cmd/tailscale: add web subcommand

Used as an app frontend UI on Synology.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -2,7 +2,36 @@
 name: Bug report
 about: Create a bug report
 title: ''
-labels: 'needs-triage'
+labels: ''
 assignees: ''
 
 ---
+
+<!-- Please note, this template is for definite bugs, not requests for
+support. If you need help with Tailscale, please email
+support@tailscale.com. We don't provide support via Github issues. -->
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Version information:**
+ - Device: [e.g. iPhone X, laptop]
+ - OS: [e.g. Windows, MacOS]
+ - OS version: [e.g. Windows 10, Ubuntu 18.04]
+ - Tailscale version: [e.g. 0.95-0]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -2,6 +2,25 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: 'needs-triage'
+labels: ''
 assignees: ''
+
 ---
+
+**Is your feature request related to a problem? Please describe.**
+
+A clear and concise description of what the problem is. Ex. I'm always
+frustrated when [...]
+
+**Describe the solution you'd like**
+
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+
+A clear and concise description of any alternative solutions or
+features you've considered.
+
+**Additional context**
+
+Add any other context or screenshots about the feature request here.

.github/workflows/coverage.yml

@@ -0,0 +1,48 @@
+name: Code Coverage
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    if: "!contains(github.event.head_commit.message, '[ci skip]')"
+
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.16
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v1
+
+      # https://markphelps.me/2019/11/speed-up-your-go-builds-with-actions-cache/
+    - name: Restore Cache
+      uses: actions/cache@preview
+      id: cache
+      with:
+        path: ~/go/pkg/mod
+        key: ${{ runner.os }}-${{ hashFiles('**/go.sum') }}
+
+    - name: Basic build
+      run: go build ./cmd/...
+
+    - name: Run tests on linux with coverage data
+      run: go test -race -coverprofile=coverage.txt -bench=. -benchtime=1x ./...
+
+    - name: coveralls.io
+      uses: shogo82148/actions-goveralls@v1
+      env:
+        COVERALLS_TOKEN: ${{ secrets.COVERALLS_TOKEN }}
+        GITHUB_TOKEN: ${{ secrets.COVERALLS_BOT_PUBLIC_REPO_TOKEN }}
+      with:
+        path-to-profile: ./coverage.txt

.github/workflows/cross-darwin.yml

@@ -0,0 +1,53 @@
+name: Darwin-Cross
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    if: "!contains(github.event.head_commit.message, '[ci skip]')"
+
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.16
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v1
+
+    - name: macOS build cmd
+      env:
+        GOOS: darwin
+        GOARCH: amd64
+      run: go build ./cmd/...
+
+    - name: macOS build tests
+      env:
+        GOOS: darwin
+        GOARCH: amd64
+      run: for d in $(go list -f '{{if .TestGoFiles}}{{.Dir}}{{end}}' ./... ); do (echo $d; cd $d && go test -c ); done
+
+    - uses: k0kubun/action-slack@v2.0.0
+      with:
+        payload: |
+          {
+            "attachments": [{
+              "text": "${{ job.status }}: ${{ github.workflow }} <https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks|${{ env.COMMIT_DATE }} #${{ env.COMMIT_NUMBER_OF_DAY }}> " +
+                      "(<https://github.com/${{ github.repository }}/commit/${{ github.sha }}|" + "${{ github.sha }}".substring(0, 10) + ">) " +
+                      "of ${{ github.repository }}@" + "${{ github.ref }}".split('/').reverse()[0] + " by ${{ github.event.head_commit.committer.name }}",
+              "color": "danger"
+            }]
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      if: failure() && github.event_name == 'push'

.github/workflows/cross-freebsd.yml

@@ -0,0 +1,53 @@
+name: FreeBSD-Cross
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    if: "!contains(github.event.head_commit.message, '[ci skip]')"
+
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.16
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v1
+
+    - name: FreeBSD build cmd
+      env:
+        GOOS: freebsd
+        GOARCH: amd64
+      run: go build ./cmd/...
+
+    - name: FreeBSD build tests
+      env:
+        GOOS: freebsd
+        GOARCH: amd64
+      run: for d in $(go list -f '{{if .TestGoFiles}}{{.Dir}}{{end}}' ./... ); do (echo $d; cd $d && go test -c ); done
+
+    - uses: k0kubun/action-slack@v2.0.0
+      with:
+        payload: |
+          {
+            "attachments": [{
+              "text": "${{ job.status }}: ${{ github.workflow }} <https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks|${{ env.COMMIT_DATE }} #${{ env.COMMIT_NUMBER_OF_DAY }}> " +
+                      "(<https://github.com/${{ github.repository }}/commit/${{ github.sha }}|" + "${{ github.sha }}".substring(0, 10) + ">) " +
+                      "of ${{ github.repository }}@" + "${{ github.ref }}".split('/').reverse()[0] + " by ${{ github.event.head_commit.committer.name }}",
+              "color": "danger"
+            }]
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      if: failure() && github.event_name == 'push'

.github/workflows/cross-openbsd.yml

@@ -0,0 +1,53 @@
+name: OpenBSD-Cross
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    if: "!contains(github.event.head_commit.message, '[ci skip]')"
+
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.16
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v1
+
+    - name: OpenBSD build cmd
+      env:
+        GOOS: openbsd
+        GOARCH: amd64
+      run: go build ./cmd/...
+
+    - name: OpenBSD build tests
+      env:
+        GOOS: openbsd
+        GOARCH: amd64
+      run: for d in $(go list -f '{{if .TestGoFiles}}{{.Dir}}{{end}}' ./... ); do (echo $d; cd $d && go test -c ); done
+
+    - uses: k0kubun/action-slack@v2.0.0
+      with:
+        payload: |
+          {
+            "attachments": [{
+              "text": "${{ job.status }}: ${{ github.workflow }} <https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks|${{ env.COMMIT_DATE }} #${{ env.COMMIT_NUMBER_OF_DAY }}> " +
+                      "(<https://github.com/${{ github.repository }}/commit/${{ github.sha }}|" + "${{ github.sha }}".substring(0, 10) + ">) " +
+                      "of ${{ github.repository }}@" + "${{ github.ref }}".split('/').reverse()[0] + " by ${{ github.event.head_commit.committer.name }}",
+              "color": "danger"
+            }]
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      if: failure() && github.event_name == 'push'

.github/workflows/cross-windows.yml

@@ -0,0 +1,53 @@
+name: Windows-Cross
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    if: "!contains(github.event.head_commit.message, '[ci skip]')"
+
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.16
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v1
+
+    - name: Windows build cmd
+      env:
+        GOOS: windows
+        GOARCH: amd64
+      run: go build ./cmd/...
+
+    - name: Windows build tests
+      env:
+        GOOS: windows
+        GOARCH: amd64
+      run: for d in $(go list -f '{{if .TestGoFiles}}{{.Dir}}{{end}}' ./... ); do (echo $d; cd $d && go test -c ); done
+
+    - uses: k0kubun/action-slack@v2.0.0
+      with:
+        payload: |
+          {
+            "attachments": [{
+              "text": "${{ job.status }}: ${{ github.workflow }} <https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks|${{ env.COMMIT_DATE }} #${{ env.COMMIT_NUMBER_OF_DAY }}> " +
+                      "(<https://github.com/${{ github.repository }}/commit/${{ github.sha }}|" + "${{ github.sha }}".substring(0, 10) + ">) " +
+                      "of ${{ github.repository }}@" + "${{ github.ref }}".split('/').reverse()[0] + " by ${{ github.event.head_commit.committer.name }}",
+              "color": "danger"
+            }]
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      if: failure() && github.event_name == 'push'

.github/workflows/depaware.yml

@@ -0,0 +1,28 @@
+name: depaware
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.16
+
+    - name: Check out code
+      uses: actions/checkout@v1
+
+    - name: depaware tailscaled
+      run: go run github.com/tailscale/depaware --check tailscale.com/cmd/tailscaled
+
+    - name: depaware tailscale
+      run: go run github.com/tailscale/depaware --check tailscale.com/cmd/tailscale

.github/workflows/license.yml

@@ -0,0 +1,40 @@
+name: license
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.16
+
+    - name: Check out code
+      uses: actions/checkout@v1
+
+    - name: Run license checker
+      run: ./scripts/check_license_headers.sh .
+
+    - uses: k0kubun/action-slack@v2.0.0
+      with:
+        payload: |
+          {
+            "attachments": [{
+              "text": "${{ job.status }}: ${{ github.workflow }} <https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks|${{ env.COMMIT_DATE }} #${{ env.COMMIT_NUMBER_OF_DAY }}> " +
+                      "(<https://github.com/${{ github.repository }}/commit/${{ github.sha }}|" + "${{ github.sha }}".substring(0, 10) + ">) " +
+                      "of ${{ github.repository }}@" + "${{ github.ref }}".split('/').reverse()[0] + " by ${{ github.event.head_commit.committer.name }}",
+              "color": "danger"
+            }]
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      if: failure() && github.event_name == 'push'

.github/workflows/linux.yml

@@ -1,4 +1,4 @@
-name: Windows race
+name: Linux
 
 on:
   push:
@@ -9,34 +9,27 @@ on:
       - '*'
 
 jobs:
-  test:
-    runs-on: windows-latest
+  build:
+    runs-on: ubuntu-latest
 
     if: "!contains(github.event.head_commit.message, '[ci skip]')"
 
     steps:
 
-    - name: Install Go
-      uses: actions/setup-go@v2
+    - name: Set up Go
+      uses: actions/setup-go@v1
       with:
-        go-version: 1.16.x
+        go-version: 1.16
+      id: go
 
-    - name: Checkout code
-      uses: actions/checkout@v2
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v1
 
-    - name: Restore Cache
-      uses: actions/cache@v2
-      with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go-
+    - name: Basic build
+      run: go build ./cmd/...
 
-    - name: Test with -race flag
-      # Don't use -bench=. -benchtime=1x.
-      # Somewhere in the layers (powershell?)
-      # the equals signs cause great confusion.
-      run: go test -race -bench . -benchtime 1x -timeout 5m -v ./...
+    - name: Run tests on linux
+      run: go test ./...
 
     - uses: k0kubun/action-slack@v2.0.0
       with:

.github/workflows/linux32.yml

@@ -0,0 +1,48 @@
+name: Linux 32-bit
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    if: "!contains(github.event.head_commit.message, '[ci skip]')"
+
+    steps:
+
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.16
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v1
+
+    - name: Basic build
+      run: GOARCH=386 go build ./cmd/...
+
+    - name: Run tests on linux
+      run: GOARCH=386 go test ./...
+
+    - uses: k0kubun/action-slack@v2.0.0
+      with:
+        payload: |
+          {
+            "attachments": [{
+              "text": "${{ job.status }}: ${{ github.workflow }} <https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks|${{ env.COMMIT_DATE }} #${{ env.COMMIT_NUMBER_OF_DAY }}> " +
+                      "(<https://github.com/${{ github.repository }}/commit/${{ github.sha }}|" + "${{ github.sha }}".substring(0, 10) + ">) " +
+                      "of ${{ github.repository }}@" + "${{ github.ref }}".split('/').reverse()[0] + " by ${{ github.event.head_commit.committer.name }}",
+              "color": "danger"
+            }]
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      if: failure() && github.event_name == 'push'
+

.github/workflows/staticcheck.yml

@@ -0,0 +1,46 @@
+name: staticcheck
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Set up Go
+      uses: actions/setup-go@v1
+      with:
+        go-version: 1.16
+
+    - name: Check out code
+      uses: actions/checkout@v1
+
+    - name: Run go vet
+      run: go vet ./...
+
+    - name: Print staticcheck version
+      run: go run honnef.co/go/tools/cmd/staticcheck -version
+
+    - name: Run staticcheck
+      run: "go run honnef.co/go/tools/cmd/staticcheck -- $(go list ./... | grep -v tempfork)"
+
+    - uses: k0kubun/action-slack@v2.0.0
+      with:
+        payload: |
+          {
+            "attachments": [{
+              "text": "${{ job.status }}: ${{ github.workflow }} <https://github.com/${{ github.repository }}/commit/${{ github.sha }}/checks|${{ env.COMMIT_DATE }} #${{ env.COMMIT_NUMBER_OF_DAY }}> " +
+                      "(<https://github.com/${{ github.repository }}/commit/${{ github.sha }}|" + "${{ github.sha }}".substring(0, 10) + ">) " +
+                      "of ${{ github.repository }}@" + "${{ github.ref }}".split('/').reverse()[0] + " by ${{ github.event.head_commit.committer.name }}",
+              "color": "danger"
+            }]
+          }
+      env:
+        SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+      if: failure() && github.event_name == 'push'

.github/workflows/windows.yml

@@ -33,10 +33,7 @@ jobs:
           ${{ runner.os }}-go-
 
     - name: Test
-      # Don't use -bench=. -benchtime=1x.
-      # Somewhere in the layers (powershell?)
-      # the equals signs cause great confusion.
-      run: go test -bench . -benchtime 1x ./...
+      run: go test ./...
 
     - uses: k0kubun/action-slack@v2.0.0
       with:

Dockerfile

@@ -42,7 +42,8 @@ FROM golang:1.16-alpine AS build-env
 
 WORKDIR /go/src/tailscale
 
-COPY go.mod go.sum ./
+COPY go.mod .
+COPY go.sum .
 RUN go mod download
 
 COPY . .

VERSION.txt

@@ -1 +1 @@
-1.13.0
+1.7.0

api.md

@@ -367,11 +367,10 @@ Etag: "e0b2816b418b3f266309d94426ac7668ab3c1fa87798785bf82f1085cc2f6d9c"
 
 #### `POST /api/v2/tailnet/:tailnet/acl` - set ACL for a tailnet
 
-Sets the ACL for the given domain.
-HuJSON and JSON are both accepted inputs.
-An `If-Match` header can be set to avoid missed updates.
+Sets the ACL for the given tailnet. HuJSON and JSON are both accepted inputs. An `If-Match` header can be set to avoid missed updates.
 
-Returns the updated ACL in JSON or HuJSON according to the `Accept` header on success. Otherwise, errors are returned for incorrectly defined ACLs, ACLs with failing tests on attempted updates, and mismatched `If-Match` header and ETag.
+Returns error for invalid ACLs.
+Returns error if using an `If-Match` header and the ETag does not match.
 
 ##### Parameters
 
@@ -381,17 +380,7 @@ Returns the updated ACL in JSON or HuJSON according to the `Accept` header on su
 `Accept` - Sets the return type of the updated ACL. Response is parsed `JSON` if `application/json` is explicitly named, otherwise HuJSON will be returned.
 
 ###### POST Body
-
-The POST body should be a JSON or [HuJSON](https://github.com/tailscale/hujson#hujson---human-json) formatted JSON object.
-An ACL policy may contain the following top-level properties:
-
-* `Groups` - Static groups of users which can be used for ACL rules.
-* `Hosts` - Hostname aliases to use in place of IP addresses or subnets.
-* `ACLs` - Access control lists.
-* `TagOwners` - Defines who is allowed to use which tags.
-* `Tests` - Run on ACL updates to check correct functionality of defined ACLs.
-
-See https://tailscale.com/kb/1018/acls for more information on those properties.
+ACL JSON or HuJSON (see https://tailscale.com/kb/1018/acls)
 
 ##### Example
 ```
@@ -422,7 +411,7 @@ curl 'https://api.tailscale.com/api/v2/tailnet/example.com/acl' \
 }'
 ```
 
-Response:
+Response
 ```
 // Example/default ACLs for unrestricted connections.
 {
@@ -447,40 +436,23 @@ Response:
 }
 ```
 
-Failed test error response:
-```
-{
-    "message": "test(s) failed",
-    "data": [
-        {
-            "user": "user1@example.com",
-            "errors": [
-                "address \"user2@example.com:400\": want: Accept, got: Drop"
-            ]
-        }
-    ]
-}
-```
-
 <a name=tailnet-acl-preview-post></a>
 
 #### `POST /api/v2/tailnet/:tailnet/acl/preview` - preview rule matches on an ACL for a resource
-
 Determines what rules match for a user on an ACL without saving the ACL to the server.
 
 ##### Parameters
 
 ###### Query Parameters
-`type` - can be 'user' or 'ipport'
-`previewFor` - if type=user, a user's email. If type=ipport, a IP address + port like "10.0.0.1:80".
-The provided ACL is queried with this paramater to determine which rules match.
+`user` - A user's email. The provided ACL is queried with this user to determine which rules match.
 
 ###### POST Body
 ACL JSON or HuJSON (see https://tailscale.com/kb/1018/acls)
 
 ##### Example
 ```
-curl 'https://api.tailscale.com/api/v2/tailnet/example.com/acl/preview?previewFor=user1@example.com&type=user' \
+POST /api/v2/tailnet/example.com/acl/preiew
+curl 'https://api.tailscale.com/api/v2/tailnet/example.com/acl?user=user1@example.com' \
   -u "tskey-yourapikey123:" \
   --data-binary '// Example/default ACLs for unrestricted connections.
 {
@@ -505,7 +477,7 @@ curl 'https://api.tailscale.com/api/v2/tailnet/example.com/acl/preview?previewFo
 }'
 ```
 
-Response:
+Response
 ```
 {"matches":[{"users":["*"],"ports":["*:*"],"lineNumber":19}],"user":"user1@example.com"}
 ```

build_dist.sh

@@ -11,36 +11,6 @@
 
 set -eu
 
-IFS=".$IFS" read -r major minor patch <VERSION.txt
-git_hash=$(git rev-parse HEAD)
-if ! git diff-index --quiet HEAD; then
-	git_hash="${git_hash}-dirty"
-fi
-base_hash=$(git rev-list --max-count=1 HEAD -- VERSION.txt)
-change_count=$(git rev-list --count HEAD "^$base_hash")
-short_hash=$(echo "$git_hash" | cut -c1-9)
+eval $(./version/version.sh)
 
-if expr "$minor" : "[0-9]*[13579]$" >/dev/null; then
-	patch="$change_count"
-	change_suffix=""
-elif [ "$change_count" != "0" ]; then
-	change_suffix="-$change_count"
-else
-	change_suffix=""
-fi
-
-long_suffix="$change_suffix-t$short_hash"
-SHORT="$major.$minor.$patch"
-LONG="${SHORT}$long_suffix"
-GIT_HASH="$git_hash"
-
-if [ "$1" = "shellvars" ]; then
-	cat <<EOF
-VERSION_SHORT="$SHORT"
-VERSION_LONG="$LONG"
-VERSION_GIT_HASH="$GIT_HASH"
-EOF
-	exit 0
-fi
-
-exec go build -ldflags "-X tailscale.com/version.Long=${LONG} -X tailscale.com/version.Short=${SHORT} -X tailscale.com/version.GitCommit=${GIT_HASH}" "$@"
+exec go build -tags xversion -ldflags "-X tailscale.com/version.Long=${VERSION_LONG} -X tailscale.com/version.Short=${VERSION_SHORT} -X tailscale.com/version.GitCommit=${VERSION_GIT_HASH}" "$@"

build_docker.sh

@@ -25,7 +25,7 @@
 
 set -eu
 
-eval $(./build_dist.sh shellvars)
+eval $(./version/version.sh)
 
 docker build \
   --build-arg VERSION_LONG=$VERSION_LONG \

client/tailscale/apitype/apitype.go

@@ -1,29 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package apitype contains types for the Tailscale local API.
-package apitype
-
-import "tailscale.com/tailcfg"
-
-// WhoIsResponse is the JSON type returned by tailscaled debug server's /whois?ip=$IP handler.
-type WhoIsResponse struct {
-	Node        *tailcfg.Node
-	UserProfile *tailcfg.UserProfile
-}
-
-// FileTarget is a node to which files can be sent, and the PeerAPI
-// URL base to do so via.
-type FileTarget struct {
-	Node *tailcfg.Node
-
-	// PeerAPI is the http://ip:port URL base of the node's peer API,
-	// without any path (not even a single slash).
-	PeerAPIURL string
-}
-
-type WaitingFile struct {
-	Name string
-	Size int64
-}

client/tailscale/tailscale.go

@@ -6,30 +6,20 @@
 package tailscale
 
 import (
-	"bytes"
 	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
-	"io"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
 	"strconv"
-	"strings"
 
-	"tailscale.com/client/tailscale/apitype"
-	"tailscale.com/ipn"
 	"tailscale.com/ipn/ipnstate"
-	"tailscale.com/paths"
 	"tailscale.com/safesocket"
 	"tailscale.com/tailcfg"
 )
 
-// TailscaledSocket is the tailscaled Unix socket.
-var TailscaledSocket = paths.DefaultTailscaledSocket()
-
 // tsClient does HTTP requests to the local Tailscale daemon.
 var tsClient = &http.Client{
 	Transport: &http.Transport{
@@ -37,16 +27,14 @@ var tsClient = &http.Client{
 			if addr != "local-tailscaled.sock:80" {
 				return nil, fmt.Errorf("unexpected URL address %q", addr)
 			}
-			if TailscaledSocket == paths.DefaultTailscaledSocket() {
-				// On macOS, when dialing from non-sandboxed program to sandboxed GUI running
-				// a TCP server on a random port, find the random port. For HTTP connections,
-				// we don't send the token. It gets added in an HTTP Basic-Auth header.
-				if port, _, err := safesocket.LocalTCPPortAndToken(); err == nil {
-					var d net.Dialer
-					return d.DialContext(ctx, "tcp", "localhost:"+strconv.Itoa(port))
-				}
+			// On macOS, when dialing from non-sandboxed program to sandboxed GUI running
+			// a TCP server on a random port, find the random port. For HTTP connections,
+			// we don't send the token. It gets added in an HTTP Basic-Auth header.
+			if port, _, err := safesocket.LocalTCPPortAndToken(); err == nil {
+				var d net.Dialer
+				return d.DialContext(ctx, "tcp", "localhost:"+strconv.Itoa(port))
 			}
-			return safesocket.Connect(TailscaledSocket, 41112)
+			return safesocket.ConnectDefault()
 		},
 	},
 }
@@ -67,22 +55,9 @@ func DoLocalRequest(req *http.Request) (*http.Response, error) {
 	return tsClient.Do(req)
 }
 
-type errorJSON struct {
-	Error string
-}
-
-// bestError returns either err, or if body contains a valid JSON
-// object of type errorJSON, its non-empty error body.
-func bestError(err error, body []byte) error {
-	var j errorJSON
-	if err := json.Unmarshal(body, &j); err == nil && j.Error != "" {
-		return errors.New(j.Error)
-	}
-	return err
-}
-
-func send(ctx context.Context, method, path string, wantStatus int, body io.Reader) ([]byte, error) {
-	req, err := http.NewRequestWithContext(ctx, method, "http://local-tailscaled.sock"+path, body)
+// WhoIs returns the owner of the remoteAddr, which must be an IP or IP:port.
+func WhoIs(ctx context.Context, remoteAddr string) (*tailcfg.WhoIsResponse, error) {
+	req, err := http.NewRequestWithContext(ctx, "GET", "http://local-tailscaled.sock/localapi/v0/whois?addr="+url.QueryEscape(remoteAddr), nil)
 	if err != nil {
 		return nil, err
 	}
@@ -91,49 +66,39 @@ func send(ctx context.Context, method, path string, wantStatus int, body io.Read
 		return nil, err
 	}
 	defer res.Body.Close()
-	slurp, err := ioutil.ReadAll(res.Body)
-	if err != nil {
-		return nil, err
+	slurp, _ := ioutil.ReadAll(res.Body)
+	if res.StatusCode != 200 {
+		return nil, fmt.Errorf("HTTP %s: %s", res.Status, slurp)
 	}
-	if res.StatusCode != wantStatus {
-		err := fmt.Errorf("HTTP %s: %s (expected %v)", res.Status, slurp, wantStatus)
-		return nil, bestError(err, slurp)
-	}
-	return slurp, nil
-}
-
-func get200(ctx context.Context, path string) ([]byte, error) {
-	return send(ctx, "GET", path, 200, nil)
-}
-
-// WhoIs returns the owner of the remoteAddr, which must be an IP or IP:port.
-func WhoIs(ctx context.Context, remoteAddr string) (*apitype.WhoIsResponse, error) {
-	body, err := get200(ctx, "/localapi/v0/whois?addr="+url.QueryEscape(remoteAddr))
-	if err != nil {
-		return nil, err
-	}
-	r := new(apitype.WhoIsResponse)
-	if err := json.Unmarshal(body, r); err != nil {
-		if max := 200; len(body) > max {
-			body = append(body[:max], "..."...)
+	r := new(tailcfg.WhoIsResponse)
+	if err := json.Unmarshal(slurp, r); err != nil {
+		if max := 200; len(slurp) > max {
+			slurp = slurp[:max]
 		}
-		return nil, fmt.Errorf("failed to parse JSON WhoIsResponse from %q", body)
+		return nil, fmt.Errorf("failed to parse JSON WhoIsResponse from %q", slurp)
 	}
 	return r, nil
 }
 
 // Goroutines returns a dump of the Tailscale daemon's current goroutines.
 func Goroutines(ctx context.Context) ([]byte, error) {
-	return get200(ctx, "/localapi/v0/goroutines")
-}
-
-// BugReport logs and returns a log marker that can be shared by the user with support.
-func BugReport(ctx context.Context, note string) (string, error) {
-	body, err := send(ctx, "POST", "/localapi/v0/bugreport?note="+url.QueryEscape(note), 200, nil)
+	req, err := http.NewRequestWithContext(ctx, "GET", "http://local-tailscaled.sock/localapi/v0/goroutines", nil)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
-	return strings.TrimSpace(string(body)), nil
+	res, err := DoLocalRequest(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	body, err := ioutil.ReadAll(res.Body)
+	if err != nil {
+		return nil, err
+	}
+	if res.StatusCode != 200 {
+		return nil, fmt.Errorf("HTTP %s: %s", res.Status, body)
+	}
+	return body, nil
 }
 
 // Status returns the Tailscale daemon's status.
@@ -147,149 +112,22 @@ func StatusWithoutPeers(ctx context.Context) (*ipnstate.Status, error) {
 }
 
 func status(ctx context.Context, queryString string) (*ipnstate.Status, error) {
-	body, err := get200(ctx, "/localapi/v0/status"+queryString)
+	req, err := http.NewRequestWithContext(ctx, "GET", "http://local-tailscaled.sock/localapi/v0/status"+queryString, nil)
 	if err != nil {
 		return nil, err
 	}
+	res, err := DoLocalRequest(req)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode != 200 {
+		body, _ := ioutil.ReadAll(res.Body)
+		return nil, fmt.Errorf("HTTP %s: %s", res.Status, body)
+	}
 	st := new(ipnstate.Status)
-	if err := json.Unmarshal(body, st); err != nil {
+	if err := json.NewDecoder(res.Body).Decode(st); err != nil {
 		return nil, err
 	}
 	return st, nil
 }
-
-func WaitingFiles(ctx context.Context) ([]apitype.WaitingFile, error) {
-	body, err := get200(ctx, "/localapi/v0/files/")
-	if err != nil {
-		return nil, err
-	}
-	var wfs []apitype.WaitingFile
-	if err := json.Unmarshal(body, &wfs); err != nil {
-		return nil, err
-	}
-	return wfs, nil
-}
-
-func DeleteWaitingFile(ctx context.Context, baseName string) error {
-	_, err := send(ctx, "DELETE", "/localapi/v0/files/"+url.PathEscape(baseName), http.StatusNoContent, nil)
-	return err
-}
-
-func GetWaitingFile(ctx context.Context, baseName string) (rc io.ReadCloser, size int64, err error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", "http://local-tailscaled.sock/localapi/v0/files/"+url.PathEscape(baseName), nil)
-	if err != nil {
-		return nil, 0, err
-	}
-	res, err := DoLocalRequest(req)
-	if err != nil {
-		return nil, 0, err
-	}
-	if res.ContentLength == -1 {
-		res.Body.Close()
-		return nil, 0, fmt.Errorf("unexpected chunking")
-	}
-	if res.StatusCode != 200 {
-		body, _ := ioutil.ReadAll(res.Body)
-		res.Body.Close()
-		return nil, 0, fmt.Errorf("HTTP %s: %s", res.Status, body)
-	}
-	return res.Body, res.ContentLength, nil
-}
-
-func FileTargets(ctx context.Context) ([]apitype.FileTarget, error) {
-	body, err := get200(ctx, "/localapi/v0/file-targets")
-	if err != nil {
-		return nil, err
-	}
-	var fts []apitype.FileTarget
-	if err := json.Unmarshal(body, &fts); err != nil {
-		return nil, fmt.Errorf("invalid JSON: %w", err)
-	}
-	return fts, nil
-}
-
-func CheckIPForwarding(ctx context.Context) error {
-	body, err := get200(ctx, "/localapi/v0/check-ip-forwarding")
-	if err != nil {
-		return err
-	}
-	var jres struct {
-		Warning string
-	}
-	if err := json.Unmarshal(body, &jres); err != nil {
-		return fmt.Errorf("invalid JSON from check-ip-forwarding: %w", err)
-	}
-	if jres.Warning != "" {
-		return errors.New(jres.Warning)
-	}
-	return nil
-}
-
-func GetPrefs(ctx context.Context) (*ipn.Prefs, error) {
-	body, err := get200(ctx, "/localapi/v0/prefs")
-	if err != nil {
-		return nil, err
-	}
-	var p ipn.Prefs
-	if err := json.Unmarshal(body, &p); err != nil {
-		return nil, fmt.Errorf("invalid prefs JSON: %w", err)
-	}
-	return &p, nil
-}
-
-func EditPrefs(ctx context.Context, mp *ipn.MaskedPrefs) (*ipn.Prefs, error) {
-	mpj, err := json.Marshal(mp)
-	if err != nil {
-		return nil, err
-	}
-	body, err := send(ctx, "PATCH", "/localapi/v0/prefs", http.StatusOK, bytes.NewReader(mpj))
-	if err != nil {
-		return nil, err
-	}
-	var p ipn.Prefs
-	if err := json.Unmarshal(body, &p); err != nil {
-		return nil, fmt.Errorf("invalid prefs JSON: %w", err)
-	}
-	return &p, nil
-}
-
-func Logout(ctx context.Context) error {
-	_, err := send(ctx, "POST", "/localapi/v0/logout", http.StatusNoContent, nil)
-	return err
-}
-
-// SetDNS adds a DNS TXT record for the given domain name, containing
-// the provided TXT value. The intended use case is answering
-// LetsEncrypt/ACME dns-01 challenges.
-//
-// The control plane will only permit SetDNS requests with very
-// specific names and values. The name should be
-// "_acme-challenge." + your node's MagicDNS name. It's expected that
-// clients cache the certs from LetsEncrypt (or whichever CA is
-// providing them) and only request new ones as needed; the control plane
-// rate limits SetDNS requests.
-//
-// This is a low-level interface; it's expected that most Tailscale
-// users use a higher level interface to getting/using TLS
-// certificates.
-func SetDNS(ctx context.Context, name, value string) error {
-	v := url.Values{}
-	v.Set("name", name)
-	v.Set("value", value)
-	_, err := send(ctx, "POST", "/localapi/v0/set-dns?"+v.Encode(), 200, nil)
-	return err
-}
-
-// CurrentDERPMap returns the current DERPMap that is being used by the local tailscaled.
-// It is intended to be used with netcheck to see availability of DERPs.
-func CurrentDERPMap(ctx context.Context) (*tailcfg.DERPMap, error) {
-	var derpMap tailcfg.DERPMap
-	res, err := send(ctx, "GET", "/localapi/v0/derpmap", 200, nil)
-	if err != nil {
-		return nil, err
-	}
-	if err = json.Unmarshal(res, &derpMap); err != nil {
-		return nil, fmt.Errorf("invalid derp map json: %w", err)
-	}
-	return &derpMap, nil
-}

cmd/addlicense/main.go

@@ -1,77 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Program addlicense adds a license header to a file.
-// It is intended for use with 'go generate',
-// so it has a slightly weird usage.
-package main
-
-import (
-	"flag"
-	"fmt"
-	"os"
-	"os/exec"
-)
-
-var (
-	year = flag.Int("year", 0, "copyright year")
-	file = flag.String("file", "", "file to modify")
-)
-
-func usage() {
-	fmt.Fprintf(os.Stderr, `
-usage: addlicense -year YEAR -file FILE <subcommand args...>
-`[1:])
-
-	flag.PrintDefaults()
-	fmt.Fprintf(os.Stderr, `
-addlicense adds a Tailscale license to the beginning of file,
-using year as the copyright year.
-
-It is intended for use with 'go generate', so it also runs a subcommand,
-which presumably creates the file.
-
-Sample usage:
-
-addlicense -year 2021 -file pull_strings.go stringer -type=pull
-`[1:])
-	os.Exit(2)
-}
-
-func main() {
-	flag.Usage = usage
-	flag.Parse()
-	if len(flag.Args()) == 0 {
-		flag.Usage()
-	}
-	cmd := exec.Command(flag.Arg(0), flag.Args()[1:]...)
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	err := cmd.Run()
-	check(err)
-	b, err := os.ReadFile(*file)
-	check(err)
-	f, err := os.OpenFile(*file, os.O_TRUNC|os.O_WRONLY, 0644)
-	check(err)
-	_, err = fmt.Fprintf(f, license, *year)
-	check(err)
-	_, err = f.Write(b)
-	check(err)
-	err = f.Close()
-	check(err)
-}
-
-func check(err error) {
-	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
-		os.Exit(1)
-	}
-}
-
-var license = `
-// Copyright (c) %d Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-`[1:]

cmd/cloner/cloner.go

@@ -246,9 +246,7 @@ func gen(buf *bytes.Buffer, imports map[string]struct{}, name string, typ *types
 					writef("\t\tdst.%s[k] = append([]%s{}, src.%s[k]...)", fname, n, fname)
 					writef("\t}")
 				} else if containsPointers(ft.Elem()) {
-					writef("\tfor k, v := range src.%s {", fname)
-					writef("\t\tdst.%s[k] = v.Clone()", fname)
-					writef("\t}")
+					writef("\t\t" + `panic("TODO map value pointers")`)
 				} else {
 					writef("\tfor k, v := range src.%s {", fname)
 					writef("\t\tdst.%s[k] = v", fname)

cmd/derper/derper.go

@@ -12,6 +12,8 @@ import (
 	"errors"
 	"expvar"
 	"flag"
+	"fmt"
+	"html"
 	"io"
 	"io/ioutil"
 	"log"
@@ -33,6 +35,7 @@ import (
 	"tailscale.com/tsweb"
 	"tailscale.com/types/key"
 	"tailscale.com/types/wgkey"
+	"tailscale.com/version"
 )
 
 var (
@@ -46,7 +49,6 @@ var (
 	meshPSKFile   = flag.String("mesh-psk-file", defaultMeshPSKFile(), "if non-empty, path to file containing the mesh pre-shared key file. It should contain some hex string; whitespace is trimmed.")
 	meshWith      = flag.String("mesh-with", "", "optional comma-separated list of hostnames to mesh with; the server's own hostname can be in the list")
 	bootstrapDNS  = flag.String("bootstrap-dns-names", "", "optional comma-separated list of hostnames to make available at /bootstrap-dns")
-	verifyClients = flag.Bool("verify-clients", false, "verify clients to this DERP server through a local tailscaled instance.")
 )
 
 type config struct {
@@ -58,12 +60,7 @@ func loadConfig() config {
 		return config{PrivateKey: mustNewKey()}
 	}
 	if *configPath == "" {
-		if os.Getuid() == 0 {
-			*configPath = "/var/lib/derper/derper.key"
-		} else {
-			log.Fatalf("derper: -c <config path> not specified")
-		}
-		log.Printf("no config path specified; using %s", *configPath)
+		log.Fatalf("derper: -c <config path> not specified")
 	}
 	b, err := ioutil.ReadFile(*configPath)
 	switch {
@@ -128,7 +125,6 @@ func main() {
 	letsEncrypt := tsweb.IsProd443(*addr)
 
 	s := derp.NewServer(key.Private(cfg.PrivateKey), log.Printf)
-	s.SetVerifyClient(*verifyClients)
 
 	if *meshPSKFile != "" {
 		b, err := ioutil.ReadFile(*meshPSKFile)
@@ -147,7 +143,8 @@ func main() {
 	}
 	expvar.Publish("derp", s.ExpVar())
 
-	mux := http.NewServeMux()
+	// Create our own mux so we don't expose /debug/ stuff to the world.
+	mux := tsweb.NewMux(debugHandler(s))
 	mux.Handle("/derp", derphttp.Handler(s))
 	go refreshBootstrapDNSLoop()
 	mux.HandleFunc("/bootstrap-dns", handleBootstrapDNS)
@@ -167,18 +164,6 @@ func main() {
 			io.WriteString(w, "<p>Debug info at <a href='/debug/'>/debug/</a>.</p>\n")
 		}
 	}))
-	debug := tsweb.Debugger(mux)
-	debug.KV("TLS hostname", *hostname)
-	debug.KV("Mesh key", s.HasMeshKey())
-	debug.Handle("check", "Consistency check", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		err := s.ConsistencyCheck()
-		if err != nil {
-			http.Error(w, err.Error(), 500)
-		} else {
-			io.WriteString(w, "derp.Server ConsistencyCheck okay")
-		}
-	}))
-	debug.Handle("traffic", "Traffic check", http.HandlerFunc(s.ServeDebugTraffic))
 
 	if *runSTUN {
 		go serveSTUN()
@@ -232,6 +217,39 @@ func main() {
 	}
 }
 
+func debugHandler(s *derp.Server) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.RequestURI == "/debug/check" {
+			err := s.ConsistencyCheck()
+			if err != nil {
+				http.Error(w, err.Error(), 500)
+			} else {
+				io.WriteString(w, "derp.Server ConsistencyCheck okay")
+			}
+			return
+		}
+		f := func(format string, args ...interface{}) { fmt.Fprintf(w, format, args...) }
+		f(`<html><body>
+<h1>DERP debug</h1>
+<ul>
+`)
+		f("<li><b>Hostname:</b> %v</li>\n", html.EscapeString(*hostname))
+		f("<li><b>Uptime:</b> %v</li>\n", tsweb.Uptime())
+		f("<li><b>Mesh Key:</b> %v</li>\n", s.HasMeshKey())
+		f("<li><b>Version:</b> %v</li>\n", html.EscapeString(version.Long))
+
+		f(`<li><a href="/debug/vars">/debug/vars</a> (Go)</li>
+   <li><a href="/debug/varz">/debug/varz</a> (Prometheus)</li>
+   <li><a href="/debug/pprof/">/debug/pprof/</a></li>
+   <li><a href="/debug/pprof/goroutine?debug=1">/debug/pprof/goroutine</a> (collapsed)</li>
+   <li><a href="/debug/pprof/goroutine?debug=2">/debug/pprof/goroutine</a> (full)</li>
+   <li><a href="/debug/check">/debug/check</a> internal consistency check</li>
+<ul>
+</html>
+`)
+	})
+}
+
 func serveSTUN() {
 	pc, err := net.ListenPacket("udp", ":3478")
 	if err != nil {

cmd/derpprobe/derpprobe.go

@@ -1,354 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// The derpprobe binary probes derpers.
-package main // import "tailscale.com/cmd/derper/derpprobe"
-
-import (
-	"bytes"
-	"context"
-	crand "crypto/rand"
-	"encoding/json"
-	"flag"
-	"fmt"
-	"html"
-	"io"
-	"log"
-	"net/http"
-	"sort"
-	"sync"
-	"time"
-
-	"tailscale.com/derp"
-	"tailscale.com/derp/derphttp"
-	"tailscale.com/tailcfg"
-	"tailscale.com/types/key"
-)
-
-var (
-	derpMapURL = flag.String("derp-map", "https://login.tailscale.com/derpmap/default", "URL to DERP map (https:// or file://)")
-	listen     = flag.String("listen", ":8030", "HTTP listen address")
-)
-
-var (
-	mu            sync.Mutex
-	state         = map[nodePair]pairStatus{}
-	lastDERPMap   *tailcfg.DERPMap
-	lastDERPMapAt time.Time
-)
-
-func main() {
-	flag.Parse()
-	go probeLoop()
-	log.Fatal(http.ListenAndServe(*listen, http.HandlerFunc(serve)))
-}
-
-type overallStatus struct {
-	good, bad []string
-}
-
-func (st *overallStatus) addBadf(format string, a ...interface{}) {
-	st.bad = append(st.bad, fmt.Sprintf(format, a...))
-}
-
-func (st *overallStatus) addGoodf(format string, a ...interface{}) {
-	st.good = append(st.good, fmt.Sprintf(format, a...))
-}
-
-func getOverallStatus() (o overallStatus) {
-	mu.Lock()
-	defer mu.Unlock()
-	if lastDERPMap == nil {
-		o.addBadf("no DERP map")
-		return
-	}
-	now := time.Now()
-	if age := now.Sub(lastDERPMapAt); age > time.Minute {
-		o.addBadf("DERPMap hasn't been successfully refreshed in %v", age.Round(time.Second))
-	}
-	for _, reg := range sortedRegions(lastDERPMap) {
-		for _, from := range reg.Nodes {
-			for _, to := range reg.Nodes {
-				pair := nodePair{from.Name, to.Name}
-				st, ok := state[pair]
-				age := now.Sub(st.at).Round(time.Second)
-				switch {
-				case !ok:
-					o.addBadf("no state for %v", pair)
-				case st.err != nil:
-					o.addBadf("%v: %v", pair, st.err)
-				case age > 90*time.Second:
-					o.addBadf("%v: update is %v old", pair, age)
-				default:
-					o.addGoodf("%v: %v, %v ago", pair, st.latency.Round(time.Millisecond), age)
-				}
-			}
-		}
-	}
-	return
-}
-
-func serve(w http.ResponseWriter, r *http.Request) {
-	st := getOverallStatus()
-	summary := "All good"
-	if len(st.bad) > 0 {
-		w.WriteHeader(500)
-		summary = fmt.Sprintf("%d problems", len(st.bad))
-	}
-	io.WriteString(w, "<html><head><style>.bad { font-weight: bold; color: #700; }</style></head>\n")
-	fmt.Fprintf(w, "<body><h1>derp probe</h1>\n%s:<ul>", summary)
-	for _, s := range st.bad {
-		fmt.Fprintf(w, "<li class=bad>%s</li>\n", html.EscapeString(s))
-	}
-	for _, s := range st.good {
-		fmt.Fprintf(w, "<li>%s</li>\n", html.EscapeString(s))
-	}
-	io.WriteString(w, "</ul></body></html>\n")
-}
-
-func sortedRegions(dm *tailcfg.DERPMap) []*tailcfg.DERPRegion {
-	ret := make([]*tailcfg.DERPRegion, 0, len(dm.Regions))
-	for _, r := range dm.Regions {
-		ret = append(ret, r)
-	}
-	sort.Slice(ret, func(i, j int) bool { return ret[i].RegionID < ret[j].RegionID })
-	return ret
-}
-
-type nodePair struct {
-	from, to string // DERPNode.Name
-}
-
-func (p nodePair) String() string { return fmt.Sprintf("(%s→%s)", p.from, p.to) }
-
-type pairStatus struct {
-	err     error
-	latency time.Duration
-	at      time.Time
-}
-
-func setDERPMap(dm *tailcfg.DERPMap) {
-	mu.Lock()
-	defer mu.Unlock()
-	lastDERPMap = dm
-	lastDERPMapAt = time.Now()
-}
-
-func setState(p nodePair, latency time.Duration, err error) {
-	mu.Lock()
-	defer mu.Unlock()
-	st := pairStatus{
-		err:     err,
-		latency: latency,
-		at:      time.Now(),
-	}
-	state[p] = st
-	if err != nil {
-		log.Printf("%+v error: %v", p, err)
-	} else {
-		log.Printf("%+v: %v", p, latency.Round(time.Millisecond))
-	}
-}
-
-func probeLoop() {
-	ticker := time.NewTicker(15 * time.Second)
-	for {
-		err := probe()
-		if err != nil {
-			log.Printf("probe: %v", err)
-		}
-		<-ticker.C
-	}
-}
-
-func probe() error {
-	ctx, cancel := context.WithTimeout(context.Background(), 60*time.Second)
-	defer cancel()
-	dm, err := getDERPMap(ctx)
-	if err != nil {
-		return err
-	}
-
-	var wg sync.WaitGroup
-	wg.Add(len(dm.Regions))
-	for _, reg := range dm.Regions {
-		reg := reg
-		go func() {
-			defer wg.Done()
-			for _, from := range reg.Nodes {
-				for _, to := range reg.Nodes {
-					latency, err := probeNodePair(ctx, dm, from, to)
-					setState(nodePair{from.Name, to.Name}, latency, err)
-				}
-			}
-		}()
-	}
-
-	wg.Wait()
-	return ctx.Err()
-}
-
-func probeNodePair(ctx context.Context, dm *tailcfg.DERPMap, from, to *tailcfg.DERPNode) (latency time.Duration, err error) {
-	// The passed in context is a minute for the whole region. The
-	// idea is that each node pair in the region will be done
-	// serially and regularly in the future, reusing connections
-	// (at least in the happy path). For now they don't reuse
-	// connections and probe at most once every 15 seconds. We
-	// bound the duration of a single node pair within a region
-	// so one bad one can't starve others.
-	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
-	defer cancel()
-
-	fromc, err := newConn(ctx, dm, from)
-	if err != nil {
-		return 0, err
-	}
-	defer fromc.Close()
-	toc, err := newConn(ctx, dm, to)
-	if err != nil {
-		return 0, err
-	}
-	defer toc.Close()
-
-	// Wait a bit for from's node to hear about to existing on the
-	// other node in the region, in the case where the two nodes
-	// are different.
-	if from.Name != to.Name {
-		time.Sleep(100 * time.Millisecond) // pretty arbitrary
-	}
-
-	// Make a random packet
-	pkt := make([]byte, 8)
-	crand.Read(pkt)
-
-	t0 := time.Now()
-
-	// Send the random packet.
-	sendc := make(chan error, 1)
-	go func() {
-		sendc <- fromc.Send(toc.SelfPublicKey(), pkt)
-	}()
-	select {
-	case <-ctx.Done():
-		return 0, fmt.Errorf("timeout sending via %q: %w", from.Name, ctx.Err())
-	case err := <-sendc:
-		if err != nil {
-			return 0, fmt.Errorf("error sending via %q: %w", from.Name, err)
-		}
-	}
-
-	// Receive the random packet.
-	recvc := make(chan interface{}, 1) // either derp.ReceivedPacket or error
-	go func() {
-		for {
-			m, err := toc.Recv()
-			if err != nil {
-				recvc <- err
-				return
-			}
-			switch v := m.(type) {
-			case derp.ReceivedPacket:
-				recvc <- v
-			default:
-				log.Printf("%v: ignoring Recv frame type %T", to.Name, v)
-				// Loop.
-			}
-		}
-	}()
-	select {
-	case <-ctx.Done():
-		return 0, fmt.Errorf("timeout receiving from %q: %w", to.Name, ctx.Err())
-	case v := <-recvc:
-		if err, ok := v.(error); ok {
-			return 0, fmt.Errorf("error receiving from %q: %w", to.Name, err)
-		}
-		p := v.(derp.ReceivedPacket)
-		if p.Source != fromc.SelfPublicKey() {
-			return 0, fmt.Errorf("got data packet from unexpected source, %v", p.Source)
-		}
-		if !bytes.Equal(p.Data, pkt) {
-			return 0, fmt.Errorf("unexpected data packet %q", p.Data)
-		}
-	}
-	return time.Since(t0), nil
-}
-
-func newConn(ctx context.Context, dm *tailcfg.DERPMap, n *tailcfg.DERPNode) (*derphttp.Client, error) {
-	priv := key.NewPrivate()
-	dc := derphttp.NewRegionClient(priv, log.Printf, func() *tailcfg.DERPRegion {
-		rid := n.RegionID
-		return &tailcfg.DERPRegion{
-			RegionID:   rid,
-			RegionCode: fmt.Sprintf("%s-%s", dm.Regions[rid].RegionCode, n.Name),
-			RegionName: dm.Regions[rid].RegionName,
-			Nodes:      []*tailcfg.DERPNode{n},
-		}
-	})
-	dc.IsProber = true
-	err := dc.Connect(ctx)
-	if err != nil {
-		return nil, err
-	}
-	errc := make(chan error, 1)
-	go func() {
-		m, err := dc.Recv()
-		if err != nil {
-			errc <- err
-			return
-		}
-		switch m.(type) {
-		case derp.ServerInfoMessage:
-			errc <- nil
-		default:
-			errc <- fmt.Errorf("unexpected first message type %T", errc)
-		}
-	}()
-	select {
-	case err := <-errc:
-		if err != nil {
-			go dc.Close()
-			return nil, err
-		}
-	case <-ctx.Done():
-		go dc.Close()
-		return nil, fmt.Errorf("timeout waiting for ServerInfoMessage: %w", ctx.Err())
-	}
-	return dc, nil
-}
-
-var httpOrFileClient = &http.Client{Transport: httpOrFileTransport()}
-
-func httpOrFileTransport() http.RoundTripper {
-	tr := http.DefaultTransport.(*http.Transport).Clone()
-	tr.RegisterProtocol("file", http.NewFileTransport(http.Dir("/")))
-	return tr
-}
-
-func getDERPMap(ctx context.Context) (*tailcfg.DERPMap, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", *derpMapURL, nil)
-	if err != nil {
-		return nil, err
-	}
-	res, err := httpOrFileClient.Do(req)
-	if err != nil {
-		mu.Lock()
-		defer mu.Unlock()
-		if lastDERPMap != nil && time.Since(lastDERPMapAt) < 10*time.Minute {
-			// Assume that control is restarting and use
-			// the same one for a bit.
-			return lastDERPMap, nil
-		}
-		return nil, err
-	}
-	defer res.Body.Close()
-	if res.StatusCode != 200 {
-		return nil, fmt.Errorf("fetching %s: %s", *derpMapURL, res.Status)
-	}
-	dm := new(tailcfg.DERPMap)
-	if err := json.NewDecoder(res.Body).Decode(dm); err != nil {
-		return nil, fmt.Errorf("decoding %s JSON: %v", *derpMapURL, err)
-	}
-	setDERPMap(dm)
-	return dm, nil
-}

cmd/hello/hello.go

@@ -18,7 +18,7 @@ import (
 	"strings"
 
 	"tailscale.com/client/tailscale"
-	"tailscale.com/client/tailscale/apitype"
+	"tailscale.com/tailcfg"
 )
 
 var (
@@ -107,18 +107,18 @@ type tmplData struct {
 	IP            string // "100.2.3.4"
 }
 
-func tailscaleIP(who *apitype.WhoIsResponse) string {
+func tailscaleIP(who *tailcfg.WhoIsResponse) string {
 	if who == nil {
 		return ""
 	}
 	for _, nodeIP := range who.Node.Addresses {
-		if nodeIP.IP().Is4() && nodeIP.IsSingleIP() {
-			return nodeIP.IP().String()
+		if nodeIP.IP.Is4() && nodeIP.IsSingleIP() {
+			return nodeIP.IP.String()
 		}
 	}
 	for _, nodeIP := range who.Node.Addresses {
 		if nodeIP.IsSingleIP() {
-			return nodeIP.IP().String()
+			return nodeIP.IP.String()
 		}
 	}
 	return ""

cmd/microproxy/microproxy.go

@@ -55,13 +55,9 @@ func main() {
 		log.Fatalf("Couldn't parse URL %q: %v", *goVarsURL, err)
 	}
 
-	mux := http.NewServeMux()
-	tsweb.Debugger(mux) // registers /debug/*
+	mux := tsweb.NewMux(http.HandlerFunc(debugHandler))
 	mux.Handle("/metrics", tsweb.Protected(proxy))
-	mux.Handle("/varz", tsweb.Protected(tsweb.StdHandler(&goVarsHandler{*goVarsURL}, tsweb.HandlerOptions{
-		Quiet200s: true,
-		Logf:      log.Printf,
-	})))
+	mux.Handle("/varz", tsweb.Protected(tsweb.StdHandler(&goVarsHandler{*goVarsURL}, log.Printf)))
 
 	ch := &certHolder{
 		hostname: *hostname,
@@ -171,3 +167,23 @@ func (c *certHolder) loadLocked() error {
 	c.loaded = time.Now()
 	return nil
 }
+
+// debugHandler serves a page with links to tsweb-managed debug URLs
+// at /debug/.
+func debugHandler(w http.ResponseWriter, r *http.Request) {
+	f := func(format string, args ...interface{}) { fmt.Fprintf(w, format, args...) }
+	f(`<html><body>
+<h1>microproxy debug</h1>
+<ul>
+`)
+	f("<li><b>Hostname:</b> %v</li>\n", *hostname)
+	f("<li><b>Uptime:</b> %v</li>\n", tsweb.Uptime())
+	f(`<li><a href="/debug/vars">/debug/vars</a> (Go)</li>
+   <li><a href="/debug/varz">/debug/varz</a> (Prometheus)</li>
+   <li><a href="/debug/pprof/">/debug/pprof/</a></li>
+   <li><a href="/debug/pprof/goroutine?debug=1">/debug/pprof/goroutine</a> (collapsed)</li>
+   <li><a href="/debug/pprof/goroutine?debug=2">/debug/pprof/goroutine</a> (full)</li>
+<ul>
+</html>
+`)
+}

cmd/mkpkg/main.go

@@ -21,9 +21,6 @@ import (
 // into a map of filePathOnDisk -> filePathInPackage.
 func parseFiles(s string) (map[string]string, error) {
 	ret := map[string]string{}
-	if len(s) == 0 {
-		return ret, nil
-	}
 	for _, f := range strings.Split(s, ",") {
 		fs := strings.Split(f, ":")
 		if len(fs) != 2 {

cmd/speedtest/speedtest.go

@@ -1,121 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Program speedtest provides the speedtest command. The reason to keep it separate from
-// the normal tailscale cli is because it is not yet ready to go in the tailscale binary.
-// It will be included in the tailscale cli after it has been added to tailscaled.
-
-// Example usage for client command: go run cmd/speedtest -host 127.0.0.1:20333 -t 5s
-// This will connect to the server on 127.0.0.1:20333 and start a 5 second download speedtest.
-// Example usage for server command: go run cmd/speedtest -s -host :20333
-// This will start a speedtest server on port 20333.
-package main
-
-import (
-	"context"
-	"errors"
-	"flag"
-	"fmt"
-	"net"
-	"os"
-	"strconv"
-	"text/tabwriter"
-	"time"
-
-	"github.com/peterbourgon/ff/v2/ffcli"
-	"tailscale.com/net/speedtest"
-)
-
-// Runs the speedtest command as a commandline program
-func main() {
-	args := os.Args[1:]
-	if err := speedtestCmd.Parse(args); err != nil {
-		fmt.Fprintln(os.Stderr, err.Error())
-		os.Exit(1)
-	}
-
-	err := speedtestCmd.Run(context.Background())
-	if errors.Is(err, flag.ErrHelp) {
-		fmt.Fprintln(os.Stderr, speedtestCmd.ShortUsage)
-		os.Exit(2)
-	}
-	if err != nil {
-		fmt.Fprintln(os.Stderr, err.Error())
-		os.Exit(1)
-	}
-}
-
-// speedtestCmd is the root command. It runs either the server or client depending on the
-// flags passed to it.
-var speedtestCmd = &ffcli.Command{
-	Name:       "speedtest",
-	ShortUsage: "speedtest [-host <host:port>] [-s] [-r] [-t <test duration>]",
-	ShortHelp:  "Run a speed test",
-	FlagSet: (func() *flag.FlagSet {
-		fs := flag.NewFlagSet("speedtest", flag.ExitOnError)
-		fs.StringVar(&speedtestArgs.host, "host", ":20333", "host:port pair to connect to or listen on")
-		fs.DurationVar(&speedtestArgs.testDuration, "t", speedtest.DefaultDuration, "duration of the speed test")
-		fs.BoolVar(&speedtestArgs.runServer, "s", false, "run a speedtest server")
-		fs.BoolVar(&speedtestArgs.reverse, "r", false, "run in reverse mode (server sends, client receives)")
-		return fs
-	})(),
-	Exec: runSpeedtest,
-}
-
-var speedtestArgs struct {
-	host         string
-	testDuration time.Duration
-	runServer    bool
-	reverse      bool
-}
-
-func runSpeedtest(ctx context.Context, args []string) error {
-
-	if _, _, err := net.SplitHostPort(speedtestArgs.host); err != nil {
-		var addrErr *net.AddrError
-		if errors.As(err, &addrErr) && addrErr.Err == "missing port in address" {
-			// if no port is provided, append the default port
-			speedtestArgs.host = net.JoinHostPort(speedtestArgs.host, strconv.Itoa(speedtest.DefaultPort))
-		}
-	}
-
-	if speedtestArgs.runServer {
-		listener, err := net.Listen("tcp", speedtestArgs.host)
-		if err != nil {
-			return err
-		}
-
-		fmt.Printf("listening on %v\n", listener.Addr())
-
-		return speedtest.Serve(listener)
-	}
-
-	// Ensure the duration is within the allowed range
-	if speedtestArgs.testDuration < speedtest.MinDuration || speedtestArgs.testDuration > speedtest.MaxDuration {
-		return fmt.Errorf("test duration must be within %v and %v", speedtest.MinDuration, speedtest.MaxDuration)
-	}
-
-	dir := speedtest.Download
-	if speedtestArgs.reverse {
-		dir = speedtest.Upload
-	}
-
-	fmt.Printf("Starting a %s test with %s\n", dir, speedtestArgs.host)
-	results, err := speedtest.RunClient(dir, speedtestArgs.testDuration, speedtestArgs.host)
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(os.Stdout, 12, 0, 0, ' ', tabwriter.TabIndent)
-	fmt.Println("Results:")
-	fmt.Fprintln(w, "Interval\t\tTransfer\t\tBandwidth\t\t")
-	for _, r := range results {
-		if r.Total {
-			fmt.Fprintln(w, "-------------------------------------------------------------------------")
-		}
-		fmt.Fprintf(w, "%.2f-%.2f\tsec\t%.4f\tMBits\t%.4f\tMbits/sec\t\n", r.IntervalStart.Seconds(), r.IntervalEnd.Seconds(), r.MegaBits(), r.MBitsPerSecond())
-	}
-	w.Flush()
-	return nil
-}

cmd/tailscale/cli/auth-redirect.html

@@ -1,57 +0,0 @@
-<html>
-<head>
-	<title>Redirecting...</title>
-	<style>
-		html,
-		body {
-			height: 100%;
-		}
-
-		html {
-			background-color: rgb(249, 247, 246);
-			font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji";
-			line-height: 1.5;
-			-webkit-text-size-adjust: 100%;
-			-webkit-font-smoothing: antialiased;
-			-moz-osx-font-smoothing: grayscale;
-		}
-
-		body {
-			display: flex;
-			flex-direction: column;
-			align-items: center;
-			justify-content: center;
-		}
-
-		.spinner {
-			margin-bottom: 2rem;
-			border: 4px rgba(112, 110, 109, 0.5) solid;
-			border-left-color: transparent;
-			border-radius: 9999px;
-			width: 4rem;
-			height: 4rem;
-			-webkit-animation: spin 700ms linear infinite;
-      animation: spin 800ms linear infinite;
-		}
-
-		.label {
-			color: rgb(112, 110, 109);
-			padding-left: 0.4rem;
-		}
-
-		@-webkit-keyframes spin {
-			to {
-				transform: rotate(360deg);
-			}
-		}
-
-		@keyframes spin {
-			to {
-				transform: rotate(360deg);
-			}
-		}
-	</style>
-</head> <body>
-	<div class="spinner"></div>
-	<div class="label">Redirecting...</div>
-</body>

cmd/tailscale/cli/bugreport.go

@@ -1,38 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cli
-
-import (
-	"context"
-	"errors"
-	"fmt"
-
-	"github.com/peterbourgon/ff/v2/ffcli"
-	"tailscale.com/client/tailscale"
-)
-
-var bugReportCmd = &ffcli.Command{
-	Name:       "bugreport",
-	Exec:       runBugReport,
-	ShortHelp:  "Print a shareable identifier to help diagnose issues",
-	ShortUsage: "bugreport [note]",
-}
-
-func runBugReport(ctx context.Context, args []string) error {
-	var note string
-	switch len(args) {
-	case 0:
-	case 1:
-		note = args[0]
-	default:
-		return errors.New("unknown argumets")
-	}
-	logMarker, err := tailscale.BugReport(ctx, note)
-	if err != nil {
-		return err
-	}
-	fmt.Println(logMarker)
-	return nil
-}

cmd/tailscale/cli/cli.go

@@ -8,71 +8,36 @@ package cli
 
 import (
 	"context"
-	"errors"
 	"flag"
 	"fmt"
-	"io"
 	"log"
 	"net"
 	"os"
 	"os/signal"
 	"runtime"
-	"strconv"
 	"strings"
 	"syscall"
 	"text/tabwriter"
 
