VERSION.txt: this is v1.10.2.

ipn/localapi: fix inability to receive taildrop files w/ escaped names
The localapi was double-unescaping: once by net/http populating the URL, and once by ourselves later. We need to start with the raw escaped URL if we're doing it ourselves. Started to write a test but it got invasive. Will have to add those tests later in a commit that's not being cherry-picked to a release branch. Fixes #2288 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit 98ad7f279c)
2021-07-15 17:26:30 -07:00 · 2021-07-13 15:40:49 -07:00 · 2021-07-13 15:40:18 -07:00 · 2021-07-02 14:47:07 -07:00 · 2021-07-02 13:55:02 -07:00 · 2021-07-02 13:51:10 -07:00
7 changed files with 153 additions and 8 deletions
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-1.9.0
+1.10.2
--- a/internal/deephash/deephash.go
+++ b/internal/deephash/deephash.go
@@ -24,8 +24,12 @@ func calcHash(v interface{}) string {
 	printTo(b, v, scratch)
 	b.Flush()
 	scratch = h.Sum(scratch[:0])
-	hex.Encode(scratch[:cap(scratch)], scratch[:sha256.Size])
-	return string(scratch[:sha256.Size*2])
+	// The first sha256.Size bytes contain the hash.
+	// Hex-encode that into the next sha256.Size*2 bytes.
+	src := scratch[:sha256.Size]
+	dst := scratch[sha256.Size:cap(scratch)]
+	n := hex.Encode(dst, src)
+	return string(dst[:n])
 }

 // UpdateHash sets last to the hash of v and reports whether its value changed.
--- a/internal/deephash/deephash_test.go
+++ b/internal/deephash/deephash_test.go
@@ -134,3 +134,14 @@ func BenchmarkHashMapAcyclic(b *testing.B) {
 		}
 	}
 }
+
+func TestExhaustive(t *testing.T) {
+	seen := make(map[string]bool)
+	for i := 0; i < 100000; i++ {
+		s := calcHash(i)
+		if seen[s] {
+			t.Fatalf("hash collision %v", i)
+		}
+		seen[s] = true
+	}
+}
--- a/ipn/ipnlocal/local.go
+++ b/ipn/ipnlocal/local.go
@@ -757,6 +757,12 @@ func (b *LocalBackend) Start(opts ipn.Options) error {
 		newPrefs := opts.UpdatePrefs
 		newPrefs.Persist = b.prefs.Persist
 		b.prefs = newPrefs
+
+		if opts.StateKey != "" {
+			if err := b.store.WriteState(opts.StateKey, b.prefs.ToBytes()); err != nil {
+				b.logf("failed to save UpdatePrefs state: %v", err)
+			}
+		}
 	}

