Compare commits
49 Commits
aaron/go-o
...
bradfitz/c
| Author | SHA1 | Date | |
|---|---|---|---|
|
ccdc41988c | ||
|
|
bfb4a4d9e9 | ||
|
19f61607b6 | ||
|
|
e41a3b983c | ||
|
|
f2041c9088 | ||
|
|
f30473211b | ||
|
32fd42430b | ||
|
b775df0b57 | ||
|
|
309c0a13a5 | ||
|
|
7f3d0992aa | ||
|
6e91f872af | ||
|
|
1db46919ab | ||
|
|
2a412ac9ee | ||
|
|
18818763d1 | ||
|
eaf5591953 | ||
|
|
bd073b8dd6 | ||
|
|
1e12a29806 | ||
|
|
0868329936 | ||
|
|
5f176f24db | ||
|
|
2708544018 | ||
|
|
997b19545b | ||
|
|
ead16b24ec | ||
|
|
9d4ffd135f | ||
|
|
6b9d938c1a | ||
|
d8953bf2ba | ||
|
|
84a2dc3a7e | ||
|
|
8c2cb4b431 | ||
|
|
61ee72940c | ||
|
|
1f22507c06 | ||
|
|
c2c97f8f38 | ||
|
|
26021b07ec | ||
|
|
0ef74f37a5 | ||
|
|
9482576bb1 | ||
|
|
97a01b7b17 | ||
|
|
1b57b0380d | ||
|
|
463728a885 | ||
|
|
5cb9999be3 | ||
|
|
927fc36123 | ||
|
|
71b535fc94 | ||
|
|
f695f0b178 | ||
|
|
f143ff89b7 | ||
|
|
d77b4c1344 | ||
|
|
4b1e02057a | ||
|
|
08cf54f386 | ||
|
5be42c0af1 | ||
|
|
07f48a7bfe | ||
|
858286d97f | ||
|
|
5f529d1359 | ||
|
|
36b148c2d2 |
2
.github/workflows/cross-darwin.yml
vendored
2
.github/workflows/cross-darwin.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
|
||||
2
.github/workflows/cross-freebsd.yml
vendored
2
.github/workflows/cross-freebsd.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
|
||||
2
.github/workflows/cross-openbsd.yml
vendored
2
.github/workflows/cross-openbsd.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
|
||||
2
.github/workflows/cross-windows.yml
vendored
2
.github/workflows/cross-windows.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
|
||||
2
.github/workflows/depaware.yml
vendored
2
.github/workflows/depaware.yml
vendored
@@ -16,7 +16,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v1
|
||||
|
||||
18
.github/workflows/go-generate-without-stringer.sh
vendored
Executable file
18
.github/workflows/go-generate-without-stringer.sh
vendored
Executable file
@@ -0,0 +1,18 @@
|
||||
#!/usr/bin/env sh
|
||||
#
|
||||
# This is a temporary hack to work around
|
||||
# https://github.com/golang/go/issues/51629 , wherein the stringer
|
||||
# generator doesn't work with generics.
|
||||
#
|
||||
# This script is the equivalent of `go generate ./...`, except that it
|
||||
# only runs generate on packages that don't try to use stringer.
|
||||
|
||||
set -e
|
||||
|
||||
find . -name '*.go' | xargs grep -l go:generate | xargs -n1 dirname | sort -u | while read dir; do
|
||||
if ! egrep "cmd/(stringer|cloner)" $dir/*.go; then
|
||||
set -x
|
||||
go generate -tags=hermetic $dir
|
||||
set +x
|
||||
fi
|
||||
done
|
||||
15
.github/workflows/go_generate.yml
vendored
15
.github/workflows/go_generate.yml
vendored
@@ -17,7 +17,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v2
|
||||
@@ -25,14 +25,13 @@ jobs:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: check 'go generate' is clean
|
||||
# The shell script invocation below is a temporary hack for
|
||||
# https://github.com/tailscale/tailscale/issues/4194. When
|
||||
# that issue is fixed, replace its invocation with:
|
||||
# go generate --tags=hermetic ./...
|
||||
run: |
|
||||
if [[ "${{github.ref}}" == release-branch/* ]]
|
||||
then
|
||||
pkgs=$(go list ./... | grep -v dnsfallback)
|
||||
else
|
||||
pkgs=$(go list ./... | grep -v dnsfallback)
|
||||
fi
|
||||
go generate $pkgs
|
||||
set -e
|
||||
./.github/workflows/go-generate-without-stringer.sh
|
||||
echo
|
||||
echo
|
||||
git diff --name-only --exit-code || (echo "The files above need updating. Please run 'go generate'."; exit 1)
|
||||
|
||||
2
.github/workflows/license.yml
vendored
2
.github/workflows/license.yml
vendored
@@ -16,7 +16,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v1
|
||||
|
||||
2
.github/workflows/linux-race.yml
vendored
2
.github/workflows/linux-race.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
|
||||
2
.github/workflows/linux.yml
vendored
2
.github/workflows/linux.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
|
||||
2
.github/workflows/linux32.yml
vendored
2
.github/workflows/linux32.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
id: go
|
||||
|
||||
- name: Check out code into the Go module directory
|
||||
|
||||
2
.github/workflows/staticcheck.yml
vendored
2
.github/workflows/staticcheck.yml
vendored
@@ -16,7 +16,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
|
||||
- name: Check out code
|
||||
uses: actions/checkout@v1
|
||||
|
||||
2
.github/workflows/vm.yml
vendored
2
.github/workflows/vm.yml
vendored
@@ -18,7 +18,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17
|
||||
go-version: 1.18
|
||||
|
||||
- name: Checkout Code
|
||||
uses: actions/checkout@v1
|
||||
|
||||
21
.github/workflows/windows-race.yml
vendored
21
.github/workflows/windows-race.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17.x
|
||||
go-version: 1.18.x
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
@@ -27,10 +27,21 @@ jobs:
|
||||
- name: Restore Cache
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/go/pkg/mod
|
||||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-go-
|
||||
# Note: unlike some other setups, this is only grabbing the mod download
|
||||
# cache, rather than the whole mod directory, as the download cache
|
||||
# contains zips that can be unpacked in parallel faster than they can be
|
||||
# fetched and extracted by tar
|
||||
path: |
|
||||
~/go/pkg/mod/cache
|
||||
~\AppData\Local\go-build
|
||||
|
||||
# The -2- here should be incremented when the scheme of data to be
|
||||
# cached changes (e.g. path above changes).
|
||||
# The -race- here ensures that non-race builds and race builds do not
|
||||
# overwrite each others cache, as while they share some files, they
|
||||
# differ in most by volume (build cache).
|
||||
# TODO(raggi): add a go version here.
|
||||
key: ${{ runner.os }}-go-2-race-${{ hashFiles('**/go.sum') }}
|
||||
|
||||
- name: Test with -race flag
|
||||
# Don't use -bench=. -benchtime=1x.
|
||||
|
||||
18
.github/workflows/windows.yml
vendored
18
.github/workflows/windows.yml
vendored
@@ -19,7 +19,7 @@ jobs:
|
||||
- name: Install Go
|
||||
uses: actions/setup-go@v2.1.5
|
||||
with:
|
||||
go-version: 1.17.x
|
||||
go-version: 1.18.x
|
||||
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
@@ -27,10 +27,18 @@ jobs:
|
||||
- name: Restore Cache
|
||||
uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/go/pkg/mod
|
||||
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-go-
|
||||
# Note: unlike some other setups, this is only grabbing the mod download
|
||||
# cache, rather than the whole mod directory, as the download cache
|
||||
# contains zips that can be unpacked in parallel faster than they can be
|
||||
# fetched and extracted by tar
|
||||
path: |
|
||||
~/go/pkg/mod/cache
|
||||
~\AppData\Local\go-build
|
||||
|
||||
# The -2- here should be incremented when the scheme of data to be
|
||||
# cached changes (e.g. path above changes).
|
||||
# TODO(raggi): add a go version here.
|
||||
key: ${{ runner.os }}-go-2-${{ hashFiles('**/go.sum') }}
|
||||
|
||||
- name: Test
|
||||
# Don't use -bench=. -benchtime=1x.
|
||||
|
||||
@@ -32,7 +32,7 @@
|
||||
# $ docker exec tailscaled tailscale status
|
||||
|
||||
|
||||
FROM golang:1.17-alpine AS build-env
|
||||
FROM golang:1.18-alpine AS build-env
|
||||
|
||||
WORKDIR /go/src/tailscale
|
||||
|
||||
|
||||
18
Makefile
18
Makefile
@@ -6,24 +6,24 @@ usage:
|
||||
echo "See Makefile"
|
||||
|
||||
vet:
|
||||
go vet ./...
|
||||
./tool/go vet ./...
|
||||
|
||||
updatedeps:
|
||||
go run github.com/tailscale/depaware --update tailscale.com/cmd/tailscaled
|
||||
go run github.com/tailscale/depaware --update tailscale.com/cmd/tailscale
|
||||
./tool/go run github.com/tailscale/depaware --update tailscale.com/cmd/tailscaled
|
||||
./tool/go run github.com/tailscale/depaware --update tailscale.com/cmd/tailscale
|
||||
|
||||
depaware:
|
||||
go run github.com/tailscale/depaware --check tailscale.com/cmd/tailscaled
|
||||
go run github.com/tailscale/depaware --check tailscale.com/cmd/tailscale
|
||||
./tool/go run github.com/tailscale/depaware --check tailscale.com/cmd/tailscaled
|
||||
./tool/go run github.com/tailscale/depaware --check tailscale.com/cmd/tailscale
|
||||
|
||||
buildwindows:
|
||||
GOOS=windows GOARCH=amd64 go install tailscale.com/cmd/tailscale tailscale.com/cmd/tailscaled
|
||||
GOOS=windows GOARCH=amd64 ./tool/go install tailscale.com/cmd/tailscale tailscale.com/cmd/tailscaled
|
||||
|
||||
build386:
|
||||
GOOS=linux GOARCH=386 go install tailscale.com/cmd/tailscale tailscale.com/cmd/tailscaled
|
||||
GOOS=linux GOARCH=386 ./tool/go install tailscale.com/cmd/tailscale tailscale.com/cmd/tailscaled
|
||||
|
||||
buildlinuxarm:
|
||||
GOOS=linux GOARCH=arm go install tailscale.com/cmd/tailscale tailscale.com/cmd/tailscaled
|
||||
GOOS=linux GOARCH=arm ./tool/go install tailscale.com/cmd/tailscale tailscale.com/cmd/tailscaled
|
||||
|
||||
buildmultiarchimage:
|
||||
./build_docker.sh
|
||||
@@ -31,7 +31,7 @@ buildmultiarchimage:
|
||||
check: staticcheck vet depaware buildwindows build386 buildlinuxarm
|
||||
|
||||
staticcheck:
|
||||
go run honnef.co/go/tools/cmd/staticcheck -- $$(go list ./... | grep -v tempfork)
|
||||
./tool/go run honnef.co/go/tools/cmd/staticcheck -- $$(./tool/go list ./... | grep -v tempfork)
|
||||
|
||||
spk:
|
||||
PATH="${PWD}/tool:${PATH}" ./tool/go run github.com/tailscale/tailscale-synology@main -o tailscale.spk --source=. --goarch=${SYNO_ARCH} --dsm-version=${SYNO_DSM}
|
||||
|
||||
@@ -44,7 +44,7 @@ If your distro has conventions that preclude the use of
|
||||
distro's way, so that bug reports contain useful version information.
|
||||
|
||||
We only guarantee to support the latest Go release and any Go beta or
|
||||
release candidate builds (currently Go 1.17) in module mode. It might
|
||||
release candidate builds (currently Go 1.18) in module mode. It might
|
||||
work in earlier Go versions or in GOPATH mode, but we're making no
|
||||
effort to keep those working.
|
||||
|
||||
|
||||
@@ -80,7 +80,7 @@ func (b *BIRDClient) EnableProtocol(protocol string) error {
|
||||
// Reply codes starting with 0 stand for ‘action successfully completed’ messages,
|
||||
// 1 means ‘table entry’, 8 ‘runtime error’ and 9 ‘syntax error’.
|
||||
|
||||
func (b *BIRDClient) exec(cmd string, args ...interface{}) (string, error) {
|
||||
func (b *BIRDClient) exec(cmd string, args ...any) (string, error) {
|
||||
if _, err := fmt.Fprintf(b.conn, cmd, args...); err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
12
client/tailscale/required_version.go
Normal file
12
client/tailscale/required_version.go
Normal file
@@ -0,0 +1,12 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build !go1.18
|
||||
// +build !go1.18
|
||||
|
||||
package tailscale
|
||||
|
||||
func init() {
|
||||
you_need_Go_1_18_to_compile_Tailscale()
|
||||
}
|
||||
@@ -2,6 +2,9 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build go1.18
|
||||
// +build go1.18
|
||||
|
||||
// Package tailscale contains Tailscale client code.
|
||||
package tailscale
|
||||
|
||||
@@ -113,10 +116,7 @@ func doLocalRequestNiceError(req *http.Request) (*http.Response, error) {
|
||||
if ue, ok := err.(*url.Error); ok {
|
||||
if oe, ok := ue.Err.(*net.OpError); ok && oe.Op == "dial" {
|
||||
path := req.URL.Path
|
||||
pathPrefix := path
|
||||
if i := strings.Index(path, "?"); i != -1 {
|
||||
pathPrefix = path[:i]
|
||||
}
|
||||
pathPrefix, _, _ := strings.Cut(path, "?")
|
||||
return nil, fmt.Errorf("Failed to connect to local Tailscale daemon for %s; %s Error: %w", pathPrefix, tailscaledConnectHint(), oe)
|
||||
}
|
||||
}
|
||||
@@ -517,8 +517,8 @@ func tailscaledConnectHint() string {
|
||||
// SubState=dead
|
||||
st := map[string]string{}
|
||||
for _, line := range strings.Split(string(out), "\n") {
|
||||
if i := strings.Index(line, "="); i != -1 {
|
||||
st[line[:i]] = strings.TrimSpace(line[i+1:])
|
||||
if k, v, ok := strings.Cut(line, "="); ok {
|
||||
st[k] = strings.TrimSpace(v)
|
||||
}
|
||||
}
|
||||
if st["LoadState"] == "loaded" &&
|
||||
|
||||
@@ -69,14 +69,14 @@ func main() {
|
||||
gen(buf, imports, typ, pkg.Types)
|
||||
}
|
||||
|
||||
w := func(format string, args ...interface{}) {
|
||||
w := func(format string, args ...any) {
|
||||
fmt.Fprintf(buf, format+"\n", args...)
|
||||
}
|
||||
if *flagCloneFunc {
|
||||
w("// Clone duplicates src into dst and reports whether it succeeded.")
|
||||
w("// To succeed, <src, dst> must be of types <*T, *T> or <*T, **T>,")
|
||||
w("// where T is one of %s.", *flagTypes)
|
||||
w("func Clone(dst, src interface{}) bool {")
|
||||
w("func Clone(dst, src any) bool {")
|
||||
w(" switch src := src.(type) {")
|
||||
for _, typeName := range typeNames {
|
||||
w(" case *%s:", typeName)
|
||||
@@ -158,7 +158,7 @@ func gen(buf *bytes.Buffer, imports map[string]struct{}, typ *types.Named, thisP
|
||||
fmt.Fprintf(buf, "// Clone makes a deep copy of %s.\n", name)
|
||||
fmt.Fprintf(buf, "// The result aliases no memory with the original.\n")
|
||||
fmt.Fprintf(buf, "func (src *%s) Clone() *%s {\n", name, name)
|
||||
writef := func(format string, args ...interface{}) {
|
||||
writef := func(format string, args ...any) {
|
||||
fmt.Fprintf(buf, "\t"+format+"\n", args...)
|
||||
}
|
||||
writef("if src == nil {")
|
||||
|
||||
@@ -19,7 +19,9 @@ import (
|
||||
"log"
|
||||
"net"
|
||||
"net/http"
|
||||
"os"
|
||||
"sort"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
@@ -54,7 +56,15 @@ var (
|
||||
|
||||
func main() {
|
||||
flag.Parse()
|
||||
|
||||
// proactively load the DERP map. Nothing terrible happens if this fails, so we ignore
|
||||
// the error. The Slack bot will print a notification that the DERP map was empty.
