tailscale

Commit Graph

Author	SHA1	Message	Date
Paul Scott	82394debb7	cmd/tailscale: add shell tab-completion The approach is lifted from cobra: `tailscale completion bash` emits a bash script for configuring the shell's autocomplete: . <( tailscale completion bash ) so that typing: tailscale st<TAB> invokes: tailscale completion __complete -- st RELNOTE=tailscale CLI now supports shell tab-completion Fixes #3793 Signed-off-by: Paul Scott <paul@tailscale.com>	1 week ago
Brad Fitzpatrick	7c1d6e35a5	all: use Go 1.22 range-over-int Updates #11058 Change-Id: I35e7ef9b90e83cac04ca93fd964ad00ed5b48430 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 week ago
Percy Wegmann	8b8b315258	net/tstun: use gaissmai/bart instead of tempfork/device This implementation uses less memory than tempfork/device, which helps avoid OOM conditions in the iOS VPN extension when switching to a Tailnet with ExitNode routing enabled. Updates tailscale/corp#18514 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 month ago
Percy Wegmann	8c88853db6	ipn/ipnlocal: add c2n /debug/pprof/allocs endpoint This behaves the same as typical debug/pprof/allocs. Updates tailscale/corp#18514 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 month ago
Brad Fitzpatrick	e8551d6b40	all: use Go 1.21 slices, maps instead of x/exp/{slices,maps} Updates #8419 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Brad Fitzpatrick	cb53846717	tempfork/heap: add copy of Go's container/heap but using generics From Go commit 0a48e5cbfabd679e, then with some generics sprinkled about. Updates tailscale/corp#7354 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Maisem Ali	d1d5d52b2c	net/tstun/table: add initial RoutingTable implementation It is based on `*tempfork/device.AllowedIPs`. Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	2522b0615f	tempfork/device: add a temp fork of golang.zx2c4.com/wireguard/device This will allow us to reuse the AllowedIPs for NAT decisions in a follow on commit. The files `allowedips_*.go` are as-is, `peer.go` only keeps the `Peer` declaration with a single element required for AllowedIPs. Upstream commit https://git.zx2c4.com/wireguard-go/commit/?id=052af4a8072bbbd3bfe7edf46fe3c1b350f71f08 Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	da8def8e13	all: remove old +build tags The //go:build syntax was introduced in Go 1.17: https://go.dev/doc/go1.17#build-lines gofmt has kept the +build and go:build lines in sync since then, but enough time has passed. Time to remove them. Done with: perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build') Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	4de1601ef4	ssh/tailssh: add support for sending multiple banners Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	f16b77de5d	ssh/tailssh: do the full auth flow during ssh auth Fixes #5091 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Eng Zer Jun	f0347e841f	refactor: move from io/ioutil to io and os packages The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Reference: https://golang.org/doc/go1.16#ioutil Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2 years ago
Brad Fitzpatrick	116f55ff66	all: gofmt for Go 1.19 Updates #5210 Change-Id: Ib02cd5e43d0a8db60c1f09755a8ac7b140b670be Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	2b8b887d55	ssh/tailssh: send banner messages during auth, move more to conn (VSCode Live Share between Brad & Maisem!) Updates #3802 Change-Id: Id8edca4481b0811debfdf56d4ccb1a46f71dd6d3 Co-Authored-By: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	14d077fc3a	ssh/tailssh: terminate ssh auth early if no policy can match Also bump github.com/tailscale/golang-x-crypto/ssh Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	3d180c0376	go.mod, ssh/tailssh, tempfork/gliderlabs: bump x/crypto/ssh fork for NoClientAuthCallback Prep for evaluating SSHPolicy earlier to decide whether certs are required, which requires knowing the target SSH user. Updates #3802 Change-Id: I2753ec8069e7f19c9121300d0fb0813c1c627c36 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	5a44f9f5b5	tempfork: temporarily fork gliderlabs/ssh and x/crypto/ssh While we rearrange/upstream things. gliderlabs/ssh is forked into tempfork from our prior fork at `be8b7add40` x/crypto/ssh OTOH is forked at https://github.com/tailscale/golang-x-crypto because it was gnarlier to vendor with various internal packages, etc. Its git history shows where it starts (2c7772ba30643b7a2026cbea938420dce7c6384d). Updates #3802 Change-Id: I546e5cdf831cfc030a6c42557c0ad2c58766c65f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	baf8854f9a	tempfork/wireguard-windows: remove the old windows firewall code now that we are no longer relying on it. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Josh Bleecher Snyder	a5da4ed981	all: gofmt with Go 1.17 This adds "//go:build" lines and tidies up existing "// +build" lines. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	41d06bdf86	tempfork/wireguard-windows: remove unnecessary build tag The _windows.go suffix suffices. This allows go:generate to run without creating a diff. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
