326 Commits (main)

Author	SHA1	Message	Date
Sonia Appasamy	c27870e160	client/web: refactor authorizeRequest ... Moves request authorization back into Server.serve to be run at the start of any request. Fixes Synology unstable track bug where client would get stuck unable to auth due to not rendering the Synology redirect auth html on index.html load. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Brad Fitzpatrick	18bd98d35b	cmd/tailscaled,*: add start of configuration file support ... Updates #1412 Co-authored-by: Maisem Ali <maisem@tailscale.com> Change-Id: I38d559c1784d09fc804f521986c9b4b548718f7d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Naman Sood	7783a960e8	client/web: add metric for exit node advertising (#9781) ... * client/web: add metric for exit node advertising Updates tailscale/corp#15215 Signed-off-by: Naman Sood <mail@nsood.in> * client/web: use http request's context for IncrementCounter Updates #cleanup Signed-off-by: Naman Sood <mail@nsood.in> --------- Signed-off-by: Naman Sood <mail@nsood.in>	8 months ago
Sonia Appasamy	7a0de2997e	client/web: remove unused context param from NewServer ... Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	3befc0ef02	client/web: restrict full management client behind browser sessions ... Adds `getTailscaleBrowserSession` to pull the user's session out of api requests, and `serveTailscaleAuth` to provide the "/api/auth" endpoint for browser to request auth status and new sessions. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	b29047bcf0	client/web: add browser session cache to web.Server ... Adds browser session cache, to be used to store sessions for the full management web client. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	5429ee2566	client/web: add debug mode for web client ui updates ... UI updates staged behind debug mode flags. Initial new views added in app.tsx, rendered based on the current debug setting. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	5d62b17cc5	client/web: add login client mode to web.Server ... Adds new LoginOnly server option and swaps out API handler depending on whether running in login mode or full web client mode. Also includes some minor refactoring to the synology/qnap authorization logic to allow for easier sharing between serveLoginAPI and serveAPI. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	697f92f4a7	client/web: refactor serveGetNodeData ... Remove the "JSON" ending, we no longer have a non-JSON version, it was removed in d74c771 when we switched from the legacy web client to React. Also combine getNodeData into serveGetNodeData now that serveGetNodeData is the single caller of getNodeData. A #cleanup Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	652f77d236	client/web: switch to using prebuilt web client assets ... Updates tailscale/corp#13775 Co-authored-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Marwan Sulaiman	3421784e37	cmd/tailscale/cli: use optimistic concurrency control on SetServeConfig ... This PR uses the etag/if-match pattern to ensure multiple calls to SetServeConfig are synchronized. It currently errors out and asks the user to retry but we can add occ retries as a follow up. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Brad Fitzpatrick	7c1ed38ab3	ipn/ipnlocal: fix missing controlknobs.Knobs plumbing ... I missed connecting some controlknobs.Knobs pieces in 4e91cf20a8 resulting in that breaking control knobs entirely. Whoops. The fix in ipn/ipnlocal (where it makes a new controlclient) but to atone, I also added integration tests. Those integration tests use a new "tailscale debug control-knobs" which by itself might be useful for future debugging. Updates #9351 Change-Id: Id9c89c8637746d879d5da67b9ac4e0d2367a3f0d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Sonia Appasamy	1eadb2b608	client/web: clean up assets handling ... A #cleanup that moves all frontend asset handling into assets.go (formerly dev.go), and stores a single assetsHandler field back to web.Server that manages when to serve the dev vite proxy versus static files itself. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Marwan Sulaiman	50990f8931	ipn, ipn/ipnlocal: add Foreground field for ServeConfig ... This PR adds a new field to the serve config that can be used to identify which serves are in "foreground mode" and then can also be used to ensure they do not get persisted to disk so that if Tailscaled gets ungracefully shutdown, the reloaded ServeConfig will not have those ports opened. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Craig Rodrigues	8683ce78c2	client/web, clientupdate, util/linuxfw, wgengine/magicsock: Use %v verb for errors ... Replace %w verb with %v verb when logging errors. Use %w only for wrapping errors with fmt.Errorf() Fixes: #9213 Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org>	9 months ago
Will Norris	9a3bc9049c	client/web,cmd/tailscale: add prefix flag for web command ... We already had a path on the web client server struct, but hadn't plumbed it through to the CLI. Add that now and use it for Synology and QNAP instead of hard-coding the path. (Adding flag for QNAP is tailscale/tailscale-qpkg#112) This will allow supporting other environments (like unraid) without additional changes to the client/web package. Also fix a small bug in unraid handling to only include the csrf token on POST requests. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Will Norris	37eab31f68	client/web: simply csrf key caching in cgi mode ... Instead of trying to use the user config dir, and then fail back to the OS temp dir, just always use the temp dir. Also use a filename that is less likely to cause collisions. This addresses an issue on a test synology instance that was mysteriously failing because there was a file at /tmp/tailscale. We could still technically run into this issue if a /tmp/tailscale-web-csrf.key file exists, but that seems far less likely. