mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-05-05 04:06:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

wgengine/netstack, net/ping: stop using pro-bing and use our net/ping instead

Browse Source 
Fixes #19633
Fixes #13760

Change-Id: I0fa9423523a3a0fb1dfcde57de0f26e51723ff97
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2026-05-04 19:46:00 +00:00 committed by Brad Fitzpatrick
parent 81569e891f
commit 883d4fd2cd
12 changed files with 108 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cmd/k8s-operator/depaware.txt
View File

@ -130,7 +130,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
github.com/google/gnostic-models/jsonschema from github.com/google/gnostic-models/compiler
github.com/google/gnostic-models/openapiv2 from k8s.io/client-go/discovery+
github.com/google/gnostic-models/openapiv3 from k8s.io/kube-openapi/pkg/handler3+
github.com/google/uuid from github.com/prometheus-community/pro-bing+
github.com/google/uuid from k8s.io/apimachinery/pkg/util/uuid+
github.com/hdevalence/ed25519consensus from tailscale.com/tka
github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+
github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper
@ -164,7 +164,6 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal+
github.com/pkg/errors from github.com/evanphx/json-patch/v5+
github.com/pmezard/go-difflib/difflib from k8s.io/apimachinery/pkg/util/diff
D github.com/prometheus-community/pro-bing from tailscale.com/wgengine/netstack
github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil from github.com/prometheus/client_golang/prometheus/promhttp
github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil/header from github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil
💣 github.com/prometheus/client_golang/prometheus from github.com/prometheus/client_golang/prometheus/collectors+
@ -1023,15 +1022,15 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy
golang.org/x/net/http2 from k8s.io/apimachinery/pkg/util/net+
golang.org/x/net/http2/hpack from golang.org/x/net/http2+
golang.org/x/net/icmp from github.com/prometheus-community/pro-bing+
golang.org/x/net/icmp from tailscale.com/net/ping
golang.org/x/net/idna from golang.org/x/net/http/httpguts+
golang.org/x/net/internal/httpcommon from golang.org/x/net/http2
golang.org/x/net/internal/httpsfv from golang.org/x/net/http2
golang.org/x/net/internal/iana from golang.org/x/net/icmp+
golang.org/x/net/internal/socket from golang.org/x/net/ipv4+
golang.org/x/net/internal/socks from golang.org/x/net/proxy
golang.org/x/net/ipv4 from github.com/prometheus-community/pro-bing+
golang.org/x/net/ipv6 from github.com/prometheus-community/pro-bing+
golang.org/x/net/ipv4 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/ipv6 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/proxy from tailscale.com/net/netns
D golang.org/x/net/route from tailscale.com/net/netmon+
golang.org/x/net/websocket from tailscale.com/k8s-operator/sessionrecording/ws
@ -1138,7 +1137,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
crypto/sha3 from crypto/internal/fips140hash+
crypto/sha512 from crypto/ecdsa+
crypto/subtle from crypto/cipher+
crypto/tls from github.com/prometheus-community/pro-bing+
crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509
@ -1247,7 +1246,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
mime/quotedprintable from mime/multipart
net from crypto/tls+
net/http from expvar+
net/http/httptrace from github.com/prometheus-community/pro-bing+
net/http/httptrace from github.com/aws/smithy-go/transport/http+
net/http/httputil from tailscale.com/client/web+
net/http/internal from net/http+
net/http/internal/ascii from net/http+

