Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							69de3bf7bf 
							
						 
					 
					
						
						
							
							wgengine/filter: let unknown IPProto match if IP okay & match allows all ports  
						
						... 
						
						
						
						RELNOTE=yes
Change-Id: I96eaf3cf550cee7bb6cdb4ad81fc761e280a1b2a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2021-12-05 10:44:18 -08:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							ff9727c9ff 
							
						 
					 
					
						
						
							
							wgengine/filter: fix, test NewAllowAllForTest  
						
						... 
						
						
						
						I probably broke it when SCTP support was added but nothing apparently
ever used NewAllowAllForTest so it wasn't noticed when it broke.
Change-Id: Ib5a405be233d53cb7fcc61d493ae7aa2d1d590a2
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2021-11-29 09:56:59 -08:00 
						 
				 
			
				
					
						
							
							
								Josh Bleecher Snyder 
							
						 
					 
					
						
						
						
						
							
						
						
							94fb42d4b2 
							
						 
					 
					
						
						
							
							all: use testingutil.MinAllocsPerRun  
						
						... 
						
						
						
						There are a few remaining uses of testing.AllocsPerRun:
Two in which we only log the number of allocations,
and one in which dynamically calculate the allocations
target based on a different AllocsPerRun run.
This also allows us to tighten the "no allocs"
test in wgengine/filter.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> 
						
						
					 
					
						2021-10-28 12:48:37 -07:00 
						 
				 
			
				
					
						
							
							
								Joe Tsai 
							
						 
					 
					
						
						
						
						
							
						
						
							9af27ba829 
							
						 
					 
					
						
						
							
							cmd/cloner: mangle "go:generate" in cloner.go  
						
						... 
						
						
						
						The "go generate" command blindly looks for "//go:generate" anywhere
in the file regardless of whether it is truly a comment.
Prevent this false positive in cloner.go by mangling the string
to look less like "//go:generate".
Signed-off-by: Joe Tsai <joetsai@digital-static.net> 
						
						
					 
					
						2021-10-16 17:53:43 -07:00 
						 
				 
			
				
					
						
							
							
								Josh Bleecher Snyder 
							
						 
					 
					
						
						
						
						
							
						
						
							d5ab18b2e6 
							
						 
					 
					
						
						
							
							cmd/cloner: add Clone context to regen struct assignments  
						
						... 
						
						
						
						Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> 
						
						
					 
					
						2021-09-17 16:46:08 -07:00 
						 
				 
			
				
					
						
							
							
								Josh Bleecher Snyder 
							
						 
					 
					
						
						
						
						
							
						
						
							4bbf5a8636 
							
						 
					 
					
						
						
							
							cmd/cloner: reduce diff noise when changing command  
						
						... 
						
						
						
						Spelling out the command to run for every type
means that changing the command makes for a large, repetitive diff.
Stop doing that.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> 
						
						
					 
					
						2021-09-15 10:58:12 -07:00 
						 
				 
			
				
					
						
							
							
								Josh Bleecher Snyder 
							
						 
					 
					
						
						
						
						
							
						
						
							9da4181606 
							
						 
					 
					
						
						
							
							tstime/rate: new package  
						
						... 
						
						
						
						This is a simplified rate limiter geared for exactly our needs:
A fast, mono.Time-based rate limiter for use in tstun.
It was generated by stripping down the x/time/rate rate limiter
to just our needs and switching it to use mono.Time.
It removes one time.Now call per packet.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> 
						
						
					 
					
						2021-07-29 12:56:58 -07:00 
						 
				 
			
				
					
						
							
							
								Christine Dodrill 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							59e9b44f53 
							
						 
					 
					
						
						
							
							wgengine/filter: add a debug flag for filter logs ( #2241 )  
						
						... 
						
						
						
						This uses a debug envvar to optionally disable filter logging rate
limits by setting the environment variable
TS_DEBUG_FILTER_RATE_LIMIT_LOGS to "all", and if it matches,
the code will effectively disable the limits on the log rate by
setting the limit to 1 millisecond. This should make sure that all
filter logs will be captured.
Signed-off-by: Christine Dodrill <xe@tailscale.com> 
						
						
					 
					
						2021-06-25 10:10:26 -04:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							a321c24667 
							
						 
					 
					
						
						
							
							go.mod: update netaddr  
						
						... 
						
