Commit Graph

2297 Commits

Author SHA1 Message Date
David Anderson 58760f7b82 net/dns: split resolvconfManager into a debian and an openresolv manager.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-10 18:55:05 -07:00
David Anderson 5480189313 net/dns: implement a DNS override workaround for legacy resolvconf.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-10 17:58:13 -07:00
David Anderson 1a371b93be util/dnsname: add FQDN type, use throughout codebase.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-10 17:58:13 -07:00
AdamKorcz 7a1813fd24 Added 2 fuzzers
Signed-off-by: AdamKorcz <adam@adalogics.com>
2021-04-10 11:40:10 -07:00
Daniel Chung 5e90037f1a api.md: clarify response behaviour for ACL POST endpoint
Signed-off-by: Daniel Chung <daniel@tailscale.com>
2021-04-10 11:38:12 -07:00
Simon Kirillov a64b57e2fb control/controlclient: create tls client config with server hostname instead of serverURL.Host
Signed-off-by: Simon Kirillov <svkirillov3@gmail.com>
2021-04-10 11:20:10 -07:00
Brad Fitzpatrick 958782c737 cmd/{tailscale,tailscaled}: use netstack for subnet routing on Synology
Updates #707
Fixes #451
Fixes tailscale/tailscale-synology#52 (just make it work by default)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-09 18:44:33 -07:00
Brad Fitzpatrick 3b451509dd cmd/tailscale/cli: make advertise-{routes,exit-node} available unconditionally
It was only Linux and BSDs before, but now with netstack mode, it also works on
Windows and darwin. It's not worth limiting it to certain platforms.

Tailscaled itself can complain/fail if it doesn't like the settings
for the mode/OS it's operating under.

Updates #707

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-09 18:37:24 -07:00
Brad Fitzpatrick 83402e2753 cmd/tailscale/cli: show nicer status output when logged out
Also nicer output when running "down".

Fixes #1680

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-09 18:25:22 -07:00
Brad Fitzpatrick 5c5acadb2a portlist: unexport SameInodes method
Signed-off-by: Brad Fitzpatrick <brad@danga.com>
2021-04-09 15:16:36 -07:00
Brad Fitzpatrick 3167e55ddf ipn/{ipnlocal,localapi}, cmd/tailscale: add logout command
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-09 13:26:35 -07:00
Brad Fitzpatrick 11127666b2 ipn/ipnlocal: fix deadlock from 227f73284
Sigh.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-09 13:23:34 -07:00
Brad Fitzpatrick 227f73284f ipn/ipnlocal: eagerly announce peerapi service(s) on change
We were previously only doing it as a side effect of the port poller,
which doesn't run on e.g. iOS.

Updates tailscale/corp#1559
2021-04-09 12:10:52 -07:00
Brad Fitzpatrick fe23506471 ipn/ipnlocal: avoid unneeded initPeerAPIListener work if no changes
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-09 11:13:46 -07:00
Brad Fitzpatrick 20e7646b8d ipn/ipnlocal: always set Notify.FilesWaiting, set IncomingFiles non-nil when empty 2021-04-09 07:59:36 -07:00
Brad Fitzpatrick b0af15ff5c portlist: remove some old TODOs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-09 07:50:00 -07:00
David Anderson e638a4d86b net/dns: make directManager support split DNS, and work in sandboxes.
Fixes #1495, #683.

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-09 02:52:21 -07:00
David Anderson 2685260ba1 net/dns: add temporary fallback to quad-9 resolver for split-DNS testing.
This allows split-DNS configurations to not break clients on OSes that
haven't yet been ported to understand split DNS, by falling back to quad-9
as a global resolver when handed an "impossible to implement"
split-DNS config.

Part of #953. Needs to be removed before shipping 1.8.

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-08 23:26:22 -07:00
David Anderson b9e194c14b net/dns: add missing FQDN qualification.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-08 23:07:16 -07:00
Brad Fitzpatrick c50c3f0313 tailcfg: document new RegisterRequest.Expiry behavior
Deployed to control server.

For upcoming "logout" command and fixes.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-08 22:27:14 -07:00
David Anderson b74a8994ca net/dns: make FQDN dot style consistent in more places.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-08 22:03:32 -07:00
Brad Fitzpatrick 6d01d3bece ipn/ipnlocal: provide IPN bus updates as files arrive
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-08 20:09:52 -07:00
David Anderson 2f398106e2 ipn/ipnlocal: allow setting MagicDNS without DefaultResolvers.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-08 16:23:33 -07:00
David Anderson fad21af01c tailcfg: add DNS routes and advanced resolver config.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-08 15:29:08 -07:00
Brad Fitzpatrick 6a7912e37a cmd/tailscale/cli: add debug mode to push slowly for testing
Also set Content-Length when known, and fail explicitly on sending
directories for now.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-08 15:01:12 -07:00
Brad Fitzpatrick a9a3d3b4c1 ipn/ipnlocal: don't filter by time in FileTargets
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-08 14:02:07 -07:00
David Anderson 6def647514 net/dns/resolver: don't avoid tailscale routes for DNS forwarding.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-08 12:20:42 -07:00
Brad Fitzpatrick 597c19ff4e control/controlclient: refactor some internals
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07 21:20:17 -07:00
Brad Fitzpatrick 71432c6449 ipn/ipnlocal: some more variable renames
Missed in earlier commit.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07 21:17:33 -07:00
Brad Fitzpatrick e86b7752ef ipn/ipnlocal: rename some variables to be consistent
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07 21:12:28 -07:00
David Anderson 4a64d2a603 net/dns: some post-review cleanups.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-07 15:40:31 -07:00
David Anderson 720c1ad0f0 net/dns: insert OS base config when emulating split DNS.
Part of #953.