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Maisem Ali	b90b9b4653	client/web: fix data race ... Fixes #9150 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Sonia Appasamy	e952564b59	client/web: pipe unraid csrf token through apiFetch ... Ensures that we're sending back the csrf token for all requests made back to unraid clients. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Sonia Appasamy	1cd03bc0a1	client/web: remove self node on server ... This is unused. Can be added back if needed in the future. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Sonia Appasamy	da6eb076aa	client/web: add localapi proxy ... Adds proxy to the localapi from /api/local/ web client endpoint. The localapi proxy is restricted to an allowlist of those actually used by the web client frontend. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Sonia Appasamy	7aea219a0f	client/web: pull SynoToken logic into apiFetch ... Updates tailscale/corp#13775	9 months ago
Will Norris	d74c771fda	client/web: always use new web client; remove old client ... This uses the new react-based web client for all builds, not just with the --dev flag. If the web client assets have not been built, the client will serve a message that Tailscale was built without the web client, and link to build instructions. Because we will include the web client in all of our builds, this should only be seen by developers or users building from source. (And eventually this will be replaced by attempting to download needed assets as runtime.) We do now checkin the build/index.html file, which serves the error message when assets are unavailable. This will also eventually be used to trigger in CI when new assets should be built and uploaded to a well-known location. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Will Norris	be5bd1e619	client/web: skip authorization checks for static assets ... Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Andrew Dunham	c86a610eb3	cmd/tailscale, net/portmapper: add --log-http option to "debug portmap" ... This option allows logging the raw HTTP requests and responses that the portmapper Client makes when using UPnP. This can be extremely helpful when debugging strange UPnP issues with users' devices, and might allow us to avoid having to instruct users to perform a packet capture. Updates #8992 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I2c3cf6930b09717028deaff31738484cc9b008e4	9 months ago
Sonia Appasamy	4828e4c2db	client/web: move api handler into web.go ... Also uses `http.HandlerFunc` to pass the handler into `csrfProtect` so we can get rid of the extraneous `api` struct. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Sonia Appasamy	f3077c6ab5	client/web: add self node cache ... Adds a cached self node to the web client Server struct, which will be used from the web client api to verify that request came from the node's own machine (i.e. came from the web client frontend). We'll be using when we switch the web client api over to acting as a proxy to the localapi, to protect against DNS rebinding attacks. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Will Norris	dc8287ab3b	client/web: enforce full path for CGI platforms ... Synology and QNAP both run the web client as a CGI script. The old web client didn't care too much about requests paths, since there was only a single GET and POST handler. The new client serves assets on different paths, so now we need to care. First, enforce that the CGI script is always accessed from its full path, including a trailing slash (e.g. /cgi-bin/tailscale/index.cgi/). Then, strip that prefix off before passing the request along to the main serve handler. This allows for properly serving both static files and the API handler in a CGI environment. Also add a CGIPath option to allow other CGI environments to specify a custom path. Finally, update vite and one "api/data" call to no longer assume that we are always serving at the root path of "/". Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Will Norris	0c3d343ea3	client/web: invert auth logic for synology and qnap ... Add separate server methods for synology and qnap, and enforce authentication and authorization checks before calling into the actual serving handlers. This allows us to remove all of the auth logic from those handlers, since all requests will already be authenticated by that point. Also simplify the Synology token redirect handler by using fetch. Remove the SynologyUser from nodeData, since it was never used in the frontend anyway. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Will Norris	05486f0f8e	client/web: move synology and qnap logic into separate files ... This commit doesn't change any of the logic, but just organizes the code a little to prepare for future changes. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Sonia Appasamy	349c05d38d	client/web: refresh on tab focus ... Refresh node data when user switches to the web client browser tab. This helps clean up the auth flow where they're sent to another tab to authenticate then return to the original tab, where the data should be refreshed to pick up the login updates. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Will Norris	824cd02d6d	client/web: cache csrf key when running in CGI mode ... Indicate to the web client when it is running in CGI mode, and if it is then cache the csrf key between requests. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Will Norris	9ea3942b1a	client/web: don't require secure cookies for csrf ... Under normal circumstances, you would typically want to keep the default behavior of requiring secure cookies. In the case of the Tailscale web client, we are regularly serving on localhost (where secure cookies don't really matter), and/or we are behind a reverse proxy running on a network appliance like a NAS or Home Assistant. In those cases, those devices are regularly accessed over local IP addresses without https configured, so would not work with secure cookies. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Sonia Appasamy	776f9b5875	client/web: open auth URLs in new browser tab ... Open control server auth URLs in new browser tabs on web clients so users don't loose original client URL when redirected for login. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Will Norris	cf45d6a275	client/web: remove old /redirect handler ... I thought this had something to do with Synology or QNAP support, since they both have specific authentication logic. But it turns out this was part of the original web client added in #1621, and then refactored as part of #2093. But with how we handle logging in now, it's never called. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Will Norris	5ebff95a4c	client/web: fix globbing for file embedding ... src/**/* was only grabbing files in subdirectories, but not in the src directory itself. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Will Norris	0df5507c81	client/web: combine embeds into a single embed.FS ... instead of embedding each file individually, embed them all into a single embed filesystem. This is basically a noop for the current frontend, but sets things up a little cleaner for the new frontend. Also added an embed.FS for the source files needed to build the new frontend. These files are not actually embedded into the binary (since it is a blank identifier), but causes `go mod vendor` to copy them into the vendor directory. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Sonia Appasamy	09e5e68297	client/web: track web client initializations ... Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Sonia Appasamy	50b558de74	client/web: hook up remaining legacy POST requests ... Hooks up remaining legacy POST request from the React side in --dev. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Marwan Sulaiman	35ff5bf5a6	cmd/tailscale/cli, ipn/ipnlocal: [funnel] add stream mode ... Adds ability to start Funnel in the foreground and stream incoming connections. When foreground process is stopped, Funnel is turned back off for the port. Exampe usage: ``` TAILSCALE_FUNNEL_V2=on tailscale funnel 8080 ``` Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Sonia Appasamy	077bbb8403	client/web: add csrf protection to web client api ... Adds csrf protection and hooks up an initial POST request from the React web client. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Brad Fitzpatrick	b090d61c0f	tailcfg: rename prototype field to reflect its status ... (Added earlier today in #8916, 57da1f150) Updates tailscale/corp#13969 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Richard Castro	57da1f1501	client: update DNSConfig type (#8916) ... This PR adds DNSFilterURL to the DNSConfig type to be used by control changes to add DNS filtering logic Fixes #cleanup Signed-off-by: Richard Castro <richard@tailscale.com>	10 months ago
Sonia Appasamy	18280ebf7d	client/web: hook up data fetching to fill --dev React UI ... Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Will Norris	9c4364e0b7	client/web: copy existing UI to basic react components ... This copies the existing go template frontend into very crude react components that will be driven by a simple JSON api for fetching and updating data. For now, this returns a static set of test data. This just implements the simple existing UI, so I've put these all in a "legacy" component, with the expectation that we will rebuild this with more properly defined components, some pulled from corp. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	10 months ago
Will Norris	ddba4824c4	client/web: add prettier and format scripts ... Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	10 months ago
Sonia Appasamy	0052830c64	cli/serve: funnel interactive enablement flow tweaks ... 1. Add metrics to funnel flow. 2. Stop blocking users from turning off funnels when no longer in their node capabilities. 3. Rename LocalClient.IncrementMetric to IncrementCounter to better callout its usage is only for counter clientmetrics. Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Sonia Appasamy	8e63d75018	client/tailscale: add LocalClient.IncrementMetric func ... A #cleanup to add a func to utilize the already-present "/localapi/v0/upload-client-metrics" localapi endpoint. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Sonia Appasamy	12238dab48	client/web: add tailwind styling to react app ... Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Sonia Appasamy	d5ac18d2c4	client/web: add tsconfig.json ... Also allows us to use absolute import paths (see change in index.tsx). Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Sonia Appasamy	3f12b9c8b2	client/web: pipe through to React in dev mode ... Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Sonia Appasamy	16bc9350e3	client/web: add barebones vite dev setup ... Currently just serving a "Hello world" page when running the web cli in --dev mode. Updates tailscale/corp#13775 Co-authored-by: Will Norris <will@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Will Norris	6ee85ba412	client/web: fix rendering of node owner profile ... Fixes #8837 Signed-off-by: Will Norris <will@tailscale.com>	10 months ago
Sonia Appasamy	2bc98abbd9	client/web: add web client Server struct ... Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Sonia Appasamy	7815fbe17a	tailscale/cli: add interactive flow for enabling Funnel ... Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Will Norris	f9066ac1f4	client/web: extract web client from cli package ... move the tailscale web client out of the cmd/tailscale/cli package, into a new client/web package. The remaining cli/web.go file is still responsible for parsing CLI flags and such, and then calls into client/web. This will allow the web client to be hooked into from other contexts (for example, from a tsnet server), and provide a dedicated space to add more functionality to this client. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	10 months ago
