2021-02-05 16:46:12 +00:00
|
|
|
// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style
|
|
|
|
// license that can be found in the LICENSE file.
|
|
|
|
|
2022-08-02 19:34:03 +01:00
|
|
|
//go:build go1.19
|
|
|
|
// +build go1.19
|
2022-03-18 14:44:05 +00:00
|
|
|
|
2021-03-25 15:59:00 +00:00
|
|
|
package main // import "tailscale.com/cmd/tailscaled"
|
2021-02-05 16:46:12 +00:00
|
|
|
|
2021-02-05 17:53:54 +00:00
|
|
|
// TODO: check if administrator, like tswin does.
|
|
|
|
//
|
|
|
|
// TODO: try to load wintun.dll early at startup, before wireguard/tun
|
|
|
|
// does (which panics) and if we'd fail (e.g. due to access
|
|
|
|
// denied, even if administrator), use 'tasklist /m wintun.dll'
|
|
|
|
// to see if something else is currently using it and tell user.
|
|
|
|
//
|
|
|
|
// TODO: check if Tailscale service is already running, and fail early
|
|
|
|
// like tswin does.
|
|
|
|
//
|
|
|
|
// TODO: on failure, check if on a UNC drive and recommend copying it
|
|
|
|
// to C:\ to run it, like tswin does.
|
|
|
|
|
2021-02-05 16:46:12 +00:00
|
|
|
import (
|
|
|
|
"context"
|
2021-06-16 16:53:08 +01:00
|
|
|
"encoding/json"
|
2022-09-19 22:49:58 +01:00
|
|
|
"errors"
|
2021-02-05 17:53:54 +00:00
|
|
|
"fmt"
|
2021-02-05 16:46:12 +00:00
|
|
|
"log"
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
"net/netip"
|
2021-02-05 17:53:54 +00:00
|
|
|
"os"
|
|
|
|
"time"
|
2021-02-05 16:46:12 +00:00
|
|
|
|
|
|
|
"golang.org/x/sys/windows"
|
|
|
|
"golang.org/x/sys/windows/svc"
|
2022-04-29 22:18:13 +01:00
|
|
|
"golang.org/x/sys/windows/svc/eventlog"
|
2021-03-02 00:24:26 +00:00
|
|
|
"golang.zx2c4.com/wireguard/windows/tunnel/winipcfg"
|
2022-01-24 18:52:57 +00:00
|
|
|
"tailscale.com/envknob"
|
2021-02-05 16:46:12 +00:00
|
|
|
"tailscale.com/ipn/ipnserver"
|
2022-02-28 21:08:45 +00:00
|
|
|
"tailscale.com/ipn/store"
|
2021-02-05 16:46:12 +00:00
|
|
|
"tailscale.com/logpolicy"
|
2021-04-06 05:45:56 +01:00
|
|
|
"tailscale.com/net/dns"
|
2021-12-02 19:10:35 +00:00
|
|
|
"tailscale.com/net/tsdial"
|
2021-03-27 05:07:19 +00:00
|
|
|
"tailscale.com/net/tstun"
|
2021-11-05 19:40:07 +00:00
|
|
|
"tailscale.com/safesocket"
|
2021-02-05 17:53:54 +00:00
|
|
|
"tailscale.com/types/logger"
|
2021-09-28 23:33:08 +01:00
|
|
|
"tailscale.com/util/winutil"
|
2021-02-05 17:53:54 +00:00
|
|
|
"tailscale.com/version"
|
2021-05-10 17:56:15 +01:00
|
|
|
"tailscale.com/wf"
|
2021-02-05 17:53:54 +00:00
|
|
|
"tailscale.com/wgengine"
|
2021-12-01 17:18:17 +00:00
|
|
|
"tailscale.com/wgengine/monitor"
|
2021-04-01 17:35:41 +01:00
|
|
|
"tailscale.com/wgengine/netstack"
|
2021-03-29 02:59:33 +01:00
|
|
|
"tailscale.com/wgengine/router"
|
2021-02-05 16:46:12 +00:00
|
|
|
)
|
|
|
|
|
2021-02-05 19:13:34 +00:00
|
|
|
const serviceName = "Tailscale"
|
2021-02-05 16:46:12 +00:00
|
|
|
|
|
|
|
func isWindowsService() bool {
|
|
|
|
v, err := svc.IsWindowsService()
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("svc.IsWindowsService failed: %v", err)
|
|
|
|
}
|
|
|
|
return v
|
|
|
|
}
|
|
|
|
|
2022-04-29 22:18:13 +01:00
|
|
|
// syslogf is a logger function that writes to the Windows event log (ie, the
|
|
|
|
// one that you see in the Windows Event Viewer). tailscaled may optionally
|
|
|
|
// generate diagnostic messages in the same event timeline as the Windows
|
|
|
|
// Service Control Manager to assist with diagnosing issues with tailscaled's
|
|
|
|
// lifetime (such as slow shutdowns).
