tailscale

Commit Graph

Author	SHA1	Message	Date
KevinLiang10	a0d059d74c	cmd/tailscale/cli: allow remote target as service destination (#17607 ) This commit enables user to set service backend to remote destinations, that can be a partial URL or a full URL. The commit also prevents user to set remote destinations on linux system when socket mark is not working. For user on any version of mac extension they can't serve a service either. The socket mark usability is determined by a new local api. Fixes tailscale/corp#24783 Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com>	2 weeks ago
Alex Chan	c2e474e729	all: rename variables with lowercase-l/uppercase-I See http://go/no-ell Signed-off-by: Alex Chan <alexc@tailscale.com> Updates #cleanup Change-Id: I8c976b51ce7a60f06315048b1920516129cc1d5d	2 weeks ago
Brad Fitzpatrick	99b06eac49	syncs: add Mutex/RWMutex alias/wrappers for future mutex debugging Updates #17852 Change-Id: I477340fb8e40686870e981ade11cd61597c34a20 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Brad Fitzpatrick	653d0738f9	types/netmap: remove PrivateKey from NetworkMap It's an unnecessary nuisance having it. We go out of our way to redact it in so many places when we don't even need it there anyway. Updates #12639 Change-Id: I5fc72e19e9cf36caeb42cf80ba430873f67167c3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Brad Fitzpatrick	edb11e0e60	wgengine/magicsock: fix js/wasm crash regression loading non-existent portmapper Thanks for the report, @Need-an-AwP! Fixes #17681 Updates #9394 Change-Id: I2e0b722ef9b460bd7e79499192d1a315504ca84c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 month ago
Claus Lensbøl	ab435ce3a6	client/systray: warn users launching the application with sudo (#17595 ) If users start the application with sudo, DBUS is likely not available or will not have the correct endpoints. We want to warn users when doing this. Closes #17593 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	1 month ago
Brad Fitzpatrick	5c1e26b42f	ipn/localapi: dead code eliminate unreachable/useless LocalAPI handlers when disabled Saves ~94 KB from the min build. Updates #12614 Change-Id: I3b0b8a47f80b9fd3b1038c2834b60afa55bf02c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Brad Fitzpatrick	541a4ed5b4	all: use buildfeatures consts in a few more places Saves ~25 KB. Updates #12614 Change-Id: I7b976e57819a0d2692824d779c8cc98033df0d30 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
M. J. Fromberger	127a967207	appc,: publish events for route updates and storage (#17392 ) Add and wire up event publishers for these two event types in the AppConnector. Nothing currently subscribes to them, so this is harmless. Subscribers for these events will be added in a near-future commit. As part of this, move the appc.RouteInfo type to the types/appctype package. It does not contain any package-specific details from appc. Beside it, add appctype.RouteUpdate to carry route update event state, likewise not specific to appc. Update all usage of the appc. types throughout to use appctype.* instead, and update depaware files to reflect these changes. Add a Close method to the AppConnector to make sure the client gets cleaned up when the connector is dropped (we re-create connectors). Update the unit tests in the appc package to also check the events published alongside calls to the RouteAdvertiser. For now the tests still rely on the RouteAdvertiser for correctness; this is OK for now as the two methods are always performed together. In the near future, we need to rework the tests so not require that, but that will require building some more test fixtures that we can handle separately. Updates #15160 Updates #17192 Change-Id: I184670ba2fb920e0d2cb2be7c6816259bca77afe Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	2 months ago
Brad Fitzpatrick	ee034d48fc	feature/featuretags: add a catch-all "Debug" feature flag Saves 168 KB. Updates #12614 Change-Id: Iaab3ae3efc6ddc7da39629ef13e5ec44976952ba Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Brad Fitzpatrick	442a3a779d	feature, net/tshttpproxy: pull out support for using proxies as a feature Saves 139 KB. Also Synology support, which I saw had its own large-ish proxy parsing support on Linux, but support for proxies without Synology proxy support is reasonable, so I pulled that out as its own thing. Updates #12614 Change-Id: I22de285a3def7be77fdcf23e2bec7c83c9655593 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Brad Fitzpatrick	038cdb4640	feature/clientupdate: move clientupdate to a modular feature, disabled for tsnet Updates #12614 Change-Id: I5f685dec84a5396b7c2b66f2788ae3d286e1ddc6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Fran Bull	65d6c80695	cmd/tailscale/cli,client,ipn: add appc-routes cli command Allow the user to access information about routes an app connector has learned, such as how many routes for each domain. Fixes tailscale/corp#32624 Signed-off-by: Fran Bull <fran@tailscale.com>	2 months ago