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer cancel()
|
||||
_, _ = getDERPMap(ctx)
|
||||
|
||||
go probeLoop()
|
||||
go slackLoop()
|
||||
log.Fatal(http.ListenAndServe(*listen, http.HandlerFunc(serve)))
|
||||
}
|
||||
|
||||
@@ -68,11 +78,11 @@ type overallStatus struct {
|
||||
good, bad []string
|
||||
}
|
||||
|
||||
func (st *overallStatus) addBadf(format string, a ...interface{}) {
|
||||
func (st *overallStatus) addBadf(format string, a ...any) {
|
||||
st.bad = append(st.bad, fmt.Sprintf(format, a...))
|
||||
}
|
||||
|
||||
func (st *overallStatus) addGoodf(format string, a ...interface{}) {
|
||||
func (st *overallStatus) addGoodf(format string, a ...any) {
|
||||
st.good = append(st.good, fmt.Sprintf(format, a...))
|
||||
}
|
||||
|
||||
@@ -138,10 +148,14 @@ func getOverallStatus() (o overallStatus) {
|
||||
func serve(w http.ResponseWriter, r *http.Request) {
|
||||
st := getOverallStatus()
|
||||
summary := "All good"
|
||||
if len(st.bad) > 0 {
|
||||
if (float64(len(st.bad)) / float64(len(st.bad)+len(st.good))) > 0.25 {
|
||||
// This will generate an alert and page a human.
|
||||
// It also ends up in Slack, but as part of the alert handling pipeline not
|
||||
// because we generated a Slack notification from here.
|
||||
w.WriteHeader(500)
|
||||
summary = fmt.Sprintf("%d problems", len(st.bad))
|
||||
}
|
||||
|
||||
io.WriteString(w, "<html><head><style>.bad { font-weight: bold; color: #700; }</style></head>\n")
|
||||
fmt.Fprintf(w, "<body><h1>derp probe</h1>\n%s:<ul>", summary)
|
||||
for _, s := range st.bad {
|
||||
@@ -153,6 +167,71 @@ func serve(w http.ResponseWriter, r *http.Request) {
|
||||
io.WriteString(w, "</ul></body></html>\n")
|
||||
}
|
||||
|
||||
func notifySlack(text string) error {
|
||||
type SlackRequestBody struct {
|
||||
Text string `json:"text"`
|
||||
}
|
||||
|
||||
slackBody, err := json.Marshal(SlackRequestBody{Text: text})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
webhookUrl := os.Getenv("SLACK_WEBHOOK")
|
||||
if webhookUrl == "" {
|
||||
return errors.New("No SLACK_WEBHOOK configured")
|
||||
}
|
||||
|
||||
req, err := http.NewRequest("POST", webhookUrl, bytes.NewReader(slackBody))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
req.Header.Add("Content-Type", "application/json")
|
||||
|
||||
client := &http.Client{Timeout: 10 * time.Second}
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode != 200 {
|
||||
return errors.New(resp.Status)
|
||||
}
|
||||
|
||||
body, _ := io.ReadAll(resp.Body)
|
||||
if string(body) != "ok" {
|
||||
return errors.New("Non-ok response returned from Slack")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// We only page a human if it looks like there is a significant outage across multiple regions.
|
||||
// To Slack, we report all failures great and small.
|
||||
func slackLoop() {
|
||||
inBadState := false
|
||||
for {
|
||||
time.Sleep(time.Second * 30)
|
||||
st := getOverallStatus()
|
||||
|
||||
if len(st.bad) > 0 && !inBadState {
|
||||
err := notifySlack(strings.Join(st.bad, "\n"))
|
||||
if err == nil {
|
||||
inBadState = true
|
||||
} else {
|
||||
log.Printf("%d problems, notify Slack failed: %v", len(st.bad), err)
|
||||
}
|
||||
}
|
||||
|
||||
if len(st.bad) == 0 && inBadState {
|
||||
err := notifySlack("All DERPs recovered.")
|
||||
if err == nil {
|
||||
inBadState = false
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func sortedRegions(dm *tailcfg.DERPMap) []*tailcfg.DERPRegion {
|
||||
ret := make([]*tailcfg.DERPRegion, 0, len(dm.Regions))
|
||||
for _, r := range dm.Regions {
|
||||
@@ -347,7 +426,7 @@ func probeNodePair(ctx context.Context, dm *tailcfg.DERPMap, from, to *tailcfg.D
|
||||
}
|
||||
|
||||
// Receive the random packet.
|
||||
recvc := make(chan interface{}, 1) // either derp.ReceivedPacket or error
|
||||
recvc := make(chan any, 1) // either derp.ReceivedPacket or error
|
||||
go func() {
|
||||
for {
|
||||
m, err := toc.Recv()
|
||||
|
||||
@@ -206,8 +206,6 @@ func root(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
// firstLabel s up until the first period, if any.
|
||||
func firstLabel(s string) string {
|
||||
if i := strings.Index(s, "."); i != -1 {
|
||||
return s[:i]
|
||||
}
|
||||
s, _, _ = strings.Cut(s, ".")
|
||||
return s
|
||||
}
|
||||
|
||||
231
cmd/tailscale/cli/admin.go
Normal file
231
cmd/tailscale/cli/admin.go
Normal file
@@ -0,0 +1,231 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Admin commands.
|
||||
|
||||
package cli
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"flag"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/peterbourgon/ff/v3/ffcli"
|
||||
"tailscale.com/client/tailscale"
|
||||
)
|
||||
|
||||
var adminCmd = &ffcli.Command{
|
||||
Name: "admin",
|
||||
Exec: runAdmin,
|
||||
LongHelp: `"tailscale admin" contains admin commands to manage a Tailscale network.`,
|
||||
FlagSet: (func() *flag.FlagSet {
|
||||
fs := newFlagSet("admin")
|
||||
fs.StringVar(&adminArgs.apiBase, "api-server", "https://api.tailscale.com", "which Tailscale server instance to use. Ignored when --token-file is empty.")
|
||||
fs.StringVar(&adminArgs.tokenFile, "token-file", "", "if non-empty, filename containing API token to use. If empty, authentication is done via the active Tailscale control plane connection.")
|
||||
fs.StringVar(&adminArgs.tailnet, "tailnet", "", "Tailnet to query or edit. Required if token-file is used. Must be blank if token-file is blank, in which case the tailnet used is the same as the active tailnet.")
|
||||
return fs
|
||||
})(),
|
||||
Subcommands: []*ffcli.Command{
|
||||
newTailnetACLGetCmd(),
|
||||
newTailnetDeviceListCmd(),
|
||||
newTailnetKeyListCmd(),
|
||||
},
|
||||
}
|
||||
|
||||
var adminArgs struct {
|
||||
tokenFile string
|
||||
tailnet string
|
||||
apiBase string
|
||||
}
|
||||
|
||||
func runAdmin(ctx context.Context, args []string) error {
|
||||
if len(args) > 0 {
|
||||
return errors.New("unknown command; see 'tailscale admin --help'")
|
||||
}
|
||||
return errors.New("see 'tailscale admin --help'")
|
||||
}
|
||||
|
||||
type adminClient struct {
|
||||
apiBase string // e.g. "https://api.tailscale.com"
|
||||
token string // non-empty if using token-based auth
|
||||
hc *http.Client
|
||||
tailnet string // always non-empty
|
||||
}
|
||||
|
||||
func getAdminHTTPClient() (*adminClient, error) {
|
||||
tokenFile := adminArgs.tokenFile
|
||||
tailnet := adminArgs.tailnet
|
||||
apiBase := adminArgs.apiBase
|
||||
if (tokenFile != "") != (tailnet != "") {
|
||||
return nil, errors.New("--token-file and --tailnet must both be blank or both be specified")
|
||||
}
|
||||
if tailnet == "" {
|
||||
st, err := tailscale.StatusWithoutPeers(context.Background())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if st.BackendState != "Running" {
|
||||
return nil, fmt.Errorf("Tailscale must be running; currently in state %q", st.BackendState)
|
||||
}
|
||||
if st.CurrentTailnet == nil {
|
||||
return nil, fmt.Errorf("no CurrentTailnet in status")
|
||||
}
|
||||
tailnet = st.CurrentTailnet.Name
|
||||
// TODO(bradfitz): put apiBase in *ipnstate.TailnetStatus? update apiBase here?
|
||||
}
|
||||
ac := &adminClient{
|
||||
tailnet: tailnet,
|
||||
apiBase: apiBase,
|
||||
}
|
||||
|
||||
if tokenFile != "" {
|
||||
v, err := os.ReadFile(tokenFile)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
token := strings.TrimSpace(string(v))
|
||||
if token == "" || strings.Contains(token, "\n") {
|
||||
return nil, fmt.Errorf("expect exactly 1 line in API token file %v", tokenFile)
|
||||
}
|
||||
ac.token = token
|
||||
ac.hc = http.DefaultClient
|
||||
} else {
|
||||
// Otherwise, proxy via the local tailscaled and use its identity.
|
||||
ac.hc = &http.Client{Transport: apiViaTailscaledTransport{}}
|
||||
ac.apiBase = "http://local-tailscaled.sock"
|
||||
}
|
||||
return ac, nil
|
||||
}
|
||||
|
||||
func newTailnetDeviceListCmd() *ffcli.Command {
|
||||
var fields string
|
||||
const sub = "tailnet-device-list"
|
||||
fs := newFlagSet(sub)
|
||||
fs.StringVar(&fields, "fields", "default", "comma-separated fields to include in response or 'default', 'all'")
|
||||
return &ffcli.Command{
|
||||
Name: sub,
|
||||
ShortHelp: "list devices",
|
||||
FlagSet: fs,
|
||||
Exec: func(ctx context.Context, args []string) error {
|
||||
ac, err := getAdminHTTPClient()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
q := url.Values{"fields": []string{fields}}
|
||||
return writeResJSON(ac.hc.Get(ac.apiBase + "/api/v2/tailnet/" + ac.tailnet + "/devices?" + q.Encode()))
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func newTailnetKeyListCmd() *ffcli.Command {
|
||||
const sub = "tailnet-key-list"
|
||||
return &ffcli.Command{
|
||||
Name: sub,
|
||||
ShortHelp: "list keys or specific key (with keyID as argument)",
|
||||
Exec: func(ctx context.Context, args []string) error {
|
||||
var suf string
|
||||
if len(args) == 1 {
|
||||
suf = "/" + args[0]
|
||||
} else if len(args) > 1 {
|
||||
return errors.New("too many arguments")
|
||||
}
|
||||
ac, err := getAdminHTTPClient()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return writeResJSON(ac.hc.Get(ac.apiBase + "/api/v2/tailnet/" + ac.tailnet + "/keys" + suf))
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func newTailnetACLGetCmd() *ffcli.Command {
|
||||
var asJSON bool // true is JSON, false is HuJSON
|
||||
const sub = "tailnet-acl-get"
|
||||
fs := newFlagSet(sub)
|
||||
fs.BoolVar(&asJSON, "json", false, "if true, return ACL is JSON format. The default of false means to use the original HuJSON JSON superset form that allows comments and trailing commas.")
|
||||
return &ffcli.Command{
|
||||
Name: sub,
|
||||
ShortHelp: "list Tailnet ACL/config policy",
|
||||
FlagSet: fs,
|
||||
Exec: func(ctx context.Context, args []string) error {
|
||||
ac, err := getAdminHTTPClient()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
req, err := http.NewRequest("GET", ac.apiBase+"/api/v2/tailnet/"+ac.tailnet+"/acl", nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if asJSON {
|
||||
req.Header.Set("Accept", "application/json")
|
||||
}
|
||||
res, err := ac.hc.Do(req)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if asJSON {
|
||||
return writeResJSON(res, err)
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if res.StatusCode != 200 {
|
||||
body, _ := io.ReadAll(res.Body)
|
||||
return fmt.Errorf("%v: %s", res.Status, body)
|
||||
}
|
||||
all, err := io.ReadAll(res.Body)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var buf bytes.Buffer
|
||||
buf.Write(all)
|
||||
ensureTrailingNewline(&buf)
|
||||
os.Stdout.Write(buf.Bytes())
|
||||
return nil
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
// apiViaTailscaledTransport is an http.RoundTripper that makes
|
||||
// Tailscale API HTTP requests via the localapi to tailscaled,
|
||||
// which then forwards them on over Noise.
|
||||
type apiViaTailscaledTransport struct{}
|
||||
|
||||
func (apiViaTailscaledTransport) RoundTrip(r *http.Request) (*http.Response, error) {
|
||||
return tailscale.DoLocalRequest(r)
|
||||
}
|
||||
|
||||
func ensureTrailingNewline(buf *bytes.Buffer) {
|
||||
if buf.Len() > 0 && buf.Bytes()[buf.Len()-1] != '\n' {
|
||||
buf.WriteByte('\n')
|
||||
}
|
||||
}
|
||||
|
||||
func writeResJSON(res *http.Response, err error) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer res.Body.Close()
|
||||
if res.StatusCode != 200 {
|
||||
body, _ := io.ReadAll(res.Body)
|
||||
return fmt.Errorf("%v: %s", res.Status, body)
|
||||
}
|
||||
all, err := io.ReadAll(res.Body)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
var buf bytes.Buffer
|
||||
if err := json.Indent(&buf, all, "", "\t"); err != nil {
|
||||
return err
|
||||
}
|
||||
ensureTrailingNewline(&buf)
|
||||
os.Stdout.Write(buf.Bytes())
|
||||
return nil
|
||||
}
|
||||
@@ -79,7 +79,7 @@ func runCert(ctx context.Context, args []string) error {
|
||||
}
|
||||
domain := args[0]
|
||||
|
||||
printf := func(format string, a ...interface{}) {
|
||||
printf := func(format string, a ...any) {
|
||||
printf(format, a...)
|
||||
}
|
||||
if certArgs.certFile == "-" || certArgs.keyFile == "-" {
|
||||
|
||||
@@ -35,7 +35,7 @@ import (
|
||||
var Stderr io.Writer = os.Stderr
|
||||
var Stdout io.Writer = os.Stdout
|
||||
|
||||
func printf(format string, a ...interface{}) {
|
||||
func printf(format string, a ...any) {
|
||||
fmt.Fprintf(Stdout, format, a...)
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ func printf(format string, a ...interface{}) {
|
||||
//
|
||||
// It's not named println because that looks like the Go built-in
|
||||
// which goes to stderr and formats slightly differently.
|
||||
func outln(a ...interface{}) {
|
||||
func outln(a ...any) {
|
||||
fmt.Fprintln(Stdout, a...)
|
||||
}
|
||||
|
||||
@@ -175,6 +175,7 @@ change in the future.
|
||||
fileCmd,
|
||||
bugReportCmd,
|
||||
certCmd,
|
||||
adminCmd,
|
||||
},
|
||||
FlagSet: rootfs,
|
||||
Exec: func(context.Context, []string) error { return flag.ErrHelp },
|
||||
@@ -216,7 +217,7 @@ change in the future.
|
||||
return err
|
||||
}
|
||||
|
||||
func fatalf(format string, a ...interface{}) {
|
||||
func fatalf(format string, a ...any) {
|
||||
if Fatalf != nil {
|
||||
Fatalf(format, a...)
|
||||
return
|
||||
@@ -226,7 +227,7 @@ func fatalf(format string, a ...interface{}) {
|
||||
}
|
||||
|
||||
// Fatalf, if non-nil, is used instead of log.Fatalf.
|
||||
var Fatalf func(format string, a ...interface{})
|
||||
var Fatalf func(format string, a ...any)
|
||||
|
||||
var rootArgs struct {
|
||||
socket string
|
||||
|
||||
@@ -192,7 +192,7 @@ func runDebug(ctx context.Context, args []string) error {
|
||||
// to subcommands.
|
||||
return nil
|
||||
}
|
||||
return errors.New("see 'tailscale debug --help")
|
||||
return errors.New("see 'tailscale debug --help'")
|
||||
}
|
||||
|
||||
func runLocalCreds(ctx context.Context, args []string) error {
|
||||
|
||||
@@ -15,6 +15,7 @@ import (
|
||||
"mime"
|
||||
"net/http"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"time"
|
||||
@@ -286,22 +287,116 @@ func runCpTargets(ctx context.Context, args []string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// onConflict is a flag.Value for the --conflict flag's three string options.
|
||||
type onConflict string
|
||||
|
||||
const (
|
||||
skipOnExist onConflict = "skip"
|
||||
overwriteExisting onConflict = "overwrite" // Overwrite any existing file at the target location
|
||||
createNumberedFiles onConflict = "rename" // Create an alternately named file in the style of Chrome Downloads
|
||||
)
|
||||
|
||||
func (v *onConflict) String() string { return string(*v) }
|
||||
|
||||
func (v *onConflict) Set(s string) error {
|
||||
if s == "" {
|
||||
*v = skipOnExist
|
||||
return nil
|
||||
}
|
||||
*v = onConflict(strings.ToLower(s))
|
||||
if *v != skipOnExist && *v != overwriteExisting && *v != createNumberedFiles {
|
||||
return fmt.Errorf("%q is not one of (skip|overwrite|rename)", s)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
var fileGetCmd = &ffcli.Command{
|
||||
Name: "get",
|
||||
ShortUsage: "file get [--wait] [--verbose] <target-directory>",
|
||||
ShortUsage: "file get [--wait] [--verbose] [--conflict=(skip|overwrite|rename)] <target-directory>",
|
||||
ShortHelp: "Move files out of the Tailscale file inbox",
|
||||
Exec: runFileGet,
|
||||
FlagSet: (func() *flag.FlagSet {
|
||||
fs := newFlagSet("get")
|
||||
fs.BoolVar(&getArgs.wait, "wait", false, "wait for a file to arrive if inbox is empty")
|
||||
fs.BoolVar(&getArgs.verbose, "verbose", false, "verbose output")
|
||||
fs.Var(&getArgs.conflict, "conflict", `behavior when a conflicting (same-named) file already exists in the target directory.
|
||||
skip: skip conflicting files: leave them in the taildrop inbox and print an error. get any non-conflicting files
|
||||
overwrite: overwrite existing file
|
||||
rename: write to a new number-suffixed filename`)
|
||||
return fs
|
||||
})(),
|
||||
}
|
||||
|
||||
var getArgs struct {
|
||||
wait bool
|
||||
verbose bool
|
||||
var getArgs = struct {
|
||||
wait bool
|
||||
verbose bool
|
||||
conflict onConflict
|
||||
}{conflict: skipOnExist}
|
||||
|
||||
func numberedFileName(dir, name string, i int) string {
|
||||
ext := path.Ext(name)
|
||||
return filepath.Join(dir, fmt.Sprintf("%s (%d)%s",
|
||||
strings.TrimSuffix(name, ext),
|
||||
i, ext))
|
||||
}
|
||||
|
||||
func openFileOrSubstitute(dir, base string, action onConflict) (*os.File, error) {
|
||||
targetFile := filepath.Join(dir, base)
|
||||
f, err := os.OpenFile(targetFile, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0644)
|
||||
if err == nil {
|
||||
return f, nil
|
||||
}
|
||||
// Something went wrong trying to open targetFile as a new file for writing.
|
||||
switch action {
|
||||
default:
|
||||
// This should not happen.
|
||||
return nil, fmt.Errorf("file issue. how to resolve this conflict? no one knows.")
|
||||
case skipOnExist:
|
||||
if _, statErr := os.Stat(targetFile); statErr == nil {
|
||||
// we can stat a file at that path: so it already exists.