13
cmd/tailscaled/depaware.txt
View File

@ -130,7 +130,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
L github.com/google/nftables/expr from github.com/google/nftables+
L github.com/google/nftables/internal/parseexprfunc from github.com/google/nftables+
L github.com/google/nftables/xt from github.com/google/nftables/expr+
DW github.com/google/uuid from tailscale.com/clientupdate+
W github.com/google/uuid from tailscale.com/clientupdate
github.com/hdevalence/ed25519consensus from tailscale.com/clientupdate/distsign+
github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+
github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper
@ -173,7 +173,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal
LD github.com/pkg/sftp from tailscale.com/ssh/tailssh
LD github.com/pkg/sftp/internal/encoding/ssh/filexfer from github.com/pkg/sftp
D github.com/prometheus-community/pro-bing from tailscale.com/wgengine/netstack
L 💣 github.com/safchain/ethtool from tailscale.com/net/netkernelconf+
DW 💣 github.com/tailscale/certstore from tailscale.com/control/controlclient
LD github.com/tailscale/gliderssh from tailscale.com/ssh/tailssh
@ -527,13 +526,13 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
golang.org/x/net/dns/dnsmessage from tailscale.com/appc+
golang.org/x/net/http/httpguts from tailscale.com/ipn/ipnlocal
golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy
golang.org/x/net/icmp from tailscale.com/net/ping+
golang.org/x/net/icmp from tailscale.com/net/ping
golang.org/x/net/idna from golang.org/x/net/http/httpguts+
golang.org/x/net/internal/iana from golang.org/x/net/icmp+
golang.org/x/net/internal/socket from golang.org/x/net/ipv4+
golang.org/x/net/internal/socks from golang.org/x/net/proxy
golang.org/x/net/ipv4 from github.com/prometheus-community/pro-bing+
golang.org/x/net/ipv6 from github.com/prometheus-community/pro-bing+
golang.org/x/net/ipv4 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/ipv6 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/proxy from tailscale.com/net/netns
D golang.org/x/net/route from tailscale.com/net/netmon+
golang.org/x/sync/errgroup from github.com/mdlayher/socket+
@ -644,7 +643,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+
DW database/sql/driver from github.com/google/uuid
W database/sql/driver from github.com/google/uuid
W debug/dwarf from debug/pe
W debug/pe from github.com/dblohm7/wingoes/pe
embed from github.com/tailscale/web-client-prebuilt+
@ -734,7 +733,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
mime/quotedprintable from mime/multipart
net from crypto/tls+
net/http from expvar+
net/http/httptrace from github.com/prometheus-community/pro-bing+
net/http/httptrace from github.com/aws/smithy-go/transport/http+
net/http/httputil from github.com/aws/smithy-go/transport/http+
net/http/internal from net/http+
net/http/internal/ascii from net/http+

15
cmd/tsidp/depaware.txt
View File

@ -105,7 +105,6 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
L 💣 github.com/godbus/dbus/v5 from tailscale.com/net/dns
github.com/golang/groupcache/lru from tailscale.com/net/dnscache
github.com/google/btree from gvisor.dev/gvisor/pkg/tcpip/transport/tcp
D github.com/google/uuid from github.com/prometheus-community/pro-bing
github.com/hdevalence/ed25519consensus from tailscale.com/tka
github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+
github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper
@ -128,7 +127,6 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
L 💣 github.com/mdlayher/socket from github.com/mdlayher/netlink+
💣 github.com/mitchellh/go-ps from tailscale.com/safesocket
github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal
D github.com/prometheus-community/pro-bing from tailscale.com/wgengine/netstack
L 💣 github.com/safchain/ethtool from tailscale.com/net/netkernelconf
DW 💣 github.com/tailscale/certstore from tailscale.com/control/controlclient
W 💣 github.com/tailscale/go-winio from tailscale.com/safesocket
@ -421,13 +419,13 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
golang.org/x/net/dns/dnsmessage from tailscale.com/appc+
golang.org/x/net/http/httpguts from tailscale.com/ipn/ipnlocal
golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy
golang.org/x/net/icmp from github.com/prometheus-community/pro-bing+
golang.org/x/net/icmp from tailscale.com/net/ping
golang.org/x/net/idna from golang.org/x/net/http/httpguts+
golang.org/x/net/internal/iana from golang.org/x/net/icmp+
golang.org/x/net/internal/socket from golang.org/x/net/ipv4+
golang.org/x/net/internal/socks from golang.org/x/net/proxy
golang.org/x/net/ipv4 from github.com/prometheus-community/pro-bing+
golang.org/x/net/ipv6 from github.com/prometheus-community/pro-bing+
golang.org/x/net/ipv4 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/ipv6 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/proxy from tailscale.com/net/netns
D golang.org/x/net/route from tailscale.com/net/netmon+
golang.org/x/oauth2 from golang.org/x/oauth2/clientcredentials+
@ -533,12 +531,11 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
crypto/sha3 from crypto/internal/fips140hash+
crypto/sha512 from crypto/ecdsa+
crypto/subtle from crypto/cipher+
crypto/tls from github.com/prometheus-community/pro-bing+
crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+
D database/sql/driver from github.com/google/uuid
W debug/dwarf from debug/pe
W debug/pe from github.com/dblohm7/wingoes/pe
embed from github.com/tailscale/web-client-prebuilt+
@ -627,7 +624,7 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
mime/quotedprintable from mime/multipart
net from crypto/tls+
net/http from expvar+
net/http/httptrace from github.com/prometheus-community/pro-bing+
net/http/httptrace from github.com/aws/smithy-go/transport/http+
net/http/httputil from tailscale.com/client/web+
net/http/internal from net/http+
net/http/internal/ascii from net/http+
@ -642,7 +639,7 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
os/user from github.com/godbus/dbus/v5+
path from debug/dwarf+
path/filepath from crypto/x509+
reflect from database/sql/driver+
reflect from encoding/asn1+
regexp from github.com/huin/goupnp/httpu+
regexp/syntax from regexp
runtime from crypto/internal/fips140+

