mostly noise.
They also happen after other work is completed,
which causes failures in some of the log testing packages.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
This is a replacement for the key-related parts
of the wireguard-go wgcfg package.
This is almost a straight copy/paste from the wgcfg package.
I have slightly changed some of the exported functions and types
to avoid stutter, added and tweaked some comments,
and removed some now-unused code.
To avoid having wireguard-go depend on this new package,
wgcfg will keep its key types.
We translate into and out of those types at the last minute.
These few remaining uses will be eliminated alongside
the rest of the wgcfg package.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
This caused some confusion in issue #460, since usually raw format
strings aren't printed directly. Hopefully by directly logging that
they are intended to be raw format strings, this will be more clear.
Rate limited format strings now look like:
[RATE LIMITED] format string "control: sendStatus: %s: %v"
Closes #460.
Signed-off-by: Smitty <me@smitop.com>
|
|
Work with either way for now on iOS (darwin/arm64 vs ios/arm64).
In February when Go 1.16 comes out we'll have a universal binary for
darwin/arm64 (macOS) and will drop support for Go 1.15 and its
darwin/amd64 meaning iOS. (it'll mean macOS).
Context:
* https://tip.golang.org/doc/go1.16#darwin
* https://github.com/golang/go/issues/38485
* https://github.com/golang/go/issues/42100
|
|
So they don't get interpretted as a format pattern or get rate-limited away
in the wrong way.
|
|
|
|
The RusagePrefixLog is rarely useful, hasn't been useful in a long
time, is rarely the measurement we need, and is pretty spammy (and
syscall-heavy). Disable it by default. We can enable it when we're
debugging memory.
|
|
Per discussion with @crawshaw. The CLI tool already used std flag anyway.
If either of them, it would've made more sense for the CLI to use getopt.
|
|
It was lost during a copy from wgcfg.NewPresharedKey (which doesn't
clamp) instead of wgcfg.NewPrivateKey (which does).
Fortunately this was only use for discovery messages (not WireGuard)
and only for ephemeral process-lifetime keys.
|
|
Silences
types/logger/logger_test.go:63:30: conversion from int to string yields a string of one rune
Signed-off-by: Elias Naur <mail@eliasnaur.com>
|
|
Also adds ephemeral port support to natlab.
Work in progress.
Pairing with @danderson.
|
|
Per conversation with @danderson.
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Not actually used yet.
Updates #483
|
|
Signed-Off-By: Dmytro Shynkevych <dmytro@tailscale.com>
|
|
|
|
... and thus does not need to worry about when it escapes into
unprovable fmt interface{} land.
Also, add some convenience methods for efficiently writing integers.
|
|
- Reformat the warning about a message being rate limited to print the
format string, rather than the formatted message. This helps give a
clue what "type" of message is being limited.
- Change the rate limit warning to be [RATE LIMITED] in all caps. This
uses less space on each line, plus is more noticeable.
- In tailscaled, change the frequency to be less often (once every 5
seconds per format string) but to allow bursts of up to 5 messages.
This greatly reduces the number of messages that are rate limited
during startup, but allows us to tighten the limit even further during
normal runtime.
Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
|
|
Also stop logging data sent/received from nodes we're not connected to (ie all those `x`s being logged in the `peers: ` line)
Signed-off-by: Wendi <wendi.yu@yahoo.ca>
|