|
|
|
|
var syslogf logger.Logf = logger.Discard
|
|
|
|
|
2021-12-16 04:44:51 +00:00
|
|
|
// runWindowsService starts running Tailscale under the Windows
|
|
|
|
// Service environment.
|
|
|
|
//
|
|
|
|
// At this point we're still the parent process that
|
|
|
|
// Windows started.
|
2021-02-05 16:46:12 +00:00
|
|
|
func runWindowsService(pol *logpolicy.Policy) error {
|
2022-04-29 22:18:13 +01:00
|
|
|
if winutil.GetPolicyInteger("LogSCMInteractions", 0) != 0 {
|
|
|
|
syslog, err := eventlog.Open(serviceName)
|
|
|
|
if err == nil {
|
|
|
|
syslogf = func(format string, args ...any) {
|
|
|
|
syslog.Info(0, fmt.Sprintf(format, args...))
|
|
|
|
}
|
|
|
|
defer syslog.Close()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
syslogf("Service entering svc.Run")
|
|
|
|
defer syslogf("Service exiting svc.Run")
|
2021-02-05 16:46:12 +00:00
|
|
|
return svc.Run(serviceName, &ipnService{Policy: pol})
|
|
|
|
}
|
|
|
|
|
|
|
|
type ipnService struct {
|
|
|
|
Policy *logpolicy.Policy
|
|
|
|
}
|
|
|
|
|
|
|
|
// Called by Windows to execute the windows service.
|
|
|
|
func (service *ipnService) Execute(args []string, r <-chan svc.ChangeRequest, changes chan<- svc.Status) (bool, uint32) {
|
2022-04-29 22:18:13 +01:00
|
|
|
defer syslogf("SvcStopped notification imminent")
|
|
|
|
|
2021-02-05 16:46:12 +00:00
|
|
|
changes <- svc.Status{State: svc.StartPending}
|
2022-04-29 22:18:13 +01:00
|
|
|
syslogf("Service start pending")
|
2021-02-05 16:46:12 +00:00
|
|
|
|
2021-10-06 16:41:34 +01:00
|
|
|
svcAccepts := svc.AcceptStop
|
2022-01-10 20:10:02 +00:00
|
|
|
if winutil.GetPolicyInteger("FlushDNSOnSessionUnlock", 0) != 0 {
|
2021-10-06 16:41:34 +01:00
|
|
|
svcAccepts |= svc.AcceptSessionChange
|
|
|
|
}
|
|
|
|
|
2021-02-05 16:46:12 +00:00
|
|
|
ctx, cancel := context.WithCancel(context.Background())
|
|
|
|
doneCh := make(chan struct{})
|
|
|
|
go func() {
|
|
|
|
defer close(doneCh)
|
|
|
|
args := []string{"/subproc", service.Policy.PublicID.String()}
|
2021-11-18 18:13:21 +00:00
|
|
|
// Make a logger without a date prefix, as filelogger
|
|
|
|
// and logtail both already add their own. All we really want
|
|
|
|
// from the log package is the automatic newline.