|
||||
return nil, fmt.Errorf("refusing to overwrite file: %w", err)
|
||||
}
|
||||
return nil, fmt.Errorf("failed to write; %w", err)
|
||||
case overwriteExisting:
|
||||
// remove the target file and create it anew so we don't fall for an
|
||||
// attacker who symlinks a known target name to a file he wants changed.
|
||||
if err = os.Remove(targetFile); err != nil {
|
||||
return nil, fmt.Errorf("unable to remove target file: %w", err)
|
||||
}
|
||||
if f, err = os.OpenFile(targetFile, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0644); err != nil {
|
||||
return nil, fmt.Errorf("unable to overwrite: %w", err)
|
||||
}
|
||||
return f, nil
|
||||
case createNumberedFiles:
|
||||
// It's possible the target directory or filesystem isn't writable by us,
|
||||
// not just that the target file(s) already exists. For now, give up after
|
||||
// a limited number of attempts. In future, maybe distinguish this case
|
||||
// and follow in the style of https://tinyurl.com/chromium100
|
||||
maxAttempts := 100
|
||||
for i := 1; i < maxAttempts; i++ {
|
||||
if f, err = os.OpenFile(numberedFileName(dir, base, i), os.O_RDWR|os.O_CREATE|os.O_EXCL, 0644); err == nil {
|
||||
return f, nil
|
||||
}
|
||||
}
|
||||
return nil, fmt.Errorf("unable to find a name for writing %v, final attempt: %w", targetFile, err)
|
||||
}
|
||||
}
|
||||
|
||||
func receiveFile(ctx context.Context, wf apitype.WaitingFile, dir string) (targetFile string, size int64, err error) {
|
||||
rc, size, err := tailscale.GetWaitingFile(ctx, wf.Name)
|
||||
if err != nil {
|
||||
return "", 0, fmt.Errorf("opening inbox file %q: %w", wf.Name, err)
|
||||
}
|
||||
f, err := openFileOrSubstitute(dir, wf.Name, getArgs.conflict)
|
||||
if err != nil {
|
||||
return "", 0, err
|
||||
}
|
||||
_, err = io.Copy(f, rc)
|
||||
rc.Close()
|
||||
if err != nil {
|
||||
return "", 0, fmt.Errorf("failed to write %v: %v", f.Name(), err)
|
||||
}
|
||||
return f.Name(), size, f.Close()
|
||||
}
|
||||
|
||||
func runFileGet(ctx context.Context, args []string) error {
|
||||
@@ -330,47 +425,40 @@ func runFileGet(ctx context.Context, args []string) error {
|
||||
break
|
||||
}
|
||||
if getArgs.verbose {
|
||||
log.Printf("waiting for file...")
|
||||
printf("waiting for file...")
|
||||
}
|
||||
if err := waitForFile(ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
var errs []error
|
||||
deleted := 0
|
||||
for _, wf := range wfs {
|
||||
rc, size, err := tailscale.GetWaitingFile(ctx, wf.Name)
|
||||
writtenFile, size, err := receiveFile(ctx, wf, dir)
|
||||
if err != nil {
|
||||
return fmt.Errorf("opening inbox file %q: %v", wf.Name, err)
|
||||
}
|
||||
targetFile := filepath.Join(dir, wf.Name)
|
||||
of, err := os.OpenFile(targetFile, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0644)
|
||||
if err != nil {
|
||||
if _, err := os.Stat(targetFile); err == nil {
|
||||
return fmt.Errorf("refusing to overwrite %v", targetFile)
|
||||
}
|
||||
return err
|
||||
}
|
||||
_, err = io.Copy(of, rc)
|
||||
rc.Close()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to write %v: %v", targetFile, err)
|
||||
}
|
||||
if err := of.Close(); err != nil {
|
||||
return err
|
||||
errs = append(errs, err)
|
||||
continue
|
||||
}
|
||||
if getArgs.verbose {
|
||||
log.Printf("wrote %v (%d bytes)", wf.Name, size)
|
||||
printf("wrote %v as %v (%d bytes)\n", wf.Name, writtenFile, size)
|
||||
}
|
||||
if err := tailscale.DeleteWaitingFile(ctx, wf.Name); err != nil {
|
||||
return fmt.Errorf("deleting %q from inbox: %v", wf.Name, err)
|
||||
if err = tailscale.DeleteWaitingFile(ctx, wf.Name); err != nil {
|
||||
errs = append(errs, fmt.Errorf("deleting %q from inbox: %v", wf.Name, err))
|
||||
continue
|
||||
}
|
||||
deleted++
|
||||
}
|
||||
if getArgs.verbose {
|
||||
log.Printf("moved %d files", deleted)
|
||||
printf("moved %d/%d files\n", deleted, len(wfs))
|
||||
}
|
||||
return nil
|
||||
if len(errs) == 0 {
|
||||
return nil
|
||||
}
|
||||
for _, err := range errs[:len(errs)-1] {
|
||||
outln(err)
|
||||
}
|
||||
return errs[len(errs)-1]
|
||||
}
|
||||
|
||||
func wipeInbox(ctx context.Context) error {
|
||||
|
||||
@@ -136,7 +136,7 @@ func runStatus(ctx context.Context, args []string) error {
|
||||
}
|
||||
|
||||
var buf bytes.Buffer
|
||||
f := func(format string, a ...interface{}) { fmt.Fprintf(&buf, format, a...) }
|
||||
f := func(format string, a ...any) { fmt.Fprintf(&buf, format, a...) }
|
||||
printPS := func(ps *ipnstate.PeerStatus) {
|
||||
f("%-15s %-20s %-12s %-7s ",
|
||||
firstIPString(ps.TailscaleIPs),
|
||||
|
||||
@@ -192,7 +192,7 @@ type upOutputJSON struct {
|
||||
Error string `json:",omitempty"` // description of an error
|
||||
}
|
||||
|
||||
func warnf(format string, args ...interface{}) {
|
||||
func warnf(format string, args ...any) {
|
||||
printf("Warning: "+format+"\n", args...)
|
||||
}
|
||||
|
||||
@@ -823,8 +823,8 @@ func flagAppliesToOS(flag, goos string) bool {
|
||||
return true
|
||||
}
|
||||
|
||||
func prefsToFlags(env upCheckEnv, prefs *ipn.Prefs) (flagVal map[string]interface{}) {
|
||||
ret := make(map[string]interface{})
|
||||
func prefsToFlags(env upCheckEnv, prefs *ipn.Prefs) (flagVal map[string]any) {
|
||||
ret := make(map[string]any)
|
||||
|
||||
exitNodeIPStr := func() string {
|
||||
if !prefs.ExitNodeIP.IsZero() {
|
||||
@@ -841,7 +841,7 @@ func prefsToFlags(env upCheckEnv, prefs *ipn.Prefs) (flagVal map[string]interfac
|
||||
if preflessFlag(f.Name) {
|
||||
return
|
||||
}
|
||||
set := func(v interface{}) {
|
||||
set := func(v any) {
|
||||
if flagAppliesToOS(f.Name, env.goos) {
|
||||
ret[f.Name] = v
|
||||
} else {
|
||||
@@ -895,7 +895,7 @@ func prefsToFlags(env upCheckEnv, prefs *ipn.Prefs) (flagVal map[string]interfac
|
||||
return ret
|
||||
}
|
||||
|
||||
func fmtFlagValueArg(flagName string, val interface{}) string {
|
||||
func fmtFlagValueArg(flagName string, val any) string {
|
||||
if val == true {
|
||||
return "--" + flagName
|
||||
}
|
||||
|
||||
@@ -313,7 +313,7 @@ func webHandler(w http.ResponseWriter, r *http.Request) {
|
||||
AdvertiseExitNode bool
|
||||
Reauthenticate bool
|
||||
}
|
||||
type mi map[string]interface{}
|
||||
type mi map[string]any
|
||||
if err := json.NewDecoder(r.Body).Decode(&postData); err != nil {
|
||||
w.WriteHeader(400)
|
||||
json.NewEncoder(w).Encode(mi{"error": err.Error()})
|
||||
|
||||
@@ -37,7 +37,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
|
||||
tailscale.com from tailscale.com/version
|
||||
tailscale.com/atomicfile from tailscale.com/ipn+
|
||||
tailscale.com/client/tailscale from tailscale.com/cmd/tailscale/cli+
|
||||
tailscale.com/client/tailscale/apitype from tailscale.com/client/tailscale+
|
||||
tailscale.com/client/tailscale/apitype from tailscale.com/cmd/tailscale/cli+
|
||||
tailscale.com/cmd/tailscale/cli from tailscale.com/cmd/tailscale
|
||||
tailscale.com/control/controlknobs from tailscale.com/net/portmapper
|
||||
tailscale.com/derp from tailscale.com/derp/derphttp
|
||||
@@ -64,7 +64,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
|
||||
💣 tailscale.com/net/tshttpproxy from tailscale.com/derp/derphttp+
|
||||
💣 tailscale.com/paths from tailscale.com/cmd/tailscale/cli+
|
||||
tailscale.com/safesocket from tailscale.com/cmd/tailscale/cli+
|
||||
💣 tailscale.com/syncs from tailscale.com/net/interfaces+
|
||||
tailscale.com/syncs from tailscale.com/net/interfaces+
|
||||
tailscale.com/tailcfg from tailscale.com/cmd/tailscale/cli+
|
||||
W tailscale.com/tsconst from tailscale.com/net/interfaces
|
||||
💣 tailscale.com/tstime/mono from tailscale.com/tstime/rate
|
||||
@@ -82,6 +82,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
|
||||
tailscale.com/types/structs from tailscale.com/ipn+
|
||||
tailscale.com/types/views from tailscale.com/tailcfg+
|
||||
tailscale.com/util/clientmetric from tailscale.com/net/netcheck+
|
||||
W tailscale.com/util/cmpver from tailscale.com/net/tshttpproxy
|
||||
tailscale.com/util/dnsname from tailscale.com/cmd/tailscale/cli+
|
||||
W tailscale.com/util/endian from tailscale.com/net/netns
|
||||
tailscale.com/util/groupmember from tailscale.com/cmd/tailscale/cli
|
||||
@@ -100,7 +101,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
|
||||
golang.org/x/crypto/hkdf from crypto/tls
|
||||
golang.org/x/crypto/nacl/box from tailscale.com/types/key
|
||||
golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box
|
||||
golang.org/x/crypto/poly1305 from golang.org/x/crypto/chacha20poly1305
|
||||
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
|
||||
L golang.org/x/net/bpf from github.com/mdlayher/netlink+
|
||||
golang.org/x/net/dns/dnsmessage from net+
|
||||
@@ -186,6 +186,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
|
||||
net/http/cgi from tailscale.com/cmd/tailscale/cli
|
||||
net/http/httptrace from github.com/tcnksm/go-httpstat+
|
||||
net/http/internal from net/http
|
||||
net/netip from net
|
||||
net/textproto from golang.org/x/net/http/httpguts+
|
||||
net/url from crypto/x509+
|
||||
os from crypto/rand+
|
||||
@@ -197,7 +198,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
|
||||
reflect from crypto/x509+
|
||||
regexp from github.com/tailscale/goupnp/httpu+
|
||||
regexp/syntax from regexp
|
||||
runtime/debug from golang.org/x/sync/singleflight
|
||||
runtime/debug from golang.org/x/sync/singleflight+
|
||||
sort from compress/flate+
|
||||
strconv from compress/flate+
|
||||
strings from bufio+
|
||||
|
||||
@@ -2,6 +2,9 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build go1.18
|
||||
// +build go1.18
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
|
||||
@@ -73,7 +73,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
L github.com/insomniacslk/dhcp/rfc1035label from github.com/insomniacslk/dhcp/dhcpv4
|
||||
L github.com/jmespath/go-jmespath from github.com/aws/aws-sdk-go-v2/service/ssm
|
||||
L github.com/josharian/native from github.com/mdlayher/netlink+
|
||||
L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/wgengine/monitor+
|
||||
L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces+
|
||||
L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink
|
||||
github.com/klauspost/compress from github.com/klauspost/compress/zstd
|
||||
L github.com/klauspost/compress/flate from nhooyr.io/websocket
|
||||
@@ -172,7 +172,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
tailscale.com/client/tailscale/apitype from tailscale.com/client/tailscale+
|
||||
tailscale.com/cmd/tailscaled/childproc from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/control/controlbase from tailscale.com/control/controlclient+
|
||||
tailscale.com/control/controlclient from tailscale.com/ipn/ipnlocal+
|
||||
tailscale.com/control/controlclient from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/control/controlhttp from tailscale.com/control/controlclient
|
||||
tailscale.com/control/controlknobs from tailscale.com/control/controlclient+
|
||||
tailscale.com/derp from tailscale.com/derp/derphttp+
|
||||
@@ -196,19 +196,19 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
tailscale.com/log/filelogger from tailscale.com/logpolicy
|
||||
tailscale.com/log/logheap from tailscale.com/control/controlclient
|
||||
tailscale.com/logpolicy from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/logtail from tailscale.com/logpolicy+
|
||||
tailscale.com/logtail from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/logtail/backoff from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/logtail/filch from tailscale.com/logpolicy
|
||||
💣 tailscale.com/metrics from tailscale.com/derp+
|
||||
tailscale.com/net/dns from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/net/dns/resolvconffile from tailscale.com/net/dns+
|
||||
tailscale.com/net/dns/resolver from tailscale.com/net/dns+
|
||||
tailscale.com/net/dns/resolver from tailscale.com/ipn/ipnlocal+
|
||||
tailscale.com/net/dnscache from tailscale.com/control/controlclient+
|
||||
tailscale.com/net/dnsfallback from tailscale.com/control/controlclient+
|
||||
tailscale.com/net/flowtrack from tailscale.com/net/packet+
|
||||
💣 tailscale.com/net/interfaces from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/net/netcheck from tailscale.com/wgengine/magicsock
|
||||
tailscale.com/net/neterror from tailscale.com/net/netcheck+
|
||||
tailscale.com/net/neterror from tailscale.com/net/dns/resolver+
|
||||
tailscale.com/net/netknob from tailscale.com/logpolicy+
|
||||
tailscale.com/net/netns from tailscale.com/cmd/tailscaled+
|
||||
💣 tailscale.com/net/netstat from tailscale.com/ipn/ipnserver
|
||||
@@ -219,7 +219,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
tailscale.com/net/socks5 from tailscale.com/cmd/tailscaled
|
||||
tailscale.com/net/stun from tailscale.com/net/netcheck+
|
||||
tailscale.com/net/tlsdial from tailscale.com/control/controlclient+
|
||||
tailscale.com/net/tsaddr from tailscale.com/ipn/ipnlocal+
|
||||
tailscale.com/net/tsaddr from tailscale.com/ipn+
|
||||
tailscale.com/net/tsdial from tailscale.com/cmd/tailscaled+
|
||||
💣 tailscale.com/net/tshttpproxy from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/net/tstun from tailscale.com/cmd/tailscaled+
|
||||
@@ -228,7 +228,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
tailscale.com/safesocket from tailscale.com/client/tailscale+
|
||||
tailscale.com/smallzstd from tailscale.com/ipn/ipnserver+
|
||||
LD 💣 tailscale.com/ssh/tailssh from tailscale.com/wgengine/netstack
|
||||
💣 tailscale.com/syncs from tailscale.com/control/controlknobs+
|
||||
tailscale.com/syncs from tailscale.com/control/controlknobs+
|
||||
tailscale.com/tailcfg from tailscale.com/client/tailscale+
|
||||
W tailscale.com/tsconst from tailscale.com/net/interfaces
|
||||
tailscale.com/tstime from tailscale.com/wgengine/magicsock
|
||||
@@ -248,15 +248,16 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
tailscale.com/types/persist from tailscale.com/control/controlclient+
|
||||
tailscale.com/types/preftype from tailscale.com/ipn+
|
||||
tailscale.com/types/structs from tailscale.com/control/controlclient+
|
||||
tailscale.com/types/views from tailscale.com/tailcfg+
|
||||
tailscale.com/util/clientmetric from tailscale.com/ipn/localapi+
|
||||
L tailscale.com/util/cmpver from tailscale.com/net/dns
|
||||
tailscale.com/types/views from tailscale.com/ipn/ipnlocal+
|
||||
tailscale.com/util/clientmetric from tailscale.com/cmd/tailscaled+
|
||||
LW tailscale.com/util/cmpver from tailscale.com/net/dns+
|
||||
💣 tailscale.com/util/deephash from tailscale.com/ipn/ipnlocal+
|
||||
tailscale.com/util/dnsname from tailscale.com/hostinfo+
|
||||
LW tailscale.com/util/endian from tailscale.com/net/dns+
|
||||
tailscale.com/util/groupmember from tailscale.com/ipn/ipnserver
|
||||
tailscale.com/util/lineread from tailscale.com/hostinfo+
|
||||
tailscale.com/util/multierr from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/util/netconv from tailscale.com/wgengine/magicsock
|
||||
tailscale.com/util/osshare from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/util/pidowner from tailscale.com/ipn/ipnserver
|
||||
tailscale.com/util/racebuild from tailscale.com/logpolicy
|
||||
@@ -269,7 +270,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
W tailscale.com/wf from tailscale.com/cmd/tailscaled
|
||||
tailscale.com/wgengine from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/wgengine/filter from tailscale.com/control/controlclient+
|
||||
tailscale.com/wgengine/magicsock from tailscale.com/wgengine+
|
||||
tailscale.com/wgengine/magicsock from tailscale.com/ipn/ipnlocal+
|
||||
tailscale.com/wgengine/monitor from tailscale.com/cmd/tailscaled+
|
||||
tailscale.com/wgengine/netstack from tailscale.com/cmd/tailscaled
|
||||
tailscale.com/wgengine/router from tailscale.com/cmd/tailscaled+
|
||||
@@ -290,23 +291,23 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
golang.org/x/crypto/hkdf from crypto/tls+
|
||||
