tailscale

Commit Graph

Author	SHA1	Message	Date
Percy Wegmann	d16c1293e9	ipn/ipnlocal: remove origin and referer headers from Taildrive requests peerapi does not want these, but rclone includes them. Removing them allows rclone to work with Taildrive configured as a WebDAV remote. Updates #cleanup Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 hours ago
Percy Wegmann	94c0403104	ipn/ipnlocal: strip origin and referer headers from Taildrive requests peerapi does not want these, but rclone includes them. Stripping them out allows rclone to work with Taildrive configured as a WebDAV remote. Updates #cleanup Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 hours ago
Percy Wegmann	787f8c08ec	drive: rewrite Location headers This ensures that MOVE, LOCK and any other verbs that use the Location header work correctly. Fixes #11758 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 hours ago
Claire Wang	c24f2eee34	tailcfg: rename exit node destination network flow log node attribute (#11779 ) Updates tailscale/corp#18625 Signed-off-by: Claire Wang <claire@tailscale.com>	5 hours ago
kari-ts	048cb61dd0	interfaces: create android impl (#11784 ) -Move Android impl into interfaces_android.go -Instead of using ip route to get the interface name, use the one passed in by Android (ip route is restricted in Android 13+ per termux/termux-app#2993) Follow-up will be to do the same for router Fixes tailscale/corp#19215 Fixes tailscale/corp#19124 Signed-off-by: kari-ts <kari@tailscale.com>	5 hours ago
Aaron Klotz	7132b782d4	hostinfo: use Distro field for distinguishing Windows Server builds Some editions of Windows server share the same build number as their client counterpart; we must use an additional field found in the OS version information to distinguish between them. Even though "Distro" has Linux connotations, it is the most appropriate hostinfo field. What is Windows Server if not an alternate distribution of Windows? This PR populates Distro with "Server" when applicable. Fixes #11785 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	5 hours ago
Percy Wegmann	02c6af2a69	cmd/tailscale: clarify Taildrive grants in help text Fixes #cleanup Signed-off-by: Percy Wegmann <percy@tailscale.com>	6 hours ago
Chris Palmer	bdfaef4879	safeweb: allow object-src: self in CSP (#11782 ) This change is safe (self is still safe, by definition), and makes the code match the comment. Updates #cleanup Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	7 hours ago
Andrew Lytvynov	e775de3c63	go.mod: bump golang.org/x/net (#11775 ) One more place to pick up a fix for https://pkg.go.dev/vuln/GO-2024-2687. Updates https://github.com/tailscale/corp/issues/18893 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	9 hours ago
Adrian Dewhurst	c8b0adb382	docs/windows/policy: add missing key expiration warning interval Fixes #11345 Change-Id: Ib53b639690b77d1b7d857304dca2119f197227ce Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	10 hours ago
Brad Fitzpatrick	03d5d1f0f9	wgengine/magicsock: disable portmapper in tunchan-faked tests Most of the magicsock tests fake the network, simulating packets going out and coming in. There's no reason to actually hit your router to do UPnP/NAT-PMP/PCP during in tests. But while debugging thousands of iterations of tests to deflake some things, I saw it slamming my router. This stops that. Updates #11762 Change-Id: I59b9f48f8f5aff1fa16b4935753d786342e87744 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	20 hours ago
Andrew Lytvynov	22bd506129	ipn/ipnlocal: hold the mutex when in onTailnetDefaultAutoUpdate (#11786 ) Turns out, profileManager is not safe for concurrent use and I missed all the locking infrastructure in LocalBackend, oops. I was not able to reproduce the race even with `go test -count 100`, but this seems like an obvious fix. Fixes #11773 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	21 hours ago
Chris Palmer	88a7767492	safeweb: set SameSite=Strict, with an option for Lax (#11781 ) Fixes #11780 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	1 day ago
dependabot[bot]	dd48cad89a	build(deps-dev): bump vite from 5.1.4 to 5.1.7 in /client/web Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.1.4 to 5.1.7. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v5.1.7/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v5.1.7/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>	1 day ago
Andrew Dunham	b85c2b2313	net/dns/resolver: use SystemDial in DoH forwarder This ensures that we close the underlying connection(s) when a major link change happens. If we don't do this, on mobile platforms switching between WiFi and cellular can result in leftover connections in the http.Client's connection pool which are bound to the "wrong" interface. Updates #10821 Updates tailscale/corp#19124 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ibd51ce2efcaf4bd68e14f6fdeded61d4e99f9a01	1 day ago
Paul Scott	82394debb7	cmd/tailscale: add shell tab-completion The approach is lifted from cobra: `tailscale completion bash` emits a bash script for configuring the shell's autocomplete: . <( tailscale completion bash ) so that typing: tailscale st<TAB> invokes: tailscale completion __complete -- st RELNOTE=tailscale CLI now supports shell tab-completion Fixes #3793 Signed-off-by: Paul Scott <paul@tailscale.com>	1 day ago
