webnet/tailscale
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

wgengine/netstack, net/ping: stop using pro-bing and use our net/ping instead

Browse Source 
Fixes #19633
Fixes #13760

Change-Id: I0fa9423523a3a0fb1dfcde57de0f26e51723ff97
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2026-05-04 19:46:00 +00:00
committed by Brad Fitzpatrick
parent 81569e891f
commit 883d4fd2cd
12 changed files with 108 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/k8s-operator/depaware.txt
+6 -7
View File
@@ -130,7 +130,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
github.com/google/gnostic-models/jsonschema from github.com/google/gnostic-models/compiler github.com/google/gnostic-models/jsonschema from github.com/google/gnostic-models/compiler
github.com/google/gnostic-models/openapiv2 from k8s.io/client-go/discovery+ github.com/google/gnostic-models/openapiv2 from k8s.io/client-go/discovery+
github.com/google/gnostic-models/openapiv3 from k8s.io/kube-openapi/pkg/handler3+ github.com/google/gnostic-models/openapiv3 from k8s.io/kube-openapi/pkg/handler3+
github.com/google/uuid from github.com/prometheus-community/pro-bing+ github.com/google/uuid from k8s.io/apimachinery/pkg/util/uuid+
github.com/hdevalence/ed25519consensus from tailscale.com/tka github.com/hdevalence/ed25519consensus from tailscale.com/tka
github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+ github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+
github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper
@@ -164,7 +164,6 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal+ github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal+
github.com/pkg/errors from github.com/evanphx/json-patch/v5+ github.com/pkg/errors from github.com/evanphx/json-patch/v5+
github.com/pmezard/go-difflib/difflib from k8s.io/apimachinery/pkg/util/diff github.com/pmezard/go-difflib/difflib from k8s.io/apimachinery/pkg/util/diff
D github.com/prometheus-community/pro-bing from tailscale.com/wgengine/netstack
github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil from github.com/prometheus/client_golang/prometheus/promhttp github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil from github.com/prometheus/client_golang/prometheus/promhttp
github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil/header from github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil/header from github.com/prometheus/client_golang/internal/github.com/golang/gddo/httputil
💣 github.com/prometheus/client_golang/prometheus from github.com/prometheus/client_golang/prometheus/collectors+ 💣 github.com/prometheus/client_golang/prometheus from github.com/prometheus/client_golang/prometheus/collectors+
@@ -1023,15 +1022,15 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy
golang.org/x/net/http2 from k8s.io/apimachinery/pkg/util/net+ golang.org/x/net/http2 from k8s.io/apimachinery/pkg/util/net+
golang.org/x/net/http2/hpack from golang.org/x/net/http2+ golang.org/x/net/http2/hpack from golang.org/x/net/http2+
golang.org/x/net/icmp from github.com/prometheus-community/pro-bing+ golang.org/x/net/icmp from tailscale.com/net/ping
golang.org/x/net/idna from golang.org/x/net/http/httpguts+ golang.org/x/net/idna from golang.org/x/net/http/httpguts+
golang.org/x/net/internal/httpcommon from golang.org/x/net/http2 golang.org/x/net/internal/httpcommon from golang.org/x/net/http2
golang.org/x/net/internal/httpsfv from golang.org/x/net/http2 golang.org/x/net/internal/httpsfv from golang.org/x/net/http2
golang.org/x/net/internal/iana from golang.org/x/net/icmp+ golang.org/x/net/internal/iana from golang.org/x/net/icmp+
golang.org/x/net/internal/socket from golang.org/x/net/ipv4+ golang.org/x/net/internal/socket from golang.org/x/net/ipv4+
golang.org/x/net/internal/socks from golang.org/x/net/proxy golang.org/x/net/internal/socks from golang.org/x/net/proxy
golang.org/x/net/ipv4 from github.com/prometheus-community/pro-bing+ golang.org/x/net/ipv4 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/ipv6 from github.com/prometheus-community/pro-bing+ golang.org/x/net/ipv6 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/proxy from tailscale.com/net/netns golang.org/x/net/proxy from tailscale.com/net/netns