						
						
						Involves minor IPSetBuilder.Set API change.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2021-06-02 09:05:06 -07:00 
						 
				 
			
				
					
						
							
							
								Josh Bleecher Snyder 
							
						 
					 
					
						
						
						
						
							
						
						
							25df067dd0 
							
						 
					 
					
						
						
							
							all: adapt to opaque netaddr types  
						
						... 
						
						
						
						This commit is a mishmash of automated edits using gofmt:
gofmt -r 'netaddr.IPPort{IP: a, Port: b} -> netaddr.IPPortFrom(a, b)' -w .
gofmt -r 'netaddr.IPPrefix{IP: a, Port: b} -> netaddr.IPPrefixFrom(a, b)' -w .
gofmt -r 'a.IP.Is4 -> a.IP().Is4' -w .
gofmt -r 'a.IP.As16 -> a.IP().As16' -w .
gofmt -r 'a.IP.Is6 -> a.IP().Is6' -w .
gofmt -r 'a.IP.As4 -> a.IP().As4' -w .
gofmt -r 'a.IP.String -> a.IP().String' -w .
And regexps:
\w*(.*)\.Port = (.*)  ->  $1 = $1.WithPort($2)
\w*(.*)\.IP = (.*)  ->  $1 = $1.WithIP($2)
And lots of manual fixups.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com> 
						
						
					 
					
						2021-05-16 14:52:00 -07:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							2384c112c9 
							
						 
					 
					
						
						
							
							net/packet, wgengine/{filter,tstun}: add TSMP ping  
						
						... 
						
						
						
						Fixes  #1467 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
					
						2021-03-24 09:50:01 -07:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							1eb95c7e32 
							
						 
					 
					
						
						
							
							net/packet, wgengine{,/filter}: remove net/packet IPProto forwarding consts  
						
						... 
						
						
						
						Only use the ones in types/ipproto now.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2021-03-20 21:45:47 -07:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							01b90df2fa 
							
						 
					 
					
						
						
							
							net/packet, wgengine/filter: support SCTP  
						
						... 
						
						
						
						Add proto to flowtrack.Tuple.
Add types/ipproto leaf package to break a cycle.
Server-side ACL work remains.
Updates #1516 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2021-03-20 21:34:13 -07:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							90a6fb7ffe 
							
						 
					 
					
						
						
							
							tailcfg: add FilterRule.IPProto  
						
						... 
						
						
						
						Updates #1516 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2021-03-19 18:08:23 -07:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							d79a2f3809 
							
						 
					 
					
						
						
							
							wgengine/filter: only log packets to/from non-default routes.  
						
						... 
						
						
						
						Fixes  tailscale/corp#1429 .
Signed-off-by: David Anderson <danderson@tailscale.com> 
					
						2021-03-09 16:24:09 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							b83c273737 
							
						 
					 
					
						
						
							
							wgengine/filter: use IPSet for localNets instead of prefixes.  
						
						... 
						
						
						
						Part of #1177 , preparing for doing fancier set operations on
the allowed local nets.
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2021-02-22 14:51:22 -08:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							d98ef5699d 
							
						 
					 
					
						
						
							
							wgengine/filter: remove redundant code  
						
						... 
						
						
						
						no generated code change. 
						
						
					 
					
						2021-02-17 09:11:28 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							9f7cbf6cf1 
							
						 
					 
					
						
						
							
							wgengine/filter: add a Clone method.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2021-01-22 17:31:37 -08:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							e7bf144c3f 
							
						 
					 
					
						
						
							
							ipn, wgengine/filter: fix Shields Up recent regression and old bug  
						
						... 
						
						
						
						Fixes  #1192  (regression)
Fixes  #1193  (old bug) 
					
						2021-01-22 13:39:53 -08:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							b560386c1a 
							
						 
					 
					
						
						
							
							net/packet, wgengine, tstun: add inter-node TSMP protocol for connect errors  
						
						... 
						