2
flake.nix
View File

@ -164,4 +164,4 @@
});
};
}
# nix-direnv cache busting line: sha256-5zxCDQ12bu8dvJ51RCQk/m07oM2qNNrTB5cbb1Za/sc=
# nix-direnv cache busting line: sha256-mbxLXR2TBgiwyVGfLmMR5xWk+0f66mPDas95Wla70Lk=

4
flakehashes.json
View File

@ -4,7 +4,7 @@
"sri": "sha256-pCvFNTFuvhSBb5O+PPuilaowP4tXcCOP1NgYUDJTcJU="
},
"vendor": {
"goModSum": "sha256-xjPeSzdlDw247JtuZ9gI/OXh0IYvQV3qN1WNRbSlir8=",
"sri": "sha256-5zxCDQ12bu8dvJ51RCQk/m07oM2qNNrTB5cbb1Za/sc="
"goModSum": "sha256-P3V7maoKyvDCGEj/snR+jbAb2kY0jiUtXBtL762K3dU=",
"sri": "sha256-mbxLXR2TBgiwyVGfLmMR5xWk+0f66mPDas95Wla70Lk="
}
}

1
go.mod
View File

@ -82,7 +82,6 @@ require (
github.com/pires/go-proxyproto v0.8.1
github.com/pkg/errors v0.9.1
github.com/pkg/sftp v1.13.6
github.com/prometheus-community/pro-bing v0.4.0
github.com/prometheus/client_golang v1.23.0
github.com/prometheus/common v0.65.0
github.com/prometheus/prometheus v0.49.2-0.20240125131847-c3b8ef1694ff

2
go.sum
View File

@ -966,8 +966,6 @@ github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
github.com/prometheus-community/pro-bing v0.4.0 h1:YMbv+i08gQz97OZZBwLyvmmQEEzyfyrrjEaAchdy3R4=
github.com/prometheus-community/pro-bing v0.4.0/go.mod h1:b7wRYZtCcPmt4Sz319BykUU241rWLe1VFXyiyWK/dH4=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=