Brad Fitzpatrick	21a0fe1b9b	ipn/store: omit AWS & Kubernetes support on 'small' Linux GOARCHes This removes AWS and Kubernetes support from Linux binaries by default on GOARCH values where people don't typically run on AWS or use Kubernetes, such as 32-bit mips CPUs. It primarily focuses on optimizing for the static binaries we distribute. But for people building it themselves, they can set ts_kube or ts_aws (the opposite of ts_omit_kube or ts_omit_aws) to force it back on. Makes tailscaled binary ~2.3MB (~7%) smaller. Updates #7272, #10627 etc Change-Id: I42a8775119ce006fa321462cb2d28bc985d1c146 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 day ago
dependabot[bot]	449be38e03	build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#11410 ) * build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * cmd/{derper,stund}: update depaware.txt Signed-off-by: Andrew Lytvynov <awly@tailscale.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Andrew Lytvynov <awly@tailscale.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Lytvynov <awly@tailscale.com>	1 day ago
Irbe Krumina	3ef7f895c8	go.{mod,sum}: bump nftables to the latest commit (#11772 ) Updates#deps Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 day ago
Andrew Dunham	226486eb9a	net/interfaces: handle removed interfaces in State.Equal This wasn't previously handling the case where an interface in s2 was removed and not present in s1, and would cause the Equal method to incorrectly return that the states were equal. Updates tailscale/corp#19124 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I3af22bc631015d1ddd0a1d01bfdf312161b9532d	1 day ago
Paul Scott	454a03a766	cmd/tailscale/cli: prepend "tailscale" to usage errors Updates #11626 Signed-off-by: Paul Scott <paul@tailscale.com>	2 days ago
Paul Scott	d07ede461a	cmd/tailscale/cli: fix "subcommand required" errors when typod Fixes #11672 Signed-off-by: Paul Scott <paul@tailscale.com>	2 days ago
Paul Scott	3ff3445e9d	cmd/tailscale/cli: improve ShortHelp/ShortUsage unit test, fix new errors Updates #11364 Signed-off-by: Paul Scott <paul@tailscale.com>	2 days ago
Paul Scott	eb34b8a173	cmd/tailscale/cli: remove explicit usageFunc - its default Updates #cleanup Signed-off-by: Paul Scott <paul@tailscale.com>	2 days ago
Paul Scott	a50e4e604e	cmd/tailscale/cli: remove duplicate "tailscale " in drive subcmd usage Updates #cleanup Signed-off-by: Paul Scott <paul@tailscale.com>	2 days ago
Paul Scott	62d4be873d	cmd/tailscale/cli: fix drive --help usage identation Updates #cleanup Signed-off-by: Paul Scott <paul@tailscale.com>	2 days ago
Brad Fitzpatrick	7c1d6e35a5	all: use Go 1.22 range-over-int Updates #11058 Change-Id: I35e7ef9b90e83cac04ca93fd964ad00ed5b48430 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 days ago
Brad Fitzpatrick	068db1f972	net/interfaces: delete unused unexported function It should've been deleted in `11ece02f52`. Updates #9040 Change-Id: If8a136bdb6c82804af658c9d2b0a8c63ce02d509 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 days ago
Jonathan Nobels	7e2b4268d6	ipn/{localapi, ipnlocal}: forget the prior exit node when localAPI is used to zero the ExitNodeID (#11681 ) Updates tailscale/corp#18724 When localAPI clients directly set ExitNodeID to "", the expected behaviour is that the prior exit node also gets zero'd - effectively setting the UI state back to 'no exit node was ever selected' The IntenalExitNodePrior has been changed to be a non-opaque type, as it is read by the UI to render the users last selected exit node, and must be concrete. Future-us can either break this, or deprecate it and replace it with something more interesting. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	2 days ago
Brad Fitzpatrick	0fba9e7570	cmd/tailscale/cli: prevent concurrent Start calls in 'up' Seems to deflake tstest/integration tests. I can't reproduce it anymore on one of my VMs that was consistently flaking after a dozen runs before. Now I can run hundreds of times. Updates #11649 Fixes #7036 Change-Id: I2f7d4ae97500d507bdd78af9e92cd1242e8e44b8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 days ago
Irbe Krumina	26f9bbc02b	cmd/k8s-operator,k8s-operator: document tailscale.com Custom Resource Definitions better. (#11665 ) Updates tailscale/tailscale#10880 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 days ago
Adrian Dewhurst	ca5cb41b43	tailcfg: document use of CapMap for peers Updates tailscale/corp#17516 Updates #11508 Change-Id: Iad2dafb38ffb9948bc2f3dfaf9c268f7d772cf56 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 days ago
Brad Fitzpatrick	3c1e2bba5b	ipn/ipnlocal: remove outdated iOS hacky workaround in Start We haven't needed this hack for quite some time Andrea says. Updates #11649 Change-Id: Ie854b7edd0a01e92495669daa466c7c0d57e7438 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 days ago
Brad Fitzpatrick	dd6c76ea24	ipn: remove unused Options.LegacyMigrationPrefs I'm on a mission to simplify LocalBackend.Start and its locking and deflake some tests. I noticed this hasn't been used since March 2023 when it was removed from the Windows client in corp 66be796d33c. So, delete. Updates #11649 Change-Id: I40f2cb75fb3f43baf23558007655f65a8ec5e1b2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 days ago