						
						
						This adds a new IP Protocol type, TSMP on protocol number 99 for
sending inter-tailscale messages over WireGuard, currently just for
why a peer rejects TCP SYNs (ACL rejection, shields up, and in the
future: nothing listening, something listening on that port but wrong
interface, etc)
Updates #1094 
Updates tailscale/corp#1185 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2021-01-15 14:03:57 -08:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							5eeaea9ef9 
							
						 
					 
					
						
						
							
							net/packet: add TCPFlag type and some more constants  
						
						... 
						
						
						
						Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2021-01-11 22:09:09 -08:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							4d15e954bd 
							
						 
					 
					
						
						
							
							net/flowtrack: add new package to specialize groupcache/lru key type  
						
						... 
						
						
						
						Reduces allocs.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2021-01-11 13:08:03 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							cb96b14bf4 
							
						 
					 
					
						
						
							
							net/packet: remove the custom IP4/IP6 types in favor of netaddr.IP.  
						
						... 
						
						
						
						Upstream netaddr has a change that makes it alloc-free, so it's safe to
use in hot codepaths. This gets rid of one of the many IP types in our
codebase.
Performance is currently worse across the board. This is likely due in
part to netaddr.IP being a larger value type (4b -> 24b for IPv4,
16b -> 24b for IPv6), and in other part due to missing low-hanging fruit
optimizations in netaddr. However, the regression is less bad than
it looks at first glance, because we'd micro-optimized packet.IP* in
the past few weeks. This change drops us back to roughly where we
were at the 1.2 release, but with the benefit of a significant
code and architectural simplification.
name                   old time/op    new time/op    delta
pkg:tailscale.com/net/packet goos:linux goarch:amd64
Decode/tcp4-8            12.2ns ± 5%    29.7ns ± 2%  +142.32%  (p=0.008 n=5+5)
Decode/tcp6-8            12.6ns ± 3%    65.1ns ± 2%  +418.47%  (p=0.008 n=5+5)
Decode/udp4-8            11.8ns ± 3%    30.5ns ± 2%  +157.94%  (p=0.008 n=5+5)
Decode/udp6-8            27.1ns ± 1%    65.7ns ± 2%  +142.36%  (p=0.016 n=4+5)
Decode/icmp4-8           24.6ns ± 2%    30.5ns ± 2%   +23.65%  (p=0.016 n=4+5)
Decode/icmp6-8           22.9ns ±51%    65.5ns ± 2%  +186.19%  (p=0.008 n=5+5)
Decode/igmp-8            18.1ns ±44%    30.2ns ± 1%   +66.89%  (p=0.008 n=5+5)
Decode/unknown-8         20.8ns ± 1%    10.6ns ± 9%   -49.11%  (p=0.016 n=4+5)
pkg:tailscale.com/wgengine/filter goos:linux goarch:amd64
Filter/icmp4-8           30.5ns ± 1%    77.9ns ± 3%  +155.01%  (p=0.008 n=5+5)
Filter/tcp4_syn_in-8     43.7ns ± 3%   123.0ns ± 3%  +181.72%  (p=0.008 n=5+5)
Filter/tcp4_syn_out-8    24.5ns ± 2%    45.7ns ± 6%   +86.22%  (p=0.008 n=5+5)
Filter/udp4_in-8         64.8ns ± 1%   210.0ns ± 2%  +223.87%  (p=0.008 n=5+5)
Filter/udp4_out-8         119ns ± 0%     278ns ± 0%  +133.78%  (p=0.016 n=4+5)
Filter/icmp6-8           40.3ns ± 2%   204.4ns ± 4%  +407.70%  (p=0.008 n=5+5)
Filter/tcp6_syn_in-8     35.3ns ± 3%   199.2ns ± 2%  +464.95%  (p=0.008 n=5+5)
Filter/tcp6_syn_out-8    32.8ns ± 2%    81.0ns ± 2%  +147.10%  (p=0.008 n=5+5)
Filter/udp6_in-8          106ns ± 2%     290ns ± 2%  +174.48%  (p=0.008 n=5+5)
Filter/udp6_out-8         184ns ± 2%     314ns ± 3%   +70.43%  (p=0.016 n=4+5)
pkg:tailscale.com/wgengine/tstun goos:linux goarch:amd64
Write-8                  9.02ns ± 3%    8.92ns ± 1%      ~     (p=0.421 n=5+5)
name                   old alloc/op   new alloc/op   delta
pkg:tailscale.com/net/packet goos:linux goarch:amd64
Decode/tcp4-8             0.00B          0.00B           ~     (all equal)
Decode/tcp6-8             0.00B          0.00B           ~     (all equal)