75
net/ping/ping.go
View File

@ -29,8 +29,10 @@ import (
)
const (
v4Type = "ip4:icmp"
v6Type = "ip6:icmp"
v4Type = "ip4:icmp"
v6Type = "ip6:icmp"
v4UDPType = "udp4" // unprivileged datagram-oriented ICMPv4
v6UDPType = "udp6" // unprivileged datagram-oriented ICMPv6
)
type response struct {
@ -54,12 +56,30 @@ type ListenPacketer interface {
// A new instance should be created for each concurrent set of ping requests;
// this type should not be reused.
type Pinger struct {
// options that must be set before the first call to Send
// Unprivileged, when set, makes the Pinger use non-privileged
// datagram-oriented ICMP sockets ("udp4"/"udp6") opened via
// golang.org/x/net/icmp.ListenPacket instead of raw ICMP sockets
// ("ip4:icmp"/"ip6:icmp") opened via the configured ListenPacketer.
//
// Unprivileged mode is supported on macOS, iOS, and Linux (subject to
// the /proc/sys/net/ipv4/ping_group_range sysctl). When set, the
// ListenPacketer passed to New is ignored and the kernel rewrites the
// outgoing ICMP echo ID to match the socket; replies are matched by
// sequence number and echo data only.
//
// Must be set before the first call to Send.
Unprivileged bool
Verbose bool // verbose logging
Logf logger.Logf // optional logging function; if nil, logs to the standard logger
lp ListenPacketer
// closed guards against send incrementing the waitgroup concurrently with close.
closed atomic.Bool
Logf logger.Logf
Verbose bool
closed atomic.Bool
timeNow func() time.Time
id uint16 // uint16 per RFC 792
wg sync.WaitGroup
@ -95,7 +115,17 @@ func (p *Pinger) mkconn(ctx context.Context, typ, addr string) (net.PacketConn,
return nil, net.ErrClosed
}
c, err := p.lp.ListenPacket(ctx, typ, addr)
var c net.PacketConn
var err error
if p.Unprivileged {
// icmp.ListenPacket on "udp4"/"udp6" opens a datagram-oriented
// ICMP socket that does not require elevated privileges. The
// returned *icmp.PacketConn implements net.PacketConn and, on
// Darwin/iOS, strips the IPv4 header on read via IP_STRIPHDR.
c, err = icmp.ListenPacket(typ, addr)
} else {
c, err = p.lp.ListenPacket(ctx, typ, addr)
}
if err != nil {
return nil, err
}
@ -125,7 +155,7 @@ func (p *Pinger) getConn(ctx context.Context, typ string) (net.PacketConn, error
}
var addr = "0.0.0.0"
if typ == v6Type {
if typ == v6Type || typ == v6UDPType {
addr = "::"
}
c, err := p.mkconn(ctx, typ, addr)
@ -216,9 +246,9 @@ func (p *Pinger) handleResponse(buf []byte, now time.Time, typ string) {
// and IPv6.
var icmpType icmp.Type
switch typ {
case v4Type:
case v4Type, v4UDPType:
icmpType = ipv4.ICMPTypeEchoReply
case v6Type:
case v6Type, v6UDPType:
icmpType = ipv6.ICMPTypeEchoReply
default:
p.vlogf("handleResponse: unknown icmp.Type")
@ -243,7 +273,10 @@ func (p *Pinger) handleResponse(buf []byte, now time.Time, typ string) {
}
// We assume we sent this if the ID in the response is ours.
if uint16(resp.ID) != p.id {
// In unprivileged ICMP DGRAM mode the kernel rewrites the ID to match
// the socket, so the value we set on the way out is not what comes
// back; rely on sequence and data matching instead.
if !p.Unprivileged && uint16(resp.ID) != p.id {
p.vlogf("handleResponse: wanted ID=%d; got %d", p.id, resp.ID)
return
}
@ -294,14 +327,30 @@ func (p *Pinger) Send(ctx context.Context, dest net.Addr, data []byte) (time.Dur
}
if ap.Is6() {
icmpType = ipv6.ICMPTypeEchoRequest
conn, err = p.getConn(ctx, v6Type)
typ := v6Type
if p.Unprivileged {
typ = v6UDPType
}
conn, err = p.getConn(ctx, typ)
} else {
conn, err = p.getConn(ctx, v4Type)
typ := v4Type
if p.Unprivileged {
typ = v4UDPType
}
conn, err = p.getConn(ctx, typ)
}
if err != nil {
return 0, err
}
// In unprivileged ICMP DGRAM mode (icmp.ListenPacket on "udp4"/"udp6"),
// the kernel requires a *net.UDPAddr destination for WriteTo even though
// the wire packet is ICMP.
writeDst := dest
if p.Unprivileged {
writeDst = &net.UDPAddr{IP: ap.AsSlice(), Zone: ap.Zone()}
}
m := icmp.Message{
Type: icmpType,
Code: 0,
@ -324,7 +373,7 @@ func (p *Pinger) Send(ctx context.Context, dest net.Addr, data []byte) (time.Dur
p.mu.Unlock()
start := p.timeNow()
n, err := conn.WriteTo(b, dest)
n, err := conn.WriteTo(b, writeDst)
if err != nil {
return 0, err
} else if n != len(b) {