Nick Khyl	892f8a9582	various: allow tailscaled shutdown via LocalAPI A customer wants to allow their employees to restart tailscaled at will, when access rights and MDM policy allow it, as a way to fully reset client state and re-create the tunnel in case of connectivity issues. On Windows, the main tailscaled process runs as a child of a service process. The service restarts the child when it exits (or crashes) until the service itself is stopped. Regular (non-admin) users can't stop the service, and allowing them to do so isn't ideal, especially in managed or multi-user environments. In this PR, we add a LocalAPI endpoint that instructs ipnserver.Server, and by extension the tailscaled process, to shut down. The service then restarts the child tailscaled. Shutting down tailscaled requires LocalAPI write access and an enabled policy setting. Updates tailscale/corp#32674 Updates tailscale/corp#32675 Signed-off-by: Nick Khyl <nickk@tailscale.com>	2 months ago
Jordan Whited	4657cbdb11	client, cmd/tailscale/cli, feature/relayserver, net/udprelay: implement tailscale debug peer-relay-sessions (#17239 ) Fixes tailscale/corp#30035 Signed-off-by: Dylan Bargatze <dylan@tailscale.com> Signed-off-by: Jordan Whited <jordan@tailscale.com> Co-authored-by: Dylan Bargatze <dylan@tailscale.com>	2 months ago
Will Norris	e582fb9b53	client/web: use network profile for displaying tailnet info Also update to use the new DisplayNameOrDefault. Updates tailscale/corp#30456 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	2 months ago
Will Norris	15b3876c2c	client/systray: use new tailnet display name is profile title Updates tailscale/corp#30456 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	2 months ago
Brad Fitzpatrick	e180fc267b	feature/featuretags, all: add ts_omit_acme to disable TLS cert support I'd started to do this in the earlier ts_omit_server PR but decided to split it into this separate PR. Updates #17128 Change-Id: Ief8823a78d1f7bbb79e64a5cab30a7d0a5d6ff4b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 months ago
Brad Fitzpatrick	99b3f69126	feature/portmapper: make the portmapper & its debugging tools modular Starting at a minimal binary and adding one feature back... tailscaled tailscale combined (linux/amd64) 30073135 17451704 31543692 omitting everything + 480302 + 10258 + 493896 .. add debugportmapper + 475317 + 151943 + 467660 .. add portmapper + 500086 + 162873 + 510511 .. add portmapper+debugportmapper Fixes #17148 Change-Id: I90bd0e9d1bd8cbe64fa2e885e9afef8fb5ee74b1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 months ago
Brad Fitzpatrick	4cca9f7c67	all: add ts_omit_serve, start making tailscale serve/funnel be modular tailscaled tailscale combined (linux/amd64) 29853147 17384418 31412596 omitting everything + 621570 + 219277 + 554256 .. add serve Updates #17128 Change-Id: I87c2c6c3d3fc2dc026c3de8ef7000a813b41d31c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 months ago
Will Norris	082c6a25b0	client/systray: only send clipboard notification on success Fixes #14430 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	3 months ago
Brad Fitzpatrick	3a49b7464c	all: add ts_omit_tailnetlock as a start of making it build-time modular Updates #17115 Change-Id: I6b083c0db4c4d359e49eb129d626b7f128f0a9d2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 months ago
Brad Fitzpatrick	21f21bd2a2	util/syspolicy: finish adding ts_omit_syspolicy build tags, tests Fixes #16998 Updates #12614 Change-Id: Idf2b1657898111df4be31f356091b2376d0d7f0b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 months ago
Brad Fitzpatrick	2b3e533048	util/syspolicy: finish plumbing policyclient, add feature/syspolicy, move global impl This is step 4 of making syspolicy a build-time feature. This adds a policyclient.Get() accessor to return the correct implementation to use: either the real one, or the no-op one. (A third type, a static one for testing, also exists, so in general a policyclient.Client should be plumbed around and not always fetched via policyclient.Get whenever possible, especially if tests need to use alternate syspolicy) Updates #16998 Updates #12614 Change-Id: Iaf19670744a596d5918acfa744f5db4564272978 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 months ago