Decode/udp4-8             0.00B          0.00B           ~     (all equal)
Decode/udp6-8             0.00B          0.00B           ~     (all equal)
Decode/icmp4-8            0.00B          0.00B           ~     (all equal)
Decode/icmp6-8            0.00B          0.00B           ~     (all equal)
Decode/igmp-8             0.00B          0.00B           ~     (all equal)
Decode/unknown-8          0.00B          0.00B           ~     (all equal)
pkg:tailscale.com/wgengine/filter goos:linux goarch:amd64
Filter/icmp4-8            0.00B          0.00B           ~     (all equal)
Filter/tcp4_syn_in-8      0.00B          0.00B           ~     (all equal)
Filter/tcp4_syn_out-8     0.00B          0.00B           ~     (all equal)
Filter/udp4_in-8          0.00B          0.00B           ~     (all equal)
Filter/udp4_out-8         16.0B ± 0%     64.0B ± 0%  +300.00%  (p=0.008 n=5+5)
Filter/icmp6-8            0.00B          0.00B           ~     (all equal)
Filter/tcp6_syn_in-8      0.00B          0.00B           ~     (all equal)
Filter/tcp6_syn_out-8     0.00B          0.00B           ~     (all equal)
Filter/udp6_in-8          0.00B          0.00B           ~     (all equal)
Filter/udp6_out-8         48.0B ± 0%     64.0B ± 0%   +33.33%  (p=0.008 n=5+5)
name                   old allocs/op  new allocs/op  delta
pkg:tailscale.com/net/packet goos:linux goarch:amd64
Decode/tcp4-8              0.00           0.00           ~     (all equal)
Decode/tcp6-8              0.00           0.00           ~     (all equal)
Decode/udp4-8              0.00           0.00           ~     (all equal)
Decode/udp6-8              0.00           0.00           ~     (all equal)
Decode/icmp4-8             0.00           0.00           ~     (all equal)
Decode/icmp6-8             0.00           0.00           ~     (all equal)
Decode/igmp-8              0.00           0.00           ~     (all equal)
Decode/unknown-8           0.00           0.00           ~     (all equal)
pkg:tailscale.com/wgengine/filter goos:linux goarch:amd64
Filter/icmp4-8             0.00           0.00           ~     (all equal)
Filter/tcp4_syn_in-8       0.00           0.00           ~     (all equal)
Filter/tcp4_syn_out-8      0.00           0.00           ~     (all equal)
Filter/udp4_in-8           0.00           0.00           ~     (all equal)
Filter/udp4_out-8          1.00 ± 0%      1.00 ± 0%      ~     (all equal)
Filter/icmp6-8             0.00           0.00           ~     (all equal)
Filter/tcp6_syn_in-8       0.00           0.00           ~     (all equal)
Filter/tcp6_syn_out-8      0.00           0.00           ~     (all equal)
Filter/udp6_in-8           0.00           0.00           ~     (all equal)
Filter/udp6_out-8          1.00 ± 0%      1.00 ± 0%      ~     (all equal)
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-12-22 14:44:36 -08:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							fa412c8760 
							
						 
					 
					
						
						
							
							wgengine/filter, wgengine/magicsock: use new IP.BitLen to simplify some code  
						
						
						
						
					 
					
						2020-12-15 12:12:56 -08:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							afcf134812 
							
						 
					 
					
						
						
							
							wgengine/filter, tailcfg: support CIDRs+ranges in PacketFilter (mapver 7)  
						
						... 
						
						
						
						Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> 
						
						
					 
					
						2020-12-15 11:00:37 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							3c508a58cc 
							
						 
					 
					
						
						
							
							wgengine/filter: don't filter GCP DNS.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-16 14:08:27 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							2eb474dd8d 
							
						 
					 
					
						
						
							
							wgengine/filter: add test cases for len(dsts) > 1.  
						
						... 
						