 	"github.com/peterbourgon/ff/v2/ffcli"
-	"tailscale.com/client/tailscale"
 	"tailscale.com/ipn"
 	"tailscale.com/paths"
 	"tailscale.com/safesocket"
-	"tailscale.com/syncs"
 )
 
 // ActLikeCLI reports whether a GUI application should act like the
 // CLI based on os.Args, GOOS, the context the process is running in
 // (pty, parent PID), etc.
 func ActLikeCLI() bool {
-	// This function is only used on macOS.
-	if runtime.GOOS != "darwin" {
+	if len(os.Args) < 2 {
 		return false
 	}
-
-	// Escape hatch to let people force running the macOS
-	// GUI Tailscale binary as the CLI.
-	if v, _ := strconv.ParseBool(os.Getenv("TAILSCALE_BE_CLI")); v {
+	switch os.Args[1] {
+	case "up", "down", "status", "netcheck", "ping", "version",
+		"debug",
+		"-V", "--version", "-h", "--help":
 		return true
 	}
-
-	// If our parent is launchd, we're definitely not
-	// being run as a CLI.
-	if os.Getppid() == 1 {
-		return false
-	}
-
-	// Xcode adds the -NSDocumentRevisionsDebugMode flag on execution.
-	// If present, we are almost certainly being run as a GUI.
-	for _, arg := range os.Args {
-		if arg == "-NSDocumentRevisionsDebugMode" {
-			return false
-		}
-	}
-
-	// Looking at the environment of the GUI Tailscale app (ps eww
-	// $PID), empirically none of these environment variables are
-	// present. But all or some of these should be present with
-	// Terminal.all and bash or zsh.
-	for _, e := range []string{
-		"SHLVL",
-		"TERM",
-		"TERM_PROGRAM",
-		"PS1",
-	} {
-		if os.Getenv(e) != "" {
-			return true
-		}
-	}
 	return false
 }
 
@@ -98,15 +63,12 @@ change in the future.
 		Subcommands: []*ffcli.Command{
 			upCmd,
 			downCmd,
-			logoutCmd,
 			netcheckCmd,
 			ipCmd,
 			statusCmd,
 			pingCmd,
 			versionCmd,
 			webCmd,
-			fileCmd,
-			bugReportCmd,
 		},
 		FlagSet:   rootfs,
 		Exec:      func(context.Context, []string) error { return flag.ErrHelp },
@@ -125,8 +87,6 @@ change in the future.
 		return err
 	}
 
-	tailscale.TailscaledSocket = rootArgs.socket
-
 	err := rootCmd.Run(context.Background())
 	if err == flag.ErrHelp {
 		return nil
@@ -143,8 +103,6 @@ var rootArgs struct {
 	socket string
 }
 
-var gotSignal syncs.AtomicBool
-
 func connect(ctx context.Context) (net.Conn, *ipn.BackendClient, context.Context, context.CancelFunc) {
 	c, err := safesocket.Connect(rootArgs.socket, 41112)
 	if err != nil {
@@ -162,14 +120,7 @@ func connect(ctx context.Context) (net.Conn, *ipn.BackendClient, context.Context
 	go func() {
 		interrupt := make(chan os.Signal, 1)
 		signal.Notify(interrupt, syscall.SIGINT, syscall.SIGTERM)
-		select {
-		case <-interrupt:
-		case <-ctx.Done():
-			// Context canceled elsewhere.
-			signal.Reset(syscall.SIGINT, syscall.SIGTERM)
-			return
-		}
-		gotSignal.Set(true)
+		<-interrupt
 		c.Close()
 		cancel()
 	}()
@@ -179,22 +130,19 @@ func connect(ctx context.Context) (net.Conn, *ipn.BackendClient, context.Context
 }
 
 // pump receives backend messages on conn and pushes them into bc.
-func pump(ctx context.Context, bc *ipn.BackendClient, conn net.Conn) error {
+func pump(ctx context.Context, bc *ipn.BackendClient, conn net.Conn) {
 	defer conn.Close()
 	for ctx.Err() == nil {
 		msg, err := ipn.ReadMsg(conn)
 		if err != nil {
 			if ctx.Err() != nil {
-				return ctx.Err()
+				return
 			}
-			if errors.Is(err, io.EOF) || errors.Is(err, net.ErrClosed) {
-				return fmt.Errorf("%w (tailscaled stopped running?)", err)
-			}
-			return err
+			log.Printf("ReadMsg: %v\n", err)
+			break
 		}
 		bc.GotNotifyMsg(msg)
 	}
-	return ctx.Err()
 }
 
 func strSliceContains(ss []string, s string) bool {

cmd/tailscale/cli/cli_test.go

@@ -1,798 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cli
-
-import (
-	"bytes"
-	"encoding/json"
-	"flag"
-	"fmt"
-	"reflect"
-	"strings"
-	"testing"
-
-	"github.com/google/go-cmp/cmp"
-	"inet.af/netaddr"
-	"tailscale.com/ipn"
-	"tailscale.com/ipn/ipnstate"
-	"tailscale.com/types/persist"
-	"tailscale.com/types/preftype"
-)
-
-// geese is a collection of gooses. It need not be complete.
-// But it should include anything handled specially (e.g. linux, windows)
-// and at least one thing that's not (darwin, freebsd).
-var geese = []string{"linux", "darwin", "windows", "freebsd"}
-
-// Test that checkForAccidentalSettingReverts's updateMaskedPrefsFromUpFlag can handle
-// all flags. This will panic if a new flag creeps in that's unhandled.
-//
-// Also, issue 1880: advertise-exit-node was being ignored. Verify that all flags cause an edit.
-func TestUpdateMaskedPrefsFromUpFlag(t *testing.T) {
-	for _, goos := range geese {
-		var upArgs upArgsT
-		fs := newUpFlagSet(goos, &upArgs)
-		fs.VisitAll(func(f *flag.Flag) {
-			mp := new(ipn.MaskedPrefs)
-			updateMaskedPrefsFromUpFlag(mp, f.Name)
-			got := mp.Pretty()
-			wantEmpty := preflessFlag(f.Name)
-			isEmpty := got == "MaskedPrefs{}"
-			if isEmpty != wantEmpty {
-				t.Errorf("flag %q created MaskedPrefs %s; want empty=%v", f.Name, got, wantEmpty)
-			}
-		})
-	}
-}
-
-func TestCheckForAccidentalSettingReverts(t *testing.T) {
-	tests := []struct {
-		name     string
-		flags    []string // argv to be parsed by FlagSet
-		curPrefs *ipn.Prefs
-
-		curExitNodeIP netaddr.IP
-		curUser       string // os.Getenv("USER") on the client side
-		goos          string // empty means "linux"
-
-		want string
-	}{
-		{
-			name:  "bare_up_means_up",
-			flags: []string{},
-			curPrefs: &ipn.Prefs{
-				ControlURL:  ipn.DefaultControlURL,
-				WantRunning: false,
-				Hostname:    "foo",
-			},
-			want: "",
-		},
-		{
-			name:  "losing_hostname",
-			flags: []string{"--accept-dns"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				WantRunning:      false,
-				Hostname:         "foo",
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AllowSingleHosts: true,
-			},
-			want: accidentalUpPrefix + " --accept-dns --hostname=foo",
-		},
-		{
-			name:  "hostname_changing_explicitly",
-			flags: []string{"--hostname=bar"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AllowSingleHosts: true,
-				Hostname:         "foo",
-			},
-			want: "",
-		},
-		{
-			name:  "hostname_changing_empty_explicitly",
-			flags: []string{"--hostname="},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AllowSingleHosts: true,
-				Hostname:         "foo",
-			},
-			want: "",
-		},
-		{
-			// Issue 1725: "tailscale up --authkey=..." (or other non-empty flags) works from
-			// a fresh server's initial prefs.
-			name:     "up_with_default_prefs",
-			flags:    []string{"--authkey=foosdlkfjskdljf"},
-			curPrefs: ipn.NewPrefs(),
-			want:     "",
-		},
-		{
-			name:  "implicit_operator_change",
-			flags: []string{"--hostname=foo"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				OperatorUser:     "alice",
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-			},
-			curUser: "eve",
-			want:    accidentalUpPrefix + " --hostname=foo --operator=alice",
-		},
-		{
-			name:  "implicit_operator_matches_shell_user",
-			flags: []string{"--hostname=foo"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				OperatorUser:     "alice",
-			},
-			curUser: "alice",
-			want:    "",
-		},
-		{
-			name:  "error_advertised_routes_exit_node_removed",
-			flags: []string{"--advertise-routes=10.0.42.0/24"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("10.0.42.0/24"),
-					netaddr.MustParseIPPrefix("0.0.0.0/0"),
-					netaddr.MustParseIPPrefix("::/0"),
-				},
-			},
-			want: accidentalUpPrefix + " --advertise-routes=10.0.42.0/24 --advertise-exit-node",
-		},
-		{
-			name:  "advertised_routes_exit_node_removed_explicit",
-			flags: []string{"--advertise-routes=10.0.42.0/24", "--advertise-exit-node=false"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("10.0.42.0/24"),
-					netaddr.MustParseIPPrefix("0.0.0.0/0"),
-					netaddr.MustParseIPPrefix("::/0"),
-				},
-			},
-			want: "",
-		},
-		{
-			name:  "advertised_routes_includes_the_0_routes", // but no --advertise-exit-node
-			flags: []string{"--advertise-routes=11.1.43.0/24,0.0.0.0/0,::/0"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("10.0.42.0/24"),
-					netaddr.MustParseIPPrefix("0.0.0.0/0"),
-					netaddr.MustParseIPPrefix("::/0"),
-				},
-			},
-			want: "",
-		},
-		{
-			name:  "advertise_exit_node", // Issue 1859
-			flags: []string{"--advertise-exit-node"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-			},
-			want: "",
-		},
-		{
-			name:  "advertise_exit_node_over_existing_routes",
-			flags: []string{"--advertise-exit-node"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("1.2.0.0/16"),
-				},
-			},
-			want: accidentalUpPrefix + " --advertise-exit-node --advertise-routes=1.2.0.0/16",
-		},
-		{
-			name:  "advertise_exit_node_over_existing_routes_and_exit_node",
-			flags: []string{"--advertise-exit-node"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("0.0.0.0/0"),
-					netaddr.MustParseIPPrefix("::/0"),
-					netaddr.MustParseIPPrefix("1.2.0.0/16"),
-				},
-			},
-			want: accidentalUpPrefix + " --advertise-exit-node --advertise-routes=1.2.0.0/16",
-		},
-		{
-			name:  "exit_node_clearing", // Issue 1777
-			flags: []string{"--exit-node="},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-
-				ExitNodeID: "fooID",
-			},
-			want: "",
-		},
-		{
-			name:  "remove_all_implicit",
-			flags: []string{"--force-reauth"},
-			curPrefs: &ipn.Prefs{
-				WantRunning:      true,
-				ControlURL:       ipn.DefaultControlURL,
-				RouteAll:         true,
-				AllowSingleHosts: false,
-				ExitNodeIP:       netaddr.MustParseIP("100.64.5.6"),
-				CorpDNS:          false,
-				ShieldsUp:        true,
-				AdvertiseTags:    []string{"tag:foo", "tag:bar"},
-				Hostname:         "myhostname",
-				ForceDaemon:      true,
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("10.0.0.0/16"),
-					netaddr.MustParseIPPrefix("0.0.0.0/0"),
-					netaddr.MustParseIPPrefix("::/0"),
-				},
-				NetfilterMode: preftype.NetfilterNoDivert,
-				OperatorUser:  "alice",
-			},
-			curUser: "eve",
-			want:    accidentalUpPrefix + " --force-reauth --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=10.0.0.0/16 --advertise-tags=tag:foo,tag:bar --exit-node=100.64.5.6 --host-routes=false --hostname=myhostname --netfilter-mode=nodivert --operator=alice --shields-up",
-		},
-		{
-			name:  "remove_all_implicit_except_hostname",
-			flags: []string{"--hostname=newhostname"},
-			curPrefs: &ipn.Prefs{
-				WantRunning:      true,
-				ControlURL:       ipn.DefaultControlURL,
-				RouteAll:         true,
-				AllowSingleHosts: false,
-				ExitNodeIP:       netaddr.MustParseIP("100.64.5.6"),
-				CorpDNS:          false,
-				ShieldsUp:        true,
-				AdvertiseTags:    []string{"tag:foo", "tag:bar"},
-				Hostname:         "myhostname",
-				ForceDaemon:      true,
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("10.0.0.0/16"),
-				},
-				NetfilterMode: preftype.NetfilterNoDivert,
-				OperatorUser:  "alice",
-			},
-			curUser: "eve",
-			want:    accidentalUpPrefix + " --hostname=newhostname --accept-dns=false --accept-routes --advertise-routes=10.0.0.0/16 --advertise-tags=tag:foo,tag:bar --exit-node=100.64.5.6 --host-routes=false --netfilter-mode=nodivert --operator=alice --shields-up",
-		},
-		{
-			name:  "loggedout_is_implicit",
-			flags: []string{"--hostname=foo"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				LoggedOut:        true,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-			},
-			want: "", // not an error. LoggedOut is implicit.
-		},
-		{
-			// Test that a pre-1.8 version of Tailscale with bogus NoSNAT pref
-			// values is able to enable exit nodes without warnings.
-			name:  "make_windows_exit_node",
-			flags: []string{"--advertise-exit-node"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-
-				// And assume this no-op accidental pre-1.8 value:
-				NoSNAT: true,
-			},
-			goos: "windows",
-			want: "", // not an error
-		},
-		{
-			name:  "ignore_netfilter_change_non_linux",
-			flags: []string{"--accept-dns"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-
-				NetfilterMode: preftype.NetfilterNoDivert, // we never had this bug, but pretend it got set non-zero on Windows somehow
-			},
-			goos: "windows",
-			want: "", // not an error
-		},
-		{
-			name:  "operator_losing_routes_step1", // https://twitter.com/EXPbits/status/1390418145047887877
-			flags: []string{"--operator=expbits"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("0.0.0.0/0"),
-					netaddr.MustParseIPPrefix("::/0"),
-					netaddr.MustParseIPPrefix("1.2.0.0/16"),
-				},
-			},
-			want: accidentalUpPrefix + " --operator=expbits --advertise-exit-node --advertise-routes=1.2.0.0/16",
-		},
-		{
-			name:  "operator_losing_routes_step2", // https://twitter.com/EXPbits/status/1390418145047887877
-			flags: []string{"--operator=expbits", "--advertise-routes=1.2.0.0/16"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("0.0.0.0/0"),
-					netaddr.MustParseIPPrefix("::/0"),
-					netaddr.MustParseIPPrefix("1.2.0.0/16"),
-				},
-			},
-			want: accidentalUpPrefix + " --advertise-routes=1.2.0.0/16 --operator=expbits --advertise-exit-node",
-		},
-		{
-			name:  "errors_preserve_explicit_flags",
-			flags: []string{"--reset", "--force-reauth=false", "--authkey=secretrand"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				WantRunning:      false,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-				AllowSingleHosts: true,
-
-				Hostname: "foo",
-			},
-			want: accidentalUpPrefix + " --authkey=secretrand --force-reauth=false --reset --hostname=foo",
-		},
-		{
-			name:  "error_exit_node_omit_with_ip_pref",
-			flags: []string{"--hostname=foo"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-
-				ExitNodeIP: netaddr.MustParseIP("100.64.5.4"),
-			},
-			want: accidentalUpPrefix + " --hostname=foo --exit-node=100.64.5.4",
-		},
-		{
-			name:          "error_exit_node_omit_with_id_pref",
-			flags:         []string{"--hostname=foo"},
-			curExitNodeIP: netaddr.MustParseIP("100.64.5.7"),
-			curPrefs: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-
-				ExitNodeID: "some_stable_id",
-			},
-			want: accidentalUpPrefix + " --hostname=foo --exit-node=100.64.5.7",
-		},
-		{
-			name:  "ignore_login_server_synonym",
-			flags: []string{"--login-server=https://controlplane.tailscale.com"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       "https://login.tailscale.com",
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-			},
-			want: "", // not an error
-		},
-		{
-			name:  "ignore_login_server_synonym_on_other_change",
-			flags: []string{"--netfilter-mode=off"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       "https://login.tailscale.com",
-				AllowSingleHosts: true,
-				CorpDNS:          false,
-				NetfilterMode:    preftype.NetfilterOn,
-			},
-			want: accidentalUpPrefix + " --netfilter-mode=off --accept-dns=false",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			goos := "linux"
-			if tt.goos != "" {
-				goos = tt.goos
-			}
-			var upArgs upArgsT
-			flagSet := newUpFlagSet(goos, &upArgs)
-			flagSet.Parse(tt.flags)
-			newPrefs, err := prefsFromUpArgs(upArgs, t.Logf, new(ipnstate.Status), goos)
-			if err != nil {
-				t.Fatal(err)
-			}
-			applyImplicitPrefs(newPrefs, tt.curPrefs, tt.curUser)
-			var got string
-			if err := checkForAccidentalSettingReverts(newPrefs, tt.curPrefs, upCheckEnv{
-				goos:          goos,
-				flagSet:       flagSet,
-				curExitNodeIP: tt.curExitNodeIP,
-			}); err != nil {
-				got = err.Error()
-			}
-			if strings.TrimSpace(got) != tt.want {
-				t.Errorf("unexpected result\n got: %s\nwant: %s\n", got, tt.want)
-			}
-		})
-	}
-}
-
-func upArgsFromOSArgs(goos string, flagArgs ...string) (args upArgsT) {
-	fs := newUpFlagSet(goos, &args)
-	fs.Parse(flagArgs) // populates args
-	return
-}
-
-func TestPrefsFromUpArgs(t *testing.T) {
-	tests := []struct {
-		name     string
-		args     upArgsT
-		goos     string           // runtime.GOOS; empty means linux
-		st       *ipnstate.Status // or nil
-		want     *ipn.Prefs
-		wantErr  string
-		wantWarn string
-	}{
-		{
-			name: "default_linux",
-			goos: "linux",
-			args: upArgsFromOSArgs("linux"),
-			want: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				WantRunning:      true,
-				NoSNAT:           false,
-				NetfilterMode:    preftype.NetfilterOn,
-				CorpDNS:          true,
-				AllowSingleHosts: true,
-			},
-		},
-		{
-			name: "default_windows",
-			goos: "windows",
-			args: upArgsFromOSArgs("windows"),
-			want: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				WantRunning:      true,
-				CorpDNS:          true,
-				AllowSingleHosts: true,
-				NetfilterMode:    preftype.NetfilterOn,
-			},
-		},
-		{
-			name: "advertise_default_route",
-			args: upArgsFromOSArgs("linux", "--advertise-exit-node"),
-			want: &ipn.Prefs{
-				ControlURL:       ipn.DefaultControlURL,
-				WantRunning:      true,
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				AdvertiseRoutes: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("0.0.0.0/0"),
-					netaddr.MustParseIPPrefix("::/0"),
-				},
-				NetfilterMode: preftype.NetfilterOn,
-			},
-		},
-		{
-			name: "error_advertise_route_invalid_ip",
-			args: upArgsT{
-				advertiseRoutes: "foo",
-			},
-			wantErr: `"foo" is not a valid IP address or CIDR prefix`,
-		},
-		{
-			name: "error_advertise_route_unmasked_bits",
-			args: upArgsT{
-				advertiseRoutes: "1.2.3.4/16",
-			},
-			wantErr: `1.2.3.4/16 has non-address bits set; expected 1.2.0.0/16`,
-		},
-		{
-			name: "error_exit_node_bad_ip",
-			args: upArgsT{
-				exitNodeIP: "foo",
-			},
-			wantErr: `invalid IP address "foo" for --exit-node: ParseIP("foo"): unable to parse IP`,
-		},
-		{
-			name: "error_exit_node_allow_lan_without_exit_node",
-			args: upArgsT{
-				exitNodeAllowLANAccess: true,
-			},
-			wantErr: `--exit-node-allow-lan-access can only be used with --exit-node`,
-		},
-		{
-			name: "error_tag_prefix",
-			args: upArgsT{
-				advertiseTags: "foo",
-			},
-			wantErr: `tag: "foo": tags must start with 'tag:'`,
-		},
-		{
-			name: "error_long_hostname",
-			args: upArgsT{
-				hostname: strings.Repeat("a", 300),
-			},
-			wantErr: `hostname too long: 300 bytes (max 256)`,
-		},
-		{
-			name: "error_linux_netfilter_empty",
-			args: upArgsT{
-				netfilterMode: "",
-			},
-			wantErr: `invalid value --netfilter-mode=""`,
-		},
-		{
-			name: "error_linux_netfilter_bogus",
-			args: upArgsT{
-				netfilterMode: "bogus",
-			},
-			wantErr: `invalid value --netfilter-mode="bogus"`,
-		},
-		{
-			name: "error_exit_node_ip_is_self_ip",
-			args: upArgsT{
-				exitNodeIP: "100.105.106.107",
-			},
-			st: &ipnstate.Status{
-				TailscaleIPs: []netaddr.IP{netaddr.MustParseIP("100.105.106.107")},
-			},
-			wantErr: `cannot use 100.105.106.107 as the exit node as it is a local IP address to this machine, did you mean --advertise-exit-node?`,
-		},
-		{
-			name: "warn_linux_netfilter_nodivert",
-			goos: "linux",
-			args: upArgsT{
-				netfilterMode: "nodivert",
-			},
-			wantWarn: "netfilter=nodivert; add iptables calls to ts-* chains manually.",
-			want: &ipn.Prefs{
-				WantRunning:   true,
-				NetfilterMode: preftype.NetfilterNoDivert,
-				NoSNAT:        true,
-			},
-		},
-		{
-			name: "warn_linux_netfilter_off",
-			goos: "linux",
-			args: upArgsT{
-				netfilterMode: "off",
-			},
-			wantWarn: "netfilter=off; configure iptables yourself.",
-			want: &ipn.Prefs{
-				WantRunning:   true,
-				NetfilterMode: preftype.NetfilterOff,
-				NoSNAT:        true,
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			var warnBuf bytes.Buffer
-			warnf := func(format string, a ...interface{}) {
-				fmt.Fprintf(&warnBuf, format, a...)
-			}
-			goos := tt.goos
-			if goos == "" {
-				goos = "linux"
-			}
-			st := tt.st
-			if st == nil {
-				st = new(ipnstate.Status)
-			}
-			got, err := prefsFromUpArgs(tt.args, warnf, st, goos)
-			gotErr := fmt.Sprint(err)
-			if tt.wantErr != "" {
-				if tt.wantErr != gotErr {
-					t.Errorf("wrong error.\n got error: %v\nwant error: %v\n", gotErr, tt.wantErr)
-				}
-				return
-			}
-			if err != nil {
-				t.Fatal(err)
-			}
-			if tt.want == nil {
-				t.Fatal("tt.want is nil")
-			}
-			if !got.Equals(tt.want) {
-				jgot, _ := json.MarshalIndent(got, "", "\t")
-				jwant, _ := json.MarshalIndent(tt.want, "", "\t")
-				if bytes.Equal(jgot, jwant) {
-					t.Logf("prefs differ only in non-JSON-visible ways (nil/non-nil zero-length arrays)")
-				}
-				t.Errorf("wrong prefs\n got: %s\nwant: %s\n\ngot: %s\nwant: %s\n",
-					got.Pretty(), tt.want.Pretty(),
-					jgot, jwant,
-				)
-
-			}
-		})
-	}
-
-}
-
-func TestPrefFlagMapping(t *testing.T) {
-	prefHasFlag := map[string]bool{}
-	for _, pv := range prefsOfFlag {
-		for _, pref := range pv {
-			prefHasFlag[pref] = true
-		}
-	}
-
-	prefType := reflect.TypeOf(ipn.Prefs{})
-	for i := 0; i < prefType.NumField(); i++ {
-		prefName := prefType.Field(i).Name
-		if prefHasFlag[prefName] {
-			continue
-		}
-		switch prefName {
-		case "WantRunning", "Persist", "LoggedOut":
-			// All explicitly handled (ignored) by checkForAccidentalSettingReverts.
-			continue
-		case "OSVersion", "DeviceModel":
-			// Only used by Android, which doesn't have a CLI mode anyway, so
-			// fine to not map.
-			continue
-		case "NotepadURLs":
-			// TODO(bradfitz): https://github.com/tailscale/tailscale/issues/1830
-			continue
-		}
-		t.Errorf("unexpected new ipn.Pref field %q is not handled by up.go (see addPrefFlagMapping and checkForAccidentalSettingReverts)", prefName)
-	}
-}
-
-func TestFlagAppliesToOS(t *testing.T) {
-	for _, goos := range geese {
-		var upArgs upArgsT
-		fs := newUpFlagSet(goos, &upArgs)
-		fs.VisitAll(func(f *flag.Flag) {
-			if !flagAppliesToOS(f.Name, goos) {
-				t.Errorf("flagAppliesToOS(%q, %q) = false but found in %s set", f.Name, goos, goos)
-			}
-		})
-	}
-}
-
-func TestUpdatePrefs(t *testing.T) {
-	tests := []struct {
-		name     string
-		flags    []string // argv to be parsed into env.flagSet and env.upArgs
-		curPrefs *ipn.Prefs
-		env      upCheckEnv // empty goos means "linux"
-
-		wantSimpleUp   bool
-		wantJustEditMP *ipn.MaskedPrefs
-		wantErrSubtr   string
-	}{
-		{
-			name:  "bare_up_means_up",
-			flags: []string{},
-			curPrefs: &ipn.Prefs{
-				ControlURL:  ipn.DefaultControlURL,
-				WantRunning: false,
-				Hostname:    "foo",
-			},
-		},
-		{
-			name:  "just_up",
-			flags: []string{},
-			curPrefs: &ipn.Prefs{
-				ControlURL: ipn.DefaultControlURL,
-				Persist:    &persist.Persist{LoginName: "crawshaw.github"},
-			},
-			env: upCheckEnv{
-				backendState: "Stopped",
-			},
-			wantSimpleUp: true,
-		},
-		{
-			name:  "just_edit",
-			flags: []string{},
-			curPrefs: &ipn.Prefs{
-				ControlURL: ipn.DefaultControlURL,
-				Persist:    &persist.Persist{LoginName: "crawshaw.github"},
-			},
-			env:            upCheckEnv{backendState: "Running"},
-			wantSimpleUp:   true,
-			wantJustEditMP: &ipn.MaskedPrefs{WantRunningSet: true},
-		},
-		{
-			name:  "control_synonym",
-			flags: []string{},
-			curPrefs: &ipn.Prefs{
-				ControlURL: "https://login.tailscale.com",
-				Persist:    &persist.Persist{LoginName: "crawshaw.github"},
-			},
-			env:            upCheckEnv{backendState: "Running"},
-			wantSimpleUp:   true,
-			wantJustEditMP: &ipn.MaskedPrefs{WantRunningSet: true},
-		},
-		{
-			name:  "change_login_server",
-			flags: []string{"--login-server=https://localhost:1000"},
-			curPrefs: &ipn.Prefs{
-				ControlURL:       "https://login.tailscale.com",
-				Persist:          &persist.Persist{LoginName: "crawshaw.github"},
-				AllowSingleHosts: true,
-				CorpDNS:          true,
-				NetfilterMode:    preftype.NetfilterOn,
-			},
-			env:            upCheckEnv{backendState: "Running"},
-			wantSimpleUp:   true,
-			wantJustEditMP: &ipn.MaskedPrefs{WantRunningSet: true},
-			wantErrSubtr:   "can't change --login-server without --force-reauth",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.env.goos == "" {
-				tt.env.goos = "linux"
-			}
-			tt.env.flagSet = newUpFlagSet(tt.env.goos, &tt.env.upArgs)
-			tt.env.flagSet.Parse(tt.flags)
-
-			newPrefs, err := prefsFromUpArgs(tt.env.upArgs, t.Logf, new(ipnstate.Status), tt.env.goos)
-			if err != nil {
-				t.Fatal(err)
-			}
-			simpleUp, justEditMP, err := updatePrefs(newPrefs, tt.curPrefs, tt.env)
-			if err != nil {
-				if tt.wantErrSubtr != "" {
-					if !strings.Contains(err.Error(), tt.wantErrSubtr) {
-						t.Fatalf("want error %q, got: %v", tt.wantErrSubtr, err)
-					}
-					return
-				}
-				t.Fatal(err)
-			}
-			if simpleUp != tt.wantSimpleUp {
-				t.Fatalf("simpleUp=%v, want %v", simpleUp, tt.wantSimpleUp)
-			}
-			if justEditMP != nil {
-				justEditMP.Prefs = ipn.Prefs{} // uninteresting
-			}
-			if !reflect.DeepEqual(justEditMP, tt.wantJustEditMP) {
-				t.Fatalf("justEditMP: %v", cmp.Diff(justEditMP, tt.wantJustEditMP))
-			}
-		})
-	}
-}

cmd/tailscale/cli/debug.go

@@ -6,21 +6,12 @@ package cli
 
 import (
 	"context"
-	"encoding/json"
 	"errors"
 	"flag"
-	"fmt"
-	"io"
-	"log"
 	"os"
-	"runtime"
-	"strings"
 
 	"github.com/peterbourgon/ff/v2/ffcli"
 	"tailscale.com/client/tailscale"
-	"tailscale.com/ipn"
-	"tailscale.com/paths"
-	"tailscale.com/safesocket"
 )
 
 var debugCmd = &ffcli.Command{
@@ -29,115 +20,24 @@ var debugCmd = &ffcli.Command{
 	FlagSet: (func() *flag.FlagSet {
 		fs := flag.NewFlagSet("debug", flag.ExitOnError)
 		fs.BoolVar(&debugArgs.goroutines, "daemon-goroutines", false, "If true, dump the tailscaled daemon's goroutines")
-		fs.BoolVar(&debugArgs.ipn, "ipn", false, "If true, subscribe to IPN notifications")
-		fs.BoolVar(&debugArgs.prefs, "prefs", false, "If true, dump active prefs")
-		fs.BoolVar(&debugArgs.derpMap, "derp", false, "If true, dump DERP map")
-		fs.BoolVar(&debugArgs.pretty, "pretty", false, "If true, pretty-print output (for --prefs)")
-		fs.BoolVar(&debugArgs.netMap, "netmap", true, "whether to include netmap in --ipn mode")
-		fs.BoolVar(&debugArgs.localCreds, "local-creds", false, "print how to connect to local tailscaled")
-		fs.StringVar(&debugArgs.file, "file", "", "get, delete:NAME, or NAME")
 		return fs
 	})(),
 }
 
 var debugArgs struct {
-	localCreds bool
 	goroutines bool
-	ipn        bool
-	netMap     bool
-	derpMap    bool
-	file       string
-	prefs      bool
-	pretty     bool
 }
 
 func runDebug(ctx context.Context, args []string) error {
 	if len(args) > 0 {
 		return errors.New("unknown arguments")
 	}
-	if debugArgs.localCreds {
-		port, token, err := safesocket.LocalTCPPortAndToken()
-		if err == nil {
-			fmt.Printf("curl -u:%s http://localhost:%d/localapi/v0/status\n", token, port)
-			return nil
-		}
-		if runtime.GOOS == "windows" {
-			fmt.Printf("curl http://localhost:41112/localapi/v0/status\n")
-			return nil
-		}
-		fmt.Printf("curl --unix-socket %s http://foo/localapi/v0/status\n", paths.DefaultTailscaledSocket())
-		return nil
-	}
-	if debugArgs.prefs {
-		prefs, err := tailscale.GetPrefs(ctx)
-		if err != nil {
-			return err
-		}
-		if debugArgs.pretty {
-			fmt.Println(prefs.Pretty())
-		} else {
-			j, _ := json.MarshalIndent(prefs, "", "\t")
-			fmt.Println(string(j))
-		}
-		return nil
-	}
 	if debugArgs.goroutines {
 		goroutines, err := tailscale.Goroutines(ctx)
 		if err != nil {
 			return err
 		}
 		os.Stdout.Write(goroutines)
-		return nil
-	}
-	if debugArgs.derpMap {
-		dm, err := tailscale.CurrentDERPMap(ctx)
-		if err != nil {
-			return fmt.Errorf(
-				"failed to get local derp map, instead `curl %s/derpmap/default`: %w", ipn.DefaultControlURL, err,
-			)
-		}
-		enc := json.NewEncoder(os.Stdout)
-		enc.SetIndent("", "\t")
-		enc.Encode(dm)
-		return nil
-	}
-	if debugArgs.ipn {
-		c, bc, ctx, cancel := connect(ctx)
-		defer cancel()
-
-		bc.SetNotifyCallback(func(n ipn.Notify) {
-			if !debugArgs.netMap {
-				n.NetMap = nil
-			}
-			j, _ := json.MarshalIndent(n, "", "\t")
-			fmt.Printf("%s\n", j)
-		})
-		bc.RequestEngineStatus()
-		pump(ctx, bc, c)
-		return errors.New("exit")
-	}
-	if debugArgs.file != "" {
-		if debugArgs.file == "get" {
-			wfs, err := tailscale.WaitingFiles(ctx)
-			if err != nil {
-				log.Fatal(err)
-			}
-			e := json.NewEncoder(os.Stdout)
-			e.SetIndent("", "\t")
-			e.Encode(wfs)
-			return nil
-		}
-		delete := strings.HasPrefix(debugArgs.file, "delete:")
-		if delete {
-			return tailscale.DeleteWaitingFile(ctx, strings.TrimPrefix(debugArgs.file, "delete:"))
-		}
-		rc, size, err := tailscale.GetWaitingFile(ctx, debugArgs.file)
-		if err != nil {
-			return err
-		}
-		log.Printf("Size: %v\n", size)
-		io.Copy(os.Stdout, rc)
-		return nil
 	}
 	return nil
 }

cmd/tailscale/cli/diag.go

@@ -1,55 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux windows darwin
-
-package cli
-
-import (
-	"fmt"
-	"path/filepath"
-	"runtime"
-	"strings"
-
-	ps "github.com/mitchellh/go-ps"
-)
-
-// fixTailscaledConnectError is called when the local tailscaled has
-// been determined unreachable due to the provided origErr value. It
-// returns either the same error or a better one to help the user
-// understand why tailscaled isn't running for their platform.
-func fixTailscaledConnectError(origErr error) error {
-	procs, err := ps.Processes()
-	if err != nil {
-		return fmt.Errorf("failed to connect to local Tailscaled process and failed to enumerate processes while looking for it")
-	}
-	found := false
-	for _, proc := range procs {
-		base := filepath.Base(proc.Executable())
-		if base == "tailscaled" {
-			found = true
-			break
-		}
-		if runtime.GOOS == "darwin" && base == "IPNExtension" {
-			found = true
-			break
-		}
-		if runtime.GOOS == "windows" && strings.EqualFold(base, "tailscaled.exe") {
-			found = true
-			break
-		}
-	}
-	if !found {
-		switch runtime.GOOS {
-		case "windows":
-			return fmt.Errorf("failed to connect to local tailscaled process; is the Tailscale service running?")
-		case "darwin":
-			return fmt.Errorf("failed to connect to local Tailscale service; is Tailscale running?")
-		case "linux":
-			return fmt.Errorf("failed to connect to local tailscaled; it doesn't appear to be running (sudo systemctl start tailscaled ?)")
-		}
-		return fmt.Errorf("failed to connect to local tailscaled process; it doesn't appear to be running")
-	}
-	return fmt.Errorf("failed to connect to local tailscaled (which appears to be running). Got error: %w", origErr)
-}

cmd/tailscale/cli/diag_other.go

@@ -1,16 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !linux,!windows,!darwin
-
-package cli
-
-import "fmt"
-
-// The github.com/mitchellh/go-ps package doesn't work on all platforms,
-// so just don't diagnose connect failures.
-
-func fixTailscaledConnectError(origErr error) error {
-	return fmt.Errorf("failed to connect to local tailscaled process (is it running?); got: %w", origErr)
-}

cmd/tailscale/cli/down.go

@@ -8,7 +8,7 @@ import (
 	"context"
 	"fmt"
 	"log"
-	"os"
+	"time"
 
 	"github.com/peterbourgon/ff/v2/ffcli"
 	"tailscale.com/client/tailscale"
@@ -33,14 +33,34 @@ func runDown(ctx context.Context, args []string) error {
 		return fmt.Errorf("error fetching current status: %w", err)
 	}
 	if st.BackendState == "Stopped" {
-		fmt.Fprintf(os.Stderr, "Tailscale was already stopped.\n")
+		log.Printf("already stopped")
 		return nil
 	}
-	_, err = tailscale.EditPrefs(ctx, &ipn.MaskedPrefs{
-		Prefs: ipn.Prefs{
-			WantRunning: false,
-		},
-		WantRunningSet: true,
+	log.Printf("was in state %q", st.BackendState)
+
+	c, bc, ctx, cancel := connect(ctx)
+	defer cancel()
+
+	timer := time.AfterFunc(5*time.Second, func() {
+		log.Fatalf("timeout running stop")
 	})
-	return err
+	defer timer.Stop()
+
+	bc.SetNotifyCallback(func(n ipn.Notify) {
+		if n.ErrMessage != nil {
+			log.Fatal(*n.ErrMessage)
+		}
+		if n.State != nil {
+			log.Printf("now in state %q", *n.State)
+			if *n.State == ipn.Stopped {
+				cancel()
+			}
+			return
+		}
+	})
+
+	bc.SetWantRunning(false)
+	pump(ctx, bc, c)
+
+	return nil
 }

cmd/tailscale/cli/file.go

@@ -1,436 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cli
-
-import (
-	"bytes"
-	"context"
-	"errors"
-	"flag"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"log"
-	"mime"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
-	"time"
-	"unicode/utf8"
-
-	"github.com/peterbourgon/ff/v2/ffcli"
-	"golang.org/x/time/rate"
-	"inet.af/netaddr"
-	"tailscale.com/client/tailscale"
-	"tailscale.com/client/tailscale/apitype"
-	"tailscale.com/ipn"
-	"tailscale.com/net/tsaddr"
-	"tailscale.com/version"
-)
-
-var fileCmd = &ffcli.Command{
-	Name:       "file",
-	ShortUsage: "file <cp|get> ...",
-	ShortHelp:  "Send or receive files",
-	Subcommands: []*ffcli.Command{
-		fileCpCmd,
-		fileGetCmd,
-	},
-	Exec: func(context.Context, []string) error {
-		// TODO(bradfitz): is there a better ffcli way to
-		// annotate subcommand-required commands that don't
-		// have an exec body of their own?
-		return errors.New("file subcommand required; run 'tailscale file -h' for details")
-	},
-}
-
-var fileCpCmd = &ffcli.Command{
-	Name:       "cp",
-	ShortUsage: "file cp <files...> <target>:",
-	ShortHelp:  "Copy file(s) to a host",
-	Exec:       runCp,
-	FlagSet: (func() *flag.FlagSet {
-		fs := flag.NewFlagSet("cp", flag.ExitOnError)
-		fs.StringVar(&cpArgs.name, "name", "", "alternate filename to use, especially useful when <file> is \"-\" (stdin)")
-		fs.BoolVar(&cpArgs.verbose, "verbose", false, "verbose output")
-		fs.BoolVar(&cpArgs.targets, "targets", false, "list possible file cp targets")
-		return fs
-	})(),
-}
-
-var cpArgs struct {
-	name    string
-	verbose bool
-	targets bool
-}
-
-func runCp(ctx context.Context, args []string) error {
-	if cpArgs.targets {
-		return runCpTargets(ctx, args)
-	}
-	if len(args) < 2 {
-		return errors.New("usage: tailscale file cp <files...> <target>:")
-	}
-	files, target := args[:len(args)-1], args[len(args)-1]
-	if !strings.HasSuffix(target, ":") {
-		return fmt.Errorf("final argument to 'tailscale file cp' must end in colon")
-	}
-	target = strings.TrimSuffix(target, ":")
-	hadBrackets := false
-	if strings.HasPrefix(target, "[") && strings.HasSuffix(target, "]") {
-		hadBrackets = true
-		target = strings.TrimSuffix(strings.TrimPrefix(target, "["), "]")
-	}
-	if ip, err := netaddr.ParseIP(target); err == nil && ip.Is6() && !hadBrackets {
-		return fmt.Errorf("an IPv6 literal must be written as [%s]", ip)
-	} else if hadBrackets && (err != nil || !ip.Is6()) {
-		return errors.New("unexpected brackets around target")
-	}
-	ip, err := tailscaleIPFromArg(ctx, target)
-	if err != nil {
-		return err
-	}
-
-	peerAPIBase, isOffline, err := discoverPeerAPIBase(ctx, ip)
-	if err != nil {
-		return fmt.Errorf("can't send to %s: %v", target, err)
-	}
-	if isOffline {
-		fmt.Fprintf(os.Stderr, "# warning: %s is offline\n", target)
-	}
-
-	if len(files) > 1 {
-		if cpArgs.name != "" {
-			return errors.New("can't use --name= with multiple files")
-		}
-		for _, fileArg := range files {
-			if fileArg == "-" {
-				return errors.New("can't use '-' as STDIN file when providing filename arguments")
-			}
-		}
-	}
-
-	for _, fileArg := range files {
-		var fileContents io.Reader
-		var name = cpArgs.name
-		var contentLength int64 = -1
-		if fileArg == "-" {
-			fileContents = os.Stdin
-			if name == "" {
-				name, fileContents, err = pickStdinFilename()
-				if err != nil {
-					return err
-				}
-			}
-		} else {
-			f, err := os.Open(fileArg)
-			if err != nil {
-				if version.IsSandboxedMacOS() {
-					return errors.New("the GUI version of Tailscale on macOS runs in a macOS sandbox that can't read files")
-				}
-				return err
-			}
-			defer f.Close()
-			fi, err := f.Stat()
-			if err != nil {
-				return err
-			}
-			if fi.IsDir() {
-				return errors.New("directories not supported")
-			}
-			contentLength = fi.Size()
-			fileContents = io.LimitReader(f, contentLength)
-			if name == "" {
-				name = filepath.Base(fileArg)
-			}
-
-			if slow, _ := strconv.ParseBool(os.Getenv("TS_DEBUG_SLOW_PUSH")); slow {
-				fileContents = &slowReader{r: fileContents}
-			}
-		}
-
-		dstURL := peerAPIBase + "/v0/put/" + url.PathEscape(name)
-		req, err := http.NewRequestWithContext(ctx, "PUT", dstURL, fileContents)
-		if err != nil {
-			return err
-		}
-		req.ContentLength = contentLength
-		if cpArgs.verbose {
-			log.Printf("sending to %v ...", dstURL)
-		}
-		res, err := http.DefaultClient.Do(req)
-		if err != nil {
-			return err
-		}
-		if res.StatusCode == 200 {
-			io.Copy(ioutil.Discard, res.Body)
-			res.Body.Close()
-			continue
-		}
-		io.Copy(os.Stdout, res.Body)
-		res.Body.Close()
-		return errors.New(res.Status)
-	}
-	return nil
-}
-
-func discoverPeerAPIBase(ctx context.Context, ipStr string) (base string, isOffline bool, err error) {
-	ip, err := netaddr.ParseIP(ipStr)
-	if err != nil {
-		return "", false, err
-	}
-	fts, err := tailscale.FileTargets(ctx)
-	if err != nil {
-		return "", false, err
-	}
-	for _, ft := range fts {
-		n := ft.Node
-		for _, a := range n.Addresses {
-			if a.IP() != ip {
-				continue
-			}
-			isOffline = n.Online != nil && !*n.Online
-			return ft.PeerAPIURL, isOffline, nil
-		}
-	}
-	return "", false, fileTargetErrorDetail(ctx, ip)
-}
-
-// fileTargetErrorDetail returns a non-nil error saying why ip is an
-// invalid file sharing target.
-func fileTargetErrorDetail(ctx context.Context, ip netaddr.IP) error {
-	found := false
-	if st, err := tailscale.Status(ctx); err == nil && st.Self != nil {
-		for _, peer := range st.Peer {
-			for _, pip := range peer.TailscaleIPs {
-				if pip == ip {
-					found = true
-					if peer.UserID != st.Self.UserID {
-						return errors.New("owned by different user; can only send files to your own devices")
-					}
-				}
-			}
-		}
-	}
-	if found {
-		return errors.New("target seems to be running an old Tailscale version")
-	}
-	if !tsaddr.IsTailscaleIP(ip) {
-		return fmt.Errorf("unknown target; %v is not a Tailscale IP address", ip)
-	}
-	return errors.New("unknown target; not in your Tailnet")
-}
-
-const maxSniff = 4 << 20
-
-func ext(b []byte) string {
-	if len(b) < maxSniff && utf8.Valid(b) {
-		return ".txt"
-	}
-	if exts, _ := mime.ExtensionsByType(http.DetectContentType(b)); len(exts) > 0 {
-		return exts[0]
-	}
-	return ""
-}
-
-// pickStdinFilename reads a bit of stdin to return a good filename
-// for its contents. The returned Reader is the concatenation of the
-// read and unread bits.
-func pickStdinFilename() (name string, r io.Reader, err error) {
-	sniff, err := io.ReadAll(io.LimitReader(os.Stdin, maxSniff))
-	if err != nil {
-		return "", nil, err
-	}
-	return "stdin" + ext(sniff), io.MultiReader(bytes.NewReader(sniff), os.Stdin), nil
-}
-
-type slowReader struct {
-	r  io.Reader
-	rl *rate.Limiter
-}
-
-func (r *slowReader) Read(p []byte) (n int, err error) {
-	const burst = 4 << 10
-	plen := len(p)
-	if plen > burst {
-		plen = burst
-	}
-	if r.rl == nil {
-		r.rl = rate.NewLimiter(rate.Limit(1<<10), burst)
-	}
-	n, err = r.r.Read(p[:plen])
-	r.rl.WaitN(context.Background(), n)
-	return
-}
-
-func runCpTargets(ctx context.Context, args []string) error {
-	if len(args) > 0 {
-		return errors.New("invalid arguments with --targets")
-	}
-	fts, err := tailscale.FileTargets(ctx)
-	if err != nil {
-		return err
-	}
-	for _, ft := range fts {
-		n := ft.Node
-		var detail string
-		if n.Online != nil {
-			if !*n.Online {
-				detail = "offline"
-			}
-		} else {
-			detail = "unknown-status"
-		}
-		if detail != "" && n.LastSeen != nil {
-			d := time.Since(*n.LastSeen)
-			detail += fmt.Sprintf("; last seen %v ago", d.Round(time.Minute))
-		}
-		if detail != "" {
-			detail = "\t" + detail
-		}
-		fmt.Printf("%s\t%s%s\n", n.Addresses[0].IP(), n.ComputedName, detail)
-	}
-	return nil
-}
-
-var fileGetCmd = &ffcli.Command{
-	Name:       "get",
-	ShortUsage: "file get [--wait] [--verbose] <target-directory>",
-	ShortHelp:  "Move files out of the Tailscale file inbox",
-	Exec:       runFileGet,
-	FlagSet: (func() *flag.FlagSet {
-		fs := flag.NewFlagSet("get", flag.ExitOnError)
-		fs.BoolVar(&getArgs.wait, "wait", false, "wait for a file to arrive if inbox is empty")
-		fs.BoolVar(&getArgs.verbose, "verbose", false, "verbose output")
-		return fs
-	})(),
-}
-
-var getArgs struct {
-	wait    bool
-	verbose bool
-}
-
-func runFileGet(ctx context.Context, args []string) error {
-	if len(args) != 1 {
-		return errors.New("usage: file get <target-directory>")
-	}
-	log.SetFlags(0)
-
-	dir := args[0]
-	if dir == "/dev/null" {
-		return wipeInbox(ctx)
-	}
-
-	if fi, err := os.Stat(dir); err != nil || !fi.IsDir() {
-		return fmt.Errorf("%q is not a directory", dir)
-	}
-
-	var wfs []apitype.WaitingFile
-	var err error
-	for {
-		wfs, err = tailscale.WaitingFiles(ctx)
-		if err != nil {
-			return fmt.Errorf("getting WaitingFiles: %v", err)
-		}
-		if len(wfs) != 0 || !getArgs.wait {
-			break
-		}
-		if getArgs.verbose {
-			log.Printf("waiting for file...")
-		}
-		if err := waitForFile(ctx); err != nil {
-			return err
-		}
-	}
-
-	deleted := 0
-	for _, wf := range wfs {
-		rc, size, err := tailscale.GetWaitingFile(ctx, wf.Name)
-		if err != nil {
-			return fmt.Errorf("opening inbox file %q: %v", wf.Name, err)
-		}
-		targetFile := filepath.Join(dir, wf.Name)
-		of, err := os.OpenFile(targetFile, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0644)
-		if err != nil {
-			if _, err := os.Stat(targetFile); err == nil {
-				return fmt.Errorf("refusing to overwrite %v", targetFile)
-			}
-			return err
-		}
-		_, err = io.Copy(of, rc)
-		rc.Close()
-		if err != nil {
-			return fmt.Errorf("failed to write %v: %v", targetFile, err)
-		}
-		if err := of.Close(); err != nil {
-			return err
-		}
-		if getArgs.verbose {
-			log.Printf("wrote %v (%d bytes)", wf.Name, size)
-		}
-		if err := tailscale.DeleteWaitingFile(ctx, wf.Name); err != nil {
-			return fmt.Errorf("deleting %q from inbox: %v", wf.Name, err)
-		}
-		deleted++
-	}
-	if getArgs.verbose {
-		log.Printf("moved %d files", deleted)
-	}
-	return nil
-}
-
-func wipeInbox(ctx context.Context) error {
-	if getArgs.wait {
-		return errors.New("can't use --wait with /dev/null target")
-	}
-	wfs, err := tailscale.WaitingFiles(ctx)
-	if err != nil {
-		return fmt.Errorf("getting WaitingFiles: %v", err)
-	}
-	deleted := 0
-	for _, wf := range wfs {
-		if getArgs.verbose {
-			log.Printf("deleting %v ...", wf.Name)
-		}
-		if err := tailscale.DeleteWaitingFile(ctx, wf.Name); err != nil {
-			return fmt.Errorf("deleting %q: %v", wf.Name, err)
-		}
-		deleted++
-	}
-	if getArgs.verbose {
-		log.Printf("deleted %d files", deleted)
-	}
-	return nil
-}
-
-func waitForFile(ctx context.Context) error {
-	c, bc, pumpCtx, cancel := connect(ctx)
-	defer cancel()
-	fileWaiting := make(chan bool, 1)
-	bc.SetNotifyCallback(func(n ipn.Notify) {
-		if n.ErrMessage != nil {
-			log.Fatal(*n.ErrMessage)
-		}
-		if n.FilesWaiting != nil {
-			select {
-			case fileWaiting <- true:
-			default:
-			}
-		}
-	})
-	go pump(pumpCtx, bc, c)
-	select {
-	case <-fileWaiting:
-		return nil
-	case <-pumpCtx.Done():
-		return pumpCtx.Err()
-	case <-ctx.Done():
-		return ctx.Err()
-	}
-}

cmd/tailscale/cli/ip.go

@@ -11,16 +11,13 @@ import (
 	"fmt"
 
 	"github.com/peterbourgon/ff/v2/ffcli"
-	"inet.af/netaddr"
 	"tailscale.com/client/tailscale"
-	"tailscale.com/ipn/ipnstate"
 )
 
 var ipCmd = &ffcli.Command{
 	Name:       "ip",
-	ShortUsage: "ip [-4] [-6] [peername]",
-	ShortHelp:  "Show current Tailscale IP address(es)",
-	LongHelp:   "Shows the Tailscale IP address of the current machine without an argument. With an argument, it shows the IP of a named peer.",
+	ShortUsage: "ip [-4] [-6]",
+	ShortHelp:  "Show this machine's current Tailscale IP address(es)",
 	Exec:       runIP,
 	FlagSet: (func() *flag.FlagSet {
 		fs := flag.NewFlagSet("ip", flag.ExitOnError)
@@ -36,14 +33,9 @@ var ipArgs struct {
 }
 
 func runIP(ctx context.Context, args []string) error {
-	if len(args) > 1 {
+	if len(args) > 0 {
 		return errors.New("unknown arguments")
 	}
-	var of string
-	if len(args) == 1 {
-		of = args[0]
-	}
-
 	v4, v6 := ipArgs.want4, ipArgs.want6
 	if v4 && v6 {
 		return errors.New("tailscale up -4 and -6 are mutually exclusive")
@@ -55,24 +47,11 @@ func runIP(ctx context.Context, args []string) error {
 	if err != nil {
 		return err
 	}
-	ips := st.TailscaleIPs
-	if of != "" {
-		ip, err := tailscaleIPFromArg(ctx, of)
-		if err != nil {
-			return err
-		}
-		peer, ok := peerMatchingIP(st, ip)
-		if !ok {
-			return fmt.Errorf("no peer found with IP %v", ip)
-		}
-		ips = peer.TailscaleIPs
-	}
-	if len(ips) == 0 {
+	if len(st.TailscaleIPs) == 0 {
 		return fmt.Errorf("no current Tailscale IPs; state: %v", st.BackendState)
 	}
-
 	match := false
-	for _, ip := range ips {
+	for _, ip := range st.TailscaleIPs {
 		if ip.Is4() && v4 || ip.Is6() && v6 {
 			match = true
 			fmt.Println(ip)
@@ -88,18 +67,3 @@ func runIP(ctx context.Context, args []string) error {
 	}
 	return nil
 }
-
-func peerMatchingIP(st *ipnstate.Status, ipStr string) (ps *ipnstate.PeerStatus, ok bool) {
-	ip, err := netaddr.ParseIP(ipStr)
-	if err != nil {
-		return
-	}
-	for _, ps = range st.Peer {
-		for _, pip := range ps.TailscaleIPs {
-			if ip == pip {
-				return ps, true
-			}
-		}
-	}
-	return nil, false
-}

cmd/tailscale/cli/logout.go

@@ -1,34 +0,0 @@
-// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cli
-
-import (
-	"context"
-	"log"
-	"strings"
-
-	"github.com/peterbourgon/ff/v2/ffcli"
-	"tailscale.com/client/tailscale"
-)
-
-var logoutCmd = &ffcli.Command{
-	Name:       "logout",
-	ShortUsage: "logout [flags]",
-	ShortHelp:  "Disconnect from Tailscale and expire current node key",
-
-	LongHelp: strings.TrimSpace(`
-"tailscale logout" brings the network down and invalidates
-the current node key, forcing a future use of it to cause
-a reauthentication.
-`),
-	Exec: runLogout,
-}
-
-func runLogout(ctx context.Context, args []string) error {
-	if len(args) > 0 {
-		log.Fatalf("too many non-flag arguments: %q", args)
-	}
-	return tailscale.Logout(ctx)
-}

cmd/tailscale/cli/netcheck.go

@@ -9,18 +9,14 @@ import (
 	"encoding/json"
 	"flag"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"log"
-	"net/http"
 	"os"
 	"sort"
 	"strings"
 	"time"
 
 	"github.com/peterbourgon/ff/v2/ffcli"
-	"tailscale.com/client/tailscale"
-	"tailscale.com/ipn"
+	"tailscale.com/derp/derpmap"
 	"tailscale.com/net/netcheck"
 	"tailscale.com/net/portmapper"
 	"tailscale.com/tailcfg"
@@ -50,7 +46,7 @@ var netcheckArgs struct {
 func runNetcheck(ctx context.Context, args []string) error {
 	c := &netcheck.Client{
 		UDPBindAddr: os.Getenv("TS_DEBUG_NETCHECK_UDP_BIND"),
-		PortMapper:  portmapper.NewClient(logger.WithPrefix(log.Printf, "portmap: "), nil),
+		PortMapper:  portmapper.NewClient(logger.WithPrefix(log.Printf, "portmap: ")),
 	}
 	if netcheckArgs.verbose {
 		c.Logf = logger.WithPrefix(log.Printf, "netcheck: ")
@@ -63,13 +59,7 @@ func runNetcheck(ctx context.Context, args []string) error {
 		fmt.Fprintln(os.Stderr, "# Warning: this JSON format is not yet considered a stable interface")
 	}
 