golang.org/x/crypto/nacl/box from tailscale.com/types/key
|
||||
golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box
|
||||
golang.org/x/crypto/poly1305 from golang.org/x/crypto/chacha20poly1305+
|
||||
golang.org/x/crypto/poly1305 from golang.zx2c4.com/wireguard/device
|
||||
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+
|
||||
LD golang.org/x/crypto/ssh from github.com/tailscale/ssh+
|
||||
golang.org/x/net/bpf from github.com/mdlayher/netlink+
|
||||
golang.org/x/net/bpf from github.com/mdlayher/genetlink+
|
||||
golang.org/x/net/dns/dnsmessage from net+
|
||||
golang.org/x/net/http/httpguts from net/http+
|
||||
golang.org/x/net/http/httpguts from golang.org/x/net/http2+
|
||||
golang.org/x/net/http/httpproxy from net/http
|
||||
golang.org/x/net/http2 from golang.org/x/net/http2/h2c+
|
||||
golang.org/x/net/http2/h2c from tailscale.com/ipn/ipnlocal
|
||||
golang.org/x/net/http2/hpack from net/http+
|
||||
golang.org/x/net/http2/hpack from golang.org/x/net/http2+
|
||||
golang.org/x/net/idna from golang.org/x/net/http/httpguts+
|
||||
golang.org/x/net/ipv4 from golang.zx2c4.com/wireguard/device
|
||||
golang.org/x/net/ipv6 from golang.zx2c4.com/wireguard/device+
|
||||
golang.org/x/net/proxy from tailscale.com/net/netns
|
||||
D golang.org/x/net/route from net+
|
||||
golang.org/x/sync/errgroup from github.com/tailscale/goupnp/httpu+
|
||||
golang.org/x/sync/singleflight from tailscale.com/net/dnscache+
|
||||
golang.org/x/sync/errgroup from github.com/mdlayher/socket+
|
||||
golang.org/x/sync/singleflight from tailscale.com/control/controlclient+
|
||||
golang.org/x/sys/cpu from golang.org/x/crypto/blake2b+
|
||||
LD golang.org/x/sys/unix from github.com/insomniacslk/dhcp/interfaces+
|
||||
W golang.org/x/sys/windows from github.com/go-ole/go-ole+
|
||||
@@ -322,7 +323,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
bufio from compress/flate+
|
||||
bytes from bufio+
|
||||
compress/flate from compress/gzip+
|
||||
compress/gzip from internal/profile+
|
||||
compress/gzip from golang.org/x/net/http2+
|
||||
container/heap from gvisor.dev/gvisor/pkg/tcpip/transport/tcp
|
||||
container/list from crypto/tls+
|
||||
context from crypto/tls+
|
||||
@@ -343,10 +344,10 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
crypto/sha256 from crypto/tls+
|
||||
crypto/sha512 from crypto/ecdsa+
|
||||
crypto/subtle from crypto/aes+
|
||||
crypto/tls from github.com/tcnksm/go-httpstat+
|
||||
crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
|
||||
crypto/x509 from crypto/tls+
|
||||
crypto/x509/pkix from crypto/x509+
|
||||
embed from tailscale.com/net/dns+
|
||||
embed from crypto/elliptic+
|
||||
encoding from encoding/json+
|
||||
encoding/asn1 from crypto/x509+
|
||||
encoding/base64 from encoding/json+
|
||||
@@ -354,7 +355,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
encoding/hex from crypto/x509+
|
||||
encoding/json from expvar+
|
||||
encoding/pem from crypto/tls+
|
||||
encoding/xml from github.com/tailscale/goupnp+
|
||||
encoding/xml from github.com/aws/aws-sdk-go-v2/aws/protocol/xml+
|
||||
errors from bufio+
|
||||
expvar from tailscale.com/derp+
|
||||
flag from tailscale.com/cmd/tailscaled+
|
||||
@@ -379,19 +380,20 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
|
||||
net from crypto/tls+
|
||||
net/http from expvar+
|
||||
net/http/httptrace from github.com/tcnksm/go-httpstat+
|
||||
net/http/httputil from tailscale.com/cmd/tailscaled+
|
||||
net/http/httputil from github.com/aws/smithy-go/transport/http+
|
||||
net/http/internal from net/http+
|
||||
net/http/pprof from tailscale.com/cmd/tailscaled+
|
||||
net/textproto from golang.org/x/net/http/httpguts+
|
||||
net/netip from golang.zx2c4.com/wireguard/conn+
|
||||
net/textproto from github.com/aws/aws-sdk-go-v2/aws/signer/v4+
|
||||
net/url from crypto/x509+
|
||||
os from crypto/rand+
|
||||
os/exec from github.com/coreos/go-iptables/iptables+
|
||||
os/exec from github.com/aws/aws-sdk-go-v2/credentials/processcreds+
|
||||
os/signal from tailscale.com/cmd/tailscaled+
|
||||
os/user from github.com/godbus/dbus/v5+
|
||||
path from github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds+
|
||||
path/filepath from crypto/x509+
|
||||
reflect from crypto/x509+
|
||||
regexp from github.com/coreos/go-iptables/iptables+
|
||||
regexp from github.com/aws/aws-sdk-go-v2/internal/endpoints/v2+
|
||||
regexp/syntax from regexp
|
||||
runtime/debug from github.com/klauspost/compress/zstd+
|
||||
runtime/pprof from net/http/pprof+
|
||||
|
||||
@@ -2,6 +2,9 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build go1.18
|
||||
// +build go1.18
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
|
||||
@@ -2,6 +2,9 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build go1.18
|
||||
// +build go1.18
|
||||
|
||||
package main
|
||||
|
||||
import (
|
||||
|
||||
@@ -2,6 +2,9 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build go1.18
|
||||
// +build go1.18
|
||||
|
||||
// HTTP proxy code
|
||||
|
||||
package main
|
||||
|
||||
12
cmd/tailscaled/required_version.go
Normal file
12
cmd/tailscaled/required_version.go
Normal file
@@ -0,0 +1,12 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build !go1.18
|
||||
// +build !go1.18
|
||||
|
||||
package main
|
||||
|
||||
func init() {
|
||||
you_need_Go_1_18_to_compile_Tailscale()
|
||||
}
|
||||
@@ -2,6 +2,9 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build go1.18
|
||||
// +build go1.18
|
||||
|
||||
// The tailscaled program is the Tailscale client daemon. It's configured
|
||||
// and controlled via the tailscale CLI program.
|
||||
//
|
||||
@@ -178,6 +181,9 @@ func main() {
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
if runtime.GOOS == "darwin" && runtime.Version() == "go1.18" {
|
||||
log.Fatalf("tailscaled is broken on macOS with go1.18 due to upstream bug https://github.com/golang/go/issues/51759; use 1.18.1+ or Tailscale's Go fork")
|
||||
}
|
||||
if runtime.GOOS == "darwin" && os.Getuid() != 0 && !strings.Contains(args.tunname, "userspace-networking") && !args.cleanup {
|
||||
log.SetFlags(0)
|
||||
log.Fatalf("tailscaled requires root; use sudo tailscaled (or use --tun=userspace-networking)")
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build linux || darwin || freebsd || openbsd
|
||||
//go:build go1.18 && (linux || darwin || freebsd || openbsd)
|
||||
// +build go1.18
|
||||
// +build linux darwin freebsd openbsd
|
||||
|
||||
package main
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build !windows
|
||||
// +build !windows
|
||||
//go:build !windows && go1.18
|
||||
// +build !windows,go1.18
|
||||
|
||||
package main // import "tailscale.com/cmd/tailscaled"
|
||||
|
||||
|
||||
@@ -2,6 +2,9 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build go1.18
|
||||
// +build go1.18
|
||||
|
||||
package main // import "tailscale.com/cmd/tailscaled"
|
||||
|
||||
// TODO: check if administrator, like tswin does.
|
||||
|
||||
@@ -46,10 +46,10 @@ type fakeTB struct {
|
||||
}
|
||||
|
||||
func (t fakeTB) Cleanup(_ func()) {}
|
||||
func (t fakeTB) Error(args ...interface{}) {
|
||||
func (t fakeTB) Error(args ...any) {
|
||||
t.Fatal(args...)
|
||||
}
|
||||
func (t fakeTB) Errorf(format string, args ...interface{}) {
|
||||
func (t fakeTB) Errorf(format string, args ...any) {
|
||||
t.Fatalf(format, args...)
|
||||
}
|
||||
func (t fakeTB) Fail() {
|
||||
@@ -61,17 +61,17 @@ func (t fakeTB) FailNow() {
|
||||
func (t fakeTB) Failed() bool {
|
||||
return false
|
||||
}
|
||||
func (t fakeTB) Fatal(args ...interface{}) {
|
||||
func (t fakeTB) Fatal(args ...any) {
|
||||
log.Fatal(args...)
|
||||
}
|
||||
func (t fakeTB) Fatalf(format string, args ...interface{}) {
|
||||
func (t fakeTB) Fatalf(format string, args ...any) {
|
||||
log.Fatalf(format, args...)
|
||||
}
|
||||
func (t fakeTB) Helper() {}
|
||||
func (t fakeTB) Log(args ...interface{}) {
|
||||
func (t fakeTB) Log(args ...any) {
|
||||
log.Print(args...)
|
||||
}
|
||||
func (t fakeTB) Logf(format string, args ...interface{}) {
|
||||
func (t fakeTB) Logf(format string, args ...any) {
|
||||
log.Printf(format, args...)
|
||||
}
|
||||
func (t fakeTB) Name() string {
|
||||
@@ -80,13 +80,13 @@ func (t fakeTB) Name() string {
|
||||
func (t fakeTB) Setenv(key string, value string) {
|
||||
panic("not implemented")
|
||||
}
|
||||
func (t fakeTB) Skip(args ...interface{}) {
|
||||
func (t fakeTB) Skip(args ...any) {
|
||||
t.Fatal("skipped")
|
||||
}
|
||||
func (t fakeTB) SkipNow() {
|
||||
t.Fatal("skipnow")
|
||||
}
|
||||
func (t fakeTB) Skipf(format string, args ...interface{}) {
|
||||
func (t fakeTB) Skipf(format string, args ...any) {
|
||||
t.Logf(format, args...)
|
||||
t.Fatal("skipped")
|
||||
}
|
||||
|
||||
@@ -92,7 +92,7 @@ func NewNoStart(opts Options) (*Auto, error) {
|
||||
return nil, err
|
||||
}
|
||||
if opts.Logf == nil {
|
||||
opts.Logf = func(fmt string, args ...interface{}) {}
|
||||
opts.Logf = func(fmt string, args ...any) {}
|
||||
}
|
||||
if opts.TimeNow == nil {
|
||||
opts.TimeNow = time.Now
|
||||
|
||||
@@ -945,7 +945,7 @@ func (c *Direct) sendMapRequest(ctx context.Context, maxPolls int, cb func(*netm
|
||||
|
||||
// decode JSON decodes the res.Body into v. If serverNoiseKey is not specified,
|
||||
// it uses the serverKey and mkey to decode the message from the NaCl-crypto-box.
|
||||
func decode(res *http.Response, v interface{}, serverKey, serverNoiseKey key.MachinePublic, mkey key.MachinePrivate) error {
|
||||
func decode(res *http.Response, v any, serverKey, serverNoiseKey key.MachinePublic, mkey key.MachinePrivate) error {
|
||||
defer res.Body.Close()
|
||||
msg, err := ioutil.ReadAll(io.LimitReader(res.Body, 1<<20))
|
||||
if err != nil {
|
||||
@@ -970,7 +970,7 @@ var jsonEscapedZero = []byte(`\u0000`)
|
||||
// decodeMsg is responsible for uncompressing msg and unmarshaling into v.
|
||||
// If c.serverNoiseKey is not specified, it uses the c.serverKey and mkey
|
||||
// to first the decrypt msg from the NaCl-crypto-box.
|
||||
func (c *Direct) decodeMsg(msg []byte, v interface{}, mkey key.MachinePrivate) error {
|
||||
func (c *Direct) decodeMsg(msg []byte, v any, mkey key.MachinePrivate) error {
|
||||
c.mu.Lock()
|
||||
serverKey := c.serverKey
|
||||
serverNoiseKey := c.serverNoiseKey
|
||||
@@ -1016,7 +1016,7 @@ func (c *Direct) decodeMsg(msg []byte, v interface{}, mkey key.MachinePrivate) e
|
||||
|
||||
}
|
||||
|
||||
func decodeMsg(msg []byte, v interface{}, serverKey key.MachinePublic, machinePrivKey key.MachinePrivate) error {
|
||||
func decodeMsg(msg []byte, v any, serverKey key.MachinePublic, machinePrivKey key.MachinePrivate) error {
|
||||
decrypted, ok := machinePrivKey.OpenFrom(serverKey, msg)
|
||||
if !ok {
|
||||
return errors.New("cannot decrypt response")
|
||||
@@ -1032,7 +1032,7 @@ func decodeMsg(msg []byte, v interface{}, serverKey key.MachinePublic, machinePr
|
||||
|
||||
// encode JSON encodes v. If serverNoiseKey is not specified, it uses the serverKey and mkey to
|
||||
// seal the message into a NaCl-crypto-box.
|
||||
func encode(v interface{}, serverKey, serverNoiseKey key.MachinePublic, mkey key.MachinePrivate) ([]byte, error) {
|
||||
func encode(v any, serverKey, serverNoiseKey key.MachinePublic, mkey key.MachinePrivate) ([]byte, error) {
|
||||
b, err := json.Marshal(v)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
@@ -1310,7 +1310,7 @@ func (c *Direct) getNoiseClient() (*noiseClient, error) {
|
||||
if nc != nil {
|
||||
return nc, nil
|
||||
}
|
||||
np, err, _ := c.sfGroup.Do("noise", func() (interface{}, error) {
|
||||
np, err, _ := c.sfGroup.Do("noise", func() (any, error) {
|
||||
k, err := c.getMachinePrivKey()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@@ -453,6 +453,9 @@ func (s *Server) initMetacert() {
|
||||
// Windows requires NotAfter and NotBefore set:
|
||||
NotAfter: time.Now().Add(30 * 24 * time.Hour),
|
||||
NotBefore: time.Now().Add(-30 * 24 * time.Hour),
|
||||
// Per https://github.com/golang/go/issues/51759#issuecomment-1071147836,
|
||||
// macOS requires BasicConstraints when subject == issuer:
|
||||
BasicConstraintsValid: true,
|
||||
}
|
||||
cert, err := x509.CreateCertificate(crand.Reader, tmpl, tmpl, pub, priv)
|
||||
if err != nil {
|
||||
@@ -1641,8 +1644,8 @@ func (m multiForwarder) ForwardPacket(src, dst key.NodePublic, payload []byte) e
|
||||
return fwd.ForwardPacket(src, dst, payload)
|
||||
}
|
||||
|
||||
func (s *Server) expVarFunc(f func() interface{}) expvar.Func {
|
||||
return expvar.Func(func() interface{} {
|
||||
func (s *Server) expVarFunc(f func() any) expvar.Func {
|
||||
return expvar.Func(func() any {
|
||||
s.mu.Lock()
|
||||
defer s.mu.Unlock()
|
||||
return f()
|
||||
@@ -1652,14 +1655,14 @@ func (s *Server) expVarFunc(f func() interface{}) expvar.Func {
|
||||
// ExpVar returns an expvar variable suitable for registering with expvar.Publish.
|
||||
func (s *Server) ExpVar() expvar.Var {
|
||||
m := new(metrics.Set)
|
||||
m.Set("gauge_memstats_sys0", expvar.Func(func() interface{} { return int64(s.memSys0) }))
|
||||
m.Set("gauge_watchers", s.expVarFunc(func() interface{} { return len(s.watchers) }))
|
||||
m.Set("gauge_current_file_descriptors", expvar.Func(func() interface{} { return metrics.CurrentFDs() }))
|
||||
m.Set("gauge_memstats_sys0", expvar.Func(func() any { return int64(s.memSys0) }))
|
||||
m.Set("gauge_watchers", s.expVarFunc(func() any { return len(s.watchers) }))
|
||||
m.Set("gauge_current_file_descriptors", expvar.Func(func() any { return metrics.CurrentFDs() }))
|
||||
m.Set("gauge_current_connections", &s.curClients)
|
||||
m.Set("gauge_current_home_connections", &s.curHomeClients)
|
||||
m.Set("gauge_clients_total", expvar.Func(func() interface{} { return len(s.clientsMesh) }))
|
||||
m.Set("gauge_clients_local", expvar.Func(func() interface{} { return len(s.clients) }))
|
||||
m.Set("gauge_clients_remote", expvar.Func(func() interface{} { return len(s.clientsMesh) - len(s.clients) }))
|
||||
m.Set("gauge_clients_total", expvar.Func(func() any { return len(s.clientsMesh) }))
|
||||
m.Set("gauge_clients_local", expvar.Func(func() any { return len(s.clients) }))
|
||||
m.Set("gauge_clients_remote", expvar.Func(func() any { return len(s.clientsMesh) - len(s.clients) }))
|
||||
m.Set("gauge_current_dup_client_keys", &s.dupClientKeys)
|
||||
m.Set("gauge_current_dup_client_conns", &s.dupClientConns)
|
||||
m.Set("counter_total_dup_client_conns", &s.dupClientConnTotal)
|
||||
@@ -1683,7 +1686,7 @@ func (s *Server) ExpVar() expvar.Var {
|
||||
m.Set("multiforwarder_created", &s.multiForwarderCreated)
|
||||
m.Set("multiforwarder_deleted", &s.multiForwarderDeleted)
|
||||
m.Set("packet_forwarder_delete_other_value", &s.removePktForwardOther)
|
||||
m.Set("average_queue_duration_ms", expvar.Func(func() interface{} {
|
||||
m.Set("average_queue_duration_ms", expvar.Func(func() any {
|
||||
return math.Float64frombits(atomic.LoadUint64(s.avgQueueDuration))
|
||||
}))
|
||||
var expvarVersion expvar.String
|
||||
@@ -1813,7 +1816,7 @@ func (s *Server) ServeDebugTraffic(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
var bufioWriterPool = &sync.Pool{
|
||||
New: func() interface{} {
|
||||
New: func() any {
|
||||
return bufio.NewWriterSize(ioutil.Discard, 2<<10)
|
||||
},
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@ import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/x509"
|
||||
"encoding/asn1"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"expvar"
|
||||
@@ -790,6 +791,17 @@ func TestMetaCert(t *testing.T) {
|
||||
if g, w := cert.Subject.CommonName, fmt.Sprintf("derpkey%s", pub.UntypedHexString()); g != w {
|
||||
t.Errorf("CommonName = %q; want %q", g, w)
|
||||
}
|
||||
if n := len(cert.Extensions); n != 1 {
|
||||
t.Fatalf("got %d extensions; want 1", n)
|
||||
}
|
||||
|
||||
// oidExtensionBasicConstraints is the Basic Constraints ID copied
|
||||
// from the x509 package.