						
						
						While the code was correct, I broke it during a refactoring and
tests didn't detect it. This fixes that glitch.
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-12 21:41:52 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							ce45f4f3ff 
							
						 
					 
					
						
						
							
							wgengine/filter: inline ip6InList into match.  
						
						... 
						
						
						
						matchIPsOnly gets 5% slower when inlining, despite significantly reduced
memory ops and slightly tighter code.
Part of #19 .
Filter/tcp6_syn_in-8     45.5ns ± 1%    42.4ns ± 2%   -6.86%  (p=0.000 n=10+10)
Filter/udp6_in-8          107ns ± 2%      94ns ± 2%  -11.50%  (p=0.000 n=9+10)
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-12 21:41:47 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							3fdae12f0c 
							
						 
					 
					
						
						
							
							wgengine/filter: eliminate unnecessary memory loads.  
						
						... 
						
						
						
						Doesn't materially affect benchmarks, but shrinks match6 by 30 instructions
and halves memory loads.
Part of #19 .
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-12 21:41:40 -08:00 
						 
				 
			
				
					
						
							
							
								Josh Bleecher Snyder 
							
						 
					 
					
						
						
						
						
							
						
						
							47380ebcfb 
							
						 
					 
					
						
						
							
							wgengine/filter: twiddle bits to optimize  
						
						... 
						
						
						
						Part of #19 .
name            old time/op    new time/op    delta
Filter/icmp4-8    32.2ns ± 3%    32.5ns ± 2%     ~     (p=0.524 n=10+8)
Filter/icmp6-8    49.7ns ± 6%    43.1ns ± 4%  -13.12%  (p=0.000 n=9+10)
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-12 21:41:33 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							5062131aad 
							
						 
					 
					
						
						
							
							wgengine/filter: treat * as both a v4 and v6 wildcard.  
						
						... 
						
						
						
						Part of #19 .
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-12 21:41:29 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							2d604b3791 
							
						 
					 
					
						
						
							
							net/packet: represent IP6 as two uint64s.  
						
						... 
						
						
						
						For the operations we perform on these types (mostly net6.Contains),
this encoding is much faster.
Part of #19 .
name                   old time/op    new time/op    delta
Filter/icmp4-8           27.5ns ± 1%    28.0ns ± 2%   +1.89%  (p=0.016 n=5+5)
Filter/tcp4_syn_in-8     38.8ns ± 2%    38.3ns ± 1%   -1.24%  (p=0.024 n=5+5)
Filter/tcp4_syn_out-8    27.6ns ±12%    24.6ns ± 1%     ~     (p=0.063 n=5+5)
Filter/udp4_in-8         71.5ns ± 5%    65.9ns ± 1%   -7.94%  (p=0.008 n=5+5)
Filter/udp4_out-8         132ns ±13%     119ns ± 1%  -10.29%  (p=0.008 n=5+5)
Filter/icmp6-8            169ns ±10%      54ns ± 1%  -68.35%  (p=0.008 n=5+5)
Filter/tcp6_syn_in-8      149ns ± 6%      43ns ± 1%  -71.11%  (p=0.008 n=5+5)
Filter/tcp6_syn_out-8    37.7ns ± 4%    24.3ns ± 3%  -35.51%  (p=0.008 n=5+5)
Filter/udp6_in-8          179ns ± 5%     103ns ± 1%  -42.75%  (p=0.008 n=5+5)
Filter/udp6_out-8         156ns ± 3%     191ns ± 1%  +22.54%  (p=0.008 n=5+5)
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-12 21:41:21 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							04ff3c91ee 
							
						 
					 
					
						
						
							
							wgengine/filter: add full IPv6 support.  
						
						... 
						
						
						
						Part of #19 .
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-12 21:41:15 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							c2cc3acbaf 
							
						 
					 
					
						
						
							
							net/packet: remove NewIP, offer only a netaddr constructor.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-10 22:03:47 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							55b1221db2 
							
						 
					 
					
						
						
							
							net/packet: support full IPv6 decoding.  
						
						... 
						