|
2021-12-14 22:30:05 +00:00
|
|
|
// We start with log.Default().Writer(), which is the logtail
|
|
|
|
// writer that logpolicy already installed as the global
|
|
|
|
// output.
|
|
|
|
logger := log.New(log.Default().Writer(), "", 0)
|
2021-11-18 18:13:21 +00:00
|
|
|
ipnserver.BabysitProc(ctx, args, logger.Printf)
|
2021-02-05 16:46:12 +00:00
|
|
|
}()
|
|
|
|
|
2021-10-06 16:41:34 +01:00
|
|
|
changes <- svc.Status{State: svc.Running, Accepts: svcAccepts}
|
2022-04-29 22:18:13 +01:00
|
|
|
syslogf("Service running")
|
2021-02-05 16:46:12 +00:00
|
|
|
|
2022-04-29 22:18:13 +01:00
|
|
|
for {
|
2021-02-05 16:46:12 +00:00
|
|
|
select {
|
|
|
|
case <-doneCh:
|
2022-04-29 22:18:13 +01:00
|
|
|
return false, windows.NO_ERROR
|
2021-02-05 16:46:12 +00:00
|
|
|
case cmd := <-r:
|
2021-12-16 04:44:51 +00:00
|
|
|
log.Printf("Got Windows Service event: %v", cmdName(cmd.Cmd))
|
2021-02-05 16:46:12 +00:00
|
|
|
switch cmd.Cmd {
|
|
|
|
case svc.Stop:
|
2022-04-29 22:18:13 +01:00
|
|
|
changes <- svc.Status{State: svc.StopPending}
|
|
|
|
syslogf("Service stop pending")
|
|
|
|
cancel() // so BabysitProc will kill the child process
|
2021-02-05 16:46:12 +00:00
|
|
|
case svc.Interrogate:
|
2022-04-29 22:18:13 +01:00
|
|
|
syslogf("Service interrogation")
|
2021-02-05 16:46:12 +00:00
|
|
|
changes <- cmd.CurrentStatus
|
2021-09-28 23:33:08 +01:00
|
|
|
case svc.SessionChange:
|
2022-04-29 22:18:13 +01:00
|
|
|
syslogf("Service session change notification")
|
2021-09-28 23:33:08 +01:00
|
|
|
handleSessionChange(cmd)
|
|
|
|
changes <- cmd.CurrentStatus
|
2021-02-05 16:46:12 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2021-02-05 17:53:54 +00:00
|
|
|
|
2021-12-16 04:44:51 +00:00
|
|
|
func cmdName(c svc.Cmd) string {
|
|
|
|
switch c {
|
|
|
|
case svc.Stop:
|
|
|
|
return "Stop"
|
|
|
|
case svc.Pause:
|
|
|
|
return "Pause"
|
|
|
|
case svc.Continue:
|
|
|
|
return "Continue"
|
|
|
|
case svc.Interrogate:
|
|
|
|
return "Interrogate"
|
|
|
|
case svc.Shutdown:
|
|
|
|
return "Shutdown"
|
|
|
|
case svc.ParamChange:
|
|
|
|
return "ParamChange"
|
|
|
|
case svc.NetBindAdd:
|
|
|
|
return "NetBindAdd"
|
|
|
|
case svc.NetBindRemove:
|
|
|
|
return "NetBindRemove"
|
|
|
|
case svc.NetBindEnable:
|
|
|
|
return "NetBindEnable"
|
|
|
|
case svc.NetBindDisable:
|
|
|
|
return "NetBindDisable"
|
|
|
|
case svc.DeviceEvent:
|
|
|
|
return "DeviceEvent"
|
|
|
|
case svc.HardwareProfileChange:
|
|
|
|
return "HardwareProfileChange"
|
|
|
|
case svc.PowerEvent:
|
|
|
|
return "PowerEvent"
|
|
|
|
case svc.SessionChange:
|
|
|
|
return "SessionChange"
|
|
|
|
case svc.PreShutdown:
|
|
|
|
return "PreShutdown"
|
|
|
|
}
|
|
|
|
return fmt.Sprintf("Unknown-Service-Cmd-%d", c)
|
|
|
|
}
|
|
|
|
|
2021-02-05 17:53:54 +00:00
|
|
|
func beWindowsSubprocess() bool {
|
2021-03-02 00:24:26 +00:00
|
|
|
if beFirewallKillswitch() {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2021-02-05 17:53:54 +00:00
|
|
|
if len(os.Args) != 3 || os.Args[1] != "/subproc" {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
logid := os.Args[2]
|
|
|
|
|
2022-09-25 19:29:55 +01:00
|
|
|
// Remove the date/time prefix; the logtail + file loggers add it.