Brad Fitzpatrick	66f27c4beb	all: require Go 1.21 ... Updates #8419 Change-Id: I809b6a4d59d92a2ab6ec587ccbb9053376bf02c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
salman aljammaz	25a7204bb4	wgengine,ipn,cmd/tailscale: add size option to ping (#8739) ... This adds the capability to pad disco ping message payloads to reach a specified size. It also plumbs it through to the tailscale ping -size flag. Disco pings used for actual endpoint discovery do not use this yet. Updates #311. Signed-off-by: salman <salman@tailscale.com> Co-authored-by: Val <valerie@tailscale.com>	10 months ago
Sonia Appasamy	301e59f398	tailcfg,ipn/localapi,client/tailscale: add QueryFeature endpoint ... Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Tom DNetto	767e839db5	all: implement lock revoke-keys command ... The revoke-keys command allows nodes with tailnet lock keys to collaborate to erase the use of a compromised key, and remove trust in it. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates ENG-1848	10 months ago
David Anderson	ed46442cb1	client/tailscale/apitype: document never-nil property of WhoIsResponse ... Every time I use WhoIsResponse I end up writing mildly irritating nil-checking for both Node and UserProfile, but it turns out our code guarantees that both are non-nil in successful whois responses. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
Maisem Ali	1ecc16da5f	tailcfg,ipn/ipnlocal,wgengine: add values to PeerCapabilities ... Define PeerCapabilty and PeerCapMap as the new way of sending down inter-peer capability information. Previously, this was unstructured and you could only send down strings which got too limiting for certain usecases. Instead add the ability to send down raw JSON messages that are opaque to Tailscale but provide the applications to define them however they wish. Also update accessors to use the new values. Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Jenny Zhang	6b56e92acc	client/tailscale: add warnings slice to ACLTestFailureSummary ... Updates #8645 Signed-off-by: Jenny Zhang <jz@tailscale.com>	11 months ago
Aaron Klotz	fd8c8a3700	client/tailscale: add API for verifying network lock signing deeplink ... Fixes #8539 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	11 months ago
Anton Tolchanov	6a156f6243	client/tailscale: support deauthorizing a device ... This adds a new `SetAuthorized` method that allows setting device authorization to true or false. I chose the method name to be consistent with SetTags. Updates https://github.com/tailscale/corp/issues/10160 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Brad Fitzpatrick	4664318be2	client/tailscale: revert CreateKey API change, add Client.CreateKeyWithExpiry ... The client/tailscale is a stable-ish API we try not to break. Revert the Client.CreateKey method as it was and add a new CreateKeyWithExpiry method to do the new thing. And document the expiry field and enforce that the time.Duration can't be between in range greater than 0 and less than a second. Updates #7143 Updates #8124 (reverts it, effectively) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Matt Brown	9b6e48658f	client: allow the expiry time to be specified for new keys ... Adds a parameter for create key that allows a number of seconds (less than 90) to be specified for new keys. Fixes https://github.com/tailscale/tailscale/issues/7965 Signed-off-by: Matthew Brown <matthew@bargrove.com>	1 year ago
Andrew Dunham	280255acae	various: add golangci-lint, fix issues (#7905) ... This adds an initial and intentionally minimal configuration for golang-ci, fixes the issues reported, and adds a GitHub Action to check new pull requests against this linter configuration. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8f38fbc315836a19a094d0d3e986758b9313f163	1 year ago
Brad Fitzpatrick	9e50da321b	client/tailscale: dial LocalAPI at 127.0.0.1 on macOS ... Updates #7851 Change-Id: Ib53cf53cdfee277ef42f7833352bc51ecb5db959 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Tom DNetto	483109b8fc	client/tailscale: Fix NPE caused by erroneous close in error case ... Fixes https://github.com/tailscale/tailscale/issues/7572 When handling an error during `StreamDebugCapture`, the response body is closed, even though the response struct is always nil. Thanks to https://github.com/darkrain42 for debugging this!! Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Maisem Ali	5e8a80b845	all: replace /kb/ links with /s/ equivalents ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Tom DNetto	ce99474317	all: implement preauth-key support with tailnet lock ... Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Tom DNetto	e2d652ec4d	ipn,cmd/tailscale: implement resigning nodes on tka key removal ... Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Andrew Dunham	3f8e8b04fd	cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI ... The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it to the 'tailscale debug' CLI that is available on all platforms instead, accessed over LocalAPI. Updates #7377 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I47bffe4461e036fab577c2e51e173f4003592ff7	1 year ago
Nicolas BERNARD	3db894b78c	client/tailscale: add tags field to Device struct ... Fixes #7302 Signed-off-by: Nicolas BERNARD <nikkau@nikkau.net>	1 year ago
Tom DNetto	99b9d7a621	all: implement pcap streaming for datapath debugging ... Updates: tailscale/corp#8470 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
David Crawshaw	8cf2805cca	tailcfg, localapi: plumb device token to server ... Updates tailscale/corp#8940 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	1 year ago
Brad Fitzpatrick	b1248442c3	all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork ... Updates #7123 Updates #5309 Change-Id: I90bcd87a2fb85a91834a0dd4be6e03db08438672 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Will Norris	71029cea2d	all: update copyright and license headers ... This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Brad Fitzpatrick	a1b4ab34e6	util/httpm: add new package for prettier HTTP method constants ... See package doc. Change-Id: Ibbfc8e1f98294217c56f3a9452bd93ffa3103572 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Harry Bowron	c1daa42c24	client/tailscale/keys: fix client.Keys unmarshalling ... Signed-off-by: Author Name hbowron@gmail.com Signed-off-by: Harry Bowron <harry@bolt.com> Fixes #7020	1 year ago