Claus Lensbøl	fafb514538	client/systray: go back to using upstream library (#16938 ) We had a fix in a local branch, but upstream has merged it now. Updates #1708 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	3 months ago
Will Norris	9d9a70d81d	client/systray: disable 'more settings' menu if backend not running Updates #1708 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	4 months ago
Michael Ben-Ami	3f1851a6d9	types/dnstype, ipn/ipnlocal: allow other DNS resolvers with exit nodes dnstype.Resolver adds a boolean UseWithExitNode that controls whether the resolver should be used in tailscale exit node contexts (not wireguard exit nodes). If UseWithExitNode resolvers are found, they are installed as the global resolvers. If no UseWithExitNode resolvers are found, the exit node resolver continues to be installed as the global resolver. Split DNS Routes referencing UseWithExitNode resolvers are also installed. Updates #8237 Fixes tailscale/corp#30906 Fixes tailscale/corp#30907 Signed-off-by: Michael Ben-Ami <mzb@tailscale.com>	4 months ago
Will Norris	b8c45a6a8f	client/systray: add CLI error output if operator is missing We already show a message in the menu itself, this just adds it to the CLI output as well. Updates #1708 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	4 months ago
Claus Lensbøl	3fe022877a	client/systray: temporarily replace systray module (#16807 ) We are waiting for a PR to be reviewed upstream. https://github.com/fyne-io/systray/pull/100 Updates #1708 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	4 months ago
Claus Lensbøl	89954fbceb	client/systray: add startup script generator for systemd (#16801 ) Updates #1708 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	4 months ago
Will Norris	9f29c428f4	client/systray: allow specifying tailscaled socket Pass a local.Client to systray.Run, so we can use the existing global localClient in the cmd/tailscale CLI. Add socket flag to cmd/systray. Updates #1708 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	4 months ago
dependabot[bot]	e5e4386f33	build(deps): bump @babel/runtime from 7.23.4 to 7.26.10 in /client/web (#15299 ) Bumps [@babel/runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-runtime) from 7.23.4 to 7.26.10. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-runtime) --- updated-dependencies: - dependency-name: "@babel/runtime" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	4 months ago
dependabot[bot]	c962fefa3e	build(deps): bump form-data from 4.0.0 to 4.0.4 in /client/web (#16623 ) Bumps [form-data](https://github.com/form-data/form-data) from 4.0.0 to 4.0.4. - [Release notes](https://github.com/form-data/form-data/releases) - [Changelog](https://github.com/form-data/form-data/blob/master/CHANGELOG.md) - [Commits](https://github.com/form-data/form-data/compare/v4.0.0...v4.0.4) --- updated-dependencies: - dependency-name: form-data dependency-version: 4.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	4 months ago
Claus Lensbøl	d1ceb62e27	client/systray: look for ubuntu gnome Ubuntu gnome has a different name on at least 25.04. Updates #1708 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	5 months ago
Claus Lensbøl	d334d9ba07	client/local,cmd/tailscale/cli,ipn/localapi: expose eventbus graph (#16597 ) Make it possible to dump the eventbus graph as JSON or DOT to both debug and document what is communicated via the bus. Updates #15160 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	5 months ago
Will Norris	f85e4bcb32	client/systray: replace counter metric with gauge Replace the existing systray_start counter metrics with a systray_running gauge metrics. This also adds an IncrementGauge method to local client to parallel IncrementCounter. The LocalAPI handler supports both, we've just never added a client method for gauges. Updates #1708 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	5 months ago
M. J. Fromberger	fe391d5694	client/local: use an iterator to stream bus events (#16269 ) This means the caller does not have to remember to close the reader, and avoids having to duplicate the logic to decode JSON into events. Updates #15160 Change-Id: I20186fabb02f72522f61d5908c4cc80b86b8936b Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	6 months ago
Claus Lensbøl	6010812f0c	ipn/localapi,client/local: add debug watcher for bus events (#16239 ) Updates: #15160 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	6 months ago