|
||||
oidExtensionBasicConstraints := asn1.ObjectIdentifier{2, 5, 29, 19}
|
||||
|
||||
if id := cert.Extensions[0].Id; !id.Equal(oidExtensionBasicConstraints) {
|
||||
t.Errorf("extension ID = %v; want %v", id, oidExtensionBasicConstraints)
|
||||
}
|
||||
}
|
||||
|
||||
type dummyNetConn struct {
|
||||
@@ -802,7 +814,7 @@ func TestClientRecv(t *testing.T) {
|
||||
tests := []struct {
|
||||
name string
|
||||
input []byte
|
||||
want interface{}
|
||||
want any
|
||||
}{
|
||||
{
|
||||
name: "ping",
|
||||
|
||||
@@ -46,7 +46,7 @@ func noteEnv(k, v string) {
|
||||
// logf is logger.Logf, but logger depends on envknob, so for circular
|
||||
// dependency reasons, make a type alias (so it's still assignable,
|
||||
// but has nice docs here).
|
||||
type logf = func(format string, args ...interface{})
|
||||
type logf = func(format string, args ...any)
|
||||
|
||||
// LogCurrent logs the currently set environment knobs.
|
||||
func LogCurrent(logf logf) {
|
||||
|
||||
19
go.mod
19
go.mod
@@ -1,6 +1,6 @@
|
||||
module tailscale.com
|
||||
|
||||
go 1.17
|
||||
go 1.18
|
||||
|
||||
require (
|
||||
filippo.io/mkcert v1.4.3
|
||||
@@ -35,7 +35,7 @@ require (
|
||||
github.com/peterbourgon/ff/v3 v3.1.2
|
||||
github.com/pkg/sftp v1.13.4
|
||||
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
|
||||
github.com/tailscale/certstore v0.0.0-20210528134328-066c94b793d3
|
||||
github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d
|
||||
github.com/tailscale/depaware v0.0.0-20210622194025-720c4b409502
|
||||
github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41
|
||||
github.com/tailscale/goupnp v1.0.1-0.20210804011211-c64d0f06ea05
|
||||
@@ -47,17 +47,17 @@ require (
|
||||
github.com/u-root/u-root v0.8.0
|
||||
github.com/vishvananda/netlink v1.1.1-0.20211118161826-650dca95af54
|
||||
go4.org/mem v0.0.0-20210711025021-927187094b94
|
||||
golang.org/x/crypto v0.0.0-20220313003712-b769efc7c000
|
||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd
|
||||
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
|
||||
golang.org/x/net v0.0.0-20220225172249-27dd8689420f
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
|
||||
golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5
|
||||
golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211
|
||||
golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11
|
||||
golang.org/x/tools v0.1.8
|
||||
golang.zx2c4.com/wireguard v0.0.0-20211116201604-de7c702ace45
|
||||
golang.org/x/tools v0.1.10
|
||||
golang.zx2c4.com/wireguard v0.0.0-20220317000134-95b48cdb3961
|
||||
golang.zx2c4.com/wireguard/windows v0.4.10
|
||||
gvisor.dev/gvisor v0.0.0-20220126021142-d8aa030b2591
|
||||
honnef.co/go/tools v0.2.2
|
||||
honnef.co/go/tools v0.3.0-0.dev.0.20220306074811-23e1086441d2
|
||||
inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6
|
||||
inet.af/peercred v0.0.0-20210906144145-0893ea02156a
|
||||
inet.af/wf v0.0.0-20211204062712-86aaea0a7310
|
||||
@@ -248,7 +248,8 @@ require (
|
||||
github.com/yeya24/promlinter v0.1.0 // indirect
|
||||
go4.org/intern v0.0.0-20211027215823-ae77deb06f29 // indirect
|
||||
go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37 // indirect
|
||||
golang.org/x/mod v0.5.1 // indirect
|
||||
golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e // indirect
|
||||
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
|
||||
golang.org/x/text v0.3.7 // indirect
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
|
||||
golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
|
||||
|
||||
19
go.sum
19
go.sum
@@ -1198,6 +1198,8 @@ github.com/sylvia7788/contextcheck v1.0.4/go.mod h1:vuPKJMQ7MQ91ZTqfdyreNKwZjyUg
|
||||
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
|
||||
github.com/tailscale/certstore v0.0.0-20210528134328-066c94b793d3 h1:fEubocuQkrlcuYeXelhYq/YcKvVVe1Ah7saQEtj98Mo=
|
||||
github.com/tailscale/certstore v0.0.0-20210528134328-066c94b793d3/go.mod h1:2P+hpOwd53e7JMX/L4f3VXkv1G+33ES6IWZSrkIeWNs=
|
||||
github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d h1:K3j02b5j2Iw1xoggN9B2DIEkhWGheqFOeDkdJdBrJI8=
|
||||
github.com/tailscale/certstore v0.1.1-0.20220316223106-78d6e1c49d8d/go.mod h1:2P+hpOwd53e7JMX/L4f3VXkv1G+33ES6IWZSrkIeWNs=
|
||||
github.com/tailscale/depaware v0.0.0-20210622194025-720c4b409502 h1:34icjjmqJ2HPjrSuJYEkdZ+0ItmGQAQ75cRHIiftIyE=
|
||||
github.com/tailscale/depaware v0.0.0-20210622194025-720c4b409502/go.mod h1:p9lPsd+cx33L3H9nNoecRRxPssFKUwwI50I3pZ0yT+8=
|
||||
github.com/tailscale/goexpect v0.0.0-20210902213824-6e8c725cea41 h1:/V2rCMMWcsjYaYO2MeovLw+ClP63OtXgCF2Y1eb8+Ns=
|
||||
@@ -1382,6 +1384,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y
|
||||
golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220313003712-b769efc7c000 h1:SL+8VVnkqyshUSz5iNnXtrBQzvFF2SkROm6t5RczFAE=
|
||||
golang.org/x/crypto v0.0.0-20220313003712-b769efc7c000/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd h1:XcWmESyNjXJMLahc3mqVQJcgSTDxFxhETVlfk9uGc38=
|
||||
golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
|
||||
@@ -1393,7 +1397,10 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
|
||||
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
|
||||
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
|
||||
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
|
||||
golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5 h1:FR+oGxGfbQu1d+jglI3rCkjAjUnhRSZcUxr+DqlDLNo=
|
||||
golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw=
|
||||
golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e h1:qyrTQ++p1afMkO4DPEeLGq/3oTsdlvdH4vqZUBWzUKM=
|
||||
golang.org/x/exp/typeparams v0.0.0-20220218215828-6cf2b201936e/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
|
||||
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
|
||||
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
|
||||
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
|
||||
@@ -1425,6 +1432,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
|
||||
golang.org/x/mod v0.5.1 h1:OJxoQ/rynoF0dcCdI7cLPktw/hR2cueqYfjm43oqK38=
|
||||
golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o=
|
||||
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY=
|
||||
golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||
@@ -1497,6 +1506,8 @@ golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qx
|
||||
golang.org/x/net v0.0.0-20211201190559-0a0e4e1bb54c/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk=
|
||||
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc=
|
||||
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
|
||||
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
|
||||
@@ -1657,6 +1668,8 @@ golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBc
|
||||
golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 h1:y/woIyUBFbpQGKS0u1aHF/40WUDnek3fPOyD08H5Vng=
|
||||
golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86 h1:A9i04dxx7Cribqbs8jf3FQLogkL/CV2YN7hj9KWJCkc=
|
||||
golang.org/x/sys v0.0.0-20220315194320-039c03cc5b86/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210317153231-de623e64d2a6/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
@@ -1795,6 +1808,8 @@ golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
|
||||
golang.org/x/tools v0.1.8-0.20211102182255-bb4add04ddef/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
|
||||
golang.org/x/tools v0.1.8 h1:P1HhGGuLW4aAclzjtmJdf0mJOjVUZUzOTqkAkWL+l6w=
|
||||
golang.org/x/tools v0.1.8/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU=
|
||||
golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20=
|
||||
golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
@@ -1805,6 +1820,8 @@ golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224/go.mod h1:deeaetjYA+D
|
||||
golang.zx2c4.com/wireguard v0.0.0-20210905140043-2ef39d47540c/go.mod h1:laHzsbfMhGSobUmruXWAyMKKHSqvIcrqZJMyHD+/3O8=
|
||||
golang.zx2c4.com/wireguard v0.0.0-20211116201604-de7c702ace45 h1:mEVhdMPTuebD9IUXOUB5Q2sjZpcmzkahHWd6DrGpLHA=
|
||||
golang.zx2c4.com/wireguard v0.0.0-20211116201604-de7c702ace45/go.mod h1:evxZIqfCetExY5piKXGAxJYwvXWkps9zTCkWpkoGFxw=
|
||||
golang.zx2c4.com/wireguard v0.0.0-20220317000134-95b48cdb3961 h1:oIXcKhP1Ge6cRqdpQuldl0hf4mjIsNaXojabghlHuTs=
|
||||
golang.zx2c4.com/wireguard v0.0.0-20220317000134-95b48cdb3961/go.mod h1:bVQfyl2sCM/QIIGHpWbFGfHPuDvqnCNkT6MQLTCjO/U=
|
||||
golang.zx2c4.com/wireguard/windows v0.4.10 h1:HmjzJnb+G4NCdX+sfjsQlsxGPuYaThxRbZUZFLyR0/s=
|
||||
golang.zx2c4.com/wireguard/windows v0.4.10/go.mod h1:v7w/8FC48tTBm1IzScDVPEEb0/GjLta+T0ybpP9UWRg=
|
||||
google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
|
||||
@@ -2003,6 +2020,8 @@ honnef.co/go/tools v0.0.1-2020.1.6/go.mod h1:pyyisuGw24ruLjrr1ddx39WE0y9OooInRzE
|
||||
honnef.co/go/tools v0.2.1/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
|
||||
honnef.co/go/tools v0.2.2 h1:MNh1AVMyVX23VUHE2O27jm6lNj3vjO5DexS4A1xvnzk=
|
||||
honnef.co/go/tools v0.2.2/go.mod h1:lPVVZ2BS5TfnjLyizF7o7hv7j9/L+8cZY2hLyjP9cGY=
|
||||
honnef.co/go/tools v0.3.0-0.dev.0.20220306074811-23e1086441d2 h1:utiSabORbG/JeX7MlmKMdmsjwom2+v8zmdb6SoBe4UY=
|
||||
honnef.co/go/tools v0.3.0-0.dev.0.20220306074811-23e1086441d2/go.mod h1:dZI0HmIvwDMW8owtLBJxTHoeX48yuF5p5pDy3y73jGU=
|
||||
howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
|
||||
howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
|
||||
howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
|
||||
|
||||
@@ -1 +1 @@
|
||||
tailscale.go1.17
|
||||
tailscale.go1.18
|
||||
|
||||
@@ -1 +1 @@
|
||||
dce70b6d327c7a30b81701f4cc134b56c4e6c229
|
||||
68c97fb924bbcacd951dc01b292c679aaeff5802
|
||||
|
||||
@@ -12,6 +12,7 @@ import (
|
||||
"io"
|
||||
"net"
|
||||
"net/http"
|
||||
"net/url"
|
||||
"os"
|
||||
"os/exec"
|
||||
"os/user"
|
||||
@@ -444,10 +445,10 @@ func (b *LocalBackend) populatePeerStatusLocked(sb *ipnstate.StatusBuilder) {
|
||||
exitNodeOption := tsaddr.PrefixesContainsFunc(p.AllowedIPs, func(r netaddr.IPPrefix) bool {
|
||||
return r.Bits() == 0
|
||||
})
|
||||
var tags *views.StringSlice
|
||||
var tags *views.Slice[string]
|
||||
var primaryRoutes *views.IPPrefixSlice
|
||||
if p.Tags != nil {
|
||||
v := views.StringSliceOf(p.Tags)
|
||||
v := views.SliceOf(p.Tags)
|
||||
tags = &v
|
||||
}
|
||||
if p.PrimaryRoutes != nil {
|
||||
@@ -3253,3 +3254,38 @@ func (b *LocalBackend) DoNoiseRequest(req *http.Request) (*http.Response, error)
|
||||
}
|
||||
return cc.DoNoiseRequest(req)
|
||||
}
|
||||
|
||||
// ProxyAPIRequestOverNoise sends Tailscale API request r over the
|
||||
// Noise channel, authenticated as the current node+machine key, to
|
||||
// the control plane and copies its response back to w.
|
||||
func (b *LocalBackend) ProxyAPIRequestOverNoise(w http.ResponseWriter, r *http.Request) {
|
||||
var nodePub key.NodePublic
|
||||
b.mu.Lock()
|
||||
if nm := b.netMap; nm != nil {
|
||||
nodePub = nm.NodeKey
|
||||
}
|
||||
b.mu.Unlock()
|
||||
if nodePub.IsZero() {
|
||||
http.Error(w, "no node public key", http.StatusBadGateway)
|
||||
return
|
||||
}
|
||||
|
||||
outR := r.Clone(r.Context())
|
||||
outR.RequestURI = ""
|
||||
outR.URL.Scheme = "https"
|
||||
outR.URL.Host = "unused"
|
||||
|
||||
outR.SetBasicAuth(url.QueryEscape(nodePub.String()), "")
|
||||
res, err := b.DoNoiseRequest(outR)
|
||||
if err != nil {
|
||||
http.Error(w, "failed to make backend noise request: "+err.Error(), http.StatusBadGateway)
|
||||
return
|
||||
}
|
||||
for k, vv := range res.Header {
|
||||
for _, v := range vv {
|
||||
w.Header().Add(k, v)
|
||||
}
|
||||
}
|
||||
w.WriteHeader(res.StatusCode)
|
||||
io.Copy(w, res.Body)
|
||||
}
|
||||
|
||||
@@ -519,7 +519,7 @@ type peerAPIHandler struct {
|
||||
peerUser tailcfg.UserProfile // profile of peerNode
|
||||
}
|
||||
|
||||
func (h *peerAPIHandler) logf(format string, a ...interface{}) {
|
||||
func (h *peerAPIHandler) logf(format string, a ...any) {
|
||||
h.ps.b.logf("peerapi: "+format, a...)
|
||||
}
|
||||
|
||||
|
||||
@@ -83,7 +83,7 @@ func (b *LocalBackend) hostKeyFileOrCreate(keyDir, typ string) ([]byte, error) {
|
||||
if !os.IsNotExist(err) {
|
||||
return nil, err
|
||||
}
|
||||
var priv interface{}
|
||||
var priv any
|
||||
switch typ {
|
||||
default:
|
||||
return nil, fmt.Errorf("unsupported key type %q", typ)
|
||||
|
||||
@@ -107,7 +107,7 @@ func newMockControl(tb testing.TB) *mockControl {
|
||||
}
|
||||
}
|
||||
|
||||
func (cc *mockControl) logf(format string, args ...interface{}) {
|
||||
func (cc *mockControl) logf(format string, args ...any) {
|
||||
if cc.preventLog.Get() || cc.logfActual == nil {
|
||||
return
|
||||
}
|
||||
|
||||
@@ -1049,6 +1049,10 @@ func (s *Server) localhostHandler(ci connIdentity) http.Handler {
|
||||
lah.ServeHTTP(w, r)
|
||||
return
|
||||
}
|
||||
if strings.HasPrefix(r.URL.Path, "/api/") {
|
||||
s.b.ProxyAPIRequestOverNoise(w, r)
|
||||
return
|
||||
}
|
||||
if ci.NotWindows {
|
||||
io.WriteString(w, "<html><title>Tailscale</title><body><h1>Tailscale</h1>This is the local Tailscale daemon.")
|
||||
return
|
||||
@@ -1179,7 +1183,7 @@ func loadExtraEnv() (env []string, err error) {
|
||||
if line == "" || line[0] == '#' {
|
||||
continue
|
||||
}
|
||||
k, v, ok := stringsCut(line, "=")
|
||||
k, v, ok := strings.Cut(line, "=")
|
||||
if !ok || k == "" {
|
||||
continue
|
||||
}
|
||||
@@ -1196,12 +1200,3 @@ func loadExtraEnv() (env []string, err error) {
|
||||
}
|
||||
return env, nil
|
||||
}
|
||||
|
||||
// stringsCut is Go 1.18's strings.Cut.
|
||||
// TODO(bradfitz): delete this when we depend on Go 1.18.
|
||||
func stringsCut(s, sep string) (before, after string, found bool) {
|
||||
if i := strings.Index(s, sep); i >= 0 {
|
||||
return s[:i], s[i+len(sep):], true
|
||||
}
|
||||
return s, "", false
|
||||
}
|
||||
|
||||
@@ -28,7 +28,7 @@ func TestRunMultipleAccepts(t *testing.T) {
|
||||
td := t.TempDir()
|
||||
socketPath := filepath.Join(td, "tailscale.sock")
|
||||
|
||||
logf := func(format string, args ...interface{}) {
|
||||
logf := func(format string, args ...any) {
|
||||
format = strings.TrimRight(format, "\n")
|
||||
println(fmt.Sprintf(format, args...))