Brad Fitzpatrick	7ec0dc3834	ipn/ipnlocal: make StartLoginInteractive take (yet unused) context In prep for future fix to undermentioned issue. Updates tailscale/tailscale#7036 Change-Id: Ide114db917dcba43719482ffded6a9a54630d99e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 days ago
Claire Wang	9171b217ba	cmd/tailscale, ipn/ipnlocal: add suggest exit node CLI option (#11407 ) Updates tailscale/corp#17516 Signed-off-by: Claire Wang <claire@tailscale.com>	3 days ago
Charlotte Brandhorst-Satzkorn	449f46c207	wgengine/magicsock: rebind/restun if a syscall.EPERM error is returned (#11711 ) We have seen in macOS client logs that the "operation not permitted", a syscall.EPERM error, is being returned when traffic is attempted to be sent. This may be caused by security software on the client. This change will perform a rebind and restun if we receive a syscall.EPERM error on clients running darwin. Rebinds will only be called if we haven't performed one specifically for an EPERM error in the past 5 seconds. Updates #11710 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	3 days ago
Will Norris	14c8b674ea	Revert "licenses: add gliderlabs/ssh license" The gliderlabs/ssh license is actually already included in the standard package listing. I'm not sure why I thought it wasn't. Updates tailscale/corp#5780 This reverts commit `11dca08e93`. Signed-off-by: Will Norris <will@tailscale.com>	3 days ago
Brad Fitzpatrick	952e06aa46	wgengine/router: don't attempt route cleanup on Synology Trying to run iptables/nftables on Synology pauses for minutes with lots of errors and ultimately does nothing as it's not used and we lack permissions. This fixes a regression from `db760d0bac` (#11601) that landed between Synology testing on unstable 1.63.110 and 1.64.0 being cut. Fixes #11737 Change-Id: Iaf9563363b8e45319a9b6fe94c8d5ffaecc9ccef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 days ago
Irbe Krumina	38fb23f120	cmd/k8s-operator,k8s-operator: allow users to configure proxy env vars via ProxyClass (#11743 ) Adds new ProxyClass.spec.statefulSet.pod.{tailscaleContainer,tailscaleInitContainer}.Env field that allow users to provide key, value pairs that will be set as env vars for the respective containers. Allow overriding all containerboot env vars, but warn that this is not supported and might break (in docs + a warning when validating ProxyClass). Updates tailscale/tailscale#10709 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	3 days ago
Brad Fitzpatrick	9258bcc360	Makefile: fix default SYNO_ARCH in Makefile It was broken with the move to dist in `32e0ba5e68` which doesn't accept amd64 anymore. Updates #cleanup Change-Id: Iaaaba2d73c6a09a226934fe8e5c18b16731ee7a6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 days ago
Brad Fitzpatrick	b9aa7421d6	ipn/ipnlocal: remove some dead code (legacyBackend methods) from LocalBackend Nothing used it. Updates #11649 Change-Id: Ic1c331d947974cd7d4738ff3aafe9c498853689e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 days ago
Brad Fitzpatrick	a6739c49df	paths: set default state path on AIX Updates #11361 Change-Id: I196727a540be6b7c75303f9958490b1d76189fd6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 days ago
Brad Fitzpatrick	271cfdb3d3	util/syspolicy: clean up doc grammar and consistency Updates #cleanup Change-Id: I912574cbd5ef4d8b7417b8b2a9b9a2ccfef88840 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 days ago
Brad Fitzpatrick	bad3159b62	ipn/ipnlocal: delete useless SetControlClientGetterForTesting use Updates #11649 Change-Id: I56c069b9c97bd3e30ff87ec6655ec57e1698427c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 days ago
Brad Fitzpatrick	8186cd0349	ipn/ipnlocal: delete redundant TestStatusWithoutPeers We have tstest/integration nowadays. And this test was one of the lone holdouts using the to-be-nuked SetControlClientGetterForTesting. Updates #11649 Change-Id: Icf8a6a2e9b8ae1ac534754afa898c00dc0b7623b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 days ago
Brad Fitzpatrick	68043a17c2	ipn/ipnlocal: centralize assignments to cc + ccAuto in new method cc vs ccAuto is a mess. It needs to go. But this is a baby step towards getting there. Updates #11649 Change-Id: I34f33934844e580bd823a7d8f2b945cf26c87b3b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 days ago
Brad Fitzpatrick	970b1e21d0	ipn/ipnlocal: inline assertClientLocked into its now sole caller Updates #11649 Change-Id: I8e2a5e59125a0cad5c0a8c9ed8930585f1735d03 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 days ago
Brad Fitzpatrick	170c618483	ipn/ipnlocal: remove dead code now that Android uses LocalAPI instead The new Android app and its libtailscale don't use this anymore; it uses LocalAPI like other clients now. Updates #11649 Change-Id: Ic9f42b41e0e0280b82294329093dc6c275f41d50 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 days ago
Flakes Updater	65f215115f	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	5 days ago

1 2 3 4 5 ...

7439 Commits (main) All Branches Search

7439 Commits (main)

All Branches