summaryrefslogtreecommitdiffhomepage
path: root/wgengine
AgeCommit message (Collapse)AuthorFilesLines
2025-09-05wgengine/magicsock: log the peer failing disco writes are intended forJames Tucker1-1/+1
Updates tailscale/corp#31762 Signed-off-by: James Tucker <james@tailscale.com>
2025-08-29wgengine/magicsock: drop DERP queue from head rather than tailJames Tucker2-13/+23
If the DERP queue is full, drop the oldest item first, rather than the youngest, on the assumption that older data is more likely to be unanswerable. Updates tailscale/corp#31762 Signed-off-by: James Tucker <james@tailscale.com>
2025-08-28wgengine/magicsock: shorten process internal DERP queueJames Tucker2-65/+15
DERP writes go via TCP and the host OS will have plenty of buffer space. We've observed in the wild with a backed up TCP socket kernel side buffers of >2.4MB. The DERP internal queue being larger causes an increase in the probability that the contents of the backbuffer are "dead letters" - packets that were assumed to be lost. A first step to improvement is to size this queue only large enough to avoid some of the initial connect stall problem, but not large enough that it is contributing in a substantial way to buffer bloat / dead-letter retention. Updates tailscale/corp#31762 Signed-off-by: James Tucker <james@tailscale.com>
2025-08-28util/ringbuffer: rename to ringlogJames Tucker2-4/+4
I need a ringbuffer in the more traditional sense, one that has a notion of item removal as well as tail loss on overrun. This implementation is really a clearable log window, and is used as such where it is used. Updates #cleanup Updates tailscale/corp#31762 Signed-off-by: James Tucker <james@tailscale.com>
2025-08-26wgengine/magicsock: make endpoint.discoPing peer relay aware (#16946)Jordan Whited1-6/+23
Updates tailscale/corp#30333 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-25wgengine/magicsock: trigger peer relay path discovery on CallMeMaybe RX (#16929)Jordan Whited1-1/+19
Updates tailscale/corp#30333 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-21wgengine/magicsock,net/sockopts: export Windows ICMP suppression logic (#16917)Jordan Whited3-77/+6
For eventual use by net/udprelay.Server. Updates tailscale/corp#31506 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-20net/sockopts,wgengine/magicsock: export socket buffer sizing logic (#16909)Jordan Whited4-109/+13
For eventual use by net/udprelay.Server Updates tailscale/corp#31164 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-13net/{batching,packet},wgengine/magicsock: export batchingConn (#16848)Jordan Whited15-962/+86
For eventual use by net/udprelay.Server. Updates tailscale/corp#31164 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-11wgengine/magicsock: add clientmetric for Peer Relay challenge reception (#16834)Jordan Whited1-0/+2
Updates tailscale/corp#30527 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-11wgengine/magicsock: add clientmetrics for locally delivered Peer Relay alloc ↵Jordan Whited1-0/+4
disco (#16833) Expected when Peer Relay'ing via self. These disco messages never get sealed, and never leave the process. Updates tailscale/corp#30527 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-11wgengine/magicsock: add clientmetrics for TX direction Peer Relay disco ↵Jordan Whited1-12/+27
messages (#16831) Updates tailscale/corp#30527 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-11control/controlknobs,tailcfg,wgengine/magicsock: deprecate ↵Jordan Whited1-6/+0
NodeAttrDisableMagicSockCryptoRouting (#16818) Peer Relay is dependent on crypto routing, therefore crypto routing is now mandatory. Updates tailscale/corp#20732 Updates tailscale/corp#31083 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-06wgengine/magicsock: fix missing Conn.hasPeerRelayServers.Store() call (#16792)Jordan Whited2-20/+78
This commit also extends the updateRelayServersSet unit tests to cover onNodeViewsUpdate. Fixes tailscale/corp#31080 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-06wgengine/magicsock: add lazyEndpoint.FromPeer tests (#16791)Jordan Whited1-0/+72
Updates tailscale/corp#30903 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-06wgengine/magicsock: add lazyEndpoint.InitiationMessagePublicKey tests (#16790)Jordan Whited1-0/+81
Updates tailscale/corp#30903 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-06wgengine/magicsock: add receiveIP() unit tests (#16781)Jordan Whited2-1/+319
One of these tests highlighted a Geneve encap bug, which is also fixed in this commit. looksLikeInitMsg was passed a packet post Geneve header stripping with slice offsets that had not been updated to account for the stripping. Updates tailscale/corp#30903 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-08-05wgengine/router: rely on events for deleted IP rules (#16744)Claus Lensbøl10-29/+89
Adds the eventbus to the router subsystem. The event is currently only used on linux. Also includes facilities to inject events into the bus. Updates #15160 Signed-off-by: Claus Lensbøl <claus@tailscale.com>