-	dm, err := tailscale.CurrentDERPMap(ctx)
-	if err != nil {
-		dm, err = prodDERPMap(ctx, http.DefaultClient)
-		if err != nil {
-			return err
-		}
-	}
+	dm := derpmap.Prod()
 	for {
 		t0 := time.Now()
 		report, err := c.GetReport(ctx, dm)
@@ -186,27 +176,3 @@ func portMapping(r *netcheck.Report) string {
 	}
 	return strings.Join(got, ", ")
 }
-
-func prodDERPMap(ctx context.Context, httpc *http.Client) (*tailcfg.DERPMap, error) {
-	req, err := http.NewRequestWithContext(ctx, "GET", ipn.DefaultControlURL+"/derpmap/default", nil)
-	if err != nil {
-		return nil, fmt.Errorf("create prodDERPMap request: %w", err)
-	}
-	res, err := httpc.Do(req)
-	if err != nil {
-		return nil, fmt.Errorf("fetch prodDERPMap failed: %w", err)
-	}
-	defer res.Body.Close()
-	b, err := ioutil.ReadAll(io.LimitReader(res.Body, 1<<20))
-	if err != nil {
-		return nil, fmt.Errorf("fetch prodDERPMap failed: %w", err)
-	}
-	if res.StatusCode != 200 {
-		return nil, fmt.Errorf("fetch prodDERPMap: %v: %s", res.Status, b)
-	}
-	var derpMap tailcfg.DERPMap
-	if err = json.Unmarshal(b, &derpMap); err != nil {
-		return nil, fmt.Errorf("fetch prodDERPMap: %w", err)
-	}
-	return &derpMap, nil
-}

cmd/tailscale/cli/ping.go

@@ -80,15 +80,40 @@ func runPing(ctx context.Context, args []string) error {
 			prc <- pr
 		}
 	})
-	pumpErr := make(chan error, 1)
-	go func() { pumpErr <- pump(ctx, bc, c) }()
+	go pump(ctx, bc, c)
 
 	hostOrIP := args[0]
-	ip, err := tailscaleIPFromArg(ctx, hostOrIP)
-	if err != nil {
-		return err
+
+	// If the argument is an IP address, use it directly without any resolution.
+	if net.ParseIP(hostOrIP) != nil {
+		ip = hostOrIP
 	}
 
+	// Otherwise, try to resolve it first from the network peer list.
+	if ip == "" {
+		st, err := tailscale.Status(ctx)
+		if err != nil {
+			return err
+		}
+		for _, ps := range st.Peer {
+			if hostOrIP == dnsOrQuoteHostname(st, ps) || hostOrIP == ps.DNSName {
+				ip = ps.TailAddr
+				break
+			}
+		}
+	}
+
+	// Finally, use DNS.
+	if ip == "" {
+		var res net.Resolver
+		if addrs, err := res.LookupHost(ctx, hostOrIP); err != nil {
+			return fmt.Errorf("error looking up IP of %q: %v", hostOrIP, err)
+		} else if len(addrs) == 0 {
+			return fmt.Errorf("no IPs found for %q", hostOrIP)
+		} else {
+			ip = addrs[0]
+		}
+	}
 	if pingArgs.verbose && ip != hostOrIP {
 		log.Printf("lookup %q => %q", hostOrIP, ip)
 	}
@@ -102,8 +127,6 @@ func runPing(ctx context.Context, args []string) error {
 		select {
 		case <-timer.C:
 			fmt.Printf("timeout waiting for ping reply\n")
-		case err := <-pumpErr:
-			return err
 		case pr := <-prc:
 			timer.Stop()
 			if pr.Err != "" {
@@ -120,11 +143,7 @@ func runPing(ctx context.Context, args []string) error {
 				via = "TSMP"
 			}
 			anyPong = true
-			extra := ""
-			if pr.PeerAPIPort != 0 {
-				extra = fmt.Sprintf(", %d", pr.PeerAPIPort)
-			}
-			fmt.Printf("pong from %s (%s%s) via %v in %v\n", pr.NodeName, pr.NodeIP, extra, via, latency)
+			fmt.Printf("pong from %s (%s) via %v in %v\n", pr.NodeName, pr.NodeIP, via, latency)
 			if pingArgs.tsmp {
 				return nil
 			}
@@ -139,41 +158,7 @@ func runPing(ctx context.Context, args []string) error {
 			if !anyPong {
 				return errors.New("no reply")
 			}
-			if pingArgs.untilDirect {
-				return errors.New("direct connection not established")
-			}
 			return nil
 		}
 	}
 }
-
-func tailscaleIPFromArg(ctx context.Context, hostOrIP string) (ip string, err error) {
-	// If the argument is an IP address, use it directly without any resolution.
-	if net.ParseIP(hostOrIP) != nil {
-		return hostOrIP, nil
-	}
-
-	// Otherwise, try to resolve it first from the network peer list.
-	st, err := tailscale.Status(ctx)
-	if err != nil {
-		return "", err
-	}
-	for _, ps := range st.Peer {
-		if hostOrIP == dnsOrQuoteHostname(st, ps) || hostOrIP == ps.DNSName {
-			if len(ps.TailscaleIPs) == 0 {
-				return "", errors.New("node found but lacks an IP")
-			}
-			return ps.TailscaleIPs[0].String(), nil
-		}
-	}
-
-	// Finally, use DNS.
-	var res net.Resolver
-	if addrs, err := res.LookupHost(ctx, hostOrIP); err != nil {
-		return "", fmt.Errorf("error looking up IP of %q: %v", hostOrIP, err)
-	} else if len(addrs) == 0 {
-		return "", fmt.Errorf("no IPs found for %q", hostOrIP)
-	} else {
-		return addrs[0], nil
-	}
-}

cmd/tailscale/cli/status.go

@@ -18,12 +18,10 @@ import (
 
 	"github.com/peterbourgon/ff/v2/ffcli"
 	"github.com/toqueteos/webbrowser"
-	"inet.af/netaddr"
 	"tailscale.com/client/tailscale"
 	"tailscale.com/ipn"
 	"tailscale.com/ipn/ipnstate"
 	"tailscale.com/net/interfaces"
-	"tailscale.com/tstime/mono"
 	"tailscale.com/util/dnsname"
 )
 
@@ -58,7 +56,7 @@ var statusArgs struct {
 func runStatus(ctx context.Context, args []string) error {
 	st, err := tailscale.Status(ctx)
 	if err != nil {
-		return fixTailscaledConnectError(err)
+		return err
 	}
 	if statusArgs.json {
 		if statusArgs.active {
@@ -108,24 +106,9 @@ func runStatus(ctx context.Context, args []string) error {
 		return err
 	}
 
-	switch st.BackendState {
-	default:
-		fmt.Fprintf(os.Stderr, "unexpected state: %s\n", st.BackendState)
-		os.Exit(1)
-	case ipn.Stopped.String():
+	if st.BackendState == ipn.Stopped.String() {
 		fmt.Println("Tailscale is stopped.")
 		os.Exit(1)
-	case ipn.NeedsLogin.String():
-		fmt.Println("Logged out.")
-		if st.AuthURL != "" {
-			fmt.Printf("\nLog in at: %s\n", st.AuthURL)
-		}
-		os.Exit(1)
-	case ipn.NeedsMachineAuth.String():
-		fmt.Println("Machine is not yet authorized by tailnet admin.")
-		os.Exit(1)
-	case ipn.Running.String():
-		// Run below.
 	}
 
 	var buf bytes.Buffer
@@ -133,7 +116,7 @@ func runStatus(ctx context.Context, args []string) error {
 	printPS := func(ps *ipnstate.PeerStatus) {
 		active := peerActive(ps)
 		f("%-15s %-20s %-12s %-7s ",
-			firstIPString(ps.TailscaleIPs),
+			ps.TailAddr,
 			dnsOrQuoteHostname(st, ps),
 			ownerLogin(st, ps),
 			ps.OS,
@@ -194,7 +177,7 @@ func runStatus(ctx context.Context, args []string) error {
 //
 // TODO: have the server report this bool instead.
 func peerActive(ps *ipnstate.PeerStatus) bool {
-	return !ps.LastWrite.IsZero() && mono.Since(ps.LastWrite) < 2*time.Minute
+	return !ps.LastWrite.IsZero() && time.Since(ps.LastWrite) < 2*time.Minute
 }
 
 func dnsOrQuoteHostname(st *ipnstate.Status, ps *ipnstate.PeerStatus) string {
@@ -218,10 +201,3 @@ func ownerLogin(st *ipnstate.Status, ps *ipnstate.PeerStatus) string {
 	}
 	return u.LoginName
 }
-
-func firstIPString(v []netaddr.IP) string {
-	if len(v) == 0 {
-		return ""
-	}
-	return v[0].String()
-}

cmd/tailscale/cli/web.go

@@ -9,47 +9,28 @@ import (
 	"context"
 	_ "embed"
 	"encoding/json"
-	"encoding/xml"
 	"flag"
 	"fmt"
 	"html/template"
-	"io/ioutil"
 	"log"
-	"net"
 	"net/http"
 	"net/http/cgi"
-	"net/url"
 	"os/exec"
 	"runtime"
-	"strings"
 
 	"github.com/peterbourgon/ff/v2/ffcli"
 	"tailscale.com/client/tailscale"
 	"tailscale.com/ipn"
-	"tailscale.com/tailcfg"
 	"tailscale.com/types/preftype"
-	"tailscale.com/util/groupmember"
 	"tailscale.com/version/distro"
 )
 
 //go:embed web.html
 var webHTML string
 
-//go:embed web.css
-var webCSS string
-
-//go:embed auth-redirect.html
-var authenticationRedirectHTML string
-
-var tmpl *template.Template
-
-func init() {
-	tmpl = template.Must(template.New("web.html").Parse(webHTML))
-	template.Must(tmpl.New("web.css").Parse(webCSS))
-}
+var tmpl = template.Must(template.New("html").Parse(webHTML))
 
 type tmplData struct {
-	Profile      tailcfg.UserProfile
 	SynologyUser string
 	Status       string
 	DeviceName   string
@@ -61,14 +42,6 @@ var webCmd = &ffcli.Command{
 	ShortUsage: "web [flags]",
 	ShortHelp:  "Run a web server for controlling Tailscale",
 
-	LongHelp: strings.TrimSpace(`
-"tailscale web" runs a webserver for controlling the Tailscale daemon.
-
-It's primarily intended for use on Synology, QNAP, and other
-NAS devices where a web interface is the natural place to control
-Tailscale, as opposed to a CLI or a native app.
-`),
-
 	FlagSet: (func() *flag.FlagSet {
 		webf := flag.NewFlagSet("web", flag.ExitOnError)
 		webf.StringVar(&webArgs.listen, "listen", "localhost:8088", "listen address; use port 0 for automatic")
@@ -89,134 +62,28 @@ func runWeb(ctx context.Context, args []string) error {
 	}
 
 	if webArgs.cgi {
-		if err := cgi.Serve(http.HandlerFunc(webHandler)); err != nil {
-			log.Printf("tailscale.cgi: %v", err)
-			return err
-		}
-		return nil
+		return cgi.Serve(http.HandlerFunc(webHandler))
 	}
-
-	log.Printf("web server running on: %s", urlOfListenAddr(webArgs.listen))
 	return http.ListenAndServe(webArgs.listen, http.HandlerFunc(webHandler))
 }
 
-// urlOfListenAddr parses a given listen address into a formatted URL
-func urlOfListenAddr(addr string) string {
-	host, port, _ := net.SplitHostPort(addr)
-	if host == "" {
-		host = "127.0.0.1"
+func auth() (string, error) {
+	if distro.Get() == distro.Synology {
+		cmd := exec.Command("/usr/syno/synoman/webman/modules/authenticate.cgi")
+		out, err := cmd.CombinedOutput()
+		if err != nil {
+			return "", fmt.Errorf("auth: %v: %s", err, out)
+		}
+		return string(out), nil
 	}
-	return fmt.Sprintf("http://%s", net.JoinHostPort(host, port))
-}
 
-// authorize returns the name of the user accessing the web UI after verifying
-// whether the user has access to the web UI. The function will write the
-// error to the provided http.ResponseWriter.
-// Note: This is different from a tailscale user, and is typically the local
-// user on the node.
-func authorize(w http.ResponseWriter, r *http.Request) (string, error) {
-	switch distro.Get() {
-	case distro.Synology:
-		user, err := synoAuthn()
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusUnauthorized)
-			return "", err
-		}
-		if err := authorizeSynology(user); err != nil {
-			http.Error(w, err.Error(), http.StatusForbidden)
-			return "", err
-		}
-		return user, nil
-	case distro.QNAP:
-		user, resp, err := qnapAuthn(r)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusUnauthorized)
-			return "", err
-		}
-		if resp.IsAdmin == 0 {
-			http.Error(w, err.Error(), http.StatusForbidden)
-			return "", err
-		}
-		return user, nil
-	}
 	return "", nil
 }
 
-// authorizeSynology checks whether the provided user has access to the web UI
-// by consulting the membership of the "administrators" group.
-func authorizeSynology(name string) error {
-	yes, err := groupmember.IsMemberOfGroup("administrators", name)
-	if err != nil {
-		return err
-	}
-	if !yes {
-		return fmt.Errorf("not a member of administrators group")
-	}
-	return nil
-}
-
-type qnapAuthResponse struct {
-	AuthPassed int    `xml:"authPassed"`
-	IsAdmin    int    `xml:"isAdmin"`
-	AuthSID    string `xml:"authSid"`
-	ErrorValue int    `xml:"errorValue"`
-}
-
-func qnapAuthn(r *http.Request) (string, *qnapAuthResponse, error) {
-	user, err := r.Cookie("NAS_USER")
-	if err != nil {
-		return "", nil, err
-	}
-	token, err := r.Cookie("qtoken")
-	if err != nil {
-		return "", nil, err
-	}
-	query := url.Values{
-		"qtoken": []string{token.Value},
-		"user":   []string{user.Value},
-	}
-	u := url.URL{
-		Scheme:   r.URL.Scheme,
-		Host:     r.URL.Host,
-		Path:     "/cgi-bin/authLogin.cgi",
-		RawQuery: query.Encode(),
-	}
-	resp, err := http.Get(u.String())
-	if err != nil {
-		return "", nil, err
-	}
-	defer resp.Body.Close()
-	out, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return "", nil, err
-	}
-	authResp := &qnapAuthResponse{}
-	if err := xml.Unmarshal(out, authResp); err != nil {
-		return "", nil, err
-	}
-	if authResp.AuthPassed == 0 {
-		return "", nil, fmt.Errorf("not authenticated")
-	}
-	return user.Value, authResp, nil
-}
-
-func synoAuthn() (string, error) {
-	cmd := exec.Command("/usr/syno/synoman/webman/modules/authenticate.cgi")
-	out, err := cmd.CombinedOutput()
-	if err != nil {
-		return "", fmt.Errorf("auth: %v: %s", err, out)
-	}
-	return strings.TrimSpace(string(out)), nil
-}
-
-func authRedirect(w http.ResponseWriter, r *http.Request) bool {
-	if distro.Get() == distro.Synology {
-		return synoTokenRedirect(w, r)
-	}
-	return false
-}
-
 func synoTokenRedirect(w http.ResponseWriter, r *http.Request) bool {
+	if distro.Get() != distro.Synology {
+		return false
+	}
 	if r.Header.Get("X-Syno-Token") != "" {
 		return false
 	}
@@ -251,27 +118,22 @@ req.send(null);
 `
 
 func webHandler(w http.ResponseWriter, r *http.Request) {
-	if authRedirect(w, r) {
+	if synoTokenRedirect(w, r) {
 		return
 	}
 
-	user, err := authorize(w, r)
+	user, err := auth()
 	if err != nil {
-		return
-	}
-
-	if r.URL.Path == "/redirect" || r.URL.Path == "/redirect/" {
-		w.Write([]byte(authenticationRedirectHTML))
+		http.Error(w, err.Error(), http.StatusForbidden)
 		return
 	}
 
 	if r.Method == "POST" {
 		type mi map[string]interface{}
 		w.Header().Set("Content-Type", "application/json")
-		url, err := tailscaleUpForceReauth(r.Context())
+		url, err := tailscaleUp(r.Context())
 		if err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			json.NewEncoder(w).Encode(mi{"error": err.Error()})
+			json.NewEncoder(w).Encode(mi{"error": err})
 			return
 		}
 		json.NewEncoder(w).Encode(mi{"url": url})
@@ -280,17 +142,13 @@ func webHandler(w http.ResponseWriter, r *http.Request) {
 
 	st, err := tailscale.Status(r.Context())
 	if err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
+		http.Error(w, err.Error(), 500)
 	}
 
-	profile := st.User[st.Self.UserID]
-	deviceName := strings.Split(st.Self.DNSName, ".")[0]
 	data := tmplData{
 		SynologyUser: user,
-		Profile:      profile,
 		Status:       st.BackendState,
-		DeviceName:   deviceName,
+		DeviceName:   st.Self.DNSName,
 	}
 	if len(st.TailscaleIPs) != 0 {
 		data.IP = st.TailscaleIPs[0].String()
@@ -298,16 +156,16 @@ func webHandler(w http.ResponseWriter, r *http.Request) {
 
 	buf := new(bytes.Buffer)
 	if err := tmpl.Execute(buf, data); err != nil {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
+		http.Error(w, err.Error(), 500)
 		return
 	}
 	w.Write(buf.Bytes())
 }
 
 // TODO(crawshaw): some of this is very similar to the code in 'tailscale up', can we share anything?
-func tailscaleUpForceReauth(ctx context.Context) (authURL string, retErr error) {
+func tailscaleUp(ctx context.Context) (authURL string, retErr error) {
 	prefs := ipn.NewPrefs()
-	prefs.ControlURL = ipn.DefaultControlURL
+	prefs.ControlURL = "https://login.tailscale.com"
 	prefs.WantRunning = true
 	prefs.CorpDNS = true
 	prefs.AllowSingleHosts = true
@@ -317,70 +175,36 @@ func tailscaleUpForceReauth(ctx context.Context) (authURL string, retErr error)
 		prefs.NetfilterMode = preftype.NetfilterOff
 	}
 
-	st, err := tailscale.Status(ctx)
-	if err != nil {
-		return "", fmt.Errorf("can't fetch status: %v", err)
-	}
-	origAuthURL := st.AuthURL
-
-	// printAuthURL reports whether we should print out the
-	// provided auth URL from an IPN notify.
-	printAuthURL := func(url string) bool {
-		return url != origAuthURL
-	}
-
-	c, bc, pumpCtx, cancel := connect(ctx)
+	c, bc, ctx, cancel := connect(ctx)
 	defer cancel()
 
-	gotEngineUpdate := make(chan bool, 1) // gets value upon an engine update
-	go pump(pumpCtx, bc, c)
-
-	bc.SetNotifyCallback(func(n ipn.Notify) {
-		if n.Engine != nil {
-			select {
-			case gotEngineUpdate <- true:
-			default:
-			}
-		}
-		if n.ErrMessage != nil {
-			msg := *n.ErrMessage
-			if msg == ipn.ErrMsgPermissionDenied {
-				switch runtime.GOOS {
-				case "windows":
-					msg += " (Tailscale service in use by other user?)"
-				default:
-					msg += " (try 'sudo tailscale up [...]')"
-				}
-			}
-			retErr = fmt.Errorf("backend error: %v", msg)
-			cancel()
-		} else if url := n.BrowseToURL; url != nil && printAuthURL(*url) {
-			authURL = *url
-			cancel()
-		}
-	})
-	// Wait for backend client to be connected so we know
-	// we're subscribed to updates. Otherwise we can miss
-	// an update upon its transition to running. Do so by causing some traffic
-	// back to the bus that we then wait on.
-	bc.RequestEngineStatus()
-	select {
-	case <-gotEngineUpdate:
-	case <-pumpCtx.Done():
-		return authURL, pumpCtx.Err()
-	}
-
 	bc.SetPrefs(prefs)
 
-	bc.Start(ipn.Options{
+	opts := ipn.Options{
 		StateKey: ipn.GlobalDaemonStateKey,
-	})
-	bc.StartLoginInteractive()
-
-	<-pumpCtx.Done() // wait for authURL or complete failure
-	if authURL == "" && retErr == nil {
-		retErr = pumpCtx.Err()
+		Notify: func(n ipn.Notify) {
+			if n.ErrMessage != nil {
+				msg := *n.ErrMessage
+				if msg == ipn.ErrMsgPermissionDenied {
+					switch runtime.GOOS {
+					case "windows":
+						msg += " (Tailscale service in use by other user?)"
+					default:
+						msg += " (try 'sudo tailscale up [...]')"
+					}
+				}
+				retErr = fmt.Errorf("backend error: %v", msg)
+				cancel()
+			} else if url := n.BrowseToURL; url != nil {
+				authURL = *url
+				cancel()
+			}
+		},
 	}
+	bc.Start(opts)
+	bc.StartLoginInteractive()
+	pump(ctx, bc, c)
+
 	if authURL == "" && retErr == nil {
 		return "", fmt.Errorf("login failed with no backend error message")
 	}

cmd/tailscale/cli/web.html

@@ -1,143 +1,47 @@
 <!doctype html>
-<html class="bg-gray-50">
+<html><title>Tailscale Client</title><body>
+<h1>Tailscale</h1>
+<div style="float:right;">{{.SynologyUser}}</div>
+<table>
+<tr><th>Status:</th><td>{{.Status}}</td></tr>
+<tr><th>Device Name:</th><td>{{.DeviceName}}</td></tr>
+<tr><th>Tailscale IP:</th><td>{{.IP}}</td></tr>
+</table>
 
-<head>
-	<meta charset="utf-8" />
-	<meta name="viewport" content="width=device-width, initial-scale=1" />
-	<link rel="shortcut icon"
-		href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAQAAADZc7J/AAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAAmJLR0QA/4ePzL8AAAAHdElNRQflAx4QGA4EvmzDAAAA30lEQVRIx2NgGAWMCKa8JKM4A8Ovt88ekyLCDGOoyDBJMjExMbFy8zF8/EKsCAMDE8yAPyIwFps48SJIBpAL4AZwvoSx/r0lXgQpDN58EWL5x/7/H+vL20+JFxluQKVe5b3Ke5V+0kQQCamfoYKBg4GDwUKI8d0BYkWQkrLKewYBKPPDHUFiRaiZkBgmwhj/F5IgggyUJ6i8V3mv0kCayDAAeEsklXqGAgYGhgV3CnGrwVciYSYk0kokhgS44/JxqqFpiYSZbEgskd4dEBRk1GD4wdB5twKXmlHAwMDAAACdEZau06NQUwAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMC0wNy0xNVQxNTo1Mzo0MCswMDowMCVXsDIAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjAtMDctMTVUMTU6NTM6NDArMDA6MDBUCgiOAAAAAElFTkSuQmCC" />
-	<title>Tailscale</title>
-	<style>{{template "web.css"}}</style>
-</head>
+<p><input id="login" type="button" value="Log in…"></p>
 
-<body class="py-14">
-<main class="container max-w-lg mx-auto py-6 px-8 bg-white rounded-md shadow-2xl" style="width: 95%">
-	<header class="flex justify-between items-center min-width-0 py-2 mb-8">
-		<svg width="26" height="26" viewBox="0 0 23 23" title="Tailscale" fill="none" xmlns="http://www.w3.org/2000/svg"
-			class="flex-shrink-0 mr-4">
-			<circle opacity="0.2" cx="3.4" cy="3.25" r="2.7" fill="currentColor"></circle>
-			<circle cx="3.4" cy="11.3" r="2.7" fill="currentColor"></circle>
-			<circle opacity="0.2" cx="3.4" cy="19.5" r="2.7" fill="currentColor"></circle>
-			<circle cx="11.5" cy="11.3" r="2.7" fill="currentColor"></circle>
-			<circle cx="11.5" cy="19.5" r="2.7" fill="currentColor"></circle>
-			<circle opacity="0.2" cx="11.5" cy="3.25" r="2.7" fill="currentColor"></circle>
-			<circle opacity="0.2" cx="19.5" cy="3.25" r="2.7" fill="currentColor"></circle>
-			<circle cx="19.5" cy="11.3" r="2.7" fill="currentColor"></circle>
-			<circle opacity="0.2" cx="19.5" cy="19.5" r="2.7" fill="currentColor"></circle>
-		</svg>
-		<div class="flex items-center justify-end space-x-2 w-2/3">
-			{{ with .Profile.LoginName }}
-			<div class="text-right truncate leading-4">
-				<h4 class="truncate">{{.}}</h4>
-				<a href="#" class="text-xs text-gray-500 hover:text-gray-700 js-loginButton">Switch account</a>
-			</div>
-			{{ end }}
-			<div class="relative flex-shrink-0 w-8 h-8 rounded-full overflow-hidden">
-				{{ with .Profile.ProfilePicURL }}
-				<div class="w-8 h-8 flex pointer-events-none rounded-full bg-gray-200"
-					style="background-image: url('{{.}}'); background-size: cover;"></div>
-				{{ else }}
-				<div class="w-8 h-8 flex pointer-events-none rounded-full border border-gray-400 border-dashed"></div>
-				{{ end }}
-			</div>
-		</div>
-	</header>
-	{{ if .IP }}
-	<div
-		class="border border-gray-200 bg-gray-0 rounded-lg p-2 pl-3 pr-3 mb-8 width-full flex items-center justify-between">
-		<div class="flex items-center min-width-0">
-			<svg class="flex-shrink-0 text-gray-600 mr-3 ml-1" xmlns="http://www.w3.org/2000/svg" width="20" height="20"
-				viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round"
-				stroke-linejoin="round">
-				<rect x="2" y="2" width="20" height="8" rx="2" ry="2"></rect>
-				<rect x="2" y="14" width="20" height="8" rx="2" ry="2"></rect>
-				<line x1="6" y1="6" x2="6.01" y2="6"></line>
-				<line x1="6" y1="18" x2="6.01" y2="18"></line>
-			</svg>
-			<h4 class="font-semibold truncate mr-2">{{.DeviceName}}</h4>
-		</div>
-		<h5>{{.IP}}</h5>
-	</div>
-	{{ end }}
-	{{ if or (eq .Status "NeedsLogin") (eq .Status "NoState") }}
-	{{ if .IP }}
-	<div class="mb-6">
-		<p class="text-gray-700">Your device's key has expired. Reauthenticate this device by logging in again, or <a
-				href="https://tailscale.com/kb/1028/key-expiry" class="link" target="_blank">learn more</a>.</p>
-	</div>
-	<a href="#" class="mb-4 js-loginButton" target="_blank">
-		<button class="button button-blue w-full">Reauthenticate</button>
-	</a>
-	{{ else }}
-	<div class="mb-6">
-		<h3 class="text-3xl font-semibold mb-3">Log in</h3>
-		<p class="text-gray-700">Get started by logging in to your Tailscale network. Or,&nbsp;learn&nbsp;more at <a
-				href="https://tailscale.com/" class="link" target="_blank">tailscale.com</a>.</p>
-	</div>
-	<a href="#" class="mb-4 js-loginButton" target="_blank">
-		<button class="button button-blue w-full">Log In</button>
-	</a>
-	{{ end }}
-	{{ else if eq .Status "NeedsMachineAuth" }}
-	<div class="mb-4">
-		This device is authorized, but needs approval from a network admin before it can connect to the network.
-	</div>
-	{{ else }}
-	<div class="mb-4">
-		<p>You are connected! Access this device over Tailscale using the device name or IP address above.</p>
-	</div>
-	<a href="#" class="mb-4 link font-medium js-loginButton" target="_blank">Reauthenticate</a>
-	{{ end }}
-</main>
-<script>(function () {
-let loginButtons = document.querySelectorAll(".js-loginButton");
-let fetchingUrl = false;
-
-function handleClick(e) {
-	e.preventDefault();
-
-	if (fetchingUrl) {
-		return;
-	}
-
-	fetchingUrl = true;
+<script>
+login.onclick = function() {
 	const urlParams = new URLSearchParams(window.location.search);
 	const token = urlParams.get("SynoToken");
-	const nextParams = new URLSearchParams({ up: true });
-	if (token) {
-		nextParams.set("SynoToken", token)
-	}
-	const nextUrl = new URL(window.location);
-	nextUrl.search = nextParams.toString()
-	const url = nextUrl.toString();
 
-	fetch(url, {
-		method: "POST",
-		headers: {
-			"Accept": "application/json",
-			"Content-Type": "application/json",
-		}
-	}).then(res => res.json()).then(res => {
-		fetchingUrl = false;
-		const err = res["error"];
+	var params = new URLSearchParams("up=true");
+	if (token) {
+		params.set("SynoToken", token)
+	}
+
+	var req = new XMLHttpRequest();
+	const url = [location.protocol, '//', location.host, location.pathname, "?", params.toString()].join('');
+	req.overrideMimeType("application/json");
+	req.open("POST", url, true);
+	req.onload = function() {
+		var jsonResponse = JSON.parse(req.responseText);
+		const err = jsonResponse["error"];
 		if (err) {
-			throw new Error(err);
+			document.body.innerText = err;
+			return
 		}
-		const url = res["url"];
+		var url = jsonResponse["url"];
+		console.log("jsonResponse: ", jsonResponse);
 		if (url) {
 			document.location.href = url;
 		} else {
-			location.reload();
+			//location.reload();
 		}
-	}).catch(err => {
-		alert("Failed to log in: " + err.message);
-	});
+	};
+	req.send(null);
 }
+</script>
 
-Array.from(loginButtons).forEach(el => {
-	el.addEventListener("click", handleClick);
-})
-})();</script>
 </body>
-
 </html>

cmd/tailscale/cli/web_test.go

@@ -1,44 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package cli
-
-import "testing"
-
-func TestUrlOfListenAddr(t *testing.T) {
-	tests := []struct {
-		name     string
-		in, want string
-	}{
-		{
-			name: "TestLocalhost",
-			in:   "localhost:8088",
-			want: "http://localhost:8088",
-		},
-		{
-			name: "TestNoHost",
-			in:   ":8088",
-			want: "http://127.0.0.1:8088",
-		},
-		{
-			name: "TestExplicitHost",
-			in:   "127.0.0.2:8088",
-			want: "http://127.0.0.2:8088",
-		},
-		{
-			name: "TestIPv6",
-			in:   "[::1]:8088",
-			want: "http://[::1]:8088",
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			url := urlOfListenAddr(tt.in)
-			if url != tt.want {
-				t.Errorf("expected url: %q, got: %q", tt.want, url)
-			}
-		})
-	}
-}

cmd/tailscale/depaware.txt

@@ -1,18 +1,9 @@
 tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/depaware)
 
-   W 💣 github.com/alexbrainman/sspi                                 from github.com/alexbrainman/sspi/negotiate+
-   W    github.com/alexbrainman/sspi/internal/common                 from github.com/alexbrainman/sspi/negotiate
+   W 💣 github.com/alexbrainman/sspi                                 from github.com/alexbrainman/sspi/negotiate
    W 💣 github.com/alexbrainman/sspi/negotiate                       from tailscale.com/net/tshttpproxy
-        github.com/kballard/go-shellquote                            from tailscale.com/cmd/tailscale/cli
-     💣 github.com/mitchellh/go-ps                                   from tailscale.com/cmd/tailscale/cli
         github.com/peterbourgon/ff/v2                                from github.com/peterbourgon/ff/v2/ffcli
         github.com/peterbourgon/ff/v2/ffcli                          from tailscale.com/cmd/tailscale/cli
-        github.com/tailscale/goupnp                                  from github.com/tailscale/goupnp/dcps/internetgateway2
-        github.com/tailscale/goupnp/dcps/internetgateway2            from tailscale.com/net/portmapper
-        github.com/tailscale/goupnp/httpu                            from github.com/tailscale/goupnp+
-        github.com/tailscale/goupnp/scpd                             from github.com/tailscale/goupnp
-        github.com/tailscale/goupnp/soap                             from github.com/tailscale/goupnp+
-        github.com/tailscale/goupnp/ssdp                             from github.com/tailscale/goupnp
         github.com/tcnksm/go-httpstat                                from tailscale.com/net/netcheck
         github.com/toqueteos/webbrowser                              from tailscale.com/cmd/tailscale/cli
      💣 go4.org/intern                                               from inet.af/netaddr
@@ -22,15 +13,13 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
         inet.af/netaddr                                              from tailscale.com/cmd/tailscale/cli+
         rsc.io/goversion/version                                     from tailscale.com/version
         tailscale.com/atomicfile                                     from tailscale.com/ipn
-        tailscale.com/client/tailscale                               from tailscale.com/cmd/tailscale/cli+
-        tailscale.com/client/tailscale/apitype                       from tailscale.com/client/tailscale+
+        tailscale.com/client/tailscale                               from tailscale.com/cmd/tailscale/cli
         tailscale.com/cmd/tailscale/cli                              from tailscale.com/cmd/tailscale
-        tailscale.com/control/controlknobs                           from tailscale.com/net/portmapper
         tailscale.com/derp                                           from tailscale.com/derp/derphttp
         tailscale.com/derp/derphttp                                  from tailscale.com/net/netcheck
+        tailscale.com/derp/derpmap                                   from tailscale.com/cmd/tailscale/cli
         tailscale.com/disco                                          from tailscale.com/derp
-        tailscale.com/hostinfo                                       from tailscale.com/net/interfaces
-        tailscale.com/ipn                                            from tailscale.com/cmd/tailscale/cli+
+        tailscale.com/ipn                                            from tailscale.com/cmd/tailscale/cli
         tailscale.com/ipn/ipnstate                                   from tailscale.com/cmd/tailscale/cli+
         tailscale.com/metrics                                        from tailscale.com/derp
         tailscale.com/net/dnscache                                   from tailscale.com/derp/derphttp
@@ -42,15 +31,13 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
         tailscale.com/net/portmapper                                 from tailscale.com/net/netcheck+
         tailscale.com/net/stun                                       from tailscale.com/net/netcheck
         tailscale.com/net/tlsdial                                    from tailscale.com/derp/derphttp
-        tailscale.com/net/tsaddr                                     from tailscale.com/net/interfaces+
+        tailscale.com/net/tsaddr                                     from tailscale.com/net/interfaces
      💣 tailscale.com/net/tshttpproxy                                from tailscale.com/derp/derphttp+
         tailscale.com/paths                                          from tailscale.com/cmd/tailscale/cli+
         tailscale.com/safesocket                                     from tailscale.com/cmd/tailscale/cli+
         tailscale.com/syncs                                          from tailscale.com/net/interfaces+
         tailscale.com/tailcfg                                        from tailscale.com/cmd/tailscale/cli+
    W    tailscale.com/tsconst                                        from tailscale.com/net/interfaces
-     💣 tailscale.com/tstime/mono                                    from tailscale.com/cmd/tailscale/cli+
-        tailscale.com/tstime/rate                                    from tailscale.com/wgengine/filter
         tailscale.com/types/empty                                    from tailscale.com/ipn
         tailscale.com/types/ipproto                                  from tailscale.com/net/flowtrack+
         tailscale.com/types/key                                      from tailscale.com/derp+
@@ -59,14 +46,14 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
         tailscale.com/types/opt                                      from tailscale.com/net/netcheck+
         tailscale.com/types/persist                                  from tailscale.com/ipn
         tailscale.com/types/preftype                                 from tailscale.com/cmd/tailscale/cli+
+        tailscale.com/types/strbuilder                               from tailscale.com/net/packet
         tailscale.com/types/structs                                  from tailscale.com/ipn+
         tailscale.com/types/wgkey                                    from tailscale.com/types/netmap+
         tailscale.com/util/dnsname                                   from tailscale.com/cmd/tailscale/cli+
    W    tailscale.com/util/endian                                    from tailscale.com/net/netns
-        tailscale.com/util/groupmember                               from tailscale.com/cmd/tailscale/cli
-        tailscale.com/util/lineread                                  from tailscale.com/net/interfaces+
+   L    tailscale.com/util/lineread                                  from tailscale.com/net/interfaces
         tailscale.com/version                                        from tailscale.com/cmd/tailscale/cli+
-        tailscale.com/version/distro                                 from tailscale.com/cmd/tailscale/cli+
+        tailscale.com/version/distro                                 from tailscale.com/cmd/tailscale/cli
         tailscale.com/wgengine/filter                                from tailscale.com/types/netmap
         golang.org/x/crypto/blake2b                                  from golang.org/x/crypto/nacl/box
         golang.org/x/crypto/chacha20                                 from golang.org/x/crypto/chacha20poly1305
@@ -86,7 +73,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
         golang.org/x/net/idna                                        from golang.org/x/net/http/httpguts+
         golang.org/x/net/proxy                                       from tailscale.com/net/netns
    D    golang.org/x/net/route                                       from net+
-        golang.org/x/sync/errgroup                                   from tailscale.com/derp+
+        golang.org/x/sync/errgroup                                   from tailscale.com/derp
         golang.org/x/sync/singleflight                               from tailscale.com/net/dnscache
         golang.org/x/sys/cpu                                         from golang.org/x/crypto/blake2b+
   LD    golang.org/x/sys/unix                                        from tailscale.com/net/netns+
@@ -96,7 +83,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
         golang.org/x/text/transform                                  from golang.org/x/text/secure/bidirule+
         golang.org/x/text/unicode/bidi                               from golang.org/x/net/idna+
         golang.org/x/text/unicode/norm                               from golang.org/x/net/idna
-        golang.org/x/time/rate                                       from tailscale.com/cmd/tailscale/cli+
+        golang.org/x/time/rate                                       from tailscale.com/types/logger+
         bufio                                                        from compress/flate+
         bytes                                                        from bufio+
         compress/flate                                               from compress/gzip+
@@ -129,14 +116,13 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
         debug/macho                                                  from rsc.io/goversion/version
         debug/pe                                                     from rsc.io/goversion/version
         embed                                                        from tailscale.com/cmd/tailscale/cli
-        encoding                                                     from encoding/json+
+        encoding                                                     from encoding/json
         encoding/asn1                                                from crypto/x509+
         encoding/base64                                              from encoding/json+
         encoding/binary                                              from compress/gzip+
         encoding/hex                                                 from crypto/x509+
         encoding/json                                                from expvar+
         encoding/pem                                                 from crypto/tls+
-        encoding/xml                                                 from tailscale.com/cmd/tailscale/cli+
         errors                                                       from bufio+
         expvar                                                       from tailscale.com/derp+
         flag                                                         from github.com/peterbourgon/ff/v2+
@@ -168,7 +154,6 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
         os                                                           from crypto/rand+
         os/exec                                                      from github.com/toqueteos/webbrowser+
         os/signal                                                    from tailscale.com/cmd/tailscale/cli
-        os/user                                                      from tailscale.com/util/groupmember
         path                                                         from debug/dwarf+
         path/filepath                                                from crypto/x509+
         reflect                                                      from crypto/x509+

cmd/tailscaled/debug.go

@@ -11,8 +11,6 @@ import (
 	"errors"
 	"flag"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"log"
 	"net/http"
 	"net/http/httptrace"
@@ -21,7 +19,7 @@ import (
 	"time"
 
 	"tailscale.com/derp/derphttp"
-	"tailscale.com/ipn"
+	"tailscale.com/derp/derpmap"
 	"tailscale.com/net/interfaces"
 	"tailscale.com/net/tshttpproxy"
 	"tailscale.com/tailcfg"
@@ -133,26 +131,7 @@ func getURL(ctx context.Context, urlStr string) error {
 }
 
 func checkDerp(ctx context.Context, derpRegion string) error {
-	req, err := http.NewRequestWithContext(ctx, "GET", ipn.DefaultControlURL+"/derpmap/default", nil)
-	if err != nil {
-		return fmt.Errorf("create derp map request: %w", err)
-	}
-	res, err := http.DefaultClient.Do(req)
-	if err != nil {
-		return fmt.Errorf("fetch derp map failed: %w", err)
-	}
-	defer res.Body.Close()
-	b, err := ioutil.ReadAll(io.LimitReader(res.Body, 1<<20))
-	if err != nil {
-		return fmt.Errorf("fetch derp map failed: %w", err)
-	}
-	if res.StatusCode != 200 {
-		return fmt.Errorf("fetch derp map: %v: %s", res.Status, b)
-	}
-	var dmap tailcfg.DERPMap
-	if err = json.Unmarshal(b, &dmap); err != nil {
-		return fmt.Errorf("fetch DERP map: %w", err)
-	}
+	dmap := derpmap.Prod()
 	getRegion := func() *tailcfg.DERPRegion {
 		for _, r := range dmap.Regions {
 			if r.RegionCode == derpRegion {

cmd/tailscaled/depaware.txt

@@ -1,53 +1,42 @@
 tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/depaware)
 
-   W 💣 github.com/alexbrainman/sspi                                 from github.com/alexbrainman/sspi/negotiate+
-   W    github.com/alexbrainman/sspi/internal/common                 from github.com/alexbrainman/sspi/negotiate
+   W 💣 github.com/alexbrainman/sspi                                 from github.com/alexbrainman/sspi/negotiate
    W 💣 github.com/alexbrainman/sspi/negotiate                       from tailscale.com/net/tshttpproxy
    L    github.com/coreos/go-iptables/iptables                       from tailscale.com/wgengine/router
+   W 💣 github.com/github/certstore                                  from tailscale.com/control/controlclient
         github.com/go-multierror/multierror                          from tailscale.com/wgengine/router+
    W 💣 github.com/go-ole/go-ole                                     from github.com/go-ole/go-ole/oleutil+
    W 💣 github.com/go-ole/go-ole/oleutil                             from tailscale.com/wgengine/winnet
    L 💣 github.com/godbus/dbus/v5                                    from tailscale.com/net/dns
-        github.com/golang/snappy                                     from github.com/klauspost/compress/zstd
         github.com/google/btree                                      from inet.af/netstack/tcpip/header+
    L    github.com/josharian/native                                  from github.com/mdlayher/netlink+
    L 💣 github.com/jsimonetti/rtnetlink                              from tailscale.com/wgengine/monitor
    L    github.com/jsimonetti/rtnetlink/internal/unix                from github.com/jsimonetti/rtnetlink
         github.com/klauspost/compress/fse                            from github.com/klauspost/compress/huff0
         github.com/klauspost/compress/huff0                          from github.com/klauspost/compress/zstd
+        github.com/klauspost/compress/snappy                         from github.com/klauspost/compress/zstd
         github.com/klauspost/compress/zstd                           from tailscale.com/smallzstd
         github.com/klauspost/compress/zstd/internal/xxhash           from github.com/klauspost/compress/zstd
-   L 💣 github.com/mdlayher/netlink                                  from tailscale.com/wgengine/monitor+
-   L 💣 github.com/mdlayher/netlink/nlenc                            from github.com/mdlayher/netlink+
+   L 💣 github.com/mdlayher/netlink                                  from github.com/jsimonetti/rtnetlink+
+   L 💣 github.com/mdlayher/netlink/nlenc                            from github.com/jsimonetti/rtnetlink+
    L    github.com/mdlayher/sdnotify                                 from tailscale.com/util/systemd
-   L 💣 github.com/mdlayher/socket                                   from github.com/mdlayher/netlink
-   W    github.com/pkg/errors                                        from github.com/tailscale/certstore
-   W 💣 github.com/tailscale/certstore                               from tailscale.com/control/controlclient
-        github.com/tailscale/goupnp                                  from github.com/tailscale/goupnp/dcps/internetgateway2
-        github.com/tailscale/goupnp/dcps/internetgateway2            from tailscale.com/net/portmapper
-        github.com/tailscale/goupnp/httpu                            from github.com/tailscale/goupnp+
-        github.com/tailscale/goupnp/scpd                             from github.com/tailscale/goupnp
-        github.com/tailscale/goupnp/soap                             from github.com/tailscale/goupnp+
-        github.com/tailscale/goupnp/ssdp                             from github.com/tailscale/goupnp
+   W    github.com/pkg/errors                                        from github.com/github/certstore
+     💣 github.com/tailscale/wireguard-go/conn                       from github.com/tailscale/wireguard-go/device+
+     💣 github.com/tailscale/wireguard-go/device                     from tailscale.com/wgengine+
+     💣 github.com/tailscale/wireguard-go/ipc                        from github.com/tailscale/wireguard-go/device
+   W 💣 github.com/tailscale/wireguard-go/ipc/winpipe                from github.com/tailscale/wireguard-go/ipc
+        github.com/tailscale/wireguard-go/ratelimiter                from github.com/tailscale/wireguard-go/device
+        github.com/tailscale/wireguard-go/replay                     from github.com/tailscale/wireguard-go/device
+        github.com/tailscale/wireguard-go/rwcancel                   from github.com/tailscale/wireguard-go/device+
+        github.com/tailscale/wireguard-go/tai64n                     from github.com/tailscale/wireguard-go/device+
+     💣 github.com/tailscale/wireguard-go/tun                        from github.com/tailscale/wireguard-go/device+
+   W 💣 github.com/tailscale/wireguard-go/tun/wintun                 from github.com/tailscale/wireguard-go/tun+
         github.com/tcnksm/go-httpstat                                from tailscale.com/net/netcheck
      💣 go4.org/intern                                               from inet.af/netaddr
-     💣 go4.org/mem                                                  from tailscale.com/derp+
+     💣 go4.org/mem                                                  from tailscale.com/control/controlclient+
         go4.org/unsafe/assume-no-moving-gc                           from go4.org/intern
-     💣 golang.zx2c4.com/wireguard/conn                              from golang.zx2c4.com/wireguard/device+
-   W 💣 golang.zx2c4.com/wireguard/conn/winrio                       from golang.zx2c4.com/wireguard/conn
-     💣 golang.zx2c4.com/wireguard/device                            from tailscale.com/net/tstun+
-     💣 golang.zx2c4.com/wireguard/ipc                               from golang.zx2c4.com/wireguard/device
-   W 💣 golang.zx2c4.com/wireguard/ipc/winpipe                       from golang.zx2c4.com/wireguard/ipc
-        golang.zx2c4.com/wireguard/ratelimiter                       from golang.zx2c4.com/wireguard/device
-        golang.zx2c4.com/wireguard/replay                            from golang.zx2c4.com/wireguard/device
-        golang.zx2c4.com/wireguard/rwcancel                          from golang.zx2c4.com/wireguard/device+
-        golang.zx2c4.com/wireguard/tai64n                            from golang.zx2c4.com/wireguard/device+
-     💣 golang.zx2c4.com/wireguard/tun                               from golang.zx2c4.com/wireguard/device+
-   W 💣 golang.zx2c4.com/wireguard/tun/wintun                        from golang.zx2c4.com/wireguard/tun+
    W 💣 golang.zx2c4.com/wireguard/windows/tunnel/winipcfg           from tailscale.com/net/interfaces+
         inet.af/netaddr                                              from tailscale.com/control/controlclient+
-        inet.af/netstack/atomicbitops                                from inet.af/netstack/tcpip+
-     💣 inet.af/netstack/buffer                                      from inet.af/netstack/tcpip/stack
      💣 inet.af/netstack/gohacks                                     from inet.af/netstack/state/wire+
         inet.af/netstack/linewriter                                  from inet.af/netstack/log
         inet.af/netstack/log                                         from inet.af/netstack/state+
@@ -56,7 +45,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
      💣 inet.af/netstack/state                                       from inet.af/netstack/tcpip+
         inet.af/netstack/state/wire                                  from inet.af/netstack/state
      💣 inet.af/netstack/sync                                        from inet.af/netstack/linewriter+
-        inet.af/netstack/tcpip                                       from inet.af/netstack/tcpip/adapters/gonet+
+     💣 inet.af/netstack/tcpip                                       from inet.af/netstack/tcpip/adapters/gonet+
         inet.af/netstack/tcpip/adapters/gonet                        from tailscale.com/wgengine/netstack
      💣 inet.af/netstack/tcpip/buffer                                from inet.af/netstack/tcpip/adapters/gonet+
         inet.af/netstack/tcpip/hash/jenkins                          from inet.af/netstack/tcpip/stack+
@@ -79,18 +68,15 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         inet.af/netstack/tcpip/transport/udp                         from inet.af/netstack/tcpip/adapters/gonet+
         inet.af/netstack/waiter                                      from inet.af/netstack/tcpip+
         inet.af/peercred                                             from tailscale.com/ipn/ipnserver
-   W 💣 inet.af/wf                                                   from tailscale.com/wf
         rsc.io/goversion/version                                     from tailscale.com/version
         tailscale.com/atomicfile                                     from tailscale.com/ipn+
-        tailscale.com/client/tailscale                               from tailscale.com/derp
-        tailscale.com/client/tailscale/apitype                       from tailscale.com/ipn/ipnlocal+
         tailscale.com/control/controlclient                          from tailscale.com/ipn/ipnlocal+
-        tailscale.com/control/controlknobs                           from tailscale.com/control/controlclient+
         tailscale.com/derp                                           from tailscale.com/derp/derphttp+
         tailscale.com/derp/derphttp                                  from tailscale.com/net/netcheck+
+        tailscale.com/derp/derpmap                                   from tailscale.com/cmd/tailscaled+
         tailscale.com/disco                                          from tailscale.com/derp+
         tailscale.com/health                                         from tailscale.com/control/controlclient+
-        tailscale.com/hostinfo                                       from tailscale.com/control/controlclient+
+        tailscale.com/internal/deepprint                             from tailscale.com/ipn/ipnlocal+
         tailscale.com/ipn                                            from tailscale.com/ipn/ipnserver+
         tailscale.com/ipn/ipnlocal                                   from tailscale.com/ipn/ipnserver+
         tailscale.com/ipn/ipnserver                                  from tailscale.com/cmd/tailscaled
@@ -105,7 +91,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/logtail/filch                                  from tailscale.com/logpolicy
         tailscale.com/metrics                                        from tailscale.com/derp
         tailscale.com/net/dns                                        from tailscale.com/ipn/ipnlocal+
-        tailscale.com/net/dns/resolver                               from tailscale.com/wgengine+
         tailscale.com/net/dnscache                                   from tailscale.com/control/controlclient+
         tailscale.com/net/dnsfallback                                from tailscale.com/control/controlclient
         tailscale.com/net/flowtrack                                  from tailscale.com/wgengine/filter+
@@ -115,8 +100,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
      💣 tailscale.com/net/netstat                                    from tailscale.com/ipn/ipnserver
         tailscale.com/net/packet                                     from tailscale.com/wgengine+
         tailscale.com/net/portmapper                                 from tailscale.com/net/netcheck+
-        tailscale.com/net/socks5                                     from tailscale.com/net/socks5/tssocks
-        tailscale.com/net/socks5/tssocks                             from tailscale.com/cmd/tailscaled
+        tailscale.com/net/socks5                                     from tailscale.com/cmd/tailscaled
         tailscale.com/net/stun                                       from tailscale.com/net/netcheck+
         tailscale.com/net/tlsdial                                    from tailscale.com/control/controlclient+
         tailscale.com/net/tsaddr                                     from tailscale.com/ipn/ipnlocal+
@@ -124,14 +108,13 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/net/tstun                                      from tailscale.com/cmd/tailscaled+
         tailscale.com/paths                                          from tailscale.com/cmd/tailscaled+
         tailscale.com/portlist                                       from tailscale.com/ipn/ipnlocal
-        tailscale.com/safesocket                                     from tailscale.com/ipn/ipnserver+
+        tailscale.com/safesocket                                     from tailscale.com/ipn/ipnserver
         tailscale.com/smallzstd                                      from tailscale.com/ipn/ipnserver+
         tailscale.com/syncs                                          from tailscale.com/net/interfaces+
         tailscale.com/tailcfg                                        from tailscale.com/control/controlclient+
+   W 💣 tailscale.com/tempfork/wireguard-windows/firewall            from tailscale.com/cmd/tailscaled
    W    tailscale.com/tsconst                                        from tailscale.com/net/interfaces
         tailscale.com/tstime                                         from tailscale.com/wgengine/magicsock
-     💣 tailscale.com/tstime/mono                                    from tailscale.com/net/tstun+
-        tailscale.com/tstime/rate                                    from tailscale.com/wgengine/filter
         tailscale.com/types/empty                                    from tailscale.com/control/controlclient+
         tailscale.com/types/flagtype                                 from tailscale.com/cmd/tailscaled
         tailscale.com/types/ipproto                                  from tailscale.com/net/flowtrack+
@@ -140,37 +123,33 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         tailscale.com/types/netmap                                   from tailscale.com/control/controlclient+
         tailscale.com/types/nettype                                  from tailscale.com/wgengine/magicsock
         tailscale.com/types/opt                                      from tailscale.com/control/controlclient+
+        tailscale.com/types/pad32                                    from tailscale.com/wgengine/magicsock
         tailscale.com/types/persist                                  from tailscale.com/control/controlclient+
         tailscale.com/types/preftype                                 from tailscale.com/ipn+
+        tailscale.com/types/strbuilder                               from tailscale.com/net/packet
         tailscale.com/types/structs                                  from tailscale.com/control/controlclient+
         tailscale.com/types/wgkey                                    from tailscale.com/control/controlclient+
-   L    tailscale.com/util/cmpver                                    from tailscale.com/net/dns
-     💣 tailscale.com/util/deephash                                  from tailscale.com/ipn/ipnlocal+
         tailscale.com/util/dnsname                                   from tailscale.com/ipn/ipnstate+
   LW    tailscale.com/util/endian                                    from tailscale.com/net/netns+
-        tailscale.com/util/groupmember                               from tailscale.com/ipn/ipnserver
-        tailscale.com/util/lineread                                  from tailscale.com/control/controlclient+
-        tailscale.com/util/osshare                                   from tailscale.com/cmd/tailscaled+
+   L    tailscale.com/util/lineread                                  from tailscale.com/control/controlclient+
         tailscale.com/util/pidowner                                  from tailscale.com/ipn/ipnserver
         tailscale.com/util/racebuild                                 from tailscale.com/logpolicy
         tailscale.com/util/systemd                                   from tailscale.com/control/controlclient+
-        tailscale.com/util/uniq                                      from tailscale.com/wgengine/magicsock
         tailscale.com/util/winutil                                   from tailscale.com/logpolicy+
         tailscale.com/version                                        from tailscale.com/cmd/tailscaled+
         tailscale.com/version/distro                                 from tailscale.com/control/controlclient+
-   W    tailscale.com/wf                                             from tailscale.com/cmd/tailscaled
         tailscale.com/wgengine                                       from tailscale.com/cmd/tailscaled+
         tailscale.com/wgengine/filter                                from tailscale.com/control/controlclient+
-        tailscale.com/wgengine/magicsock                             from tailscale.com/wgengine+
+        tailscale.com/wgengine/magicsock                             from tailscale.com/cmd/tailscaled+
         tailscale.com/wgengine/monitor                               from tailscale.com/wgengine+
-        tailscale.com/wgengine/netstack                              from tailscale.com/cmd/tailscaled+
+        tailscale.com/wgengine/netstack                              from tailscale.com/cmd/tailscaled
         tailscale.com/wgengine/router                                from tailscale.com/cmd/tailscaled+
         tailscale.com/wgengine/wgcfg                                 from tailscale.com/ipn/ipnlocal+
         tailscale.com/wgengine/wgcfg/nmcfg                           from tailscale.com/ipn/ipnlocal
         tailscale.com/wgengine/wglog                                 from tailscale.com/wgengine
    W 💣 tailscale.com/wgengine/winnet                                from tailscale.com/wgengine/router
         golang.org/x/crypto/blake2b                                  from golang.org/x/crypto/nacl/box
-        golang.org/x/crypto/blake2s                                  from golang.zx2c4.com/wireguard/device+
+        golang.org/x/crypto/blake2s                                  from github.com/tailscale/wireguard-go/device+
         golang.org/x/crypto/chacha20                                 from golang.org/x/crypto/chacha20poly1305
         golang.org/x/crypto/chacha20poly1305                         from crypto/tls+
         golang.org/x/crypto/cryptobyte                               from crypto/ecdsa+
@@ -179,32 +158,31 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         golang.org/x/crypto/hkdf                                     from crypto/tls
         golang.org/x/crypto/nacl/box                                 from tailscale.com/control/controlclient+
         golang.org/x/crypto/nacl/secretbox                           from golang.org/x/crypto/nacl/box
-        golang.org/x/crypto/poly1305                                 from golang.org/x/crypto/chacha20poly1305+
+        golang.org/x/crypto/poly1305                                 from github.com/tailscale/wireguard-go/device+
         golang.org/x/crypto/salsa20/salsa                            from golang.org/x/crypto/nacl/box+
         golang.org/x/net/bpf                                         from github.com/mdlayher/netlink+
         golang.org/x/net/dns/dnsmessage                              from net+
-        golang.org/x/net/http/httpguts                               from net/http+
+        golang.org/x/net/http/httpguts                               from net/http
         golang.org/x/net/http/httpproxy                              from net/http
         golang.org/x/net/http2/hpack                                 from net/http
         golang.org/x/net/idna                                        from golang.org/x/net/http/httpguts+
-        golang.org/x/net/ipv4                                        from golang.zx2c4.com/wireguard/device
-        golang.org/x/net/ipv6                                        from golang.zx2c4.com/wireguard/device+
+        golang.org/x/net/ipv4                                        from github.com/tailscale/wireguard-go/device
+        golang.org/x/net/ipv6                                        from github.com/tailscale/wireguard-go/device+
         golang.org/x/net/proxy                                       from tailscale.com/net/netns
    D    golang.org/x/net/route                                       from net+
-        golang.org/x/sync/errgroup                                   from tailscale.com/derp+
+        golang.org/x/sync/errgroup                                   from tailscale.com/derp
         golang.org/x/sync/singleflight                               from tailscale.com/net/dnscache
         golang.org/x/sys/cpu                                         from golang.org/x/crypto/blake2b+
-  LD    golang.org/x/sys/unix                                        from github.com/mdlayher/netlink+
-   W    golang.org/x/sys/windows                                     from github.com/go-ole/go-ole+
+  LD    golang.org/x/sys/unix                                        from github.com/jsimonetti/rtnetlink/internal/unix+
+   W    golang.org/x/sys/windows                                     from github.com/tailscale/wireguard-go/conn+
    W    golang.org/x/sys/windows/registry                            from golang.zx2c4.com/wireguard/windows/tunnel/winipcfg+
-   W    golang.org/x/sys/windows/svc                                 from tailscale.com/cmd/tailscaled+
-   W    golang.org/x/sys/windows/svc/mgr                             from tailscale.com/cmd/tailscaled
+   W    golang.org/x/sys/windows/svc                                 from tailscale.com/cmd/tailscaled
         golang.org/x/term                                            from tailscale.com/logpolicy
         golang.org/x/text/secure/bidirule                            from golang.org/x/net/idna
         golang.org/x/text/transform                                  from golang.org/x/text/secure/bidirule+
         golang.org/x/text/unicode/bidi                               from golang.org/x/net/idna+
         golang.org/x/text/unicode/norm                               from golang.org/x/net/idna
-        golang.org/x/time/rate                                       from inet.af/netstack/tcpip/stack+
+        golang.org/x/time/rate                                       from tailscale.com/types/logger+
         bufio                                                        from compress/flate+
         bytes                                                        from bufio+
         compress/flate                                               from compress/gzip+
@@ -237,7 +215,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         debug/elf                                                    from rsc.io/goversion/version
         debug/macho                                                  from rsc.io/goversion/version
         debug/pe                                                     from rsc.io/goversion/version
-        embed                                                        from tailscale.com/net/dns+
         encoding                                                     from encoding/json+
         encoding/asn1                                                from crypto/x509+
         encoding/base64                                              from encoding/json+
@@ -245,7 +222,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         encoding/hex                                                 from crypto/x509+
         encoding/json                                                from expvar+
         encoding/pem                                                 from crypto/tls+
-        encoding/xml                                                 from github.com/tailscale/goupnp+
         errors                                                       from bufio+
         expvar                                                       from tailscale.com/derp+
         flag                                                         from tailscale.com/cmd/tailscaled+
@@ -270,8 +246,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
         net                                                          from crypto/tls+
         net/http                                                     from expvar+
         net/http/httptrace                                           from github.com/tcnksm/go-httpstat+
-        net/http/httputil                                            from tailscale.com/ipn/localapi
-        net/http/internal                                            from net/http+
+        net/http/internal                                            from net/http
         net/http/pprof                                               from tailscale.com/cmd/tailscaled
         net/textproto                                                from golang.org/x/net/http/httpguts+
         net/url                                                      from crypto/x509+

cmd/tailscaled/install_darwin.go

@@ -73,18 +73,9 @@ func uninstallSystemDaemonDarwin(args []string) (ret error) {
 		}
 	}
 