Anton Tolchanov	db34cdcfe7	cmd/tailscale/cli: add a risk message about rp_filter We already present a health warning about this, but it is easy to miss on a server when blackholing traffic makes it unreachable. In addition to a health warning, present a risk message when exit node is enabled. Example: ``` $ tailscale up --exit-node=lizard The following issues on your machine will likely make usage of exit nodes impossible: - interface "ens4" has strict reverse-path filtering enabled - interface "tailscale0" has strict reverse-path filtering enabled Please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 To skip this warning, use --accept-risk=linux-strict-rp-filter $ ``` Updates #3310 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	6 months ago
Patrick O'Doherty	a05924a9e5	client/web: add Sec-Fetch-Site CSRF protection (#16046 ) RELNOTE=Fix CSRF errors in the client Web UI Replace gorilla/csrf with a Sec-Fetch-Site based CSRF protection middleware that falls back to comparing the Host & Origin headers if no SFS value is passed by the client. Add an -origin override to the web CLI that allows callers to specify the origin at which the web UI will be available if it is hosted behind a reverse proxy or within another application via CGI. Updates #14872 Updates #15065 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	6 months ago
Olivier Mengué	b1c2860485	client/local: add godoc links Signed-off-by: Olivier Mengué <dolmen@cpan.org>	7 months ago
Olivier Mengué	a3fc5150e3	client/tailscale: add godoc links in Deprecated comments Signed-off-by: Olivier Mengué <dolmen@cpan.org>	8 months ago
Mario Minardi	450bcbcb08	node.rev: bump to latest 22.x LTS release (#15652 ) Bump to latest 22.x LTS release for node as the 18.x line is going EOL this month. Updates https://github.com/tailscale/corp/issues/27737 Signed-off-by: Mario Minardi <mario@tailscale.com>	8 months ago
Esteban-Bermudez	0655dd7b3d	client/local: fix path with delete profile request This fixes a bug in the local client where the DELETE request was not being sent correctly. The route was missing a slash before the url and this now matches the switch profile function. Signed-off-by: Esteban-Bermudez <esteban@bermudezaguirre.com>	8 months ago
Brad Fitzpatrick	c76d075472	nettest, *: add option to run HTTP tests with in-memory network To avoid ephemeral port / TIME_WAIT exhaustion with high --count values, and to eventually detect leaked connections in tests. (Later the memory network will register a Cleanup on the TB to verify that everything's been shut down) Updates tailscale/corp#27636 Change-Id: Id06f1ae750d8719c5a75d871654574a8226d2733 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Will Norris	7b29d39f45	client/systray: add menu item to rebuild the menu This shouldn't be necessary, but while we're continuing to figure out the root cause, this is better than having to restart the app or switch profiles on the command line. Updates #15528 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Will Norris	e8b5f0b3c4	client/systray: use ico image format for windows Add the golang-image-ico package, which is an incredibly small package to handle the ICO container format with PNG inside. Some profile photos look quite pixelated when displayed at this size, but it's better than nothing, and any Windows support is just a bonus anyway. Updates #1708 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
klyubin	3a2c92f08e	web: support Host 100.100.100.100:80 in tailscaled web server This makes the web server running inside tailscaled on 100.100.100.100:80 support requests with `Host: 100.100.100.100:80` and its IPv6 equivalent. Prior to this commit, the web server replied to such requests with a redirect to the node's Tailscale IP:5252. Fixes https://github.com/tailscale/tailscale/issues/14415 Signed-off-by: Alex Klyubin <klyubin@gmail.com>	9 months ago
Anton Tolchanov	74ee749386	client/tailscale: add tailnet lock fields to Device struct These are documented, but have not yet been defined in the client. https://tailscale.com/api#tag/devices/GET/device/{deviceId} Updates tailscale/corp#27050 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	9 months ago
Patrick O'Doherty	f5522e62d1	client/web: fix CSRF handler order in web UI (#15143 ) Fix the order of the CSRF handlers (HTTP plaintext context setting, _then_ enforcement) in the construction of the web UI server. This resolves false-positive "invalid Origin" 403 exceptions when attempting to update settings in the web UI. Add unit test to exercise the CSRF protection failure and success cases for our web UI configuration. Updates #14822 Updates #14872 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	9 months ago

1 2 3 4 5 ...

417 Commits (cmol/resolveconf_trample_trample_back)