2025-08-04wgengine/magicsock: fix looksLikeInitiationMsg endianness (#16771)Jordan Whited2-9/+14
WireGuard message type is little-endian encoded. Updates tailscale/corp#30903 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-29ipn,net,tsnet,wgengine: make an eventbus mandatory where it is used (#16594)M. J. Fromberger2-24/+28
In the components where an event bus is already plumbed through, remove the exceptions that allow it to be omitted, and update all the tests that relied on those workarounds execute properly. This change applies only to the places where we're already using the bus; it does not enforce the existence of a bus in other components (yet), Updates #15160 Change-Id: Iebb92243caba82b5eb420c49fc3e089a77454f65 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>
2025-07-28wgengine/magicsock: fix magicsock deadlock around Conn.NoteRecvActivity (#16687)Jordan Whited1-1/+4
Updates #16651 Updates tailscale/corp#30836 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-23wgengine/magicsock: update discoInfo docs (#16638)Jordan Whited1-4/+10
discoInfo is also used for holding peer relay server disco keys. Updates #cleanup Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-21wgengine/magicsock,all: allocate peer relay over disco instead of PeerAPI ↵Jordan Whited5-448/+795
(#16603) Updates tailscale/corp#30583 Updates tailscale/corp#30534 Updates tailscale/corp#30557 Signed-off-by: Dylan Bargatze <dylan@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Co-authored-by: Dylan Bargatze <dylan@tailscale.com>
2025-07-16wgengine/magicsock: add peer relay metrics (#16582)Jordan Whited2-64/+151
Updates tailscale/corp#30040 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-16cmd/tailscale/cli,ipn/ipnlocal,wgengine/magicsock: implement tailscale debug ↵Jordan Whited3-0/+41
peer-relay-servers (#16577) Updates tailscale/corp#30036 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-15tailcfg,wgengine/magicsock: set peer relay CapVer (#16531)Jordan Whited4-18/+36
Updates tailscale/corp#27502 Updates tailscale/corp#30051 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-14wgengine/magicsock: prioritize trusted peer relay paths over untrusted (#16559)Jordan Whited2-15/+107
A trusted peer relay path is always better than an untrusted direct or peer relay path. Updates tailscale/corp#30412 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-14wgengine/magicsock: don't acquire Conn.mu in udpRelayEndpointReady (#16557)Jordan Whited1-2/+0
udpRelayEndpointReady used to write into the peerMap, which required holding Conn.mu, but this changed in f9e7131. Updates #cleanup Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-10feature/relayserver,wgengine/magicsock: remove WIP gating of peer relay (#16533)Jordan Whited1-2/+1
Updates tailscale/corp#30051 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-10cmd/tailscale, ipn/ipnstate, wgengine/magicsock: update ping output for peer ↵Dylan Bargatze1-4/+5
relay (#16515) Updates the output for "tailscale ping" to indicate if a peer relay was traversed, just like the output for DERP or direct connections. Fixes tailscale/corp#30034 Signed-off-by: Dylan Bargatze <dylan@tailscale.com>
2025-07-10wgengine/magicsock: resolve epAddr collisions across peer relay conns (#16526)Jordan Whited3-12/+94
Updates tailscale/corp#30042 Updates tailscale/corp#29422 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-09wgengine/magicsock: don't peer relay if NodeAttrOnlyTCP443 is set (#16517)Jordan Whited1-0/+1
Updates tailscale/corp#30138 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-09cmd/tailscale/cli,ipn/ipnstate,wgengine/magicsock: label peer-relay (#16510)Jordan Whited2-5/+6
Updates tailscale/corp#30033 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-09tailcfg, wgengine/magicsock: disable all UDP relay usage if ↵Dylan Bargatze1-1/+9
disable-relay-client is set (#16492) If the NodeAttrDisableRelayClient node attribute is set, ensures that a node cannot allocate endpoints on a UDP relay server itself, and cannot use newly-discovered paths (via disco/CallMeMaybeVia) that traverse a UDP relay server. Fixes tailscale/corp#30180 Signed-off-by: Dylan Bargatze <dylan@tailscale.com>
2025-07-09wgengine/magicsock: support self as candidate peer relay (#16499)Jordan Whited2-63/+102
Updates tailscale/corp#30247 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-08wgengine/magicsock: remove conn.InitiationAwareEndpoint TODO (#16498)Jordan Whited1-5/+0
It was implemented in 5b0074729d38f8cc301803da06086033f53b1b93. Updates #cleanup Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-08go.mod,wgengine/magicsock: implement conn.InitiationAwareEndpoint (#16486)Jordan Whited1-3/+31
Since a [*lazyEndpoint] makes wireguard-go responsible for peer ID, but wireguard-go may not yet be configured for said peer, we need a JIT hook around initiation message reception to call what is usually called from an [*endpoint]. Updates tailscale/corp#30042 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-07wgengine/netstack: correctly proxy half-closed TCP connectionsNaman Sood1-3/+40