 	wantRunning := b.prefs.WantRunning
@@ -2213,7 +2219,7 @@ func (b *LocalBackend) enterState(newState ipn.State) {
 		b.e.RequestStatus()
 	case ipn.Running:
 		var addrs []string
-		for _, addr := range b.netMap.Addresses {
+		for _, addr := range netMap.Addresses {
 			addrs = append(addrs, addr.IP().String())
 		}
 		systemd.Status("Connected; %s; %s", activeLogin, strings.Join(addrs, " "))
--- a/ipn/localapi/localapi.go
+++ b/ipn/localapi/localapi.go
@@ -264,7 +264,7 @@ func (h *Handler) serveFiles(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "file access denied", http.StatusForbidden)
 		return
 	}
-	suffix := strings.TrimPrefix(r.URL.Path, "/localapi/v0/files/")
+	suffix := strings.TrimPrefix(r.URL.EscapedPath(), "/localapi/v0/files/")
 	if suffix == "" {
 		if r.Method != "GET" {
 			http.Error(w, "want GET to list files", 400)
--- a/wgengine/netstack/netstack.go
+++ b/wgengine/netstack/netstack.go
@@ -177,21 +177,33 @@ type DNSMap map[string]netaddr.IP
 func DNSMapFromNetworkMap(nm *netmap.NetworkMap) DNSMap {
 	ret := make(DNSMap)
 	suffix := nm.MagicDNSSuffix()
-
+	have4 := false
 	if nm.Name != "" && len(nm.Addresses) > 0 {
 		ip := nm.Addresses[0].IP()
 		ret[strings.TrimRight(nm.Name, ".")] = ip
 		if dnsname.HasSuffix(nm.Name, suffix) {
 			ret[dnsname.TrimSuffix(nm.Name, suffix)] = ip
 		}
+		for _, a := range nm.Addresses {
+			if a.IP().Is4() {
+				have4 = true
+			}
+		}
 	}
 	for _, p := range nm.Peers {
-		if p.Name != "" && len(p.Addresses) > 0 {
-			ip := p.Addresses[0].IP()
+		if p.Name == "" {
+			continue
+		}
+		for _, a := range p.Addresses {
+			ip := a.IP()
+			if ip.Is4() && !have4 {
+				continue
+			}
 			ret[strings.TrimRight(p.Name, ".")] = ip
 			if dnsname.HasSuffix(p.Name, suffix) {
 				ret[dnsname.TrimSuffix(p.Name, suffix)] = ip
 			}
+			break
 		}
 	}
 	return ret
--- a/wgengine/netstack/netstack_test.go
+++ b/wgengine/netstack/netstack_test.go
@@ -0,0 +1,112 @@
+// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package netstack
+
+import (
+	"reflect"
+	"testing"
+
+	"inet.af/netaddr"
+	"tailscale.com/tailcfg"
+	"tailscale.com/types/netmap"
+)
+
+func TestDNSMapFromNetworkMap(t *testing.T) {
+	pfx := netaddr.MustParseIPPrefix
+	ip := netaddr.MustParseIP
+	tests := []struct {
+		name string
+		nm   *netmap.NetworkMap
+		want DNSMap
+	}{
+		{
+			name: "self",
+			nm: &netmap.NetworkMap{
+				Name: "foo.tailnet",
+				Addresses: []netaddr.IPPrefix{
+					pfx("100.102.103.104/32"),
+					pfx("100::123/128"),
+				},
+			},
+			want: DNSMap{
+				"foo":         ip("100.102.103.104"),
+				"foo.tailnet": ip("100.102.103.104"),
+			},
+		},
+		{
+			name: "self_and_peers",
+			nm: &netmap.NetworkMap{
+				Name: "foo.tailnet",
+				Addresses: []netaddr.IPPrefix{
+					pfx("100.102.103.104/32"),
+					pfx("100::123/128"),
+				},
+				Peers: []*tailcfg.Node{
+					{
+						Name: "a.tailnet",
+						Addresses: []netaddr.IPPrefix{
+							pfx("100.0.0.201/32"),
+							pfx("100::201/128"),
+						},
+					},
+					{
+						Name: "b.tailnet",
+						Addresses: []netaddr.IPPrefix{
+							pfx("100::202/128"),
+						},
+					},
+				},
+			},
+			want: DNSMap{
+				"foo":         ip("100.102.103.104"),
+				"foo.tailnet": ip("100.102.103.104"),
+				"a":           ip("100.0.0.201"),
+				"a.tailnet":   ip("100.0.0.201"),
+				"b":           ip("100::202"),
+				"b.tailnet":   ip("100::202"),
+			},
+		},
+		{
+			name: "self_has_v6_only",
+			nm: &netmap.NetworkMap{
+				Name: "foo.tailnet",
+				Addresses: []netaddr.IPPrefix{
+					pfx("100::123/128"),
+				},
+				Peers: []*tailcfg.Node{
+					{
+						Name: "a.tailnet",
+						Addresses: []netaddr.IPPrefix{
+							pfx("100.0.0.201/32"),
+							pfx("100::201/128"),
+						},
+					},
+					{
+						Name: "b.tailnet",
+						Addresses: []netaddr.IPPrefix{
+							pfx("100::202/128"),
+						},
+					},
+				},
+			},
+			want: DNSMap{
+				"foo":         ip("100::123"),
+				"foo.tailnet": ip("100::123"),
+				"a":           ip("100::201"),
+				"a.tailnet":   ip("100::201"),
+				"b":           ip("100::202"),
+				"b.tailnet":   ip("100::202"),
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := DNSMapFromNetworkMap(tt.nm)
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("mismatch:\n got %v\nwant %v\n", got, tt.want)
+			}
+		})
+	}
+}
Author	SHA1	Message	Date
David Anderson	36fe8addc3	VERSION.txt: this is v1.10.2.	2021-07-15 17:26:30 -07:00
Brad Fitzpatrick	a1031fb717	ipn/localapi: fix inability to receive taildrop files w/ escaped names The localapi was double-unescaping: once by net/http populating the URL, and once by ourselves later. We need to start with the raw escaped URL if we're doing it ourselves. Started to write a test but it got invasive. Will have to add those tests later in a commit that's not being cherry-picked to a release branch. Fixes #2288 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `98ad7f279c`)	2021-07-13 15:40:49 -07:00
Brad Fitzpatrick	57b3f17265	ipn/ipnlocal: save prefs to disk on UpdatePrefs Regression from `6d10655dc3`, which added UpdatePrefs but didn't write it out to disk. I'd planned on adding tests to state_test.go which is why I'd earlier added `46896a9311` to prepare for making such persistence tests easier to write, but turns out state_test.go didn't even test UpdatePrefs, so I'm staying out of there. Instead, this is tested using integration tests. Fixes #2321 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `01e159b610`)	2021-07-13 15:40:18 -07:00
David Crawshaw	cd3fd076cc	VERSION.txt: this is v1.10.1 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	2021-07-02 14:47:07 -07:00
Josh Bleecher Snyder	abdc0aec75	internal/deephash: 8 bits of output is not enough Running hex.Encode(b, b) is a bad idea. The first byte of input will overwrite the first two bytes of output. Subsequent bytes have no impact on the output. Not related to today's IPv6 bug, but...wh::ps. This caused us to spuriously ignore some wireguard config updates. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> (cherry picked from commit `7f095617f2`)	2021-07-02 13:55:02 -07:00
Brad Fitzpatrick	39015a43da	wgengine/netstack: make SOCKS5 resolve names to IPv6 if self node when no IPv4 For instance, ephemeral nodes with only IPv6 addresses can now SOCKS5-dial out to names like "foo" and resolve foo's IPv6 address rather than foo's IPv4 address and get a "no route" (*tcpip.ErrNoRoute) error from netstack's dialer. Per https://github.com/tailscale/tailscale/issues/2268#issuecomment-870027626 which is only part of the isuse. Updates #2268 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `722859b476`)	2021-07-02 13:51:10 -07:00
Josh Bleecher Snyder	506476059a	ipn/ipnlocal: fix data race We can't access b.netMap without holding b.mu. We already grabbed it earlier in the function with the lock held. Introduced in Nov 2020 in `7ea809897d`. Discovered during stress testing. Apparently it's a pretty rare? Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> (cherry picked from commit `f11a8928a6`)	2021-07-01 12:40:16 -07:00
David Anderson	405ea978f8	VERSION.txt: this is 1.10.0 Signed-off-by: David Anderson <danderson@tailscale.com>	2021-06-24 15:32:15 -07:00
@@ -1 +1 @@
 .9.0
 .10.2