						
						
						The packet filter still rejects all IPv6, but decodes enough from v6
packets to do something smarter in a followup.
name              time/op
Decode/tcp4-8     28.8ns ± 2%
Decode/tcp6-8     20.6ns ± 1%
Decode/udp4-8     28.2ns ± 1%
Decode/udp6-8     20.0ns ± 6%
Decode/icmp4-8    21.7ns ± 2%
Decode/icmp6-8    14.1ns ± 2%
Decode/unknown-8  9.43ns ± 2%
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-10 20:23:54 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							89894c6930 
							
						 
					 
					
						
						
							
							net/packet: add IPv6 source and destination IPs to Parsed.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-10 20:23:54 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							093431f5dd 
							
						 
					 
					
						
						
							
							net/packet: s/ParsedPacket/Parsed/ to avoid package stuttering.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-09 23:52:54 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							c48253e63b 
							
						 
					 
					
						
						
							
							wgengine/filter: add a method to run the packet filter without a packet.  
						
						... 
						
						
						
						The goal is to move some of the shenanigans we have elsewhere into the filter
package, so that all the weird things to do with poking at the filter is in
a single place, behind clean APIs.
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-09 23:34:01 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							7a54910990 
							
						 
					 
					
						
						
							
							wgengine/filter: remove helper vars, mark NewAllowAll test-only.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-09 22:02:37 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							76d99cf01a 
							
						 
					 
					
						
						
							
							wgengine/filter: remove the Matches type.  
						
						... 
						
						
						
						It only served to obscure the underlying slice type without
adding much value.
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-09 21:39:25 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							b950bd60bf 
							
						 
					 
					
						
						
							
							wgengine/filter: add and clean up documentation.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-09 21:39:25 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							a8589636a8 
							
						 
					 
					
						
						
							
							wgengine/filter: remove unused Clone methods.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-09 21:39:25 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							b3634f020d 
							
						 
					 
					
						
						
							
							wgengine/filter: use netaddr types in public API.  
						
						... 
						
						
						
						We still use the packet.* alloc-free types in the data path, but
the compilation from netaddr to packet happens within the filter
package.
Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-09 21:39:25 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							427bf2134f 
							
						 
					 
					
						
						
							
							net/packet: rename from wgengine/packet.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-09 16:25:24 -08:00 
						 
				 
			
				
					
						
							
							
								David Anderson 
							
						 
					 
					
						
						
						
						
							
						
						
							19df6a2ee2 
							
						 
					 
					
						
						
							
							wgengine/packet: rename types to reflect their v4-only-ness, document.  
						
						... 
						
						
						
						Signed-off-by: David Anderson <danderson@tailscale.com> 
						
						
					 
					
						2020-11-09 16:25:24 -08:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							73cc2d8f89 
							
						 
					 
					
						
						
							
							wgengine/filter: also silently drop link-local unicast traffic  
						
						... 
						
						
						
						Updates #629  
						
						
					 
					
						2020-09-25 11:47:38 -07:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							5f807c389e 
							
						 
					 
					
						
						
							
							wgengine/filter: drop multicast packets out, don't log about them  
						
						... 
						
						
						
						Eventually we'll probably support multicast. For now it's just log spam.
Fixes  #629  
						
						
					 
					
						2020-09-25 11:27:57 -07:00 
						 
				 
			
				
					
						
							
							
								chungdaniel 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							4d56d19b46 
							
						 
					 
					
						
						
							
							control/controlclient, wgengine/filter: extract parsePacketFilter to … ( #696 )  
						
						... 
						
						
						
						control/controlclient, wgengine/filter: extract parsePacketFilter to new constructor in wgengine/filter
Signed-off-by: chungdaniel <daniel@tailscale.com> 
						
						
					 
					
						2020-08-20 10:36:19 -07:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							da3b50ad88 
							
						 
					 
					
						
						
							
							wgengine/filter: omit logging for all v6 multicast, remove debug panic :(  
						
						
						
						
					 
					
						2020-08-01 12:40:32 -07:00 
						 
				 
			
				
					
						
							
							
								Brad Fitzpatrick 
							
						 
					 
					
						
						
						
						
							
						
						
							7cc8fcb784 
							
						 
					 
					
						
						
							
							wgengine/filter: remove leftover debug knob that staticcheck doesn't like  
						
						
						
						
					 
					
						2020-07-30 11:21:37 -07:00