mirrors
/
tailscale
mirror of https://github.com/tailscale/tailscale.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,729 Commits 690 Branches 155 Tags 223 MiB
Commit Graph

161 Commits

Author SHA1 Message Date
Brad Fitzpatrick 910db02652 client/tailscale, tsnet, ipn/ipnlocal: prove nodekey ownership over noise 
Fixes #5972

Change-Id: Ic33a93d3613ac5dbf172d6a8a459ca06a7f9e547
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-02 09:22:26 -07:00
Brad Fitzpatrick f4ff26f577 types/pad32: delete package 
Use Go 1.19's new 64-bit alignment ~hidden feature instead.

Fixes #5356

Change-Id: Ifcbcb115875a7da01df3bc29e9e7feadce5bc956
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-11-01 09:03:54 -07:00
Joe Tsai a3602c28bd
wgengine/netlog: embed the StableNodeID of the authoring node (#6105) 
This allows network messages to be annotated with which node it came from.

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
 2022-10-28 10:09:30 -07:00
Joe Tsai c21a3c4733
types/netlogtype: new package for network logging types (#6092) 
The netlog.Message type is useful to depend on from other packages,
but doing so would transitively cause gvisor and other large packages
to be linked in.

Avoid this problem by moving all network logging types to a single package.

We also update staticcheck to take in:

	003d277bcf

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
 2022-10-27 14:14:18 -07:00
Brad Fitzpatrick 4021ae6b9d types/key: add missing ChallengePublic.UnmarshalText 
Forgot it when adding the Challenge types earlier.

Change-Id: Ie0872c4e6dc25e5d832aa58c7b3f66d450bf6b71
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-10-27 11:12:38 -07:00
Adrian Dewhurst 8c09ae9032 tka, types/key: add NLPublic.KeyID 
This allows direct use of NLPublic with tka.Authority.KeyTrusted() and
similar without using tricks like converting the return value of Verifier.

Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>
 2022-10-26 15:51:23 -04:00
Maisem Ali a2d15924fb types/persist: add PublicNodeKey helper 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-10-24 15:57:00 -07:00
Maisem Ali 20324eeebc ipn/prefs: add views 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-10-24 15:57:00 -07:00
Brad Fitzpatrick 18c61afeb9 types/key: add ChallengePublic, ChallengePrivate, NewChallenge 
Updates #5972

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-10-19 19:17:53 -07:00
Sonia Appasamy 5363a90272 types/view: add ContainsNonExitSubnetRoutes func 
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
 2022-10-12 15:19:36 -05:00
Joe Tsai 82f5f438e0
wgengine/wgcfg: plumb down audit log IDs (#5855) 
The node and domain audit log IDs are provided in the map response,
but are ultimately going to be used in wgengine since
that's the layer that manages the tstun.Wrapper.

Do the plumbing work to get this field passed down the stack.

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
 2022-10-06 16:19:38 -07:00
Josh Soref d4811f11a0 all: fix spelling mistakes 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-09-29 13:36:13 -07:00
Andrew Dunham b1867457a6
doctor: add package for running in-depth healthchecks; use in bugreport (#5413) 
Change-Id: Iaa4e5b021a545447f319cfe8b3da2bd3e5e5782b
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
 2022-09-26 13:07:28 -04:00
Tom DNetto e9b98dd2e1 control/controlclient,ipn/ipnlocal: wire tka enable/disable 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-09-21 12:57:59 -07:00
Eng Zer Jun f0347e841f refactor: move from io/ioutil to io and os packages 
The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.

Reference: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2022-09-15 21:45:53 -07:00
Brad Fitzpatrick 74674b110d envknob: support changing envknobs post-init 
Updates #5114

Change-Id: Ia423fc7486e1b3f3180a26308278be0086fae49b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-09-15 15:04:02 -07:00
Brad Fitzpatrick 2aade349fc net/dns, types/dnstypes: update some comments, tests for DoH 
Clarify & verify that some DoH URLs can be sent over tailcfg
in some limited cases.