|
||||
t.Logf(format, args...)
|
||||
@@ -52,7 +52,7 @@ func TestRunMultipleAccepts(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
logTriggerTestf := func(format string, args ...interface{}) {
|
||||
logTriggerTestf := func(format string, args ...any) {
|
||||
logf(format, args...)
|
||||
if strings.HasPrefix(format, "Listening on ") {
|
||||
connect()
|
||||
|
||||
@@ -112,7 +112,7 @@ type PeerStatus struct {
|
||||
|
||||
// Tags are the list of ACL tags applied to this node.
|
||||
// See tailscale.com/tailcfg#Node.Tags for more information.
|
||||
Tags *views.StringSlice `json:",omitempty"`
|
||||
Tags *views.Slice[string] `json:",omitempty"`
|
||||
|
||||
// PrimaryRoutes are the routes this node is currently the primary
|
||||
// subnet router for, as determined by the control plane. It does
|
||||
@@ -342,7 +342,7 @@ type StatusUpdater interface {
|
||||
}
|
||||
|
||||
func (st *Status) WriteHTML(w io.Writer) {
|
||||
f := func(format string, args ...interface{}) { fmt.Fprintf(w, format, args...) }
|
||||
f := func(format string, args ...any) { fmt.Fprintf(w, format, args...) }
|
||||
|
||||
f(`<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
|
||||
@@ -85,7 +85,7 @@ func (h *Handler) serveCert(w http.ResponseWriter, r *http.Request) {
|
||||
|
||||
now := time.Now()
|
||||
logf := logger.WithPrefix(h.logf, fmt.Sprintf("cert(%q): ", domain))
|
||||
traceACME := func(v interface{}) {
|
||||
traceACME := func(v any) {
|
||||
if !acmeDebug {
|
||||
return
|
||||
}
|
||||
@@ -164,7 +164,7 @@ func (h *Handler) getCertPEMCached(dir, domain string, now time.Time) (p *keyPai
|
||||
return nil, false
|
||||
}
|
||||
|
||||
func (h *Handler) getCertPEM(ctx context.Context, logf logger.Logf, traceACME func(interface{}), dir, domain string, now time.Time) (*keyPair, error) {
|
||||
func (h *Handler) getCertPEM(ctx context.Context, logf logger.Logf, traceACME func(any), dir, domain string, now time.Time) (*keyPair, error) {
|
||||
acmeMu.Lock()
|
||||
defer acmeMu.Unlock()
|
||||
|
||||
|
||||
@@ -448,12 +448,12 @@ func (h *Handler) serveFilePut(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
upath := strings.TrimPrefix(r.URL.EscapedPath(), "/localapi/v0/file-put/")
|
||||
slash := strings.Index(upath, "/")
|
||||
if slash == -1 {
|
||||
stableIDStr, filenameEscaped, ok := strings.Cut(upath, "/")
|
||||
if !ok {
|
||||
http.Error(w, "bogus URL", 400)
|
||||
return
|
||||
}
|
||||
stableID, filenameEscaped := tailcfg.StableNodeID(upath[:slash]), upath[slash+1:]
|
||||
stableID := tailcfg.StableNodeID(stableIDStr)
|
||||
|
||||
var ft *apitype.FileTarget
|
||||
for _, x := range fts {
|
||||
@@ -557,7 +557,7 @@ func defBool(a string, def bool) bool {
|
||||
// (currently only a slice or a map) and makes sure it's non-nil for
|
||||
// JSON serialization. (In particular, JavaScript clients usually want
|
||||
// the field to be defined after they decode the JSON.)
|
||||
func makeNonNil(ptr interface{}) {
|
||||
func makeNonNil(ptr any) {
|
||||
if ptr == nil {
|
||||
panic("nil interface")
|
||||
}
|
||||
|
||||
@@ -85,10 +85,10 @@ func TestClientServer(t *testing.T) {
|
||||
clientToServer := func(b []byte) {
|
||||
bs.GotCommandMsg(context.TODO(), b)
|
||||
}
|
||||
slogf := func(fmt string, args ...interface{}) {
|
||||
slogf := func(fmt string, args ...any) {
|
||||
t.Logf("s: "+fmt, args...)
|
||||
}
|
||||
clogf := func(fmt string, args ...interface{}) {
|
||||
clogf := func(fmt string, args ...any) {
|
||||
t.Logf("c: "+fmt, args...)
|
||||
}
|
||||
bs = NewBackendServer(slogf, b, serverToClient)
|
||||
|
||||
@@ -42,7 +42,7 @@ var (
|
||||
|
||||
// IsLoginServerSynonym reports whether a URL is a drop-in replacement
|
||||
// for the primary Tailscale login server.
|
||||
func IsLoginServerSynonym(val interface{}) bool {
|
||||
func IsLoginServerSynonym(val any) bool {
|
||||
return val == "https://login.tailscale.com" || val == "https://controlplane.tailscale.com"
|
||||
}
|
||||
|
||||
|
||||
@@ -110,7 +110,7 @@ func getError(resp *http.Response) error {
|
||||
return st
|
||||
}
|
||||
|
||||
func (c *Client) doRequest(ctx context.Context, method, url string, in, out interface{}) error {
|
||||
func (c *Client) doRequest(ctx context.Context, method, url string, in, out any) error {
|
||||
tk, err := c.getOrRenewToken()
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -77,7 +77,7 @@ func dayOf(t time.Time) civilDay {
|
||||
return civilDay{t.Year(), t.Month(), t.Day()}
|
||||
}
|
||||
|
||||
func (w *logFileWriter) Logf(format string, a ...interface{}) {
|
||||
func (w *logFileWriter) Logf(format string, a ...any) {
|
||||
w.mu.Lock()
|
||||
defer w.mu.Unlock()
|
||||
|
||||
|
||||
@@ -416,7 +416,7 @@ func New(collection string) *Policy {
|
||||
console := log.New(stderrWriter{}, "", lflags)
|
||||
|
||||
var earlyErrBuf bytes.Buffer
|
||||
earlyLogf := func(format string, a ...interface{}) {
|
||||
earlyLogf := func(format string, a ...any) {
|
||||
fmt.Fprintf(&earlyErrBuf, format, a...)
|
||||
earlyErrBuf.WriteByte('\n')
|
||||
}
|
||||
|
||||
@@ -84,6 +84,7 @@ func NewLogger(cfg Config, logf tslogger.Logf) *Logger {
|
||||
cfg.Buffer = NewMemoryBuffer(pendingSize)
|
||||
}
|
||||
l := &Logger{
|
||||
privateID: cfg.PrivateID,
|
||||
stderr: cfg.Stderr,
|
||||
stderrLevel: int64(cfg.StderrLevel),
|
||||
httpc: cfg.HTTPC,
|
||||
@@ -133,6 +134,7 @@ type Logger struct {
|
||||
uploadCancel func()
|
||||
explainedRaw bool
|
||||
metricsDelta func() string // or nil
|
||||
privateID PrivateID
|
||||
|
||||
shutdownStart chan struct{} // closed when shutdown begins
|
||||
shutdownDone chan struct{} // closed when shutdown complete
|
||||
@@ -153,6 +155,11 @@ func (l *Logger) SetLinkMonitor(lm *monitor.Mon) {
|
||||
l.linkMonitor = lm
|
||||
}
|
||||
|
||||
// PrivateID returns the logger's private log ID.
|
||||
//
|
||||
// It exists for internal use only.
|
||||
func (l *Logger) PrivateID() PrivateID { return l.privateID }
|
||||
|
||||
// Shutdown gracefully shuts down the logger while completing any
|
||||
// remaining uploads.
|
||||
//
|
||||
@@ -508,7 +515,7 @@ func (l *Logger) encode(buf []byte, level int) []byte {
|
||||
|
||||
now := l.timeNow()
|
||||
|
||||
obj := make(map[string]interface{})
|
||||
obj := make(map[string]any)
|
||||
if err := json.Unmarshal(buf, &obj); err != nil {
|
||||
for k := range obj {
|
||||
delete(obj, k)
|
||||
@@ -546,7 +553,7 @@ func (l *Logger) encode(buf []byte, level int) []byte {
|
||||
}
|
||||
|
||||
// Logf logs to l using the provided fmt-style format and optional arguments.
|
||||
func (l *Logger) Logf(format string, args ...interface{}) {
|
||||
func (l *Logger) Logf(format string, args ...any) {
|
||||
fmt.Fprintf(l, format, args...)
|
||||
}
|
||||
|
||||
|
||||
@@ -128,7 +128,7 @@ func TestEncodeAndUploadMessages(t *testing.T) {
|
||||
|
||||
ltail, ok := data["logtail"]
|
||||
if ok {
|
||||
logtailmap := ltail.(map[string]interface{})
|
||||
logtailmap := ltail.(map[string]any)
|
||||
_, ok = logtailmap["client_time"]
|
||||
if !ok {
|
||||
t.Errorf("%s: no client_time present", tt.name)
|
||||
@@ -317,9 +317,9 @@ func TestPublicIDUnmarshalText(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func unmarshalOne(t *testing.T, body []byte) map[string]interface{} {
|
||||
func unmarshalOne(t *testing.T, body []byte) map[string]any {
|
||||
t.Helper()
|
||||
var entries []map[string]interface{}
|
||||
var entries []map[string]any
|
||||
err := json.Unmarshal(body, &entries)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
|
||||
@@ -258,7 +258,7 @@ func TestLinuxDNSMode(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
type memFS map[string]interface{} // full path => string for regular files
|
||||
type memFS map[string]any // full path => string for regular files
|
||||
|
||||
func (m memFS) Stat(name string) (isRegular bool, err error) {
|
||||
v, ok := m[name]
|
||||
|
||||
@@ -140,12 +140,12 @@ func (m *nmManager) trySet(ctx context.Context, config OSConfig) error {
|
||||
// NetworkManager wipes out IPv6 address configuration unless we
|
||||
// tell it explicitly to keep it. Read out the current interface
|
||||
// settings and mirror them out to NetworkManager.
|
||||
var addrs6 []map[string]interface{}
|
||||
var addrs6 []map[string]any
|
||||
addrs, _, err := interfaces.Tailscale()
|
||||
if err == nil {
|
||||
for _, a := range addrs {
|
||||
if a.Is6() {
|
||||
addrs6 = append(addrs6, map[string]interface{}{
|
||||
addrs6 = append(addrs6, map[string]any{
|
||||
"address": a.String(),
|
||||
"prefix": uint32(128),
|
||||
})
|
||||
|
||||
@@ -65,10 +65,7 @@ func Parse(r io.Reader) (*Config, error) {
|
||||
scanner := bufio.NewScanner(r)
|
||||
for scanner.Scan() {
|
||||
line := scanner.Text()
|
||||
i := strings.IndexByte(line, '#')
|
||||
if i >= 0 {
|
||||
line = line[:i]
|
||||
}
|
||||
line, _, _ = strings.Cut(line, "#") // remove any comments
|
||||
line = strings.TrimSpace(line)
|
||||
|
||||
if strings.HasPrefix(line, "nameserver") {
|
||||
|
||||
@@ -141,7 +141,7 @@ func (m *resolvedManager) resync(ctx context.Context, signals chan *dbus.Signal)
|
||||
if signal.Path != dbusPath || signal.Name != dbusInterface+"."+dbusOwnerSignal {
|
||||
continue
|
||||
}
|
||||
// signal.Body is a []interface{} of 3 strings: bus name, previous owner, new owner.
|
||||
// signal.Body is a []any of 3 strings: bus name, previous owner, new owner.
|
||||
if len(signal.Body) != 3 {
|
||||
m.logf("[unexpectected] DBus NameOwnerChanged len(Body) = %d, want 3")
|
||||
}
|
||||
|
||||
@@ -196,12 +196,11 @@ func maxDoHInFlight(goos string) int {
|
||||
// Unknown iOS version, be cautious.
|
||||
return 10
|
||||
}
|
||||
idx := strings.Index(ver, ".")
|
||||
if idx == -1 {
|
||||
major, _, ok := strings.Cut(ver, ".")
|
||||
if !ok {
|
||||
// Unknown iOS version, be cautious.
|
||||
return 10
|
||||
}
|
||||
major := ver[:idx]
|
||||
if m, err := strconv.Atoi(major); err != nil || m < 15 {
|
||||
return 10
|
||||
}
|
||||
|
||||
@@ -37,13 +37,13 @@ func TestResolversWithDelays(t *testing.T) {
|
||||
o := func(ss ...string) (rr []resolverAndDelay) {
|
||||
for _, s := range ss {
|
||||
var d time.Duration
|
||||
if i := strings.Index(s, "+"); i != -1 {
|
||||
s, durStr, hasPlus := strings.Cut(s, "+")
|
||||
if hasPlus {
|
||||
var err error
|
||||
d, err = time.ParseDuration(s[i+1:])
|
||||
d, err = time.ParseDuration(durStr)
|
||||
if err != nil {
|
||||
panic(fmt.Sprintf("parsing duration in %q: %v", s, err))
|
||||
}
|
||||
s = s[:i]
|
||||
}
|
||||
host, _, err := net.SplitHostPort(s)
|
||||
if err != nil {
|
||||
|
||||
@@ -711,7 +711,7 @@ type response struct {
|
||||
}
|
||||
|
||||
var dnsParserPool = &sync.Pool{
|
||||
New: func() interface{} {
|
||||
New: func() any {
|
||||
return new(dnsParser)
|
||||
},
|
||||
}
|
||||
@@ -976,17 +976,17 @@ const (
|
||||
// lb._dns-sd._udp.<domain>.
|
||||
func hasRDNSBonjourPrefix(name dnsname.FQDN) bool {
|
||||
s := name.WithTrailingDot()
|
||||
dot := strings.IndexByte(s, '.')
|
||||
if dot == -1 {
|
||||
base, rest, ok := strings.Cut(s, ".")
|
||||
if !ok {
|
||||
return false // shouldn't happen
|
||||
}
|
||||
switch s[:dot] {
|
||||
switch base {
|
||||
case "b", "db", "r", "dr", "lb":
|
||||
default:
|
||||
return false
|
||||
}
|
||||
|
||||
return strings.HasPrefix(s[dot:], "._dns-sd._udp.")
|
||||
return strings.HasPrefix(rest, "_dns-sd._udp.")
|
||||
}
|
||||
|
||||
// rawNameToLower converts a raw DNS name to a string, lowercasing it.
|
||||
|
||||
@@ -221,7 +221,7 @@ func weirdoGoCNAMEHandler(target string) dns.HandlerFunc {
|
||||
// provided.
|
||||
//
|
||||
// Types supported: netaddr.IP.
|
||||
func dnsHandler(answers ...interface{}) dns.HandlerFunc {
|
||||
func dnsHandler(answers ...any) dns.HandlerFunc {
|
||||
return func(w dns.ResponseWriter, req *dns.Msg) {
|
||||
m := new(dns.Msg)
|
||||
m.SetReply(req)
|
||||
@@ -303,7 +303,7 @@ func dnsHandler(answers ...interface{}) dns.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
func serveDNS(tb testing.TB, addr string, records ...interface{}) *dns.Server {
|
||||
func serveDNS(tb testing.TB, addr string, records ...any) *dns.Server {
|
||||
if len(records)%2 != 0 {
|
||||
panic("must have an even number of record values")
|
||||
}
|
||||
|
||||
@@ -454,7 +454,7 @@ func TestDelegate(t *testing.T) {
|
||||
// intend to handle responses this large, so there should be truncation.
|
||||
hugeTXT := generateTXT(64000, randSource)
|
||||
|
||||
records := []interface{}{
|
||||
records := []any{
|
||||
"test.site.",
|
||||
resolveToIP(testipv4, testipv6, "dns.test.site."),
|
||||
"LCtesT.SiTe.",
|
||||
@@ -965,8 +965,6 @@ func TestAllocs(t *testing.T) {
|
||||
}{
|
||||
// Name lowercasing, response slice created by dns.NewBuilder,
|
||||
// and closure allocation from go call.
|
||||
// (Closure allocation only happens when using new register ABI,
|
||||
// which is amd64 with Go 1.17, and probably more platforms later.)
|
||||
{"forward", dnspacket("test1.ipn.dev.", dns.TypeA, noEdns), 3},
|
||||
// 3 extra allocs in rdnsNameToIPv4 and one in marshalPTRRecord (dns.NewName).
|
||||
{"reverse", dnspacket("4.3.2.1.in-addr.arpa.", dns.TypePTR, noEdns), 5},
|
||||
@@ -1107,7 +1105,7 @@ func TestHandleExitNodeDNSQueryWithNetPkg(t *testing.T) {
|
||||
t.Skip("skipping test on Windows; waiting for golang.org/issue/33097")
|
||||
}
|
||||
|
||||
records := []interface{}{
|
||||
records := []any{
|
||||
"no-records.test.",
|
||||
dnsHandler(),
|
||||
|
||||
|
||||
@@ -129,7 +129,7 @@ func (r *Resolver) LookupIP(ctx context.Context, host string) (ip, v6 net.IP, al
|
||||
ip, ip6 net.IP
|
||||
allIPs []net.IPAddr
|
||||
}
|
||||
ch := r.sf.DoChan(host, func() (interface{}, error) {
|
||||
ch := r.sf.DoChan(host, func() (any, error) {
|
||||
ip, ip6, allIPs, err := r.lookupIP(host)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
||||
@@ -103,7 +103,7 @@ type msgResource struct {
|
||||
var ErrCacheMiss = errors.New("cache miss")
|
||||
|
||||
var parserPool = &sync.Pool{
|
||||
New: func() interface{} { return new(dnsmessage.Parser) },
|
||||
New: func() any { return new(dnsmessage.Parser) },
|
||||
}
|
||||
|
||||
// ReplyFromCache writes a DNS reply to w for the provided DNS query message,
|
||||
|
||||
@@ -118,17 +118,17 @@ type responseOpt bool
|
||||
|
||||
type ttlOpt uint32
|
||||
|
||||
func makeQ(txID uint16, name string, opt ...interface{}) []byte {
|
||||
func makeQ(txID uint16, name string, opt ...any) []byte {
|
||||
opt = append(opt, responseOpt(false))
|
||||
return makeDNSPkt(txID, name, opt...)