-	if err := os.Remove(sysPlist); err != nil {
-		if os.IsNotExist(err) {
-			err = nil
-		}
-		if ret == nil {
-			ret = err
-		}
-	}
-	if err := os.Remove(targetBin); err != nil {
-		if os.IsNotExist(err) {
-			err = nil
-		}
+	err = os.Remove(sysPlist)
+	if os.IsNotExist(err) {
+		err = nil
 		if ret == nil {
 			ret = err
 		}
@@ -102,9 +93,6 @@ func installSystemDaemonDarwin(args []string) (err error) {
 		}
 	}()
 
-	// Best effort:
-	uninstallSystemDaemonDarwin(nil)
-
 	// Copy ourselves to /usr/local/bin/tailscaled.
 	if err := os.MkdirAll(filepath.Dir(targetBin), 0755); err != nil {
 		return err
@@ -139,6 +127,9 @@ func installSystemDaemonDarwin(args []string) (err error) {
 		return err
 	}
 
+	// Best effort:
+	uninstallSystemDaemonDarwin(nil)
+
 	if err := ioutil.WriteFile(sysPlist, []byte(darwinLaunchdPlist), 0700); err != nil {
 		return err
 	}

cmd/tailscaled/install_windows.go

@@ -1,123 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package main
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"os"
-	"time"
-
-	"golang.org/x/sys/windows"
-	"golang.org/x/sys/windows/svc"
-	"golang.org/x/sys/windows/svc/mgr"
-	"tailscale.com/logtail/backoff"
-	"tailscale.com/types/logger"
-	"tailscale.com/util/osshare"
-)
-
-func init() {
-	installSystemDaemon = installSystemDaemonWindows
-	uninstallSystemDaemon = uninstallSystemDaemonWindows
-}
-
-func installSystemDaemonWindows(args []string) (err error) {
-	m, err := mgr.Connect()
-	if err != nil {
-		return fmt.Errorf("failed to connect to Windows service manager: %v", err)
-	}
-
-	service, err := m.OpenService(serviceName)
-	if err == nil {
-		service.Close()
-		return fmt.Errorf("service %q is already installed", serviceName)
-	}
-
-	// no such service; proceed to install the service.
-
-	exe, err := os.Executable()
-	if err != nil {
-		return err
-	}
-
-	c := mgr.Config{
-		ServiceType:  windows.SERVICE_WIN32_OWN_PROCESS,
-		StartType:    mgr.StartAutomatic,
-		ErrorControl: mgr.ErrorNormal,
-		DisplayName:  serviceName,
-		Description:  "Connects this computer to others on the Tailscale network.",
-	}
-
-	service, err = m.CreateService(serviceName, exe, c)
-	if err != nil {
-		return fmt.Errorf("failed to create %q service: %v", serviceName, err)
-	}
-	defer service.Close()
-
-	// Exponential backoff is often too aggressive, so use (mostly)
-	// squares instead.
-	ra := []mgr.RecoveryAction{
-		{mgr.ServiceRestart, 1 * time.Second},
-		{mgr.ServiceRestart, 2 * time.Second},
-		{mgr.ServiceRestart, 4 * time.Second},
-		{mgr.ServiceRestart, 9 * time.Second},
-		{mgr.ServiceRestart, 16 * time.Second},
-		{mgr.ServiceRestart, 25 * time.Second},
-		{mgr.ServiceRestart, 36 * time.Second},
-		{mgr.ServiceRestart, 49 * time.Second},
-		{mgr.ServiceRestart, 64 * time.Second},
-	}
-	const resetPeriodSecs = 60
-	err = service.SetRecoveryActions(ra, resetPeriodSecs)
-	if err != nil {
-		return fmt.Errorf("failed to set service recovery actions: %v", err)
-	}
-
-	return nil
-}
-
-func uninstallSystemDaemonWindows(args []string) (ret error) {
-	// Remove file sharing from Windows shell (noop in non-windows)
-	osshare.SetFileSharingEnabled(false, logger.Discard)
-
-	m, err := mgr.Connect()
-	if err != nil {
-		return fmt.Errorf("failed to connect to Windows service manager: %v", err)
-	}
-	defer m.Disconnect()
-
-	service, err := m.OpenService(serviceName)
-	if err != nil {
-		return fmt.Errorf("failed to open %q service: %v", serviceName, err)
-	}
-
-	st, err := service.Query()
-	if err != nil {
-		service.Close()
-		return fmt.Errorf("failed to query service state: %v", err)
-	}
-	if st.State != svc.Stopped {
-		service.Control(svc.Stop)
-	}
-	err = service.Delete()
-	service.Close()
-	if err != nil {
-		return fmt.Errorf("failed to delete service: %v", err)
-	}
-
-	bo := backoff.NewBackoff("uninstall", logger.Discard, 30*time.Second)
-	end := time.Now().Add(15 * time.Second)
-	for time.Until(end) > 0 {
-		service, err = m.OpenService(serviceName)
-		if err != nil {
-			// service is no longer openable; success!
-			break
-		}
-		service.Close()
-		bo.BackOff(context.Background(), errors.New("service not deleted"))
-	}
-	return nil
-}

cmd/tailscaled/tailscaled.go

@@ -24,28 +24,37 @@ import (
 	"runtime/debug"
 	"strconv"
 	"strings"
+	"sync"
 	"syscall"
 	"time"
 
 	"github.com/go-multierror/multierror"
-	"tailscale.com/ipn"
 	"tailscale.com/ipn/ipnserver"
 	"tailscale.com/logpolicy"
-	"tailscale.com/net/dns"
-	"tailscale.com/net/socks5/tssocks"
+	"tailscale.com/net/socks5"
 	"tailscale.com/net/tstun"
 	"tailscale.com/paths"
 	"tailscale.com/types/flagtype"
 	"tailscale.com/types/logger"
-	"tailscale.com/util/osshare"
+	"tailscale.com/types/netmap"
 	"tailscale.com/version"
 	"tailscale.com/version/distro"
 	"tailscale.com/wgengine"
+	"tailscale.com/wgengine/magicsock"
 	"tailscale.com/wgengine/monitor"
 	"tailscale.com/wgengine/netstack"
 	"tailscale.com/wgengine/router"
 )
 
+// globalStateKey is the ipn.StateKey that tailscaled loads on
+// startup.
+//
+// We have to support multiple state keys for other OSes (Windows in
+// particular), but right now Unix daemons run with a single
+// node-global state. To keep open the option of having per-user state
+// later, the global state key doesn't look like a username.
+const globalStateKey = "_daemon"
+
 // defaultTunName returns the default tun device name for the platform.
 func defaultTunName() string {
 	switch runtime.GOOS {
@@ -104,7 +113,7 @@ func main() {
 	flag.StringVar(&args.debug, "debug", "", "listen address ([ip]:port) of optional debug server")
 	flag.StringVar(&args.socksAddr, "socks5-server", "", `optional [ip]:port to run a SOCK5 server (e.g. "localhost:1080")`)
 	flag.StringVar(&args.tunname, "tun", defaultTunName(), `tunnel interface name; use "userspace-networking" (beta) to not use TUN`)
-	flag.Var(flagtype.PortValue(&args.port, 0), "port", "UDP port to listen on for WireGuard and peer-to-peer traffic; 0 means automatically select")
+	flag.Var(flagtype.PortValue(&args.port, magicsock.DefaultPort), "port", "UDP port to listen on for WireGuard and peer-to-peer traffic; 0 means automatically select")
 	flag.StringVar(&args.statepath, "state", paths.DefaultTailscaledStateFile(), "path of state file")
 	flag.StringVar(&args.socketpath, "socket", paths.DefaultTailscaledSocket(), "path of the service unix socket")
 	flag.BoolVar(&printVersion, "version", false, "print version information and exit")
@@ -148,39 +157,12 @@ func main() {
 		log.Fatalf("--socket is required")
 	}
 
-	err := run()
-
-	// Remove file sharing from Windows shell (noop in non-windows)
-	osshare.SetFileSharingEnabled(false, logger.Discard)
-
-	if err != nil {
+	if err := run(); err != nil {
 		// No need to log; the func already did
 		os.Exit(1)
 	}
 }
 
-func ipnServerOpts() (o ipnserver.Options) {
-	// Allow changing the OS-specific IPN behavior for tests
-	// so we can e.g. test Windows-specific behaviors on Linux.
-	goos := os.Getenv("TS_DEBUG_TAILSCALED_IPN_GOOS")
-	if goos == "" {
-		goos = runtime.GOOS
-	}
-
-	o.Port = 41112
-	o.StatePath = args.statepath
-	o.SocketPath = args.socketpath // even for goos=="windows", for tests
-
-	switch goos {
-	default:
-		o.SurviveDisconnects = true
-		o.AutostartStateKey = ipn.GlobalDaemonStateKey
-	case "windows":
-		// Not those.
-	}
-	return o
-}
-
 func run() error {
 	var err error
 
@@ -210,7 +192,6 @@ func run() error {
 	logf = logger.RateLimitedFn(logf, 5*time.Second, 5, 100)
 
 	if args.cleanup {
-		dns.Cleanup(logf, args.tunname)
 		router.Cleanup(logf, args.tunname)
 		return nil
 	}
@@ -238,11 +219,6 @@ func run() error {
 		if err != nil {
 			log.Fatalf("SOCKS5 listener: %v", err)
 		}
-		if strings.HasSuffix(args.socksAddr, ":0") {
-			// Log kernel-selected port number so integration tests
-			// can find it portably.
-			log.Printf("SOCKS5 listening on %v", socksListener.Addr())
-		}
 	}
 
 	e, useNetstack, err := createEngine(logf, linkMon)
@@ -252,13 +228,42 @@ func run() error {
 	}
 
 	var ns *netstack.Impl
-	if useNetstack || wrapNetstack {
-		onlySubnets := wrapNetstack && !useNetstack
-		ns = mustStartNetstack(logf, e, onlySubnets)
+	if useNetstack {
+		tunDev, magicConn := e.(wgengine.InternalsGetter).GetInternals()
+		ns, err = netstack.Create(logf, tunDev, e, magicConn)
+		if err != nil {
+			log.Fatalf("netstack.Create: %v", err)
+		}
+		if err := ns.Start(); err != nil {
+			log.Fatalf("failed to start netstack: %v", err)
+		}
 	}
 
 	if socksListener != nil {
-		srv := tssocks.NewServer(logger.WithPrefix(logf, "socks5: "), e, ns)
+		srv := &socks5.Server{
+			Logf: logger.WithPrefix(logf, "socks5: "),
+		}
+		if useNetstack {
+			srv.Dialer = func(ctx context.Context, network, addr string) (net.Conn, error) {
+				return ns.DialContextTCP(ctx, addr)
+			}
+		} else {
+			var mu sync.Mutex
+			var dns netstack.DNSMap
+			e.AddNetworkMapCallback(func(nm *netmap.NetworkMap) {
+				mu.Lock()
+				defer mu.Unlock()
+				dns = netstack.DNSMapFromNetworkMap(nm)
+			})
+			srv.Dialer = func(ctx context.Context, network, addr string) (net.Conn, error) {
+				ipp, err := dns.Resolve(ctx, addr)
+				if err != nil {
+					return nil, err
+				}
+				var d net.Dialer
+				return d.DialContext(ctx, network, ipp.String())
+			}
+		}
 		go func() {
 			log.Fatalf("SOCKS5 server exited: %v", srv.Serve(socksListener))
 		}()
@@ -285,8 +290,15 @@ func run() error {
 		}
 	}()
 
-	opts := ipnServerOpts()
-	opts.DebugMux = debugMux
+	opts := ipnserver.Options{
+		SocketPath:         args.socketpath,
+		Port:               41112,
+		StatePath:          args.statepath,
+		AutostartStateKey:  globalStateKey,
+		LegacyConfigPath:   paths.LegacyConfigPath(),
+		SurviveDisconnects: true,
+		DebugMux:           debugMux,
+	}
 	err = ipnserver.Run(ctx, logf, pol.PublicID.String(), ipnserver.FixedEngine(e), opts)
 	// Cancelation is not an error: it is the only way to stop ipnserver.
 	if err != nil && err != context.Canceled {
@@ -297,16 +309,16 @@ func run() error {
 	return nil
 }
 
-func createEngine(logf logger.Logf, linkMon *monitor.Mon) (e wgengine.Engine, useNetstack bool, err error) {
+func createEngine(logf logger.Logf, linkMon *monitor.Mon) (e wgengine.Engine, isUserspace bool, err error) {
 	if args.tunname == "" {
 		return nil, false, errors.New("no --tun value specified")
 	}
 	var errs []error
 	for _, name := range strings.Split(args.tunname, ",") {
 		logf("wgengine.NewUserspaceEngine(tun %q) ...", name)
-		e, useNetstack, err = tryEngine(logf, linkMon, name)
+		e, isUserspace, err = tryEngine(logf, linkMon, name)
 		if err == nil {
-			return e, useNetstack, nil
+			return e, isUserspace, nil
 		}
 		logf("wgengine.NewUserspaceEngine(tun %q) error: %v", name, err)
 		errs = append(errs, err)
@@ -314,61 +326,31 @@ func createEngine(logf logger.Logf, linkMon *monitor.Mon) (e wgengine.Engine, us
 	return nil, false, multierror.New(errs)
 }
 
-var wrapNetstack = shouldWrapNetstack()
-
-func shouldWrapNetstack() bool {
-	if e := os.Getenv("TS_DEBUG_WRAP_NETSTACK"); e != "" {
-		v, err := strconv.ParseBool(e)
-		if err != nil {
-			log.Fatalf("invalid TS_DEBUG_WRAP_NETSTACK value: %v", err)
-		}
-		return v
-	}
-	if distro.Get() == distro.Synology {
-		return true
-	}
-	switch runtime.GOOS {
-	case "windows", "darwin":
-		// Enable on Windows and tailscaled-on-macOS (this doesn't
-		// affect the GUI clients).
-		return true
-	}
-	return false
-}
-
-func tryEngine(logf logger.Logf, linkMon *monitor.Mon, name string) (e wgengine.Engine, useNetstack bool, err error) {
+func tryEngine(logf logger.Logf, linkMon *monitor.Mon, name string) (e wgengine.Engine, isUserspace bool, err error) {
 	conf := wgengine.Config{
 		ListenPort:  args.port,
 		LinkMonitor: linkMon,
 	}
-	useNetstack = name == "userspace-networking"
-	if !useNetstack {
-		dev, devName, err := tstun.New(logf, name)
+	isUserspace = name == "userspace-networking"
+	if !isUserspace {
+		dev, err := tstun.New(logf, name)
 		if err != nil {
 			tstun.Diagnose(logf, name)
 			return nil, false, err
 		}
 		conf.Tun = dev
-		r, err := router.New(logf, dev, linkMon)
+		r, err := router.New(logf, dev)
 		if err != nil {
 			dev.Close()
 			return nil, false, err
 		}
-		d, err := dns.NewOSConfigurator(logf, devName)
-		if err != nil {
-			return nil, false, err
-		}
-		conf.DNS = d
 		conf.Router = r
-		if wrapNetstack {
-			conf.Router = netstack.NewSubnetRouterWrapper(conf.Router)
-		}
 	}
 	e, err = wgengine.NewUserspaceEngine(logf, conf)
 	if err != nil {
-		return nil, useNetstack, err
+		return nil, isUserspace, err
 	}
-	return e, useNetstack, nil
+	return e, isUserspace, nil
 }
 
 func newDebugMux() *http.ServeMux {
@@ -390,18 +372,3 @@ func runDebugServer(mux *http.ServeMux, addr string) {
 		log.Fatal(err)
 	}
 }
-
-func mustStartNetstack(logf logger.Logf, e wgengine.Engine, onlySubnets bool) *netstack.Impl {
-	tunDev, magicConn, ok := e.(wgengine.InternalsGetter).GetInternals()
-	if !ok {
-		log.Fatalf("%T is not a wgengine.InternalsGetter", e)
-	}
-	ns, err := netstack.Create(logf, tunDev, e, magicConn, onlySubnets)
-	if err != nil {
-		log.Fatalf("netstack.Create: %v", err)
-	}
-	if err := ns.Start(); err != nil {
-		log.Fatalf("failed to start netstack: %v", err)
-	}
-	return ns
-}

cmd/tailscaled/tailscaled.openrc

@@ -1,25 +0,0 @@
-#!/sbin/openrc-run
-
-set -a
-source /etc/default/tailscaled
-set +a
-
-command="/usr/sbin/tailscaled"
-command_args="--state=/var/lib/tailscale/tailscaled.state --port=$PORT --socket=/var/run/tailscale/tailscaled.sock $FLAGS"
-command_background=true
-pidfile="/run/tailscaled.pid"
-start_stop_daemon_args="-1 /var/log/tailscaled.log -2 /var/log/tailscaled.log"
-
-depend() {
-    need net
-}
-
-start_pre() {
-    mkdir -p /var/run/tailscale
-    mkdir -p /var/lib/tailscale
-    $command --cleanup
-}
-
-stop_post() {
-    $command --cleanup
-}

cmd/tailscaled/tailscaled.service

@@ -2,7 +2,7 @@
 Description=Tailscale node agent
 Documentation=https://tailscale.com/kb/
 Wants=network-pre.target
-After=network-pre.target NetworkManager.service systemd-resolved.service
+After=network-pre.target
 
 [Service]
 EnvironmentFile=/etc/default/tailscaled

cmd/tailscaled/tailscaled_windows.go

@@ -19,25 +19,22 @@ package main // import "tailscale.com/cmd/tailscaled"
 
 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"log"
+	"net"
 	"os"
 	"time"
 
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/svc"
 	"golang.zx2c4.com/wireguard/windows/tunnel/winipcfg"
-	"inet.af/netaddr"
 	"tailscale.com/ipn/ipnserver"
 	"tailscale.com/logpolicy"
-	"tailscale.com/net/dns"
 	"tailscale.com/net/tstun"
+	"tailscale.com/tempfork/wireguard-windows/firewall"
 	"tailscale.com/types/logger"
 	"tailscale.com/version"
-	"tailscale.com/wf"
 	"tailscale.com/wgengine"
-	"tailscale.com/wgengine/netstack"
 	"tailscale.com/wgengine/router"
 )
 
@@ -128,6 +125,16 @@ func beFirewallKillswitch() bool {
 	log.SetFlags(0)
 	log.Printf("killswitch subprocess starting, tailscale GUID is %s", os.Args[2])
 
+	go func() {
+		b := make([]byte, 16)
+		for {
+			_, err := os.Stdin.Read(b)
+			if err != nil {
+				log.Fatalf("parent process died or requested exit, exiting (%v)", err)
+			}
+		}
+	}()
+
 	guid, err := windows.GUIDFromString(os.Args[2])
 	if err != nil {
 		log.Fatalf("invalid GUID %q: %v", os.Args[2], err)
@@ -135,141 +142,101 @@ func beFirewallKillswitch() bool {
 
 	luid, err := winipcfg.LUIDFromGUID(&guid)
 	if err != nil {
-		log.Fatalf("no interface with GUID %q: %v", guid, err)
+		log.Fatalf("no interface with GUID %q", guid)
 	}
 
+	noProtection := false
+	var dnsIPs []net.IP // unused in called code.
 	start := time.Now()
-	fw, err := wf.New(uint64(luid))
-	if err != nil {
-		log.Fatalf("failed to enable firewall: %v", err)
-	}
+	firewall.EnableFirewall(uint64(luid), noProtection, dnsIPs)
 	log.Printf("killswitch enabled, took %s", time.Since(start))
 
-	// Note(maisem): when local lan access toggled, tailscaled needs to
-	// inform the firewall to let local routes through. The set of routes
-	// is passed in via stdin encoded in json.
-	dcd := json.NewDecoder(os.Stdin)
-	for {
-		var routes []netaddr.IPPrefix
-		if err := dcd.Decode(&routes); err != nil {
-			log.Fatalf("parent process died or requested exit, exiting (%v)", err)
-		}
-		if err := fw.UpdatePermittedRoutes(routes); err != nil {
-			log.Fatalf("failed to update routes (%v)", err)
-		}
-	}
+	// Block until the monitor goroutine shuts us down.
+	select {}
 }
 
 func startIPNServer(ctx context.Context, logid string) error {
 	var logf logger.Logf = log.Printf
+	var eng wgengine.Engine
+	var err error
 
-	getEngineRaw := func() (wgengine.Engine, error) {
-		dev, devName, err := tstun.New(logf, "Tailscale")
+	getEngine := func() (wgengine.Engine, error) {
+		dev, err := tstun.New(logf, "Tailscale")
 		if err != nil {
-			return nil, fmt.Errorf("TUN: %w", err)
+			return nil, err
 		}
-		r, err := router.New(logf, dev, nil)
+		r, err := router.New(logf, dev)
 		if err != nil {
 			dev.Close()
-			return nil, fmt.Errorf("router: %w", err)
-		}
-		if wrapNetstack {
-			r = netstack.NewSubnetRouterWrapper(r)
-		}
-		d, err := dns.NewOSConfigurator(logf, devName)
-		if err != nil {
-			r.Close()
-			dev.Close()
-			return nil, fmt.Errorf("DNS: %w", err)
+			return nil, err
 		}
 		eng, err := wgengine.NewUserspaceEngine(logf, wgengine.Config{
 			Tun:        dev,
 			Router:     r,
-			DNS:        d,
 			ListenPort: 41641,
 		})
 		if err != nil {
 			r.Close()
 			dev.Close()
-			return nil, fmt.Errorf("engine: %w", err)
-		}
-		onlySubnets := true
-		if wrapNetstack {
-			mustStartNetstack(logf, eng, onlySubnets)
+			return nil, err
 		}
 		return wgengine.NewWatchdog(eng), nil
 	}
 
-	type engineOrError struct {
-		Engine wgengine.Engine
-		Err    error
-	}
-	engErrc := make(chan engineOrError)
-	t0 := time.Now()
-	go func() {
-		const ms = time.Millisecond
-		for try := 1; ; try++ {
-			logf("tailscaled: getting engine... (try %v)", try)
-			t1 := time.Now()
-			eng, err := getEngineRaw()
-			d, dt := time.Since(t1).Round(ms), time.Since(t1).Round(ms)
+	if msg := os.Getenv("TS_DEBUG_WIN_FAIL"); msg != "" {
+		err = fmt.Errorf("pretending to be a service failure: %v", msg)
+	} else {
+		// We have a bunch of bug reports of wgengine.NewUserspaceEngine returning a few different errors,
+		// all intermittently. A few times I (Brad) have also seen sporadic failures that simply
+		// restarting fixed. So try a few times.
+		for try := 1; try <= 5; try++ {
+			if try > 1 {
+				// Only sleep a bit. Don't do some massive backoff because
+				// the frontend GUI has a 30 second timeout on connecting to us,
+				// but even 5 seconds is too long for them to get any results.
+				// 5 tries * 1 second each seems fine.
+				time.Sleep(time.Second)
+			}
+			eng, err = getEngine()
 			if err != nil {
-				logf("tailscaled: engine fetch error (try %v) in %v (total %v, sysUptime %v): %v",
-					try, d, dt, windowsUptime().Round(time.Second), err)
-			} else {
-				if try > 1 {
-					logf("tailscaled: got engine on try %v in %v (total %v)", try, d, dt)
-				} else {
-					logf("tailscaled: got engine in %v", d)
-				}
-			}
-			timer := time.NewTimer(5 * time.Second)
-			engErrc <- engineOrError{eng, err}
-			if err == nil {
-				timer.Stop()
-				return
-			}
-			<-timer.C
-		}
-	}()
-
-	// getEngine is called by ipnserver to get the engine. It's
-	// not called concurrently and is not called again once it
-	// successfully returns an engine.
-	getEngine := func() (wgengine.Engine, error) {
-		if msg := os.Getenv("TS_DEBUG_WIN_FAIL"); msg != "" {
-			return nil, fmt.Errorf("pretending to be a service failure: %v", msg)
-		}
-		for {
-			res := <-engErrc
-			if res.Engine != nil {
-				return res.Engine, nil
-			}
-			if time.Since(t0) < time.Minute || windowsUptime() < 10*time.Minute {
-				// Ignore errors during early boot. Windows 10 auto logs in the GUI
-				// way sooner than the networking stack components start up.
-				// So the network will fail for a bit (and require a few tries) while
-				// the GUI is still fine.
+				logf("wgengine.NewUserspaceEngine: (try %v) %v", try, err)
 				continue
 			}
-			// Return nicer errors to users, annotated with logids, which helps
-			// when they file bugs.
-			return nil, fmt.Errorf("%w\n\nlogid: %v", res.Err, logid)
+			if try > 1 {
+				logf("wgengine.NewUserspaceEngine: ended up working on try %v", try)
+			}
+			break
 		}
 	}
-	err := ipnserver.Run(ctx, logf, logid, getEngine, ipnServerOpts())
+	if err != nil {
+		// Log the error, but don't fatalf. We want to
+		// propagate the error message to the UI frontend. So
+		// we continue and tell the ipnserver to return that
+		// in a Notify message.
+		logf("wgengine.NewUserspaceEngine: %v", err)
+	}
+	opts := ipnserver.Options{
+		Port:               41112,
+		SurviveDisconnects: false,
+		StatePath:          args.statepath,
+	}
+	if err != nil {
+		// Return nicer errors to users, annotated with logids, which helps
+		// when they file bugs.
+		rawGetEngine := getEngine // raw == without verbose logid-containing error
+		getEngine = func() (wgengine.Engine, error) {
+			eng, err := rawGetEngine()
+			if err != nil {
+				return nil, fmt.Errorf("wgengine.NewUserspaceEngine: %v\n\nlogid: %v", err, logid)
+			}
+			return eng, nil
+		}
+	} else {
+		getEngine = ipnserver.FixedEngine(eng)
+	}
+	err = ipnserver.Run(ctx, logf, logid, getEngine, opts)
 	if err != nil {
 		logf("ipnserver.Run: %v", err)
 	}
 	return err
 }
-
-var (
-	kernel32           = windows.NewLazySystemDLL("kernel32.dll")
-	getTickCount64Proc = kernel32.NewProc("GetTickCount64")
-)
-
-func windowsUptime() time.Duration {
-	r, _, _ := getTickCount64Proc.Call()
-	return time.Duration(int64(r)) * time.Millisecond
-}

cmd/tsshd/tsshd.go

@@ -29,8 +29,8 @@ import (
 	"time"
 	"unsafe"
 
-	"github.com/creack/pty"
 	"github.com/gliderlabs/ssh"
+	"github.com/kr/pty"
 	gossh "golang.org/x/crypto/ssh"
 	"inet.af/netaddr"
 	"tailscale.com/net/interfaces"
@@ -59,11 +59,11 @@ func main() {
 
 	warned := false
 	for {
-		addrs, iface, err := interfaces.Tailscale()
+		addr, iface, err := interfaces.Tailscale()
 		if err != nil {
 			log.Fatalf("listing interfaces: %v", err)
 		}
-		if len(addrs) == 0 {
+		if addr == nil {
 			if !warned {
 				log.Printf("no tailscale interface found; polling until one is available")
 				warned = true
@@ -75,13 +75,6 @@ func main() {
 			continue
 		}
 		warned = false
-		var addr netaddr.IP
-		for _, a := range addrs {
-			if a.Is4() {
-				addr = a
-				break
-			}
-		}
 		listen := net.JoinHostPort(addr.String(), fmt.Sprint(*port))
 		log.Printf("tailscale ssh server listening on %v, %v", iface.Name, listen)
 		s := &ssh.Server{

control/controlclient/auto.go

@@ -2,11 +2,18 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// Package controlclient implements the client for the Tailscale
+// control plane.
+//
+// It handles authentication, port picking, and collects the local
+// network configuration.
 package controlclient
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
+	"reflect"
 	"sync"
 	"time"
 
@@ -21,28 +28,87 @@ import (
 	"tailscale.com/types/wgkey"
 )
 
-type LoginGoal struct {
-	_               structs.Incomparable
-	wantLoggedIn    bool                 // true if we *want* to be logged in
-	token           *tailcfg.Oauth2Token // oauth token to use when logging in
-	flags           LoginFlags           // flags to use when logging in
-	url             string               // auth url that needs to be visited
-	loggedOutResult chan<- error
+// State is the high-level state of the client. It is used only in
+// unit tests for proper sequencing, don't depend on it anywhere else.
+// TODO(apenwarr): eliminate 'state', as it's now obsolete.
+type State int
+
+const (
+	StateNew = State(iota)
+	StateNotAuthenticated
+	StateAuthenticating
+	StateURLVisitRequired
+	StateAuthenticated
+	StateSynchronized // connected and received map update
+)
+
+func (s State) MarshalText() ([]byte, error) {
+	return []byte(s.String()), nil
 }
 
-func (g *LoginGoal) sendLogoutError(err error) {
-	if g.loggedOutResult == nil {
-		return
-	}
-	select {
-	case g.loggedOutResult <- err:
+func (s State) String() string {
+	switch s {
+	case StateNew:
+		return "state:new"
+	case StateNotAuthenticated:
+		return "state:not-authenticated"
+	case StateAuthenticating:
+		return "state:authenticating"
+	case StateURLVisitRequired:
+		return "state:url-visit-required"
+	case StateAuthenticated:
+		return "state:authenticated"
+	case StateSynchronized:
+		return "state:synchronized"
 	default:
+		return fmt.Sprintf("state:unknown:%d", int(s))
 	}
 }
 
-// Auto connects to a tailcontrol server for a node.
-// It's a concrete implementation of the Client interface.
-type Auto struct {
+type Status struct {
+	_             structs.Incomparable
+	LoginFinished *empty.Message
+	Err           string
+	URL           string
+	Persist       *persist.Persist   // locally persisted configuration
+	NetMap        *netmap.NetworkMap // server-pushed configuration
+	Hostinfo      *tailcfg.Hostinfo  // current Hostinfo data
+	State         State
+}
+
+// Equal reports whether s and s2 are equal.
+func (s *Status) Equal(s2 *Status) bool {
+	if s == nil && s2 == nil {
+		return true
+	}
+	return s != nil && s2 != nil &&
+		(s.LoginFinished == nil) == (s2.LoginFinished == nil) &&
+		s.Err == s2.Err &&
+		s.URL == s2.URL &&
+		reflect.DeepEqual(s.Persist, s2.Persist) &&
+		reflect.DeepEqual(s.NetMap, s2.NetMap) &&
+		reflect.DeepEqual(s.Hostinfo, s2.Hostinfo) &&
+		s.State == s2.State
+}
+
+func (s Status) String() string {
+	b, err := json.MarshalIndent(s, "", "\t")
+	if err != nil {
+		panic(err)
+	}
+	return s.State.String() + " " + string(b)
+}
+
+type LoginGoal struct {
+	_            structs.Incomparable
+	wantLoggedIn bool                 // true if we *want* to be logged in
+	token        *tailcfg.Oauth2Token // oauth token to use when logging in
+	flags        LoginFlags           // flags to use when logging in
+	url          string               // auth url that needs to be visited
+}
+
+// Client connects to a tailcontrol server for a node.
+type Client struct {
 	direct   *Direct // our interface to the server APIs
 	timeNow  func() time.Time
 	logf     logger.Logf
@@ -75,8 +141,8 @@ type Auto struct {
 	mapDone    chan struct{}   // when closed, map goroutine is done
 }
 
-// New creates and starts a new Auto.
-func New(opts Options) (*Auto, error) {
+// New creates and starts a new Client.
+func New(opts Options) (*Client, error) {
 	c, err := NewNoStart(opts)
 	if c != nil {
 		c.Start()
@@ -84,8 +150,8 @@ func New(opts Options) (*Auto, error) {
 	return c, err
 }
 
-// NewNoStart creates a new Auto, but without calling Start on it.
-func NewNoStart(opts Options) (*Auto, error) {
+// NewNoStart creates a new Client, but without calling Start on it.
+func NewNoStart(opts Options) (*Client, error) {
 	direct, err := NewDirect(opts)
 	if err != nil {
 		return nil, err
@@ -96,7 +162,7 @@ func NewNoStart(opts Options) (*Auto, error) {
 	if opts.TimeNow == nil {
 		opts.TimeNow = time.Now
 	}
-	c := &Auto{
+	c := &Client{
 		direct:   direct,
 		timeNow:  opts.TimeNow,
 		logf:     opts.Logf,
@@ -112,7 +178,7 @@ func NewNoStart(opts Options) (*Auto, error) {
 
 }
 
-func (c *Auto) onHealthChange(sys health.Subsystem, err error) {
+func (c *Client) onHealthChange(sys health.Subsystem, err error) {
 	if sys == health.SysOverall {
 		return
 	}
@@ -123,13 +189,12 @@ func (c *Auto) onHealthChange(sys health.Subsystem, err error) {
 // SetPaused controls whether HTTP activity should be paused.
 //
 // The client can be paused and unpaused repeatedly, unlike Start and Shutdown, which can only be used once.
-func (c *Auto) SetPaused(paused bool) {
+func (c *Client) SetPaused(paused bool) {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	if paused == c.paused {
 		return
 	}
-	c.logf("setPaused(%v)", paused)
 	c.paused = paused
 	if paused {
 		// Only cancel the map routine. (The auth routine isn't expensive
@@ -146,7 +211,7 @@ func (c *Auto) SetPaused(paused bool) {
 // Start starts the client's goroutines.
 //
 // It should only be called for clients created by NewNoStart.
-func (c *Auto) Start() {
+func (c *Client) Start() {
 	go c.authRoutine()
 	go c.mapRoutine()
 }
@@ -156,7 +221,7 @@ func (c *Auto) Start() {
 // streaming response open), or start a new streaming one if necessary.
 //
 // It should be called whenever there's something new to tell the server.
-func (c *Auto) sendNewMapRequest() {
+func (c *Client) sendNewMapRequest() {
 	c.mu.Lock()
 
 	// If we're not already streaming a netmap, or if we're already stuck
@@ -195,7 +260,7 @@ func (c *Auto) sendNewMapRequest() {
 	}()
 }
 
-func (c *Auto) cancelAuth() {
+func (c *Client) cancelAuth() {
 	c.mu.Lock()
 	if c.authCancel != nil {
 		c.authCancel()
@@ -206,7 +271,7 @@ func (c *Auto) cancelAuth() {
 	c.mu.Unlock()
 }
 
-func (c *Auto) cancelMapLocked() {
+func (c *Client) cancelMapLocked() {
 	if c.mapCancel != nil {
 		c.mapCancel()
 	}
@@ -215,13 +280,13 @@ func (c *Auto) cancelMapLocked() {
 	}
 }
 
-func (c *Auto) cancelMapUnsafely() {
+func (c *Client) cancelMapUnsafely() {
 	c.mu.Lock()
 	c.cancelMapLocked()
 	c.mu.Unlock()
 }
 
-func (c *Auto) cancelMapSafely() {
+func (c *Client) cancelMapSafely() {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
@@ -257,7 +322,7 @@ func (c *Auto) cancelMapSafely() {
 	}
 }
 
-func (c *Auto) authRoutine() {
+func (c *Client) authRoutine() {
 	defer close(c.authDone)
 	bo := backoff.NewBackoff("authRoutine", c.logf, 30*time.Second)
 
@@ -268,7 +333,7 @@ func (c *Auto) authRoutine() {
 		if goal != nil {
 			c.logf("authRoutine: %s; wantLoggedIn=%v", c.state, goal.wantLoggedIn)
 		} else {
-			c.logf("authRoutine: %s; goal=nil paused=%v", c.state, c.paused)
+			c.logf("authRoutine: %s; goal=nil", c.state)
 		}
 		c.mu.Unlock()
 
@@ -298,7 +363,6 @@ func (c *Auto) authRoutine() {
 
 		if !goal.wantLoggedIn {
 			err := c.direct.TryLogout(ctx)
-			goal.sendLogoutError(err)
 			if err != nil {
 				report(err, "TryLogout")
 				bo.BackOff(ctx, err)
@@ -338,10 +402,9 @@ func (c *Auto) authRoutine() {
 				report(err, f)
 				bo.BackOff(ctx, err)
 				continue
-			}
-			if url != "" {
+			} else if url != "" {
 				if goal.url != "" {
-					err = fmt.Errorf("[unexpected] server required a new URL?")
+					err = fmt.Errorf("weird: server required a new url?")
 					report(err, "WaitLoginURL")
 				}
 
@@ -376,7 +439,7 @@ func (c *Auto) authRoutine() {
 
 // Expiry returns the credential expiration time, or the zero time if
 // the expiration time isn't known. Used in tests only.
-func (c *Auto) Expiry() *time.Time {
+func (c *Client) Expiry() *time.Time {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 	return c.expiry
@@ -384,21 +447,21 @@ func (c *Auto) Expiry() *time.Time {
 
 // Direct returns the underlying direct client object. Used in tests
 // only.
-func (c *Auto) Direct() *Direct {
+func (c *Client) Direct() *Direct {
 	return c.direct
 }
 
 // unpausedChanLocked returns a new channel that is closed when the
-// current Auto pause is unpaused.
+// current Client pause is unpaused.
 //
 // c.mu must be held
-func (c *Auto) unpausedChanLocked() <-chan struct{} {
+func (c *Client) unpausedChanLocked() <-chan struct{} {
 	unpaused := make(chan struct{})
 	c.unpauseWaiters = append(c.unpauseWaiters, unpaused)
 	return unpaused
 }
 
-func (c *Auto) mapRoutine() {
+func (c *Client) mapRoutine() {
 	defer close(c.mapDone)
 	bo := backoff.NewBackoff("mapRoutine", c.logf, 30*time.Second)
 
@@ -520,24 +583,20 @@ func (c *Auto) mapRoutine() {
 	}
 }
 
-func (c *Auto) AuthCantContinue() bool {
-	if c == nil {
-		return true
-	}
+func (c *Client) AuthCantContinue() bool {
 	c.mu.Lock()
 	defer c.mu.Unlock()
 
 	return !c.loggedIn && (c.loginGoal == nil || c.loginGoal.url != "")
 }
 
-// SetStatusFunc sets fn as the callback to run on any status change.
-func (c *Auto) SetStatusFunc(fn func(Status)) {
+func (c *Client) SetStatusFunc(fn func(Status)) {
 	c.mu.Lock()
 	c.statusFunc = fn
 	c.mu.Unlock()
 }
 
-func (c *Auto) SetHostinfo(hi *tailcfg.Hostinfo) {
+func (c *Client) SetHostinfo(hi *tailcfg.Hostinfo) {
 	if hi == nil {
 		panic("nil Hostinfo")
 	}
@@ -550,7 +609,7 @@ func (c *Auto) SetHostinfo(hi *tailcfg.Hostinfo) {
 	c.sendNewMapRequest()
 }
 
-func (c *Auto) SetNetInfo(ni *tailcfg.NetInfo) {
+func (c *Client) SetNetInfo(ni *tailcfg.NetInfo) {
 	if ni == nil {
 		panic("nil NetInfo")
 	}
@@ -563,7 +622,7 @@ func (c *Auto) SetNetInfo(ni *tailcfg.NetInfo) {
 	c.sendNewMapRequest()
 }
 
-func (c *Auto) sendStatus(who string, err error, url string, nm *netmap.NetworkMap) {
+func (c *Client) sendStatus(who string, err error, url string, nm *netmap.NetworkMap) {
 	c.mu.Lock()
 	state := c.state
 	loggedIn := c.loggedIn
@@ -576,12 +635,9 @@ func (c *Auto) sendStatus(who string, err error, url string, nm *netmap.NetworkM
 	c.logf("[v1] sendStatus: %s: %v", who, state)
 
 	var p *persist.Persist
-	var loginFin, logoutFin *empty.Message
+	var fin *empty.Message
 	if state == StateAuthenticated {
-		loginFin = new(empty.Message)
-	}
-	if state == StateNotAuthenticated {
-		logoutFin = new(empty.Message)
+		fin = new(empty.Message)
 	}
 	if nm != nil && loggedIn && synced {
 		pp := c.direct.GetPersist()
@@ -592,13 +648,12 @@ func (c *Auto) sendStatus(who string, err error, url string, nm *netmap.NetworkM
 		nm = nil
 	}
 	new := Status{
-		LoginFinished:  loginFin,
-		LogoutFinished: logoutFin,
-		URL:            url,
-		Persist:        p,
-		NetMap:         nm,
-		Hostinfo:       hi,
-		State:          state,
+		LoginFinished: fin,
+		URL:           url,
+		Persist:       p,
+		NetMap:        nm,
+		Hostinfo:      hi,
+		State:         state,
 	}
 	if err != nil {
 		new.Err = err.Error()
@@ -612,7 +667,7 @@ func (c *Auto) sendStatus(who string, err error, url string, nm *netmap.NetworkM
 	c.mu.Unlock()
 }
 
-func (c *Auto) Login(t *tailcfg.Oauth2Token, flags LoginFlags) {
+func (c *Client) Login(t *tailcfg.Oauth2Token, flags LoginFlags) {
 	c.logf("client.Login(%v, %v)", t != nil, flags)
 
 	c.mu.Lock()
@@ -626,57 +681,26 @@ func (c *Auto) Login(t *tailcfg.Oauth2Token, flags LoginFlags) {
 	c.cancelAuth()
 }
 
-func (c *Auto) StartLogout() {
-	c.logf("client.StartLogout()")
+func (c *Client) Logout() {
+	c.logf("client.Logout()")
 
 	c.mu.Lock()
 	c.loginGoal = &LoginGoal{
 		wantLoggedIn: false,
 	}
 	c.mu.Unlock()
+
 	c.cancelAuth()
 }
 
-func (c *Auto) Logout(ctx context.Context) error {
-	c.logf("client.Logout()")
-
-	errc := make(chan error, 1)
-
-	c.mu.Lock()
-	c.loginGoal = &LoginGoal{
-		wantLoggedIn:    false,
-		loggedOutResult: errc,
-	}
-	c.mu.Unlock()
-	c.cancelAuth()
-
-	timer := time.NewTimer(10 * time.Second)
-	defer timer.Stop()
-	select {
-	case err := <-errc:
-		return err
-	case <-ctx.Done():
-		return ctx.Err()
-	case <-timer.C:
-		return context.DeadlineExceeded
-	}
-}
-
-// UpdateEndpoints sets the client's discovered endpoints and sends
-// them to the control server if they've changed.
-//
-// It does not retain the provided slice.
-//
-// The localPort field is unused except for integration tests in
-// another repo.
-func (c *Auto) UpdateEndpoints(localPort uint16, endpoints []tailcfg.Endpoint) {
+func (c *Client) UpdateEndpoints(localPort uint16, endpoints []string) {
 	changed := c.direct.SetEndpoints(localPort, endpoints)
 	if changed {
 		c.sendNewMapRequest()
 	}
 }
 
-func (c *Auto) Shutdown() {
+func (c *Client) Shutdown() {
 	c.logf("client.Shutdown()")
 
 	c.mu.Lock()
@@ -702,23 +726,17 @@ func (c *Auto) Shutdown() {
 
 // NodePublicKey returns the node public key currently in use. This is
 // used exclusively in tests.
-func (c *Auto) TestOnlyNodePublicKey() wgkey.Key {
+func (c *Client) TestOnlyNodePublicKey() wgkey.Key {
 	priv := c.direct.GetPersist()
 	return priv.PrivateNodeKey.Public()
 }
 
-func (c *Auto) TestOnlySetAuthKey(authkey string) {
+func (c *Client) TestOnlySetAuthKey(authkey string) {
 	c.direct.mu.Lock()
 	defer c.direct.mu.Unlock()
 	c.direct.authKey = authkey
 }
 
-func (c *Auto) TestOnlyTimeNow() time.Time {
+func (c *Client) TestOnlyTimeNow() time.Time {
 	return c.timeNow()
 }
-
-// SetDNS sends the SetDNSRequest request to the control plane server,
-// requesting a DNS record be created or updated.
-func (c *Auto) SetDNS(ctx context.Context, req *tailcfg.SetDNSRequest) error {
-	return c.direct.SetDNS(ctx, req)
-}

control/controlclient/client.go

@@ -1,80 +0,0 @@
-// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package controlclient implements the client for the Tailscale
-// control plane.
-//
-// It handles authentication, port picking, and collects the local
-// network configuration.
-package controlclient
-
-import (
-	"context"
-
-	"tailscale.com/tailcfg"
-)
-
-type LoginFlags int
-
-const (
-	LoginDefault     = LoginFlags(0)
-	LoginInteractive = LoginFlags(1 << iota) // force user login and key refresh
-)
-
-// Client represents a client connection to the control server.
-// Currently this is done through a pair of polling https requests in
-// the Auto client, but that might change eventually.
-type Client interface {
-	// SetStatusFunc provides a callback to call when control sends us
-	// a message.
-	SetStatusFunc(func(Status))
-	// Shutdown closes this session, which should not be used any further
-	// afterwards.
-	Shutdown()
-	// Login begins an interactive or non-interactive login process.
-	// Client will eventually call the Status callback with either a
-	// LoginFinished flag (on success) or an auth URL (if further
-	// interaction is needed).
-	Login(*tailcfg.Oauth2Token, LoginFlags)
-	// StartLogout starts an asynchronous logout process.
-	// When it finishes, the Status callback will be called while
-	// AuthCantContinue()==true.
-	StartLogout()
-	// Logout starts a synchronous logout process. It doesn't return
-	// until the logout operation has been completed.
-	Logout(context.Context) error
-	// SetPaused pauses or unpauses the controlclient activity as much
-	// as possible, without losing its internal state, to minimize
-	// unnecessary network activity.
-	// TODO: It might be better to simply shutdown the controlclient and
-	// make a new one when it's time to unpause.
-	SetPaused(bool)
-	// AuthCantContinue returns whether authentication is blocked. If it
-	// is, you either need to visit the auth URL (previously sent in a
-	// Status callback) or call the Login function appropriately.
-	// TODO: this probably belongs in the Status itself instead.
-	AuthCantContinue() bool
-	// SetHostinfo changes the Hostinfo structure that will be sent in
-	// subsequent node registration requests.
-	// TODO: a server-side change would let us simply upload this
-	// in a separate http request. It has nothing to do with the rest of
-	// the state machine.
-	SetHostinfo(*tailcfg.Hostinfo)
-	// SetNetinfo changes the NetIinfo structure that will be sent in
-	// subsequent node registration requests.
-	// TODO: a server-side change would let us simply upload this
-	// in a separate http request. It has nothing to do with the rest of
-	// the state machine.
-	SetNetInfo(*tailcfg.NetInfo)
-	// UpdateEndpoints changes the Endpoint structure that will be sent
-	// in subsequent node registration requests.
-	// TODO: localPort seems to be obsolete, remove it.
-	// TODO: a server-side change would let us simply upload this
-	// in a separate http request. It has nothing to do with the rest of
-	// the state machine.
-	UpdateEndpoints(localPort uint16, endpoints []tailcfg.Endpoint)
-	// SetDNS sends the SetDNSRequest request to the control plane server,
-	// requesting a DNS record be created or updated.
-	SetDNS(context.Context, *tailcfg.SetDNSRequest) error
-}

control/controlclient/controlclient_test.go

@@ -22,7 +22,7 @@ func fieldsOf(t reflect.Type) (fields []string) {
 
 func TestStatusEqual(t *testing.T) {
 	// Verify that the Equal method stays in sync with reality
-	equalHandles := []string{"LoginFinished", "LogoutFinished", "Err", "URL", "NetMap", "State", "Persist", "Hostinfo"}
+	equalHandles := []string{"LoginFinished", "Err", "URL", "Persist", "NetMap", "Hostinfo", "State"}
 	if have := fieldsOf(reflect.TypeOf(Status{})); !reflect.DeepEqual(have, equalHandles) {
 		t.Errorf("Status.Equal check might be out of sync\nfields: %q\nhandled: %q\n",
 			have, equalHandles)

control/controlclient/debug.go

@@ -11,6 +11,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"regexp"
 	"runtime"
 	"strconv"
 	"time"
@@ -41,82 +42,28 @@ func dumpGoroutinesToURL(c *http.Client, targetURL string) {
 	}
 }
 
+var reHexArgs = regexp.MustCompile(`\b0x[0-9a-f]+\b`)
+
 // scrubbedGoroutineDump returns the list of all current goroutines, but with the actual
 // values of arguments scrubbed out, lest it contain some private key material.
 func scrubbedGoroutineDump() []byte {
-	var buf []byte
-	// Grab stacks multiple times into increasingly larger buffer sizes
-	// to minimize the risk that we blow past our iOS memory limit.
-	for size := 1 << 10; size <= 1<<20; size += 1 << 10 {
-		buf = make([]byte, size)
-		buf = buf[:runtime.Stack(buf, true)]
-		if len(buf) < size {
-			// It fit.
-			break
-		}
-	}
-	return scrubHex(buf)
-}
+	buf := make([]byte, 1<<20)
+	buf = buf[:runtime.Stack(buf, true)]
 
-func scrubHex(buf []byte) []byte {
 	saw := map[string][]byte{} // "0x123" => "v1%3" (unique value 1 and its value mod 8)
-
-	foreachHexAddress(buf, func(in []byte) {
+	return reHexArgs.ReplaceAllFunc(buf, func(in []byte) []byte {
 		if string(in) == "0x0" {
-			return
+			return in
 		}
 		if v, ok := saw[string(in)]; ok {
-			for i := range in {
-				in[i] = '_'
-			}
-			copy(in, v)
-			return
+			return v
 		}
-		inStr := string(in)
 		u64, err := strconv.ParseUint(string(in[2:]), 16, 64)
-		for i := range in {
-			in[i] = '_'
-		}
 		if err != nil {
-			in[0] = '?'
-			return
+			return []byte("??")
 		}
 		v := []byte(fmt.Sprintf("v%d%%%d", len(saw)+1, u64%8))
-		saw[inStr] = v
-		copy(in, v)
+		saw[string(in)] = v
+		return v
 	})
-	return buf
-}
-
-var ohx = []byte("0x")
-
-// foreachHexAddress calls f with each subslice of b that matches
-// regexp `0x[0-9a-f]*`.
-func foreachHexAddress(b []byte, f func([]byte)) {
-	for len(b) > 0 {
-		i := bytes.Index(b, ohx)
-		if i == -1 {
-			return
-		}
-		b = b[i:]
-		hx := hexPrefix(b)
-		f(hx)
-		b = b[len(hx):]
-	}
-}
-
-func hexPrefix(b []byte) []byte {
-	for i, c := range b {
-		if i < 2 {
-			continue
-		}
-		if !isHexByte(c) {
-			return b[:i]
-		}
-	}
-	return b
-}
-
-func isHexByte(b byte) bool {
-	return '0' <= b && b <= '9' || 'a' <= b && b <= 'f' || 'A' <= b && b <= 'F'
 }

control/controlclient/debug_test.go

@@ -9,22 +9,3 @@ import "testing"
 func TestScrubbedGoroutineDump(t *testing.T) {
 	t.Logf("Got:\n%s\n", scrubbedGoroutineDump())
 }
-
-func TestScrubHex(t *testing.T) {
-	tests := []struct {
-		in, want string
-	}{
-		{"foo", "foo"},
-		{"", ""},
-		{"0x", "?_"},
-		{"0x001 and same 0x001", "v1%1_ and same v1%1_"},
-		{"0x008 and same 0x008", "v1%0_ and same v1%0_"},
-		{"0x001 and diff 0x002", "v1%1_ and diff v2%2_"},
-	}
-	for _, tt := range tests {
-		got := scrubHex([]byte(tt.in))
-		if string(got) != tt.want {
-			t.Errorf("for input:\n%s\n\ngot:\n%s\n\nwant:\n%s\n", tt.in, got, tt.want)
-		}
-	}
-}

control/controlclient/direct_test.go

@@ -6,13 +6,94 @@ package controlclient
 
 import (
 	"encoding/json"
+	"fmt"
+	"reflect"
+	"strings"
 	"testing"
 
-	"inet.af/netaddr"
 	"tailscale.com/tailcfg"
 	"tailscale.com/types/wgkey"
 )
 
+func TestUndeltaPeers(t *testing.T) {
+	n := func(id tailcfg.NodeID, name string) *tailcfg.Node {
+		return &tailcfg.Node{ID: id, Name: name}
+	}
+	peers := func(nv ...*tailcfg.Node) []*tailcfg.Node { return nv }
+	tests := []struct {
+		name   string
+		mapRes *tailcfg.MapResponse
+		prev   []*tailcfg.Node
+		want   []*tailcfg.Node
+	}{
+		{
+			name: "full_peers",
+			mapRes: &tailcfg.MapResponse{
+				Peers: peers(n(1, "foo"), n(2, "bar")),
+			},
+			want: peers(n(1, "foo"), n(2, "bar")),
+		},
+		{
+			name: "full_peers_ignores_deltas",
+			mapRes: &tailcfg.MapResponse{
+				Peers:        peers(n(1, "foo"), n(2, "bar")),
+				PeersRemoved: []tailcfg.NodeID{2},
+			},
+			want: peers(n(1, "foo"), n(2, "bar")),
+		},
+		{
+			name: "add_and_update",
+			prev: peers(n(1, "foo"), n(2, "bar")),
+			mapRes: &tailcfg.MapResponse{
+				PeersChanged: peers(n(0, "zero"), n(2, "bar2"), n(3, "three")),
+			},
+			want: peers(n(0, "zero"), n(1, "foo"), n(2, "bar2"), n(3, "three")),
+		},
+		{
+			name: "remove",
+			prev: peers(n(1, "foo"), n(2, "bar")),
+			mapRes: &tailcfg.MapResponse{
+				PeersRemoved: []tailcfg.NodeID{1},
+			},
+			want: peers(n(2, "bar")),
+		},
+		{
+			name: "add_and_remove",
+			prev: peers(n(1, "foo"), n(2, "bar")),
+			mapRes: &tailcfg.MapResponse{
+				PeersChanged: peers(n(1, "foo2")),
+				PeersRemoved: []tailcfg.NodeID{2},
+			},
+			want: peers(n(1, "foo2")),
+		},
+		{
+			name:   "unchanged",
+			prev:   peers(n(1, "foo"), n(2, "bar")),
+			mapRes: &tailcfg.MapResponse{},
+			want:   peers(n(1, "foo"), n(2, "bar")),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			undeltaPeers(tt.mapRes, tt.prev)
+			if !reflect.DeepEqual(tt.mapRes.Peers, tt.want) {
+				t.Errorf("wrong results\n got: %s\nwant: %s", formatNodes(tt.mapRes.Peers), formatNodes(tt.want))
+			}
+		})
+	}
+}
+
+func formatNodes(nodes []*tailcfg.Node) string {
+	var sb strings.Builder
+	for i, n := range nodes {
+		if i > 0 {
+			sb.WriteString(", ")
+		}
+		fmt.Fprintf(&sb, "(%d, %q)", n.ID, n.Name)
+	}
+	return sb.String()
+}
+
 func TestNewDirect(t *testing.T) {
 	hi := NewHostinfo()
 	ni := tailcfg.NetInfo{LinkType: "wired"}
@@ -22,13 +103,7 @@ func TestNewDirect(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	opts := Options{
-		ServerURL: "https://example.com",
-		Hostinfo:  hi,
-		GetMachinePrivateKey: func() (wgkey.Private, error) {
-			return key, nil
-		},
-	}
+	opts := Options{ServerURL: "https://example.com", MachinePrivateKey: key, Hostinfo: hi}
 	c, err := NewDirect(opts)
 	if err != nil {
 		t.Fatal(err)
@@ -63,7 +138,7 @@ func TestNewDirect(t *testing.T) {
 		t.Errorf("c.SetHostinfo(hi) want true got %v", changed)
 	}
 
-	endpoints := fakeEndpoints(1, 2, 3)
+	endpoints := []string{"1", "2", "3"}
 	changed = c.newEndpoints(12, endpoints)
 	if !changed {
 		t.Errorf("c.newEndpoints(12) want true got %v", changed)
@@ -76,22 +151,13 @@ func TestNewDirect(t *testing.T) {
 	if !changed {
 		t.Errorf("c.newEndpoints(13) want true got %v", changed)
 	}
-	endpoints = fakeEndpoints(4, 5, 6)
+	endpoints = []string{"4", "5", "6"}
 	changed = c.newEndpoints(13, endpoints)
 	if !changed {
 		t.Errorf("c.newEndpoints(13) want true got %v", changed)
 	}
 }
 
-func fakeEndpoints(ports ...uint16) (ret []tailcfg.Endpoint) {
-	for _, port := range ports {
-		ret = append(ret, tailcfg.Endpoint{
-			Addr: netaddr.IPPortFrom(netaddr.IP{}, port),
-		})
-	}
-	return
-}
-
 func TestNewHostinfo(t *testing.T) {
 	hi := NewHostinfo()
 	if hi == nil {

control/controlclient/filter.go

@@ -0,0 +1,20 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package controlclient
+
+import (
+	"tailscale.com/tailcfg"
+	"tailscale.com/wgengine/filter"
+)
+
+// Parse a backward-compatible FilterRule used by control's wire
+// format, producing the most current filter format.
+func (c *Direct) parsePacketFilter(pf []tailcfg.FilterRule) []filter.Match {
+	mm, err := filter.MatchesFromFilterRules(pf)
+	if err != nil {
+		c.logf("parsePacketFilter: %s\n", err)
+	}
+	return mm
+}

control/controlclient/hostinfo_linux.go

@@ -9,11 +9,12 @@ package controlclient
 import (
 	"bytes"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"strings"
 	"syscall"
 
