tailscale

Commit Graph

Author	SHA1	Message	Date
Irbe Krumina	add62af7c6	util/linuxfw,go.{mod,sum}: don't log errors when deleting non-existant chains and rules (#11852 ) This PR bumps iptables to a newer version that has a function to detect 'NotExists' errors and uses that function to determine whether errors received on iptables rule and chain clean up are because the rule/chain does not exist- if so don't log the error. Updates corp#19336 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	3 days ago
Andrew Lytvynov	e775de3c63	go.mod: bump golang.org/x/net (#11775 ) One more place to pick up a fix for https://pkg.go.dev/vuln/GO-2024-2687. Updates https://github.com/tailscale/corp/issues/18893 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 week ago
dependabot[bot]	449be38e03	build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#11410 ) * build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * cmd/{derper,stund}: update depaware.txt Signed-off-by: Andrew Lytvynov <awly@tailscale.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Andrew Lytvynov <awly@tailscale.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Lytvynov <awly@tailscale.com>	1 week ago
Irbe Krumina	3ef7f895c8	go.{mod,sum}: bump nftables to the latest commit (#11772 ) Updates#deps Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 week ago
Brad Fitzpatrick	a1abd12f35	cmd/tailscaled, net/tstun: build for aix/ppc64 At least in userspace-networking mode. Fixes #11361 Change-Id: I78d33f0f7e05fe9e9ee95b97c99b593f8fe498f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Maisem Ali	0d8cd1645a	go.mod: bump github.com/gaissmai/bart To pick up https://github.com/gaissmai/bart/pull/17. Updates #deps Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 month ago
Percy Wegmann	8b8b315258	net/tstun: use gaissmai/bart instead of tempfork/device This implementation uses less memory than tempfork/device, which helps avoid OOM conditions in the iOS VPN extension when switching to a Tailnet with ExitNode routing enabled. Updates tailscale/corp#18514 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 month ago
Andrew Lytvynov	1e7050e73a	go.mod: bump github.com/docker/docker (#11515 ) There's a vulnerability https://pkg.go.dev/vuln/GO-2024-2659 that govulncheck flags, even though it's only reachable from tests and cmd/sync-containers and cannot be exploited there. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 month ago
Andrew Dunham	62cf83eb92	go.mod: bump gvisor The `stack.PacketBufferPtr` type no longer exists; replace it with `*stack.PacketBuffer` instead. Updates #8043 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ib56ceff09166a042aa3d9b80f50b2aa2d34b3683	2 months ago
Irbe Krumina	45d27fafd6	cmd/k8s-operator,k8s-operator,go.{mod,sum},tstest/tools: add Tailscale Kubernetes operator API docs (#11246 ) Add logic to autogenerate CRD docs. .github/workflows/kubemanifests.yaml CI workflow will fail if the doc is out of date with regard to the current CRDs. Docs can be refreshed by running make kube-generate-all. Updates tailscale/tailscale#11023 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 months ago
OSS Updater	82c569a83a	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 months ago
Percy Wegmann	50fb8b9123	tailfs: replace webdavfs with reverse proxies Instead of modeling remote WebDAV servers as actual webdav.FS instances, we now just proxy traffic to them. This not only simplifies the code, but it also allows WebDAV locking to work correctly by making sure locks are handled by the servers that need to (i.e. the ones actually serving the files). Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 months ago
Brad Fitzpatrick	61a1644c2a	go.mod, all: move away from inet.af domain seized by Taliban Updates inetaf/tcpproxy#39 Change-Id: I7fee276b116bd08397347c6c949011d76a2842cf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Percy Wegmann	993acf4475	tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 months ago
OSS Updater	664b861cd4	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	3 months ago
James Tucker	7e3bcd297e	go.mod,wgengine/netstack: bump gvisor Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	3 months ago
James Tucker	457102d070	go.mod: bump most deps for start of cycle Plan9 CI is disabled. 3p dependencies do not build for the target. Contributor enthusiasm appears to have ceased again, and no usage has been made. Skipped gvisor, nfpm, and k8s. Updates #5794 Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	3 months ago
OSS Updater	d841ddcb13	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	4 months ago
Andrew Lytvynov	4ec6a78551	go.mod: update golang-x-crypto fork (#10786 ) Pick up a bunch of recent upstream commits. Updates #8593 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	4 months ago
OSS Updater	e7d52eb2f8	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	4 months ago
Irbe Krumina	e72f2b7791	go.{mod,sum}: bump mkctr (#10722 ) go get github.com/tailscale/mkctr@bf50773ba7349ced8de812c3d5437e8618bd4fa7 Updates tailscale/tailscale#9902 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	4 months ago
Irbe Krumina	1a08ea5990	cmd/k8s-operator: operator can create subnetrouter (#9505 ) * k8s-operator,cmd/k8s-operator,Makefile,scripts,.github/workflows: add Connector kube CRD. Connector CRD allows users to configure the Tailscale Kubernetes operator to deploy a subnet router to expose cluster CIDRs or other CIDRs available from within the cluster to their tailnet. Also adds various CRD related machinery to generate CRD YAML, deep copy implementations etc. Engineers will now have to run 'make kube-generate-all` after changing kube files to ensure that all generated files are up to date. * cmd/k8s-operator,k8s-operator: reconcile Connector resources Reconcile Connector resources, create/delete subnetrouter resources in response to changes to Connector(s). Connector reconciler will not be started unless ENABLE_CONNECTOR env var is set to true. This means that users who don't want to use the alpha Connector custom resource don't have to install the Connector CRD to their cluster. For users who do want to use it the flow is: - install the CRD - install the operator (via Helm chart or using static manifests). For Helm users set .values.enableConnector to true, for static manifest users, set ENABLE_CONNECTOR to true in the static manifest. Updates tailscale/tailscale#502 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	4 months ago