David Anderson	ac3de93d5c	tempfork/wireguard-windows/firewall: add. This is a fork of wireguard-windows's firewall package, with the firewall rules adjusted to better line up with tailscale's needs. The package was taken from commit 3cc76ed5f222ec82748ef3bd8c41d4b059e28cdb in our fork of wireguard-go. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Josh Bleecher Snyder	a6cad71fb2	go.mod: upgrade staticcheck to 0.1.0 Also run go.mod and fix some staticcheck warnings. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	8f76548fd9	tempfork/osexec: remove old fork of os/exec This package was a temporary fork of os/exec to fix an EINTR loop bug that was fixed upstream for Go 1.15 in `8c1db77a92` (https://go-review.googlesource.com/c/go/+/232862), in src/os/exec_unix.go: `8c1db77a92 (diff-72072cbd53a7240debad8aa506ff7ec795f9cfac7322e779f9bac29a4d0d0bd4)`	3 years ago
Brad Fitzpatrick	5b338bf011	tempfork/registry: delete It's unused.	3 years ago
Josh Bleecher Snyder	585a0d8997	all: use testing.T.TempDir Bit of Friday cleanup. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	f26b409bd5	tempfork: add lite fork of net/http/pprof w/o html/template or reflect	4 years ago
Brad Fitzpatrick	39f2fe29f7	tempfork/registry: work around issue with Tailscale's redo build system Updates tailscale/corp#293	4 years ago
Brad Fitzpatrick	e441d3218e	tempfork/registry: add golang.org/x/sys/windows/registry + CL 236681 Temporary fork of golang.org/x/sys/windows/registry with: windows/registry: add Key.WaitChange wrapper around RegNotifyChangeKeyValue https://go-review.googlesource.com/c/sys/+/236681	4 years ago
Brad Fitzpatrick	9bbcdba2b3	tempfork/internal/testenv: remove It was for our x509 fork and no longer needed. (x509 changes went into our Go fork instead)	4 years ago
Brad Fitzpatrick	58e83d8f66	tempfork/x509: moved to tailscale/go's crypto/x509 instead	4 years ago
Brad Fitzpatrick	d427fc023e	tempfork/x509: remove the bundle tag in our fork We want to be able to omit from only one (not both)	4 years ago
Brad Fitzpatrick	28c632c97b	tempfork/x509: store certs for iOS compressed in binary, parse lazily	4 years ago
Brad Fitzpatrick	8fd8fc9c7d	tempfork/x509: fix build on darwin and windows These fixes were originally in the updates to CL 229917 after Trybots failed there. See https://go-review.googlesource.com/c/go/+/229917/1..3	4 years ago
Brad Fitzpatrick	bfc1261ab6	crypto/x509: keep smaller root cert representation in memory until needed (from patchset 1, c12c890c64dd6372b3893af1e6f5ab11802c9e81, of https://go-review.googlesource.com/c/go/+/230025/1, with merges fixes due to parent commit's differents from its ps1..ps3) Instead of parsing the PEM files and then storing the *Certificate values forever, still parse them to see if they're valid and pick out some fields, but then only store the decoded pem.Block.Bytes until that cert is first needed. Saves about 500K of memory on my (Debian stable) machine after doing a tls.Dial or calling x509.SystemCertPool. A more aggressive version of this is still possible: we can not keep the pem.Block.Bytes in memory either, and re-read them from disk when necessary. But dealing with files disappearing and even large multi-cert PEM files changing (with offsets sliding around) made this conservative version attractive. It doesn't change the slurp-roots-on-startup semantics. It just does so with less memory retained. Change-Id: I3aea333f4749ae3b0026042ec3ff7ac015c72204	4 years ago
Brad Fitzpatrick	f5993f2440	crypto/x509: add support for CertPool to load certs lazily (from patchset 1, 7cdc3c3e7427c9ef69e19224d6036c09c5ea1723, of https://go-review.googlesource.com/c/go/+/229917/1) This will allow building CertPools that consume less memory. (Most certs are never accessed. Different users/programs access different ones, but not many.) This CL only adds the new internal mechanism (and uses it for the old AddCert) but does not modify any existing root pool behavior. (That is, the default Unix roots are still all slurped into memory as of this CL) Change-Id: Ib3a42e4050627b5e34413c595d8ced839c7bfa14	4 years ago
Numerous Gophers	3bab226299	Add fork of Go 1.15-dev's crypto/x509 Snapshotted from Go commit 619c7a48a38b28b521591b490fd14ccb7ea5e821 (https://go-review.googlesource.com/c/go/+/229762, "crypto/x509: add x509omitbundledroots build tag to not embed roots") With 975c01342a25899962969833d8b2873dc8856a4f (https://go-review.googlesource.com/c/go/+/220721) removed, because it depends on other stuff in Go std that doesn't yet exist in a Go release. Also, add a subset fork of Go's internal/testenv, for use by x509's tests.	4 years ago
Earl Lee	a8d8b8719a	Move Linux client & common packages into a public repo.	4 years ago

37 Commits (main)