2
shell.nix
View File

@ -16,4 +16,4 @@
) {
src = ./.;
}).shellNix
# nix-direnv cache busting line: sha256-5zxCDQ12bu8dvJ51RCQk/m07oM2qNNrTB5cbb1Za/sc=
# nix-direnv cache busting line: sha256-mbxLXR2TBgiwyVGfLmMR5xWk+0f66mPDas95Wla70Lk=

15
tsnet/depaware.txt
View File

@ -105,7 +105,6 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
L 💣 github.com/godbus/dbus/v5 from tailscale.com/net/dns
github.com/golang/groupcache/lru from tailscale.com/net/dnscache
github.com/google/btree from gvisor.dev/gvisor/pkg/tcpip/transport/tcp
DI github.com/google/uuid from github.com/prometheus-community/pro-bing
github.com/hdevalence/ed25519consensus from tailscale.com/tka
github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+
github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper
@ -128,7 +127,6 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
LA 💣 github.com/mdlayher/socket from github.com/mdlayher/netlink+
LDW 💣 github.com/mitchellh/go-ps from tailscale.com/safesocket
github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal
DI github.com/prometheus-community/pro-bing from tailscale.com/wgengine/netstack
L 💣 github.com/safchain/ethtool from tailscale.com/net/netkernelconf
DW 💣 github.com/tailscale/certstore from tailscale.com/control/controlclient
W 💣 github.com/tailscale/go-winio from tailscale.com/safesocket
@ -414,13 +412,13 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
golang.org/x/net/dns/dnsmessage from tailscale.com/appc+
golang.org/x/net/http/httpguts from tailscale.com/ipn/ipnlocal
golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy
golang.org/x/net/icmp from github.com/prometheus-community/pro-bing+
golang.org/x/net/icmp from tailscale.com/net/ping
golang.org/x/net/idna from golang.org/x/net/http/httpguts+
golang.org/x/net/internal/iana from golang.org/x/net/icmp+
golang.org/x/net/internal/socket from golang.org/x/net/ipv4+
LDW golang.org/x/net/internal/socks from golang.org/x/net/proxy
golang.org/x/net/ipv4 from github.com/prometheus-community/pro-bing+
golang.org/x/net/ipv6 from github.com/prometheus-community/pro-bing+
golang.org/x/net/ipv4 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/ipv6 from github.com/tailscale/wireguard-go/conn+
LDW golang.org/x/net/proxy from tailscale.com/net/netns
DI golang.org/x/net/route from tailscale.com/net/netmon+
golang.org/x/oauth2 from golang.org/x/oauth2/clientcredentials+
@ -526,12 +524,11 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
crypto/sha3 from crypto/internal/fips140hash+
crypto/sha512 from crypto/ecdsa+
crypto/subtle from crypto/cipher+
crypto/tls from github.com/prometheus-community/pro-bing+
crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+
DI crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+
DI database/sql/driver from github.com/google/uuid
W debug/dwarf from debug/pe
W debug/pe from github.com/dblohm7/wingoes/pe
embed from github.com/tailscale/web-client-prebuilt+
@ -620,7 +617,7 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
mime/quotedprintable from mime/multipart
net from crypto/tls+
net/http from expvar+
net/http/httptrace from github.com/prometheus-community/pro-bing+
net/http/httptrace from github.com/aws/smithy-go/transport/http+
net/http/httputil from tailscale.com/client/web+
net/http/internal from net/http+
net/http/internal/ascii from net/http+
@ -634,7 +631,7 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
os/user from github.com/godbus/dbus/v5+
path from debug/dwarf+
path/filepath from crypto/x509+
reflect from database/sql/driver+
reflect from encoding/asn1+
regexp from github.com/huin/goupnp/httpu+
regexp/syntax from regexp
runtime from crypto/internal/fips140+

