You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Anton Tolchanov 8cc5c51888 health: warn about reverse path filtering and exit nodes ... When reverse path filtering is in strict mode on Linux, using an exit node blocks all network connectivity. This change adds a warning about this to `tailscale status` and the logs. Example in `tailscale status`: ``` - not connected to home DERP region 22 - The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 ``` Example in the logs: ``` 2024/02/21 21:17:07 health("overall"): error: multiple errors: not in map poll The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 ``` Updates #3310 Signed-off-by: Anton Tolchanov <anton@tailscale.com>		2 years ago
..
testdata	ipn/ipnlocal: fix the path for writing cert files (#7203)	3 years ago
breaktcp_darwin.go	cmd/tailscale: add debug commands to break connections	3 years ago
breaktcp_linux.go	cmd/tailscale: add debug commands to break connections	3 years ago
c2n.go	ipn: apply tailnet-wide default for auto-updates (#10508)	2 years ago
c2n_pprof.go	tailcfg: move LogHeapPprof from Debug to c2n [capver 69]	3 years ago
c2n_test.go	util/cmpx: delete now that we're using Go 1.22	2 years ago
cert.go	ipn/ipnlocal: remove ancient transition mechanism for https certs	2 years ago
cert_js.go	ipn/ipnlocal: add c2n method to check on TLS cert fetch status	2 years ago
cert_test.go	all: use Go 1.21 slices, maps instead of x/exp/{slices,maps}	3 years ago
dnsconfig_test.go	util/cmpx: delete now that we're using Go 1.22	2 years ago
expiry.go	ssh/tailssh: use control server time instead of local time	2 years ago
expiry_test.go	types/netmap, all: make NetworkMap.SelfNode a tailcfg.NodeView	3 years ago
local.go	health: warn about reverse path filtering and exit nodes	2 years ago
local_test.go	tailfs: initial implementation	2 years ago
loglines_test.go	tsd: add package with System type to unify subsystem init, discovery	3 years ago
network-lock.go	all: remove LenIter, use Go 1.22 range-over-int instead	2 years ago
network-lock_test.go	ipn/ipnlocal,cmd/tailscale: persist tailnet name in user profile	2 years ago
peerapi.go	ipn/ipnlocal: fix doctor API endpoint (#11155)	2 years ago
peerapi_h2c.go	all: update copyright and license headers	3 years ago
peerapi_macios_ext.go	all: update copyright and license headers	3 years ago
peerapi_test.go	appc,ipn/ipnlocal: add app connector routes if any part of a CNAME chain is routed	2 years ago
profiles.go	util/cmpx: remove code that's in the stdlib now	2 years ago
profiles_notwindows.go	ipn/ipnlocal: fix profile duplication	3 years ago
profiles_test.go	ipn/ipnlocal,cmd/tailscale: persist tailnet name in user profile	2 years ago
profiles_windows.go	ipn/ipnlocal: better enforce system policies	2 years ago
serve.go	all: remove LenIter, use Go 1.22 range-over-int instead	2 years ago
serve_test.go	util/cmpx: delete now that we're using Go 1.22	2 years ago
ssh.go	ipnlocal: log failure to get ssh host keys	2 years ago
ssh_stub.go	ipnlocal: log failure to get ssh host keys	2 years ago
ssh_test.go	ipn/ipnlocal: drop not required StateKey parameter	3 years ago
state_test.go	tailcfg: remove UserProfile.Groups	2 years ago
tailfs.go	tailfs: listen for local clients only on 100.100.100.100	2 years ago
tailfs_test.go	tailfs: initial implementation	2 years ago
web_client.go	all: remove LenIter, use Go 1.22 range-over-int instead	2 years ago
web_client_stub.go	ipn/ipnlocal: add mutex to webClient struct	2 years ago