TCP connections are two unidirectional data streams, and if one of these streams closes, we should not assume the other half is closed as well. For example, if an HTTP client closes its write half of the connection early, it may still be expecting to receive data on its read half, so we should keep the server -> client half of the connection open, while terminating the client -> server half. Fixes tailscale/corp#29837. Signed-off-by: Naman Sood <mail@nsood.in>
2025-07-07wgengine/magicsock: fix lazyEndpoint DstIP() vs SrcIP() (#16453)Jordan Whited1-10/+24
These were flipped. DstIP() and DstIPBytes() are used internally by wireguard-go as part of a handshake DoS mitigation strategy. Updates tailscale/corp#20732 Updates tailscale/corp#30042 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-07wgengine/magicsock: simplify Geneve-encapsulated disco.Ping handling (#16448)Jordan Whited4-84/+61
Just make [relayManager] always handle it, there's no benefit to checking bestAddr's. Also, remove passing of disco.Pong to [relayManager] in endpoint.handlePongConnLocked(), which is redundant with the callsite in Conn.handleDiscoMessage(). Conn.handleDiscoMessage() already passes to [relayManager] if the txID us not known to any [*endpoint]. Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-07wgengine/magicsock: make Conn.Send() lazyEndpoint aware (#16465)Jordan Whited1-6/+15
A lazyEndpoint may end up on this TX codepath when wireguard-go is deemed "under load" and ends up transmitting a cookie reply using the received conn.Endpoint. Updates tailscale/corp#20732 Updates tailscale/corp#30042 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-04tailcfg, feature/relayserver, wgengine/magicsock: invert UDP relay server ↵Dylan Bargatze2-4/+1
nodeAttrs (#16444) Inverts the nodeAttrs related to UDP relay client/server enablement to disablement, and fixes up the corresponding logic that uses them. Also updates the doc comments on both nodeAttrs. Fixes tailscale/corp#30024 Signed-off-by: Dylan Bargatze <dylan@tailscale.com>
2025-07-02wgengine/magicsock: make lazyEndpoint load bearing for UDP relay (#16435)Jordan Whited2-5/+24
Cryptokey Routing identification is now required to set an [epAddr] into the peerMap for Geneve-encapsulated [epAddr]s. Updates tailscale/corp#27502 Updates tailscale/corp#29422 Updates tailscale/corp#30042 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-07-02wgengine/magicsock: remove references to rucPtr (#16441)Jordan Whited1-2/+2
It used to be a **RebindingUDPConn, now it's just a *RebindingUDPConn. Updates #cleanup Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-06-30wgengine/magicsock: avoid handshaking relay endpoints that are trusted (#16412)Jordan Whited4-63/+130
Changes to our src/address family can trigger blackholes. This commit also adds a missing set of trustBestAddrUntil when setting a UDP relay path as bestAddr. Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-06-27wgengine/magicsock: clear UDP relay bestAddr's on disco ping timeout (#16410)Jordan Whited1-1/+6
Otherwise we can end up mirroring packets to them forever. We may eventually want to relax this to direct paths as well, but start with UDP relay paths, which have a higher chance of becoming untrusted and never working again, to be conservative. Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-06-27wgengine/magicsock: move UDP relay path discovery to heartbeat() (#16407)Jordan Whited3-18/+118
This was previously hooked around direct UDP path discovery / CallMeMaybe transmission, and related conditions. Now it is subject to relay-specific considerations. Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-06-26disco,net/udprelay,wgengine/magicsock: support relay re-binding (#16388)Jordan Whited1-8/+38
Relay handshakes may now occur multiple times over the lifetime of a relay server endpoint. Handshake messages now include a handshake generation, which is client specified, as a means to trigger safe challenge reset server-side. Relay servers continue to enforce challenge values as single use. They will only send a given value once, in reply to the first arriving bind message for a handshake generation. VNI has been added to the handshake messages, and we expect the outer Geneve header value to match the sealed value upon reception. Remote peer disco pub key is now also included in handshake messages, and it must match the receiver's expectation for the remote, participating party. Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-06-26wgengine/magicsock: add envknob to toggle UDP relay feature (#16396)Jordan Whited3-3/+10
Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2025-06-25wgengine/magicsock: fix relayManager alloc work cleanup (#16387)Jordan Whited1-1/+4
Premature cancellation was preventing the work from ever being cleaned up in runLoop(). Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.