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-07 15:40:31 -07:00
David Anderson e560be6443 net/dns: sort matchDomains to avoid test flake.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-07 15:40:31 -07:00
David Anderson 68f76e9aa1 net/dns: add GetBaseConfig to OSConfigurator interface.
Part of #953, required to make split DNS work on more basic
platforms.

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-07 15:40:31 -07:00
David Anderson fe9cd61d71 net/dns: add tests for DNS config generation.
Part of #953.

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-07 15:40:31 -07:00
David Anderson 0ba6d03768 net/dns/resolver: add a test helper to get at the resolver config.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-07 15:40:31 -07:00
David Anderson da4cc8bbb4 net/dns: handle all possible translations of high-level DNS config.
With this change, all OSes can sort-of do split DNS, except that the
default upstream is hardcoded to 8.8.8.8 pending further plumbing.
Additionally, Windows 8-10 can do split DNS fully correctly, without
the 8.8.8.8 hack.

Part of #953.

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-04-07 15:40:31 -07:00
Brad Fitzpatrick 939861773d net/tstun: accept peerapi connections through the filter
Fixes tailscale/corp#1545

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07 12:29:20 -07:00
Brad Fitzpatrick 950fc28887 ipn, paths, cmd/tailscaled: remove LegacyConfigPath, relaynode migration
It is time.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07 10:15:45 -07:00
Brad Fitzpatrick d581ee2536 ipn: remove Options.HTTPTestClient, move to LocalBackend
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07 09:20:51 -07:00
Brad Fitzpatrick 50b309c1eb ipn/localapi, cmd/tailscale: add API to get prefs, CLI debug command to show
Updates #1436

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07 08:28:11 -07:00
Brad Fitzpatrick 03be116997 client/tailscale: factor out some helpers to reduce boilerplate
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07 08:19:36 -07:00
Brad Fitzpatrick d4b609e138 cmd/tailscale/cli: fix bug in earlier tailscale debug --local-creds addition
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-07 08:01:04 -07:00
Adrian Dewhurst 3f456ba2e7 control/controlclient: return correct certificate
When searching for the matching client identity, the returned
certificate chain was accidentally set to that of the last identity
returned by the certificate store instead of the one corresponding to
the selected identity.

Also, add some extra error checking for invalid certificate chains, just
in case.

Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
2021-04-07 09:42:13 -04:00
Brad Fitzpatrick 799973a68d ipn: move Options.Notify to its own method
We already had SetNotifyCallback elsewhere on controlclient, so use
that name.

Baby steps towards some CLI refactor work.

Updates tailscale/tailscale#1436
2021-04-06 22:12:40 -07:00
Brad Fitzpatrick d488678fdc cmd/tailscaled, wgengine{,/netstack}: add netstack hybrid mode, add to Windows
For #707

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-06 21:37:28 -07:00
Brad Fitzpatrick 1f99f889e1 ipn/{ipnlocal,localapi}: add localapi handler to dial/proxy file PUTs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-04-06 21:31:50 -07:00
Denton Gentry 3089081349 monitor/polling: reduce Cloud Run polling interval.
Cloud Run's routes never change at runtime. Don't poll it for
route changes very often.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-04-06 17:21:16 -07:00
Denton Gentry 224e60cef2 hostifo: update LXC, add Cloud Run.
Recent LXC support no longer has "lxc" in /proc/1/cgroup:
    # cat /proc/1/cgroup
    12:freezer:/
    11:rdma:/
    10:cpuset:/
    9:pids:/
    8:blkio:/
    7:devices:/
    6:perf_event:/
    5:net_cls,net_prio:/
    4:memory:/
    3:hugetlb:/
    2:cpu,cpuacct:/
    1:name=systemd:/init.scope
    0::/init.scope

Look for fuse.lxcfs in /proc.mounts in addition:
    # grep lxc /proc/mounts
    lxcfs /proc/cpuinfo fuse.lxcfs ...
    lxcfs /proc/diskstats fuse.lxcfs ...
    lxcfs /proc/loadavg fuse.lxcfs ...
    lxcfs /proc/meminfo fuse.lxcfs ...
    lxcfs /proc/stat fuse.lxcfs ...
    lxcfs /proc/swaps fuse.lxcfs ...
    lxcfs /proc/uptime fuse.lxcfs ...
    lxcfs /sys/devices/system/cpu/online fuse.lxcfs ...

Add Knative detection by looking for the environment variables
which are part of its container contract.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2021-04-06 17:21:16 -07:00
Maisem Ali 57756ef673 net/nettest: make nettest.NewConn pass x/net/nettest.TestConn.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
2021-04-06 15:34:29 -07:00