tailscale

Commit Graph

Author	SHA1	Message	Date
Paul Scott	3ff3445e9d	cmd/tailscale/cli: improve ShortHelp/ShortUsage unit test, fix new errors Updates #11364 Signed-off-by: Paul Scott <paul@tailscale.com>	2 weeks ago
Paul Scott	eb34b8a173	cmd/tailscale/cli: remove explicit usageFunc - its default Updates #cleanup Signed-off-by: Paul Scott <paul@tailscale.com>	2 weeks ago
Paul Scott	a50e4e604e	cmd/tailscale/cli: remove duplicate "tailscale " in drive subcmd usage Updates #cleanup Signed-off-by: Paul Scott <paul@tailscale.com>	2 weeks ago
Paul Scott	62d4be873d	cmd/tailscale/cli: fix drive --help usage identation Updates #cleanup Signed-off-by: Paul Scott <paul@tailscale.com>	2 weeks ago
Brad Fitzpatrick	7c1d6e35a5	all: use Go 1.22 range-over-int Updates #11058 Change-Id: I35e7ef9b90e83cac04ca93fd964ad00ed5b48430 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Brad Fitzpatrick	068db1f972	net/interfaces: delete unused unexported function It should've been deleted in `11ece02f52`. Updates #9040 Change-Id: If8a136bdb6c82804af658c9d2b0a8c63ce02d509 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Jonathan Nobels	7e2b4268d6	ipn/{localapi, ipnlocal}: forget the prior exit node when localAPI is used to zero the ExitNodeID (#11681 ) Updates tailscale/corp#18724 When localAPI clients directly set ExitNodeID to "", the expected behaviour is that the prior exit node also gets zero'd - effectively setting the UI state back to 'no exit node was ever selected' The IntenalExitNodePrior has been changed to be a non-opaque type, as it is read by the UI to render the users last selected exit node, and must be concrete. Future-us can either break this, or deprecate it and replace it with something more interesting. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	2 weeks ago
Brad Fitzpatrick	0fba9e7570	cmd/tailscale/cli: prevent concurrent Start calls in 'up' Seems to deflake tstest/integration tests. I can't reproduce it anymore on one of my VMs that was consistently flaking after a dozen runs before. Now I can run hundreds of times. Updates #11649 Fixes #7036 Change-Id: I2f7d4ae97500d507bdd78af9e92cd1242e8e44b8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Irbe Krumina	26f9bbc02b	cmd/k8s-operator,k8s-operator: document tailscale.com Custom Resource Definitions better. (#11665 ) Updates tailscale/tailscale#10880 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 weeks ago
Adrian Dewhurst	ca5cb41b43	tailcfg: document use of CapMap for peers Updates tailscale/corp#17516 Updates #11508 Change-Id: Iad2dafb38ffb9948bc2f3dfaf9c268f7d772cf56 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 weeks ago
Brad Fitzpatrick	3c1e2bba5b	ipn/ipnlocal: remove outdated iOS hacky workaround in Start We haven't needed this hack for quite some time Andrea says. Updates #11649 Change-Id: Ie854b7edd0a01e92495669daa466c7c0d57e7438 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Brad Fitzpatrick	dd6c76ea24	ipn: remove unused Options.LegacyMigrationPrefs I'm on a mission to simplify LocalBackend.Start and its locking and deflake some tests. I noticed this hasn't been used since March 2023 when it was removed from the Windows client in corp 66be796d33c. So, delete. Updates #11649 Change-Id: I40f2cb75fb3f43baf23558007655f65a8ec5e1b2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Brad Fitzpatrick	7ec0dc3834	ipn/ipnlocal: make StartLoginInteractive take (yet unused) context In prep for future fix to undermentioned issue. Updates tailscale/tailscale#7036 Change-Id: Ide114db917dcba43719482ffded6a9a54630d99e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Claire Wang	9171b217ba	cmd/tailscale, ipn/ipnlocal: add suggest exit node CLI option (#11407 ) Updates tailscale/corp#17516 Signed-off-by: Claire Wang <claire@tailscale.com>	2 weeks ago
Charlotte Brandhorst-Satzkorn	449f46c207	wgengine/magicsock: rebind/restun if a syscall.EPERM error is returned (#11711 ) We have seen in macOS client logs that the "operation not permitted", a syscall.EPERM error, is being returned when traffic is attempted to be sent. This may be caused by security software on the client. This change will perform a rebind and restun if we receive a syscall.EPERM error on clients running darwin. Rebinds will only be called if we haven't performed one specifically for an EPERM error in the past 5 seconds. Updates #11710 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 weeks ago