|
2021-12-14 22:30:05 +00:00
|
|
|
log.SetFlags(0)
|
|
|
|
|
2021-02-05 17:53:54 +00:00
|
|
|
log.Printf("Program starting: v%v: %#v", version.Long, os.Args)
|
|
|
|
log.Printf("subproc mode: logid=%v", logid)
|
2022-09-17 04:24:28 +01:00
|
|
|
if err := envknob.ApplyDiskConfigError(); err != nil {
|
|
|
|
log.Printf("Error reading environment config: %v", err)
|
2022-09-16 05:47:31 +01:00
|
|
|
}
|
2021-02-05 17:53:54 +00:00
|
|
|
|
|
|
|
go func() {
|
|
|
|
b := make([]byte, 16)
|
|
|
|
for {
|
|
|
|
_, err := os.Stdin.Read(b)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("stdin err (parent process died): %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
err := startIPNServer(context.Background(), logid)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("ipnserver: %v", err)
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2021-03-02 00:24:26 +00:00
|
|
|
func beFirewallKillswitch() bool {
|
|
|
|
if len(os.Args) != 3 || os.Args[1] != "/firewall" {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
log.SetFlags(0)
|
|
|
|
log.Printf("killswitch subprocess starting, tailscale GUID is %s", os.Args[2])
|
|
|
|
|
|
|
|
guid, err := windows.GUIDFromString(os.Args[2])
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("invalid GUID %q: %v", os.Args[2], err)
|
|
|
|
}
|
|
|
|
|
|
|
|
luid, err := winipcfg.LUIDFromGUID(&guid)
|
|
|
|
if err != nil {
|
2021-05-10 17:56:15 +01:00
|
|
|
log.Fatalf("no interface with GUID %q: %v", guid, err)
|
2021-03-02 00:24:26 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
start := time.Now()
|
2021-06-16 16:53:08 +01:00
|
|
|
fw, err := wf.New(uint64(luid))
|
|
|
|
if err != nil {
|
|
|
|
log.Fatalf("failed to enable firewall: %v", err)
|
2021-05-10 17:56:15 +01:00
|
|
|
}
|
2021-03-02 00:24:26 +00:00
|
|
|
log.Printf("killswitch enabled, took %s", time.Since(start))
|
|
|
|
|
2021-06-16 16:53:08 +01:00
|
|
|
// Note(maisem): when local lan access toggled, tailscaled needs to
|
|
|
|
// inform the firewall to let local routes through. The set of routes
|
|
|
|
// is passed in via stdin encoded in json.