|
||||
}
|
||||
|
||||
func makeRes(txID uint16, name string, opt ...interface{}) []byte {
|
||||
func makeRes(txID uint16, name string, opt ...any) []byte {
|
||||
opt = append(opt, responseOpt(true))
|
||||
return makeDNSPkt(txID, name, opt...)
|
||||
}
|
||||
|
||||
func makeDNSPkt(txID uint16, name string, opt ...interface{}) []byte {
|
||||
func makeDNSPkt(txID uint16, name string, opt ...any) []byte {
|
||||
typ := dnsmessage.TypeA
|
||||
class := dnsmessage.ClassINET
|
||||
var response bool
|
||||
|
||||
@@ -2,8 +2,6 @@
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:generate go run update-dns-fallbacks.go
|
||||
|
||||
// Package dnsfallback contains a DNS fallback mechanism
|
||||
// for starting up Tailscale when the system DNS is broken or otherwise unavailable.
|
||||
package dnsfallback
|
||||
|
||||
10
net/dnsfallback/generate.go
Normal file
10
net/dnsfallback/generate.go
Normal file
@@ -0,0 +1,10 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
//go:build !hermetic
|
||||
// +build !hermetic
|
||||
|
||||
package dnsfallback
|
||||
|
||||
//go:generate go run update-dns-fallbacks.go
|
||||
@@ -46,7 +46,7 @@ type Cache struct {
|
||||
// entry is the container/list element type.
|
||||
type entry struct {
|
||||
key Tuple
|
||||
value interface{}
|
||||
value any
|
||||
}
|
||||
|
||||
// Add adds a value to the cache, set or updating its associated
|
||||
@@ -54,7 +54,7 @@ type entry struct {
|
||||
//
|
||||
// If MaxEntries is non-zero and the length of the cache is greater
|
||||
// after any addition, the least recently used value is evicted.
|
||||
func (c *Cache) Add(key Tuple, value interface{}) {
|
||||
func (c *Cache) Add(key Tuple, value any) {
|
||||
if c.m == nil {
|
||||
c.m = make(map[Tuple]*list.Element)
|
||||
c.ll = list.New()
|
||||
@@ -73,7 +73,7 @@ func (c *Cache) Add(key Tuple, value interface{}) {
|
||||
|
||||
// Get looks up a key's value from the cache, also reporting
|
||||
// whether it was present.
|
||||
func (c *Cache) Get(key Tuple) (value interface{}, ok bool) {
|
||||
func (c *Cache) Get(key Tuple) (value any, ok bool) {
|
||||
if ele, hit := c.m[key]; hit {
|
||||
c.ll.MoveToFront(ele)
|
||||
return ele.Value.(*entry).value, true
|
||||
|
||||
@@ -25,7 +25,7 @@ func TestCache(t *testing.T) {
|
||||
t.Fatalf("Len = %d; want %d", got, want)
|
||||
}
|
||||
}
|
||||
wantVal := func(key Tuple, want interface{}) {
|
||||
wantVal := func(key Tuple, want any) {
|
||||
t.Helper()
|
||||
got, ok := c.Get(key)
|
||||
if !ok {
|
||||
|
||||
@@ -191,7 +191,7 @@ func (c *Client) enoughRegions() int {
|
||||
return 3
|
||||
}
|
||||
|
||||
func (c *Client) logf(format string, a ...interface{}) {
|
||||
func (c *Client) logf(format string, a ...any) {
|
||||
if c.Logf != nil {
|
||||
c.Logf(format, a...)
|
||||
} else {
|
||||
@@ -199,7 +199,7 @@ func (c *Client) logf(format string, a ...interface{}) {
|
||||
}
|
||||
}
|
||||
|
||||
func (c *Client) vlogf(format string, a ...interface{}) {
|
||||
func (c *Client) vlogf(format string, a ...any) {
|
||||
if c.Verbose || debugNetcheck {
|
||||
c.logf(format, a...)
|
||||
}
|
||||
|
||||
@@ -119,7 +119,7 @@ func TestWorksWhenUDPBlocked(t *testing.T) {
|
||||
|
||||
func TestAddReportHistoryAndSetPreferredDERP(t *testing.T) {
|
||||
// report returns a *Report from (DERP host, time.Duration)+ pairs.
|
||||
report := func(a ...interface{}) *Report {
|
||||
report := func(a ...any) *Report {
|
||||
r := &Report{RegionLatency: map[int]time.Duration{}}
|
||||
for i := 0; i < len(a); i += 2 {
|
||||
s := a[i].(string)
|
||||
@@ -606,7 +606,7 @@ func TestLogConciseReport(t *testing.T) {
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
var buf bytes.Buffer
|
||||
c := &Client{Logf: func(f string, a ...interface{}) { fmt.Fprintf(&buf, f, a...) }}
|
||||
c := &Client{Logf: func(f string, a ...any) { fmt.Fprintf(&buf, f, a...) }}
|
||||
c.logConciseReport(tt.r, dm)
|
||||
if got := strings.TrimPrefix(buf.String(), "[v1] report: "); got != tt.want {
|
||||
t.Errorf("unexpected result.\n got: %#q\nwant: %#q\n", got, tt.want)
|
||||
|
||||
@@ -15,7 +15,7 @@ import (
|
||||
"inet.af/netaddr"
|
||||
)
|
||||
|
||||
type upnpClient interface{}
|
||||
type upnpClient any
|
||||
|
||||
type uPnPDiscoResponse struct{}
|
||||
|
||||
|
||||
@@ -67,7 +67,7 @@ func NewTestIGD(logf logger.Logf, t TestIGDOptions) (*TestIGD, error) {
|
||||
doPCP: t.PCP,
|
||||
doUPnP: t.UPnP,
|
||||
}
|
||||
d.logf = func(msg string, args ...interface{}) {
|
||||
d.logf = func(msg string, args ...any) {
|
||||
// Don't log after the device has closed;
|
||||
// stray trailing logging angers testing.T.Logf.
|
||||
if d.closed.Get() {
|
||||
|
||||
@@ -95,7 +95,7 @@ func (s *Server) dial(ctx context.Context, network, addr string) (net.Conn, erro
|
||||
return dial(ctx, network, addr)
|
||||
}
|
||||
|
||||
func (s *Server) logf(format string, args ...interface{}) {
|
||||
func (s *Server) logf(format string, args ...any) {
|
||||
logf := s.Logf
|
||||
if logf == nil {
|
||||
logf = log.Printf
|
||||
|
||||
@@ -14,13 +14,16 @@ import (
|
||||
"runtime"
|
||||
"strings"
|
||||
"sync"
|
||||
"sync/atomic"
|
||||
"syscall"
|
||||
"time"
|
||||
"unsafe"
|
||||
|
||||
"github.com/alexbrainman/sspi/negotiate"
|
||||
"golang.org/x/sys/windows"
|
||||
"tailscale.com/hostinfo"
|
||||
"tailscale.com/types/logger"
|
||||
"tailscale.com/util/cmpver"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -146,6 +149,7 @@ func proxyFromWinHTTP(ctx context.Context, urlStr string) (proxy *url.URL, err e
|
||||
var userAgent = windows.StringToUTF16Ptr("Tailscale")
|
||||
|
||||
const (
|
||||
winHTTP_ACCESS_TYPE_DEFAULT_PROXY = 0
|
||||
winHTTP_ACCESS_TYPE_AUTOMATIC_PROXY = 4
|
||||
winHTTP_AUTOPROXY_ALLOW_AUTOCONFIG = 0x00000100
|
||||
winHTTP_AUTOPROXY_AUTO_DETECT = 1
|
||||
@@ -153,13 +157,34 @@ const (
|
||||
winHTTP_AUTO_DETECT_TYPE_DNS_A = 0x00000002
|
||||
)
|
||||
|
||||
// Windows 8.1 is actually Windows 6.3 under the hood. Yay, marketing!
|
||||
const win8dot1Ver = "6.3"
|
||||
|
||||
// accessType is the flag we must pass to WinHttpOpen for proxy resolution
|
||||
// depending on whether or not we're running Windows < 8.1
|
||||
var accessType atomic.Value // of uint32
|
||||
|
||||
func getAccessFlag() uint32 {
|
||||
if flag, ok := accessType.Load().(uint32); ok {
|
||||
return flag
|
||||
}
|
||||
var flag uint32
|
||||
if cmpver.Compare(hostinfo.GetOSVersion(), win8dot1Ver) < 0 {
|
||||
flag = winHTTP_ACCESS_TYPE_DEFAULT_PROXY
|
||||
} else {
|
||||
flag = winHTTP_ACCESS_TYPE_AUTOMATIC_PROXY
|
||||
}
|
||||
accessType.Store(flag)
|
||||
return flag
|
||||
}
|
||||
|
||||
func winHTTPOpen() (winHTTPInternet, error) {
|
||||
if err := httpOpenProc.Find(); err != nil {
|
||||
return 0, err
|
||||
}
|
||||
r, _, err := httpOpenProc.Call(
|
||||
uintptr(unsafe.Pointer(userAgent)),
|
||||
winHTTP_ACCESS_TYPE_AUTOMATIC_PROXY,
|
||||
uintptr(getAccessFlag()),
|
||||
0, /* WINHTTP_NO_PROXY_NAME */
|
||||
0, /* WINHTTP_NO_PROXY_BYPASS */
|
||||
0)
|
||||
|
||||
@@ -60,7 +60,7 @@ var (
|
||||
// parsedPacketPool holds a pool of Parsed structs for use in filtering.
|
||||
// This is needed because escape analysis cannot see that parsed packets
|
||||
// do not escape through {Pre,Post}Filter{In,Out}.
|
||||
var parsedPacketPool = sync.Pool{New: func() interface{} { return new(packet.Parsed) }}
|
||||
var parsedPacketPool = sync.Pool{New: func() any { return new(packet.Parsed) }}
|
||||
|
||||
// FilterFunc is a packet-filtering function with access to the Wrapper device.
|
||||
// It must not hold onto the packet struct, as its backing storage will be reused.
|
||||
|
||||
@@ -141,7 +141,7 @@ func TestDebInfo(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func diff(got, want interface{}) string {
|
||||
func diff(got, want any) string {
|
||||
matchField := func(name string) func(p cmp.Path) bool {
|
||||
return func(p cmp.Path) bool {
|
||||
if len(p) != 3 {
|
||||
|
||||
62
prober/http.go
Normal file
62
prober/http.go
Normal file
@@ -0,0 +1,62 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package prober
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"fmt"
|
||||
"io"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
const maxHTTPBody = 4 << 20 // MiB
|
||||
|
||||
// HTTP returns a Probe that healthchecks an HTTP URL.
|
||||
//
|
||||
// The Probe sends a GET request for url, expects an HTTP 200
|
||||
// response, and verifies that want is present in the response
|
||||
// body. If the URL is HTTPS, the probe further checks that the TLS
|
||||
// certificate is good for at least the next 7 days.
|
||||
func HTTP(url, wantText string) Probe {
|
||||
return func(ctx context.Context) error {
|
||||
return probeHTTP(ctx, url, []byte(wantText))
|
||||
}
|
||||
}
|
||||
|
||||
func probeHTTP(ctx context.Context, url string, want []byte) error {
|
||||
req, err := http.NewRequestWithContext(ctx, "GET", url, nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("constructing request: %w", err)
|
||||
}
|
||||
|
||||
// Get a completely new transport each time, so we don't reuse a
|
||||
// past connection.
|
||||
tr := http.DefaultTransport.(*http.Transport).Clone()
|
||||
defer tr.CloseIdleConnections()
|
||||
c := &http.Client{
|
||||
Transport: tr,
|
||||
}
|
||||
|
||||
resp, err := c.Do(req)
|
||||
if err != nil {
|
||||
return fmt.Errorf("fetching %q: %w", url, err)
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
if resp.StatusCode != 200 {
|
||||
return fmt.Errorf("fetching %q: status code %d, want 200", url, resp.StatusCode)
|
||||
}
|
||||
|
||||
bs, err := io.ReadAll(&io.LimitedReader{resp.Body, maxHTTPBody})
|
||||
if err != nil {
|
||||
return fmt.Errorf("reading body of %q: %w", url, err)
|
||||
}
|
||||
|
||||
if !bytes.Contains(bs, want) {
|
||||
return fmt.Errorf("body of %q does not contain %q", url, want)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
237
prober/prober.go
Normal file
237
prober/prober.go
Normal file
@@ -0,0 +1,237 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
// Package prober implements a simple blackbox prober. Each probe runs
|
||||
// in its own goroutine, and run results are recorded as Prometheus
|
||||
// metrics.
|
||||
package prober
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"log"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"tailscale.com/metrics"
|
||||
)
|
||||
|
||||
// Probe is a function that probes something and reports whether the
|
||||
// probe succeeded. The provided context must be used to ensure timely
|
||||
// cancellation and timeout behavior.
|
||||
type Probe func(context.Context) error
|
||||
|
||||
// a Prober manages a set of probes and keeps track of their results.
|
||||
type Prober struct {
|
||||
// Time-related functions that get faked out during tests.
|
||||
now func() time.Time
|
||||
newTicker func(time.Duration) ticker
|
||||
|
||||
// lastStart is the time, in seconds since epoch, of the last time
|
||||
// each probe started a probe cycle.
|
||||
lastStart metrics.LabelMap
|
||||
// lastEnd is the time, in seconds since epoch, of the last time
|
||||
// each probe finished a probe cycle.
|
||||
lastEnd metrics.LabelMap
|
||||
// lastResult records whether probes succeeded. A successful probe
|
||||
// is recorded as 1, a failure as 0.
|
||||
lastResult metrics.LabelMap
|
||||
// lastLatency records how long the last probe cycle took for each
|
||||
// probe, in milliseconds.
|
||||
lastLatency metrics.LabelMap
|
||||
// probeInterval records the time in seconds between successive
|
||||
// runs of each probe.
|
||||
//
|
||||
// This is to help Prometheus figure out how long a probe should
|
||||
// be failing before it fires an alert for it. To avoid random
|
||||
// background noise, you want it to wait for more than 1
|
||||
// datapoint, but you also can't use a fixed interval because some
|
||||
// probes might run every few seconds, while e.g. TLS certificate
|
||||
// expiry might only run once a day.
|
||||
//
|
||||
// So, for each probe, the prober tells Prometheus how often it
|
||||
// runs, so that the alert can autotune itself to eliminate noise
|
||||
// without being excessively delayed.
|
||||
probeInterval metrics.LabelMap
|
||||
|
||||
mu sync.Mutex // protects all following fields
|
||||
activeProbeCh map[string]chan struct{}
|
||||
}
|
||||
|
||||
// New returns a new Prober.
|
||||
func New() *Prober {
|
||||
return newForTest(time.Now, newRealTicker)
|
||||
}
|
||||
|
||||
func newForTest(now func() time.Time, newTicker func(time.Duration) ticker) *Prober {
|
||||
return &Prober{
|
||||
now: now,
|
||||
newTicker: newTicker,
|
||||
lastStart: metrics.LabelMap{Label: "probe"},
|
||||
lastEnd: metrics.LabelMap{Label: "probe"},
|
||||
lastResult: metrics.LabelMap{Label: "probe"},
|
||||
lastLatency: metrics.LabelMap{Label: "probe"},
|
||||
probeInterval: metrics.LabelMap{Label: "probe"},
|
||||
activeProbeCh: map[string]chan struct{}{},
|
||||
}
|
||||
}
|
||||
|
||||
// Expvar returns the metrics for running probes.
|
||||
func (p *Prober) Expvar() *metrics.Set {
|
||||
ret := new(metrics.Set)
|
||||
ret.Set("start_secs", &p.lastStart)
|
||||
ret.Set("end_secs", &p.lastEnd)
|
||||
ret.Set("result", &p.lastResult)
|
||||
ret.Set("latency_millis", &p.lastLatency)
|
||||
ret.Set("interval_secs", &p.probeInterval)
|
||||
return ret
|
||||
}
|
||||
|
||||
// Run executes fun every interval, and exports probe results under probeName.
|
||||
//
|
||||
// fun is given a context.Context that, if obeyed, ensures that fun
|
||||
// ends within interval. If fun disregards the context, it will not be
|
||||
// run again until it does finish, and metrics will reflect that the
|
||||
// probe function is stuck.
|
||||
//
|
||||
// Run returns a context.CancelFunc that stops the probe when
|
||||
// invoked. Probe shutdown and removal happens-before the CancelFunc
|
||||
// returns.
|
||||
//
|
||||
// Registering a probe under an already-registered name panics.
|
||||
func (p *Prober) Run(name string, interval time.Duration, fun Probe) context.CancelFunc {
|
||||
p.mu.Lock()
|
||||
defer p.mu.Unlock()
|
||||
ticker := p.registerLocked(name, interval)
|
||||
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
go p.probeLoop(ctx, name, interval, ticker, fun)
|
||||
|
||||
return func() {
|
||||
p.mu.Lock()
|
||||
stopped := p.activeProbeCh[name]
|
||||
p.mu.Unlock()
|
||||
cancel()
|
||||
<-stopped
|
||||
}
|
||||
}
|
||||
|
||||
// probeLoop invokes runProbe on fun every interval. The first probe
|
||||
// is run after interval.
|
||||
func (p *Prober) probeLoop(ctx context.Context, name string, interval time.Duration, tick ticker, fun Probe) {
|
||||
defer func() {
|
||||
p.unregister(name)
|
||||
tick.Stop()
|
||||
}()
|
||||
|
||||
// Do a first probe right away, so that the prober immediately exports results for everything.