D golang.org/x/net/route from tailscale.com/net/netmon+ D golang.org/x/net/route from tailscale.com/net/netmon+
golang.org/x/net/websocket from tailscale.com/k8s-operator/sessionrecording/ws golang.org/x/net/websocket from tailscale.com/k8s-operator/sessionrecording/ws
@@ -1138,7 +1137,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
crypto/sha3 from crypto/internal/fips140hash+ crypto/sha3 from crypto/internal/fips140hash+
crypto/sha512 from crypto/ecdsa+ crypto/sha512 from crypto/ecdsa+
crypto/subtle from crypto/cipher+ crypto/subtle from crypto/cipher+
crypto/tls from github.com/prometheus-community/pro-bing+ crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
crypto/tls/internal/fips140tls from crypto/tls crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+ crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509 D crypto/x509/internal/macos from crypto/x509
@@ -1247,7 +1246,7 @@ tailscale.com/cmd/k8s-operator dependencies: (generated by github.com/tailscale/
mime/quotedprintable from mime/multipart mime/quotedprintable from mime/multipart
net from crypto/tls+ net from crypto/tls+
net/http from expvar+ net/http from expvar+
net/http/httptrace from github.com/prometheus-community/pro-bing+ net/http/httptrace from github.com/aws/smithy-go/transport/http+
net/http/httputil from tailscale.com/client/web+ net/http/httputil from tailscale.com/client/web+
net/http/internal from net/http+ net/http/internal from net/http+
net/http/internal/ascii from net/http+ net/http/internal/ascii from net/http+
cmd/tailscaled/depaware.txt
+6 -7
View File
@@ -130,7 +130,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
L github.com/google/nftables/expr from github.com/google/nftables+ L github.com/google/nftables/expr from github.com/google/nftables+
L github.com/google/nftables/internal/parseexprfunc from github.com/google/nftables+ L github.com/google/nftables/internal/parseexprfunc from github.com/google/nftables+
L github.com/google/nftables/xt from github.com/google/nftables/expr+ L github.com/google/nftables/xt from github.com/google/nftables/expr+
DW github.com/google/uuid from tailscale.com/clientupdate+ W github.com/google/uuid from tailscale.com/clientupdate
github.com/hdevalence/ed25519consensus from tailscale.com/clientupdate/distsign+ github.com/hdevalence/ed25519consensus from tailscale.com/clientupdate/distsign+
github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+ github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+
github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper
@@ -173,7 +173,6 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal
LD github.com/pkg/sftp from tailscale.com/ssh/tailssh LD github.com/pkg/sftp from tailscale.com/ssh/tailssh
LD github.com/pkg/sftp/internal/encoding/ssh/filexfer from github.com/pkg/sftp LD github.com/pkg/sftp/internal/encoding/ssh/filexfer from github.com/pkg/sftp
D github.com/prometheus-community/pro-bing from tailscale.com/wgengine/netstack
L 💣 github.com/safchain/ethtool from tailscale.com/net/netkernelconf+ L 💣 github.com/safchain/ethtool from tailscale.com/net/netkernelconf+
DW 💣 github.com/tailscale/certstore from tailscale.com/control/controlclient DW 💣 github.com/tailscale/certstore from tailscale.com/control/controlclient
LD github.com/tailscale/gliderssh from tailscale.com/ssh/tailssh LD github.com/tailscale/gliderssh from tailscale.com/ssh/tailssh
@@ -527,13 +526,13 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
golang.org/x/net/dns/dnsmessage from tailscale.com/appc+ golang.org/x/net/dns/dnsmessage from tailscale.com/appc+
golang.org/x/net/http/httpguts from tailscale.com/ipn/ipnlocal golang.org/x/net/http/httpguts from tailscale.com/ipn/ipnlocal
golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy
golang.org/x/net/icmp from tailscale.com/net/ping+ golang.org/x/net/icmp from tailscale.com/net/ping
golang.org/x/net/idna from golang.org/x/net/http/httpguts+ golang.org/x/net/idna from golang.org/x/net/http/httpguts+
golang.org/x/net/internal/iana from golang.org/x/net/icmp+ golang.org/x/net/internal/iana from golang.org/x/net/icmp+