|
|
|
|
dcd := json.NewDecoder(os.Stdin)
|
|
|
|
for {
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-26 05:14:09 +01:00
|
|
|
var routes []netip.Prefix
|
2021-06-16 16:53:08 +01:00
|
|
|
if err := dcd.Decode(&routes); err != nil {
|
|
|
|
log.Fatalf("parent process died or requested exit, exiting (%v)", err)
|
|
|
|
}
|
|
|
|
if err := fw.UpdatePermittedRoutes(routes); err != nil {
|
|
|
|
log.Fatalf("failed to update routes (%v)", err)
|
|
|
|
}
|
|
|
|
}
|
2021-03-02 00:24:26 +00:00
|
|
|
}
|
|
|
|
|
2021-02-05 17:53:54 +00:00
|
|
|
func startIPNServer(ctx context.Context, logid string) error {
|
|
|
|
var logf logger.Logf = log.Printf
|
|
|
|
|
2021-12-01 17:18:17 +00:00
|
|
|
linkMon, err := monitor.New(logf)
|
|
|
|
if err != nil {
|
2022-05-26 23:06:46 +01:00
|
|
|
return fmt.Errorf("monitor: %w", err)
|
2021-12-01 17:18:17 +00:00
|
|
|
}
|
2021-12-02 19:10:35 +00:00
|
|
|
dialer := new(tsdial.Dialer)
|
2021-12-01 17:18:17 +00:00
|
|
|
|
2022-06-03 20:08:33 +01:00
|
|
|
getEngineRaw := func() (wgengine.Engine, *netstack.Impl, error) {
|
2021-04-06 05:45:56 +01:00
|
|
|
dev, devName, err := tstun.New(logf, "Tailscale")
|
2021-03-27 04:03:21 +00:00
|
|
|
if err != nil {
|
2022-09-19 22:49:58 +01:00
|
|
|
if errors.Is(err, windows.ERROR_DEVICE_NOT_AVAILABLE) {
|
|
|
|
// Wintun is not installing correctly. Dump the state of NetSetupSvc
|
|
|
|
// (which is a user-mode service that must be active for network devices
|
|
|
|
// to install) and its dependencies to the log.
|
|
|
|
winutil.LogSvcState(logf, "NetSetupSvc")
|
|
|
|
}
|
2022-06-03 20:08:33 +01:00
|
|
|
return nil, nil, fmt.Errorf("TUN: %w", err)
|
2021-03-27 04:03:21 +00:00
|
|
|
}
|
2021-07-20 21:28:06 +01:00
|
|
|
r, err := router.New(logf, dev, nil)
|
2021-03-29 02:59:33 +01:00
|
|
|
if err != nil {
|
|
|
|
dev.Close()
|
2022-06-03 20:08:33 +01:00
|
|
|
return nil, nil, fmt.Errorf("router: %w", err)
|
2021-03-29 02:59:33 +01:00
|
|
|
}
|
2022-09-14 20:49:39 +01:00
|
|
|
if shouldWrapNetstack() {
|
2021-04-01 17:35:41 +01:00
|
|
|
r = netstack.NewSubnetRouterWrapper(r)
|
|
|
|
}
|
2021-04-12 23:51:37 +01:00
|
|
|
d, err := dns.NewOSConfigurator(logf, devName)
|
|
|
|
if err != nil {
|
|
|
|
r.Close()
|
|
|
|
dev.Close()
|
2022-06-03 20:08:33 +01:00
|
|
|
return nil, nil, fmt.Errorf("DNS: %w", err)
|
2021-04-12 23:51:37 +01:00
|
|
|
}
|
2021-03-29 03:25:01 +01:00
|
|
|
eng, err := wgengine.NewUserspaceEngine(logf, wgengine.Config{
|
2021-12-01 17:18:17 +00:00
|
|
|
Tun: dev,
|
|
|
|
Router: r,
|
|
|
|
DNS: d,
|
|
|
|
ListenPort: 41641,
|
|
|
|
LinkMonitor: linkMon,
|
2021-12-02 19:10:35 +00:00
|
|
|
Dialer: dialer,
|
2021-02-28 05:42:34 +00:00
|
|
|
})
|
2021-02-05 17:53:54 +00:00
|
|
|
if err != nil {
|
2021-03-29 02:59:33 +01:00
|
|
|
r.Close()
|
2021-03-27 04:03:21 +00:00
|
|
|
dev.Close()
|
2022-06-03 20:08:33 +01:00
|
|
|
return nil, nil, fmt.Errorf("engine: %w", err)
|
2021-02-05 17:53:54 +00:00
|
|
|
}
|
2021-12-02 19:10:35 +00:00
|
|
|
ns, err := newNetstack(logf, dialer, eng)
|
2021-10-30 00:21:18 +01:00
|
|
|
if err != nil {
|
2022-06-03 20:08:33 +01:00
|
|
|
return nil, nil, fmt.Errorf("newNetstack: %w", err)
|
2021-10-30 00:21:18 +01:00