Brad Fitzpatrick	c8db70fd73	cmd/tailscale/cli: add debug set-expire command for testing ... Updates tailscale/corp#8811 Updates tailscale/corp#8613 Change-Id: I1c87806ca3ccc5c43e7ddbd6b4d521f73f7d29f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	6edf357b96	all: start groundwork for using capver for localapi & peerapi ... Updates #7015 Change-Id: I3d4c11b42a727a62eaac3262a879f29bb4ce82dd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	b657187a69	cmd/tailscale, logtail: add 'tailscale debug daemon-logs' logtail mechanism ... Fixes #6836 Change-Id: Ia6eb39ff8972e1aa149aeeb63844a97497c2cf04 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	c0fcab01ac	client/tailscale: fix request object for key creation. ... The request takes key capabilities as an argument, but wrapped in a parent object. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Dave Anderson	041a0e3c27	client/tailscale: add APIs for auth key management. (#6715) ... client/tailscale: add APIs for key management. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Jordan Whited	ea5ee6f87c	all: update golang.zx2c4.com/wireguard to github.com/tailscale/wireguard-go (#6692) ... This is temporary while we work to upstream performance work in https://github.com/WireGuard/wireguard-go/pull/64. A replace directive is less ideal as it breaks dependent code without duplication of the directive. Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Tom DNetto	55e0512a05	ipn/ipnlocal,cmd/tailscale: minor improvements to lock modify command ... * Do not print the status at the end of a successful operation * Ensure the key of the current node is actually trusted to make these changes Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	45042a76cd	cmd/tailscale,ipn: store disallowed TKA's in prefs, lock local-disable ... Take 2 of https://github.com/tailscale/tailscale/pull/6546 Builds on https://github.com/tailscale/tailscale/pull/6560 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	390d1bb871	Revert "ipn,types/persist: store disallowed TKA's in prefs, lock local-disable" ... This reverts commit f1130421f0. It was submitted with failing tests (go generate checks) Requires a lot of API changes to fix so rolling back instead of forward. Change-Id: I024e8885c0ed44675d3028a662f386dda811f2ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	f1130421f0	ipn,types/persist: store disallowed TKA's in prefs, lock local-disable ... Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	0cb2ccce7f	safesocket: remove the IPN protocol support ... Updates #6417 Change-Id: I78908633de842d83b2cc8b10a864a0f88ab1b113 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	5c8d2fa695	cmd/tailscale,ipn: improve UX of lock init command, cosmetic changes ... Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	5676d201d6	ipn: add a WatchIPNBus option bit to subscribe to EngineStatus changes ... So GUI clients don't need to poll for it. We still poll internally (for now!) but that's still cheaper. And will get much cheaper later, without having to modify clients once they start sending this bit. Change-Id: I36647b701c8d1fe197677e5eb76f6894e8ff79f7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	109aa3b2fb	cmd/tailscale: add start of "debug derp" subcommand ... Updates #6526 Change-Id: I84e440a8bd837c383000ce0cec4ff36b24249e8b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	300aba61a6	ipn, cmd/tailscale/cli: add LocalAPI IPN bus watch, Start, convert CLI ... Updates #6417 Updates tailscale/corp#8051 Change-Id: I1ca360730c45ffaa0261d8422877304277fc5625 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	6708f9a93f	cmd/tailscale,ipn: implement lock log command ... This commit implements `tailscale lock log [--limit N]`, which displays an ordered list of changes to network-lock state in a manner familiar to `git log`. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	0f7da5c7dc	ipn{,/ipnlocal}, client/tailscale: move Taildrop recv notifications to LocalAPI HTTP method ... Updates #6417 Change-Id: Iec544c477a0e5e9f1c6bf23555afec06255e2e22 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	f3519f7b29	cmd/tailscale/cli: add login and switch subcommands ... Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	1f4669a380	all: standardize on LocalAPI ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	22238d897b	all: standardize on PeerAPI ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	976e88d430	client/tailscale/apitype: add LocalAPIHost const, use it ... Removes duplication. Updates tailcale/corp#7948 Change-Id: I564c912ecfde31ba2293124bb1316e433c2a10f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	3271daf7a3	cmd/tailscale,ipn: support disablement args in lock cli, implement disable ... * Support specifiying disablement values in lock init command * Support specifying rotation key in lock sign command * Implement lock disable command * Implement disablement-kdf command Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	329a0a8406	client/tailscale: remove some json.Unmarshal repetition, add helper ... Change-Id: I73ece09895ad04c7d8c4a5673f9bd360be873b9f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	f4a522fd67	client/tailscale: make a helper for json.Marshal'ed request bodies ... Change-Id: I59eb1643addf8793856089690407fb45053c8e4d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	69e4b8a359	client/tailscale: document ServeConfig accessors a bit more ... Updates tailscale/corp#7515 Change-Id: Iecae581e4b34ce70b2df531bc95c6c390a398c38 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