Updates #2452

Change-Id: Ibb25db77788629c315dc26285a1059a763989e24
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-09-08 17:16:13 -07:00
Nahum Shalman 66d7d2549f logger: migrate rusage syscall use to x/sys/unix 
This will be helpful for illumos (#697) and should be safe
everywhere else.

Signed-off-by: Nahum Shalman <nahamu@gmail.com>
 2022-08-28 08:29:41 -07:00
Tom DNetto a78f8fa701 tka: support rotating node-keys in node-key signatures 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-08-24 10:41:01 -07:00
Tom DNetto facafd8819 client,cmd/tailscale,ipn,tka,types: implement tka initialization flow 
This PR implements the client-side of initializing network-lock with the
Coordination server.

Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-08-22 11:35:16 -07:00
Brad Fitzpatrick 8e821d7aa8 types/opt: support an explicit "unset" value for Bool 
Updates #4843

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-08-09 13:34:56 -07:00
Tom DNetto f50043f6cb tka,types/key: remove dependency for tailcfg & types/ packages on tka 
Following the pattern elsewhere, we create a new tka-specific types package for the types
that need to couple between the serialized structure types, and tka.

Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-08-04 12:51:58 -07:00
Maisem Ali a9f6cd41fd all: use syncs.AtomicValue 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-08-04 11:52:16 -07:00
Tom DNetto 8cfd775885 tka,types/key: implement direct node-key signatures 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-08-03 15:42:27 -07:00
Tom DNetto 4001d0bf25 assorted: plumb tka initialization & network-lock key into tailscaled 
- A network-lock key is generated if it doesn't already exist, and stored in the StateStore. The public component is communicated to control during registration.
 - If TKA state exists on the filesystem, a tailnet key authority is initialized (but nothing is done with it for now).

Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-08-03 14:51:47 -07:00
Tom DNetto 8d45d7e312 types/key: make NLPublic complement to NLPrivate 
Forgot that I would need that in control. Oops.

Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-08-03 14:51:47 -07:00
Brad Fitzpatrick 116f55ff66 all: gofmt for Go 1.19 
Updates #5210

Change-Id: Ib02cd5e43d0a8db60c1f09755a8ac7b140b670be
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-08-02 10:08:05 -07:00
Maisem Ali a029989aff types/dnstype: use viewer instead of cloner 
This was missed when I did the initial viewer work.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-08-02 09:58:53 -07:00
Tom DNetto 023d4e2216 tka,types/key: implement NLPrivate glue for tailnet key authority keys 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-07-29 12:16:32 -07:00
Maisem Ali 51c3d74095 types/views: add BenchmarkSliceIteration 
```
goos: darwin
goarch: arm64
pkg: tailscale.com/types/views
BenchmarkSliceIteration/Len-10            340093              3212 ns/op               0 B/op          0 allocs/op
BenchmarkSliceIteration/Cached-Len-10     366727              3211 ns/op               0 B/op          0 allocs/op
BenchmarkSliceIteration/direct-10         361561              3290 ns/op               0 B/op          0 allocs/op
PASS
ok      tailscale.com/types/views       3.662s
```

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-07-26 21:25:26 -07:00
Brad Fitzpatrick a12aad6b47 all: convert more code to use net/netip directly 
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
    perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
    goimports -w .

Then delete some stuff from the net/netaddr shim package which is no
longer neeed.

Updates #5162

Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-07-25 21:53:49 -07:00
Brad Fitzpatrick 6a396731eb all: use various net/netip parse funcs directly 
Mechanical change with perl+goimports.

Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then
goimports -d .

Finally, removed the net/netaddr wrappers, to prevent future use.

Updates #5162

Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-07-25 21:12:28 -07:00
Brad Fitzpatrick 7eaf5e509f net/netaddr: start migrating to net/netip via new netaddr adapter package 
Updates #5162

Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-07-25 16:20:43 -07:00
Brad Fitzpatrick 2024008667 types/key: add MachinePrecomputedSharedKey.Open 
Follow-up to cfdb862673

Updates tailscale/corp#1709

Change-Id: I7af931a2cb55f9006e1029381663ac21d1794242
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-07-22 12:05:29 -07:00
Brad Fitzpatrick 43f3a969ca types/views: add SliceContains, View.ContainsFunc, View.IndexFunc 
We were starting to write these elsewhere as little unexported copies
in misc places.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-07-21 08:28:43 -07:00
Brad Fitzpatrick 9bd3b5b89c types/key: add ControlPrivate.Shared wrapper too 
Follow-up to cfdb862673.