Will Norris	14c8b674ea	Revert "licenses: add gliderlabs/ssh license" The gliderlabs/ssh license is actually already included in the standard package listing. I'm not sure why I thought it wasn't. Updates tailscale/corp#5780 This reverts commit `11dca08e93`. Signed-off-by: Will Norris <will@tailscale.com>	2 weeks ago
Brad Fitzpatrick	952e06aa46	wgengine/router: don't attempt route cleanup on Synology Trying to run iptables/nftables on Synology pauses for minutes with lots of errors and ultimately does nothing as it's not used and we lack permissions. This fixes a regression from `db760d0bac` (#11601) that landed between Synology testing on unstable 1.63.110 and 1.64.0 being cut. Fixes #11737 Change-Id: Iaf9563363b8e45319a9b6fe94c8d5ffaecc9ccef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Irbe Krumina	38fb23f120	cmd/k8s-operator,k8s-operator: allow users to configure proxy env vars via ProxyClass (#11743 ) Adds new ProxyClass.spec.statefulSet.pod.{tailscaleContainer,tailscaleInitContainer}.Env field that allow users to provide key, value pairs that will be set as env vars for the respective containers. Allow overriding all containerboot env vars, but warn that this is not supported and might break (in docs + a warning when validating ProxyClass). Updates tailscale/tailscale#10709 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 weeks ago
Brad Fitzpatrick	9258bcc360	Makefile: fix default SYNO_ARCH in Makefile It was broken with the move to dist in `32e0ba5e68` which doesn't accept amd64 anymore. Updates #cleanup Change-Id: Iaaaba2d73c6a09a226934fe8e5c18b16731ee7a6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Brad Fitzpatrick	b9aa7421d6	ipn/ipnlocal: remove some dead code (legacyBackend methods) from LocalBackend Nothing used it. Updates #11649 Change-Id: Ic1c331d947974cd7d4738ff3aafe9c498853689e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 weeks ago
Brad Fitzpatrick	a6739c49df	paths: set default state path on AIX Updates #11361 Change-Id: I196727a540be6b7c75303f9958490b1d76189fd6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 weeks ago
Brad Fitzpatrick	271cfdb3d3	util/syspolicy: clean up doc grammar and consistency Updates #cleanup Change-Id: I912574cbd5ef4d8b7417b8b2a9b9a2ccfef88840 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 weeks ago
Brad Fitzpatrick	bad3159b62	ipn/ipnlocal: delete useless SetControlClientGetterForTesting use Updates #11649 Change-Id: I56c069b9c97bd3e30ff87ec6655ec57e1698427c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 weeks ago
Brad Fitzpatrick	8186cd0349	ipn/ipnlocal: delete redundant TestStatusWithoutPeers We have tstest/integration nowadays. And this test was one of the lone holdouts using the to-be-nuked SetControlClientGetterForTesting. Updates #11649 Change-Id: Icf8a6a2e9b8ae1ac534754afa898c00dc0b7623b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 weeks ago
Brad Fitzpatrick	68043a17c2	ipn/ipnlocal: centralize assignments to cc + ccAuto in new method cc vs ccAuto is a mess. It needs to go. But this is a baby step towards getting there. Updates #11649 Change-Id: I34f33934844e580bd823a7d8f2b945cf26c87b3b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 weeks ago
Brad Fitzpatrick	970b1e21d0	ipn/ipnlocal: inline assertClientLocked into its now sole caller Updates #11649 Change-Id: I8e2a5e59125a0cad5c0a8c9ed8930585f1735d03 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 weeks ago
Brad Fitzpatrick	170c618483	ipn/ipnlocal: remove dead code now that Android uses LocalAPI instead The new Android app and its libtailscale don't use this anymore; it uses LocalAPI like other clients now. Updates #11649 Change-Id: Ic9f42b41e0e0280b82294329093dc6c275f41d50 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 weeks ago
Flakes Updater	65f215115f	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	3 weeks ago
Brad Fitzpatrick	a1abd12f35	cmd/tailscaled, net/tstun: build for aix/ppc64 At least in userspace-networking mode. Fixes #11361 Change-Id: I78d33f0f7e05fe9e9ee95b97c99b593f8fe498f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 weeks ago
kari-ts	1cd51f95c7	ipnlocal: enable allow LAN for android (#11709 ) Updates tailscale/corp#18984 Updates tailscale/corp#18202	3 weeks ago
Claire Wang	976d3c7b5f	tailcfg: add exit destination for network flow logs node attribute (#11698 ) Updates tailscale/corp#18625 Signed-off-by: Claire Wang <claire@tailscale.com>	3 weeks ago
