| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
TCP was done in 662fbd4a09664e849f0b898d1e8df13325d36efa.
This does the same for UDP.
Tested by hand. Integration tests will have to come later. I'd wanted
to do it in this commit, but the SOCKS5 server needed for interop
testing between two userspace nodes doesn't yet support UDP and I
didn't want to invent some whole new userspace packet injection
interface at this point, as SOCKS seems like a better route, but
that's its own bug.
Fixes #2302
RELNOTE=netstack mode can now UDP relay to subnets
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
For instance, ephemeral nodes with only IPv6 addresses can now
SOCKS5-dial out to names like "foo" and resolve foo's IPv6 address
rather than foo's IPv4 address and get a "no route"
(*tcpip.ErrNoRoute) error from netstack's dialer.
Per https://github.com/tailscale/tailscale/issues/2268#issuecomment-870027626
which is only part of the isuse.
Updates #2268
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Unused so far, but eventually we'll want this for SOCKS5 UDP binds (we
currently only do TCP with SOCKS5), and also for #2102 for forwarding
MagicDNS upstream to Tailscale IPs over netstack.
Updates #2102
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This commit is a mishmash of automated edits using gofmt:
gofmt -r 'netaddr.IPPort{IP: a, Port: b} -> netaddr.IPPortFrom(a, b)' -w .
gofmt -r 'netaddr.IPPrefix{IP: a, Port: b} -> netaddr.IPPrefixFrom(a, b)' -w .
gofmt -r 'a.IP.Is4 -> a.IP().Is4' -w .
gofmt -r 'a.IP.As16 -> a.IP().As16' -w .
gofmt -r 'a.IP.Is6 -> a.IP().Is6' -w .
gofmt -r 'a.IP.As4 -> a.IP().As4' -w .
gofmt -r 'a.IP.String -> a.IP().String' -w .
And regexps:
\w*(.*)\.Port = (.*) -> $1 = $1.WithPort($2)
\w*(.*)\.IP = (.*) -> $1 = $1.WithIP($2)
And lots of manual fixups.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
The earlier eb06ec172f1d984bb87c589da1dd2d3f15dc6d82 fixed
the flaky SSH issue (tailscale/corp#1725) by making sure that packets
addressed to Tailscale IPs in hybrid netstack mode weren't delivered
to netstack, but another issue remained:
All traffic handled by netstack was also potentially being handled by
the host networking stack, as the filter hook returned "Accept", which
made it keep processing. This could lead to various random racey chaos
as a function of OS/firewalls/routes/etc.
Instead, once we inject into netstack, stop our caller's packet
processing.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes tailscale/corp#1725
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
I see a bunch of these in some logs I'm looking at,
separated only by a few seconds.
Log the error so we can tell what's going on here.
Signed-off-by: Josh Bleecher Snyder <josharian@gmail.com>
|
|
(#1758)
* wgengine/netstack: log ForwarderRequest in readable form, only in debug mode
Fixes #1757
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
For #707
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
(#1629)
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
wgengine/netstack: Allow userspace networking mode to expose subnets
Updates #504
Updates #707
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
The tstun packagen contains both constructors for generic tun
Devices, and a wrapper that provides additional functionality.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This reverts the revert commit 84aba349d9a8d4e43585856c8155385f2569d35a.
And changes us to use inet.af/netstack.
Updates #1518
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Breaks our corp repo due to gRPC dependency hell.
This reverts commit d42f8b7f9a29a288058a03ebdf740e11b843bf26.
|
|
gVisor fixed their google/gvisor#1446 so we can include gVisor mode
on 32-bit machines.
A few minor upstream API changes, as normal.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #504
Updates #707
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
Updates #504
Updates #707
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
Updates #504
Updates #707
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
Even with [v2], it still logtails and takes time to format.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #504
Updates #707
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
Updates #707
Updates #504
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
And add a --socks5-server flag.
And fix a race in SOCKS5 replies where the response header was written
concurrently with the copy from the backend.
Co-authored with Naman Sood.
Updates #707
Updates #504
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #707
Updates #504
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #707
Updates #504
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
(#1301)
Updates #707
Updates #504
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
Updates #1278
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Naman Sood <mail@nsood.in>
|
|
* wengine/netstack: bump gvisor to latest version
Signed-off-by: Naman Sood <naman@tailscale.com>
* update dependencies
Signed-off-by: Naman Sood <naman@tailscale.com>
* Don't change hardcoded IP
Signed-off-by: Naman Sood <naman@tailscale.com>
|
|
See google/gvisor#5241
|
|
Not usefully functional yet (mostly a proof of concept), but getting
it submitted for some work @namansood is going to do atop this.
Updates #707
Updates #634
Updates #48
Updates #835
|