-	"tailscale.com/hostinfo"
+	"go4.org/mem"
 	"tailscale.com/util/lineread"
 	"tailscale.com/version/distro"
 )
@@ -54,12 +55,9 @@ func osVersionLinux() string {
 		}
 		attrBuf.WriteByte(byte(b))
 	}
-	if hostinfo.InContainer() {
+	if inContainer() {
 		attrBuf.WriteString("; container")
 	}
-	if env := hostinfo.GetEnvType(); env != "" {
-		fmt.Fprintf(&attrBuf, "; env=%s", env)
-	}
 	attr := attrBuf.String()
 
 	id := m["ID"]
@@ -91,3 +89,15 @@ func osVersionLinux() string {
 	}
 	return fmt.Sprintf("Other%s", attr)
 }
+
+func inContainer() (ret bool) {
+	lineread.File("/proc/1/cgroup", func(line []byte) error {
+		if mem.Contains(mem.B(line), mem.S("/docker/")) ||
+			mem.Contains(mem.B(line), mem.S("/lxc/")) {
+			ret = true
+			return io.EOF // arbitrary non-nil error to stop loop
+		}
+		return nil
+	})
+	return
+}

control/controlclient/map.go

@@ -1,301 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package controlclient
-
-import (
-	"log"
-	"os"
-	"sort"
-	"strconv"
-
-	"inet.af/netaddr"
-	"tailscale.com/tailcfg"
-	"tailscale.com/types/logger"
-	"tailscale.com/types/netmap"
-	"tailscale.com/types/wgkey"
-	"tailscale.com/wgengine/filter"
-)
-
-// mapSession holds the state over a long-polled "map" request to the
-// control plane.
-//
-// It accepts incremental tailcfg.MapResponse values to
-// netMapForResponse and returns fully inflated NetworkMaps, filling
-// in the omitted data implicit from prior MapResponse values from
-// within the same session (the same long-poll HTTP response to the
-// one MapRequest).
-type mapSession struct {
-	// Immutable fields.
-	privateNodeKey         wgkey.Private
-	logf                   logger.Logf
-	vlogf                  logger.Logf
-	machinePubKey          tailcfg.MachineKey
-	keepSharerAndUserSplit bool // see Options.KeepSharerAndUserSplit
-
-	// Fields storing state over the the coards of multiple MapResponses.
-	lastNode               *tailcfg.Node
-	lastDNSConfig          *tailcfg.DNSConfig
-	lastDERPMap            *tailcfg.DERPMap
-	lastUserProfile        map[tailcfg.UserID]tailcfg.UserProfile
-	lastParsedPacketFilter []filter.Match
-	collectServices        bool
-	previousPeers          []*tailcfg.Node // for delta-purposes
-	lastDomain             string
-
-	// netMapBuilding is non-nil during a netmapForResponse call,
-	// containing the value to be returned, once fully populated.
-	netMapBuilding *netmap.NetworkMap
-}
-
-func newMapSession(privateNodeKey wgkey.Private) *mapSession {
-	ms := &mapSession{
-		privateNodeKey:  privateNodeKey,
-		logf:            logger.Discard,
-		vlogf:           logger.Discard,
-		lastDNSConfig:   new(tailcfg.DNSConfig),
-		lastUserProfile: map[tailcfg.UserID]tailcfg.UserProfile{},
-	}
-	return ms
-}
-
-func (ms *mapSession) addUserProfile(userID tailcfg.UserID) {
-	nm := ms.netMapBuilding
-	if _, dup := nm.UserProfiles[userID]; dup {
-		// Already populated it from a previous peer.
-		return
-	}
-	if up, ok := ms.lastUserProfile[userID]; ok {
-		nm.UserProfiles[userID] = up
-	}
-}
-
-// netmapForResponse returns a fully populated NetworkMap from a full
-// or incremental MapResponse within the session, filling in omitted
-// information from prior MapResponse values.
-func (ms *mapSession) netmapForResponse(resp *tailcfg.MapResponse) *netmap.NetworkMap {
-	undeltaPeers(resp, ms.previousPeers)
-
-	ms.previousPeers = cloneNodes(resp.Peers) // defensive/lazy clone, since this escapes to who knows where
-	for _, up := range resp.UserProfiles {
-		ms.lastUserProfile[up.ID] = up
-	}
-
-	if resp.DERPMap != nil {
-		ms.vlogf("netmap: new map contains DERP map")
-		ms.lastDERPMap = resp.DERPMap
-	}
-
-	if pf := resp.PacketFilter; pf != nil {
-		var err error
-		ms.lastParsedPacketFilter, err = filter.MatchesFromFilterRules(pf)
-		if err != nil {
-			ms.logf("parsePacketFilter: %v", err)
-		}
-	}
-	if c := resp.DNSConfig; c != nil {
-		ms.lastDNSConfig = c
-	}
-
-	if v, ok := resp.CollectServices.Get(); ok {
-		ms.collectServices = v
-	}
-	if resp.Domain != "" {
-		ms.lastDomain = resp.Domain
-	}
-
-	nm := &netmap.NetworkMap{
-		NodeKey:         tailcfg.NodeKey(ms.privateNodeKey.Public()),
-		PrivateKey:      ms.privateNodeKey,
-		MachineKey:      ms.machinePubKey,
-		Peers:           resp.Peers,
-		UserProfiles:    make(map[tailcfg.UserID]tailcfg.UserProfile),
-		Domain:          ms.lastDomain,
-		DNS:             *ms.lastDNSConfig,
-		PacketFilter:    ms.lastParsedPacketFilter,
-		CollectServices: ms.collectServices,
-		DERPMap:         ms.lastDERPMap,
-		Debug:           resp.Debug,
-	}
-	ms.netMapBuilding = nm
-
-	if resp.Node != nil {
-		ms.lastNode = resp.Node
-	}
-	if node := ms.lastNode.Clone(); node != nil {
-		nm.SelfNode = node
-		nm.Expiry = node.KeyExpiry
-		nm.Name = node.Name
-		nm.Addresses = filterSelfAddresses(node.Addresses)
-		nm.User = node.User
-		nm.Hostinfo = node.Hostinfo
-		if node.MachineAuthorized {
-			nm.MachineStatus = tailcfg.MachineAuthorized
-		} else {
-			nm.MachineStatus = tailcfg.MachineUnauthorized
-		}
-	}
-
-	ms.addUserProfile(nm.User)
-	magicDNSSuffix := nm.MagicDNSSuffix()
-	if nm.SelfNode != nil {
-		nm.SelfNode.InitDisplayNames(magicDNSSuffix)
-	}
-	for _, peer := range resp.Peers {
-		peer.InitDisplayNames(magicDNSSuffix)
-		if !peer.Sharer.IsZero() {
-			if ms.keepSharerAndUserSplit {
-				ms.addUserProfile(peer.Sharer)
-			} else {
-				peer.User = peer.Sharer
-			}
-		}
-		ms.addUserProfile(peer.User)
-	}
-	if len(resp.DNS) > 0 {
-		nm.DNS.Nameservers = resp.DNS
-	}
-	if len(resp.SearchPaths) > 0 {
-		nm.DNS.Domains = resp.SearchPaths
-	}
-	if Debug.ProxyDNS {
-		nm.DNS.Proxied = true
-	}
-	ms.netMapBuilding = nil
-	return nm
-}
-
-// undeltaPeers updates mapRes.Peers to be complete based on the
-// provided previous peer list and the PeersRemoved and PeersChanged
-// fields in mapRes, as well as the PeerSeenChange and OnlineChange
-// maps.
-//
-// It then also nils out the delta fields.
-func undeltaPeers(mapRes *tailcfg.MapResponse, prev []*tailcfg.Node) {
-	if len(mapRes.Peers) > 0 {
-		// Not delta encoded.
-		if !nodesSorted(mapRes.Peers) {
-			log.Printf("netmap: undeltaPeers: MapResponse.Peers not sorted; sorting")
-			sortNodes(mapRes.Peers)
-		}
-		return
-	}
-
-	var removed map[tailcfg.NodeID]bool
-	if pr := mapRes.PeersRemoved; len(pr) > 0 {
-		removed = make(map[tailcfg.NodeID]bool, len(pr))
-		for _, id := range pr {
-			removed[id] = true
-		}
-	}
-	changed := mapRes.PeersChanged
-
-	if !nodesSorted(changed) {
-		log.Printf("netmap: undeltaPeers: MapResponse.PeersChanged not sorted; sorting")
-		sortNodes(changed)
-	}
-	if !nodesSorted(prev) {
-		// Internal error (unrelated to the network) if we get here.
-		log.Printf("netmap: undeltaPeers: [unexpected] prev not sorted; sorting")
-		sortNodes(prev)
-	}
-
-	newFull := prev
-	if len(removed) > 0 || len(changed) > 0 {
-		newFull = make([]*tailcfg.Node, 0, len(prev)-len(removed))
-		for len(prev) > 0 && len(changed) > 0 {
-			pID := prev[0].ID
-			cID := changed[0].ID
-			if removed[pID] {
-				prev = prev[1:]
-				continue
-			}
-			switch {
-			case pID < cID:
-				newFull = append(newFull, prev[0])
-				prev = prev[1:]
-			case pID == cID:
-				newFull = append(newFull, changed[0])
-				prev, changed = prev[1:], changed[1:]
-			case cID < pID:
-				newFull = append(newFull, changed[0])
-				changed = changed[1:]
-			}
-		}
-		newFull = append(newFull, changed...)
-		for _, n := range prev {
-			if !removed[n.ID] {
-				newFull = append(newFull, n)
-			}
-		}
-		sortNodes(newFull)
-	}
-
-	if len(mapRes.PeerSeenChange) != 0 || len(mapRes.OnlineChange) != 0 {
-		peerByID := make(map[tailcfg.NodeID]*tailcfg.Node, len(newFull))
-		for _, n := range newFull {
-			peerByID[n.ID] = n
-		}
-		now := clockNow()
-		for nodeID, seen := range mapRes.PeerSeenChange {
-			if n, ok := peerByID[nodeID]; ok {
-				if seen {
-					n.LastSeen = &now
-				} else {
-					n.LastSeen = nil
-				}
-			}
-		}
-		for nodeID, online := range mapRes.OnlineChange {
-			if n, ok := peerByID[nodeID]; ok {
-				online := online
-				n.Online = &online
-			}
-		}
-	}
-
-	mapRes.Peers = newFull
-	mapRes.PeersChanged = nil
-	mapRes.PeersRemoved = nil
-}
-
-func nodesSorted(v []*tailcfg.Node) bool {
-	for i, n := range v {
-		if i > 0 && n.ID <= v[i-1].ID {
-			return false
-		}
-	}
-	return true
-}
-
-func sortNodes(v []*tailcfg.Node) {
-	sort.Slice(v, func(i, j int) bool { return v[i].ID < v[j].ID })
-}
-
-func cloneNodes(v1 []*tailcfg.Node) []*tailcfg.Node {
-	if v1 == nil {
-		return nil
-	}
-	v2 := make([]*tailcfg.Node, len(v1))
-	for i, n := range v1 {
-		v2[i] = n.Clone()
-	}
-	return v2
-}
-
-var debugSelfIPv6Only, _ = strconv.ParseBool(os.Getenv("TS_DEBUG_SELF_V6_ONLY"))
-
-func filterSelfAddresses(in []netaddr.IPPrefix) (ret []netaddr.IPPrefix) {
-	switch {
-	default:
-		return in
-	case debugSelfIPv6Only:
-		for _, a := range in {
-			if a.IP().Is6() {
-				ret = append(ret, a)
-			}
-		}
-		return ret
-	}
-}

control/controlclient/map_test.go

@@ -1,311 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package controlclient
-
-import (
-	"encoding/json"
-	"fmt"
-	"reflect"
-	"strings"
-	"testing"
-	"time"
-
-	"tailscale.com/tailcfg"
-	"tailscale.com/types/netmap"
-	"tailscale.com/types/wgkey"
-)
-
-func TestUndeltaPeers(t *testing.T) {
-	defer func(old func() time.Time) { clockNow = old }(clockNow)
-
-	var curTime time.Time
-	clockNow = func() time.Time {
-		return curTime
-	}
-	online := func(v bool) func(*tailcfg.Node) {
-		return func(n *tailcfg.Node) {
-			n.Online = &v
-		}
-	}
-	seenAt := func(t time.Time) func(*tailcfg.Node) {
-		return func(n *tailcfg.Node) {
-			n.LastSeen = &t
-		}
-	}
-	n := func(id tailcfg.NodeID, name string, mod ...func(*tailcfg.Node)) *tailcfg.Node {
-		n := &tailcfg.Node{ID: id, Name: name}
-		for _, f := range mod {
-			f(n)
-		}
-		return n
-	}
-	peers := func(nv ...*tailcfg.Node) []*tailcfg.Node { return nv }
-	tests := []struct {
-		name    string
-		mapRes  *tailcfg.MapResponse
-		curTime time.Time
-		prev    []*tailcfg.Node
-		want    []*tailcfg.Node
-	}{
-		{
-			name: "full_peers",
-			mapRes: &tailcfg.MapResponse{
-				Peers: peers(n(1, "foo"), n(2, "bar")),
-			},
-			want: peers(n(1, "foo"), n(2, "bar")),
-		},
-		{
-			name: "full_peers_ignores_deltas",
-			mapRes: &tailcfg.MapResponse{
-				Peers:        peers(n(1, "foo"), n(2, "bar")),
-				PeersRemoved: []tailcfg.NodeID{2},
-			},
-			want: peers(n(1, "foo"), n(2, "bar")),
-		},
-		{
-			name: "add_and_update",
-			prev: peers(n(1, "foo"), n(2, "bar")),
-			mapRes: &tailcfg.MapResponse{
-				PeersChanged: peers(n(0, "zero"), n(2, "bar2"), n(3, "three")),
-			},
-			want: peers(n(0, "zero"), n(1, "foo"), n(2, "bar2"), n(3, "three")),
-		},
-		{
-			name: "remove",
-			prev: peers(n(1, "foo"), n(2, "bar")),
-			mapRes: &tailcfg.MapResponse{
-				PeersRemoved: []tailcfg.NodeID{1},
-			},
-			want: peers(n(2, "bar")),
-		},
-		{
-			name: "add_and_remove",
-			prev: peers(n(1, "foo"), n(2, "bar")),
-			mapRes: &tailcfg.MapResponse{
-				PeersChanged: peers(n(1, "foo2")),
-				PeersRemoved: []tailcfg.NodeID{2},
-			},
-			want: peers(n(1, "foo2")),
-		},
-		{
-			name:   "unchanged",
-			prev:   peers(n(1, "foo"), n(2, "bar")),
-			mapRes: &tailcfg.MapResponse{},
-			want:   peers(n(1, "foo"), n(2, "bar")),
-		},
-		{
-			name: "online_change",
-			prev: peers(n(1, "foo"), n(2, "bar")),
-			mapRes: &tailcfg.MapResponse{
-				OnlineChange: map[tailcfg.NodeID]bool{
-					1: true,
-				},
-			},
-			want: peers(
-				n(1, "foo", online(true)),
-				n(2, "bar"),
-			),
-		},
-		{
-			name: "online_change_offline",
-			prev: peers(n(1, "foo"), n(2, "bar")),
-			mapRes: &tailcfg.MapResponse{
-				OnlineChange: map[tailcfg.NodeID]bool{
-					1: false,
-					2: true,
-				},
-			},
-			want: peers(
-				n(1, "foo", online(false)),
-				n(2, "bar", online(true)),
-			),
-		},
-		{
-			name:    "peer_seen_at",
-			prev:    peers(n(1, "foo", seenAt(time.Unix(111, 0))), n(2, "bar")),
-			curTime: time.Unix(123, 0),
-			mapRes: &tailcfg.MapResponse{
-				PeerSeenChange: map[tailcfg.NodeID]bool{
-					1: false,
-					2: true,
-				},
-			},
-			want: peers(
-				n(1, "foo"),
-				n(2, "bar", seenAt(time.Unix(123, 0))),
-			),
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if !tt.curTime.IsZero() {
-				curTime = tt.curTime
-			}
-			undeltaPeers(tt.mapRes, tt.prev)
-			if !reflect.DeepEqual(tt.mapRes.Peers, tt.want) {
-				t.Errorf("wrong results\n got: %s\nwant: %s", formatNodes(tt.mapRes.Peers), formatNodes(tt.want))
-			}
-		})
-	}
-}
-
-func formatNodes(nodes []*tailcfg.Node) string {
-	var sb strings.Builder
-	for i, n := range nodes {
-		if i > 0 {
-			sb.WriteString(", ")
-		}
-		var extra string
-		if n.Online != nil {
-			extra += fmt.Sprintf(", online=%v", *n.Online)
-		}
-		if n.LastSeen != nil {
-			extra += fmt.Sprintf(", lastSeen=%v", n.LastSeen.Unix())
-		}
-		fmt.Fprintf(&sb, "(%d, %q%s)", n.ID, n.Name, extra)
-	}
-	return sb.String()
-}
-
-func newTestMapSession(t *testing.T) *mapSession {
-	k, err := wgkey.NewPrivate()
-	if err != nil {
-		t.Fatal(err)
-	}
-	return newMapSession(k)
-}
-
-func TestNetmapForResponse(t *testing.T) {
-	t.Run("implicit_packetfilter", func(t *testing.T) {
-		somePacketFilter := []tailcfg.FilterRule{
-			{
-				SrcIPs: []string{"*"},
-				DstPorts: []tailcfg.NetPortRange{
-					{IP: "10.2.3.4", Ports: tailcfg.PortRange{First: 22, Last: 22}},
-				},
-			},
-		}
-		ms := newTestMapSession(t)
-		nm1 := ms.netmapForResponse(&tailcfg.MapResponse{
-			Node:         new(tailcfg.Node),
-			PacketFilter: somePacketFilter,
-		})
-		if len(nm1.PacketFilter) == 0 {
-			t.Fatalf("zero length PacketFilter")
-		}
-		nm2 := ms.netmapForResponse(&tailcfg.MapResponse{
-			Node:         new(tailcfg.Node),
-			PacketFilter: nil, // testing that the server can omit this.
-		})
-		if len(nm1.PacketFilter) == 0 {
-			t.Fatalf("zero length PacketFilter in 2nd netmap")
-		}
-		if !reflect.DeepEqual(nm1.PacketFilter, nm2.PacketFilter) {
-			t.Error("packet filters differ")
-		}
-	})
-	t.Run("implicit_dnsconfig", func(t *testing.T) {
-		someDNSConfig := &tailcfg.DNSConfig{Domains: []string{"foo", "bar"}}
-		ms := newTestMapSession(t)
-		nm1 := ms.netmapForResponse(&tailcfg.MapResponse{
-			Node:      new(tailcfg.Node),
-			DNSConfig: someDNSConfig,
-		})
-		if !reflect.DeepEqual(nm1.DNS, *someDNSConfig) {
-			t.Fatalf("1st DNS wrong")
-		}
-		nm2 := ms.netmapForResponse(&tailcfg.MapResponse{
-			Node:      new(tailcfg.Node),
-			DNSConfig: nil, // implict
-		})
-		if !reflect.DeepEqual(nm2.DNS, *someDNSConfig) {
-			t.Fatalf("2nd DNS wrong")
-		}
-	})
-	t.Run("collect_services", func(t *testing.T) {
-		ms := newTestMapSession(t)
-		var nm *netmap.NetworkMap
-		wantCollect := func(v bool) {
-			t.Helper()
-			if nm.CollectServices != v {
-				t.Errorf("netmap.CollectServices = %v; want %v", nm.CollectServices, v)
-			}
-		}
-
-		nm = ms.netmapForResponse(&tailcfg.MapResponse{
-			Node: new(tailcfg.Node),
-		})
-		wantCollect(false)
-
-		nm = ms.netmapForResponse(&tailcfg.MapResponse{
-			Node:            new(tailcfg.Node),
-			CollectServices: "false",
-		})
-		wantCollect(false)
-
-		nm = ms.netmapForResponse(&tailcfg.MapResponse{
-			Node:            new(tailcfg.Node),
-			CollectServices: "true",
-		})
-		wantCollect(true)
-
-		nm = ms.netmapForResponse(&tailcfg.MapResponse{
-			Node:            new(tailcfg.Node),
-			CollectServices: "",
-		})
-		wantCollect(true)
-	})
-	t.Run("implicit_domain", func(t *testing.T) {
-		ms := newTestMapSession(t)
-		var nm *netmap.NetworkMap
-		want := func(v string) {
-			t.Helper()
-			if nm.Domain != v {
-				t.Errorf("netmap.Domain = %q; want %q", nm.Domain, v)
-			}
-		}
-		nm = ms.netmapForResponse(&tailcfg.MapResponse{
-			Node:   new(tailcfg.Node),
-			Domain: "foo.com",
-		})
-		want("foo.com")
-
-		nm = ms.netmapForResponse(&tailcfg.MapResponse{
-			Node: new(tailcfg.Node),
-		})
-		want("foo.com")
-	})
-	t.Run("implicit_node", func(t *testing.T) {
-		someNode := &tailcfg.Node{
-			Name: "foo",
-		}
-		wantNode := &tailcfg.Node{
-			Name:                 "foo",
-			ComputedName:         "foo",
-			ComputedNameWithHost: "foo",
-		}
-		ms := newTestMapSession(t)
-
-		nm1 := ms.netmapForResponse(&tailcfg.MapResponse{
-			Node: someNode,
-		})
-		if nm1.SelfNode == nil {
-			t.Fatal("nil Node in 1st netmap")
-		}
-		if !reflect.DeepEqual(nm1.SelfNode, wantNode) {
-			j, _ := json.Marshal(nm1.SelfNode)
-			t.Errorf("Node mismatch in 1st netmap; got: %s", j)
-		}
-
-		nm2 := ms.netmapForResponse(&tailcfg.MapResponse{})
-		if nm2.SelfNode == nil {
-			t.Fatal("nil Node in 1st netmap")
-		}
-		if !reflect.DeepEqual(nm2.SelfNode, wantNode) {
-			j, _ := json.Marshal(nm2.SelfNode)
-			t.Errorf("Node mismatch in 2nd netmap; got: %s", j)
-		}
-	})
-}

control/controlclient/sign_supported.go

@@ -18,7 +18,7 @@ import (
 	"fmt"
 	"sync"
 
-	"github.com/tailscale/certstore"
+	"github.com/github/certstore"
 	"tailscale.com/tailcfg"
 	"tailscale.com/types/wgkey"
 	"tailscale.com/util/winutil"
@@ -51,46 +51,6 @@ var (
 	errBadRequest = errors.New("malformed request")
 )
 
-func isSupportedCertificate(cert *x509.Certificate) bool {
-	return cert.PublicKeyAlgorithm == x509.RSA
-}
-
-func isSubjectInChain(subject string, chain []*x509.Certificate) bool {
-	if len(chain) == 0 || chain[0] == nil {
-		return false
-	}
-
-	for _, c := range chain {
-		if c == nil {
-			continue
-		}
-		if c.Subject.String() == subject {
-			return true
-		}
-	}
-
-	return false
-}
-
-func selectIdentityFromSlice(subject string, ids []certstore.Identity) (certstore.Identity, []*x509.Certificate) {
-	for _, id := range ids {
-		chain, err := id.CertificateChain()
-		if err != nil {
-			continue
-		}
-
-		if !isSupportedCertificate(chain[0]) {
-			continue
-		}
-
-		if isSubjectInChain(subject, chain) {
-			return id, chain
-		}
-	}
-
-	return nil, nil
-}
-
 // findIdentity locates an identity from the Windows or Darwin certificate
 // store. It returns the first certificate with a matching Subject anywhere in
 // its certificate chain, so it is possible to search for the leaf certificate,
@@ -104,7 +64,26 @@ func findIdentity(subject string, st certstore.Store) (certstore.Identity, []*x5
 		return nil, nil, err
 	}
 
-	selected, chain := selectIdentityFromSlice(subject, ids)
+	var selected certstore.Identity
+	var chain []*x509.Certificate
+
+	for _, id := range ids {
+		chain, err = id.CertificateChain()
+		if err != nil {
+			continue
+		}
+
+		if chain[0].PublicKeyAlgorithm != x509.RSA {
+			continue
+		}
+
+		for _, c := range chain {
+			if c.Subject.String() == subject {
+				selected = id
+				break
+			}
+		}
+	}
 
 	for _, id := range ids {
 		if id != selected {

control/controlclient/status.go

@@ -1,105 +0,0 @@
-// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package controlclient
-
-import (
-	"encoding/json"
-	"fmt"
-	"reflect"
-
-	"tailscale.com/tailcfg"
-	"tailscale.com/types/empty"
-	"tailscale.com/types/netmap"
-	"tailscale.com/types/persist"
-	"tailscale.com/types/structs"
-)
-
-// State is the high-level state of the client. It is used only in
-// unit tests for proper sequencing, don't depend on it anywhere else.
-//
-// TODO(apenwarr): eliminate the state, as it's now obsolete.
-//
-// apenwarr: Historical note: controlclient.Auto was originally
-// intended to be the state machine for the whole tailscale client, but that
-// turned out to not be the right abstraction layer, and it moved to
-// ipn.Backend. Since ipn.Backend now has a state machine, it would be
-// much better if controlclient could be a simple stateless API. But the
-// current server-side API (two interlocking polling https calls) makes that
-// very hard to implement. A server side API change could untangle this and
-// remove all the statefulness.
-type State int
-
-const (
-	StateNew = State(iota)
-	StateNotAuthenticated
-	StateAuthenticating
-	StateURLVisitRequired
-	StateAuthenticated
-	StateSynchronized // connected and received map update
-)
-
-func (s State) MarshalText() ([]byte, error) {
-	return []byte(s.String()), nil
-}
-
-func (s State) String() string {
-	switch s {
-	case StateNew:
-		return "state:new"
-	case StateNotAuthenticated:
-		return "state:not-authenticated"
-	case StateAuthenticating:
-		return "state:authenticating"
-	case StateURLVisitRequired:
-		return "state:url-visit-required"
-	case StateAuthenticated:
-		return "state:authenticated"
-	case StateSynchronized:
-		return "state:synchronized"
-	default:
-		return fmt.Sprintf("state:unknown:%d", int(s))
-	}
-}
-
-type Status struct {
-	_              structs.Incomparable
-	LoginFinished  *empty.Message // nonempty when login finishes
-	LogoutFinished *empty.Message // nonempty when logout finishes
-	Err            string
-	URL            string             // interactive URL to visit to finish logging in
-	NetMap         *netmap.NetworkMap // server-pushed configuration
-
-	// The internal state should not be exposed outside this
-	// package, but we have some automated tests elsewhere that need to
-	// use them. Please don't use these fields.
-	// TODO(apenwarr): Unexport or remove these.
-	State    State
-	Persist  *persist.Persist  // locally persisted configuration
-	Hostinfo *tailcfg.Hostinfo // current Hostinfo data
-}
-
-// Equal reports whether s and s2 are equal.
-func (s *Status) Equal(s2 *Status) bool {
-	if s == nil && s2 == nil {
-		return true
-	}
-	return s != nil && s2 != nil &&
-		(s.LoginFinished == nil) == (s2.LoginFinished == nil) &&
-		(s.LogoutFinished == nil) == (s2.LogoutFinished == nil) &&
-		s.Err == s2.Err &&
-		s.URL == s2.URL &&
-		reflect.DeepEqual(s.Persist, s2.Persist) &&
-		reflect.DeepEqual(s.NetMap, s2.NetMap) &&
-		reflect.DeepEqual(s.Hostinfo, s2.Hostinfo) &&
-		s.State == s2.State
-}
-
-func (s Status) String() string {
-	b, err := json.MarshalIndent(s, "", "\t")
-	if err != nil {
-		panic(err)
-	}
-	return s.State.String() + " " + string(b)
-}

control/controlknobs/controlknobs.go

@@ -1,34 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package controlknobs contains client options configurable from control which can be turned on
-// or off. The ability to turn options on and off is for incrementally adding features in.
-package controlknobs
-
-import (
-	"os"
-	"strconv"
-
-	"tailscale.com/syncs"
-)
-
-// disableUPnP indicates whether to attempt UPnP mapping.
-var disableUPnP syncs.AtomicBool
-
-func init() {
-	v, _ := strconv.ParseBool(os.Getenv("TS_DISABLE_UPNP"))
-	SetDisableUPnP(v)
-}
-
-// DisableUPnP reports the last reported value from control
-// whether UPnP portmapping should be disabled.
-func DisableUPnP() bool {
-	return disableUPnP.Get()
-}
-
-// SetDisableUPnP sets whether control says that UPnP should be
-// disabled.
-func SetDisableUPnP(v bool) {
-	disableUPnP.Set(v)
-}

derp/derp_client.go

@@ -29,7 +29,6 @@ type Client struct {
 	br          *bufio.Reader
 	meshKey     string
 	canAckPings bool
-	isProber    bool
 
 	wmu sync.Mutex // hold while writing to bw
 	bw  *bufio.Writer
@@ -53,7 +52,6 @@ type clientOpt struct {
 	MeshKey     string
 	ServerPub   key.Public
 	CanAckPings bool
-	IsProber    bool
 }
 
 // MeshKey returns a ClientOpt to pass to the DERP server during connect to get
@@ -62,10 +60,6 @@ type clientOpt struct {
 // An empty key means to not use a mesh key.
 func MeshKey(key string) ClientOpt { return clientOptFunc(func(o *clientOpt) { o.MeshKey = key }) }
 
-// IsProber returns a ClientOpt to pass to the DERP server during connect to
-// declare that this client is a a prober.
-func IsProber(v bool) ClientOpt { return clientOptFunc(func(o *clientOpt) { o.IsProber = v }) }
-
 // ServerPublicKey returns a ClientOpt to declare that the server's DERP public key is known.
 // If key is the zero value, the returned ClientOpt is a no-op.
 func ServerPublicKey(key key.Public) ClientOpt {
@@ -99,7 +93,6 @@ func newClient(privateKey key.Private, nc Conn, brw *bufio.ReadWriter, logf logg
 		bw:          brw.Writer,
 		meshKey:     opt.MeshKey,
 		canAckPings: opt.CanAckPings,
-		isProber:    opt.IsProber,
 	}
 	if opt.ServerPub.IsZero() {
 		if err := c.recvServerKey(); err != nil {
@@ -167,9 +160,6 @@ type clientInfo struct {
 	// CanAckPings is whether the client declares it's able to ack
 	// pings.
 	CanAckPings bool
-
-	// IsProber is whether this client is a prober.
-	IsProber bool `json:",omitempty"`
 }
 
 func (c *Client) sendClientKey() error {
@@ -181,7 +171,6 @@ func (c *Client) sendClientKey() error {
 		Version:     ProtocolVersion,
 		MeshKey:     c.meshKey,
 		CanAckPings: c.canAckPings,
-		IsProber:    c.isProber,
 	})
 	if err != nil {
 		return err

derp/derp_server.go

@@ -20,25 +20,18 @@ import (
 	"io"
 	"io/ioutil"
 	"log"
-	"math"
 	"math/big"
 	"math/rand"
-	"net/http"
 	"os"
-	"os/exec"
 	"runtime"
 	"strconv"
 	"strings"
 	"sync"
-	"sync/atomic"
 	"time"
 
 	"go4.org/mem"
 	"golang.org/x/crypto/nacl/box"
 	"golang.org/x/sync/errgroup"
-	"golang.org/x/time/rate"
-	"inet.af/netaddr"
-	"tailscale.com/client/tailscale"
 	"tailscale.com/disco"
 	"tailscale.com/metrics"
 	"tailscale.com/types/key"
@@ -98,46 +91,42 @@ type Server struct {
 	metaCert    []byte // the encoded x509 cert to send after LetsEncrypt cert+intermediate
 
 	// Counters:
-	_                            [pad32bit]byte
-	packetsSent, bytesSent       expvar.Int
-	packetsRecv, bytesRecv       expvar.Int
-	packetsRecvByKind            metrics.LabelMap
-	packetsRecvDisco             *expvar.Int
-	packetsRecvOther             *expvar.Int
-	_                            [pad32bit]byte
-	packetsDropped               expvar.Int
-	packetsDroppedReason         metrics.LabelMap
-	packetsDroppedReasonCounters []*expvar.Int // indexed by dropReason
-	packetsDroppedType           metrics.LabelMap
-	packetsDroppedTypeDisco      *expvar.Int
-	packetsDroppedTypeOther      *expvar.Int
-	_                            [pad32bit]byte
-	packetsForwardedOut          expvar.Int
-	packetsForwardedIn           expvar.Int
-	peerGoneFrames               expvar.Int // number of peer gone frames sent
-	accepts                      expvar.Int
-	curClients                   expvar.Int
-	curHomeClients               expvar.Int // ones with preferred
-	clientsReplaced              expvar.Int
-	clientsReplaceLimited        expvar.Int
-	clientsReplaceSleeping       expvar.Int
-	unknownFrames                expvar.Int
-	homeMovesIn                  expvar.Int // established clients announce home server moves in
-	homeMovesOut                 expvar.Int // established clients announce home server moves out
-	multiForwarderCreated        expvar.Int
-	multiForwarderDeleted        expvar.Int
-	removePktForwardOther        expvar.Int
-	avgQueueDuration             *uint64 // In milliseconds; accessed atomically
+	_                        [pad32bit]byte
+	packetsSent, bytesSent   expvar.Int
+	packetsRecv, bytesRecv   expvar.Int
+	packetsRecvByKind        metrics.LabelMap
+	packetsRecvDisco         *expvar.Int
+	packetsRecvOther         *expvar.Int
+	_                        [pad32bit]byte
+	packetsDropped           expvar.Int
+	packetsDroppedReason     metrics.LabelMap
+	packetsDroppedUnknown    *expvar.Int // unknown dst pubkey
+	packetsDroppedFwdUnknown *expvar.Int // unknown dst pubkey on forward
+	packetsDroppedGone       *expvar.Int // dst conn shutting down
+	packetsDroppedQueueHead  *expvar.Int // queue full, drop head packet
+	packetsDroppedQueueTail  *expvar.Int // queue full, drop tail packet
+	packetsDroppedWrite      *expvar.Int // error writing to dst conn
+	_                        [pad32bit]byte
+	packetsForwardedOut      expvar.Int
+	packetsForwardedIn       expvar.Int
+	peerGoneFrames           expvar.Int // number of peer gone frames sent
+	accepts                  expvar.Int
+	curClients               expvar.Int
+	curHomeClients           expvar.Int // ones with preferred
+	clientsReplaced          expvar.Int
+	unknownFrames            expvar.Int
+	homeMovesIn              expvar.Int // established clients announce home server moves in
+	homeMovesOut             expvar.Int // established clients announce home server moves out
+	multiForwarderCreated    expvar.Int
+	multiForwarderDeleted    expvar.Int
+	removePktForwardOther    expvar.Int
 
-	// verifyClients only accepts client connections to the DERP server if the clientKey is a
-	// known peer in the network, as specified by a running tailscaled's client's local api.
-	verifyClients bool
-
-	mu       sync.Mutex
-	closed   bool
-	netConns map[Conn]chan struct{} // chan is closed when conn closes
-	clients  map[key.Public]*sclient
-	watchers map[*sclient]bool // mesh peer -> true
+	mu          sync.Mutex
+	closed      bool
+	netConns    map[Conn]chan struct{} // chan is closed when conn closes
+	clients     map[key.Public]*sclient
+	clientsEver map[key.Public]bool // never deleted from, for stats; fine for now
+	watchers    map[*sclient]bool   // mesh peer -> true
 	// clientsMesh tracks all clients in the cluster, both locally
 	// and to mesh peers.  If the value is nil, that means the
 	// peer is only local (and thus in the clients Map, but not
@@ -149,9 +138,6 @@ type Server struct {
 	// because it includes intra-region forwarded packets as the
 	// src.
 	sentTo map[key.Public]map[key.Public]int64 // src => dst => dst's latest sclient.connNum
-
-	// maps from netaddr.IPPort to a client's public key
-	keyOfAddr map[netaddr.IPPort]key.Public
 }
 
 // PacketForwarder is something that can forward packets.
@@ -189,29 +175,23 @@ func NewServer(privateKey key.Private, logf logger.Logf) *Server {
 		limitedLogf:          logger.RateLimitedFn(logf, 30*time.Second, 5, 100),
 		packetsRecvByKind:    metrics.LabelMap{Label: "kind"},
 		packetsDroppedReason: metrics.LabelMap{Label: "reason"},
-		packetsDroppedType:   metrics.LabelMap{Label: "type"},
 		clients:              map[key.Public]*sclient{},
+		clientsEver:          map[key.Public]bool{},
 		clientsMesh:          map[key.Public]PacketForwarder{},
 		netConns:             map[Conn]chan struct{}{},
 		memSys0:              ms.Sys,
 		watchers:             map[*sclient]bool{},
 		sentTo:               map[key.Public]map[key.Public]int64{},
-		avgQueueDuration:     new(uint64),
-		keyOfAddr:            map[netaddr.IPPort]key.Public{},
 	}
 	s.initMetacert()
 	s.packetsRecvDisco = s.packetsRecvByKind.Get("disco")
 	s.packetsRecvOther = s.packetsRecvByKind.Get("other")
-	s.packetsDroppedReasonCounters = []*expvar.Int{
-		s.packetsDroppedReason.Get("unknown_dest"),
-		s.packetsDroppedReason.Get("unknown_dest_on_fwd"),
-		s.packetsDroppedReason.Get("gone"),
-		s.packetsDroppedReason.Get("queue_head"),
-		s.packetsDroppedReason.Get("queue_tail"),
-		s.packetsDroppedReason.Get("write_error"),
-	}
-	s.packetsDroppedTypeDisco = s.packetsDroppedType.Get("disco")
-	s.packetsDroppedTypeOther = s.packetsDroppedType.Get("other")
+	s.packetsDroppedUnknown = s.packetsDroppedReason.Get("unknown_dest")
+	s.packetsDroppedFwdUnknown = s.packetsDroppedReason.Get("unknown_dest_on_fwd")
+	s.packetsDroppedGone = s.packetsDroppedReason.Get("gone")
+	s.packetsDroppedQueueHead = s.packetsDroppedReason.Get("queue_head")
+	s.packetsDroppedQueueTail = s.packetsDroppedReason.Get("queue_tail")
+	s.packetsDroppedWrite = s.packetsDroppedReason.Get("write_error")
 	return s
 }
 
@@ -223,13 +203,6 @@ func (s *Server) SetMeshKey(v string) {
 	s.meshKey = v
 }
 
-// SetVerifyClients sets whether this DERP server verifies clients through tailscaled.
-//
-// It must be called before serving begins.
-func (s *Server) SetVerifyClient(v bool) {
-	s.verifyClients = v
-}
-
 // HasMeshKey reports whether the server is configured with a mesh key.
 func (s *Server) HasMeshKey() bool { return s.meshKey != "" }
 
@@ -349,40 +322,25 @@ func (s *Server) initMetacert() {
 func (s *Server) MetaCert() []byte { return s.metaCert }
 
 // registerClient notes that client c is now authenticated and ready for packets.
-//
-// If c's public key was already connected with a different
-// connection, the prior one is closed, unless it's fighting rapidly
-// with another client with the same key, in which case the returned
-// ok is false, and the caller should wait the provided duration
-// before trying again.
-func (s *Server) registerClient(c *sclient) (ok bool, d time.Duration) {
+// If c's public key was already connected with a different connection, the prior one is closed.
+func (s *Server) registerClient(c *sclient) {
 	s.mu.Lock()
 	defer s.mu.Unlock()
 	old := s.clients[c.key]
 	if old == nil {
 		c.logf("adding connection")
 	} else {
-		// Take over the old rate limiter, discarding the one
-		// our caller just made.
-		c.replaceLimiter = old.replaceLimiter
-		if rr := c.replaceLimiter.ReserveN(timeNow(), 1); rr.OK() {
-			if d := rr.DelayFrom(timeNow()); d > 0 {
-				s.clientsReplaceLimited.Add(1)
-				return false, d
-			}
-		}
 		s.clientsReplaced.Add(1)
 		c.logf("adding connection, replacing %s", old.remoteAddr)
 		go old.nc.Close()
 	}
 	s.clients[c.key] = c
+	s.clientsEver[c.key] = true
 	if _, ok := s.clientsMesh[c.key]; !ok {
 		s.clientsMesh[c.key] = nil // just for varz of total users in cluster
 	}
-	s.keyOfAddr[c.remoteIPPort] = c.key
 	s.curClients.Add(1)
 	s.broadcastPeerStateChangeLocked(c.key, true)
-	return true, 0
 }
 
 // broadcastPeerStateChangeLocked enqueues a message to all watchers
@@ -415,8 +373,6 @@ func (s *Server) unregisterClient(c *sclient) {
 		delete(s.watchers, c)
 	}
 
-	delete(s.keyOfAddr, c.remoteIPPort)
-
 	s.curClients.Add(-1)
 	if c.preferred {
 		s.curHomeClients.Add(-1)
@@ -490,32 +446,21 @@ func (s *Server) accept(nc Conn, brw *bufio.ReadWriter, remoteAddr string, connN
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
-	remoteIPPort, _ := netaddr.ParseIPPort(remoteAddr)
-
 	c := &sclient{
-		connNum:        connNum,
-		s:              s,
-		key:            clientKey,
-		nc:             nc,
-		br:             br,
-		bw:             bw,
-		logf:           logger.WithPrefix(s.logf, fmt.Sprintf("derp client %v/%x: ", remoteAddr, clientKey)),
-		done:           ctx.Done(),
-		remoteAddr:     remoteAddr,
-		remoteIPPort:   remoteIPPort,
-		connectedAt:    time.Now(),
-		sendQueue:      make(chan pkt, perClientSendQueueDepth),
-		discoSendQueue: make(chan pkt, perClientSendQueueDepth),
-		peerGone:       make(chan key.Public),
-		canMesh:        clientInfo.MeshKey != "" && clientInfo.MeshKey == s.meshKey,
-
-		// Allow kicking out previous connections once a
-		// minute, with a very high burst of 100. Once a
-		// minute is less than the client's 2 minute
-		// inactivity timeout.
-		replaceLimiter: rate.NewLimiter(rate.Every(time.Minute), 100),
+		connNum:     connNum,
+		s:           s,
+		key:         clientKey,
+		nc:          nc,
+		br:          br,
+		bw:          bw,
+		logf:        logger.WithPrefix(s.logf, fmt.Sprintf("derp client %v/%x: ", remoteAddr, clientKey)),
+		done:        ctx.Done(),
+		remoteAddr:  remoteAddr,
+		connectedAt: time.Now(),
+		sendQueue:   make(chan pkt, perClientSendQueueDepth),
+		peerGone:    make(chan key.Public),
+		canMesh:     clientInfo.MeshKey != "" && clientInfo.MeshKey == s.meshKey,
 	}
-
 	if c.canMesh {
 		c.meshUpdate = make(chan struct{})
 	}
@@ -523,15 +468,7 @@ func (s *Server) accept(nc Conn, brw *bufio.ReadWriter, remoteAddr string, connN
 		c.info = *clientInfo
 	}
 
-	for {
-		ok, d := s.registerClient(c)
-		if ok {
-			break
-		}
-		s.clientsReplaceSleeping.Add(1)
-		timeSleep(d)
-		s.clientsReplaceSleeping.Add(-1)
-	}
+	s.registerClient(c)
 	defer s.unregisterClient(c)
 
 	err = s.sendServerInfo(bw, clientKey)
@@ -542,12 +479,6 @@ func (s *Server) accept(nc Conn, brw *bufio.ReadWriter, remoteAddr string, connN
 	return c.run(ctx)
 }
 
-// for testing
-var (
-	timeSleep = time.Sleep
-	timeNow   = time.Now
-)
-
 // run serves the client until there's an error.
 // If the client hangs up or the server is closed, run returns nil, otherwise run returns an error.
 func (c *sclient) run(ctx context.Context) error {
@@ -671,14 +602,17 @@ func (c *sclient) handleFrameForwardPacket(ft frameType, fl uint32) error {
 	s.mu.Unlock()
 
 	if dst == nil {
-		s.recordDrop(contents, srcKey, dstKey, dropReasonUnknownDestOnFwd)
+		s.packetsDropped.Add(1)
+		s.packetsDroppedFwdUnknown.Add(1)
+		if debug {
+			c.logf("dropping forwarded packet for unknown %x", dstKey)
+		}
 		return nil
 	}
 
 	return c.sendPkt(dst, pkt{
-		bs:         contents,
-		enqueuedAt: time.Now(),
-		src:        srcKey,
+		bs:  contents,
+		src: srcKey,
 	})
 }
 
@@ -722,53 +656,21 @@ func (c *sclient) handleFrameSendPacket(ft frameType, fl uint32) error {
 			}
 			return nil
 		}
-		s.recordDrop(contents, c.key, dstKey, dropReasonUnknownDest)
+		s.packetsDropped.Add(1)
+		s.packetsDroppedUnknown.Add(1)
+		if debug {
+			c.logf("dropping packet for unknown %x", dstKey)
+		}
 		return nil
 	}
 
 	p := pkt{
-		bs:         contents,
-		enqueuedAt: time.Now(),
-		src:        c.key,
+		bs:  contents,
+		src: c.key,
 	}
 	return c.sendPkt(dst, p)
 }
 
-// dropReason is why we dropped a DERP frame.
-type dropReason int
-
-//go:generate go run tailscale.com/cmd/addlicense -year 2021 -file dropreason_string.go stringer -type=dropReason -trimprefix=dropReason
-
-const (
-	dropReasonUnknownDest      dropReason = iota // unknown destination pubkey
-	dropReasonUnknownDestOnFwd                   // unknown destination pubkey on a derp-forwarded packet
-	dropReasonGone                               // destination tailscaled disconnected before we could send
-	dropReasonQueueHead                          // destination queue is full, dropped packet at queue head
-	dropReasonQueueTail                          // destination queue is full, dropped packet at queue tail
-	dropReasonWriteError                         // OS write() failed
-)
-
-func (s *Server) recordDrop(packetBytes []byte, srcKey, dstKey key.Public, reason dropReason) {
-	s.packetsDropped.Add(1)
-	s.packetsDroppedReasonCounters[reason].Add(1)
-	if disco.LooksLikeDiscoWrapper(packetBytes) {
-		s.packetsDroppedTypeDisco.Add(1)
-	} else {
-		s.packetsDroppedTypeOther.Add(1)
-	}
-	if verboseDropKeys[dstKey] {
-		// Preformat the log string prior to calling limitedLogf. The
-		// limiter acts based on the format string, and we want to
-		// rate-limit per src/dst keys, not on the generic "dropped
-		// stuff" message.
-		msg := fmt.Sprintf("drop (%s) %s -> %s", srcKey.ShortString(), reason, dstKey.ShortString())
-		s.limitedLogf(msg)
-	}
-	if debug {
-		s.logf("dropping packet reason=%s dst=%s disco=%v", reason, dstKey, disco.LooksLikeDiscoWrapper(packetBytes))
-	}
-}
-
 func (c *sclient) sendPkt(dst *sclient, p pkt) error {
 	s := c.s
 	dstKey := dst.key
@@ -776,34 +678,53 @@ func (c *sclient) sendPkt(dst *sclient, p pkt) error {
 	// Attempt to queue for sending up to 3 times. On each attempt, if
 	// the queue is full, try to drop from queue head to prioritize
 	// fresher packets.
-	sendQueue := dst.sendQueue
-	if disco.LooksLikeDiscoWrapper(p.bs) {
-		sendQueue = dst.discoSendQueue
-	}
 	for attempt := 0; attempt < 3; attempt++ {
 		select {
 		case <-dst.done:
-			s.recordDrop(p.bs, c.key, dstKey, dropReasonGone)
+			s.packetsDropped.Add(1)
+			s.packetsDroppedGone.Add(1)
+			if debug {
+				c.logf("dropping packet for shutdown client %x", dstKey)
+			}
 			return nil
 		default:
 		}
 		select {
-		case sendQueue <- p:
+		case dst.sendQueue <- p:
 			return nil
 		default:
 		}
 
 		select {
-		case pkt := <-sendQueue:
-			s.recordDrop(pkt.bs, c.key, dstKey, dropReasonQueueHead)
-			c.recordQueueTime(pkt.enqueuedAt)
+		case <-dst.sendQueue:
+			s.packetsDropped.Add(1)
+			s.packetsDroppedQueueHead.Add(1)
+			if verboseDropKeys[dstKey] {
+				// Generate a full string including src and dst, so
+				// the limiter kicks in once per src.
+				msg := fmt.Sprintf("tail drop %s -> %s", p.src.ShortString(), dstKey.ShortString())
+				c.s.limitedLogf(msg)
+			}
+			if debug {
+				c.logf("dropping packet from client %x queue head", dstKey)
+			}
 		default:
 		}
 	}
 	// Failed to make room for packet. This can happen in a heavily
 	// contended queue with racing writers. Give up and tail-drop in
 	// this case to keep reader unblocked.
-	s.recordDrop(p.bs, c.key, dstKey, dropReasonQueueTail)
+	s.packetsDropped.Add(1)
+	s.packetsDroppedQueueTail.Add(1)
+	if verboseDropKeys[dstKey] {
+		// Generate a full string including src and dst, so
+		// the limiter kicks in once per src.
+		msg := fmt.Sprintf("head drop %s -> %s", p.src.ShortString(), dstKey.ShortString())
+		c.s.limitedLogf(msg)
+	}
+	if debug {
+		c.logf("dropping packet from client %x queue tail", dstKey)
+	}
 
 	return nil
 }
@@ -829,20 +750,8 @@ func (c *sclient) requestMeshUpdate() {
 }
 
 func (s *Server) verifyClient(clientKey key.Public, info *clientInfo) error {
-	if !s.verifyClients {
-		return nil
-	}
-	status, err := tailscale.Status(context.TODO())
-	if err != nil {
-		return fmt.Errorf("failed to query local tailscaled status: %w", err)
-	}
-	if clientKey == status.Self.PublicKey {
-		return nil
-	}
-	if _, exists := status.Peer[clientKey]; !exists {
-		return fmt.Errorf("client %v not in set of peers", clientKey)
-	}
-	// TODO(bradfitz): add policy for configurable bandwidth rate per client?
+	// TODO(crawshaw): implement policy constraints on who can use the DERP server
+	// TODO(bradfitz): ... and at what rate.
 	return nil
 }
 
@@ -976,25 +885,18 @@ func (s *Server) recvForwardPacket(br *bufio.Reader, frameLen uint32) (srcKey, d
 // (The "s" prefix is to more explicitly distinguish it from Client in derp_client.go)
 type sclient struct {
 	// Static after construction.
-	connNum        int64 // process-wide unique counter, incremented each Accept
-	s              *Server
-	nc             Conn
-	key            key.Public
-	info           clientInfo
-	logf           logger.Logf
-	done           <-chan struct{} // closed when connection closes
-	remoteAddr     string          // usually ip:port from net.Conn.RemoteAddr().String()
-	remoteIPPort   netaddr.IPPort  // zero if remoteAddr is not ip:port.
-	sendQueue      chan pkt        // packets queued to this client; never closed
-	discoSendQueue chan pkt        // important packets queued to this client; never closed
-	peerGone       chan key.Public // write request that a previous sender has disconnected (not used by mesh peers)
-	meshUpdate     chan struct{}   // write request to write peerStateChange
-	canMesh        bool            // clientInfo had correct mesh token for inter-region routing
-
-	// replaceLimiter controls how quickly two connections with
-	// the same client key can kick each other off the server by
-	// taking over ownership of a key.
-	replaceLimiter *rate.Limiter
+	connNum    int64 // process-wide unique counter, incremented each Accept
+	s          *Server
+	nc         Conn
+	key        key.Public
+	info       clientInfo
+	logf       logger.Logf
+	done       <-chan struct{} // closed when connection closes
+	remoteAddr string          // usually ip:port from net.Conn.RemoteAddr().String()
+	sendQueue  chan pkt        // packets queued to this client; never closed
+	peerGone   chan key.Public // write request that a previous sender has disconnected (not used by mesh peers)
+	meshUpdate chan struct{}   // write request to write peerStateChange
+	canMesh    bool            // clientInfo had correct mesh token for inter-region routing
 
 	// Owned by run, not thread-safe.
 	br          *bufio.Reader
@@ -1025,13 +927,11 @@ type pkt struct {
 	// src is the who's the sender of the packet.
 	src key.Public
 
-	// enqueuedAt is when a packet was put onto a queue before it was sent,
-	// and is used for reporting metrics on the duration of packets in the queue.
-	enqueuedAt time.Time
-
 	// bs is the data packet bytes.
 	// The memory is owned by pkt.
 	bs []byte
+
+	// TODO(danderson): enqueue time, to measure queue latency?
 }
 
 func (c *sclient) setPreferred(v bool) {
@@ -1059,25 +959,6 @@ func (c *sclient) setPreferred(v bool) {
 	}
 }
 
-// expMovingAverage returns the new moving average given the previous average,
-// a new value, and an alpha decay factor.
-// https://en.wikipedia.org/wiki/Moving_average#Exponential_moving_average
-func expMovingAverage(prev, newValue, alpha float64) float64 {
-	return alpha*newValue + (1-alpha)*prev
-}
-
-// recordQueueTime updates the average queue duration metric after a packet has been sent.
-func (c *sclient) recordQueueTime(enqueuedAt time.Time) {
-	elapsed := float64(time.Since(enqueuedAt).Milliseconds())
-	for {
-		old := atomic.LoadUint64(c.s.avgQueueDuration)
-		newAvg := expMovingAverage(math.Float64frombits(old), elapsed, 0.1)
-		if atomic.CompareAndSwapUint64(c.s.avgQueueDuration, old, math.Float64bits(newAvg)) {
-			break
-		}
-	}
-}
-
 func (c *sclient) sendLoop(ctx context.Context) error {
 	defer func() {
 		// If the sender shuts down unilaterally due to an error, close so
@@ -1087,10 +968,12 @@ func (c *sclient) sendLoop(ctx context.Context) error {
 		// Drain the send queue to count dropped packets
 		for {
 			select {
-			case pkt := <-c.sendQueue:
-				c.s.recordDrop(pkt.bs, pkt.src, c.key, dropReasonGone)
-			case pkt := <-c.discoSendQueue:
-				c.s.recordDrop(pkt.bs, pkt.src, c.key, dropReasonGone)
+			case <-c.sendQueue:
+				c.s.packetsDropped.Add(1)
+				c.s.packetsDroppedGone.Add(1)
+				if debug {
+					c.logf("dropping packet for shutdown %x", c.key)
+				}
 			default:
 				return
 			}
@@ -1119,11 +1002,6 @@ func (c *sclient) sendLoop(ctx context.Context) error {
 			continue
 		case msg := <-c.sendQueue:
 			werr = c.sendPacket(msg.src, msg.bs)
-			c.recordQueueTime(msg.enqueuedAt)
-			continue
-		case msg := <-c.discoSendQueue:
-			werr = c.sendPacket(msg.src, msg.bs)
-			c.recordQueueTime(msg.enqueuedAt)
 			continue
 		case <-keepAliveTick.C:
 			werr = c.sendKeepAlive()
@@ -1147,10 +1025,6 @@ func (c *sclient) sendLoop(ctx context.Context) error {
 			continue
 		case msg := <-c.sendQueue:
 			werr = c.sendPacket(msg.src, msg.bs)
-			c.recordQueueTime(msg.enqueuedAt)
-		case msg := <-c.discoSendQueue:
-			werr = c.sendPacket(msg.src, msg.bs)
-			c.recordQueueTime(msg.enqueuedAt)
 		case <-keepAliveTick.C:
 			werr = c.sendKeepAlive()
 		}
@@ -1240,7 +1114,11 @@ func (c *sclient) sendPacket(srcKey key.Public, contents []byte) (err error) {
 	defer func() {
 		// Stats update.
 		if err != nil {
-			c.s.recordDrop(contents, srcKey, c.key, dropReasonWriteError)
+			c.s.packetsDropped.Add(1)
+			c.s.packetsDroppedWrite.Add(1)
+			if debug {
+				c.logf("dropping packet to %x: %v", c.key, err)
+			}
 		} else {
 			c.s.packetsSent.Add(1)
 			c.s.bytesSent.Add(int64(len(contents)))
@@ -1386,6 +1264,7 @@ func (s *Server) expVarFunc(f func() interface{}) expvar.Func {
 // ExpVar returns an expvar variable suitable for registering with expvar.Publish.
 func (s *Server) ExpVar() expvar.Var {
 	m := new(metrics.Set)
+	m.Set("counter_unique_clients_ever", s.expVarFunc(func() interface{} { return len(s.clientsEver) }))
 	m.Set("gauge_memstats_sys0", expvar.Func(func() interface{} { return int64(s.memSys0) }))
 	m.Set("gauge_watchers", s.expVarFunc(func() interface{} { return len(s.watchers) }))
 	m.Set("gauge_current_connections", &s.curClients)
@@ -1395,13 +1274,10 @@ func (s *Server) ExpVar() expvar.Var {
 	m.Set("gauge_clients_remote", expvar.Func(func() interface{} { return len(s.clientsMesh) - len(s.clients) }))
 	m.Set("accepts", &s.accepts)
 	m.Set("clients_replaced", &s.clientsReplaced)
-	m.Set("clients_replace_limited", &s.clientsReplaceLimited)
-	m.Set("gauge_clients_replace_sleeping", &s.clientsReplaceSleeping)
 	m.Set("bytes_received", &s.bytesRecv)
 	m.Set("bytes_sent", &s.bytesSent)
 	m.Set("packets_dropped", &s.packetsDropped)
 	m.Set("counter_packets_dropped_reason", &s.packetsDroppedReason)
-	m.Set("counter_packets_dropped_type", &s.packetsDroppedType)
 	m.Set("counter_packets_received_kind", &s.packetsRecvByKind)
 	m.Set("packets_sent", &s.packetsSent)
 	m.Set("packets_received", &s.packetsRecv)
@@ -1414,9 +1290,6 @@ func (s *Server) ExpVar() expvar.Var {
 	m.Set("multiforwarder_created", &s.multiForwarderCreated)
 	m.Set("multiforwarder_deleted", &s.multiForwarderDeleted)
 	m.Set("packet_forwarder_delete_other_value", &s.removePktForwardOther)
-	m.Set("average_queue_duration_ms", expvar.Func(func() interface{} {
-		return math.Float64frombits(atomic.LoadUint64(s.avgQueueDuration))
-	}))
 	var expvarVersion expvar.String
 	expvarVersion.Set(version.Long)
 	m.Set("version", &expvarVersion)
@@ -1492,84 +1365,3 @@ func writePublicKey(bw *bufio.Writer, key *key.Public) error {
 	}
 	return nil
 }
-
-const minTimeBetweenLogs = 2 * time.Second
-
-// BytesSentRecv records the number of bytes that have been sent since the last traffic check
-// for a given process, as well as the public key of the process sending those bytes.
-type BytesSentRecv struct {
-	Sent uint64
-	Recv uint64
-	// Key is the public key of the client which sent/received these bytes.
-	Key key.Public
-}
-
-// parseSSOutput parses the output from the specific call to ss in ServeDebugTraffic.
-// Separated out for ease of testing.
-func parseSSOutput(raw string) map[netaddr.IPPort]BytesSentRecv {
-	newState := map[netaddr.IPPort]BytesSentRecv{}
-	// parse every 2 lines and get src and dst ips, and kv pairs
-	lines := strings.Split(raw, "\n")
-	for i := 0; i < len(lines); i += 2 {
-		ipInfo := strings.Fields(strings.TrimSpace(lines[i]))
-		if len(ipInfo) < 5 {
-			continue
-		}
-		src, err := netaddr.ParseIPPort(ipInfo[4])
-		if err != nil {
-			continue
-		}
-		stats := strings.Fields(strings.TrimSpace(lines[i+1]))
-		stat := BytesSentRecv{}
-		for _, s := range stats {
-			if strings.Contains(s, "bytes_sent") {
-				sent, err := strconv.Atoi(s[strings.Index(s, ":")+1:])
-				if err == nil {
-					stat.Sent = uint64(sent)
-				}
-			} else if strings.Contains(s, "bytes_received") {
-				recv, err := strconv.Atoi(s[strings.Index(s, ":")+1:])
-				if err == nil {
-					stat.Recv = uint64(recv)
-				}
-			}
-		}
-		newState[src] = stat
-	}
-	return newState
-}
-
-func (s *Server) ServeDebugTraffic(w http.ResponseWriter, r *http.Request) {
-	prevState := map[netaddr.IPPort]BytesSentRecv{}
-	enc := json.NewEncoder(w)
-	for r.Context().Err() == nil {
-		output, err := exec.Command("ss", "-i", "-H", "-t").Output()
-		if err != nil {
-			fmt.Fprintf(w, "ss failed: %v", err)
-			return
-		}
-		newState := parseSSOutput(string(output))
-		s.mu.Lock()
-		for k, next := range newState {
-			prev := prevState[k]
-			if prev.Sent < next.Sent || prev.Recv < next.Recv {
-				if pkey, ok := s.keyOfAddr[k]; ok {
-					next.Key = pkey
-					if err := enc.Encode(next); err != nil {
-						s.mu.Unlock()
-						return
-					}
-				}
-			}
-		}
-		s.mu.Unlock()
-		prevState = newState
-		if _, err := fmt.Fprintln(w); err != nil {
-			return
-		}
-		if f, ok := w.(http.Flusher); ok {
-			f.Flush()
-		}
-		time.Sleep(minTimeBetweenLogs)
-	}
-}

derp/derp_test.go

@@ -23,7 +23,6 @@ import (
 	"testing"
 	"time"
 