|
|
|
}
|
|
|
|
ns.ProcessLocalIPs = false
|
2022-09-14 20:49:39 +01:00
|
|
|
ns.ProcessSubnets = shouldWrapNetstack()
|
2021-10-30 00:21:18 +01:00
|
|
|
if err := ns.Start(); err != nil {
|
2022-06-03 20:08:33 +01:00
|
|
|
return nil, nil, fmt.Errorf("failed to start netstack: %w", err)
|
2021-04-01 17:35:41 +01:00
|
|
|
}
|
2022-06-03 20:08:33 +01:00
|
|
|
return wgengine.NewWatchdog(eng), ns, nil
|
2021-02-05 17:53:54 +00:00
|
|
|
}
|
|
|
|
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
type engineOrError struct {
|
2022-06-03 20:08:33 +01:00
|
|
|
Engine wgengine.Engine
|
|
|
|
Netstack *netstack.Impl
|
|
|
|
Err error
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
}
|
|
|
|
engErrc := make(chan engineOrError)
|
|
|
|
t0 := time.Now()
|
|
|
|
go func() {
|
|
|
|
const ms = time.Millisecond
|
|
|
|
for try := 1; ; try++ {
|
|
|
|
logf("tailscaled: getting engine... (try %v)", try)
|
|
|
|
t1 := time.Now()
|
2022-06-03 20:08:33 +01:00
|
|
|
eng, ns, err := getEngineRaw()
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
d, dt := time.Since(t1).Round(ms), time.Since(t1).Round(ms)
|
2021-02-05 17:53:54 +00:00
|
|
|
if err != nil {
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
logf("tailscaled: engine fetch error (try %v) in %v (total %v, sysUptime %v): %v",
|
|
|
|
try, d, dt, windowsUptime().Round(time.Second), err)
|
|
|
|
} else {
|
|
|
|
if try > 1 {
|
|
|
|
logf("tailscaled: got engine on try %v in %v (total %v)", try, d, dt)
|
|
|
|
} else {
|
|
|
|
logf("tailscaled: got engine in %v", d)
|
|
|
|
}
|
2021-02-05 17:53:54 +00:00
|
|
|
}
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
timer := time.NewTimer(5 * time.Second)
|
2022-06-03 20:08:33 +01:00
|
|
|
engErrc <- engineOrError{eng, ns, err}
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
if err == nil {
|
|
|
|
timer.Stop()
|
|
|
|
return
|
2021-02-05 17:53:54 +00:00
|
|
|
}
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
<-timer.C
|
2021-02-05 17:53:54 +00:00
|
|
|
}
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
}()
|
|
|
|
|
|
|
|
// getEngine is called by ipnserver to get the engine. It's
|
|
|
|
// not called concurrently and is not called again once it
|
|
|
|
// successfully returns an engine.
|
2022-06-03 20:08:33 +01:00
|
|
|
getEngine := func() (wgengine.Engine, *netstack.Impl, error) {
|
2022-01-24 18:52:57 +00:00
|
|
|
if msg := envknob.String("TS_DEBUG_WIN_FAIL"); msg != "" {
|
2022-06-03 20:08:33 +01:00
|
|
|
return nil, nil, fmt.Errorf("pretending to be a service failure: %v", msg)
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
}
|
|
|
|
for {
|
|
|
|
res := <-engErrc
|
|
|
|
if res.Engine != nil {
|
2022-06-03 20:08:33 +01:00
|
|
|
return res.Engine, res.Netstack, nil
|
2021-02-05 17:53:54 +00:00
|
|
|
}
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
if time.Since(t0) < time.Minute || windowsUptime() < 10*time.Minute {
|
|
|
|
// Ignore errors during early boot. Windows 10 auto logs in the GUI
|
|
|
|
// way sooner than the networking stack components start up.
|
|
|
|
// So the network will fail for a bit (and require a few tries) while
|
|
|
|
// the GUI is still fine.