Joe Tsai	7a77a2edf1	logtail: optimize JSON processing (#11671 ) Changes made: * Avoid "encoding/json" for JSON processing, and instead use "github.com/go-json-experiment/json/jsontext". Use jsontext.Value.IsValid for validation, which is much faster. Use jsontext.AppendQuote instead of our own JSON escaping. * In drainPending, use a different maxLen depending on lowMem. In lowMem mode, it is better to perform multiple uploads than it is to construct a large body that OOMs the process. * In drainPending, if an error is encountered draining, construct an error message in the logtail JSON format rather than something that is invalid JSON. * In appendTextOrJSONLocked, use jsontext.Decoder to check whether the input is a valid JSON object. This is faster than the previous approach of unmarshaling into map[string]any and then re-marshaling that data structure. This is especially beneficial for network flow logging, which produces relatively large JSON objects. * In appendTextOrJSONLocked, enforce maxSize on the input. If too large, then we may end up in a situation where the logs can never be uploaded because it exceeds the maximum body size that the Tailscale logs service accepts. * Use "tailscale.com/util/truncate" to properly truncate a string on valid UTF-8 boundaries. * In general, remove unnecessary spaces in JSON output. Performance: name old time/op new time/op delta WriteText 776ns ± 2% 596ns ± 1% -23.24% (p=0.000 n=10+10) WriteJSON 110µs ± 0% 9µs ± 0% -91.77% (p=0.000 n=8+8) name old alloc/op new alloc/op delta WriteText 448B ± 0% 0B -100.00% (p=0.000 n=10+10) WriteJSON 37.9kB ± 0% 0.0kB ± 0% -99.87% (p=0.000 n=10+10) name old allocs/op new allocs/op delta WriteText 1.00 ± 0% 0.00 -100.00% (p=0.000 n=10+10) WriteJSON 1.08k ± 0% 0.00k ± 0% -99.91% (p=0.000 n=10+10) For text payloads, this is 1.30x faster. For JSON payloads, this is 12.2x faster. Updates #cleanup Updates tailscale/corp#18514 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	3 weeks ago
Aaron Klotz	4d5d669cd5	net/dns: unconditionally write NRPT rules to local settings We were being too aggressive when deciding whether to write our NRPT rules to the local registry key or the group policy registry key. After once again reviewing the document which calls itself a spec (see issue), it is clear that the presence of the DnsPolicyConfig subkey is the important part, not the presence of values set in the DNSClient subkey. Furthermore, a footnote indicates that the presence of DnsPolicyConfig in the GPO key will always override its counterpart in the local key. The implication of this is important: we may unconditionally write our NRPT rules to the local key. We copy our rules to the policy key only when it contains NRPT rules belonging to somebody other than us. Fixes https://github.com/tailscale/corp/issues/19071 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 weeks ago
License Updater	9d021579e7	licenses: update license notices Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	3 weeks ago
Will Norris	11dca08e93	licenses: add gliderlabs/ssh license This package is included in the tempfork directory, rather than as a go module dependency, so is not included in the normal package list. Updates tailscale/corp#5780 Signed-off-by: Will Norris <will@tailscale.com>	3 weeks ago
Jenny Zhang	2207643312	VERSION.txt: this is v1.65.0 Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 weeks ago
Jenny Zhang	09524b58f3	VERSION.txt: this is v1.64.0 Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 weeks ago
James Tucker	a2eb1c22b0	wgengine/magicsock: allow disco communication without known endpoints Just because we don't have known endpoints for a peer does not mean that the peer should become unreachable. If we know the peers key, it should be able to call us, then we can talk back via whatever path it called us on. First step - don't drop the packet in this context. Updates tailscale/corp#19106 Signed-off-by: James Tucker <james@tailscale.com>	3 weeks ago
Patrick O'Doherty	7f4cda23ac	scripts/installer.sh: add rpm GPG key import (#11686 ) Extend the `zypper` install to import importing the GPG key used to sign the repository packages. Updates #11635 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	3 weeks ago
James Tucker	8fa3026614	tsweb: switch to fastuuid for request ID generation Request ID generation appears prominently in some services cumulative allocation rate, and while this does not eradicate this issue (the API still makes UUID objects), it does improve the overhead of this API and reduce the amount of garbage that it produces. Updates tailscale/corp#18266 Updates tailscale/corp#19054 Signed-off-by: James Tucker <james@tailscale.com>	3 weeks ago