shayne	e3a66e4d2f	ipn/localapi: introduce get/set config for serve (#6243) ... Updates tailscale/corp#7515 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	2 years ago
Mihai Parparita	7a07bc654b	ipn/localapi: rename /profile to /pprof ... Avoids name collision with profiles for user switching. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Brad Fitzpatrick	5bb7e0307c	cmd/tailscale, ipn/ipnlocal: add debug command to write to StateStore for dev ... Not for end users (unless directed by support). Mostly for ease of development for some upcoming webserver work. Change-Id: I43acfed217514567acb3312367b24d620e739f88 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	da8def8e13	all: remove old +build tags ... The //go:build syntax was introduced in Go 1.17: https://go.dev/doc/go1.17#build-lines gofmt has kept the +build and go:build lines in sync since then, but enough time has passed. Time to remove them. Done with: perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build') Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	0af57fce4c	cmd/tailscale,ipn: implement lock sign command ... Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	910db02652	client/tailscale, tsnet, ipn/ipnlocal: prove nodekey ownership over noise ... Fixes #5972 Change-Id: Ic33a93d3613ac5dbf172d6a8a459ca06a7f9e547 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	d98305c537	cmd,ipn/ipnlocal,tailcfg: implement TKA disablement ... * Plumb disablement values through some of the internals of TKA enablement. * Transmit the node's TKA hash at the end of sync so the control plane understands each node's head. * Implement /machine/tka/disable RPC to actuate disablement on the control plane. There is a partner PR for the control server I'll send shortly. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	ea24895e08	client/tailscale/apitype, tailcfg: delete never used mysterious PerDomain field ... It does nothing and never did and I don't think anybody remembers what the original goal for it was. Updates #5229 (fixes, but need to clean it up in another repo too) Change-Id: I81cc6ff44d6d2888bc43e9145437f4c407907ea6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	630bcb5b67	tsnet,client/tailscale: add APIClient which runs API over Noise. ... Updates tailscale/corp#4383 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Andrew Dunham	c32f9f5865	cmd/tailscale, ipn: enable debug logs when --report flag is passed to bugreport (#5830) ... Change-Id: Id22e9f4a2dcf35cecb9cd19dd844389e38c922ec Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Brad Fitzpatrick	1841d0bf98	wgengine/magicsock: make debug-level stuff not logged by default ... And add a CLI/localapi and c2n mechanism to enable it for a fixed amount of time. Updates #1548 Change-Id: I71674aaf959a9c6761ff33bbf4a417ffd42195a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Josh Soref	d4811f11a0	all: fix spelling mistakes ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2 years ago
Adrian Dewhurst	c581ce7b00	cmd/tailscale, client, ipn, tailcfg: add network lock modify command ... Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Andrew Dunham	b1867457a6	doctor: add package for running in-depth healthchecks; use in bugreport (#5413) ... Change-Id: Iaa4e5b021a545447f319cfe8b3da2bd3e5e5782b Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Eng Zer Jun	f0347e841f	refactor: move from io/ioutil to io and os packages ... The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Reference: https://golang.org/doc/go1.16#ioutil Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2 years ago
Tom DNetto	facafd8819	client,cmd/tailscale,ipn,tka,types: implement tka initialization flow ... This PR implements the client-side of initializing network-lock with the Coordination server. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	e1309e1323	all: require Go 1.19 ... Updates #5210 Change-Id: I2e950b4776636b4ea89b6566b60e4a87596a3a43 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	a12aad6b47	all: convert more code to use net/netip directly ... perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.) perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. ) goimports -w . Then delete some stuff from the net/netaddr shim package which is no longer neeed. Updates #5162 Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6a396731eb	all: use various net/netip parse funcs directly ... Mechanical change with perl+goimports. Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then goimports -d . Finally, removed the net/netaddr wrappers, to prevent future use. Updates #5162 Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	7eaf5e509f	net/netaddr: start migrating to net/netip via new netaddr adapter package ... Updates #5162 Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	2d65c1a950	client/tailscale: update ACLRow and ACLTest with new ACL fields ... Signed-off-by: Maisem Ali <maisem@tailscale.com> Co-authored-by: Will Norris <will@tailscale.com>	2 years ago
Brad Fitzpatrick	c4f06ef7be	client/tailscale: fix ExpandSNIName on non-default LocalClient ... It was using a mix. Found by @maisem. Change-Id: Ieb79d78608474ac13c2f44e0f3d8997a5665eb13 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	3e1f2d01f7	ipn/ipnlocal: move Ping method from IPN bus to LocalBackend (HTTP) ... Change-Id: I61759f1dae8d9d446353db54c8b1e13bfffb3287 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	66f9292835	client/tailscale: update Client API a bit ... Change-Id: I81aa29a8b042a247eac1941038f5d90259569941 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	a54671529b	client/tailscale: move API client for the control admin API ... This was work done Nov-Dec 2020 by @c22wen and @chungdaniel. This is just moving it to another repo. Co-Authored-By: Christina Wen <37028905+c22wen@users.noreply.github.com> Co-Authored-By: Christina Wen <christina@tailscale.com> Co-Authored-By: Daniel Chung <chungdaniel@users.noreply.github.com> Co-Authored-By: Daniel Chung <daniel@tailscale.com> Change-Id: I6da3b05b972b54771f796b5be82de5aa463635ca Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	