|
||||
p.runProbe(ctx, name, interval, fun)
|
||||
for {
|
||||
select {
|
||||
case <-tick.Chan():
|
||||
p.runProbe(ctx, name, interval, fun)
|
||||
case <-ctx.Done():
|
||||
return
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// runProbe invokes fun and records the results.
|
||||
//
|
||||
// fun is invoked with a timeout slightly less than interval, so that
|
||||
// the probe either succeeds or fails before the next cycle is
|
||||
// scheduled to start.
|
||||
func (p *Prober) runProbe(ctx context.Context, name string, interval time.Duration, fun Probe) {
|
||||
start := p.start(name)
|
||||
defer func() {
|
||||
// Prevent a panic within one probe function from killing the
|
||||
// entire prober, so that a single buggy probe doesn't destroy
|
||||
// our entire ability to monitor anything. A panic is recorded
|
||||
// as a probe failure, so panicking probes will trigger an
|
||||
// alert for debugging.
|
||||
if r := recover(); r != nil {
|
||||
log.Printf("probe %s panicked: %v", name, r)
|
||||
p.end(name, start, errors.New("panic"))
|
||||
}
|
||||
}()
|
||||
timeout := time.Duration(float64(interval) * 0.8)
|
||||
ctx, cancel := context.WithTimeout(ctx, timeout)
|
||||
defer cancel()
|
||||
|
||||
err := fun(ctx)
|
||||
p.end(name, start, err)
|
||||
if err != nil {
|
||||
log.Printf("probe %s: %v", name, err)
|
||||
}
|
||||
}
|
||||
|
||||
func (p *Prober) registerLocked(name string, interval time.Duration) ticker {
|
||||
if _, ok := p.activeProbeCh[name]; ok {
|
||||
panic(fmt.Sprintf("probe named %q already registered", name))
|
||||
}
|
||||
|
||||
stoppedCh := make(chan struct{})
|
||||
p.activeProbeCh[name] = stoppedCh
|
||||
p.probeInterval.Get(name).Set(int64(interval.Seconds()))
|
||||
// Create and return a ticker from here, while Prober is
|
||||
// locked. This ensures that our fake time in tests always sees
|
||||
// the new fake ticker being created before seeing that a new
|
||||
// probe is registered.
|
||||
return p.newTicker(interval)
|
||||
}
|
||||
|
||||
func (p *Prober) unregister(name string) {
|
||||
p.mu.Lock()
|
||||
defer p.mu.Unlock()
|
||||
close(p.activeProbeCh[name])
|
||||
delete(p.activeProbeCh, name)
|
||||
p.lastStart.Delete(name)
|
||||
p.lastEnd.Delete(name)
|
||||
p.lastResult.Delete(name)
|
||||
p.lastLatency.Delete(name)
|
||||
p.probeInterval.Delete(name)
|
||||
}
|
||||
|
||||
func (p *Prober) start(name string) time.Time {
|
||||
st := p.now()
|
||||
p.lastStart.Get(name).Set(st.Unix())
|
||||
return st
|
||||
}
|
||||
|
||||
func (p *Prober) end(name string, start time.Time, err error) {
|
||||
end := p.now()
|
||||
p.lastEnd.Get(name).Set(end.Unix())
|
||||
p.lastLatency.Get(name).Set(end.Sub(start).Milliseconds())
|
||||
v := int64(1)
|
||||
if err != nil {
|
||||
v = 0
|
||||
}
|
||||
p.lastResult.Get(name).Set(v)
|
||||
}
|
||||
|
||||
// Reports the number of registered probes. For tests only.
|
||||
func (p *Prober) activeProbes() int {
|
||||
p.mu.Lock()
|
||||
defer p.mu.Unlock()
|
||||
return len(p.activeProbeCh)
|
||||
}
|
||||
|
||||
// ticker wraps a time.Ticker in a way that can be faked for tests.
|
||||
type ticker interface {
|
||||
Chan() <-chan time.Time
|
||||
Stop()
|
||||
}
|
||||
|
||||
type realTicker struct {
|
||||
*time.Ticker
|
||||
}
|
||||
|
||||
func (t *realTicker) Chan() <-chan time.Time {
|
||||
return t.Ticker.C
|
||||
}
|
||||
|
||||
func newRealTicker(d time.Duration) ticker {
|
||||
return &realTicker{time.NewTicker(d)}
|
||||
}
|
||||
294
prober/prober_test.go
Normal file
294
prober/prober_test.go
Normal file
@@ -0,0 +1,294 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package prober
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
"sync"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"tailscale.com/syncs"
|
||||
"tailscale.com/tstest"
|
||||
)
|
||||
|
||||
const (
|
||||
probeInterval = 8 * time.Second // So expvars that are integer numbers of seconds change
|
||||
halfProbeInterval = probeInterval / 2
|
||||
quarterProbeInterval = probeInterval / 4
|
||||
convergenceTimeout = time.Second
|
||||
convergenceSleep = time.Millisecond
|
||||
)
|
||||
|
||||
var epoch = time.Unix(0, 0)
|
||||
|
||||
func TestProberTiming(t *testing.T) {
|
||||
clk := newFakeTime()
|
||||
p := newForTest(clk.Now, clk.NewTicker)
|
||||
|
||||
invoked := make(chan struct{}, 1)
|
||||
|
||||
notCalled := func() {
|
||||
t.Helper()
|
||||
select {
|
||||
case <-invoked:
|
||||
t.Fatal("probe was invoked earlier than expected")
|
||||
default:
|
||||
}
|
||||
}
|
||||
called := func() {
|
||||
t.Helper()
|
||||
select {
|
||||
case <-invoked:
|
||||
case <-time.After(2 * time.Second):
|
||||
t.Fatal("probe wasn't invoked as expected")
|
||||
}
|
||||
}
|
||||
|
||||
p.Run("test-probe", probeInterval, func(context.Context) error {
|
||||
invoked <- struct{}{}
|
||||
return nil
|
||||
})
|
||||
|
||||
waitActiveProbes(t, p, 1)
|
||||
|
||||
called()
|
||||
notCalled()
|
||||
clk.Advance(probeInterval + halfProbeInterval)
|
||||
called()
|
||||
notCalled()
|
||||
clk.Advance(quarterProbeInterval)
|
||||
notCalled()
|
||||
clk.Advance(probeInterval)
|
||||
called()
|
||||
notCalled()
|
||||
}
|
||||
|
||||
func TestProberRun(t *testing.T) {
|
||||
clk := newFakeTime()
|
||||
p := newForTest(clk.Now, clk.NewTicker)
|
||||
|
||||
var (
|
||||
mu sync.Mutex
|
||||
cnt int
|
||||
)
|
||||
|
||||
const startingProbes = 100
|
||||
cancels := []context.CancelFunc{}
|
||||
|
||||
for i := 0; i < startingProbes; i++ {
|
||||
cancels = append(cancels, p.Run(fmt.Sprintf("probe%d", i), probeInterval, func(context.Context) error {
|
||||
mu.Lock()
|
||||
defer mu.Unlock()
|
||||
cnt++
|
||||
return nil
|
||||
}))
|
||||
}
|
||||
|
||||
checkCnt := func(want int) {
|
||||
err := tstest.WaitFor(convergenceTimeout, func() error {
|
||||
mu.Lock()
|
||||
defer mu.Unlock()
|
||||
if cnt == want {
|
||||
cnt = 0
|
||||
return nil
|
||||
}
|
||||
return fmt.Errorf("wrong number of probe counter increments, got %d want %d", cnt, want)
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
waitActiveProbes(t, p, startingProbes)
|
||||
checkCnt(startingProbes)
|
||||
clk.Advance(probeInterval + halfProbeInterval)
|
||||
checkCnt(startingProbes)
|
||||
|
||||
keep := startingProbes / 2
|
||||
|
||||
for i := keep; i < startingProbes; i++ {
|
||||
cancels[i]()
|
||||
}
|
||||
waitActiveProbes(t, p, keep)
|
||||
|
||||
clk.Advance(probeInterval)
|
||||
checkCnt(keep)
|
||||
}
|
||||
|
||||
func TestExpvar(t *testing.T) {
|
||||
clk := newFakeTime()
|
||||
p := newForTest(clk.Now, clk.NewTicker)
|
||||
|
||||
const aFewMillis = 20 * time.Millisecond
|
||||
var succeed syncs.AtomicBool
|
||||
p.Run("probe", probeInterval, func(context.Context) error {
|
||||
clk.Advance(aFewMillis)
|
||||
if succeed.Get() {
|
||||
return nil
|
||||
}
|
||||
return errors.New("failing, as instructed by test")
|
||||
})
|
||||
|
||||
waitActiveProbes(t, p, 1)
|
||||
|
||||
waitExpInt(t, p, "start_secs/probe", 0)
|
||||
waitExpInt(t, p, "end_secs/probe", 0)
|
||||
waitExpInt(t, p, "interval_secs/probe", int(probeInterval.Seconds()))
|
||||
waitExpInt(t, p, "latency_millis/probe", int(aFewMillis.Milliseconds()))
|
||||
waitExpInt(t, p, "result/probe", 0)
|
||||
|
||||
succeed.Set(true)
|
||||
clk.Advance(probeInterval + halfProbeInterval)
|
||||
|
||||
waitExpInt(t, p, "start_secs/probe", int((probeInterval + halfProbeInterval).Seconds()))
|
||||
waitExpInt(t, p, "end_secs/probe", int((probeInterval + halfProbeInterval).Seconds()))
|
||||
waitExpInt(t, p, "interval_secs/probe", int(probeInterval.Seconds()))
|
||||
waitExpInt(t, p, "latency_millis/probe", int(aFewMillis.Milliseconds()))
|
||||
waitExpInt(t, p, "result/probe", 1)
|
||||
}
|
||||
|
||||
type fakeTicker struct {
|
||||
ch chan time.Time
|
||||
interval time.Duration
|
||||
|
||||
sync.Mutex
|
||||
next time.Time
|
||||
stopped bool
|
||||
}
|
||||
|
||||
func (t *fakeTicker) Chan() <-chan time.Time {
|
||||
return t.ch
|
||||
}
|
||||
|
||||
func (t *fakeTicker) Stop() {
|
||||
t.Lock()
|
||||
defer t.Unlock()
|
||||
t.stopped = true
|
||||
}
|
||||
|
||||
func (t *fakeTicker) fire(now time.Time) {
|
||||
t.Lock()
|
||||
defer t.Unlock()
|
||||
// Slight deviation from the stdlib ticker: time.Ticker will
|
||||
// adjust t.next to make up for missed ticks, whereas we tick on a
|
||||
// fixed interval regardless of receiver behavior. In our case
|
||||
// this is fine, since we're using the ticker as a wakeup
|
||||
// mechanism and not a precise timekeeping system.
|
||||
select {
|
||||
case t.ch <- now:
|
||||
default:
|
||||
}
|
||||
t.next = now.Add(t.interval)
|
||||
}
|
||||
|
||||
type fakeTime struct {
|
||||
sync.Mutex
|
||||
*sync.Cond
|
||||
curTime time.Time
|
||||
tickers []*fakeTicker
|
||||
}
|
||||
|
||||
func newFakeTime() *fakeTime {
|
||||
ret := &fakeTime{
|
||||
curTime: epoch,
|
||||
}
|
||||
ret.Cond = &sync.Cond{L: &ret.Mutex}
|
||||
ret.Advance(time.Duration(1)) // so that Now never IsZero
|
||||
return ret
|
||||
}
|
||||
|
||||
func (t *fakeTime) Now() time.Time {
|
||||
t.Lock()
|
||||
defer t.Unlock()
|
||||
ret := t.curTime
|
||||
// so that time always seems to advance for the program under test
|
||||
t.curTime = t.curTime.Add(time.Microsecond)
|
||||
return ret
|
||||
}
|
||||
|
||||
func (t *fakeTime) NewTicker(d time.Duration) ticker {
|
||||
t.Lock()
|
||||
defer t.Unlock()
|
||||
ret := &fakeTicker{
|
||||
ch: make(chan time.Time, 1),
|
||||
interval: d,
|
||||
next: t.curTime.Add(d),
|
||||
}
|
||||
t.tickers = append(t.tickers, ret)
|
||||
t.Cond.Broadcast()
|
||||
return ret
|
||||
}
|
||||
|
||||
func (t *fakeTime) Advance(d time.Duration) {
|
||||
t.Lock()
|
||||
defer t.Unlock()
|
||||
t.curTime = t.curTime.Add(d)
|
||||
for _, tick := range t.tickers {
|
||||
if t.curTime.After(tick.next) {
|
||||
tick.fire(t.curTime)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func waitExpInt(t *testing.T, p *Prober, path string, want int) {
|
||||
t.Helper()
|
||||
err := tstest.WaitFor(convergenceTimeout, func() error {
|
||||
got, ok := getExpInt(t, p, path)
|
||||
if !ok {
|
||||
return fmt.Errorf("expvar %q did not get set", path)
|
||||
}
|
||||
if got != want {
|
||||
return fmt.Errorf("expvar %q is %d, want %d", path, got, want)
|
||||
}
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func getExpInt(t *testing.T, p *Prober, path string) (ret int, ok bool) {
|
||||
t.Helper()
|
||||
s := p.Expvar().String()
|
||||
dec := map[string]interface{}{}
|
||||
if err := json.Unmarshal([]byte(s), &dec); err != nil {
|
||||
t.Fatalf("couldn't unmarshal expvar data: %v", err)
|
||||
}
|
||||
var v interface{} = dec
|
||||
for _, d := range strings.Split(path, "/") {
|
||||
m, ok := v.(map[string]interface{})
|
||||
if !ok {
|
||||
t.Fatalf("expvar path %q ended early with a leaf value", path)
|
||||
}
|
||||
child, ok := m[d]
|
||||
if !ok {
|
||||
return 0, false
|
||||
}
|
||||
v = child
|
||||
}
|
||||
f, ok := v.(float64)
|
||||
if !ok {
|
||||
return 0, false
|
||||
}
|
||||
return int(f), true
|
||||
}
|
||||
|
||||
func waitActiveProbes(t *testing.T, p *Prober, want int) {
|
||||
t.Helper()
|
||||
err := tstest.WaitFor(convergenceTimeout, func() error {
|
||||
if got := p.activeProbes(); got != want {
|
||||
return fmt.Errorf("active probe count is %d, want %d", got, want)
|
||||
}
|
||||
return nil
|
||||
})
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
}
|
||||
30
prober/tcp.go
Normal file
30
prober/tcp.go
Normal file
@@ -0,0 +1,30 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package prober
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net"
|
||||
)
|
||||
|
||||
// TCP returns a Probe that healthchecks a TCP endpoint.
|
||||
//
|
||||
// The Probe reports whether it can successfully connect to addr.
|
||||
func TCP(addr string) Probe {
|
||||
return func(ctx context.Context) error {
|
||||
return probeTCP(ctx, addr)
|
||||
}
|
||||
}
|
||||
|
||||
func probeTCP(ctx context.Context, addr string) error {
|
||||
var d net.Dialer
|
||||
conn, err := d.DialContext(ctx, "tcp", addr)
|
||||
if err != nil {
|
||||
return fmt.Errorf("dialing %q: %v", addr, err)
|
||||
}
|
||||
conn.Close()
|
||||
return nil
|
||||
}
|
||||
46
prober/tls.go
Normal file
46
prober/tls.go
Normal file
@@ -0,0 +1,46 @@
|
||||
// Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style
|
||||
// license that can be found in the LICENSE file.
|
||||
|
||||
package prober
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"fmt"
|
||||
"net"
|
||||
"time"
|
||||
)
|
||||
|
||||
// TLS returns a Probe that healthchecks a TLS endpoint.
|
||||
//
|
||||
// The Probe connects to hostname, does a TLS handshake, verifies that
|
||||
// the hostname matches the presented certificate, and that the
|
||||
// certificate expires in more than 7 days from the probe time.
|
||||
func TLS(hostname string) Probe {
|
||||
return func(ctx context.Context) error {
|
||||
return probeTLS(ctx, hostname)
|
||||
}
|
||||
}
|
||||
|
||||
func probeTLS(ctx context.Context, hostname string) error {
|
||||
var d net.Dialer
|
||||
conn, err := tls.DialWithDialer(&d, "tcp", hostname+":443", nil)
|
||||
if err != nil {
|
||||
return fmt.Errorf("connecting to %q: %w", hostname, err)
|
||||
}
|
||||
if err := conn.Handshake(); err != nil {
|
||||
return fmt.Errorf("TLS handshake error with %q: %w", hostname, err)
|
||||
}
|
||||
if err := conn.VerifyHostname(hostname); err != nil {
|
||||
return fmt.Errorf("Host %q TLS verification failed: %w", hostname, err)
|
||||
}
|
||||
|
||||
latestAllowedExpiration := time.Now().Add(7 * 24 * time.Hour) // 7 days from now
|
||||
if expires := conn.ConnectionState().PeerCertificates[0].NotAfter; latestAllowedExpiration.After(expires) {
|
||||
left := expires.Sub(time.Now())
|
||||
return fmt.Errorf("TLS certificate for %q expires in %v", hostname, left)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -407,7 +407,7 @@ main() {
|
||||
exit 1
|
||||
fi
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
if ! type gpg >/dev/null; then
|
||||
if [ "$APT_KEY_TYPE" = "legacy" ] && ! type gpg >/dev/null; then
|
||||
$SUDO apt-get update
|
||||
$SUDO apt-get install -y gnupg
|
||||
fi
|
||||
|
||||
@@ -42,7 +42,7 @@ func (ctx *sshContext) Err() error {
|
||||
|
||||
func (ctx *sshContext) Done() <-chan struct{} { return ctx.done }
|
||||
func (ctx *sshContext) Deadline() (deadline time.Time, ok bool) { return }
|
||||
func (ctx *sshContext) Value(interface{}) interface{} { return nil }
|
||||
func (ctx *sshContext) Value(any) any { return nil }
|
||||
|
||||
// userVisibleError is a wrapper around an error that implements
|
||||
// SSHTerminationError, so msg is written to their session.
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user