Commit Graph

1718 Commits

Author SHA1 Message Date
David Anderson 9371665174 VERSION.txt: this is v1.4.6
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-03-12 21:04:59 -08:00
David Anderson 05c27a7774 wgengine/router: don't touch interface routes
Developed by a cast of dozens.

Fixes #1448

Signed-off-by: David Anderson <danderson@tailscale.com>
(cherry picked from commit fa6110e47b)
2021-03-12 20:48:29 -08:00
Brad Fitzpatrick 0b1b2e5ed5 wgengine/magicsock: fix Conn.Rebind race that let ErrClosed errors be read
There was a logical race where Conn.Rebind could acquire the
RebindingUDPConn mutex, close the connection, fail to rebind, release
the mutex, and then because the mutex was no longer held, ReceiveIPv4
wouldn't retry reads that failed with net.ErrClosed, letting that
error back to wireguard-go, which would then stop running that receive
IP goroutine.

Instead, keep the RebindingUDPConn mutex held for the entirety of the
replacement in all cases.

Updates tailscale/corp#1289

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 387e83c8fe)
2021-03-12 20:48:17 -08:00
Brad Fitzpatrick 6f5a03188b net/tshttpproxy: call winhttp calls from a fixed OS thread
We often see things in logs like:

2021-03-02 17:52:45.2456258 +0800 +0800: winhttp: Open: The parameter is incorrect.
2021-03-02 17:52:45.2506261 +0800 +0800: tshttpproxy: winhttp: GetProxyForURL("https://log.tailscale.io/c/tailnode.log.tailscale.io/5037bb42f4bc330e2d6143e191a7ff7e837c6be538139231de69a439536e0d68"): ERROR_INVALID_PARAMETER [unexpected]

I have a hunch that WinHTTP has thread-local state. If so, this would fix it.
If not, this is pretty harmless.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 10f48087f4)
2021-03-12 13:34:14 -08:00
David Anderson b89c653046 VERSION.txt: this is v1.4.5
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-02-23 15:45:46 -08:00
David Anderson 26db8ce386 net/netcheck: fix up staticcheck.
1aeeeb7e45 made v4unspec unused.

Signed-off-by: David Anderson <danderson@tailscale.com>
2021-02-23 15:35:56 -08:00
Brad Fitzpatrick 31f2cd9e45 wgengine/tstun: reply to MagicDNS pings
Fixes #849

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 917307a90c)
2021-02-23 15:00:57 -08:00
Brad Fitzpatrick 90c249cf26 control/controlclient: note package type in Hostinfo
Fixes tailscale/corp#440

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 4ec01323c1)
2021-02-23 15:00:57 -08:00
Brad Fitzpatrick 8319b45be7 tailcfg: add Hostinfo.Package
Updates tailscale/corp#440

(cherry picked from commit 73552eb32e)
2021-02-23 15:00:57 -08:00
Brad Fitzpatrick 4afc189919 wgengine/router: make Linux delRoute idempotent, cidrDiff fail late as possible
This makes cidrDiff do as much as possible before failing, and makes a
delete of an already-deleted rule be a no-op. We should never do this
ourselves, but other things on the system can, and this should help us
recover a bit.

Also adds the start of root-requiring tests.

TODO: hook into wgengine/monitor and notice when routes are changed
behind our back, and invalidate our routes map and re-read from
kernel (via the ip command) at least on the next reconfig call.

Updates tailscale/corp#1338

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 2d96215d97)
2021-02-23 15:00:57 -08:00
Brad Fitzpatrick a660748272 health, control/controlclient, wgengine: report when router unhealthy
Updates tailscale/corp#1338

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit fd8e070d01)
2021-02-23 15:00:57 -08:00
Brad Fitzpatrick 1aeeeb7e45 net/netcheck: do PCP discovery without side effects
Manually cherry-picked subset of c64bd587ae
back into the 1.4 branch.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-23 15:00:57 -08:00
David Anderson 3b9fcc2b81 wgengine/monitor: don't log any single-IP routes added to the tailscale table.
Signed-off-by: David Anderson <danderson@tailscale.com>
(cherry picked from commit 6e42430ad8)
2021-02-23 15:00:57 -08:00
David Anderson d51ebe38d4 wgengine/monitor: on linux, also monitor for IPv6 changes.
Signed-off-by: David Anderson <danderson@tailscale.com>
(cherry picked from commit df5adb2e23)
2021-02-23 15:00:57 -08:00
Brad Fitzpatrick b8b83c8a3f wgengine/magicsock: fix discoEndpoint caching bug when a node key changes
Fixes #1391

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit e9e4f1063d)
2021-02-23 15:00:53 -08:00
Brad Fitzpatrick 2d0bd18a08 wgengine/tsdns: skip test that requires local IPv6 when IPv6 unavailable
Fixes #1292

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-16 15:07:35 -05:00
Brad Fitzpatrick 16c67870d3 wgengine/winnet: don't build on non-windows
It only affects 'go install ./...', etc, and only on darwin/arm64 (M1 Macs) where
the go-ole package doesn't compile.