e3619b890c	client/tailscale: rename tailscale.go -> localclient.go ... In prep for other stuff. Change-Id: I82c24946d062d668cab48ca6749776b6ae7025ac Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	87ba528ae0	client/tailscale: move/copy all package funcs to new LocalClient type ... Remove all global variables, and clean up tsnet and cmd/tailscale's usage. This is in prep for using this package for the web API too (it has the best package name). RELNOTE=tailscale.com/client/tailscale package refactored w/ LocalClient type Change-Id: Iba9f162fff0c520a09d1d4bd8862f5c5acc9d7cd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	3601b43530	ipn: add IPCVersion override func ... I've done this a handful of times in the past and again today. Time to make it a supported thing for the future. Used while debugging tailscale/corp#4559 (macsys CLI issues) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	8f5e5bff1e	cmd/tailscale, etc: make "tailscale up --ssh" fail fast when unavailable ... Fail on unsupported platforms (must be Linux or macOS tailscaled with WIP env) or when disabled by admin (with TS_DISABLE_SSH_SERVER=1) Updates #3802 Change-Id: I5ba191ed0d8ba4ddabe9b8fc1c6a0ead8754b286 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	16f3520089	all: add arbitrary capability support ... Updates #4217 RELNOTE=start of WhoIsResponse capability support Change-Id: I6522998a911fe49e2f003077dad6164c017eed9b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	c87ed52ad4	cmd/tailscale: add id-token subcommand ... RELNOTE=Initial support for getting OIDC ID Tokens Updates tailscale/corp#4347 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	fc12cbfcd3	client/tailscale, cmd/tailscale, localapi: add 'tailscale nc' ... This adds a "tailscale nc" command that acts a bit like "nc", but dials out via tailscaled via localapi. This is a step towards a "tailscale ssh", as we'll use "tailscale nc" as a ProxyCommand for in some cases (notably in userspace mode). But this is also just useful for debugging & scripting. Updates #3802 RELNOTE=tailscale nc Change-Id: Ia5c37af2d51dd0259d5833d80264d3ad5f68446a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	d2f3ec8a63	envknob, ipn/ipnlocal: add SSH admin kill switch ... Updates #3802 Change-Id: I6127907446d1a6be1b097d9ba3b534f2b8eb707f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	f2041c9088	all: use strings.Cut even more ... Change-Id: I943ce72c6f339589235bddbe10d07799c4e37979 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	1db46919ab	cmd/tailscaled: make build fail nicely on older Go versions ... Due to a bug in Go (golang/go#51778), cmd/go doesn't warn about your Go version being older than the go.mod's declared Go version in that case that package loading fails before the build starts, such as when you use packages that are only in the current version of Go, like our use of net/netip. This change works around that Go bug by adding build tags and a pre-Go1.18-only file that will cause Go 1.17 and earlier to fail like: $ ~/sdk/go1.17/bin/go install ./cmd/tailscaled # tailscale.com/cmd/tailscaled ./required_version.go:11:2: undefined: you_need_Go_1_18_to_compile_Tailscale note: module requires Go 1.18 Change-Id: I39f5820de646703e19dde448dd86a7022252f75c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
davideger	f31546809f	cmd/tailscale: propagate tailscaled 403s as AccessDeniedErrors ... So Linux/etc CLI users get helpful advice to run tailscale with --operator=$USER when they try to 'tailscale file {cp,get}' but are mysteriously forbidden. Signed-off-by: David Eger <eger@google.com> Signed-off-by: David Eger <david.eger@gmail.com>	2 years ago
Brad Fitzpatrick	96cab21383	cmd/tailscale: add debug restun, rebind subcommands ... In the hidden debug menu. Change-Id: I20213f1f4e2290d36f9ff561bac0cc767400d5fd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Josh Bleecher Snyder	63cd581c3f	safesocket: add ConnectionStrategy, provide control over fallbacks ... fee2d9fad added support for cmd/tailscale to connect to IPNExtension. It came in two parts: If no socket was provided, dial IPNExtension first, and also, if dialing the socket failed, fall back to IPNExtension. The second half of that support caused the integration tests to fail when run on a machine that was also running IPNExtension. The integration tests want to wait until the tailscaled instances that they spun up are listening. They do that by dialing the new instance. But when that dial failed, it was falling back to IPNExtension, so it appeared (incorrectly) that tailscaled was running. Hilarity predictably ensued. If a user (or a test) explicitly provides a socket to dial, it is a reasonable assumption that they have a specific tailscaled in mind and don't want to fall back to IPNExtension. It is certainly true of the integration tests. Instead of adding a bool to Connect, split out the notion of a connection strategy. For now, the implementation remains the same, but with the details hidden a bit. Later, we can improve that. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Danny Hermes	56c72d9cde	godoc fix: StatusWithPeers -> StatusWithoutPeers ... Signed-off-by: Danny Hermes <daniel.j.hermes@gmail.com>	3 years ago