Change-Id: Iab610d761f1e6d88e8bcb584d9c02cafe48fc377
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-07-19 14:49:01 -07:00
Brad Fitzpatrick cfdb862673 types/key: add naclbox shared key wrapper type + Seal method 
So the control plane can stop doing precomputations on each naclbox
message.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-07-19 14:18:12 -07:00
Brad Fitzpatrick a1e429f7c3 control/controlclient, types/netmap: remove unused LocalPort field 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-06-19 17:22:00 -07:00
Melanie Warrick 3a182d5dd6
ipn/ipnstate: add ExitNodeStatus to share the exit node if it is in use, the IP, ID and whether its online. (#4761) 
-
Updates #4619

Signed-off-by: nyghtowl <warrick@tailscale.com>
 2022-06-07 12:31:10 -07:00
Brad Fitzpatrick 4d85cf586b cmd/tailscale, ipn/ipnlocal: add "peerapi" ping type 
For debugging when stuff like #4750 isn't working.

RELNOTE=tailscale ping -peerapi

Change-Id: I9c52c90fb046e3ab7d2b121387073319fbf27b99
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-05-28 13:47:12 -07:00
Tom ec4c49a338
types/key: make NodePublic implement Shardable (#4698) 
Needed for an experiment in Control.

Signed-off-by: Tom DNetto <tom@tailscale.com>
 2022-05-17 10:37:25 -07:00
Maisem Ali 6dae9e47f9 types/views: remove alloc in hot path 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-05-10 11:20:00 -07:00
Maisem Ali 395cb588b6 types/views: make SliceOf/MapOf panic if they see a pointer 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-05-09 19:49:31 -07:00
Maisem Ali d04afc697c cmd/viewer,types/views: add support for views of maps 
Updates #4635

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-05-09 19:49:31 -07:00
Maisem Ali 9f3ad40707 tailcfg: use cmd/viewer instead of cmd/cloner. 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-05-06 10:58:10 -07:00
Maisem Ali c4e9739251 cmd/viewer: add codegen tool for Views 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-05-06 10:58:10 -07:00
Maisem Ali e409e59a54 cmd/cloner,util/codegen: refactor cloner internals to allow reuse 
Also run go generate again for Copyright updates.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-05-06 10:58:10 -07:00
Brad Fitzpatrick cc575fe4d6 net/dns: schedule DoH upgrade explicitly, fix Resolver.Addr confusion 
Two changes in one:

* make DoH upgrades an explicitly scheduled send earlier, when we come
  up with the resolvers-and-delay send plan. Previously we were
  getting e.g.  four Google DNS IPs and then spreading them out in
  time (for back when we only did UDP) but then later we added DoH
  upgrading at the UDP packet layer, which resulted in sometimes
  multiple DoH queries to the same provider running (each doing happy
  eyeballs dialing to 4x IPs themselves) for each of the 4 source IPs.
  Instead, take those 4 Google/Cloudflare IPs and schedule 5 things:
  first the DoH query (which can use all 4 IPs), and then each of the
  4 IPs as UDP later.

* clean up the dnstype.Resolver.Addr confusion; half the code was
  using it as an IP string (as documented) as half was using it as
  an IP:port (from some prior type we used), primarily for tests.
  Instead, document it was being primarily an IP string but also
  accepting an IP:port for tests, then add an accessor method on it
  to get the IPPort and use that consistently everywhere.

Change-Id: Ifdd72b9e45433a5b9c029194d50db2b9f9217b53
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2022-04-19 12:00:22 -07:00
Joe Tsai 01adcfa688
tailcfg: add omitempty to all fields of Hostinfo (#4360) 
This reduces the noise when marshaling only a subset of this type.

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
 2022-04-05 13:25:14 -07:00
Maisem Ali bd073b8dd6 types/views: rename Generic to Unwrap 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2022-03-17 14:41:57 -07:00