-	"golang.org/x/time/rate"
 	"tailscale.com/net/nettest"
 	"tailscale.com/types/key"
 	"tailscale.com/types/logger"
@@ -410,7 +409,7 @@ func TestSendFreeze(t *testing.T) {
 	for i := 0; i < cap(errCh); i++ {
 		err := <-errCh
 		if err != nil {
-			if errors.Is(err, io.EOF) || errors.Is(err, net.ErrClosed) {
+			if errors.Is(err, io.EOF) {
 				continue
 			}
 			t.Error(err)
@@ -850,136 +849,6 @@ func TestClientSendPong(t *testing.T) {
 
 }
 
-func TestServerReplaceClients(t *testing.T) {
-	defer func() {
-		timeSleep = time.Sleep
-		timeNow = time.Now
-	}()
-
-	var (
-		mu     sync.Mutex
-		now    = time.Unix(123, 0)
-		sleeps int
-		slept  time.Duration
-	)
-	timeSleep = func(d time.Duration) {
-		mu.Lock()
-		defer mu.Unlock()
-		sleeps++
-		slept += d
-		now = now.Add(d)
-	}
-	timeNow = func() time.Time {
-		mu.Lock()
-		defer mu.Unlock()
-		return now
-	}
-
-	serverPrivateKey := newPrivateKey(t)
-	var logger logger.Logf = logger.Discard
-	const debug = false
-	if debug {
-		logger = t.Logf
-	}
-
-	s := NewServer(serverPrivateKey, logger)
-	defer s.Close()
-
-	priv := newPrivateKey(t)
-
-	ln, err := net.Listen("tcp", "127.0.0.1:0")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer ln.Close()
-
-	connNum := 0
-	connect := func() *Client {
-		connNum++
-		cout, err := net.Dial("tcp", ln.Addr().String())
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		cin, err := ln.Accept()
-		if err != nil {
-			t.Fatal(err)
-		}
-
-		brwServer := bufio.NewReadWriter(bufio.NewReader(cin), bufio.NewWriter(cin))
-		go s.Accept(cin, brwServer, fmt.Sprintf("test-client-%d", connNum))
-
-		brw := bufio.NewReadWriter(bufio.NewReader(cout), bufio.NewWriter(cout))
-		c, err := NewClient(priv, cout, brw, logger)
-		if err != nil {
-			t.Fatalf("client %d: %v", connNum, err)
-		}
-		return c
-	}
-
-	wantVar := func(v *expvar.Int, want int64) {
-		t.Helper()
-		if got := v.Value(); got != want {
-			t.Errorf("got %d; want %d", got, want)
-		}
-	}
-
-	wantClosed := func(c *Client) {
-		t.Helper()
-		for {
-			m, err := c.Recv()
-			if err != nil {
-				t.Logf("got expected error: %v", err)
-				return
-			}
-			switch m.(type) {
-			case ServerInfoMessage:
-				continue
-			default:
-				t.Fatalf("client got %T; wanted an error", m)
-			}
-		}
-	}
-
-	c1 := connect()
-	waitConnect(t, c1)
-	c2 := connect()
-	waitConnect(t, c2)
-	wantVar(&s.clientsReplaced, 1)
-	wantClosed(c1)
-
-	for i := 0; i < 100+5; i++ {
-		c := connect()
-		defer c.nc.Close()
-		if s.clientsReplaceLimited.Value() == 0 && i < 90 {
-			continue
-		}
-		t.Logf("for %d: replaced=%d, limited=%d, sleeping=%d", i,
-			s.clientsReplaced.Value(),
-			s.clientsReplaceLimited.Value(),
-			s.clientsReplaceSleeping.Value(),
-		)
-	}
-
-	mu.Lock()
-	defer mu.Unlock()
-	if sleeps == 0 {
-		t.Errorf("no sleeps")
-	}
-	if slept == 0 {
-		t.Errorf("total sleep duration was 0")
-	}
-}
-
-func TestLimiter(t *testing.T) {
-	rl := rate.NewLimiter(rate.Every(time.Minute), 100)
-	for i := 0; i < 200; i++ {
-		r := rl.Reserve()
-		d := r.Delay()
-		t.Logf("i=%d, allow=%v, d=%v", i, r.OK(), d)
-	}
-}
-
 func BenchmarkSendRecv(b *testing.B) {
 	for _, size := range []int{10, 100, 1000, 10000} {
 		b.Run(fmt.Sprintf("msgsize=%d", size), func(b *testing.B) { benchmarkSendRecvSize(b, size) })
@@ -1079,14 +948,3 @@ func waitConnect(t testing.TB, c *Client) {
 		t.Fatalf("client first Recv was unexpected type %T", v)
 	}
 }
-
-func TestParseSSOutput(t *testing.T) {
-	contents, err := ioutil.ReadFile("testdata/example_ss.txt")
-	if err != nil {
-		t.Errorf("ioutil.Readfile(example_ss.txt) failed: %v", err)
-	}
-	seen := parseSSOutput(string(contents))
-	if len(seen) == 0 {
-		t.Errorf("parseSSOutput expected non-empty map")
-	}
-}

derp/derphttp/derphttp_client.go

@@ -50,7 +50,6 @@ type Client struct {
 	TLSConfig *tls.Config        // optional; nil means default
 	DNSCache  *dnscache.Resolver // optional; nil means no caching
 	MeshKey   string             // optional; for trusted clients
-	IsProber  bool               // optional; for probers to optional declare themselves as such
 
 	privateKey key.Private
 	logf       logger.Logf
@@ -131,11 +130,6 @@ func (c *Client) ServerPublicKey() key.Public {
 	return c.serverPubKey
 }
 
-// SelfPublicKey returns our own public key.
-func (c *Client) SelfPublicKey() key.Public {
-	return c.privateKey.Public()
-}
-
 func urlPort(u *url.URL) string {
 	if p := u.Port(); p != "" {
 		return p
@@ -344,7 +338,6 @@ func (c *Client) connect(ctx context.Context, caller string) (client *derp.Clien
 		derp.MeshKey(c.MeshKey),
 		derp.ServerPublicKey(serverPub),
 		derp.CanAckPings(c.canAckPings),
-		derp.IsProber(c.IsProber),
 	)
 	if err != nil {
 		return nil, 0, err
@@ -370,7 +363,7 @@ func (c *Client) dialURL(ctx context.Context) (net.Conn, error) {
 	dialer := netns.NewDialer()
 
 	if c.DNSCache != nil {
-		ip, _, _, err := c.DNSCache.LookupIP(ctx, host)
+		ip, _, err := c.DNSCache.LookupIP(ctx, host)
 		if err == nil {
 			hostOrIP = ip.String()
 		}
@@ -417,7 +410,9 @@ func (c *Client) dialRegion(ctx context.Context, reg *tailcfg.DERPRegion) (net.C
 func (c *Client) tlsClient(nc net.Conn, node *tailcfg.DERPNode) *tls.Conn {
 	tlsConf := tlsdial.Config(c.tlsServerName(node), c.TLSConfig)
 	if node != nil {
-		tlsConf.InsecureSkipVerify = node.InsecureForTests
+		if node.DERPTestPort != 0 {
+			tlsConf.InsecureSkipVerify = true
+		}
 		if node.CertName != "" {
 			tlsdial.SetConfigExpectedCert(tlsConf, node.CertName)
 		}
@@ -516,8 +511,8 @@ func (c *Client) dialNode(ctx context.Context, n *tailcfg.DERPNode) (net.Conn, e
 				dst = n.HostName
 			}
 			port := "443"
-			if n.DERPPort != 0 {
-				port = fmt.Sprint(n.DERPPort)
+			if n.DERPTestPort != 0 {
+				port = fmt.Sprint(n.DERPTestPort)
 			}
 			c, err := c.dialContext(ctx, proto, net.JoinHostPort(dst, port))
 			select {

derp/derpmap/derpmap.go

@@ -0,0 +1,88 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package derpmap contains information about Tailscale.com's production DERP nodes.
+//
+// This package is only used by the "tailscale netcheck" command for debugging.
+// In normal operation the Tailscale nodes get this sent to them from the control
+// server.
+//
+// TODO: remove this package and make "tailscale netcheck" get the
+// list from the control server too.
+package derpmap
+
+import (
+	"fmt"
+	"strings"
+
+	"tailscale.com/tailcfg"
+)
+
+func derpNode(suffix, v4, v6 string) *tailcfg.DERPNode {
+	return &tailcfg.DERPNode{
+		Name:     suffix, // updated later
+		RegionID: 0,      // updated later
+		IPv4:     v4,
+		IPv6:     v6,
+	}
+}
+
+func derpRegion(id int, code, name string, nodes ...*tailcfg.DERPNode) *tailcfg.DERPRegion {
+	region := &tailcfg.DERPRegion{
+		RegionID:   id,
+		RegionName: name,
+		RegionCode: code,
+		Nodes:      nodes,
+	}
+	for _, n := range nodes {
+		n.Name = fmt.Sprintf("%d%s", id, n.Name)
+		n.RegionID = id
+		n.HostName = fmt.Sprintf("derp%s.tailscale.com", strings.TrimSuffix(n.Name, "a"))
+	}
+	return region
+}
+
+// Prod returns Tailscale's map of relay servers.
+//
+// This list is only used by cmd/tailscale's netcheck subcommand. In
+// normal operation the Tailscale nodes get this sent to them from the
+// control server.
+//
+// This list is subject to change and should not be relied on.
+func Prod() *tailcfg.DERPMap {
+	return &tailcfg.DERPMap{
+		Regions: map[int]*tailcfg.DERPRegion{
+			1: derpRegion(1, "nyc", "New York City",
+				derpNode("a", "159.89.225.99", "2604:a880:400:d1::828:b001"),
+			),
+			2: derpRegion(2, "sfo", "San Francisco",
+				derpNode("a", "167.172.206.31", "2604:a880:2:d1::c5:7001"),
+			),
+			3: derpRegion(3, "sin", "Singapore",
+				derpNode("a", "68.183.179.66", "2400:6180:0:d1::67d:8001"),
+			),
+			4: derpRegion(4, "fra", "Frankfurt",
+				derpNode("a", "167.172.182.26", "2a03:b0c0:3:e0::36e:9001"),
+			),
+			5: derpRegion(5, "syd", "Sydney",
+				derpNode("a", "103.43.75.49", "2001:19f0:5801:10b7:5400:2ff:feaa:284c"),
+			),
+			6: derpRegion(6, "blr", "Bangalore",
+				derpNode("a", "68.183.90.120", "2400:6180:100:d0::982:d001"),
+			),
+			7: derpRegion(7, "tok", "Tokyo",
+				derpNode("a", "167.179.89.145", "2401:c080:1000:467f:5400:2ff:feee:22aa"),
+			),
+			8: derpRegion(8, "lhr", "London",
+				derpNode("a", "167.71.139.179", "2a03:b0c0:1:e0::3cc:e001"),
+			),
+			9: derpRegion(9, "dfw", "Dallas",
+				derpNode("a", "207.148.3.137", "2001:19f0:6401:1d9c:5400:2ff:feef:bb82"),
+			),
+			10: derpRegion(10, "sea", "Seattle",
+				derpNode("a", "137.220.36.168", "2001:19f0:8001:2d9:5400:2ff:feef:bbb1"),
+			),
+		},
+	}
+}

derp/dropreason_string.go

@@ -1,32 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Code generated by "stringer -type=dropReason -trimprefix=dropReason"; DO NOT EDIT.
-
-package derp
-
-import "strconv"
-
-func _() {
-	// An "invalid array index" compiler error signifies that the constant values have changed.
-	// Re-run the stringer command to generate them again.
-	var x [1]struct{}
-	_ = x[dropReasonUnknownDest-0]
-	_ = x[dropReasonUnknownDestOnFwd-1]
-	_ = x[dropReasonGone-2]
-	_ = x[dropReasonQueueHead-3]
-	_ = x[dropReasonQueueTail-4]
-	_ = x[dropReasonWriteError-5]
-}
-
-const _dropReason_name = "UnknownDestUnknownDestOnFwdGoneQueueHeadQueueTailWriteError"
-
-var _dropReason_index = [...]uint8{0, 11, 27, 31, 40, 49, 59}
-
-func (i dropReason) String() string {
-	if i < 0 || i >= dropReason(len(_dropReason_index)-1) {
-		return "dropReason(" + strconv.FormatInt(int64(i), 10) + ")"
-	}
-	return _dropReason_name[_dropReason_index[i]:_dropReason_index[i+1]]
-}

derp/testdata/example_ss.txt

@@ -1,8 +0,0 @@
-ESTAB 0      0       10.255.1.11:35238  34.210.105.16:https
-         cubic wscale:7,7 rto:236 rtt:34.14/3.432 ato:40 mss:1448 pmtu:1500 rcvmss:1448 advmss:1448 cwnd:8 ssthresh:6 bytes_sent:38056577 bytes_retrans:2918 bytes_acked:38053660 bytes_received:6973211 segs_out:165090 segs_in:124227 data_segs_out:78018 data_segs_in:71645 send 2.71Mbps lastsnd:1156 lastrcv:1120 lastack:1120 pacing_rate 3.26Mbps delivery_rate 2.35Mbps delivered:78017 app_limited busy:2586132ms retrans:0/6 dsack_dups:4 reordering:5 reord_seen:15 rcv_rtt:126355 rcv_space:65780 rcv_ssthresh:541928 minrtt:26.632
-ESTAB 0      80     100.79.58.14:ssh    100.95.73.104:58145
-         cubic wscale:6,7 rto:224 rtt:23.051/2.03 ato:172 mss:1228 pmtu:1280 rcvmss:1228 advmss:1228 cwnd:10 ssthresh:94 bytes_sent:1591815 bytes_retrans:944 bytes_acked:1590791 bytes_received:158925 segs_out:8070 segs_in:8858 data_segs_out:7452 data_segs_in:3789 send 4.26Mbps lastsnd:4 lastrcv:4 lastack:4 pacing_rate 8.52Mbps delivery_rate 10.9Mbps delivered:7451 app_limited busy:61656ms unacked:2 retrans:0/10 dsack_dups:10 rcv_rtt:174712 rcv_space:65025 rcv_ssthresh:64296 minrtt:16.186                                   
-ESTAB 0      374     10.255.1.11:43254 167.172.206.31:https
-         cubic wscale:7,7 rto:224 rtt:22.55/1.941 ato:40 mss:1448 pmtu:1500 rcvmss:1448 advmss:1448 cwnd:6 ssthresh:4 bytes_sent:14594668 bytes_retrans:173314 bytes_acked:14420981 bytes_received:4207111 segs_out:80566 segs_in:70310 data_segs_out:24317 data_segs_in:20365 send 3.08Mbps lastsnd:4 lastrcv:4 lastack:4 pacing_rate 3.7Mbps delivery_rate 3.05Mbps delivered:24111 app_limited busy:184820ms unacked:2 retrans:0/185 dsack_dups:1 reord_seen:3 rcv_rtt:651.262 rcv_space:226657 rcv_ssthresh:1557136 minrtt:10.18           
-ESTAB 0      0       10.255.1.11:33036    3.121.18.47:https
-         cubic wscale:7,7 rto:372 rtt:168.408/2.044 ato:40 mss:1448 pmtu:1500 rcvmss:1448 advmss:1448 cwnd:10 bytes_sent:27500 bytes_acked:27501 bytes_received:1386524 segs_out:10990 segs_in:11037 data_segs_out:303 data_segs_in:3414 send 688kbps lastsnd:125776 lastrcv:9640 lastack:22760 pacing_rate 1.38Mbps delivery_rate 482kbps delivered:304 app_limited busy:43024ms rcv_rtt:3345.12 rcv_space:62431 rcv_ssthresh:760472 minrtt:168.867

disco/disco.go

@@ -147,9 +147,9 @@ const epLength = 16 + 2 // 16 byte IP address + 2 byte port
 func (m *CallMeMaybe) AppendMarshal(b []byte) []byte {
 	ret, p := appendMsgHeader(b, TypeCallMeMaybe, v0, epLength*len(m.MyNumber))
 	for _, ipp := range m.MyNumber {
-		a := ipp.IP().As16()
+		a := ipp.IP.As16()
 		copy(p[:], a[:])
-		binary.BigEndian.PutUint16(p[16:], ipp.Port())
+		binary.BigEndian.PutUint16(p[16:], ipp.Port)
 		p = p[epLength:]
 	}
 	return ret
@@ -164,9 +164,10 @@ func parseCallMeMaybe(ver uint8, p []byte) (m *CallMeMaybe, err error) {
 	for len(p) > 0 {
 		var a [16]byte
 		copy(a[:], p)
-		m.MyNumber = append(m.MyNumber, netaddr.IPPortFrom(
-			netaddr.IPFrom16(a),
-			binary.BigEndian.Uint16(p[16:18])))
+		m.MyNumber = append(m.MyNumber, netaddr.IPPort{
+			IP:   netaddr.IPFrom16(a),
+			Port: binary.BigEndian.Uint16(p[16:18]),
+		})
 		p = p[epLength:]
 	}
 	return m, nil
@@ -186,9 +187,9 @@ const pongLen = 12 + 16 + 2
 func (m *Pong) AppendMarshal(b []byte) []byte {
 	ret, d := appendMsgHeader(b, TypePong, v0, pongLen)
 	d = d[copy(d, m.TxID[:]):]
-	ip16 := m.Src.IP().As16()
+	ip16 := m.Src.IP.As16()
 	d = d[copy(d, ip16[:]):]
-	binary.BigEndian.PutUint16(d, m.Src.Port())
+	binary.BigEndian.PutUint16(d, m.Src.Port)
 	return ret
 }
 
@@ -200,10 +201,10 @@ func parsePong(ver uint8, p []byte) (m *Pong, err error) {
 	copy(m.TxID[:], p)
 	p = p[12:]
 
-	srcIP, _ := netaddr.FromStdIP(net.IP(p[:16]))
+	m.Src.IP, _ = netaddr.FromStdIP(net.IP(p[:16]))
 	p = p[16:]
-	port := binary.BigEndian.Uint16(p)
-	m.Src = netaddr.IPPortFrom(srcIP, port)
+
+	m.Src.Port = binary.BigEndian.Uint16(p)
 	return m, nil
 }
 

disco/disco_fuzzer.go

@@ -1,18 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-// +build gofuzz
-
-package disco
-
-func Fuzz(data []byte) int {
-	m, _ := Parse(data)
-
-	newBytes := m.AppendMarshal(data)
-	parsedMarshall, _ := Parse(newBytes)
-
-	if m != parsedMarshall {
-		panic("Parsing error")
-	}
-	return 1
-}

go.mod

@@ -3,52 +3,45 @@ module tailscale.com
 go 1.16
 
 require (
-	github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74
-	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
-	github.com/aws/aws-sdk-go v1.38.52
-	github.com/coreos/go-iptables v0.6.0
-	github.com/creack/pty v1.1.9
-	github.com/dave/jennifer v1.4.1
-	github.com/frankban/quicktest v1.13.0
-	github.com/gliderlabs/ssh v0.3.2
+	github.com/alexbrainman/sspi v0.0.0-20180613141037-e580b900e9f5
+	github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 // indirect
+	github.com/coreos/go-iptables v0.4.5
+	github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect
+	github.com/github/certstore v0.1.0
+	github.com/gliderlabs/ssh v0.2.2
 	github.com/go-multierror/multierror v1.0.2
-	github.com/go-ole/go-ole v1.2.5
-	github.com/godbus/dbus/v5 v5.0.4
-	github.com/google/go-cmp v0.5.6
-	github.com/google/goexpect v0.0.0-20210430020637-ab937bf7fd6f
-	github.com/google/uuid v1.1.2
-	github.com/goreleaser/nfpm v1.10.3
-	github.com/iancoleman/strcase v0.2.0
-	github.com/jsimonetti/rtnetlink v0.0.0-20210525051524-4cc836578190
-	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/klauspost/compress v1.12.2
-	github.com/mdlayher/netlink v1.4.1
-	github.com/mdlayher/sdnotify v0.0.0-20210228150836-ea3ec207d697
-	github.com/miekg/dns v1.1.42
-	github.com/mitchellh/go-ps v1.0.0
-	github.com/pborman/getopt v1.1.0
+	github.com/go-ole/go-ole v1.2.4
+	github.com/godbus/dbus/v5 v5.0.3
+	github.com/google/go-cmp v0.5.4
+	github.com/goreleaser/nfpm v1.1.10
+	github.com/jsimonetti/rtnetlink v0.0.0-20210212075122-66c871082f2b
+	github.com/klauspost/compress v1.10.10
+	github.com/kr/pty v1.1.8
+	github.com/mdlayher/netlink v1.3.2
+	github.com/mdlayher/sdnotify v0.0.0-20200625151349-e4a4f32afc4a
+	github.com/miekg/dns v1.1.30
+	github.com/pborman/getopt v0.0.0-20190409184431-ee0cd42419d3
 	github.com/peterbourgon/ff/v2 v2.0.0
-	github.com/pkg/sftp v1.13.0
-	github.com/tailscale/certstore v0.0.0-20210528134328-066c94b793d3
+	github.com/pkg/errors v0.9.1 // indirect
 	github.com/tailscale/depaware v0.0.0-20201214215404-77d1e9757027
-	github.com/tailscale/goupnp v1.0.1-0.20210710010003-1cf2d718bbb2
-	github.com/tailscale/hujson v0.0.0-20200924210142-dde312d0d6a2
+	github.com/tailscale/wireguard-go v0.0.0-20210327173134-f6a42a1646a0
 	github.com/tcnksm/go-httpstat v0.2.0
 	github.com/toqueteos/webbrowser v1.2.0
 	go4.org/mem v0.0.0-20201119185036-c04c5a6ff174
-	golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e
-	golang.org/x/net v0.0.0-20210614182718-04defd469f4e
+	golang.org/x/crypto v0.0.0-20210317152858-513c2a44f670
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
-	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
-	golang.org/x/term v0.0.0-20210503060354-a79de5458b56
-	golang.org/x/time v0.0.0-20210611083556-38a9dc6acbc6
-	golang.org/x/tools v0.1.2
-	golang.zx2c4.com/wireguard v0.0.0-20210624150102-15b24b6179e0
-	golang.zx2c4.com/wireguard/windows v0.3.16
-	honnef.co/go/tools v0.1.4
-	inet.af/netaddr v0.0.0-20210721214506-ce7a8ad02cc1
-	inet.af/netstack v0.0.0-20210622165351-29b14ebc044e
-	inet.af/peercred v0.0.0-20210318190834-4259e17bb763
-	inet.af/wf v0.0.0-20210516214145-a5343001b756
+	golang.org/x/sys v0.0.0-20210317225723-c4fcb01b228e
+	golang.org/x/term v0.0.0-20210317153231-de623e64d2a6
+	golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba
+	golang.org/x/tools v0.0.0-20201211185031-d93e913c1a58
+	golang.zx2c4.com/wireguard/windows v0.1.2-0.20201113162609-9b85be97fdf8
+	gopkg.in/yaml.v2 v2.2.8 // indirect
+	honnef.co/go/tools v0.1.0
+	inet.af/netaddr v0.0.0-20210222205655-a1ec2b7b8c44
+	inet.af/netstack v0.0.0-20210317161235-a1bf4e56ef22
+	inet.af/peercred v0.0.0-20210302202138-56e694897155
 	rsc.io/goversion v1.2.0
 )
+
+replace github.com/github/certstore => github.com/cyolosecurity/certstore v0.0.0-20200922073901-ece7f1d353c2

health/health.go

@@ -11,7 +11,6 @@ import (
 	"fmt"
 	"sort"
 	"sync"
-	"sync/atomic"
 	"time"
 
 	"github.com/go-multierror/multierror"
@@ -37,7 +36,6 @@ var (
 	ipnState                string
 	ipnWantRunning          bool
 	anyInterfaceUp          = true // until told otherwise
-	udp4Unbound             bool
 )
 
 // Subsystem is the name of a subsystem whose health can be monitored.
@@ -48,12 +46,9 @@ const (
 	// the system, rather than one particular subsystem.
 	SysOverall = Subsystem("overall")
 
-	// SysRouter is the name of the wgengine/router subsystem.
+	// SysRouter is the name the wgengine/router subsystem.
 	SysRouter = Subsystem("router")
 
-	// SysDNS is the name of the net/dns subsystem.
-	SysDNS = Subsystem("dns")
-
 	// SysNetworkCategory is the name of the subsystem that sets
 	// the Windows network adapter's "category" (public, private, domain).
 	// If it's unhealthy, the Windows firewall rules won't match.
@@ -85,18 +80,12 @@ func RegisterWatcher(cb func(key Subsystem, err error)) (unregister func()) {
 	}
 }
 
-// SetRouterHealth sets the state of the wgengine/router.Router.
+// SetRouter sets the state of the wgengine/router.Router.
 func SetRouterHealth(err error) { set(SysRouter, err) }
 
 // RouterHealth returns the wgengine/router.Router error state.
 func RouterHealth() error { return get(SysRouter) }
 
-// SetDNSHealth sets the state of the net/dns.Manager
-func SetDNSHealth(err error) { set(SysDNS, err) }
-
-// DNSHealth returns the net/dns.Manager error state.
-func DNSHealth() error { return get(SysDNS) }
-
 // SetNetworkCategoryHealth sets the state of setting the network adaptor's category.
 // This only applies on Windows.
 func SetNetworkCategoryHealth(err error) { set(SysNetworkCategory, err) }
@@ -215,18 +204,9 @@ func SetAnyInterfaceUp(up bool) {
 	selfCheckLocked()
 }
 
-// SetUDP4Unbound sets whether the udp4 bind failed completely.
-func SetUDP4Unbound(unbound bool) {
-	mu.Lock()
-	defer mu.Unlock()
-	udp4Unbound = unbound
-	selfCheckLocked()
-}
-
 func timerSelfCheck() {
 	mu.Lock()
 	defer mu.Unlock()
-	checkReceiveFuncs()
 	selfCheckLocked()
 	if timer != nil {
 		timer.Reset(time.Minute)
@@ -266,9 +246,6 @@ func overallErrorLocked() error {
 	if d := now.Sub(derpRegionLastFrame[rid]).Round(time.Second); d > tooIdle {
 		return fmt.Errorf("haven't heard from home DERP region %v in %v", rid, d)
 	}
-	if udp4Unbound {
-		return errors.New("no udp4 bind")
-	}
 
 	// TODO: use
 	_ = inMapPollSince
@@ -277,11 +254,6 @@ func overallErrorLocked() error {
 	_ = lastMapRequestHeard
 
 	var errs []error
-	for _, recv := range receiveFuncs {
-		if recv.missing {
-			errs = append(errs, fmt.Errorf("%s is not running", recv.name))
-		}
-	}
 	for sys, err := range sysErr {
 		if err == nil || sys == SysOverall {
 			continue
@@ -294,58 +266,3 @@ func overallErrorLocked() error {
 	})
 	return multierror.New(errs)
 }
-
-var (
-	ReceiveIPv4 = ReceiveFuncStats{name: "ReceiveIPv4"}
-	ReceiveIPv6 = ReceiveFuncStats{name: "ReceiveIPv6"}
-	ReceiveDERP = ReceiveFuncStats{name: "ReceiveDERP"}
-
-	receiveFuncs = []*ReceiveFuncStats{&ReceiveIPv4, &ReceiveIPv6, &ReceiveDERP}
-)
-
-// ReceiveFuncStats tracks the calls made to a wireguard-go receive func.
-type ReceiveFuncStats struct {
-	// name is the name of the receive func.
-	name string
-	// numCalls is the number of times the receive func has ever been called.
-	// It is required because it is possible for a receive func's wireguard-go goroutine
-	// to be active even though the receive func isn't.
-	// The wireguard-go goroutine alternates between calling the receive func and
-	// processing what the func returned.
-	numCalls uint64 // accessed atomically
-	// prevNumCalls is the value of numCalls last time the health check examined it.
-	prevNumCalls uint64
-	// inCall indicates whether the receive func is currently running.
-	inCall uint32 // bool, accessed atomically
-	// missing indicates whether the receive func is not running.
-	missing bool
-}
-
-func (s *ReceiveFuncStats) Enter() {
-	atomic.AddUint64(&s.numCalls, 1)
-	atomic.StoreUint32(&s.inCall, 1)
-}
-
-func (s *ReceiveFuncStats) Exit() {
-	atomic.StoreUint32(&s.inCall, 0)
-}
-
-func checkReceiveFuncs() {
-	for _, recv := range receiveFuncs {
-		recv.missing = false
-		prev := recv.prevNumCalls
-		numCalls := atomic.LoadUint64(&recv.numCalls)
-		recv.prevNumCalls = numCalls
-		if numCalls > prev {
-			// OK: the function has gotten called since last we checked
-			continue
-		}
-		if atomic.LoadUint32(&recv.inCall) == 1 {
-			// OK: the function is active, probably blocked due to inactivity
-			continue
-		}
-		// Not OK: The function is not active, and not accumulating new calls.
-		// It is probably MIA.
-		recv.missing = true
-	}
-}

hostinfo/hostinfo.go

@@ -1,128 +0,0 @@
-// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package hostinfo answers questions about the host environment that Tailscale is
-// running on.
-//
-// TODO(bradfitz): move more of control/controlclient/hostinfo_* into this package.
-package hostinfo
-
-import (
-	"io"
-	"os"
-	"runtime"
-	"sync/atomic"
-
-	"go4.org/mem"
-	"tailscale.com/util/lineread"
-)
-
-// EnvType represents a known environment type.
-// The empty string, the default, means unknown.
-type EnvType string
-
-const (
-	KNative         = EnvType("kn")
-	AWSLambda       = EnvType("lm")
-	Heroku          = EnvType("hr")
-	AzureAppService = EnvType("az")
-	AWSFargate      = EnvType("fg")
-)
-
-var envType atomic.Value // of EnvType
-
-func GetEnvType() EnvType {
-	if e, ok := envType.Load().(EnvType); ok {
-		return e
-	}
-	e := getEnvType()
-	envType.Store(e)
-	return e
-}
-
-func getEnvType() EnvType {
-	if inKnative() {
-		return KNative
-	}
-	if inAWSLambda() {
-		return AWSLambda
-	}
-	if inHerokuDyno() {
-		return Heroku
-	}
-	if inAzureAppService() {
-		return AzureAppService
-	}
-	if inAWSFargate() {
-		return AWSFargate
-	}
-	return ""
-}
-
-// InContainer reports whether we're running in a container.
-func InContainer() bool {
-	if runtime.GOOS != "linux" {
-		return false
-	}
-	var ret bool
-	lineread.File("/proc/1/cgroup", func(line []byte) error {
-		if mem.Contains(mem.B(line), mem.S("/docker/")) ||
-			mem.Contains(mem.B(line), mem.S("/lxc/")) {
-			ret = true
-			return io.EOF // arbitrary non-nil error to stop loop
-		}
-		return nil
-	})
-	lineread.File("/proc/mounts", func(line []byte) error {
-		if mem.Contains(mem.B(line), mem.S("fuse.lxcfs")) {
-			ret = true
-			return io.EOF
-		}
-		return nil
-	})
-	return ret
-}
-
-func inKnative() bool {
-	// https://cloud.google.com/run/docs/reference/container-contract#env-vars
-	if os.Getenv("K_REVISION") != "" && os.Getenv("K_CONFIGURATION") != "" &&
-		os.Getenv("K_SERVICE") != "" && os.Getenv("PORT") != "" {
-		return true
-	}
-	return false
-}
-
-func inAWSLambda() bool {
-	// https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html
-	if os.Getenv("AWS_LAMBDA_FUNCTION_NAME") != "" &&
-		os.Getenv("AWS_LAMBDA_FUNCTION_VERSION") != "" &&
-		os.Getenv("AWS_LAMBDA_INITIALIZATION_TYPE") != "" &&
-		os.Getenv("AWS_LAMBDA_RUNTIME_API") != "" {
-		return true
-	}
-	return false
-}
-
-func inHerokuDyno() bool {
-	// https://devcenter.heroku.com/articles/dynos#local-environment-variables
-	if os.Getenv("PORT") != "" && os.Getenv("DYNO") != "" {
-		return true
-	}
-	return false
-}
-
-func inAzureAppService() bool {
-	if os.Getenv("APPSVC_RUN_ZIP") != "" && os.Getenv("WEBSITE_STACK") != "" &&
-		os.Getenv("WEBSITE_AUTH_AUTO_AAD") != "" {
-		return true
-	}
-	return false
-}
-
-func inAWSFargate() bool {
-	if os.Getenv("AWS_EXECUTION_ENV") == "AWS_ECS_FARGATE" {
-		return true
-	}
-	return false
-}

internal/deepprint/deepprint.go

@@ -0,0 +1,103 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package deepprint walks a Go value recursively, in a predictable
+// order, without looping, and prints each value out to a given
+// Writer, which is assumed to be a hash.Hash, as this package doesn't
+// format things nicely.
+//
+// This is intended as a lighter version of go-spew, etc. We don't need its
+// features when our writer is just a hash.
+package deepprint
+
+import (
+	"crypto/sha256"
+	"fmt"
+	"io"
+	"reflect"
+)
+
+func Hash(v ...interface{}) string {
+	h := sha256.New()
+	Print(h, v)
+	return fmt.Sprintf("%x", h.Sum(nil))
+}
+
+// UpdateHash sets last to the hash of v and reports whether its value changed.
+func UpdateHash(last *string, v ...interface{}) (changed bool) {
+	sig := Hash(v)
+	if *last != sig {
+		*last = sig
+		return true
+	}
+	return false
+}
+
+func Print(w io.Writer, v ...interface{}) {
+	print(w, reflect.ValueOf(v), make(map[uintptr]bool))
+}
+
+func print(w io.Writer, v reflect.Value, visited map[uintptr]bool) {
+	if !v.IsValid() {
+		return
+	}
+	switch v.Kind() {
+	default:
+		panic(fmt.Sprintf("unhandled kind %v for type %v", v.Kind(), v.Type()))
+	case reflect.Ptr:
+		ptr := v.Pointer()
+		if visited[ptr] {
+			return
+		}
+		visited[ptr] = true
+		print(w, v.Elem(), visited)
+		return
+	case reflect.Struct:
+		fmt.Fprintf(w, "struct{\n")
+		t := v.Type()
+		for i, n := 0, v.NumField(); i < n; i++ {
+			sf := t.Field(i)
+			fmt.Fprintf(w, "%s: ", sf.Name)
+			print(w, v.Field(i), visited)
+			fmt.Fprintf(w, "\n")
+		}
+	case reflect.Slice, reflect.Array:
+		if v.Type().Elem().Kind() == reflect.Uint8 && v.CanInterface() {
+			fmt.Fprintf(w, "%q", v.Interface())
+			return
+		}
+		fmt.Fprintf(w, "[%d]{\n", v.Len())
+		for i, ln := 0, v.Len(); i < ln; i++ {
+			fmt.Fprintf(w, " [%d]: ", i)
+			print(w, v.Index(i), visited)
+			fmt.Fprintf(w, "\n")
+		}
+		fmt.Fprintf(w, "}\n")
+	case reflect.Interface:
+		print(w, v.Elem(), visited)
+	case reflect.Map:
+		sm := newSortedMap(v)
+		fmt.Fprintf(w, "map[%d]{\n", len(sm.Key))
+		for i, k := range sm.Key {
+			print(w, k, visited)
+			fmt.Fprintf(w, ": ")
+			print(w, sm.Value[i], visited)
+			fmt.Fprintf(w, "\n")
+		}
+		fmt.Fprintf(w, "}\n")
+
+	case reflect.String:
+		fmt.Fprintf(w, "%s", v.String())
+	case reflect.Bool:
+		fmt.Fprintf(w, "%v", v.Bool())
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		fmt.Fprintf(w, "%v", v.Int())
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		fmt.Fprintf(w, "%v", v.Uint())
+	case reflect.Float32, reflect.Float64:
+		fmt.Fprintf(w, "%v", v.Float())
+	case reflect.Complex64, reflect.Complex128:
+		fmt.Fprintf(w, "%v", v.Complex())
+	}
+}

internal/deepprint/deepprint_test.go

@@ -0,0 +1,66 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package deepprint
+
+import (
+	"bytes"
+	"testing"
+
+	"inet.af/netaddr"
+	"tailscale.com/net/dns"
+	"tailscale.com/wgengine/router"
+	"tailscale.com/wgengine/wgcfg"
+)
+
+func TestDeepPrint(t *testing.T) {
+	// v contains the types of values we care about for our current callers.
+	// Mostly we're just testing that we don't panic on handled types.
+	v := getVal()
+
+	var buf bytes.Buffer
+	Print(&buf, v)
+	t.Logf("Got: %s", buf.Bytes())
+
+	hash1 := Hash(v)
+	t.Logf("hash: %v", hash1)
+	for i := 0; i < 20; i++ {
+		hash2 := Hash(getVal())
+		if hash1 != hash2 {
+			t.Error("second hash didn't match")
+		}
+	}
+}
+
+func getVal() []interface{} {
+	return []interface{}{
+		&wgcfg.Config{
+			Name:       "foo",
+			Addresses:  []netaddr.IPPrefix{{Bits: 5, IP: netaddr.IPFrom16([16]byte{3: 3})}},
+			ListenPort: 5,
+			Peers: []wgcfg.Peer{
+				{
+					Endpoints: "foo:5",
+				},
+			},
+		},
+		&router.Config{
+			DNS: dns.Config{
+				Nameservers: []netaddr.IP{netaddr.IPv4(8, 8, 8, 8)},
+				Domains:     []string{"tailscale.net"},
+			},
+		},
+		map[string]string{
+			"key1": "val1",
+			"key2": "val2",
+			"key3": "val3",
+			"key4": "val4",
+			"key5": "val5",
+			"key6": "val6",
+			"key7": "val7",
+			"key8": "val8",
+			"key9": "val9",
+		},
+	}
+}

internal/deepprint/fmtsort.go

@@ -0,0 +1,224 @@
+// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// and
+
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This is a slightly modified fork of Go's src/internal/fmtsort/sort.go
+
+package deepprint
+
+import (
+	"reflect"
+	"sort"
+)
+
+// Note: Throughout this package we avoid calling reflect.Value.Interface as
+// it is not always legal to do so and it's easier to avoid the issue than to face it.
+
+// sortedMap represents a map's keys and values. The keys and values are
+// aligned in index order: Value[i] is the value in the map corresponding to Key[i].
+type sortedMap struct {
+	Key   []reflect.Value
+	Value []reflect.Value
+}
+
+func (o *sortedMap) Len() int           { return len(o.Key) }
+func (o *sortedMap) Less(i, j int) bool { return compare(o.Key[i], o.Key[j]) < 0 }
+func (o *sortedMap) Swap(i, j int) {
+	o.Key[i], o.Key[j] = o.Key[j], o.Key[i]
+	o.Value[i], o.Value[j] = o.Value[j], o.Value[i]
+}
+
+// Sort accepts a map and returns a sortedMap that has the same keys and
+// values but in a stable sorted order according to the keys, modulo issues
+// raised by unorderable key values such as NaNs.
+//
+// The ordering rules are more general than with Go's < operator:
+//
+//  - when applicable, nil compares low
+//  - ints, floats, and strings order by <
+//  - NaN compares less than non-NaN floats
+//  - bool compares false before true
+//  - complex compares real, then imag
+//  - pointers compare by machine address
+//  - channel values compare by machine address
+//  - structs compare each field in turn
+//  - arrays compare each element in turn.
+//    Otherwise identical arrays compare by length.
+//  - interface values compare first by reflect.Type describing the concrete type
+//    and then by concrete value as described in the previous rules.
+//
+func newSortedMap(mapValue reflect.Value) *sortedMap {
+	if mapValue.Type().Kind() != reflect.Map {
+		return nil
+	}
+	// Note: this code is arranged to not panic even in the presence
+	// of a concurrent map update. The runtime is responsible for
+	// yelling loudly if that happens. See issue 33275.
+	n := mapValue.Len()
+	key := make([]reflect.Value, 0, n)
+	value := make([]reflect.Value, 0, n)
+	iter := mapValue.MapRange()
+	for iter.Next() {
+		key = append(key, iter.Key())
+		value = append(value, iter.Value())
+	}
+	sorted := &sortedMap{
+		Key:   key,
+		Value: value,
+	}
+	sort.Stable(sorted)
+	return sorted
+}
+
+// compare compares two values of the same type. It returns -1, 0, 1
+// according to whether a > b (1), a == b (0), or a < b (-1).
+// If the types differ, it returns -1.
+// See the comment on Sort for the comparison rules.
+func compare(aVal, bVal reflect.Value) int {
+	aType, bType := aVal.Type(), bVal.Type()
+	if aType != bType {
+		return -1 // No good answer possible, but don't return 0: they're not equal.
+	}
+	switch aVal.Kind() {
+	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
+		a, b := aVal.Int(), bVal.Int()
+		switch {
+		case a < b:
+			return -1
+		case a > b:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+		a, b := aVal.Uint(), bVal.Uint()
+		switch {
+		case a < b:
+			return -1
+		case a > b:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.String:
+		a, b := aVal.String(), bVal.String()
+		switch {
+		case a < b:
+			return -1
+		case a > b:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.Float32, reflect.Float64:
+		return floatCompare(aVal.Float(), bVal.Float())
+	case reflect.Complex64, reflect.Complex128:
+		a, b := aVal.Complex(), bVal.Complex()
+		if c := floatCompare(real(a), real(b)); c != 0 {
+			return c
+		}
+		return floatCompare(imag(a), imag(b))
+	case reflect.Bool:
+		a, b := aVal.Bool(), bVal.Bool()
+		switch {
+		case a == b:
+			return 0
+		case a:
+			return 1
+		default:
+			return -1
+		}
+	case reflect.Ptr:
+		a, b := aVal.Pointer(), bVal.Pointer()
+		switch {
+		case a < b:
+			return -1
+		case a > b:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.Chan:
+		if c, ok := nilCompare(aVal, bVal); ok {
+			return c
+		}
+		ap, bp := aVal.Pointer(), bVal.Pointer()
+		switch {
+		case ap < bp:
+			return -1
+		case ap > bp:
+			return 1
+		default:
+			return 0
+		}
+	case reflect.Struct:
+		for i := 0; i < aVal.NumField(); i++ {
+			if c := compare(aVal.Field(i), bVal.Field(i)); c != 0 {
+				return c
+			}
+		}
+		return 0
+	case reflect.Array:
+		for i := 0; i < aVal.Len(); i++ {
+			if c := compare(aVal.Index(i), bVal.Index(i)); c != 0 {
+				return c
+			}
+		}
+		return 0
+	case reflect.Interface:
+		if c, ok := nilCompare(aVal, bVal); ok {
+			return c
+		}
+		c := compare(reflect.ValueOf(aVal.Elem().Type()), reflect.ValueOf(bVal.Elem().Type()))
+		if c != 0 {
+			return c
+		}
+		return compare(aVal.Elem(), bVal.Elem())
+	default:
+		// Certain types cannot appear as keys (maps, funcs, slices), but be explicit.
+		panic("bad type in compare: " + aType.String())
+	}
+}
+
+// nilCompare checks whether either value is nil. If not, the boolean is false.
+// If either value is nil, the boolean is true and the integer is the comparison
+// value. The comparison is defined to be 0 if both are nil, otherwise the one
+// nil value compares low. Both arguments must represent a chan, func,
+// interface, map, pointer, or slice.
+func nilCompare(aVal, bVal reflect.Value) (int, bool) {
+	if aVal.IsNil() {
+		if bVal.IsNil() {
+			return 0, true
+		}
+		return -1, true
+	}
+	if bVal.IsNil() {
+		return 1, true
+	}
+	return 0, false
+}
+
+// floatCompare compares two floating-point values. NaNs compare low.
+func floatCompare(a, b float64) int {
+	switch {
+	case isNaN(a):
+		return -1 // No good answer if b is a NaN so don't bother checking.
+	case isNaN(b):
+		return 1
+	case a < b:
+		return -1
+	case a > b:
+		return 1
+	}
+	return 0
+}
+
+func isNaN(a float64) bool {
+	return a != a
+}

ipn/backend.go

@@ -5,8 +5,7 @@
 package ipn
 
 import (
-	"fmt"
-	"strings"
+	"net/http"
 	"time"
 
 	"tailscale.com/ipn/ipnstate"
@@ -57,33 +56,17 @@ type EngineStatus struct {
 // that they have not changed.
 // They are JSON-encoded on the wire, despite the lack of struct tags.
 type Notify struct {
-	_       structs.Incomparable
-	Version string // version number of IPN backend
-
-	// ErrMessage, if non-nil, contains a critical error message.
-	// For State InUseOtherUser, ErrMessage is not critical and just contains the details.
-	ErrMessage *string
-
-	LoginFinished *empty.Message       // non-nil when/if the login process succeeded
-	State         *State               // if non-nil, the new or current IPN state
-	Prefs         *Prefs               // if non-nil, the new or current preferences
-	NetMap        *netmap.NetworkMap   // if non-nil, the new or current netmap
-	Engine        *EngineStatus        // if non-nil, the new or urrent wireguard stats
-	BrowseToURL   *string              // if non-nil, UI should open a browser right now
-	BackendLogID  *string              // if non-nil, the public logtail ID used by backend
-	PingResult    *ipnstate.PingResult // if non-nil, a ping response arrived
-
-	// FilesWaiting if non-nil means that files are buffered in
-	// the Tailscale daemon and ready for local transfer to the
-	// user's preferred storage location.
-	FilesWaiting *empty.Message `json:",omitempty"`
-
-	// IncomingFiles, if non-nil, specifies which files are in the
-	// process of being received. A nil IncomingFiles means this
-	// Notify should not update the state of file transfers. A non-nil
-	// but empty IncomingFiles means that no files are in the middle
-	// of being transferred.
-	IncomingFiles []PartialFile `json:",omitempty"`
+	_             structs.Incomparable
+	Version       string             // version number of IPN backend
+	ErrMessage    *string            // critical error message, if any; for InUseOtherUser, the details
+	LoginFinished *empty.Message     // event: non-nil when login process succeeded
+	State         *State             // current IPN state has changed
+	Prefs         *Prefs             // preferences were changed
+	NetMap        *netmap.NetworkMap // new netmap received
+	Engine        *EngineStatus      // wireguard engine stats
+	BrowseToURL   *string            // UI should open a browser right now
+	BackendLogID  *string            // public logtail id used by backend
+	PingResult    *ipnstate.PingResult
 
 	// LocalTCPPort, if non-nil, informs the UI frontend which
 	// (non-zero) localhost TCP port it's listening on.
@@ -94,67 +77,6 @@ type Notify struct {
 	// type is mirrored in xcode/Shared/IPN.swift
 }
 
-func (n Notify) String() string {
-	var sb strings.Builder
-	sb.WriteString("Notify{")
-	if n.ErrMessage != nil {
-		fmt.Fprintf(&sb, "err=%q ", *n.ErrMessage)
-	}
-	if n.LoginFinished != nil {
-		sb.WriteString("LoginFinished ")
-	}
-	if n.State != nil {
-		fmt.Fprintf(&sb, "state=%v ", *n.State)
-	}
-	if n.Prefs != nil {
-		fmt.Fprintf(&sb, "%v ", n.Prefs.Pretty())
-	}
-	if n.NetMap != nil {
-		sb.WriteString("NetMap{...} ")
-	}
-	if n.Engine != nil {
-		fmt.Fprintf(&sb, "wg=%v ", *n.Engine)
-	}
-	if n.BrowseToURL != nil {
-		sb.WriteString("URL=<...> ")
-	}
-	if n.BackendLogID != nil {
-		sb.WriteString("BackendLogID ")
-	}
-	if n.PingResult != nil {
-		fmt.Fprintf(&sb, "ping=%v ", *n.PingResult)
-	}
-	if n.FilesWaiting != nil {
-		sb.WriteString("FilesWaiting ")
-	}
-	if len(n.IncomingFiles) != 0 {
-		sb.WriteString("IncomingFiles ")
-	}
-	if n.LocalTCPPort != nil {
-		fmt.Fprintf(&sb, "tcpport=%v ", n.LocalTCPPort)
-	}
-	s := sb.String()
-	return s[0:len(s)-1] + "}"
-}
-
-// PartialFile represents an in-progress file transfer.
-type PartialFile struct {
-	Name         string    // e.g. "foo.jpg"
-	Started      time.Time // time transfer started
-	DeclaredSize int64     // or -1 if unknown
-	Received     int64     // bytes copied thus far
-
-	// PartialPath is set non-empty in "direct" file mode to the
-	// in-progress '*.partial' file's path when the peerapi isn't
-	// being used; see LocalBackend.SetDirectFileRoot.
-	PartialPath string `json:",omitempty"`
-
-	// Done is set in "direct" mode when the partial file has been
-	// closed and is ready for the caller to rename away the
-	// ".partial" suffix.
-	Done bool `json:",omitempty"`
-}
-
 // StateKey is an opaque identifier for a set of LocalBackend state
 // (preferences, private keys, etc.).
 //
@@ -185,33 +107,24 @@ type Options struct {
 	//    state and use/update that.
 	//  - StateKey!="" && Prefs!=nil: like the previous case, but do
 	//    an initial overwrite of backend state with Prefs.
-	//
-	// NOTE(apenwarr): The above means that this Prefs field does not do
-	// what you probably think it does. It will overwrite your encryption
-	// keys. Do not use unless you know what you're doing.
 	StateKey StateKey
 	Prefs    *Prefs
-	// UpdatePrefs, if provided, overrides Options.Prefs *and* the Prefs
-	// already stored in the backend state, *except* for the Persist
-	// Persist member. If you just want to provide prefs, this is
-	// probably what you want.
-	//
-	// UpdatePrefs.Persist is always ignored. Prefs.Persist will still
-	// be used even if UpdatePrefs is provided. Other than Persist,
-	// UpdatePrefs takes precedence over Prefs.
-	//
-	// This is intended as a purely temporary workaround for the
-	// currently unexpected behaviour of Options.Prefs.
-	//
-	// TODO(apenwarr): Remove this, or rename Prefs to something else
-	//   and rename this to Prefs. Or, move Prefs.Persist elsewhere
-	//   entirely (as it always should have been), and then we wouldn't
-	//   need two separate fields at all. Or, move the fancy state
-	//   migration stuff out of Start().
-	UpdatePrefs *Prefs
 	// AuthKey is an optional node auth key used to authorize a
 	// new node key without user interaction.
 	AuthKey string
+	// LegacyConfigPath optionally specifies the old-style relaynode
+	// relay.conf location. If both LegacyConfigPath and StateKey are
+	// specified and the requested state doesn't exist in the backend
+	// store, the backend migrates the config from LegacyConfigPath.
+	//
+	// TODO(danderson): remove some time after the transition to
+	// tailscaled is done.
+	LegacyConfigPath string
+	// Notify is called when backend events happen.
+	Notify func(Notify) `json:"-"`
+	// HTTPTestClient is an optional HTTP client to pass to controlclient
+	// (for tests only).
+	HTTPTestClient *http.Client
 }
 
 // Backend is the interface between Tailscale frontends
@@ -220,9 +133,6 @@ type Options struct {
 // (It has nothing to do with the interface between the backends
 // and the cloud control plane.)
 type Backend interface {
-	// SetNotifyCallback sets the callback to be called on updates
-	// from the backend to the client.
-	SetNotifyCallback(func(Notify))
 	// Start starts or restarts the backend, typically when a
 	// frontend client connects.
 	Start(Options) error
@@ -239,6 +149,9 @@ type Backend interface {
 	// WantRunning. This may cause the wireguard engine to
 	// reconfigure or stop.
 	SetPrefs(*Prefs)
+	// SetWantRunning is like SetPrefs but sets only the
+	// WantRunning field.
+	SetWantRunning(wantRunning bool)
 	// RequestEngineStatus polls for an update from the wireguard
 	// engine. Only needed if you want to display byte
 	// counts. Connection events are emitted automatically without

ipn/fake_test.go

@@ -5,6 +5,7 @@
 package ipn
 
 import (
+	"log"
 	"time"
 
 	"tailscale.com/ipn/ipnstate"
@@ -19,29 +20,19 @@ type FakeBackend struct {
 }
 
 func (b *FakeBackend) Start(opts Options) error {
-	b.serverURL = opts.Prefs.ControlURLOrDefault()
-	if b.notify == nil {
-		panic("FakeBackend.Start: SetNotifyCallback not called")
+	b.serverURL = opts.Prefs.ControlURL
+	if opts.Notify == nil {
+		log.Fatalf("FakeBackend.Start: opts.Notify is nil\n")
 	}
+	b.notify = opts.Notify
+	b.notify(Notify{Prefs: opts.Prefs})
 	nl := NeedsLogin
-	if b.notify != nil {
-		b.notify(Notify{Prefs: opts.Prefs})
-		b.notify(Notify{State: &nl})
-	}
+	b.notify(Notify{State: &nl})
 	return nil
 }
 
-func (b *FakeBackend) SetNotifyCallback(notify func(Notify)) {
-	if notify == nil {
-		panic("FakeBackend.SetNotifyCallback: notify is nil")
-	}
-	b.notify = notify
-}
-
 func (b *FakeBackend) newState(s State) {
-	if b.notify != nil {
-		b.notify(Notify{State: &s})
-	}
+	b.notify(Notify{State: &s})
 	if s == Running {
 		b.live = true
 	} else {
@@ -51,9 +42,7 @@ func (b *FakeBackend) newState(s State) {
 
 func (b *FakeBackend) StartLoginInteractive() {
 	u := b.serverURL + "/this/is/fake"
-	if b.notify != nil {
-		b.notify(Notify{BrowseToURL: &u})
-	}
+	b.notify(Notify{BrowseToURL: &u})
 	b.login()
 }
 
@@ -65,14 +54,10 @@ func (b *FakeBackend) login() {
 	b.newState(NeedsMachineAuth)
 	b.newState(Stopped)
 	// TODO(apenwarr): Fill in a more interesting netmap here.
-	if b.notify != nil {
-		b.notify(Notify{NetMap: &netmap.NetworkMap{}})
-	}
+	b.notify(Notify{NetMap: &netmap.NetworkMap{}})
 	b.newState(Starting)
 	// TODO(apenwarr): Fill in a more interesting status.
-	if b.notify != nil {
-		b.notify(Notify{Engine: &EngineStatus{}})
-	}
+	b.notify(Notify{Engine: &EngineStatus{}})
 	b.newState(Running)
 }
 
@@ -85,9 +70,7 @@ func (b *FakeBackend) SetPrefs(new *Prefs) {
 		panic("FakeBackend.SetPrefs got nil prefs")
 	}
 
-	if b.notify != nil {
-		b.notify(Notify{Prefs: new.Clone()})
-	}
+	b.notify(Notify{Prefs: new.Clone()})
 	if new.WantRunning && !b.live {
 		b.newState(Starting)
 		b.newState(Running)
@@ -96,20 +79,18 @@ func (b *FakeBackend) SetPrefs(new *Prefs) {
 	}
 }
 
+func (b *FakeBackend) SetWantRunning(v bool) {
+	b.SetPrefs(&Prefs{WantRunning: v})
+}
+
 func (b *FakeBackend) RequestEngineStatus() {
-	if b.notify != nil {
-		b.notify(Notify{Engine: &EngineStatus{}})
-	}
+	b.notify(Notify{Engine: &EngineStatus{}})
 }
 
 func (b *FakeBackend) FakeExpireAfter(x time.Duration) {
-	if b.notify != nil {
-		b.notify(Notify{NetMap: &netmap.NetworkMap{}})
-	}
+	b.notify(Notify{NetMap: &netmap.NetworkMap{}})
 }
 
 func (b *FakeBackend) Ping(ip string, useTSMP bool) {
-	if b.notify != nil {
-		b.notify(Notify{PingResult: &ipnstate.PingResult{}})
-	}
+	b.notify(Notify{PingResult: &ipnstate.PingResult{}})
 }

ipn/handle.go

@@ -15,26 +15,25 @@ import (
 )
 
 type Handle struct {
-	b    Backend
-	logf logger.Logf
+	frontendLogID string
+	b             Backend
+	xnotify       func(Notify)
+	logf          logger.Logf
 
 	// Mutex protects everything below
 	mu                sync.Mutex
-	xnotify           func(Notify)
-	frontendLogID     string
 	netmapCache       *netmap.NetworkMap
 	engineStatusCache EngineStatus
 	stateCache        State
 	prefsCache        *Prefs
 }
 
-func NewHandle(b Backend, logf logger.Logf, notify func(Notify), opts Options) (*Handle, error) {
+func NewHandle(b Backend, logf logger.Logf, opts Options) (*Handle, error) {
 	h := &Handle{
 		b:    b,
 		logf: logf,
 	}
 
-	h.SetNotifyCallback(notify)
 	err := h.Start(opts)
 	if err != nil {
 		return nil, err
@@ -43,25 +42,18 @@ func NewHandle(b Backend, logf logger.Logf, notify func(Notify), opts Options) (
 	return h, nil
 }
 