Brad Fitzpatrick	3181bbb8e4	cmd/tailscale: make file cp send files via tailscaled localapi ... So Taildrop sends work even if the local tailscaled is running in netstack mode, as it often is on Synology, etc. Updates #2179 (which is primarily about receiving, but both important) Change-Id: I9bd1afdc8d25717e0ab6802c7cf2f5e0bd89a3b2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	68917fdb5d	cmd/tailscale/cli: add "debug metrics" subcommand ... To let users inspect the tailscaled metrics easily. Updates #3307 Change-Id: I922126ca0626659948c57de74c6ef62f40ef5f5f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	2b082959db	safesocket: add WindowsLocalPort const ... Remove all the 41112 references. Change-Id: I2d7ed330d457e3bb91b7e6416cfb2667611e50c4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	52be1c0c78	tsnet: run the LocalAPI handler ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	f62e6d83a9	cmd/tailscale: make cert subcommand give hints on access denied ... Lot of people have been hitting this. Now it says: $ tailscale cert tsdev.corp.ts.net Access denied: cert access denied Use 'sudo tailscale cert' or 'tailscale up --operator=$USER' to not require root. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	efb84ca60d	ipn/localapi, cmd/tailscale: add CPU & memory profile support, debug command ... This was already possible on Linux if you ran tailscaled with --debug (which runs net/http/pprof), but it requires the user have the Go toolchain around. Also, it wasn't possible on macOS, as there's no way to run the IPNExtension with a debug server (it doesn't run tailscaled). And on Windows it's super tedious: beyond what users want to do or what we want to explain. Instead, put it in "tailscale debug" so it works and works the same on all platforms. Then we can ask users to run it when we're debugging something and they can email us the output files. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	b1a2abf41b	client/tailscale/example/servetls: add demo program for docs ... Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	a83f08c54b	cmd/tailscale: provide a better error message when tailscaled isn't running ... Fixes #2797 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	3c8ca4b357	client/tailscale, cmd/tailscale/cli: move version mismatch check to CLI ... So people can use the package for whois checks etc without version skew errors. The earlier change faa891c1f2 for #1905 was a bit too aggressive. Fixes #2757 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	faa891c1f2	client/tailscale,ipn/localapi: warn on tailscale/tailscaled version skew ... Fixes #1905 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	b7ae529ecc	client/tailscale: make GetCertificate guess cert if SNI lacks dots ... Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	57b794c338	ipn/localapi: move cert fetching code to localapi, cache, add cert subcommand ... Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
julianknodt	506c2fe8e2	cmd/tailscale: make netcheck use active DERP map, delete static copy ... After allowing for custom DERP maps, it's convenient to be able to see their latency in netcheck. This adds a query to the local tailscaled for the current DERPMap. Updates #1264 Signed-off-by: julianknodt <julianknodt@gmail.com>	3 years ago
Brad Fitzpatrick	fc5fba0fbf	client/tailscale: document SetDNS more ... Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	796e222901	client/tailscale: add SetDNS func ... Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	b993d9802a	ipn/ipnlocal, etc: require file sharing capability to send/recv files ... tailscale/corp#1582 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	db5e269463	client/tailscale/apitype: move local API types to new apitype package ... They were scattered/duplicated in misc places before. It can't be in the client package itself for circular dep reasons. This new package is basically tailcfg but for localhost communications, instead of to control. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	79109f4965	ipn/ipnlocal: use PATCH for EditPrefs, not POST ... Addendum to earlier 00d641d9fc. Reserve POST for SetPrefs in the future. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	00d641d9fc	ipn/localapi: move EditPrefs to localapi ... Follow-up/revision to recent 53cfff109b which added EditPrefs. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	3167e55ddf	ipn/{ipnlocal,localapi}, cmd/tailscale: add logout command ... Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	50b309c1eb	ipn/localapi, cmd/tailscale: add API to get prefs, CLI debug command to show ... Updates #1436 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	03be116997	client/tailscale: factor out some helpers to reduce boilerplate ... Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	db13b2d0c8	cmd/tailscale, ipn/localapi: add "tailscale bugreport" subcommand ... Adding a subcommand which prints and logs a log marker. This should help diagnose any issues that users face. Fixes #1466 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	1bd14a072c	cmd/tailscale, ipn/localapi: move IP forwarding check to tailscaled, API ... Instead of having the CLI check whether IP forwarding is enabled, ask tailscaled. It has a better idea. If it's netstack, for instance, the sysctl values don't matter. And it's possible that only the daemon has permission to know. Fixes #1626 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	6d1a9017c9	ipn/{ipnlocal,localapi}, client/tailscale: add file get/delete APIs ... Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Crawshaw	e67f1b5da0	client/tailscale, cmd/tailscale/cli: plumb --socket through ... Without this, `tailscale status` ignores the --socket flag on macOS and always talks to the IPNExtension, even if you wanted it to inspect a userspace tailscaled. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	3 years ago
Brad Fitzpatrick	439d70dce2	cmd/tailscale, ipn/localapi: get daemon version from localapi status ... Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d0dffe33c0	cmd/tailscale, ipn/localapi: use localapi for status, not IPN acrobatics ... Yay simpler code. Tested on Linux, macOS and Windows. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Naman Sood	770aa71ffb	client, cmd/hello, ipn, wgengine: fix whois for netstack-forwarded connections ... Updates #504 Updates #707 Signed-off-by: Naman Sood <mail@nsood.in>	3 years ago
Brad Fitzpatrick	a4b585947d	ipn/localapi, client/tailscale: add a goroutine dump handler ... Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	30a37622b4	cmd/hello: break out local HTTP client into client/tailscale ... Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago