diff --git a/cmd/tailscaled/depaware-minlinux.txt b/cmd/tailscaled/depaware-minlinux.txt index 5e0c2e14d..5d8f2ea92 100644 --- a/cmd/tailscaled/depaware-minlinux.txt +++ b/cmd/tailscaled/depaware-minlinux.txt @@ -50,13 +50,12 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de github.com/tailscale/wireguard-go/tai64n from github.com/tailscale/wireguard-go/device 💣 github.com/tailscale/wireguard-go/tun from github.com/tailscale/wireguard-go/device+ L github.com/vishvananda/netns from github.com/tailscale/netlink+ - 💣 go4.org/mem from tailscale.com/client/tailscale+ + 💣 go4.org/mem from tailscale.com/control/controlbase+ go4.org/netipx from tailscale.com/ipn/ipnlocal+ tailscale.com from tailscale.com/version tailscale.com/appc from tailscale.com/ipn/ipnlocal tailscale.com/atomicfile from tailscale.com/ipn+ - tailscale.com/client/tailscale from tailscale.com/derp - tailscale.com/client/tailscale/apitype from tailscale.com/client/tailscale+ + tailscale.com/client/tailscale/apitype from tailscale.com/ipn/ipnlocal+ tailscale.com/clientupdate from tailscale.com/ipn/ipnlocal+ L tailscale.com/clientupdate/distsign from tailscale.com/clientupdate tailscale.com/cmd/tailscaled/childproc from tailscale.com/cmd/tailscaled @@ -72,19 +71,19 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/doctor/ethtool from tailscale.com/ipn/ipnlocal 💣 tailscale.com/doctor/permissions from tailscale.com/ipn/ipnlocal tailscale.com/doctor/routetable from tailscale.com/ipn/ipnlocal - tailscale.com/drive from tailscale.com/client/tailscale+ - tailscale.com/envknob from tailscale.com/client/tailscale+ + tailscale.com/drive from tailscale.com/ipn+ + tailscale.com/envknob from tailscale.com/cmd/tailscaled+ tailscale.com/envknob/featureknob from tailscale.com/ipn/ipnlocal tailscale.com/health from tailscale.com/cmd/tailscaled+ tailscale.com/health/healthmsg from tailscale.com/ipn/ipnlocal tailscale.com/hostinfo from tailscale.com/cmd/tailscaled+ tailscale.com/internal/noiseconn from tailscale.com/control/controlclient - tailscale.com/ipn from tailscale.com/client/tailscale+ + tailscale.com/ipn from tailscale.com/cmd/tailscaled+ tailscale.com/ipn/conffile from tailscale.com/cmd/tailscaled+ tailscale.com/ipn/ipnauth from tailscale.com/ipn/ipnlocal+ tailscale.com/ipn/ipnlocal from tailscale.com/cmd/tailscaled+ tailscale.com/ipn/ipnserver from tailscale.com/cmd/tailscaled - tailscale.com/ipn/ipnstate from tailscale.com/client/tailscale+ + tailscale.com/ipn/ipnstate from tailscale.com/control/controlclient+ tailscale.com/ipn/localapi from tailscale.com/ipn/ipnserver tailscale.com/ipn/policy from tailscale.com/ipn/ipnlocal tailscale.com/ipn/store from tailscale.com/cmd/tailscaled+ @@ -113,7 +112,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/net/netknob from tailscale.com/logpolicy+ 💣 tailscale.com/net/netmon from tailscale.com/cmd/tailscaled+ tailscale.com/net/netns from tailscale.com/cmd/tailscaled+ - tailscale.com/net/netutil from tailscale.com/client/tailscale+ + tailscale.com/net/netutil from tailscale.com/control/controlclient+ tailscale.com/net/packet from tailscale.com/net/connstats+ tailscale.com/net/packet/checksum from tailscale.com/net/tstun tailscale.com/net/ping from tailscale.com/net/netcheck+ @@ -130,13 +129,13 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/net/tshttpproxy from tailscale.com/clientupdate/distsign+ tailscale.com/net/tstun from tailscale.com/cmd/tailscaled+ tailscale.com/omit from tailscale.com/ipn/conffile - tailscale.com/paths from tailscale.com/client/tailscale+ + tailscale.com/paths from tailscale.com/cmd/tailscaled+ 💣 tailscale.com/portlist from tailscale.com/ipn/ipnlocal tailscale.com/posture from tailscale.com/ipn/ipnlocal tailscale.com/proxymap from tailscale.com/tsd - tailscale.com/safesocket from tailscale.com/client/tailscale+ + tailscale.com/safesocket from tailscale.com/cmd/tailscaled+ tailscale.com/syncs from tailscale.com/cmd/tailscaled+ - tailscale.com/tailcfg from tailscale.com/client/tailscale+ + tailscale.com/tailcfg from tailscale.com/client/tailscale/apitype+ tailscale.com/taildrop from tailscale.com/ipn/ipnlocal+ tailscale.com/tempfork/heap from tailscale.com/wgengine/magicsock tailscale.com/tsd from tailscale.com/cmd/tailscaled+ @@ -145,18 +144,18 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/tstime/rate from tailscale.com/derp+ tailscale.com/tsweb/varz from tailscale.com/cmd/tailscaled+ tailscale.com/types/appctype from tailscale.com/ipn/ipnlocal - tailscale.com/types/dnstype from tailscale.com/client/tailscale+ + tailscale.com/types/dnstype from tailscale.com/client/tailscale/apitype+ tailscale.com/types/empty from tailscale.com/ipn+ tailscale.com/types/flagtype from tailscale.com/cmd/tailscaled tailscale.com/types/ipproto from tailscale.com/ipn+ - tailscale.com/types/key from tailscale.com/client/tailscale+ + tailscale.com/types/key from tailscale.com/cmd/tailscaled+ tailscale.com/types/lazy from tailscale.com/util/cloudenv+ tailscale.com/types/logger from tailscale.com/appc+ tailscale.com/types/logid from tailscale.com/cmd/tailscaled+ tailscale.com/types/netlogtype from tailscale.com/net/connstats+ tailscale.com/types/netmap from tailscale.com/control/controlclient+ tailscale.com/types/nettype from tailscale.com/ipn/localapi+ - tailscale.com/types/opt from tailscale.com/client/tailscale+ + tailscale.com/types/opt from tailscale.com/control/controlknobs+ tailscale.com/types/persist from tailscale.com/control/controlclient+ tailscale.com/types/preftype from tailscale.com/ipn+ tailscale.com/types/ptr from tailscale.com/control/controlclient+ @@ -177,7 +176,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/util/groupmember from tailscale.com/ipn/ipnauth 💣 tailscale.com/util/hashx from tailscale.com/util/deephash tailscale.com/util/httphdr from tailscale.com/ipn/localapi - tailscale.com/util/httpm from tailscale.com/client/tailscale+ + tailscale.com/util/httpm from tailscale.com/clientupdate/distsign+ tailscale.com/util/lineiter from tailscale.com/hostinfo+ L tailscale.com/util/linuxfw from tailscale.com/net/netns+ tailscale.com/util/mak from tailscale.com/appc+ @@ -200,7 +199,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de tailscale.com/util/syspolicy/internal/loggerx from tailscale.com/util/syspolicy+ tailscale.com/util/syspolicy/internal/metrics from tailscale.com/util/syspolicy/source tailscale.com/util/syspolicy/rsop from tailscale.com/ipn/ipnlocal+ - tailscale.com/util/syspolicy/setting from tailscale.com/client/tailscale+ + tailscale.com/util/syspolicy/setting from tailscale.com/ipn/localapi+ tailscale.com/util/syspolicy/source from tailscale.com/util/syspolicy+ tailscale.com/util/sysresources from tailscale.com/wgengine/magicsock tailscale.com/util/systemd from tailscale.com/control/controlclient+ diff --git a/derp/derp_server.go b/derp/derp_server.go index 8066b7f19..c9d0e4e09 100644 --- a/derp/derp_server.go +++ b/derp/derp_server.go @@ -37,7 +37,6 @@ import ( "go4.org/mem" "golang.org/x/sync/errgroup" - "tailscale.com/client/tailscale" "tailscale.com/disco" "tailscale.com/envknob" "tailscale.com/metrics" @@ -1265,8 +1264,6 @@ func (c *sclient) requestMeshUpdate() { } } -var localClient tailscale.LocalClient - // isMeshPeer reports whether the client is a trusted mesh peer // node in the DERP region. func (s *Server) isMeshPeer(info *clientInfo) bool { @@ -1285,17 +1282,7 @@ func (s *Server) verifyClient(ctx context.Context, clientKey key.NodePublic, inf // tailscaled-based verification: if s.verifyClientsLocalTailscaled { - _, err := localClient.WhoIsNodeKey(ctx, clientKey) - if err == tailscale.ErrPeerNotFound { - return fmt.Errorf("peer %v not authorized (not found in local tailscaled)", clientKey) - } - if err != nil { - if strings.Contains(err.Error(), "invalid 'addr' parameter") { - // Issue 12617 - return errors.New("tailscaled version is too old (out of sync with derper binary)") - } - return fmt.Errorf("failed to query local tailscaled status for %v: %w", clientKey, err) - } + return errors.New("lanscaping") } // admission controller-based verification: @@ -2162,9 +2149,7 @@ func (s *Server) ConsistencyCheck() error { } if s.verifyClientsLocalTailscaled { - if err := s.checkVerifyClientsLocalTailscaled(); err != nil { - errs = append(errs, err.Error()) - } + errs = append(errs, "lanscaping") } if len(errs) == 0 { @@ -2173,24 +2158,6 @@ func (s *Server) ConsistencyCheck() error { return errors.New(strings.Join(errs, ", ")) } -// checkVerifyClientsLocalTailscaled checks that a verifyClients call can be made successfully for the derper hosts own node key. -func (s *Server) checkVerifyClientsLocalTailscaled() error { - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) - defer cancel() - status, err := localClient.StatusWithoutPeers(ctx) - if err != nil { - return fmt.Errorf("localClient.Status: %w", err) - } - info := &clientInfo{ - IsProber: true, - } - clientIP := netip.IPv6Loopback() - if err := s.verifyClient(ctx, status.Self.PublicKey, info, clientIP); err != nil { - return fmt.Errorf("verifyClient for self nodekey: %w", err) - } - return nil -} - const minTimeBetweenLogs = 2 * time.Second // BytesSentRecv records the number of bytes that have been sent since the last traffic check