7
tstest/iosdeps/iosdeps_test.go
View File

@ -20,14 +20,11 @@ func TestDeps(t *testing.T) {
"tailscale.com/net/wsconn": "https://github.com/tailscale/tailscale/issues/13762",
"github.com/coder/websocket": "https://github.com/tailscale/tailscale/issues/13762",
"github.com/mitchellh/go-ps": "https://github.com/tailscale/tailscale/pull/13759",
"database/sql/driver": "iOS doesn't use an SQL database",
"github.com/google/uuid": "see tailscale/tailscale#13760",
"tailscale.com/clientupdate/distsign": "downloads via AppStore, not distsign",
"github.com/tailscale/hujson": "no config file support on iOS",
"tailscale.com/feature/capture": "no debug packet capture on iOS",
// TODO(bradfitz): fix this again. See https://github.com/tailscale/tailscale/issues/13760 and
// https://github.com/tailscale/tailscale/issues/19633
// "database/sql/driver": "iOS doesn't use an SQL database",
// "github.com/google/uuid": "see tailscale/tailscale#13760",
},
}.Check(t)
}

35
wgengine/netstack/netstack_userping_apple.go
View File

@ -6,33 +6,30 @@
package netstack
import (
"context"
"net"
"net/netip"
"time"
probing "github.com/prometheus-community/pro-bing"
"tailscale.com/net/ping"
)
// sendOutboundUserPing sends a non-privileged ICMP (or ICMPv6) ping to dstIP with the given timeout.
func (ns *Impl) sendOutboundUserPing(dstIP netip.Addr, timeout time.Duration) error {
p, err := probing.NewPinger(dstIP.String())
ctx, cancel := context.WithTimeout(context.Background(), timeout)
defer cancel()
p := ping.New(ctx, ns.logf, nil)
p.Unprivileged = true
defer p.Close()
dst := &net.IPAddr{IP: dstIP.AsSlice(), Zone: dstIP.Zone()}
ns.logf("sendOutboundUserPing: forwarding ping to %s", dstIP)
d, err := p.Send(ctx, dst, []byte("tailscale-userping"))
if err != nil {
ns.logf("sendICMPPingToIP failed to create pinger: %v", err)
ns.logf("sendOutboundUserPing: ping to %s failed: %v", dstIP, err)
return err
}
p.Timeout = timeout
p.Count = 1
p.SetPrivileged(false)
p.OnSend = func(pkt *probing.Packet) {
ns.logf("sendICMPPingToIP: forwarding ping to %s:", p.Addr())
}
p.OnRecv = func(pkt *probing.Packet) {
ns.logf("sendICMPPingToIP: %d bytes pong from %s: icmp_seq=%d time=%v", pkt.Nbytes, pkt.IPAddr, pkt.Seq, pkt.Rtt)
}
p.OnFinish = func(stats *probing.Statistics) {
ns.logf("sendICMPPingToIP: done, %d replies received", stats.PacketsRecv)
}
return p.Run()
ns.logf("sendOutboundUserPing: pong from %s in %v", dstIP, d)
return nil
}