OSS Updater	e78cb9aeb3	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
OSS Updater	be19262cc5	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
OSS Updater	afe138f18d	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
OSS Updater	552b1ad094	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
OSS Updater	501478dcdc	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
OSS Updater	6389322619	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
Adrian Dewhurst	2003d1139f	go.mod: update certstore Updates tailscale/coral#118 Change-Id: Ie535ab890f95d13d050b2acc7d4ad1e3f8316877 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	5 months ago
OSS Updater	f13255d54d	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
Jordan Whited	e1d0d26686	go.mod: bump wireguard-go (#10352 ) This pulls in tailscale/wireguard-go@8cc8b8b and tailscale/wireguard-go@cc193a0, which improve throughput and latency under load. Updates tailscale/corp#11061 Signed-off-by: Jordan Whited <jordan@tailscale.com>	5 months ago
Percy Wegmann	17501ea31a	ci: report test coverage to coveralls.io This records test coverage for the amd64 no race tests and uploads the results to coveralls.io. Updates #cleanup Signed-off-by: Ox Cart <ox.to.a.cart@gmail.com>	5 months ago
Irbe Krumina	66471710f8	cmd/k8s-operator: truncate long StatefulSet name prefixes (#10343 ) Kubernetes can generate StatefulSet names that are too long and result in invalid Pod revision hash label values. Calculate whether a StatefulSet name generated for a Service or Ingress will be too long and if so, truncate it. Updates tailscale/tailscale#10284 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	5 months ago
OSS Updater	fc8488fac0	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
OSS Updater	3402998c1c	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
OSS Updater	146c4bacde	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
Maisem Ali	7d4221c295	cmd/tsidp: add start of OIDC Tailscale IdP Updates #10263 Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Change-Id: I240bc9b5ecf2df6f92c45929d105fde66c06a860 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	5 months ago
OSS Updater	063657c65f	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	5 months ago
Tom DNetto	ce46d92ed2	go.{mod,sum}: update inet.af/tcpproxy to fix flaking test ``` [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.085s [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.030s ``` Fixes: #10056 Signed-off-by: Tom DNetto <tom@tailscale.com>	6 months ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	6 months ago
Will Norris	fc2d63bb8c	go.mod: updates web-client-prebuilt Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Will Norris	d530153d2f	go.mod: bump web-client-prebuilt Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Will Norris	cb07ed54c6	go.mod: update web-client-prebuilt Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
dependabot[bot]	535cb6c3f5	build(deps): bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	6 months ago
Jordan Whited	bd488e4ff8	go.mod: update wireguard-go (#10046 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	6 months ago
Jordan Whited	dd842d4d37	go.mod: update wireguard-go to enable TUN UDP GSO/GRO (#10029 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	6 months ago
Aaron Klotz	95671b71a6	ipn, safesocket: use Windows token in LocalAPI On Windows, the idiomatic way to check access on a named pipe is for the server to impersonate the client on its current OS thread, perform access checks using the client's access token, and then revert the OS thread's access token back to its true self. The access token is a better representation of the client's rights than just a username/userid check, as it represents the client's effective rights at connection time, which might differ from their normal rights. This patch updates safesocket to do the aforementioned impersonation, extract the token handle, and then revert the impersonation. We retain the token handle for the remaining duration of the connection (the token continues to be valid even after we have reverted back to self). Since the token is a property of the connection, I changed ipnauth to wrap the concrete net.Conn to include the token. I then plumbed that change through ipnlocal, ipnserver, and localapi as necessary. I also added a PermitLocalAdmin flag to the localapi Handler which I intend to use for controlling access to a few new localapi endpoints intended for configuring auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	6 months ago
Adrian Dewhurst	5347e6a292	control/controlclient: support certstore without cgo We no longer build Windows releases with cgo enabled, which automatically turned off certstore support. Rather than re-enabling cgo, we updated our fork of the certstore package to no longer require cgo. This updates the package, cleans up how the feature is configured, and removes the cgo build tag requirement. Fixes tailscale/corp#14797 Fixes tailscale/coral#118 Change-Id: Iaea34340761c0431d759370532c16a48c0913374 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	6 months ago
Brad Fitzpatrick	7fd6cc3caa	go.mod: bump alexbrainman/sspi For https://github.com/alexbrainman/sspi/pull/13 Fixes #9131 (hopefully) Change-Id: I27bb00bbf5e03850f65f18c45f15c4441cc54b23 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	6 months ago
Brad Fitzpatrick	6b1ed732df	go.mod: bump x/net to 0.17 for CVE-2023-39325 https://go.googlesource.com/net/+/b225e7ca6dde1ef5a5ae5ce922861bda011cfabd Updates tailscale/corp#15165 Change-Id: Ia8b5e16b1acfe1b2400d321034b41370396f70e2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago

1 2 3 4 5 ...

406 Commits (main)