golang.org/x/net/internal/socket from golang.org/x/net/ipv4+ golang.org/x/net/internal/socket from golang.org/x/net/ipv4+
golang.org/x/net/internal/socks from golang.org/x/net/proxy golang.org/x/net/internal/socks from golang.org/x/net/proxy
golang.org/x/net/ipv4 from github.com/prometheus-community/pro-bing+ golang.org/x/net/ipv4 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/ipv6 from github.com/prometheus-community/pro-bing+ golang.org/x/net/ipv6 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/proxy from tailscale.com/net/netns golang.org/x/net/proxy from tailscale.com/net/netns
D golang.org/x/net/route from tailscale.com/net/netmon+ D golang.org/x/net/route from tailscale.com/net/netmon+
golang.org/x/sync/errgroup from github.com/mdlayher/socket+ golang.org/x/sync/errgroup from github.com/mdlayher/socket+
@@ -644,7 +643,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
crypto/x509 from crypto/tls+ crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509 D crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+ crypto/x509/pkix from crypto/x509+
DW database/sql/driver from github.com/google/uuid W database/sql/driver from github.com/google/uuid
W debug/dwarf from debug/pe W debug/dwarf from debug/pe
W debug/pe from github.com/dblohm7/wingoes/pe W debug/pe from github.com/dblohm7/wingoes/pe
embed from github.com/tailscale/web-client-prebuilt+ embed from github.com/tailscale/web-client-prebuilt+
@@ -734,7 +733,7 @@ tailscale.com/cmd/tailscaled dependencies: (generated by github.com/tailscale/de
mime/quotedprintable from mime/multipart mime/quotedprintable from mime/multipart
net from crypto/tls+ net from crypto/tls+
net/http from expvar+ net/http from expvar+
net/http/httptrace from github.com/prometheus-community/pro-bing+ net/http/httptrace from github.com/aws/smithy-go/transport/http+
net/http/httputil from github.com/aws/smithy-go/transport/http+ net/http/httputil from github.com/aws/smithy-go/transport/http+
net/http/internal from net/http+ net/http/internal from net/http+
net/http/internal/ascii from net/http+ net/http/internal/ascii from net/http+
cmd/tsidp/depaware.txt
+6 -9
View File
@@ -105,7 +105,6 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
L 💣 github.com/godbus/dbus/v5 from tailscale.com/net/dns L 💣 github.com/godbus/dbus/v5 from tailscale.com/net/dns
github.com/golang/groupcache/lru from tailscale.com/net/dnscache github.com/golang/groupcache/lru from tailscale.com/net/dnscache
github.com/google/btree from gvisor.dev/gvisor/pkg/tcpip/transport/tcp github.com/google/btree from gvisor.dev/gvisor/pkg/tcpip/transport/tcp
D github.com/google/uuid from github.com/prometheus-community/pro-bing
github.com/hdevalence/ed25519consensus from tailscale.com/tka github.com/hdevalence/ed25519consensus from tailscale.com/tka
github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+ github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+
github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper
@@ -128,7 +127,6 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
L 💣 github.com/mdlayher/socket from github.com/mdlayher/netlink+ L 💣 github.com/mdlayher/socket from github.com/mdlayher/netlink+
💣 github.com/mitchellh/go-ps from tailscale.com/safesocket 💣 github.com/mitchellh/go-ps from tailscale.com/safesocket
github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal
D github.com/prometheus-community/pro-bing from tailscale.com/wgengine/netstack
L 💣 github.com/safchain/ethtool from tailscale.com/net/netkernelconf L 💣 github.com/safchain/ethtool from tailscale.com/net/netkernelconf
DW 💣 github.com/tailscale/certstore from tailscale.com/control/controlclient DW 💣 github.com/tailscale/certstore from tailscale.com/control/controlclient
W 💣 github.com/tailscale/go-winio from tailscale.com/safesocket W 💣 github.com/tailscale/go-winio from tailscale.com/safesocket
@@ -421,13 +419,13 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
golang.org/x/net/dns/dnsmessage from tailscale.com/appc+ golang.org/x/net/dns/dnsmessage from tailscale.com/appc+
golang.org/x/net/http/httpguts from tailscale.com/ipn/ipnlocal golang.org/x/net/http/httpguts from tailscale.com/ipn/ipnlocal
golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy
golang.org/x/net/icmp from github.com/prometheus-community/pro-bing+ golang.org/x/net/icmp from tailscale.com/net/ping
golang.org/x/net/idna from golang.org/x/net/http/httpguts+ golang.org/x/net/idna from golang.org/x/net/http/httpguts+
golang.org/x/net/internal/iana from golang.org/x/net/icmp+ golang.org/x/net/internal/iana from golang.org/x/net/icmp+
golang.org/x/net/internal/socket from golang.org/x/net/ipv4+ golang.org/x/net/internal/socket from golang.org/x/net/ipv4+
golang.org/x/net/internal/socks from golang.org/x/net/proxy golang.org/x/net/internal/socks from golang.org/x/net/proxy
golang.org/x/net/ipv4 from github.com/prometheus-community/pro-bing+ golang.org/x/net/ipv4 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/ipv6 from github.com/prometheus-community/pro-bing+ golang.org/x/net/ipv6 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/proxy from tailscale.com/net/netns golang.org/x/net/proxy from tailscale.com/net/netns
D golang.org/x/net/route from tailscale.com/net/netmon+ D golang.org/x/net/route from tailscale.com/net/netmon+
golang.org/x/oauth2 from golang.org/x/oauth2/clientcredentials+ golang.org/x/oauth2 from golang.org/x/oauth2/clientcredentials+
@@ -533,12 +531,11 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
crypto/sha3 from crypto/internal/fips140hash+ crypto/sha3 from crypto/internal/fips140hash+
crypto/sha512 from crypto/ecdsa+ crypto/sha512 from crypto/ecdsa+
crypto/subtle from crypto/cipher+ crypto/subtle from crypto/cipher+
crypto/tls from github.com/prometheus-community/pro-bing+ crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
crypto/tls/internal/fips140tls from crypto/tls crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+ crypto/x509 from crypto/tls+
D crypto/x509/internal/macos from crypto/x509 D crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+ crypto/x509/pkix from crypto/x509+
D database/sql/driver from github.com/google/uuid
W debug/dwarf from debug/pe W debug/dwarf from debug/pe
W debug/pe from github.com/dblohm7/wingoes/pe W debug/pe from github.com/dblohm7/wingoes/pe
embed from github.com/tailscale/web-client-prebuilt+ embed from github.com/tailscale/web-client-prebuilt+
@@ -627,7 +624,7 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
mime/quotedprintable from mime/multipart mime/quotedprintable from mime/multipart
net from crypto/tls+ net from crypto/tls+
net/http from expvar+ net/http from expvar+
net/http/httptrace from github.com/prometheus-community/pro-bing+ net/http/httptrace from github.com/aws/smithy-go/transport/http+
net/http/httputil from tailscale.com/client/web+ net/http/httputil from tailscale.com/client/web+
net/http/internal from net/http+ net/http/internal from net/http+
net/http/internal/ascii from net/http+ net/http/internal/ascii from net/http+
@@ -642,7 +639,7 @@ tailscale.com/cmd/tsidp dependencies: (generated by github.com/tailscale/depawar
os/user from github.com/godbus/dbus/v5+ os/user from github.com/godbus/dbus/v5+
path from debug/dwarf+ path from debug/dwarf+
path/filepath from crypto/x509+ path/filepath from crypto/x509+
reflect from database/sql/driver+ reflect from encoding/asn1+
regexp from github.com/huin/goupnp/httpu+ regexp from github.com/huin/goupnp/httpu+
regexp/syntax from regexp regexp/syntax from regexp
runtime from crypto/internal/fips140+ runtime from crypto/internal/fips140+
flake.nix
+1 -1
View File
@@ -164,4 +164,4 @@
}); });
}; };
} }
# nix-direnv cache busting line: sha256-5zxCDQ12bu8dvJ51RCQk/m07oM2qNNrTB5cbb1Za/sc= # nix-direnv cache busting line: sha256-mbxLXR2TBgiwyVGfLmMR5xWk+0f66mPDas95Wla70Lk=
flakehashes.json
+2 -2
View File
@@ -4,7 +4,7 @@
"sri": "sha256-pCvFNTFuvhSBb5O+PPuilaowP4tXcCOP1NgYUDJTcJU=" "sri": "sha256-pCvFNTFuvhSBb5O+PPuilaowP4tXcCOP1NgYUDJTcJU="
}, },
"vendor": { "vendor": {
"goModSum": "sha256-xjPeSzdlDw247JtuZ9gI/OXh0IYvQV3qN1WNRbSlir8=", "goModSum": "sha256-P3V7maoKyvDCGEj/snR+jbAb2kY0jiUtXBtL762K3dU=",
"sri": "sha256-5zxCDQ12bu8dvJ51RCQk/m07oM2qNNrTB5cbb1Za/sc=" "sri": "sha256-mbxLXR2TBgiwyVGfLmMR5xWk+0f66mPDas95Wla70Lk="
} }
} }
go.mod
-1
View File
@@ -82,7 +82,6 @@ require (
github.com/pires/go-proxyproto v0.8.1 github.com/pires/go-proxyproto v0.8.1
github.com/pkg/errors v0.9.1 github.com/pkg/errors v0.9.1
github.com/pkg/sftp v1.13.6 github.com/pkg/sftp v1.13.6
github.com/prometheus-community/pro-bing v0.4.0
github.com/prometheus/client_golang v1.23.0 github.com/prometheus/client_golang v1.23.0
github.com/prometheus/common v0.65.0 github.com/prometheus/common v0.65.0
github.com/prometheus/prometheus v0.49.2-0.20240125131847-c3b8ef1694ff github.com/prometheus/prometheus v0.49.2-0.20240125131847-c3b8ef1694ff
go.sum
-2
View File
@@ -966,8 +966,6 @@ github.com/poy/onpar v1.1.2 h1:QaNrNiZx0+Nar5dLgTVp5mXkyoVFIbepjyEoGSnhbAY=
github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg= github.com/poy/onpar v1.1.2/go.mod h1:6X8FLNoxyr9kkmnlqpK6LSoiOtrO6MICtWwEuWkLjzg=
github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g= github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
github.com/prometheus-community/pro-bing v0.4.0 h1:YMbv+i08gQz97OZZBwLyvmmQEEzyfyrrjEaAchdy3R4=
github.com/prometheus-community/pro-bing v0.4.0/go.mod h1:b7wRYZtCcPmt4Sz319BykUU241rWLe1VFXyiyWK/dH4=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU=
net/ping/ping.go
+62 -13
View File
@@ -29,8 +29,10 @@ import (
) )
const ( const (
v4Type = "ip4:icmp" v4Type = "ip4:icmp"
v6Type = "ip6:icmp" v6Type = "ip6:icmp"
v4UDPType = "udp4" // unprivileged datagram-oriented ICMPv4
v6UDPType = "udp6" // unprivileged datagram-oriented ICMPv6
) )
type response struct { type response struct {
@@ -54,12 +56,30 @@ type ListenPacketer interface {
// A new instance should be created for each concurrent set of ping requests; // A new instance should be created for each concurrent set of ping requests;
// this type should not be reused. // this type should not be reused.
type Pinger struct { type Pinger struct {
// options that must be set before the first call to Send
// Unprivileged, when set, makes the Pinger use non-privileged
// datagram-oriented ICMP sockets ("udp4"/"udp6") opened via
// golang.org/x/net/icmp.ListenPacket instead of raw ICMP sockets
// ("ip4:icmp"/"ip6:icmp") opened via the configured ListenPacketer.
//
// Unprivileged mode is supported on macOS, iOS, and Linux (subject to
// the /proc/sys/net/ipv4/ping_group_range sysctl). When set, the
// ListenPacketer passed to New is ignored and the kernel rewrites the
// outgoing ICMP echo ID to match the socket; replies are matched by
// sequence number and echo data only.
//
// Must be set before the first call to Send.
Unprivileged bool
Verbose bool // verbose logging
Logf logger.Logf // optional logging function; if nil, logs to the standard logger
lp ListenPacketer lp ListenPacketer
// closed guards against send incrementing the waitgroup concurrently with close. // closed guards against send incrementing the waitgroup concurrently with close.
closed atomic.Bool closed atomic.Bool
Logf logger.Logf
Verbose bool
timeNow func() time.Time timeNow func() time.Time
id uint16 // uint16 per RFC 792 id uint16 // uint16 per RFC 792
wg sync.WaitGroup wg sync.WaitGroup
@@ -95,7 +115,17 @@ func (p *Pinger) mkconn(ctx context.Context, typ, addr string) (net.PacketConn,
return nil, net.ErrClosed return nil, net.ErrClosed
} }
c, err := p.lp.ListenPacket(ctx, typ, addr) var c net.PacketConn
var err error
if p.Unprivileged {
// icmp.ListenPacket on "udp4"/"udp6" opens a datagram-oriented
// ICMP socket that does not require elevated privileges. The
// returned *icmp.PacketConn implements net.PacketConn and, on
// Darwin/iOS, strips the IPv4 header on read via IP_STRIPHDR.
c, err = icmp.ListenPacket(typ, addr)
} else {
c, err = p.lp.ListenPacket(ctx, typ, addr)
}
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -125,7 +155,7 @@ func (p *Pinger) getConn(ctx context.Context, typ string) (net.PacketConn, error
} }
var addr = "0.0.0.0" var addr = "0.0.0.0"
if typ == v6Type { if typ == v6Type || typ == v6UDPType {
addr = "::" addr = "::"
} }
c, err := p.mkconn(ctx, typ, addr) c, err := p.mkconn(ctx, typ, addr)
@@ -216,9 +246,9 @@ func (p *Pinger) handleResponse(buf []byte, now time.Time, typ string) {
// and IPv6. // and IPv6.
var icmpType icmp.Type var icmpType icmp.Type
switch typ { switch typ {
case v4Type: case v4Type, v4UDPType:
icmpType = ipv4.ICMPTypeEchoReply icmpType = ipv4.ICMPTypeEchoReply
case v6Type: case v6Type, v6UDPType:
icmpType = ipv6.ICMPTypeEchoReply icmpType = ipv6.ICMPTypeEchoReply
default: default:
p.vlogf("handleResponse: unknown icmp.Type") p.vlogf("handleResponse: unknown icmp.Type")
@@ -243,7 +273,10 @@ func (p *Pinger) handleResponse(buf []byte, now time.Time, typ string) {
} }
// We assume we sent this if the ID in the response is ours. // We assume we sent this if the ID in the response is ours.
if uint16(resp.ID) != p.id { // In unprivileged ICMP DGRAM mode the kernel rewrites the ID to match
// the socket, so the value we set on the way out is not what comes
// back; rely on sequence and data matching instead.
if !p.Unprivileged && uint16(resp.ID) != p.id {
p.vlogf("handleResponse: wanted ID=%d; got %d", p.id, resp.ID) p.vlogf("handleResponse: wanted ID=%d; got %d", p.id, resp.ID)
return return
} }
@@ -294,14 +327,30 @@ func (p *Pinger) Send(ctx context.Context, dest net.Addr, data []byte) (time.Dur
} }
if ap.Is6() { if ap.Is6() {
icmpType = ipv6.ICMPTypeEchoRequest icmpType = ipv6.ICMPTypeEchoRequest
conn, err = p.getConn(ctx, v6Type) typ := v6Type
if p.Unprivileged {
typ = v6UDPType
}
conn, err = p.getConn(ctx, typ)
} else { } else {
conn, err = p.getConn(ctx, v4Type) typ := v4Type
if p.Unprivileged {
typ = v4UDPType
}
conn, err = p.getConn(ctx, typ)
} }
if err != nil { if err != nil {
return 0, err return 0, err
} }
// In unprivileged ICMP DGRAM mode (icmp.ListenPacket on "udp4"/"udp6"),
// the kernel requires a *net.UDPAddr destination for WriteTo even though
// the wire packet is ICMP.
writeDst := dest
if p.Unprivileged {
writeDst = &net.UDPAddr{IP: ap.AsSlice(), Zone: ap.Zone()}
}
m := icmp.Message{ m := icmp.Message{
Type: icmpType, Type: icmpType,
Code: 0, Code: 0,
@@ -324,7 +373,7 @@ func (p *Pinger) Send(ctx context.Context, dest net.Addr, data []byte) (time.Dur
p.mu.Unlock() p.mu.Unlock()
start := p.timeNow() start := p.timeNow()
n, err := conn.WriteTo(b, dest) n, err := conn.WriteTo(b, writeDst)
if err != nil { if err != nil {
return 0, err return 0, err
} else if n != len(b) { } else if n != len(b) {
shell.nix
+1 -1
View File
@@ -16,4 +16,4 @@
) { ) {
src = ./.; src = ./.;
}).shellNix }).shellNix
# nix-direnv cache busting line: sha256-5zxCDQ12bu8dvJ51RCQk/m07oM2qNNrTB5cbb1Za/sc= # nix-direnv cache busting line: sha256-mbxLXR2TBgiwyVGfLmMR5xWk+0f66mPDas95Wla70Lk=
tsnet/depaware.txt
+6 -9
View File
@@ -105,7 +105,6 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
L 💣 github.com/godbus/dbus/v5 from tailscale.com/net/dns L 💣 github.com/godbus/dbus/v5 from tailscale.com/net/dns
github.com/golang/groupcache/lru from tailscale.com/net/dnscache github.com/golang/groupcache/lru from tailscale.com/net/dnscache
github.com/google/btree from gvisor.dev/gvisor/pkg/tcpip/transport/tcp github.com/google/btree from gvisor.dev/gvisor/pkg/tcpip/transport/tcp
DI github.com/google/uuid from github.com/prometheus-community/pro-bing
github.com/hdevalence/ed25519consensus from tailscale.com/tka github.com/hdevalence/ed25519consensus from tailscale.com/tka
github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+ github.com/huin/goupnp from github.com/huin/goupnp/dcps/internetgateway2+
github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper github.com/huin/goupnp/dcps/internetgateway2 from tailscale.com/net/portmapper
@@ -128,7 +127,6 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
LA 💣 github.com/mdlayher/socket from github.com/mdlayher/netlink+ LA 💣 github.com/mdlayher/socket from github.com/mdlayher/netlink+
LDW 💣 github.com/mitchellh/go-ps from tailscale.com/safesocket LDW 💣 github.com/mitchellh/go-ps from tailscale.com/safesocket
github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal github.com/pires/go-proxyproto from tailscale.com/ipn/ipnlocal
DI github.com/prometheus-community/pro-bing from tailscale.com/wgengine/netstack
L 💣 github.com/safchain/ethtool from tailscale.com/net/netkernelconf L 💣 github.com/safchain/ethtool from tailscale.com/net/netkernelconf
DW 💣 github.com/tailscale/certstore from tailscale.com/control/controlclient DW 💣 github.com/tailscale/certstore from tailscale.com/control/controlclient
W 💣 github.com/tailscale/go-winio from tailscale.com/safesocket W 💣 github.com/tailscale/go-winio from tailscale.com/safesocket
@@ -414,13 +412,13 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
golang.org/x/net/dns/dnsmessage from tailscale.com/appc+ golang.org/x/net/dns/dnsmessage from tailscale.com/appc+
golang.org/x/net/http/httpguts from tailscale.com/ipn/ipnlocal golang.org/x/net/http/httpguts from tailscale.com/ipn/ipnlocal
golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy golang.org/x/net/http/httpproxy from tailscale.com/net/tshttpproxy
golang.org/x/net/icmp from github.com/prometheus-community/pro-bing+ golang.org/x/net/icmp from tailscale.com/net/ping
golang.org/x/net/idna from golang.org/x/net/http/httpguts+ golang.org/x/net/idna from golang.org/x/net/http/httpguts+
golang.org/x/net/internal/iana from golang.org/x/net/icmp+ golang.org/x/net/internal/iana from golang.org/x/net/icmp+
golang.org/x/net/internal/socket from golang.org/x/net/ipv4+ golang.org/x/net/internal/socket from golang.org/x/net/ipv4+
LDW golang.org/x/net/internal/socks from golang.org/x/net/proxy LDW golang.org/x/net/internal/socks from golang.org/x/net/proxy
golang.org/x/net/ipv4 from github.com/prometheus-community/pro-bing+ golang.org/x/net/ipv4 from github.com/tailscale/wireguard-go/conn+
golang.org/x/net/ipv6 from github.com/prometheus-community/pro-bing+ golang.org/x/net/ipv6 from github.com/tailscale/wireguard-go/conn+
LDW golang.org/x/net/proxy from tailscale.com/net/netns LDW golang.org/x/net/proxy from tailscale.com/net/netns
DI golang.org/x/net/route from tailscale.com/net/netmon+ DI golang.org/x/net/route from tailscale.com/net/netmon+
golang.org/x/oauth2 from golang.org/x/oauth2/clientcredentials+ golang.org/x/oauth2 from golang.org/x/oauth2/clientcredentials+
@@ -526,12 +524,11 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
crypto/sha3 from crypto/internal/fips140hash+ crypto/sha3 from crypto/internal/fips140hash+
crypto/sha512 from crypto/ecdsa+ crypto/sha512 from crypto/ecdsa+
crypto/subtle from crypto/cipher+ crypto/subtle from crypto/cipher+
crypto/tls from github.com/prometheus-community/pro-bing+ crypto/tls from github.com/aws/aws-sdk-go-v2/aws/transport/http+
crypto/tls/internal/fips140tls from crypto/tls crypto/tls/internal/fips140tls from crypto/tls
crypto/x509 from crypto/tls+ crypto/x509 from crypto/tls+
DI crypto/x509/internal/macos from crypto/x509 DI crypto/x509/internal/macos from crypto/x509
crypto/x509/pkix from crypto/x509+ crypto/x509/pkix from crypto/x509+
DI database/sql/driver from github.com/google/uuid
W debug/dwarf from debug/pe W debug/dwarf from debug/pe
W debug/pe from github.com/dblohm7/wingoes/pe W debug/pe from github.com/dblohm7/wingoes/pe
embed from github.com/tailscale/web-client-prebuilt+ embed from github.com/tailscale/web-client-prebuilt+
@@ -620,7 +617,7 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
mime/quotedprintable from mime/multipart mime/quotedprintable from mime/multipart
net from crypto/tls+ net from crypto/tls+
net/http from expvar+ net/http from expvar+
net/http/httptrace from github.com/prometheus-community/pro-bing+ net/http/httptrace from github.com/aws/smithy-go/transport/http+
net/http/httputil from tailscale.com/client/web+ net/http/httputil from tailscale.com/client/web+
net/http/internal from net/http+ net/http/internal from net/http+
net/http/internal/ascii from net/http+ net/http/internal/ascii from net/http+
@@ -634,7 +631,7 @@ tailscale.com/tsnet dependencies: (generated by github.com/tailscale/depaware)
os/user from github.com/godbus/dbus/v5+ os/user from github.com/godbus/dbus/v5+
path from debug/dwarf+ path from debug/dwarf+
path/filepath from crypto/x509+ path/filepath from crypto/x509+
reflect from database/sql/driver+ reflect from encoding/asn1+
regexp from github.com/huin/goupnp/httpu+ regexp from github.com/huin/goupnp/httpu+
regexp/syntax from regexp regexp/syntax from regexp
runtime from crypto/internal/fips140+ runtime from crypto/internal/fips140+
tstest/iosdeps/iosdeps_test.go
+2 -5
View File
@@ -20,14 +20,11 @@ func TestDeps(t *testing.T) {
"tailscale.com/net/wsconn": "https://github.com/tailscale/tailscale/issues/13762", "tailscale.com/net/wsconn": "https://github.com/tailscale/tailscale/issues/13762",
"github.com/coder/websocket": "https://github.com/tailscale/tailscale/issues/13762", "github.com/coder/websocket": "https://github.com/tailscale/tailscale/issues/13762",
"github.com/mitchellh/go-ps": "https://github.com/tailscale/tailscale/pull/13759", "github.com/mitchellh/go-ps": "https://github.com/tailscale/tailscale/pull/13759",
"database/sql/driver": "iOS doesn't use an SQL database",
"github.com/google/uuid": "see tailscale/tailscale#13760",
"tailscale.com/clientupdate/distsign": "downloads via AppStore, not distsign", "tailscale.com/clientupdate/distsign": "downloads via AppStore, not distsign",
"github.com/tailscale/hujson": "no config file support on iOS", "github.com/tailscale/hujson": "no config file support on iOS",
"tailscale.com/feature/capture": "no debug packet capture on iOS", "tailscale.com/feature/capture": "no debug packet capture on iOS",
// TODO(bradfitz): fix this again. See https://github.com/tailscale/tailscale/issues/13760 and
// https://github.com/tailscale/tailscale/issues/19633
// "database/sql/driver": "iOS doesn't use an SQL database",
// "github.com/google/uuid": "see tailscale/tailscale#13760",
}, },
}.Check(t) }.Check(t)
} }
wgengine/netstack/netstack_userping_apple.go
+16 -19
View File
@@ -6,33 +6,30 @@
package netstack package netstack
import ( import (
"context"
"net"
"net/netip" "net/netip"
"time" "time"
probing "github.com/prometheus-community/pro-bing" "tailscale.com/net/ping"
) )
// sendOutboundUserPing sends a non-privileged ICMP (or ICMPv6) ping to dstIP with the given timeout. // sendOutboundUserPing sends a non-privileged ICMP (or ICMPv6) ping to dstIP with the given timeout.
func (ns *Impl) sendOutboundUserPing(dstIP netip.Addr, timeout time.Duration) error { func (ns *Impl) sendOutboundUserPing(dstIP netip.Addr, timeout time.Duration) error {
p, err := probing.NewPinger(dstIP.String()) ctx, cancel := context.WithTimeout(context.Background(), timeout)
defer cancel()
p := ping.New(ctx, ns.logf, nil)
p.Unprivileged = true
defer p.Close()
dst := &net.IPAddr{IP: dstIP.AsSlice(), Zone: dstIP.Zone()}
ns.logf("sendOutboundUserPing: forwarding ping to %s", dstIP)
d, err := p.Send(ctx, dst, []byte("tailscale-userping"))
if err != nil { if err != nil {
ns.logf("sendICMPPingToIP failed to create pinger: %v", err) ns.logf("sendOutboundUserPing: ping to %s failed: %v", dstIP, err)
return err return err
} }
ns.logf("sendOutboundUserPing: pong from %s in %v", dstIP, d)
p.Timeout = timeout return nil
p.Count = 1
p.SetPrivileged(false)
p.OnSend = func(pkt *probing.Packet) {
ns.logf("sendICMPPingToIP: forwarding ping to %s:", p.Addr())
}
p.OnRecv = func(pkt *probing.Packet) {
ns.logf("sendICMPPingToIP: %d bytes pong from %s: icmp_seq=%d time=%v", pkt.Nbytes, pkt.IPAddr, pkt.Seq, pkt.Rtt)
}
p.OnFinish = func(stats *probing.Statistics) {
ns.logf("sendICMPPingToIP: done, %d replies received", stats.PacketsRecv)
}
return p.Run()
} }