-func (h *Handle) SetNotifyCallback(notify func(Notify)) {
-	h.mu.Lock()
-	h.xnotify = notify
-	h.mu.Unlock()
-
-	h.b.SetNotifyCallback(h.notify)
-}
-
 func (h *Handle) Start(opts Options) error {
-	h.mu.Lock()
 	h.frontendLogID = opts.FrontendLogID
+	h.xnotify = opts.Notify
 	h.netmapCache = nil
 	h.engineStatusCache = EngineStatus{}
 	h.stateCache = NoState
 	if opts.Prefs != nil {
 		h.prefsCache = opts.Prefs.Clone()
 	}
-	h.mu.Unlock()
-	return h.b.Start(opts)
+	xopts := opts
+	xopts.Notify = h.notify
+	return h.b.Start(xopts)
 }
 
 func (h *Handle) Reset() {
@@ -156,7 +148,7 @@ func (h *Handle) Expiry() time.Time {
 }
 
 func (h *Handle) AdminPageURL() string {
-	return h.prefsCache.AdminPageURL()
+	return h.prefsCache.ControlURL + "/admin/machines"
 }
 
 func (h *Handle) StartLoginInteractive() {

ipn/ipnlocal/local_test.go

@@ -5,20 +5,14 @@
 package ipnlocal
 
 import (
-	"fmt"
-	"net/http"
 	"reflect"
 	"testing"
-	"time"
 
 	"inet.af/netaddr"
-	"tailscale.com/ipn"
 	"tailscale.com/net/interfaces"
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/tailcfg"
-	"tailscale.com/types/logger"
 	"tailscale.com/types/netmap"
-	"tailscale.com/wgengine"
 	"tailscale.com/wgengine/wgcfg"
 )
 
@@ -171,7 +165,7 @@ func TestShrinkDefaultRoute(t *testing.T) {
 			out: []string{
 				"fe80::1",
 				"ff00::1",
-				tsaddr.TailscaleULARange().IP().String(),
+				tsaddr.TailscaleULARange().IP.String(),
 			},
 			localIPFn: func(ip netaddr.IP) bool { return !inRemove(ip) && ip.Is6() },
 		},
@@ -297,199 +291,3 @@ func TestPeerRoutes(t *testing.T) {
 	}
 
 }
-
-func TestPeerAPIBase(t *testing.T) {
-	tests := []struct {
-		name string
-		nm   *netmap.NetworkMap
-		peer *tailcfg.Node
-		want string
-	}{
-		{
-			name: "nil_netmap",
-			peer: new(tailcfg.Node),
-			want: "",
-		},
-		{
-			name: "nil_peer",
-			nm:   new(netmap.NetworkMap),
-			want: "",
-		},
-		{
-			name: "self_only_4_them_both",
-			nm: &netmap.NetworkMap{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("100.64.1.1/32"),
-				},
-			},
-			peer: &tailcfg.Node{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("100.64.1.2/32"),
-					netaddr.MustParseIPPrefix("fe70::2/128"),
-				},
-				Hostinfo: tailcfg.Hostinfo{
-					Services: []tailcfg.Service{
-						{Proto: "peerapi4", Port: 444},
-						{Proto: "peerapi6", Port: 666},
-					},
-				},
-			},
-			want: "http://100.64.1.2:444",
-		},
-		{
-			name: "self_only_6_them_both",
-			nm: &netmap.NetworkMap{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("fe70::1/128"),
-				},
-			},
-			peer: &tailcfg.Node{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("100.64.1.2/32"),
-					netaddr.MustParseIPPrefix("fe70::2/128"),
-				},
-				Hostinfo: tailcfg.Hostinfo{
-					Services: []tailcfg.Service{
-						{Proto: "peerapi4", Port: 444},
-						{Proto: "peerapi6", Port: 666},
-					},
-				},
-			},
-			want: "http://[fe70::2]:666",
-		},
-		{
-			name: "self_both_them_only_4",
-			nm: &netmap.NetworkMap{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("100.64.1.1/32"),
-					netaddr.MustParseIPPrefix("fe70::1/128"),
-				},
-			},
-			peer: &tailcfg.Node{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("100.64.1.2/32"),
-					netaddr.MustParseIPPrefix("fe70::2/128"),
-				},
-				Hostinfo: tailcfg.Hostinfo{
-					Services: []tailcfg.Service{
-						{Proto: "peerapi4", Port: 444},
-					},
-				},
-			},
-			want: "http://100.64.1.2:444",
-		},
-		{
-			name: "self_both_them_only_6",
-			nm: &netmap.NetworkMap{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("100.64.1.1/32"),
-					netaddr.MustParseIPPrefix("fe70::1/128"),
-				},
-			},
-			peer: &tailcfg.Node{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("100.64.1.2/32"),
-					netaddr.MustParseIPPrefix("fe70::2/128"),
-				},
-				Hostinfo: tailcfg.Hostinfo{
-					Services: []tailcfg.Service{
-						{Proto: "peerapi6", Port: 666},
-					},
-				},
-			},
-			want: "http://[fe70::2]:666",
-		},
-		{
-			name: "self_both_them_no_peerapi_service",
-			nm: &netmap.NetworkMap{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("100.64.1.1/32"),
-					netaddr.MustParseIPPrefix("fe70::1/128"),
-				},
-			},
-			peer: &tailcfg.Node{
-				Addresses: []netaddr.IPPrefix{
-					netaddr.MustParseIPPrefix("100.64.1.2/32"),
-					netaddr.MustParseIPPrefix("fe70::2/128"),
-				},
-			},
-			want: "",
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got := peerAPIBase(tt.nm, tt.peer)
-			if got != tt.want {
-				t.Errorf("got %q; want %q", got, tt.want)
-			}
-		})
-	}
-}
-
-type panicOnUseTransport struct{}
-
-func (panicOnUseTransport) RoundTrip(*http.Request) (*http.Response, error) {
-	panic("unexpected HTTP request")
-}
-
-// Issue 1573: don't generate a machine key if we don't want to be running.
-func TestLazyMachineKeyGeneration(t *testing.T) {
-	defer func(old bool) { panicOnMachineKeyGeneration = old }(panicOnMachineKeyGeneration)
-	panicOnMachineKeyGeneration = true
-
-	var logf logger.Logf = logger.Discard
-	store := new(ipn.MemoryStore)
-	eng, err := wgengine.NewFakeUserspaceEngine(logf, 0)
-	if err != nil {
-		t.Fatalf("NewFakeUserspaceEngine: %v", err)
-	}
-	lb, err := NewLocalBackend(logf, "logid", store, eng)
-	if err != nil {
-		t.Fatalf("NewLocalBackend: %v", err)
-	}
-
-	lb.SetHTTPTestClient(&http.Client{
-		Transport: panicOnUseTransport{}, // validate we don't send HTTP requests
-	})
-
-	if err := lb.Start(ipn.Options{
-		StateKey: ipn.GlobalDaemonStateKey,
-	}); err != nil {
-		t.Fatalf("Start: %v", err)
-	}
-
-	// Give the controlclient package goroutines (if they're
-	// accidentally started) extra time to schedule and run (and thus
-	// hit panicOnUseTransport).
-	time.Sleep(500 * time.Millisecond)
-}
-
-func TestFileTargets(t *testing.T) {
-	b := new(LocalBackend)
-	_, err := b.FileTargets()
-	if got, want := fmt.Sprint(err), "not connected"; got != want {
-		t.Errorf("before connect: got %q; want %q", got, want)
-	}
-
-	b.netMap = new(netmap.NetworkMap)
-	_, err = b.FileTargets()
-	if got, want := fmt.Sprint(err), "not connected"; got != want {
-		t.Errorf("non-running netmap: got %q; want %q", got, want)
-	}
-
-	b.state = ipn.Running
-	_, err = b.FileTargets()
-	if got, want := fmt.Sprint(err), "file sharing not enabled by Tailscale admin"; got != want {
-		t.Errorf("without cap: got %q; want %q", got, want)
-	}
-
-	b.capFileSharing = true
-	got, err := b.FileTargets()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(got) != 0 {
-		t.Fatalf("unexpected %d peers", len(got))
-	}
-	// (other cases handled by TestPeerAPIBase above)
-}

ipn/ipnlocal/loglines_test.go

@@ -15,7 +15,6 @@ import (
 	"tailscale.com/tailcfg"
 	"tailscale.com/tstest"
 	"tailscale.com/types/key"
-	"tailscale.com/types/logger"
 	"tailscale.com/types/persist"
 	"tailscale.com/wgengine"
 )
@@ -31,12 +30,6 @@ func TestLocalLogLines(t *testing.T) {
 	})
 	defer logListen.Close()
 
-	// Put a rate-limiter with a burst of 0 between the components below.
-	// This instructs the rate-limiter to eliminate all logging that
-	// isn't explicitly exempt from rate-limiting.
-	// This lets the logListen tracker verify that the rate-limiter allows these key lines.
-	logf := logger.RateLimitedFnWithClock(logListen.Logf, 5*time.Second, 0, 10, time.Now)
-
 	logid := func(hex byte) logtail.PublicID {
 		var ret logtail.PublicID
 		for i := 0; i < len(ret); i++ {
@@ -48,12 +41,12 @@ func TestLocalLogLines(t *testing.T) {
 
 	// set up a LocalBackend, super bare bones. No functional data.
 	store := &ipn.MemoryStore{}
-	e, err := wgengine.NewFakeUserspaceEngine(logf, 0)
+	e, err := wgengine.NewFakeUserspaceEngine(logListen.Logf, 0)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	lb, err := NewLocalBackend(logf, idA.String(), store, e)
+	lb, err := NewLocalBackend(logListen.Logf, idA.String(), store, e)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -68,7 +61,6 @@ func TestLocalLogLines(t *testing.T) {
 	testWantRemain := func(wantRemain ...string) func(t *testing.T) {
 		return func(t *testing.T) {
 			if remain := logListen.Check(); !reflect.DeepEqual(remain, wantRemain) {
-				t.Helper()
 				t.Errorf("remain %q, want %q", remain, wantRemain)
 			}
 		}
@@ -83,30 +75,18 @@ func TestLocalLogLines(t *testing.T) {
 	t.Run("after_prefs", testWantRemain("[v1] peer keys: %s", "[v1] v%v peers: %v"))
 
 	// log peers, peer keys
-	lb.mu.Lock()
-	lb.parseWgStatusLocked(&wgengine.Status{
+	status := &wgengine.Status{
 		Peers: []ipnstate.PeerStatusLite{{
 			TxBytes:       10,
 			RxBytes:       10,
 			LastHandshake: time.Now(),
 			NodeKey:       tailcfg.NodeKey(key.NewPrivate()),
 		}},
-	})
+		LocalAddrs: []string{"idk an address"},
+	}
+	lb.mu.Lock()
+	lb.parseWgStatusLocked(status)
 	lb.mu.Unlock()
 
 	t.Run("after_peers", testWantRemain())
-
-	// Log it again with different stats to ensure it's not dup-suppressed.
-	logListen.Reset()
-	lb.mu.Lock()
-	lb.parseWgStatusLocked(&wgengine.Status{
-		Peers: []ipnstate.PeerStatusLite{{
-			TxBytes:       11,
-			RxBytes:       12,
-			LastHandshake: time.Now(),
-			NodeKey:       tailcfg.NodeKey(key.NewPrivate()),
-		}},
-	})
-	lb.mu.Unlock()
-	t.Run("after_second_peer_status", testWantRemain("SetPrefs: %v"))
 }

ipn/ipnlocal/peerapi.go

@@ -11,7 +11,6 @@ import (
 	"hash/crc32"
 	"html"
 	"io"
-	"io/fs"
 	"net"
 	"net/http"
 	"net/url"
@@ -19,332 +18,21 @@ import (
 	"path"
 	"path/filepath"
 	"runtime"
-	"sort"
 	"strconv"
 	"strings"
-	"sync"
-	"time"
-	"unicode"
-	"unicode/utf8"
 
 	"inet.af/netaddr"
-	"tailscale.com/client/tailscale/apitype"
-	"tailscale.com/ipn"
-	"tailscale.com/logtail/backoff"
 	"tailscale.com/net/interfaces"
-	"tailscale.com/syncs"
 	"tailscale.com/tailcfg"
-	"tailscale.com/wgengine"
 )
 
 var initListenConfig func(*net.ListenConfig, netaddr.IP, *interfaces.State, string) error
 
 type peerAPIServer struct {
-	b          *LocalBackend
-	rootDir    string
-	tunName    string
-	selfNode   *tailcfg.Node
-	knownEmpty syncs.AtomicBool
-
-	// directFileMode is whether we're writing files directly to a
-	// download directory (as *.partial files), rather than making
-	// the frontend retrieve it over localapi HTTP and write it
-	// somewhere itself. This is used on GUI macOS version.
-	// In directFileMode, the peerapi doesn't do the final rename
-	// from "foo.jpg.partial" to "foo.jpg".
-	directFileMode bool
-}
-
-const (
-	// partialSuffix is the suffix appened to files while they're
-	// still in the process of being transferred.
-	partialSuffix = ".partial"
-
-	// deletedSuffix is the suffix for a deleted marker file
-	// that's placed next to a file (without the suffix) that we
-	// tried to delete, but Windows wouldn't let us. These are
-	// only written on Windows (and in tests), but they're not
-	// permitted to be uploaded directly on any platform, like
-	// partial files.
-	deletedSuffix = ".deleted"
-)
-
-func validFilenameRune(r rune) bool {
-	switch r {
-	case '/':
-		return false
-	case '\\', ':', '*', '"', '<', '>', '|':
-		// Invalid stuff on Windows, but we reject them everywhere
-		// for now.
-		// TODO(bradfitz): figure out a better plan. We initially just
-		// wrote things to disk URL path-escaped, but that's gross
-		// when debugging, and just moves the problem to callers.
-		// So now we put the UTF-8 filenames on disk directly as
-		// sent.
-		return false
-	}
-	return unicode.IsPrint(r)
-}
-
-func (s *peerAPIServer) diskPath(baseName string) (fullPath string, ok bool) {
-	if !utf8.ValidString(baseName) {
-		return "", false
-	}
-	if strings.TrimSpace(baseName) != baseName {
-		return "", false
-	}
-	if len(baseName) > 255 {
-		return "", false
-	}
-	// TODO: validate unicode normalization form too? Varies by platform.
-	clean := path.Clean(baseName)
-	if clean != baseName ||
-		clean == "." || clean == ".." ||
-		strings.HasSuffix(clean, deletedSuffix) ||
-		strings.HasSuffix(clean, partialSuffix) {
-		return "", false
-	}
-	for _, r := range baseName {
-		if !validFilenameRune(r) {
-			return "", false
-		}
-	}
-	return filepath.Join(s.rootDir, baseName), true
-}
-
-// hasFilesWaiting reports whether any files are buffered in the
-// tailscaled daemon storage.
-func (s *peerAPIServer) hasFilesWaiting() bool {
-	if s.rootDir == "" || s.directFileMode {
-		return false
-	}
-	if s.knownEmpty.Get() {
-		// Optimization: this is usually empty, so avoid opening
-		// the directory and checking. We can't cache the actual
-		// has-files-or-not values as the macOS/iOS client might
-		// in the future use+delete the files directly. So only
-		// keep this negative cache.
-		return false
-	}
-	f, err := os.Open(s.rootDir)
-	if err != nil {
-		return false
-	}
-	defer f.Close()
-	for {
-		des, err := f.ReadDir(10)
-		for _, de := range des {
-			name := de.Name()
-			if strings.HasSuffix(name, partialSuffix) {
-				continue
-			}
-			if strings.HasSuffix(name, deletedSuffix) { // for Windows + tests
-				// After we're done looping over files, then try
-				// to delete this file. Don't do it proactively,
-				// as the OS may return "foo.jpg.deleted" before "foo.jpg"
-				// and we don't want to delete the ".deleted" file before
-				// enumerating to the "foo.jpg" file.
-				defer tryDeleteAgain(filepath.Join(s.rootDir, strings.TrimSuffix(name, deletedSuffix)))
-				continue
-			}
-			if de.Type().IsRegular() {
-				_, err := os.Stat(filepath.Join(s.rootDir, name+deletedSuffix))
-				if os.IsNotExist(err) {
-					return true
-				}
-				if err == nil {
-					tryDeleteAgain(filepath.Join(s.rootDir, name))
-					continue
-				}
-			}
-		}
-		if err == io.EOF {
-			s.knownEmpty.Set(true)
-		}
-		if err != nil {
-			break
-		}
-	}
-	return false
-}
-
-// WaitingFiles returns the list of files that have been sent by a
-// peer that are waiting in the buffered "pick up" directory owned by
-// the Tailscale daemon.
-//
-// As a side effect, it also does any lazy deletion of files as
-// required by Windows.
-func (s *peerAPIServer) WaitingFiles() (ret []apitype.WaitingFile, err error) {
-	if s.rootDir == "" {
-		return nil, errors.New("peerapi disabled; no storage configured")
-	}
-	if s.directFileMode {
-		return nil, nil
-	}
-	f, err := os.Open(s.rootDir)
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-	var deleted map[string]bool // "foo.jpg" => true (if "foo.jpg.deleted" exists)
-	for {
-		des, err := f.ReadDir(10)
-		for _, de := range des {
-			name := de.Name()
-			if strings.HasSuffix(name, partialSuffix) {
-				continue
-			}
-			if strings.HasSuffix(name, deletedSuffix) { // for Windows + tests
-				if deleted == nil {
-					deleted = map[string]bool{}
-				}
-				deleted[strings.TrimSuffix(name, deletedSuffix)] = true
-				continue
-			}
-			if de.Type().IsRegular() {
-				fi, err := de.Info()
-				if err != nil {
-					continue
-				}
-				ret = append(ret, apitype.WaitingFile{
-					Name: filepath.Base(name),
-					Size: fi.Size(),
-				})
-			}
-		}
-		if err == io.EOF {
-			break
-		}
-		if err != nil {
-			return nil, err
-		}
-	}
-	if len(deleted) > 0 {
-		// Filter out any return values "foo.jpg" where a
-		// "foo.jpg.deleted" marker file exists on disk.
-		all := ret
-		ret = ret[:0]
-		for _, wf := range all {
-			if !deleted[wf.Name] {
-				ret = append(ret, wf)
-			}
-		}
-		// And do some opportunistic deleting while we're here.
-		// Maybe Windows is done virus scanning the file we tried
-		// to delete a long time ago and will let us delete it now.
-		for name := range deleted {
-			tryDeleteAgain(filepath.Join(s.rootDir, name))
-		}
-	}
-	sort.Slice(ret, func(i, j int) bool { return ret[i].Name < ret[j].Name })
-	return ret, nil
-}
-
-// tryDeleteAgain tries to delete path (and path+deletedSuffix) after
-// it failed earlier.  This happens on Windows when various anti-virus
-// tools hook into filesystem operations and have the file open still
-// while we're trying to delete it. In that case we instead mark it as
-// deleted (writing a "foo.jpg.deleted" marker file), but then we
-// later try to clean them up.
-//
-// fullPath is the full path to the file without the deleted suffix.
-func tryDeleteAgain(fullPath string) {
-	if err := os.Remove(fullPath); err == nil || os.IsNotExist(err) {
-		os.Remove(fullPath + deletedSuffix)
-	}
-}
-
-func (s *peerAPIServer) DeleteFile(baseName string) error {
-	if s.rootDir == "" {
-		return errors.New("peerapi disabled; no storage configured")
-	}
-	if s.directFileMode {
-		return errors.New("deletes not allowed in direct mode")
-	}
-	path, ok := s.diskPath(baseName)
-	if !ok {
-		return errors.New("bad filename")
-	}
-	var bo *backoff.Backoff
-	logf := s.b.logf
-	t0 := time.Now()
-	for {
-		err := os.Remove(path)
-		if err != nil && !os.IsNotExist(err) {
-			err = redactErr(err)
-			// Put a retry loop around deletes on Windows. Windows
-			// file descriptor closes are effectively asynchronous,
-			// as a bunch of hooks run on/after close, and we can't
-			// necessarily delete the file for a while after close,
-			// as we need to wait for everybody to be done with
-			// it. (on Windows, unlike Unix, a file can't be deleted
-			// if it's open anywhere)
-			// So try a few times but ultimately just leave a
-			// "foo.jpg.deleted" marker file to note that it's
-			// deleted and we clean it up later.
-			if runtime.GOOS == "windows" {
-				if bo == nil {
-					bo = backoff.NewBackoff("delete-retry", logf, 1*time.Second)
-				}
-				if time.Since(t0) < 5*time.Second {
-					bo.BackOff(context.Background(), err)
-					continue
-				}
-				if err := touchFile(path + deletedSuffix); err != nil {
-					logf("peerapi: failed to leave deleted marker: %v", err)
-				}
-			}
-			logf("peerapi: failed to DeleteFile: %v", err)
-			return err
-		}
-		return nil
-	}
-}
-
-// redacted is a fake path name we use in errors, to avoid
-// accidentally logging actual filenames anywhere.
-const redacted = "redacted"
-
-func redactErr(err error) error {
-	if pe, ok := err.(*os.PathError); ok {
-		pe.Path = redacted
-	}
-	return err
-}
-
-func touchFile(path string) error {
-	f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE, 0666)
-	if err != nil {
-		return redactErr(err)
-	}
-	return f.Close()
-}
-
-func (s *peerAPIServer) OpenFile(baseName string) (rc io.ReadCloser, size int64, err error) {
-	if s.rootDir == "" {
-		return nil, 0, errors.New("peerapi disabled; no storage configured")
-	}
-	if s.directFileMode {
-		return nil, 0, errors.New("opens not allowed in direct mode")
-	}
-	path, ok := s.diskPath(baseName)
-	if !ok {
-		return nil, 0, errors.New("bad filename")
-	}
-	if fi, err := os.Stat(path + deletedSuffix); err == nil && fi.Mode().IsRegular() {
-		tryDeleteAgain(path)
-		return nil, 0, &fs.PathError{Op: "open", Path: redacted, Err: fs.ErrNotExist}
-	}
-	f, err := os.Open(path)
-	if err != nil {
-		return nil, 0, redactErr(err)
-	}
-	fi, err := f.Stat()
-	if err != nil {
-		f.Close()
-		return nil, 0, redactErr(err)
-	}
-	return f, fi.Size(), nil
+	b        *LocalBackend
+	rootDir  string
+	tunName  string
+	selfNode *tailcfg.Node
 }
 
 func (s *peerAPIServer) listen(ip netaddr.IP, ifState *interfaces.State) (ln net.Listener, err error) {
@@ -363,10 +51,6 @@ func (s *peerAPIServer) listen(ip netaddr.IP, ifState *interfaces.State) (ln net
 		}
 	}
 
-	if wgengine.IsNetstack(s.b.e) {
-		ipStr = ""
-	}
-
 	tcp4or6 := "tcp4"
 	if ip.Is6() {
 		tcp4or6 = "tcp6"
@@ -395,32 +79,21 @@ func (s *peerAPIServer) listen(ip netaddr.IP, ifState *interfaces.State) (ln net
 }
 
 type peerAPIListener struct {
-	ps *peerAPIServer
-	ip netaddr.IP
-	lb *LocalBackend
-
-	// ln is the Listener. It can be nil in netstack mode if there are more than
-	// 1 local addresses (e.g. both an IPv4 and IPv6). When it's nil, port
-	// and urlStr are still populated.
-	ln net.Listener
-
-	// urlStr is the base URL to access the peer API (http://ip:port/).
+	ps     *peerAPIServer
+	ln     net.Listener
+	lb     *LocalBackend
 	urlStr string
-	// port is just the port of urlStr.
-	port int
 }
 
-func (pln *peerAPIListener) Close() error {
-	if pln.ln != nil {
-		return pln.ln.Close()
+func (pln *peerAPIListener) Port() int {
+	ta, ok := pln.ln.Addr().(*net.TCPAddr)
+	if !ok {
+		return 0
 	}
-	return nil
+	return ta.Port
 }
 
 func (pln *peerAPIListener) serve() {
-	if pln.ln == nil {
-		return
-	}
 	defer pln.ln.Close()
 	logf := pln.lb.logf
 	for {
@@ -456,6 +129,7 @@ func (pln *peerAPIListener) serve() {
 			remoteAddr: ipp,
 			peerNode:   peerNode,
 			peerUser:   peerUser,
+			lb:         pln.lb,
 		}
 		httpServer := &http.Server{
 			Handler: h,
@@ -489,6 +163,7 @@ type peerAPIHandler struct {
 	isSelf     bool                // whether peerNode is owned by same user as this node
 	peerNode   *tailcfg.Node       // peerNode is who's making the request
 	peerUser   tailcfg.UserProfile // profile of peerNode
+	lb         *LocalBackend
 }
 
 func (h *peerAPIHandler) logf(format string, a ...interface{}) {
@@ -497,11 +172,7 @@ func (h *peerAPIHandler) logf(format string, a ...interface{}) {
 
 func (h *peerAPIHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if strings.HasPrefix(r.URL.Path, "/v0/put/") {
-		h.handlePeerPut(w, r)
-		return
-	}
-	if r.URL.Path == "/v0/goroutines" {
-		h.handleServeGoroutines(w, r)
+		h.put(w, r)
 		return
 	}
 	who := h.peerUser.DisplayName
@@ -510,203 +181,62 @@ func (h *peerAPIHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 <body>
 <h1>Hello, %s (%v)</h1>
 This is my Tailscale device. Your device is %v.
-`, html.EscapeString(who), h.remoteAddr.IP(), html.EscapeString(h.peerNode.ComputedName))
+`, html.EscapeString(who), h.remoteAddr.IP, html.EscapeString(h.peerNode.ComputedName))
 
 	if h.isSelf {
 		fmt.Fprintf(w, "<p>You are the owner of this node.\n")
 	}
 }
 
-type incomingFile struct {
-	name        string // "foo.jpg"
-	started     time.Time
-	size        int64     // or -1 if unknown; never 0
-	w           io.Writer // underlying writer
-	ph          *peerAPIHandler
-	partialPath string // non-empty in direct mode
-
-	mu         sync.Mutex
-	copied     int64
-	done       bool
-	lastNotify time.Time
-}
-
-func (f *incomingFile) markAndNotifyDone() {
-	f.mu.Lock()
-	f.done = true
-	f.mu.Unlock()
-	b := f.ph.ps.b
-	b.sendFileNotify()
-}
-
-func (f *incomingFile) Write(p []byte) (n int, err error) {
-	n, err = f.w.Write(p)
-
-	b := f.ph.ps.b
-	var needNotify bool
-	defer func() {
-		if needNotify {
-			b.sendFileNotify()
-		}
-	}()
-	if n > 0 {
-		f.mu.Lock()
-		defer f.mu.Unlock()
-		f.copied += int64(n)
-		now := time.Now()
-		if f.lastNotify.IsZero() || now.Sub(f.lastNotify) > time.Second {
-			f.lastNotify = now
-			needNotify = true
-		}
-	}
-	return n, err
-}
-
-func (f *incomingFile) PartialFile() ipn.PartialFile {
-	f.mu.Lock()
-	defer f.mu.Unlock()
-	return ipn.PartialFile{
-		Name:         f.name,
-		Started:      f.started,
-		DeclaredSize: f.size,
-		Received:     f.copied,
-		PartialPath:  f.partialPath,
-		Done:         f.done,
-	}
-}
-
-func (h *peerAPIHandler) handlePeerPut(w http.ResponseWriter, r *http.Request) {
+func (h *peerAPIHandler) put(w http.ResponseWriter, r *http.Request) {
 	if !h.isSelf {
 		http.Error(w, "not owner", http.StatusForbidden)
 		return
 	}
-	if !h.ps.b.hasCapFileSharing() {
-		http.Error(w, "file sharing not enabled by Tailscale admin", http.StatusForbidden)
-		return
-	}
 	if r.Method != "PUT" {
-		http.Error(w, "expected method PUT", http.StatusMethodNotAllowed)
+		http.Error(w, "not method PUT", http.StatusMethodNotAllowed)
 		return
 	}
 	if h.ps.rootDir == "" {
 		http.Error(w, "no rootdir", http.StatusInternalServerError)
 		return
 	}
-	rawPath := r.URL.EscapedPath()
-	suffix := strings.TrimPrefix(rawPath, "/v0/put/")
-	if suffix == rawPath {
-		http.Error(w, "misconfigured internals", 500)
+	name := path.Base(r.URL.Path)
+	if name == "." || name == "/" {
+		http.Error(w, "bad filename", http.StatusForbidden)
 		return
 	}
-	if suffix == "" {
-		http.Error(w, "empty filename", 400)
-		return
-	}
-	if strings.Contains(suffix, "/") {
-		http.Error(w, "directories not supported", 400)
-		return
-	}
-	baseName, err := url.PathUnescape(suffix)
+	fileBase := strings.ReplaceAll(url.PathEscape(name), ":", "%3a")
+	dstFile := filepath.Join(h.ps.rootDir, fileBase)
+	f, err := os.Create(dstFile)
 	if err != nil {
-		http.Error(w, "bad path encoding", 400)
-		return
-	}
-	dstFile, ok := h.ps.diskPath(baseName)
-	if !ok {
-		http.Error(w, "bad filename", 400)
-		return
-	}
-	t0 := time.Now()
-	// TODO(bradfitz): prevent same filename being sent by two peers at once
-	partialFile := dstFile + partialSuffix
-	f, err := os.Create(partialFile)
-	if err != nil {
-		h.logf("put Create error: %v", redactErr(err))
+		h.logf("put Create error: %v", err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	var success bool
 	defer func() {
 		if !success {
-			os.Remove(partialFile)
+			os.Remove(dstFile)
 		}
 	}()
-	var finalSize int64
-	var inFile *incomingFile
-	if r.ContentLength != 0 {
-		inFile = &incomingFile{
-			name:    baseName,
-			started: time.Now(),
-			size:    r.ContentLength,
-			w:       f,
-			ph:      h,
-		}
-		if h.ps.directFileMode {
-			inFile.partialPath = partialFile
-		}
-		h.ps.b.registerIncomingFile(inFile, true)
-		defer h.ps.b.registerIncomingFile(inFile, false)
-		n, err := io.Copy(inFile, r.Body)
-		if err != nil {
-			err = redactErr(err)
-			f.Close()
-			h.logf("put Copy error: %v", err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-		finalSize = n
+	n, err := io.Copy(f, r.Body)
+	if err != nil {
+		f.Close()
+		h.logf("put Copy error: %v", err)
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
 	}
-	if err := redactErr(f.Close()); err != nil {
+	if err := f.Close(); err != nil {
 		h.logf("put Close error: %v", err)
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
-	if h.ps.directFileMode {
-		if inFile != nil { // non-zero length; TODO: notify even for zero length
-			inFile.markAndNotifyDone()
-		}
-	} else {
-		if err := os.Rename(partialFile, dstFile); err != nil {
-			err = redactErr(err)
-			h.logf("put final rename: %v", err)
-			http.Error(w, err.Error(), http.StatusInternalServerError)
-			return
-		}
-	}
 
-	d := time.Since(t0).Round(time.Second / 10)
-	h.logf("got put of %s in %v from %v/%v", approxSize(finalSize), d, h.remoteAddr.IP, h.peerNode.ComputedName)
+	h.logf("put(%q): %d bytes from %v/%v", name, n, h.remoteAddr.IP, h.peerNode.ComputedName)
 
 	// TODO: set modtime
 	// TODO: some real response
 	success = true
 	io.WriteString(w, "{}\n")
-	h.ps.knownEmpty.Set(false)
-	h.ps.b.sendFileNotify()
-}
-
-func approxSize(n int64) string {
-	if n <= 1<<10 {
-		return "<=1KB"
-	}
-	if n <= 1<<20 {
-		return "<=1MB"
-	}
-	return fmt.Sprintf("~%dMB", n>>20)
-}
-
-func (h *peerAPIHandler) handleServeGoroutines(w http.ResponseWriter, r *http.Request) {
-	if !h.isSelf {
-		http.Error(w, "not owner", http.StatusForbidden)
-		return
-	}
-	var buf []byte
-	for size := 4 << 10; size <= 2<<20; size *= 2 {
-		buf = make([]byte, size)
-		buf = buf[:runtime.Stack(buf, true)]
-		if len(buf) < size {
-			break
-		}
-	}
-	w.Write(buf)
 }

ipn/ipnlocal/peerapi_macios_ext.go

@@ -2,24 +2,24 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// +build darwin,ts_macext ios,ts_macext
+// +build darwin,redo ios,redo
 
 package ipnlocal
 
 import (
-	"errors"
 	"fmt"
+	"log"
 	"net"
+	"strings"
 	"syscall"
 
+	"golang.org/x/sys/unix"
 	"inet.af/netaddr"
 	"tailscale.com/net/interfaces"
-	"tailscale.com/net/netns"
 )
 
 func init() {
 	initListenConfig = initListenConfigNetworkExtension
-	peerDialControlFunc = peerDialControlFuncNetworkExtension
 }
 
 // initListenConfigNetworkExtension configures nc for listening on IP
@@ -30,26 +30,25 @@ func initListenConfigNetworkExtension(nc *net.ListenConfig, ip netaddr.IP, st *i
 	if !ok {
 		return fmt.Errorf("no interface with name %q", tunIfName)
 	}
-	return netns.SetListenConfigInterfaceIndex(nc, tunIf.Index)
-}
+	nc.Control = func(network, address string, c syscall.RawConn) error {
+		var sockErr error
+		err := c.Control(func(fd uintptr) {
 
-func peerDialControlFuncNetworkExtension(b *LocalBackend) func(network, address string, c syscall.RawConn) error {
-	b.mu.Lock()
-	defer b.mu.Unlock()
-	st := b.prevIfState
-	pas := b.peerAPIServer
-	index := -1
-	if st != nil && pas != nil && pas.tunName != "" {
-		if tunIf, ok := st.Interface[pas.tunName]; ok {
-			index = tunIf.Index
+			v6 := strings.Contains(address, "]:") || strings.HasSuffix(network, "6") // hacky test for v6
+			proto := unix.IPPROTO_IP
+			opt := unix.IP_BOUND_IF
+			if v6 {
+				proto = unix.IPPROTO_IPV6
+				opt = unix.IPV6_BOUND_IF
+			}
+
+			sockErr = unix.SetsockoptInt(int(fd), proto, opt, tunIf.Index)
+			log.Printf("peerapi: bind(%q, %q) on index %v = %v", network, address, tunIf.Index, sockErr)
+		})
+		if err != nil {
+			return err
 		}
+		return sockErr
 	}
-	var lc net.ListenConfig
-	netns.SetListenConfigInterfaceIndex(&lc, index)
-	return func(network, address string, c syscall.RawConn) error {
-		if index == -1 {
-			return errors.New("failed to find TUN interface to bind to")
-		}
-		return lc.Control(network, address, c)
-	}
+	return nil
 }

ipn/ipnlocal/peerapi_test.go

@@ -1,573 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ipnlocal
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"io/fs"
-	"io/ioutil"
-	"math/rand"
-	"net/http"
-	"net/http/httptest"
-	"os"
-	"path/filepath"
-	"runtime"
-	"strings"
-	"testing"
-
-	"tailscale.com/tailcfg"
-)
-
-type peerAPITestEnv struct {
-	ph     *peerAPIHandler
-	rr     *httptest.ResponseRecorder
-	logBuf bytes.Buffer
-}
-
-func (e *peerAPITestEnv) logf(format string, a ...interface{}) {
-	fmt.Fprintf(&e.logBuf, format, a...)
-}
-
-type check func(*testing.T, *peerAPITestEnv)
-
-func checks(vv ...check) []check { return vv }
-
-func httpStatus(wantStatus int) check {
-	return func(t *testing.T, e *peerAPITestEnv) {
-		if res := e.rr.Result(); res.StatusCode != wantStatus {
-			t.Errorf("HTTP response code = %v; want %v", res.Status, wantStatus)
-		}
-	}
-}
-
-func bodyContains(sub string) check {
-	return func(t *testing.T, e *peerAPITestEnv) {
-		if body := e.rr.Body.String(); !strings.Contains(body, sub) {
-			t.Errorf("HTTP response body does not contain %q; got: %s", sub, body)
-		}
-	}
-}
-
-func bodyNotContains(sub string) check {
-	return func(t *testing.T, e *peerAPITestEnv) {
-		if body := e.rr.Body.String(); strings.Contains(body, sub) {
-			t.Errorf("HTTP response body unexpectedly contains %q; got: %s", sub, body)
-		}
-	}
-}
-
-func fileHasSize(name string, size int) check {
-	return func(t *testing.T, e *peerAPITestEnv) {
-		root := e.ph.ps.rootDir
-		if root == "" {
-			t.Errorf("no rootdir; can't check whether %q has size %v", name, size)
-			return
-		}
-		path := filepath.Join(root, name)
-		if fi, err := os.Stat(path); err != nil {
-			t.Errorf("fileHasSize(%q, %v): %v", name, size, err)
-		} else if fi.Size() != int64(size) {
-			t.Errorf("file %q has size %v; want %v", name, fi.Size(), size)
-		}
-	}
-}
-
-func fileHasContents(name string, want string) check {
-	return func(t *testing.T, e *peerAPITestEnv) {
-		root := e.ph.ps.rootDir
-		if root == "" {
-			t.Errorf("no rootdir; can't check contents of %q", name)
-			return
-		}
-		path := filepath.Join(root, name)
-		got, err := ioutil.ReadFile(path)
-		if err != nil {
-			t.Errorf("fileHasContents: %v", err)
-			return
-		}
-		if string(got) != want {
-			t.Errorf("file contents = %q; want %q", got, want)
-		}
-	}
-}
-
-func hexAll(v string) string {
-	var sb strings.Builder
-	for i := 0; i < len(v); i++ {
-		fmt.Fprintf(&sb, "%%%02x", v[i])
-	}
-	return sb.String()
-}
-
-func TestHandlePeerAPI(t *testing.T) {
-	tests := []struct {
-		name       string
-		isSelf     bool // the peer sending the request is owned by us
-		capSharing bool // self node has file sharing capabilty
-		omitRoot   bool // don't configure
-		req        *http.Request
-		checks     []check
-	}{
-		{
-			name:       "not_peer_api",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("GET", "/", nil),
-			checks: checks(
-				httpStatus(200),
-				bodyContains("This is my Tailscale device."),
-				bodyContains("You are the owner of this node."),
-			),
-		},
-		{
-			name:       "not_peer_api_not_owner",
-			isSelf:     false,
-			capSharing: true,
-			req:        httptest.NewRequest("GET", "/", nil),
-			checks: checks(
-				httpStatus(200),
-				bodyContains("This is my Tailscale device."),
-				bodyNotContains("You are the owner of this node."),
-			),
-		},
-		{
-			name:   "peer_api_goroutines_deny",
-			isSelf: false,
-			req:    httptest.NewRequest("GET", "/v0/goroutines", nil),
-			checks: checks(httpStatus(403)),
-		},
-		{
-			name:   "peer_api_goroutines",
-			isSelf: true,
-			req:    httptest.NewRequest("GET", "/v0/goroutines", nil),
-			checks: checks(
-				httpStatus(200),
-				bodyContains("ServeHTTP"),
-			),
-		},
-		{
-			name:       "reject_non_owner_put",
-			isSelf:     false,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
-			checks: checks(
-				httpStatus(http.StatusForbidden),
-				bodyContains("not owner"),
-			),
-		},
-		{
-			name:       "owner_without_cap",
-			isSelf:     true,
-			capSharing: false,
-			req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
-			checks: checks(
-				httpStatus(http.StatusForbidden),
-				bodyContains("file sharing not enabled by Tailscale admin"),
-			),
-		},
-		{
-			name:       "owner_with_cap_no_rootdir",
-			omitRoot:   true,
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
-			checks: checks(
-				httpStatus(http.StatusInternalServerError),
-				bodyContains("no rootdir"),
-			),
-		},
-		{
-			name:       "bad_method",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("POST", "/v0/put/foo", nil),
-			checks: checks(
-				httpStatus(405),
-				bodyContains("expected method PUT"),
-			),
-		},
-		{
-			name:       "put_zero_length",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/foo", nil),
-			checks: checks(
-				httpStatus(200),
-				bodyContains("{}"),
-				fileHasSize("foo", 0),
-				fileHasContents("foo", ""),
-			),
-		},
-		{
-			name:       "put_non_zero_length_content_length",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/foo", strings.NewReader("contents")),
-			checks: checks(
-				httpStatus(200),
-				bodyContains("{}"),
-				fileHasSize("foo", len("contents")),
-				fileHasContents("foo", "contents"),
-			),
-		},
-		{
-			name:       "put_non_zero_length_chunked",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/foo", struct{ io.Reader }{strings.NewReader("contents")}),
-			checks: checks(
-				httpStatus(200),
-				bodyContains("{}"),
-				fileHasSize("foo", len("contents")),
-				fileHasContents("foo", "contents"),
-			),
-		},
-		{
-			name:       "bad_filename_partial",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/foo.partial", nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "bad_filename_deleted",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/foo.deleted", nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "bad_filename_dot",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/.", nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "bad_filename_empty",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/", nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("empty filename"),
-			),
-		},
-		{
-			name:       "bad_filename_slash",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/foo/bar", nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("directories not supported"),
-			),
-		},
-		{
-			name:       "bad_filename_encoded_dot",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("."), nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "bad_filename_encoded_slash",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("/"), nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "bad_filename_encoded_backslash",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("\\"), nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "bad_filename_encoded_dotdot",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll(".."), nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "bad_filename_encoded_dotdot_out",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("foo/../../../../../etc/passwd"), nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "put_spaces_and_caps",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("Foo Bar.dat"), strings.NewReader("baz")),
-			checks: checks(
-				httpStatus(200),
-				bodyContains("{}"),
-				fileHasContents("Foo Bar.dat", "baz"),
-			),
-		},
-		{
-			name:       "put_unicode",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("Томас и его друзья.mp3"), strings.NewReader("главный озорник")),
-			checks: checks(
-				httpStatus(200),
-				bodyContains("{}"),
-				fileHasContents("Томас и его друзья.mp3", "главный озорник"),
-			),
-		},
-		{
-			name:       "put_invalid_utf8",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+(hexAll("😜")[:3]), nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "put_invalid_null",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/%00", nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "put_invalid_non_printable",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/%01", nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "put_invalid_colon",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll("nul:"), nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-		{
-			name:       "put_invalid_surrounding_whitespace",
-			isSelf:     true,
-			capSharing: true,
-			req:        httptest.NewRequest("PUT", "/v0/put/"+hexAll(" foo "), nil),
-			checks: checks(
-				httpStatus(400),
-				bodyContains("bad filename"),
-			),
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			var e peerAPITestEnv
-			lb := &LocalBackend{
-				logf:           e.logf,
-				capFileSharing: tt.capSharing,
-			}
-			e.ph = &peerAPIHandler{
-				isSelf: tt.isSelf,
-				peerNode: &tailcfg.Node{
-					ComputedName: "some-peer-name",
-				},
-				ps: &peerAPIServer{
-					b: lb,
-				},
-			}
-			var rootDir string
-			if !tt.omitRoot {
-				rootDir = t.TempDir()
-				e.ph.ps.rootDir = rootDir
-			}
-			e.rr = httptest.NewRecorder()
-			e.ph.ServeHTTP(e.rr, tt.req)
-			for _, f := range tt.checks {
-				f(t, &e)
-			}
-			if t.Failed() && rootDir != "" {
-				t.Logf("Contents of %s:", rootDir)
-				des, _ := fs.ReadDir(os.DirFS(rootDir), ".")
-				for _, de := range des {
-					fi, err := de.Info()
-					if err != nil {
-						t.Log(err)
-					} else {
-						t.Logf("  %v %5d %s", fi.Mode(), fi.Size(), de.Name())
-					}
-				}
-			}
-		})
-	}
-}
-
-// Windows likes to hold on to file descriptors for some indeterminate
-// amount of time after you close them and not let you delete them for
-// a bit. So test that we work around that sufficiently.
-func TestFileDeleteRace(t *testing.T) {
-	dir := t.TempDir()
-	ps := &peerAPIServer{
-		b: &LocalBackend{
-			logf:           t.Logf,
-			capFileSharing: true,
-		},
-		rootDir: dir,
-	}
-	ph := &peerAPIHandler{
-		isSelf: true,
-		peerNode: &tailcfg.Node{
-			ComputedName: "some-peer-name",
-		},
-		ps: ps,
-	}
-	buf := make([]byte, 2<<20)
-	for i := 0; i < 30; i++ {
-		rr := httptest.NewRecorder()
-		ph.ServeHTTP(rr, httptest.NewRequest("PUT", "/v0/put/foo.txt", bytes.NewReader(buf[:rand.Intn(len(buf))])))
-		if res := rr.Result(); res.StatusCode != 200 {
-			t.Fatal(res.Status)
-		}
-		wfs, err := ps.WaitingFiles()
-		if err != nil {
-			t.Fatal(err)
-		}
-		if len(wfs) != 1 {
-			t.Fatalf("waiting files = %d; want 1", len(wfs))
-		}
-
-		if err := ps.DeleteFile("foo.txt"); err != nil {
-			t.Fatal(err)
-		}
-		wfs, err = ps.WaitingFiles()
-		if err != nil {
-			t.Fatal(err)
-		}
-		if len(wfs) != 0 {
-			t.Fatalf("waiting files = %d; want 0", len(wfs))
-		}
-	}
-}
-
-// Tests "foo.jpg.deleted" marks (for Windows).
-func TestDeletedMarkers(t *testing.T) {
-	dir := t.TempDir()
-	ps := &peerAPIServer{
-		b: &LocalBackend{
-			logf:           t.Logf,
-			capFileSharing: true,
-		},
-		rootDir: dir,
-	}
-
-	nothingWaiting := func() {
-		t.Helper()
-		ps.knownEmpty.Set(false)
-		if ps.hasFilesWaiting() {
-			t.Fatal("unexpected files waiting")
-		}
-	}
-	touch := func(base string) {
-		t.Helper()
-		if err := touchFile(filepath.Join(dir, base)); err != nil {
-			t.Fatal(err)
-		}
-	}
-	wantEmptyTempDir := func() {
-		t.Helper()
-		if fis, err := ioutil.ReadDir(dir); err != nil {
-			t.Fatal(err)
-		} else if len(fis) > 0 && runtime.GOOS != "windows" {
-			for _, fi := range fis {
-				t.Errorf("unexpected file in tempdir: %q", fi.Name())
-			}
-		}
-	}
-
-	nothingWaiting()
-	wantEmptyTempDir()
-
-	touch("foo.jpg.deleted")
-	nothingWaiting()
-	wantEmptyTempDir()
-
-	touch("foo.jpg.deleted")
-	touch("foo.jpg")
-	nothingWaiting()
-	wantEmptyTempDir()
-
-	touch("foo.jpg.deleted")
-	touch("foo.jpg")
-	wf, err := ps.WaitingFiles()
-	if err != nil {
-		t.Fatal(err)
-	}
-	if len(wf) != 0 {
-		t.Fatalf("WaitingFiles = %d; want 0", len(wf))
-	}
-	wantEmptyTempDir()
-
-	touch("foo.jpg.deleted")
-	touch("foo.jpg")
-	if rc, _, err := ps.OpenFile("foo.jpg"); err == nil {
-		rc.Close()
-		t.Fatal("unexpected foo.jpg open")
-	}
-	wantEmptyTempDir()
-
-	// And verify basics still work in non-deleted cases.
-	touch("foo.jpg")
-	touch("bar.jpg.deleted")
-	if wf, err := ps.WaitingFiles(); err != nil {
-		t.Error(err)
-	} else if len(wf) != 1 {
-		t.Errorf("WaitingFiles = %d; want 1", len(wf))
-	} else if wf[0].Name != "foo.jpg" {
-		t.Errorf("unexpected waiting file %+v", wf[0])
-	}
-	if rc, _, err := ps.OpenFile("foo.jpg"); err != nil {
-		t.Fatal(err)
-	} else {
-		rc.Close()
-	}
-
-}