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
// Return nicer errors to users, annotated with logids, which helps
|
|
|
|
// when they file bugs.
|
2022-06-03 20:08:33 +01:00
|
|
|
return nil, nil, fmt.Errorf("%w\n\nlogid: %v", res.Err, logid)
|
2021-02-05 17:53:54 +00:00
|
|
|
}
|
|
|
|
}
|
2022-02-28 21:08:45 +00:00
|
|
|
store, err := store.New(logf, statePathOrDefault())
|
2021-11-05 19:40:07 +00:00
|
|
|
if err != nil {
|
2022-05-26 23:06:46 +01:00
|
|
|
return fmt.Errorf("store: %w", err)
|
2021-11-05 19:40:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
ln, _, err := safesocket.Listen(args.socketpath, safesocket.WindowsLocalPort)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("safesocket.Listen: %v", err)
|
|
|
|
}
|
|
|
|
|
2021-12-02 19:10:35 +00:00
|
|
|
err = ipnserver.Run(ctx, logf, ln, store, linkMon, dialer, logid, getEngine, ipnServerOpts())
|
2021-02-05 17:53:54 +00:00
|
|
|
if err != nil {
|
|
|
|
logf("ipnserver.Run: %v", err)
|
|
|
|
}
|
|
|
|
return err
|
|
|
|
}
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
|
2021-09-28 23:33:08 +01:00
|
|
|
func handleSessionChange(chgRequest svc.ChangeRequest) {
|
2021-10-06 16:41:34 +01:00
|
|
|
if chgRequest.Cmd != svc.SessionChange || chgRequest.EventType != windows.WTS_SESSION_UNLOCK {
|
2021-09-28 23:33:08 +01:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
log.Printf("Received WTS_SESSION_UNLOCK event, initiating DNS flush.")
|
|
|
|
go func() {
|
|
|
|
err := dns.Flush()
|
|
|
|
if err != nil {
|
|
|
|
log.Printf("Error flushing DNS on session unlock: %v", err)
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
}
|
|
|
|
|
cmd/tailscaled: don't block ipnserver startup behind engine init on Windows
With this change, the ipnserver's safesocket.Listen (the localhost
tcp.Listen) happens right away, before any synchronous
TUN/DNS/Engine/etc setup work, which might be slow, especially on
early boot on Windows.
Because the safesocket.Listen starts up early, that means localhost
TCP dials (the safesocket.Connect from the GUI) complete successfully
and thus the GUI avoids the MessageBox error. (I verified that
pacifies it, even without a Listener.Accept; I'd feared that Windows
localhost was maybe special and avoided the normal listener backlog).
Once the GUI can then connect immediately without errors, the various
timeouts then matter less, because the backend is no longer trying to
race against the GUI's timeout. So keep retrying on errors for a
minute, or 10 minutes if the system just booted in the past 10
minutes.
This should fix the problem with Windows 10 desktops auto-logging in
and starting the Tailscale frontend which was then showing a
MessageBox error about failing to connect to tailscaled, which was
slow coming up because the Windows networking stack wasn't up
yet. Fingers crossed.
Fixes #1313 (previously #1187, etc)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-19 21:45:55 +01:00
|
|
|
var (
|
|
|
|
kernel32 = windows.NewLazySystemDLL("kernel32.dll")
|
|
|
|
getTickCount64Proc = kernel32.NewProc("GetTickCount64")
|
|
|
|
)
|
|
|
|
|
|
|
|
func windowsUptime() time.Duration {
|
|
|
|
r, _, _ := getTickCount64Proc.Call()
|
|
|
|
return time.Duration(int64(r)) * time.Millisecond
|
|
|
|
}
|