James Tucker	d0f3fa7d7e	util/fastuuid: add a more efficient uuid generator This still generates github.com/google/uuid UUID objects, but does so using a ChaCha8 CSPRNG from the stdlib rand/v2 package. The public API is backed by a sync.Pool to provide good performance in highly concurrent operation. Under high load the read API produces a lot of extra garbage and overhead by way of temporaries and syscalls. This implementation reduces both to minimal levels, and avoids any long held global lock by utilizing sync.Pool. Updates tailscale/corp#18266 Updates tailscale/corp#19054 Signed-off-by: James Tucker <james@tailscale.com>	3 weeks ago
James Tucker	db760d0bac	cmd/tailscaled: move cleanup to an implicit action during startup This removes a potentially increased boot delay for certain boot topologies where they block on ExecStartPre that may have socket activation dependencies on other system services (such as systemd-resolved and NetworkManager). Also rename cleanup to clean up in affected/immediately nearby places per code review commentary. Fixes #11599 Signed-off-by: James Tucker <james@tailscale.com>	3 weeks ago
Nick Khyl	8d83adde07	util/winutil/winenv: add package for current Windows environment details Package winenv provides information about the current Windows environment. This includes details such as whether the device is a server or workstation, and if it is AD domain-joined, MDM-registered, or neither. Updates tailscale/corp#18342 Signed-off-by: Nick Khyl <nickk@tailscale.com>	3 weeks ago
Paul Scott	da4e92bf01	cmd/tailscale/cli: prefix all --help usages with "tailscale ...", some tidying Also capitalises the start of all ShortHelp, allows subcommands to be hidden with a "HIDDEN: " prefix in their ShortHelp, and adds a TS_DUMP_HELP envknob to look at all --help messages together. Fixes #11664 Signed-off-by: Paul Scott <paul@tailscale.com>	3 weeks ago
Percy Wegmann	9da135dd64	cmd/tailscale/cli: moved share.go to drive.go Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 weeks ago
Percy Wegmann	1e0ebc6c6d	cmd/tailscale/cli: rename share command to drive Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 weeks ago
Joe Tsai	b4ba492701	logtail: require Buffer.Write to not retain the provided slice (#11617 ) Buffer.Write has the exact same signature of io.Writer.Write. The latter requires that implementations to never retain the provided input buffer, which is an expectation that most users will have when they see a Write signature. The current behavior of Buffer.Write where it does retain the input buffer is a risky precedent to set. Switch the behavior to match io.Writer.Write. There are only two implementations of Buffer in existence: * logtail.memBuffer * filch.Filch The former can be fixed by cloning the input to Write. This will cause an extra allocation in every Write, but we can fix that will pooling on the caller side in a follow-up PR. The latter only passes the input to os.File.Write, which does respect the io.Writer.Write requirements. Updates #cleanup Updates tailscale/corp#18514 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	3 weeks ago
Irbe Krumina	231e44e742	Revert "cmd/{k8s-nameserver,k8s-operator},k8s-operator: add a kube nameserver, make operator deploy it (#11017 )" (#11669 ) Temporarily reverting this PR to avoid releasing half finished featue. This reverts commit `9e2f58f846`. Signed-off-by: Irbe Krumina <irbe@tailscale.com>	3 weeks ago
Andrea Gottardo	0001237253	docs/policy: update ADMX and ADML files with new Windows 1.62 syspolicies Updates ENG-2776 Updates the .admx and .adml files to include the new ManagedByOrganizationName, ManagedByCaption and ManagedByURL system policies, added in Tailscale v1.62 for Windows. Co-authored-by: Andrea Gottardo <andrea@gottardo.me> Signed-off-by: Nick Khyl <nickk@tailscale.com>	3 weeks ago
Brad Fitzpatrick	b27238b654	derp/derphttp: don't block in LocalAddr method The derphttp.Client mutex is held during connects (for up to 10 seconds) so this LocalAddr method (blocking on said mutex) could also block for up to 10 seconds, causing a pileup upstream in magicsock/wgengine and ultimately a watchdog timeout resulting in a crash. Updates #11519 Change-Id: Idd1d94ee00966be1b901f6899d8b9492f18add0f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 weeks ago

1 2 3 4 5 ...

7517 Commits (main) All Branches Search

7517 Commits (main)

All Branches