No need to build it.

Updates #943

(cherry picked from commit cbd6224ca4)
2021-02-16 11:51:28 -08:00
David Anderson 64a9656c01 VERSION.txt: this is v1.4.4
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-02-10 13:28:13 -08:00
Brad Fitzpatrick b26876427c wgengine/router: add another Windows firewall rule to allow incoming UDP
Based on @sailorfrag's research.

Fixes #1312

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-02-10 13:19:26 -08:00
Brad Fitzpatrick cc2ec141fe wgengine/magicsock: reconnect to DERP home after network comes back up
Updates #1310
2021-02-10 13:19:26 -08:00
Brad Fitzpatrick d2c1ae7ed4 VERSION.txt: this is v1.4.3 2021-02-08 19:22:17 -08:00
Brad Fitzpatrick 121f5a00f7 wgengine/magicsock: fix DERP reader hang regression during concurrent reads
Fixes #1282

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 6b365b0239)
2021-02-08 14:39:02 -08:00
Brad Fitzpatrick d06ceffd02 wgengine/magicsock: add disabled failing (deadlocking) test for #1282
The fix can make this test run unconditionally.

This moves code from 5c619882bc for
testability but doesn't fix it yet. The #1282 problem remains (when I
wrote its wake-up mechanism, I forgot there were N DERP readers
funneling into 1 UDP reader, and the code just isn't correct at all
for that case).

Also factor out some test helper code from BenchmarkReceiveFrom.

The refactoring in magicsock.go for testability should have no
behavior change.

(cherry picked from commit 6d2b8df06d)
2021-02-08 14:38:37 -08:00
Brad Fitzpatrick 0cf60b5185 control/controlclient: don't call lite endpoint update path when logged out
This was the other half of the #1271 problem.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit e8d4afedd1)
2021-02-05 10:04:04 -08:00
Brad Fitzpatrick 910682c851 control/controlclient: avoid crash sending map request with zero node key
Fixes #1271

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 7529b74018)
2021-02-05 10:04:03 -08:00
Brad Fitzpatrick c027962893 wgengine: access flow pending problem with lock held
Missed review feedback from just-submitted d37058af72.

(cherry picked from commit 70eb05fd47)
2021-02-04 11:19:54 -08:00
Brad Fitzpatrick acc50d6b67 net/packet: add some more TSMP packet reject reasons and MaybeBroken bit
Unused for now, but I want to backport this commit to 1.4 so 1.6 can
start sending these and then at least 1.4 logs will stringify nicely.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit d37058af72)
2021-02-04 10:59:17 -08:00
Brad Fitzpatrick a2ab23ba6c wgengine/magicsock: filter disco packets and packets when stopped from wireguard
Fixes #1167
Fixes tailscale/corp#219

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit f7eed25bb9)
2021-02-04 09:38:24 -08:00
Brad Fitzpatrick 71b13b5ac2 cmd/tailscale: fix IPN message reading stall in tailscale status -web
Fixes #1234
Updates #1254

(cherry picked from commit 9a70789853)
2021-02-02 14:58:47 -08:00
David Crawshaw 1c238cdce6 net/interfaces: use a uint32_t for ipv4 address
The code was using a C "int", which is a signed 32-bit integer.
That means some valid IP addresses were negative numbers.
(In particular, the default router address handed out by AT&T
fiber: 192.168.1.254. No I don't know why they do that.)
A negative number is < 255, and so was treated by the Go code
as an error.

This fixes the unit test failure:

	$ go test -v -run=TestLikelyHomeRouterIPSyscallExec ./net/interfaces
	=== RUN   TestLikelyHomeRouterIPSyscallExec
	    interfaces_darwin_cgo_test.go:15: syscall() = invalid IP, false, netstat = 192.168.1.254, true
	--- FAIL: TestLikelyHomeRouterIPSyscallExec (0.00s)

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
(cherry picked from commit d139fa9c92)
2021-02-02 14:58:45 -08:00
David Anderson a9f58fe822 VERSION.txt: this is v1.4.2
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-02-01 16:24:43 -08:00
David Anderson 5417ca69a7 wgengine/router: probe better for v6 policy routing support.
Previously we disabled v6 support if the disable_policy knob was
missing in /proc, but some kernels support policy routing without
exposing the toggle. So instead, treat disable_policy absence as a
"maybe", and make the direct `ip -6 rule` probing a bit more
elaborate to compensate.

Fixes #1241.

Signed-off-by: David Anderson <danderson@tailscale.com>
(cherry picked from commit 267531e4f8)
2021-02-01 16:13:32 -08:00
Brad Fitzpatrick 03e640e94d wgengine/router: clarify disabled IPv6 message on Linux
(cherry picked from commit 1f97037b94baf92bf26598c38987e4d69079efb7)
2021-02-01 14:09:50 -08:00
Brad Fitzpatrick 138bcae525 cmd/tailscale/cli: recommend sudo for 'tailscale up' on failure
Fixes #1220

(cherry picked from commit c7d4bf2333)
2021-02-01 13:54:48 -08:00
Brad Fitzpatrick bb0ef32dd2 cmd/tailscaled/tailscaled.service: revert recent hardening for now
It broke Debian Stretch. We'll try again later.

Updates #1245

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 2889fabaef)
2021-02-01 13:38:09 -08:00
David Anderson dde7ba4ecf VERSION.txt: this is v1.4.1
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-01-28 13:54:32 -08:00
Brad Fitzpatrick fc30cff688 wgengine/router: don't configure IPv6 on Linux when IPv6 is unavailable
Fixes #1214

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit c7fc4a06da)
2021-01-28 13:45:59 -08:00
David Anderson 775fe13e27 cmd/tailscaled: add /run to the allowed paths for iptables.
Signed-off-by: David Anderson <danderson@tailscale.com>
(cherry picked from commit de497358b8)
2021-01-28 13:45:08 -08:00
Josh Bleecher Snyder 2e33fdfe67 types/logger: fix rateFree interaction with verbosity prefixes
We log lines like this:

c.logf("[v1] magicsock: disco: %v->%v (%v, %v) sent %v", c.discoShort, dstDisco.ShortString(), dstKey.ShortString(), derpStr(dst.String()), disco.MessageSummary(m))

The leading [v1] causes it to get unintentionally rate limited.
Until we have a proper fix, work around it.

Fixes #1216

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
(cherry picked from commit 1e28207a15)
2021-01-28 10:22:09 -08:00
David Anderson 3d7cff91b3 VERSION.txt: this is v1.4.0
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-01-27 15:40:21 -08:00
Brad Fitzpatrick 4d943536f1 wgengine: don't leak TUN device in NewUserspaceEngine error path
Updates #1187

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-27 11:06:56 -08:00
Brad Fitzpatrick 9f5b0d058f wgengine: fix bugs from earlier fix
Fixes a regression from e970ed0995 that wasn't covered by tests
in this repo. (Our end-to-end tests in another repo caught this.)

Updates #1204
2021-01-27 10:32:08 -08:00
Sonia Appasamy 4dab0c1702
tailcfg: update node display name fields and methods (#1207)
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>

Consolidates the node display name logic from each of the clients into
tailcfg.Node. UI clients can use these names directly, rather than computing
them independently.
2021-01-27 11:50:31 -05:00
Brad Fitzpatrick 35e10c78fc net/interfaces: don't send over zt* interfaces
Fixes #1208

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-26 15:20:43 -08:00
David Anderson 692a011b54 net/interfaces: remove IsTailscaleIP, make callers use tsaddr.
Signed-off-by: David Anderson <danderson@tailscale.com>
2021-01-26 15:10:51 -08:00
Brad Fitzpatrick e970ed0995 wgengine: fix crash reading long UAPI lines from legacy peers
Also don't log.Fatalf in a function returning an error.

Fixes #1204

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2021-01-26 11:39:13 -08:00
Brad Fitzpatrick a7edcd0872 ipn/ipnstate: update tailscale status -web to match CLI 2021-01-26 08:29:59 -08:00
Brad Fitzpatrick a98538f84a Merge branch 'main' of github.com:tailscale/tailscale into main 2021-01-25 15:53:13 -08:00
Brad Fitzpatrick c3c59445ff ipn/ipnserver: on Windows in unattended mode, wait for Engine forever
Updates #1187
2021-01-25 15:52:24 -08:00
Brad Fitzpatrick 0dde8fa0a8 ipn/ipnserver: rearrange some code
No functional change. Make a future diff easier to read.
2021-01-25 15:46:39 -08:00