ipn/ipnlocal/state_test.go

@@ -1,919 +0,0 @@
-// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ipnlocal
-
-import (
-	"context"
-	"sync"
-	"testing"
-	"time"
-
-	qt "github.com/frankban/quicktest"
-
-	"tailscale.com/control/controlclient"
-	"tailscale.com/ipn"
-	"tailscale.com/syncs"
-	"tailscale.com/tailcfg"
-	"tailscale.com/types/empty"
-	"tailscale.com/types/logger"
-	"tailscale.com/types/netmap"
-	"tailscale.com/types/persist"
-	"tailscale.com/types/wgkey"
-	"tailscale.com/wgengine"
-)
-
-// notifyThrottler receives notifications from an ipn.Backend, blocking
-// (with eventual timeout and t.Fatal) if there are too many and complaining
-// (also with t.Fatal) if they are too few.
-type notifyThrottler struct {
-	t *testing.T
-
-	// ch gets replaced frequently. Lock the mutex before getting or
-	// setting it, but not while waiting on it.
-	mu sync.Mutex
-	ch chan ipn.Notify
-}
-
-// expect tells the throttler to expect count upcoming notifications.
-func (nt *notifyThrottler) expect(count int) {
-	nt.mu.Lock()
-	nt.ch = make(chan ipn.Notify, count)
-	nt.mu.Unlock()
-}
-
-// put adds one notification into the throttler's queue.
-func (nt *notifyThrottler) put(n ipn.Notify) {
-	nt.mu.Lock()
-	ch := nt.ch
-	nt.mu.Unlock()
-
-	select {
-	case ch <- n:
-		return
-	default:
-		nt.t.Fatalf("put: channel full: %v", n)
-	}
-}
-
-// drain pulls the notifications out of the queue, asserting that there are
-// exactly count notifications that have been put so far.
-func (nt *notifyThrottler) drain(count int) []ipn.Notify {
-	nt.mu.Lock()
-	ch := nt.ch
-	nt.mu.Unlock()
-
-	nn := []ipn.Notify{}
-	for i := 0; i < count; i++ {
-		select {
-		case n := <-ch:
-			nn = append(nn, n)
-		case <-time.After(6 * time.Second):
-			nt.t.Fatalf("drain: channel empty after %d/%d", i, count)
-		}
-	}
-
-	// no more notifications expected
-	close(ch)
-
-	return nn
-}
-
-// mockControl is a mock implementation of controlclient.Client.
-// Much of the backend state machine depends on callbacks and state
-// in the controlclient.Client, so by controlling it, we can check that
-// the state machine works as expected.
-type mockControl struct {
-	opts       controlclient.Options
-	logf       logger.Logf
-	statusFunc func(controlclient.Status)
-
-	mu          sync.Mutex
-	calls       []string
-	authBlocked bool
-	persist     persist.Persist
-	machineKey  wgkey.Private
-}
-
-func newMockControl() *mockControl {
-	return &mockControl{
-		calls:       []string{},
-		authBlocked: true,
-	}
-}
-
-func (cc *mockControl) SetStatusFunc(fn func(controlclient.Status)) {
-	cc.statusFunc = fn
-}
-
-func (cc *mockControl) populateKeys() (newKeys bool) {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	if cc.machineKey.IsZero() {
-		cc.logf("Copying machineKey.")
-		cc.machineKey, _ = cc.opts.GetMachinePrivateKey()
-		newKeys = true
-	}
-
-	if cc.persist.PrivateNodeKey.IsZero() {
-		cc.logf("Generating a new nodekey.")
-		cc.persist.OldPrivateNodeKey = cc.persist.PrivateNodeKey
-		cc.persist.PrivateNodeKey, _ = wgkey.NewPrivate()
-		newKeys = true
-	}
-
-	return newKeys
-}
-
-// send publishes a controlclient.Status notification upstream.
-// (In our tests here, upstream is the ipnlocal.Local instance.)
-func (cc *mockControl) send(err error, url string, loginFinished bool, nm *netmap.NetworkMap) {
-	if cc.statusFunc != nil {
-		s := controlclient.Status{
-			URL:     url,
-			NetMap:  nm,
-			Persist: &cc.persist,
-		}
-		if err != nil {
-			s.Err = err.Error()
-		}
-		if loginFinished {
-			s.LoginFinished = &empty.Message{}
-		} else if url == "" && err == nil && nm == nil {
-			s.LogoutFinished = &empty.Message{}
-		}
-		cc.statusFunc(s)
-	}
-}
-
-// called records that a particular function name was called.
-func (cc *mockControl) called(s string) {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	cc.calls = append(cc.calls, s)
-}
-
-// getCalls returns the list of functions that have been called since the
-// last time getCalls was run.
-func (cc *mockControl) getCalls() []string {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	r := cc.calls
-	cc.calls = []string{}
-	return r
-}
-
-// setAuthBlocked changes the return value of AuthCantContinue.
-// Auth is blocked if you haven't called Login, the control server hasn't
-// provided an auth URL, or it has provided an auth URL and you haven't
-// visited it yet.
-func (cc *mockControl) setAuthBlocked(blocked bool) {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	cc.authBlocked = blocked
-}
-
-// Shutdown disconnects the client.
-//
-// Note that in a normal controlclient, Shutdown would be the last thing you
-// do before discarding the object. In this mock, we don't actually discard
-// the object, but if you see a call to Shutdown, you should always see a
-// call to New right after it, if the object continues to be used.
-// (Note that "New" is the ccGen function here; it means ipn.Backend wanted
-// to create an entirely new controlclient.)
-func (cc *mockControl) Shutdown() {
-	cc.logf("Shutdown")
-	cc.called("Shutdown")
-}
-
-// Login starts a login process.
-// Note that in this mock, we don't automatically generate notifications
-// about the progress of the login operation. You have to call setAuthBlocked()
-// and send() as required by the test.
-func (cc *mockControl) Login(t *tailcfg.Oauth2Token, flags controlclient.LoginFlags) {
-	cc.logf("Login token=%v flags=%v", t, flags)
-	cc.called("Login")
-	newKeys := cc.populateKeys()
-
-	interact := (flags & controlclient.LoginInteractive) != 0
-	cc.logf("Login: interact=%v newKeys=%v", interact, newKeys)
-	cc.setAuthBlocked(interact || newKeys)
-}
-
-func (cc *mockControl) StartLogout() {
-	cc.logf("StartLogout")
-	cc.called("StartLogout")
-}
-
-func (cc *mockControl) Logout(ctx context.Context) error {
-	cc.logf("Logout")
-	cc.called("Logout")
-	return nil
-}
-
-func (cc *mockControl) SetPaused(paused bool) {
-	cc.logf("SetPaused=%v", paused)
-	if paused {
-		cc.called("pause")
-	} else {
-		cc.called("unpause")
-	}
-}
-
-func (cc *mockControl) AuthCantContinue() bool {
-	cc.mu.Lock()
-	defer cc.mu.Unlock()
-
-	return cc.authBlocked
-}
-
-func (cc *mockControl) SetHostinfo(hi *tailcfg.Hostinfo) {
-	cc.logf("SetHostinfo: %v", *hi)
-	cc.called("SetHostinfo")
-}
-
-func (cc *mockControl) SetNetInfo(ni *tailcfg.NetInfo) {
-	cc.called("SetNetinfo")
-	cc.logf("SetNetInfo: %v", *ni)
-	cc.called("SetNetInfo")
-}
-
-func (cc *mockControl) UpdateEndpoints(localPort uint16, endpoints []tailcfg.Endpoint) {
-	// validate endpoint information here?
-	cc.logf("UpdateEndpoints: lp=%v ep=%v", localPort, endpoints)
-	cc.called("UpdateEndpoints")
-}
-
-func (*mockControl) SetDNS(context.Context, *tailcfg.SetDNSRequest) error {
-	panic("unexpected SetDNS call")
-}
-
-// A very precise test of the sequence of function calls generated by
-// ipnlocal.Local into its controlclient instance, and the events it
-// produces upstream into the UI.
-//
-// [apenwarr] Normally I'm not a fan of "mock" style tests, but the precise
-// sequence of this state machine is so important for writing our multiple
-// frontends, that it's worth validating it all in one place.
-//
-// Any changes that affect this test will most likely require carefully
-// re-testing all our GUIs (and the CLI) to make sure we didn't break
-// anything.
-//
-// Note also that this test doesn't have any timers, goroutines, or duplicate
-// detection. It expects messages to be produced in exactly the right order,
-// with no duplicates, without doing network activity (other than through
-// controlclient, which we fake, so there's no network activity there either).
-//
-// TODO: A few messages that depend on magicsock (which actually might have
-// network delays) are just ignored for now, which makes the test
-// predictable, but maybe a bit less thorough. This is more of an overall
-// state machine test than a test of the wgengine+magicsock integration.
-func TestStateMachine(t *testing.T) {
-	c := qt.New(t)
-
-	logf := t.Logf
-	store := new(testStateStorage)
-	e, err := wgengine.NewFakeUserspaceEngine(logf, 0)
-	if err != nil {
-		t.Fatalf("NewFakeUserspaceEngine: %v", err)
-	}
-
-	cc := newMockControl()
-	b, err := NewLocalBackend(logf, "logid", store, e)
-	if err != nil {
-		t.Fatalf("NewLocalBackend: %v", err)
-	}
-	b.SetControlClientGetterForTesting(func(opts controlclient.Options) (controlclient.Client, error) {
-		cc.mu.Lock()
-		cc.opts = opts
-		cc.logf = opts.Logf
-		cc.authBlocked = true
-		cc.persist = cc.opts.Persist
-		cc.mu.Unlock()
-
-		cc.logf("ccGen: new mockControl.")
-		cc.called("New")
-		return cc, nil
-	})
-
-	notifies := &notifyThrottler{t: t}
-	notifies.expect(0)
-
-	b.SetNotifyCallback(func(n ipn.Notify) {
-		if n.State != nil ||
-			n.Prefs != nil ||
-			n.BrowseToURL != nil ||
-			n.LoginFinished != nil {
-			logf("\n%v\n\n", n)
-			notifies.put(n)
-		} else {
-			logf("\n(ignored) %v\n\n", n)
-		}
-	})
-
-	// Check that it hasn't called us right away.
-	// The state machine should be idle until we call Start().
-	c.Assert(cc.getCalls(), qt.HasLen, 0)
-
-	// Start the state machine.
-	// Since !WantRunning by default, it'll create a controlclient,
-	// but not ask it to do anything yet.
-	t.Logf("\n\nStart")
-	notifies.expect(2)
-	c.Assert(b.Start(ipn.Options{StateKey: ipn.GlobalDaemonStateKey}), qt.IsNil)
-	{
-		// BUG: strictly, it should pause, not unpause, here, since !WantRunning.
-		c.Assert([]string{"New", "unpause"}, qt.DeepEquals, cc.getCalls())
-
-		nn := notifies.drain(2)
-		c.Assert(cc.getCalls(), qt.HasLen, 0)
-		c.Assert(nn[0].Prefs, qt.Not(qt.IsNil))
-		c.Assert(nn[1].State, qt.Not(qt.IsNil))
-		prefs := *nn[0].Prefs
-		// Note: a totally fresh system has Prefs.LoggedOut=false by
-		// default. We are logged out, but not because the user asked
-		// for it, so it doesn't count as Prefs.LoggedOut==true.
-		c.Assert(nn[0].Prefs.LoggedOut, qt.IsFalse)
-		c.Assert(prefs.WantRunning, qt.IsFalse)
-		c.Assert(ipn.NeedsLogin, qt.Equals, *nn[1].State)
-		c.Assert(ipn.NeedsLogin, qt.Equals, b.State())
-	}
-
-	// Restart the state machine.
-	// It's designed to handle frontends coming and going sporadically.
-	// Make the sure the restart not only works, but generates the same
-	// events as the first time, so UIs always know what to expect.
-	t.Logf("\n\nStart2")
-	notifies.expect(2)
-	c.Assert(b.Start(ipn.Options{StateKey: ipn.GlobalDaemonStateKey}), qt.IsNil)
-	{
-		// BUG: strictly, it should pause, not unpause, here, since !WantRunning.
-		c.Assert([]string{"Shutdown", "unpause", "New", "unpause"}, qt.DeepEquals, cc.getCalls())
-
-		nn := notifies.drain(2)
-		c.Assert(cc.getCalls(), qt.HasLen, 0)
-		c.Assert(nn[0].Prefs, qt.Not(qt.IsNil))
-		c.Assert(nn[1].State, qt.Not(qt.IsNil))
-		c.Assert(nn[0].Prefs.LoggedOut, qt.IsFalse)
-		c.Assert(nn[0].Prefs.WantRunning, qt.IsFalse)
-		c.Assert(ipn.NeedsLogin, qt.Equals, *nn[1].State)
-		c.Assert(ipn.NeedsLogin, qt.Equals, b.State())
-	}
-
-	// Start non-interactive login with no token.
-	// This will ask controlclient to start its own Login() process,
-	// then wait for us to respond.
-	t.Logf("\n\nLogin (noninteractive)")
-	notifies.expect(0)
-	b.Login(nil)
-	{
-		c.Assert(cc.getCalls(), qt.DeepEquals, []string{"Login"})
-		notifies.drain(0)
-		// Note: WantRunning isn't true yet. It'll switch to true
-		// after a successful login finishes.
-		// (This behaviour is needed so that b.Login() won't
-		// start connecting to an old account right away, if one
-		// exists when you launch another login.)
-	}
-
-	// Attempted non-interactive login with no key; indicate that
-	// the user needs to visit a login URL.
-	t.Logf("\n\nLogin (url response)")
-	notifies.expect(1)
-	url1 := "http://localhost:1/1"
-	cc.send(nil, url1, false, nil)
-	{
-		c.Assert(cc.getCalls(), qt.DeepEquals, []string{"unpause"})
-
-		// ...but backend eats that notification, because the user
-		// didn't explicitly request interactive login yet, and
-		// we're already in NeedsLogin state.
-		nn := notifies.drain(1)
-
-		c.Assert(nn[0].Prefs, qt.Not(qt.IsNil))
-		c.Assert(nn[0].Prefs.LoggedOut, qt.IsFalse)
-		c.Assert(nn[0].Prefs.WantRunning, qt.IsFalse)
-	}
-
-	// Now we'll try an interactive login.
-	// Since we provided an interactive URL earlier, this shouldn't
-	// ask control to do anything. Instead backend will emit an event
-	// indicating that the UI should browse to the given URL.
-	t.Logf("\n\nLogin (interactive)")
-	notifies.expect(1)
-	b.StartLoginInteractive()
-	{
-		nn := notifies.drain(1)
-		// BUG: UpdateEndpoints shouldn't be called yet.
-		// We're still not logged in so there's nothing we can do
-		// with it. (And empirically, it's providing an empty list
-		// of endpoints.)
-		c.Assert([]string{"UpdateEndpoints", "unpause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(nn[0].BrowseToURL, qt.Not(qt.IsNil))
-		c.Assert(url1, qt.Equals, *nn[0].BrowseToURL)
-	}
-
-	// Sometimes users press the Login button again, in the middle of
-	// a login sequence. For example, they might have closed their
-	// browser window without logging in, or they waited too long and
-	// the login URL expired. If they start another interactive login,
-	// we must always get a *new* login URL first.
-	t.Logf("\n\nLogin2 (interactive)")
-	notifies.expect(0)
-	b.StartLoginInteractive()
-	{
-		notifies.drain(0)
-		// backend asks control for another login sequence
-		c.Assert([]string{"Login"}, qt.DeepEquals, cc.getCalls())
-	}
-
-	// Provide a new interactive login URL.
-	t.Logf("\n\nLogin2 (url response)")
-	notifies.expect(1)
-	url2 := "http://localhost:1/2"
-	cc.send(nil, url2, false, nil)
-	{
-		// BUG: UpdateEndpoints again, this is getting silly.
-		c.Assert([]string{"UpdateEndpoints", "unpause", "unpause"}, qt.DeepEquals, cc.getCalls())
-
-		// This time, backend should emit it to the UI right away,
-		// because the UI is anxiously awaiting a new URL to visit.
-		nn := notifies.drain(1)
-		c.Assert(nn[0].BrowseToURL, qt.Not(qt.IsNil))
-		c.Assert(url2, qt.Equals, *nn[0].BrowseToURL)
-	}
-
-	// Pretend that the interactive login actually happened.
-	// Controlclient always sends the netmap and LoginFinished at the
-	// same time.
-	// The backend should propagate this upward for the UI.
-	t.Logf("\n\nLoginFinished")
-	notifies.expect(3)
-	cc.setAuthBlocked(false)
-	cc.persist.LoginName = "user1"
-	cc.send(nil, "", true, &netmap.NetworkMap{})
-	{
-		nn := notifies.drain(3)
-		// BUG: still too soon for UpdateEndpoints.
-		//
-		// Arguably it makes sense to unpause now, since the machine
-		// authorization status is part of the netmap.
-		//
-		// BUG: backend unblocks wgengine at this point, even though
-		// our machine key is not authorized. It probably should
-		// wait until it gets into Starting.
-		// TODO: (Currently this test doesn't detect that bug, but
-		// it's visible in the logs)
-		c.Assert([]string{"unpause", "unpause", "UpdateEndpoints", "unpause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(nn[0].LoginFinished, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs, qt.Not(qt.IsNil))
-		c.Assert(nn[2].State, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs.Persist.LoginName, qt.Equals, "user1")
-		c.Assert(ipn.NeedsMachineAuth, qt.Equals, *nn[2].State)
-	}
-
-	// Pretend that the administrator has authorized our machine.
-	t.Logf("\n\nMachineAuthorized")
-	notifies.expect(1)
-	// BUG: the real controlclient sends LoginFinished with every
-	// notification while it's in StateAuthenticated, but not StateSynced.
-	// It should send it exactly once, or every time we're authenticated,
-	// but the current code is brittle.
-	// (ie. I suspect it would be better to change false->true in send()
-	// below, and do the same in the real controlclient.)
-	cc.send(nil, "", false, &netmap.NetworkMap{
-		MachineStatus: tailcfg.MachineAuthorized,
-	})
-	{
-		nn := notifies.drain(1)
-		c.Assert([]string{"unpause", "unpause", "UpdateEndpoints", "unpause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(ipn.Starting, qt.Equals, *nn[0].State)
-	}
-
-	// TODO: add a fake DERP server to our fake netmap, so we can
-	// transition to the Running state here.
-
-	// TODO: test what happens when the admin forcibly deletes our key.
-	// (ie. unsolicited logout)
-
-	// TODO: test what happens when our key expires, client side.
-	// (and when it gets close to expiring)
-
-	// The user changes their preference to !WantRunning.
-	t.Logf("\n\nWantRunning -> false")
-	notifies.expect(2)
-	b.EditPrefs(&ipn.MaskedPrefs{
-		WantRunningSet: true,
-		Prefs:          ipn.Prefs{WantRunning: false},
-	})
-	{
-		nn := notifies.drain(2)
-		c.Assert([]string{"pause"}, qt.DeepEquals, cc.getCalls())
-		// BUG: I would expect Prefs to change first, and state after.
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs, qt.Not(qt.IsNil))
-		c.Assert(ipn.Stopped, qt.Equals, *nn[0].State)
-	}
-
-	// The user changes their preference to WantRunning after all.
-	t.Logf("\n\nWantRunning -> true")
-	store.awaitWrite()
-	notifies.expect(2)
-	b.EditPrefs(&ipn.MaskedPrefs{
-		WantRunningSet: true,
-		Prefs:          ipn.Prefs{WantRunning: true},
-	})
-	{
-		nn := notifies.drain(2)
-		// BUG: UpdateEndpoints isn't needed here.
-		// BUG: Login isn't needed here. We never logged out.
-		c.Assert([]string{"Login", "unpause", "UpdateEndpoints", "unpause"}, qt.DeepEquals, cc.getCalls())
-		// BUG: I would expect Prefs to change first, and state after.
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs, qt.Not(qt.IsNil))
-		c.Assert(ipn.Starting, qt.Equals, *nn[0].State)
-		c.Assert(store.sawWrite(), qt.IsTrue)
-	}
-
-	// Test the fast-path frontend reconnection.
-	// This one is very finicky, so we have to force State==Running
-	// or it won't use the fast path.
-	// TODO: actually get to State==Running, rather than cheating.
-	//  That'll require spinning up a fake DERP server and putting it in
-	//  the netmap.
-	t.Logf("\n\nFastpath Start()")
-	notifies.expect(1)
-	b.state = ipn.Running
-	c.Assert(b.Start(ipn.Options{StateKey: ipn.GlobalDaemonStateKey}), qt.IsNil)
-	{
-		nn := notifies.drain(1)
-		c.Assert(cc.getCalls(), qt.HasLen, 0)
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(nn[0].LoginFinished, qt.Not(qt.IsNil))
-		c.Assert(nn[0].NetMap, qt.Not(qt.IsNil))
-		c.Assert(nn[0].Prefs, qt.Not(qt.IsNil))
-	}
-
-	// undo the state hack above.
-	b.state = ipn.Starting
-
-	// User wants to logout.
-	store.awaitWrite()
-	t.Logf("\n\nLogout (async)")
-	notifies.expect(2)
-	b.Logout()
-	{
-		nn := notifies.drain(2)
-		c.Assert([]string{"pause", "StartLogout", "pause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs, qt.Not(qt.IsNil))
-		c.Assert(ipn.Stopped, qt.Equals, *nn[0].State)
-		c.Assert(nn[1].Prefs.LoggedOut, qt.IsTrue)
-		c.Assert(nn[1].Prefs.WantRunning, qt.IsFalse)
-		c.Assert(ipn.Stopped, qt.Equals, b.State())
-		c.Assert(store.sawWrite(), qt.IsTrue)
-	}
-
-	// Let's make the logout succeed.
-	t.Logf("\n\nLogout (async) - succeed")
-	notifies.expect(1)
-	cc.setAuthBlocked(true)
-	cc.send(nil, "", false, nil)
-	{
-		nn := notifies.drain(1)
-		c.Assert([]string{"unpause", "unpause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(ipn.NeedsLogin, qt.Equals, *nn[0].State)
-		c.Assert(b.Prefs().LoggedOut, qt.IsTrue)
-		c.Assert(b.Prefs().WantRunning, qt.IsFalse)
-		c.Assert(ipn.NeedsLogin, qt.Equals, b.State())
-	}
-
-	// A second logout should do nothing, since the prefs haven't changed.
-	t.Logf("\n\nLogout2 (async)")
-	notifies.expect(0)
-	b.Logout()
-	{
-		notifies.drain(0)
-		// BUG: the backend has already called StartLogout, and we're
-		// still logged out. So it shouldn't call it again.
-		c.Assert([]string{"StartLogout", "unpause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(cc.getCalls(), qt.HasLen, 0)
-		c.Assert(b.Prefs().LoggedOut, qt.IsTrue)
-		c.Assert(b.Prefs().WantRunning, qt.IsFalse)
-		c.Assert(ipn.NeedsLogin, qt.Equals, b.State())
-	}
-
-	// Let's acknowledge the second logout too.
-	t.Logf("\n\nLogout2 (async) - succeed")
-	notifies.expect(0)
-	cc.setAuthBlocked(true)
-	cc.send(nil, "", false, nil)
-	{
-		notifies.drain(0)
-		c.Assert(cc.getCalls(), qt.DeepEquals, []string{"unpause", "unpause"})
-		c.Assert(b.Prefs().LoggedOut, qt.IsTrue)
-		c.Assert(b.Prefs().WantRunning, qt.IsFalse)
-		c.Assert(ipn.NeedsLogin, qt.Equals, b.State())
-	}
-
-	// Try the synchronous logout feature.
-	t.Logf("\n\nLogout3 (sync)")
-	notifies.expect(0)
-	b.LogoutSync(context.Background())
-	// NOTE: This returns as soon as cc.Logout() returns, which is okay
-	// I guess, since that's supposed to be synchronous.
-	{
-		notifies.drain(0)
-		c.Assert([]string{"Logout", "unpause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(cc.getCalls(), qt.HasLen, 0)
-		c.Assert(b.Prefs().LoggedOut, qt.IsTrue)
-		c.Assert(b.Prefs().WantRunning, qt.IsFalse)
-		c.Assert(ipn.NeedsLogin, qt.Equals, b.State())
-	}
-
-	// Generate the third logout event.
-	t.Logf("\n\nLogout3 (sync) - succeed")
-	notifies.expect(0)
-	cc.setAuthBlocked(true)
-	cc.send(nil, "", false, nil)
-	{
-		notifies.drain(0)
-		c.Assert(cc.getCalls(), qt.DeepEquals, []string{"unpause", "unpause"})
-		c.Assert(b.Prefs().LoggedOut, qt.IsTrue)
-		c.Assert(b.Prefs().WantRunning, qt.IsFalse)
-		c.Assert(ipn.NeedsLogin, qt.Equals, b.State())
-	}
-
-	// Shut down the backend.
-	t.Logf("\n\nShutdown")
-	notifies.expect(0)
-	b.Shutdown()
-	{
-		notifies.drain(0)
-		// BUG: I expect a transition to ipn.NoState here.
-		c.Assert(cc.getCalls(), qt.DeepEquals, []string{"Shutdown"})
-	}
-
-	// Oh, you thought we were done? Ha! Now we have to test what
-	// happens if the user exits and restarts while logged out.
-	// Note that it's explicitly okay to call b.Start() over and over
-	// again, every time the frontend reconnects.
-
-	// TODO: test user switching between statekeys.
-
-	// The frontend restarts!
-	t.Logf("\n\nStart3")
-	notifies.expect(2)
-	c.Assert(b.Start(ipn.Options{StateKey: ipn.GlobalDaemonStateKey}), qt.IsNil)
-	{
-		// BUG: We already called Shutdown(), no need to do it again.
-		// BUG: Way too soon for UpdateEndpoints.
-		// BUG: don't unpause because we're not logged in.
-		c.Assert([]string{"Shutdown", "unpause", "New", "UpdateEndpoints", "unpause"}, qt.DeepEquals, cc.getCalls())
-
-		nn := notifies.drain(2)
-		c.Assert(cc.getCalls(), qt.HasLen, 0)
-		c.Assert(nn[0].Prefs, qt.Not(qt.IsNil))
-		c.Assert(nn[1].State, qt.Not(qt.IsNil))
-		c.Assert(nn[0].Prefs.LoggedOut, qt.IsTrue)
-		c.Assert(nn[0].Prefs.WantRunning, qt.IsFalse)
-		c.Assert(ipn.NeedsLogin, qt.Equals, *nn[1].State)
-		c.Assert(ipn.NeedsLogin, qt.Equals, b.State())
-	}
-
-	// Let's break the rules a little. Our control server accepts
-	// your invalid login attempt, with no need for an interactive login.
-	// (This simulates an admin reviving a key that you previously
-	// disabled.)
-	t.Logf("\n\nLoginFinished3")
-	notifies.expect(3)
-	cc.setAuthBlocked(false)
-	cc.persist.LoginName = "user2"
-	cc.send(nil, "", true, &netmap.NetworkMap{
-		MachineStatus: tailcfg.MachineAuthorized,
-	})
-	{
-		nn := notifies.drain(3)
-		c.Assert([]string{"unpause", "unpause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(nn[0].LoginFinished, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs, qt.Not(qt.IsNil))
-		c.Assert(nn[2].State, qt.Not(qt.IsNil))
-		// Prefs after finishing the login, so LoginName updated.
-		c.Assert(nn[1].Prefs.Persist.LoginName, qt.Equals, "user2")
-		c.Assert(nn[1].Prefs.LoggedOut, qt.IsFalse)
-		c.Assert(nn[1].Prefs.WantRunning, qt.IsTrue)
-		c.Assert(ipn.Starting, qt.Equals, *nn[2].State)
-	}
-
-	// Now we've logged in successfully. Let's disconnect.
-	t.Logf("\n\nWantRunning -> false")
-	notifies.expect(2)
-	b.EditPrefs(&ipn.MaskedPrefs{
-		WantRunningSet: true,
-		Prefs:          ipn.Prefs{WantRunning: false},
-	})
-	{
-		nn := notifies.drain(2)
-		c.Assert([]string{"pause"}, qt.DeepEquals, cc.getCalls())
-		// BUG: I would expect Prefs to change first, and state after.
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs, qt.Not(qt.IsNil))
-		c.Assert(ipn.Stopped, qt.Equals, *nn[0].State)
-		c.Assert(nn[1].Prefs.LoggedOut, qt.IsFalse)
-	}
-
-	// One more restart, this time with a valid key, but WantRunning=false.
-	t.Logf("\n\nStart4")
-	notifies.expect(2)
-	c.Assert(b.Start(ipn.Options{StateKey: ipn.GlobalDaemonStateKey}), qt.IsNil)
-	{
-		// NOTE: cc.Shutdown() is correct here, since we didn't call
-		// b.Shutdown() explicitly ourselves.
-		// BUG: UpdateEndpoints should be called here since we're not WantRunning.
-		// Note: unpause happens because ipn needs to get at least one netmap
-		//  on startup, otherwise UIs can't show the node list, login
-		//  name, etc when in state ipn.Stopped.
-		//  Arguably they shouldn't try. But they currently do.
-		nn := notifies.drain(2)
-		c.Assert([]string{"Shutdown", "unpause", "New", "UpdateEndpoints", "Login", "unpause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(cc.getCalls(), qt.HasLen, 0)
-		c.Assert(nn[0].Prefs, qt.Not(qt.IsNil))
-		c.Assert(nn[1].State, qt.Not(qt.IsNil))
-		c.Assert(nn[0].Prefs.WantRunning, qt.IsFalse)
-		c.Assert(nn[0].Prefs.LoggedOut, qt.IsFalse)
-		c.Assert(ipn.Stopped, qt.Equals, *nn[1].State)
-	}
-
-	// When logged in but !WantRunning, ipn leaves us unpaused to retrieve
-	// the first netmap. Simulate that netmap being received, after which
-	// it should pause us, to avoid wasting CPU retrieving unnecessarily
-	// additional netmap updates.
-	//
-	// TODO: really the various GUIs and prefs should be refactored to
-	//  not require the netmap structure at all when starting while
-	//  !WantRunning. That would remove the need for this (or contacting
-	//  the control server at all when stopped).
-	t.Logf("\n\nStart4 -> netmap")
-	notifies.expect(0)
-	cc.send(nil, "", true, &netmap.NetworkMap{
-		MachineStatus: tailcfg.MachineAuthorized,
-	})
-	{
-		notifies.drain(0)
-		c.Assert([]string{"pause", "pause"}, qt.DeepEquals, cc.getCalls())
-	}
-
-	// Request connection.
-	// The state machine didn't call Login() earlier, so now it needs to.
-	t.Logf("\n\nWantRunning4 -> true")
-	notifies.expect(2)
-	b.EditPrefs(&ipn.MaskedPrefs{
-		WantRunningSet: true,
-		Prefs:          ipn.Prefs{WantRunning: true},
-	})
-	{
-		nn := notifies.drain(2)
-		c.Assert([]string{"Login", "unpause"}, qt.DeepEquals, cc.getCalls())
-		// BUG: I would expect Prefs to change first, and state after.
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs, qt.Not(qt.IsNil))
-		c.Assert(ipn.Starting, qt.Equals, *nn[0].State)
-	}
-
-	// Disconnect.
-	t.Logf("\n\nStop")
-	notifies.expect(2)
-	b.EditPrefs(&ipn.MaskedPrefs{
-		WantRunningSet: true,
-		Prefs:          ipn.Prefs{WantRunning: false},
-	})
-	{
-		nn := notifies.drain(2)
-		c.Assert([]string{"pause"}, qt.DeepEquals, cc.getCalls())
-		// BUG: I would expect Prefs to change first, and state after.
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs, qt.Not(qt.IsNil))
-		c.Assert(ipn.Stopped, qt.Equals, *nn[0].State)
-	}
-
-	// We want to try logging in as a different user, while Stopped.
-	// First, start the login process (without logging out first).
-	t.Logf("\n\nLoginDifferent")
-	notifies.expect(1)
-	b.StartLoginInteractive()
-	url3 := "http://localhost:1/3"
-	cc.send(nil, url3, false, nil)
-	{
-		nn := notifies.drain(1)
-		// It might seem like WantRunning should switch to true here,
-		// but that would be risky since we already have a valid
-		// user account. It might try to reconnect to the old account
-		// before the new one is ready. So no change yet.
-		//
-		// Because the login hasn't yet completed, the old login
-		// is still valid, so it's correct that we stay paused.
-		c.Assert([]string{"Login", "pause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(nn[0].BrowseToURL, qt.Not(qt.IsNil))
-		c.Assert(*nn[0].BrowseToURL, qt.Equals, url3)
-	}
-
-	// Now, let's complete the interactive login, using a different
-	// user account than before. WantRunning changes to true after an
-	// interactive login, so we end up unpaused.
-	t.Logf("\n\nLoginDifferent URL visited")
-	notifies.expect(3)
-	cc.persist.LoginName = "user3"
-	cc.send(nil, "", true, &netmap.NetworkMap{
-		MachineStatus: tailcfg.MachineAuthorized,
-	})
-	{
-		nn := notifies.drain(3)
-		// BUG: pause() being called here is a bad sign.
-		//  It means that either the state machine ran at least once
-		//  with the old netmap, or it ran with the new login+netmap
-		//  and !WantRunning. But since it's a fresh and successful
-		//  new login, WantRunning is true, so there was never a
-		//  reason to pause().
-		c.Assert([]string{"pause", "unpause"}, qt.DeepEquals, cc.getCalls())
-		c.Assert(nn[0].LoginFinished, qt.Not(qt.IsNil))
-		c.Assert(nn[1].Prefs, qt.Not(qt.IsNil))
-		c.Assert(nn[2].State, qt.Not(qt.IsNil))
-		// Prefs after finishing the login, so LoginName updated.
-		c.Assert(nn[1].Prefs.Persist.LoginName, qt.Equals, "user3")
-		c.Assert(nn[1].Prefs.LoggedOut, qt.IsFalse)
-		c.Assert(nn[1].Prefs.WantRunning, qt.IsTrue)
-		c.Assert(ipn.Starting, qt.Equals, *nn[2].State)
-	}
-
-	// The last test case is the most common one: restarting when both
-	// logged in and WantRunning.
-	t.Logf("\n\nStart5")
-	notifies.expect(1)
-	c.Assert(b.Start(ipn.Options{StateKey: ipn.GlobalDaemonStateKey}), qt.IsNil)
-	{
-		// NOTE: cc.Shutdown() is correct here, since we didn't call
-		// b.Shutdown() ourselves.
-		c.Assert([]string{"Shutdown", "unpause", "New", "UpdateEndpoints", "Login", "unpause"}, qt.DeepEquals, cc.getCalls())
-
-		nn := notifies.drain(1)
-		c.Assert(cc.getCalls(), qt.HasLen, 0)
-		c.Assert(nn[0].Prefs, qt.Not(qt.IsNil))
-		c.Assert(nn[0].Prefs.LoggedOut, qt.IsFalse)
-		c.Assert(nn[0].Prefs.WantRunning, qt.IsTrue)
-		c.Assert(ipn.NoState, qt.Equals, b.State())
-	}
-
-	// Control server accepts our valid key from before.
-	t.Logf("\n\nLoginFinished5")
-	notifies.expect(1)
-	cc.setAuthBlocked(false)
-	cc.send(nil, "", true, &netmap.NetworkMap{
-		MachineStatus: tailcfg.MachineAuthorized,
-	})
-	{
-		nn := notifies.drain(1)
-		c.Assert([]string{"unpause", "unpause"}, qt.DeepEquals, cc.getCalls())
-		// NOTE: No LoginFinished message since no interactive
-		// login was needed.
-		c.Assert(nn[0].State, qt.Not(qt.IsNil))
-		c.Assert(ipn.Starting, qt.Equals, *nn[0].State)
-		// NOTE: No prefs change this time. WantRunning stays true.
-		// We were in Starting in the first place, so that doesn't
-		// change either.
-		c.Assert(ipn.Starting, qt.Equals, b.State())
-	}
-}
-
-type testStateStorage struct {
-	mem     ipn.MemoryStore
-	written syncs.AtomicBool
-}
-
-func (s *testStateStorage) ReadState(id ipn.StateKey) ([]byte, error) {
-	return s.mem.ReadState(id)
-}
-
-func (s *testStateStorage) WriteState(id ipn.StateKey, bs []byte) error {
-	s.written.Set(true)
-	return s.mem.WriteState(id, bs)
-}
-
-// awaitWrite clears the "I've seen writes" bit, in prep for a future
-// call to sawWrite to see if a write arrived.
-func (s *testStateStorage) awaitWrite() { s.written.Set(false) }
-
-// sawWrite reports whether there's been a WriteState call since the most
-// recent awaitWrite call.
-func (s *testStateStorage) sawWrite() bool {
-	v := s.written.Get()
-	s.awaitWrite()
-	return v
-}

ipn/ipnserver/server.go

@@ -6,9 +6,7 @@ package ipnserver
 
 import (
 	"bufio"
-	"bytes"
 	"context"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
@@ -24,6 +22,7 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"sync/atomic"
 	"syscall"
 	"time"
 
@@ -40,11 +39,9 @@ import (
 	"tailscale.com/safesocket"
 	"tailscale.com/smallzstd"
 	"tailscale.com/types/logger"
-	"tailscale.com/util/groupmember"
 	"tailscale.com/util/pidowner"
 	"tailscale.com/util/systemd"
 	"tailscale.com/version"
-	"tailscale.com/version/distro"
 	"tailscale.com/wgengine"
 )
 
@@ -66,6 +63,16 @@ type Options struct {
 	// waits for a frontend to start it.
 	AutostartStateKey ipn.StateKey
 
+	// LegacyConfigPath optionally specifies the old-style relaynode
+	// relay.conf location. If both LegacyConfigPath and
+	// AutostartStateKey are specified and the requested state doesn't
+	// exist in the backend store, the backend migrates the config
+	// from LegacyConfigPath.
+	//
+	// TODO(danderson): remove some time after the transition to
+	// tailscaled is done.
+	LegacyConfigPath string
+
 	// SurviveDisconnects specifies how the server reacts to its
 	// frontend disconnecting. If true, the server keeps running on
 	// its existing state, and accepts new frontend connections. If
@@ -90,9 +97,8 @@ type Options struct {
 // server is an IPN backend and its set of 0 or more active connections
 // talking to an IPN backend.
 type server struct {
-	b            *ipnlocal.LocalBackend
-	logf         logger.Logf
-	backendLogID string
+	b    *ipnlocal.LocalBackend
+	logf logger.Logf
 	// resetOnZero is whether to call bs.Reset on transition from
 	// 1->0 connections.  That is, this is whether the backend is
 	// being run in "client mode" that requires an active GUI
@@ -148,7 +154,7 @@ func (s *server) getConnIdentity(c net.Conn) (ci connIdentity, err error) {
 	if err != nil {
 		return ci, fmt.Errorf("parsing local remote: %w", err)
 	}
-	if !la.IP().IsLoopback() || !ra.IP().IsLoopback() {
+	if !la.IP.IsLoopback() || !ra.IP.IsLoopback() {
 		return ci, errors.New("non-loopback connection")
 	}
 	tab, err := netstat.Get()
@@ -254,7 +260,8 @@ func (s *server) serveConn(ctx context.Context, c net.Conn, logf logger.Logf) {
 			return
 		}
 		defer c.Close()
-		bs := ipn.NewBackendServer(logf, nil, jsonNotifier(c, s.logf))
+		serverToClient := func(b []byte) { ipn.WriteMsg(c, b) }
+		bs := ipn.NewBackendServer(logf, nil, serverToClient)
 		_, occupied := err.(inUseOtherUserError)
 		if occupied {
 			bs.SendInUseOtherUserErrorMessage(err.Error())
@@ -289,7 +296,7 @@ func (s *server) serveConn(ctx context.Context, c net.Conn, logf logger.Logf) {
 	defer s.removeAndCloseConn(c)
 	logf("[v1] incoming control connection")
 
-	if isReadonlyConn(ci, s.b.OperatorUserID(), logf) {
+	if isReadonlyConn(ci, logf) {
 		ctx = ipn.ReadonlyContextOf(ctx)
 	}
 
@@ -315,7 +322,7 @@ func (s *server) serveConn(ctx context.Context, c net.Conn, logf logger.Logf) {
 	}
 }
 
-func isReadonlyConn(ci connIdentity, operatorUID string, logf logger.Logf) bool {
+func isReadonlyConn(ci connIdentity, logf logger.Logf) bool {
 	if runtime.GOOS == "windows" {
 		// Windows doesn't need/use this mechanism, at least yet. It
 		// has a different last-user-wins auth model.
@@ -344,36 +351,51 @@ func isReadonlyConn(ci connIdentity, operatorUID string, logf logger.Logf) bool
 		logf("connection from userid %v; connection from non-root user matching daemon has access", uid)
 		return rw
 	}
-	if operatorUID != "" && uid == operatorUID {
-		logf("connection from userid %v; is configured operator", uid)
-		return rw
-	}
-	if yes, err := isLocalAdmin(uid); err != nil {
-		logf("connection from userid %v; read-only; %v", uid, err)
+	var adminGroupID string
+	switch runtime.GOOS {
+	case "darwin":
+		adminGroupID = darwinAdminGroupID()
+	default:
+		logf("connection from userid %v; read-only", uid)
 		return ro
-	} else if yes {
-		logf("connection from userid %v; is local admin, has access", uid)
-		return rw
+	}
+	if adminGroupID == "" {
+		logf("connection from userid %v; no system admin group found, read-only", uid)
+		return ro
+	}
+	u, err := user.LookupId(uid)
+	if err != nil {
+		logf("connection from userid %v; failed to look up user; read-only", uid)
+		return ro
+	}
+	gids, err := u.GroupIds()
+	if err != nil {
+		logf("connection from userid %v; failed to look up groups; read-only", uid)
+		return ro
+	}
+	for _, gid := range gids {
+		if gid == adminGroupID {
+			logf("connection from userid %v; is local admin, has access", uid)
+			return rw
+		}
 	}
 	logf("connection from userid %v; read-only", uid)
 	return ro
 }
 
-func isLocalAdmin(uid string) (bool, error) {
-	u, err := user.LookupId(uid)
+var darwinAdminGroupIDCache atomic.Value // of string
+
+func darwinAdminGroupID() string {
+	s, _ := darwinAdminGroupIDCache.Load().(string)
+	if s != "" {
+		return s
+	}
+	g, err := user.LookupGroup("admin")
 	if err != nil {
-		return false, err
+		return ""
 	}
-	var adminGroup string
-	switch {
-	case runtime.GOOS == "darwin":
-		adminGroup = "admin"
-	case distro.Get() == distro.QNAP:
-		adminGroup = "administrators"
-	default:
-		return false, fmt.Errorf("no system admin group found")
-	}
-	return groupmember.IsMemberOfGroup(adminGroup, u.Username)
+	darwinAdminGroupIDCache.Store(g.Gid)
+	return g.Gid
 }
 
 // inUseOtherUserError is the error type for when the server is in use
@@ -397,10 +419,12 @@ func (s *server) checkConnIdentityLocked(ci connIdentity) error {
 			break
 		}
 		if ci.UserID != active.UserID {
+			//lint:ignore ST1005 we want to capitalize Tailscale here
 			return inUseOtherUserError{fmt.Errorf("Tailscale already in use by %s, pid %d", active.User.Username, active.Pid)}
 		}
 	}
 	if su := s.serverModeUser; su != nil && ci.UserID != su.Uid {
+		//lint:ignore ST1005 we want to capitalize Tailscale here
 		return inUseOtherUserError{fmt.Errorf("Tailscale already in use by %s", su.Username)}
 	}
 	return nil
@@ -420,7 +444,7 @@ func (s *server) localAPIPermissions(ci connIdentity) (read, write bool) {
 		return false, false
 	}
 	if ci.IsUnixSock {
-		return true, !isReadonlyConn(ci, s.b.OperatorUserID(), logger.Discard)
+		return true, !isReadonlyConn(ci, logger.Discard)
 	}
 	return false, false
 }
@@ -457,7 +481,9 @@ func (s *server) addConn(c net.Conn, isHTTP bool) (ci connIdentity, err error) {
 	defer func() {
 		if doReset {
 			s.logf("identity changed; resetting server")
-			s.b.ResetForClientDisconnect()
+			s.bsMu.Lock()
+			s.bs.Reset(context.TODO())
+			s.bsMu.Unlock()
 		}
 	}()
 
@@ -507,7 +533,9 @@ func (s *server) removeAndCloseConn(c net.Conn) {
 			s.logf("client disconnected; staying alive in server mode")
 		} else {
 			s.logf("client disconnected; stopping server")
-			s.b.ResetForClientDisconnect()
+			s.bsMu.Lock()
+			s.bs.Reset(context.TODO())
+			s.bsMu.Unlock()
 		}
 	}
 	c.Close()
@@ -548,9 +576,7 @@ func (s *server) setServerModeUserLocked() {
 	}
 }
 
-var jsonEscapedZero = []byte(`\u0000`)
-
-func (s *server) writeToClients(n ipn.Notify) {
+func (s *server) writeToClients(b []byte) {
 	inServerMode := s.b.InServerMode()
 
 	s.mu.Lock()
@@ -567,24 +593,14 @@ func (s *server) writeToClients(n ipn.Notify) {
 		}
 	}
 
-	if len(s.clients) == 0 {
-		// Common case (at least on busy servers): nobody
-		// connected (no GUI, etc), so return before
-		// serializing JSON.
-		return
-	}
-
-	if b, ok := marshalNotify(n, s.logf); ok {
-		for c := range s.clients {
-			ipn.WriteMsg(c, b)
-		}
+	for c := range s.clients {
+		ipn.WriteMsg(c, b)
 	}
 }
 
 // Run runs a Tailscale backend service.
 // The getEngine func is called repeatedly, once per connection, until it returns an engine successfully.
 func Run(ctx context.Context, logf logger.Logf, logid string, getEngine func() (wgengine.Engine, error), opts Options) error {
-	getEngine = getEngineUntilItWorksWrapper(getEngine)
 	runDone := make(chan struct{})
 	defer close(runDone)
 
@@ -594,9 +610,8 @@ func Run(ctx context.Context, logf logger.Logf, logid string, getEngine func() (
 	}
 
 	server := &server{
-		backendLogID: logid,
-		logf:         logf,
-		resetOnZero:  !opts.SurviveDisconnects,
+		logf:        logf,
+		resetOnZero: !opts.SurviveDisconnects,
 	}
 
 	// When the context is closed or when we return, whichever is first, close our listner
@@ -645,6 +660,46 @@ func Run(ctx context.Context, logf logger.Logf, logid string, getEngine func() (
 	eng, err := getEngine()
 	if err != nil {
 		logf("ipnserver: initial getEngine call: %v", err)
+
+		// Issue 1187: on Windows, in unattended mode,
+		// sometimes we try 5 times and fail to create the
+		// engine before the system's ready. Hack until the
+		// bug if fixed properly: if we're running in
+		// unattended mode on Windows, keep trying forever,
+		// waiting for the machine to be ready (networking to
+		// come up?) and then dial our own safesocket TCP
+		// listener to wake up the usual mechanism that lets
+		// us surface getEngine errors to UI clients. (We
+		// don't want to just call getEngine in a loop without
+		// the listener.Accept, as we do want to handle client
+		// connections so we can tell them about errors)
+
+		bootRaceWaitForEngine, bootRaceWaitForEngineCancel := context.WithTimeout(context.Background(), time.Minute)
+		if runtime.GOOS == "windows" && opts.AutostartStateKey != "" {
+			logf("ipnserver: in unattended mode, waiting for engine availability")
+			getEngine = getEngineUntilItWorksWrapper(getEngine)
+			// Wait for it to be ready.
+			go func() {
+				defer bootRaceWaitForEngineCancel()
+				t0 := time.Now()
+				for {
+					time.Sleep(10 * time.Second)
+					if _, err := getEngine(); err != nil {
+						logf("ipnserver: unattended mode engine load: %v", err)
+						continue
+					}
+					c, err := net.Dial("tcp", listen.Addr().String())
+					logf("ipnserver: engine created after %v; waking up Accept: Dial error: %v", time.Since(t0).Round(time.Second), err)
+					if err == nil {
+						c.Close()
+					}
+					break
+				}
+			}()
+		} else {
+			bootRaceWaitForEngineCancel()
+		}
+
 		for i := 1; ctx.Err() == nil; i++ {
 			c, err := listen.Accept()
 			if err != nil {
@@ -652,6 +707,7 @@ func Run(ctx context.Context, logf logger.Logf, logid string, getEngine func() (
 				bo.BackOff(ctx, err)
 				continue
 			}
+			<-bootRaceWaitForEngine.Done()
 			logf("ipnserver: try%d: trying getEngine again...", i)
 			eng, err = getEngine()
 			if err == nil {
@@ -663,7 +719,8 @@ func Run(ctx context.Context, logf logger.Logf, logid string, getEngine func() (
 			errMsg := err.Error()
 			go func() {
 				defer c.Close()
-				bs := ipn.NewBackendServer(logf, nil, jsonNotifier(c, logf))
+				serverToClient := func(b []byte) { ipn.WriteMsg(c, b) }
+				bs := ipn.NewBackendServer(logf, nil, serverToClient)
 				bs.SendErrorMessage(errMsg)
 				time.Sleep(time.Second)
 			}()
@@ -695,7 +752,10 @@ func Run(ctx context.Context, logf logger.Logf, logid string, getEngine func() (
 		server.bs.GotCommand(context.TODO(), &ipn.Command{
 			Version: version.Long,
 			Start: &ipn.StartArgs{
-				Opts: ipn.Options{StateKey: opts.AutostartStateKey},
+				Opts: ipn.Options{
+					StateKey:         opts.AutostartStateKey,
+					LegacyConfigPath: opts.LegacyConfigPath,
+				},
 			},
 		})
 	}
@@ -922,7 +982,7 @@ func (psc *protoSwitchConn) Close() error {
 }
 
 func (s *server) localhostHandler(ci connIdentity) http.Handler {
-	lah := localapi.NewHandler(s.b, s.logf, s.backendLogID)
+	lah := localapi.NewHandler(s.b)
 	lah.PermitRead, lah.PermitWrite = s.localAPIPermissions(ci)
 
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -953,25 +1013,3 @@ func peerPid(entries []netstat.Entry, la, ra netaddr.IPPort) int {
 	}
 	return 0
 }
-
-// jsonNotifier returns a notify-writer func that writes ipn.Notify
-// messages to w.
-func jsonNotifier(w io.Writer, logf logger.Logf) func(ipn.Notify) {
-	return func(n ipn.Notify) {
-		if b, ok := marshalNotify(n, logf); ok {
-			ipn.WriteMsg(w, b)
-		}
-	}
-}
-
-func marshalNotify(n ipn.Notify, logf logger.Logf) (b []byte, ok bool) {
-	b, err := json.Marshal(n)
-	if err != nil {
-		logf("ipnserver: [unexpected] error serializing JSON: %v", err)
-		return nil, false
-	}
-	if bytes.Contains(b, jsonEscapedZero) {
-		logf("[unexpected] zero byte in BackendServer.send notify message: %q", b)
-	}
-	return b, true
-}

ipn/ipnstate/ipnstate.go

@@ -20,7 +20,6 @@ import (
 
 	"inet.af/netaddr"
 	"tailscale.com/tailcfg"
-	"tailscale.com/tstime/mono"
 	"tailscale.com/types/key"
 	"tailscale.com/util/dnsname"
 )
@@ -46,13 +45,6 @@ type Status struct {
 	// has MagicDNS enabled.
 	MagicDNSSuffix string
 
-	// CertDomains are the set of DNS names for which the control
-	// plane server will assist with provisioning TLS
-	// certificates. See SetDNSRequest for dns-01 ACME challenges
-	// for e.g. LetsEncrypt. These names are FQDNs without
-	// trailing periods, and without any "_acme-challenge." prefix.
-	CertDomains []string
-
 	Peer map[key.Public]*PeerStatus
 	User map[tailcfg.UserID]tailcfg.UserProfile
 }
@@ -73,15 +65,13 @@ type PeerStatusLite struct {
 }
 
 type PeerStatus struct {
-	ID        tailcfg.StableNodeID
 	PublicKey key.Public
 	HostName  string // HostInfo's Hostname (not a DNS name or necessarily unique)
 	DNSName   string
 	OS        string // HostInfo.OS
 	UserID    tailcfg.UserID
 
-	TailAddrDeprecated string       `json:"TailAddr"` // Tailscale IP
-	TailscaleIPs       []netaddr.IP // Tailscale IP(s) assigned to this node
+	TailAddr string // Tailscale IP
 
 	// Endpoints:
 	Addrs   []string
@@ -91,14 +81,13 @@ type PeerStatus struct {
 	RxBytes       int64
 	TxBytes       int64
 	Created       time.Time // time registered with tailcontrol
-	LastWrite     mono.Time // time last packet sent
+	LastWrite     time.Time // time last packet sent
 	LastSeen      time.Time // last seen to tailcontrol
 	LastHandshake time.Time // with local wireguard
 	KeepAlive     bool
 	ExitNode      bool // true if this is the currently selected exit node.
 
-	PeerAPIURL   []string
-	Capabilities []string `json:",omitempty"`
+	PeerAPIURL []string
 
 	// ShareeNode indicates this node exists in the netmap because
 	// it's owned by a shared-to user and that node might connect
@@ -212,9 +201,6 @@ func (sb *StatusBuilder) AddPeer(peer key.Public, st *PeerStatus) {
 		return
 	}
 
-	if v := st.ID; v != "" {
-		e.ID = v
-	}
 	if v := st.HostName; v != "" {
 		e.HostName = v
 	}
@@ -227,11 +213,8 @@ func (sb *StatusBuilder) AddPeer(peer key.Public, st *PeerStatus) {
 	if v := st.UserID; v != 0 {
 		e.UserID = v
 	}
-	if v := st.TailAddrDeprecated; v != "" {
-		e.TailAddrDeprecated = v
-	}
-	if v := st.TailscaleIPs; v != nil {
-		e.TailscaleIPs = v
+	if v := st.TailAddr; v != "" {
+		e.TailAddr = v
 	}
 	if v := st.OS; v != "" {
 		e.OS = st.OS
@@ -321,7 +304,7 @@ table tbody tr:nth-child(even) td { background-color: #f5f5f5; }
 	f("<tr><th>Peer</th><th>OS</th><th>Node</th><th>Owner</th><th>Rx</th><th>Tx</th><th>Activity</th><th>Connection</th></tr>\n")
 	f("</thead>\n<tbody>\n")
 
-	now := mono.Now()
+	now := time.Now()
 
 	var peers []*PeerStatus
 	for _, peer := range st.Peers() {
@@ -360,17 +343,13 @@ table tbody tr:nth-child(even) td { background-color: #f5f5f5; }
 			hostNameHTML = "<br>" + html.EscapeString(hostName)
 		}
 
-		var tailAddr string
-		if len(ps.TailscaleIPs) > 0 {
-			tailAddr = ps.TailscaleIPs[0].String()
-		}
 		f("<tr><td>%s</td><td class=acenter>%s</td>"+
 			"<td><b>%s</b>%s<div class=\"tailaddr\">%s</div></td><td class=\"acenter owner\">%s</td><td class=\"aright\">%v</td><td class=\"aright\">%v</td><td class=\"aright\">%v</td>",
 			ps.PublicKey.ShortString(),
 			osEmoji(ps.OS),
 			html.EscapeString(dnsName),
 			hostNameHTML,
-			tailAddr,
+			ps.TailAddr,
 			html.EscapeString(owner),
 			ps.RxBytes,
 			ps.TxBytes,
@@ -379,7 +358,7 @@ table tbody tr:nth-child(even) td { background-color: #f5f5f5; }
 		f("<td>")
 
 		// TODO: let server report this active bool instead
-		active := !ps.LastWrite.IsZero() && mono.Since(ps.LastWrite) < 2*time.Minute
+		active := !ps.LastWrite.IsZero() && time.Since(ps.LastWrite) < 2*time.Minute
 		if active {
 			if ps.Relay != "" && ps.CurAddr == "" {
 				f("relay <b>%s</b>", html.EscapeString(ps.Relay))
@@ -439,11 +418,6 @@ type PingResult struct {
 	// It is not currently set for TSMP pings.
 	DERPRegionCode string
 
-	// PeerAPIPort is set by TSMP ping responses for peers that
-	// are running a peerapi server. This is the port they're
-	// running the server on.
-	PeerAPIPort uint16 `json:",omitempty"`
-
 	// TODO(bradfitz): details like whether port mapping was used on either side? (Once supported)
 }
 
@@ -458,9 +432,5 @@ func sortKey(ps *PeerStatus) string {
 	if ps.HostName != "" {
 		return ps.HostName
 	}
-	// TODO(bradfitz): add PeerStatus.Less and avoid these allocs in a Less func.
-	if len(ps.TailscaleIPs) > 0 {
-		return ps.TailscaleIPs[0].String()
-	}
-	return string(ps.PublicKey[:])
+	return ps.TailAddr
 }

ipn/localapi/localapi.go

@@ -6,40 +6,20 @@
 package localapi
 
 import (
-	"crypto/rand"
-	"encoding/hex"
 	"encoding/json"
-	"errors"
-	"fmt"
 	"io"
-	"net"
 	"net/http"
-	"net/http/httputil"
-	"net/url"
-	"reflect"
 	"runtime"
 	"strconv"
-	"strings"
-	"sync"
-	"time"
 
 	"inet.af/netaddr"
-	"tailscale.com/client/tailscale/apitype"
-	"tailscale.com/ipn"
 	"tailscale.com/ipn/ipnlocal"
 	"tailscale.com/ipn/ipnstate"
 	"tailscale.com/tailcfg"
-	"tailscale.com/types/logger"
 )
 
-func randHex(n int) string {
-	b := make([]byte, n)
-	rand.Read(b)
-	return hex.EncodeToString(b)
-}
-
-func NewHandler(b *ipnlocal.LocalBackend, logf logger.Logf, logID string) *Handler {
-	return &Handler{b: b, logf: logf, backendLogID: logID}
+func NewHandler(b *ipnlocal.LocalBackend) *Handler {
+	return &Handler{b: b}
 }
 
 type Handler struct {
@@ -54,9 +34,7 @@ type Handler struct {
 	// PermitWrite is whether mutating HTTP handlers are allowed.
 	PermitWrite bool
 
-	b            *ipnlocal.LocalBackend
-	logf         logger.Logf
-	backendLogID string
+	b *ipnlocal.LocalBackend
 }
 
 func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
@@ -75,14 +53,6 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 	}
-	if strings.HasPrefix(r.URL.Path, "/localapi/v0/files/") {
-		h.serveFiles(w, r)
-		return
-	}
-	if strings.HasPrefix(r.URL.Path, "/localapi/v0/file-put/") {
-		h.serveFilePut(w, r)
-		return
-	}
 	switch r.URL.Path {
 	case "/localapi/v0/whois":
 		h.serveWhoIs(w, r)
@@ -90,42 +60,11 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		h.serveGoroutines(w, r)
 	case "/localapi/v0/status":
 		h.serveStatus(w, r)
-	case "/localapi/v0/logout":
-		h.serveLogout(w, r)
-	case "/localapi/v0/prefs":
-		h.servePrefs(w, r)
-	case "/localapi/v0/check-ip-forwarding":
-		h.serveCheckIPForwarding(w, r)
-	case "/localapi/v0/bugreport":
-		h.serveBugReport(w, r)
-	case "/localapi/v0/file-targets":
-		h.serveFileTargets(w, r)
-	case "/localapi/v0/set-dns":
-		h.serveSetDNS(w, r)
-	case "/localapi/v0/derpmap":
-		h.serveDERPMap(w, r)
-	case "/":
-		io.WriteString(w, "tailscaled\n")
 	default:
-		http.Error(w, "404 not found", 404)
+		io.WriteString(w, "tailscaled\n")
 	}
 }
 
-func (h *Handler) serveBugReport(w http.ResponseWriter, r *http.Request) {
-	if !h.PermitRead {
-		http.Error(w, "bugreport access denied", http.StatusForbidden)
-		return
-	}
-
-	logMarker := fmt.Sprintf("BUG-%v-%v-%v", h.backendLogID, time.Now().UTC().Format("20060102150405Z"), randHex(8))
-	h.logf("user bugreport: %s", logMarker)
-	if note := r.FormValue("note"); len(note) > 0 {
-		h.logf("user bugreport note: %s", note)
-	}
-	w.Header().Set("Content-Type", "text/plain")
-	fmt.Fprintln(w, logMarker)
-}
-
 func (h *Handler) serveWhoIs(w http.ResponseWriter, r *http.Request) {
 	if !h.PermitRead {
 		http.Error(w, "whois access denied", http.StatusForbidden)
@@ -149,7 +88,7 @@ func (h *Handler) serveWhoIs(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, "no match for IP:port", 404)
 		return
 	}
-	res := &apitype.WhoIsResponse{
+	res := &tailcfg.WhoIsResponse{
 		Node:        n,
 		UserProfile: &u,
 	}
@@ -175,23 +114,6 @@ func (h *Handler) serveGoroutines(w http.ResponseWriter, r *http.Request) {
 	w.Write(buf)
 }
 
-func (h *Handler) serveCheckIPForwarding(w http.ResponseWriter, r *http.Request) {
-	if !h.PermitRead {
-		http.Error(w, "IP forwarding check access denied", http.StatusForbidden)
-		return
-	}
-	var warning string
-	if err := h.b.CheckIPForwarding(); err != nil {
-		warning = err.Error()
-	}
-	w.Header().Set("Content-Type", "application/json")
-	json.NewEncoder(w).Encode(struct {
-		Warning string
-	}{
-		Warning: warning,
-	})
-}
-
 func (h *Handler) serveStatus(w http.ResponseWriter, r *http.Request) {
 	if !h.PermitRead {
 		http.Error(w, "status access denied", http.StatusForbidden)
@@ -209,233 +131,6 @@ func (h *Handler) serveStatus(w http.ResponseWriter, r *http.Request) {
 	e.Encode(st)
 }
 
-func (h *Handler) serveLogout(w http.ResponseWriter, r *http.Request) {
-	if !h.PermitWrite {
-		http.Error(w, "logout access denied", http.StatusForbidden)
-		return
-	}
-	if r.Method != "POST" {
-		http.Error(w, "want POST", 400)
-		return
-	}
-	err := h.b.LogoutSync(r.Context())
-	if err == nil {
-		w.WriteHeader(http.StatusNoContent)
-		return
-	}
-	http.Error(w, err.Error(), 500)
-}
-
-func (h *Handler) servePrefs(w http.ResponseWriter, r *http.Request) {
-	if !h.PermitRead {
-		http.Error(w, "prefs access denied", http.StatusForbidden)
-		return
-	}
-	var prefs *ipn.Prefs
-	switch r.Method {
-	case "PATCH":
-		if !h.PermitWrite {
-			http.Error(w, "prefs write access denied", http.StatusForbidden)
-			return
-		}
-		mp := new(ipn.MaskedPrefs)
-		if err := json.NewDecoder(r.Body).Decode(mp); err != nil {
-			http.Error(w, err.Error(), 400)
-			return
-		}
-		var err error
-		prefs, err = h.b.EditPrefs(mp)
-		if err != nil {
-			http.Error(w, err.Error(), 400)
-			return
-		}
-	case "GET", "HEAD":
-		prefs = h.b.Prefs()
-	default:
-		http.Error(w, "unsupported method", http.StatusMethodNotAllowed)
-		return
-	}
-	w.Header().Set("Content-Type", "application/json")
-	e := json.NewEncoder(w)
-	e.SetIndent("", "\t")
-	e.Encode(prefs)
-}
-
-func (h *Handler) serveFiles(w http.ResponseWriter, r *http.Request) {
-	if !h.PermitWrite {
-		http.Error(w, "file access denied", http.StatusForbidden)
-		return
-	}
-	suffix := strings.TrimPrefix(r.URL.EscapedPath(), "/localapi/v0/files/")
-	if suffix == "" {
-		if r.Method != "GET" {
-			http.Error(w, "want GET to list files", 400)
-			return
-		}
-		wfs, err := h.b.WaitingFiles()
-		if err != nil {
-			http.Error(w, err.Error(), 500)
-			return
-		}
-		w.Header().Set("Content-Type", "application/json")
-		json.NewEncoder(w).Encode(wfs)
-		return
-	}
-	name, err := url.PathUnescape(suffix)
-	if err != nil {
-		http.Error(w, "bad filename", 400)
-		return
-	}
-	if r.Method == "DELETE" {
-		if err := h.b.DeleteFile(name); err != nil {
-			http.Error(w, err.Error(), 500)
-			return
-		}
-		w.WriteHeader(http.StatusNoContent)
-		return
-	}
-	rc, size, err := h.b.OpenFile(name)
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-	defer rc.Close()
-	w.Header().Set("Content-Length", fmt.Sprint(size))
-	io.Copy(w, rc)
-}
-
-func writeErrorJSON(w http.ResponseWriter, err error) {
-	if err == nil {
-		err = errors.New("unexpected nil error")
-	}
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(500)
-	type E struct {
-		Error string `json:"error"`
-	}
-	json.NewEncoder(w).Encode(E{err.Error()})
-}
-
-func (h *Handler) serveFileTargets(w http.ResponseWriter, r *http.Request) {
-	if !h.PermitRead {
-		http.Error(w, "access denied", http.StatusForbidden)
-		return
-	}
-	if r.Method != "GET" {
-		http.Error(w, "want GET to list targets", 400)
-		return
-	}
-	fts, err := h.b.FileTargets()
-	if err != nil {
-		writeErrorJSON(w, err)
-		return
-	}
-	makeNonNil(&fts)
-	w.Header().Set("Content-Type", "application/json")
-	json.NewEncoder(w).Encode(fts)
-}
-
-func (h *Handler) serveFilePut(w http.ResponseWriter, r *http.Request) {
-	if !h.PermitWrite {
-		http.Error(w, "file access denied", http.StatusForbidden)
-		return
-	}
-	if r.Method != "PUT" {
-		http.Error(w, "want PUT to put file", 400)
-		return
-	}
-	fts, err := h.b.FileTargets()
-	if err != nil {
-		http.Error(w, err.Error(), 500)
-		return
-	}
-
-	upath := strings.TrimPrefix(r.URL.EscapedPath(), "/localapi/v0/file-put/")
-	slash := strings.Index(upath, "/")
-	if slash == -1 {
-		http.Error(w, "bogus URL", 400)
-		return
-	}
-	stableID, filenameEscaped := tailcfg.StableNodeID(upath[:slash]), upath[slash+1:]
-
-	var ft *apitype.FileTarget
-	for _, x := range fts {
-		if x.Node.StableID == stableID {
-			ft = x
-			break
-		}
-	}
-	if ft == nil {
-		http.Error(w, "node not found", 404)
-		return
-	}
-	dstURL, err := url.Parse(ft.PeerAPIURL)
-	if err != nil {
-		http.Error(w, "bogus peer URL", 500)
-		return
-	}
-	outReq, err := http.NewRequestWithContext(r.Context(), "PUT", "http://peer/v0/put/"+filenameEscaped, r.Body)
-	if err != nil {
-		http.Error(w, "bogus outreq", 500)
-		return
-	}
-	outReq.ContentLength = r.ContentLength
-
-	rp := httputil.NewSingleHostReverseProxy(dstURL)
-	rp.Transport = getDialPeerTransport(h.b)
-	rp.ServeHTTP(w, outReq)
-}
-
-func (h *Handler) serveSetDNS(w http.ResponseWriter, r *http.Request) {
-	if !h.PermitWrite {
-		http.Error(w, "access denied", http.StatusForbidden)
-		return
-	}
-	if r.Method != "POST" {
-		http.Error(w, "want POST", 400)
-		return
-	}
-	ctx := r.Context()
-	err := h.b.SetDNS(ctx, r.FormValue("name"), r.FormValue("value"))
-	if err != nil {
-		writeErrorJSON(w, err)
-		return
-	}
-	w.Header().Set("Content-Type", "application/json")
-	json.NewEncoder(w).Encode(struct{}{})
-}
-
-func (h *Handler) serveDERPMap(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "GET" {
-		http.Error(w, "want GET", 400)
-		return
-	}
-	w.Header().Set("Content-Type", "application/json")
-	e := json.NewEncoder(w)
-	e.SetIndent("", "\t")
-	e.Encode(h.b.DERPMap())
-}
-
-var dialPeerTransportOnce struct {
-	sync.Once
-	v *http.Transport
-}
-
-func getDialPeerTransport(b *ipnlocal.LocalBackend) *http.Transport {
-	dialPeerTransportOnce.Do(func() {
-		t := http.DefaultTransport.(*http.Transport).Clone()
-		t.Dial = nil
-		dialer := net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-			Control:   b.PeerDialControlFunc(),
-		}
-		t.DialContext = dialer.DialContext
-		dialPeerTransportOnce.v = t
-	})
-	return dialPeerTransportOnce.v
-}
-
 func defBool(a string, def bool) bool {
 	if a == "" {
 		return def
@@ -446,30 +141,3 @@ func defBool(a string, def bool) bool {
 	}
 	return v
 }
-
-// makeNonNil takes a pointer to a Go data structure
-// (currently only a slice or a map) and makes sure it's non-nil for
-// JSON serialization. (In particular, JavaScript clients usually want
-// the field to be defined after they decode the JSON.)
-func makeNonNil(ptr interface{}) {
-	if ptr == nil {
-		panic("nil interface")
-	}
-	rv := reflect.ValueOf(ptr)
-	if rv.Kind() != reflect.Ptr {
-		panic(fmt.Sprintf("kind %v, not Ptr", rv.Kind()))
-	}
-	if rv.Pointer() == 0 {
-		panic("nil pointer")
-	}
-	rv = rv.Elem()
-	if rv.Pointer() != 0 {
-		return
-	}
-	switch rv.Type().Kind() {
-	case reflect.Slice:
-		rv.Set(reflect.MakeSlice(rv.Type(), 0, 0))
-	case reflect.Map:
-		rv.Set(reflect.MakeMap(rv.Type()))
-	}
-}