tailscale

Commit Graph

Author	SHA1	Message	Date
David Anderson	0e4f2bdd0c	pull-toolchain.sh: don't run update-flake.sh We no longer carry an SRI hash for the toolchain, so flake updating is no longer needed for toolchain changes. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	33f29a1532	go.toolchain.rev: update toolchain to test iOS Go fix Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Andrew Dunham	ba48ec5e39	util/linuxfw: initial implementation of package This package is an initial implementation of something that can read netfilter and iptables rules from the Linux kernel without needing to shell out to an external utility; it speaks directly to the kernel using syscalls and parses the data returned. Currently this is read-only since it only knows how to parse a subset of the available data. Signed-off-by: Andrew Dunham <andrew@tailscale.com> Change-Id: Iccadf5dcc081b73268d8ccf8884c24eb6a6f1ff5	1 year ago
Colin Adler	3c107ff301	net/connstats: fix ticker in NewStatistics (#7225 ) `:=` was accidentally used, so `maxPeriod` never worked. Signed-off-by: Colin Adler <colin1adler@gmail.com>	1 year ago
Will Norris	6ef834a6b7	get-authkey: require tags to be specified Tailnet-owned auth keys (which all OAuth-created keys are) must include tags, since there is no user to own the registered devices. Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Maisem Ali	89bd414be6	ipn/ipnstate: update field docs on PeerStatus. Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Mihai Parparita	2f4df30c75	.github/workflows: re-enable CIFuzz job Having an empty `on` spec results in the job still running, but it immediately fails with a "No jobs were run" message. Go back to the original `on: [pull_request]` spec, and disable the workflow in the GitHub UI instead. This reverts commit `f7b3156f16`. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Mihai Parparita	62f4df3257	net/interfaces, net/netns: add node attributes to control default interface getting and binding With #6566 we started to more aggressively bind to the default interface on Darwin. We are seeing some reports of the wrong cellular interface being chosen on iOS. To help with the investigation, this adds to knobs to control the behavior changes: - CapabilityDebugDisableAlternateDefaultRouteInterface disables the alternate function that we use to get the default interface on macOS and iOS (implemented in tailscale/corp#8201). We still log what it would have returned so we can see if it gets things wrong. - CapabilityDebugDisableBindConnToInterface is a bigger hammer that disables binding of connections to the default interface altogether. Updates #7184 Updates #7188 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Brad Fitzpatrick	fb84ccd82d	control/controlhttp: don't require valid TLS cert for Noise connection We don't require any cert at all for Noise-over-plaintext-port-80-HTTP, so why require a valid cert chain for Noise-over-HTTPS? The reason we use HTTPS at all is to get through firewalls that allow tcp/443 but not tcp/80, not because we need the security properties of TLS. Updates #3198 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	2477fc4952	net/netutil: only check Linux sysctls w/ procfs, assume absent means false Fixes #7217 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	05adf22383	cmd/k8s-operator: add support for running an auth proxy Updates #5055 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Mihai Parparita	31e2e9a300	ipn: remove unused NLKeyStateKey constant We stopped writing network lock keys as separate items with #6315, the constant is no longer used. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Mihai Parparita	f0f2b2e22b	logtail: increase maximum log line size in low memory mode The 255 byte limit was chosen more than 3 years ago (tailscale/corp@929635c9d9), when iOS was operating under much more significant memory constraints. With iOS 15 the network extension has an increased limit, so increasing it to 4K should be fine. The motivating factor was that the network interfaces being logged by linkChange in wgengine/userspace.go were getting truncated, and it would be useful to know why in some cases we're choosing the pdp_ip1 cell interface instead of the pdp_ip0 one. Updates #7184 Updates #7188 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
M. J. Fromberger	9be47f789c	ipn/ipnlocal: fix the path for writing cert files (#7203 ) Fixes #7202. Change-Id: I1f8e9c59d5e42e7df7a3fbbd82ae2b4293845916 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	1 year ago
Andrew Dunham	cab2b2b59e	ipn/localapi: print envknobs on bugreport Previously, we only printed these at startup; print those when the user generates a bugreport as we so we don't have to go spelunking through the logs. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: If5b0970f09fcb4cf8839958af5d37f84e0ba6ed2	1 year ago
David Anderson	59c254579e	version: unify and optimize the various not-version funcs Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Maisem Ali	0fd2f71a1e	ipn/ipnlocal: use presence of NodeID to identify logins The profileManager was using the LoginName as a proxy to figure out if the profile had logged in, however the LoginName is not present if the node was created with an Auth Key that does not have an associated user. Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	2a094181df	.github/workflows: use ./tool/go in go mod tidy Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Andrew Dunham	6d84f3409b	ipn/ipnlocal: handle more edge cases in netmap expiry timer We now handle the case where the NetworkMap.SelfNode has already expired and do not return an expiry time in the past (which causes an ~infinite loop of timers to fire). Additionally, we now add an explicit check to ensure that the next expiry time is never before the current local-to-the-system time, to ensure that we don't end up in a similar situation due to clock skew. Finally, we add more tests for this logic to ensure that we don't regress on these edge cases. Fixes #7193 Change-Id: Iaf8e3d83be1d133a7aab7f8d62939e508cc53f9c Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	1 year ago
Tom DNetto	99b9d7a621	all: implement pcap streaming for datapath debugging Updates: tailscale/corp#8470 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
David Anderson	1acdcff63e	go.toolchain.rev: update toolchain to test ios workaround Updates tailscale/corp#9061 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Denton Gentry	4daba23cd4	cmd/get-authkey: add an OAuth API client to produce an authkey Updates https://github.com/tailscale/tailscale/issues/3243 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Maisem Ali	6bae55e351	ipn/ipnlocal: add support to store certs in k8s secrets Fixes #5676 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Mihai Parparita	0e3fb91a39	net/dns/resolver: remove maxDoHInFlight It was originally added to control memory use on iOS (#2490), but then was relaxed conditionally when running on iOS 15 (#3098). Now that we require iOS 15, there's no need for the limit at all, so simplify back to the original state. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Mihai Parparita	b6908181ff	net/tshttpproxy: more directly use Transport proxy CONNECT hooks GetProxyConnectHeader (golang/go#41048) was upstreamed in Go 1.16 and OnProxyConnectResponse (golang/go#54299) in Go 1.20, thus we no longer need to guard their use by the tailscale_go build tag. Updates #7123 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
License Updater	0e1403ec39	licenses: update win/apple licenses Signed-off-by: License Updater <noreply@tailscale.com>	1 year ago
David Crawshaw	8cf2805cca	tailcfg, localapi: plumb device token to server Updates tailscale/corp#8940 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	1 year ago
Brad Fitzpatrick	38b32be926	tailcfg: add wire fields/docs for resuming streaming map sessions No implementation yet. Updates #7175 Change-Id: Id242d47cdd83afe4d254c8c5826f058fe39c8bfd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	880a41bfcc	net/dns/resolver: add envknob to debug exit node DNS queries on on Windows Add the envknob TS_DEBUG_EXIT_NODE_DNS_NET_PKG, which enables more verbose debug logging when calling the handleExitNodeDNSQueryWithNetPkg function. This function is currently only called on Windows and Android. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ieb3ca7b98837d7dc69cd9ca47609c1c52e3afd7b	1 year ago
Andrew Dunham	d2301db49c	ipn/localapi: print node IDs, pubkeys, and expiry on bugreport Having this information near the "user bugreport" line makes it easier to identify the node and expiry without spelunking through the rest of the logs. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I1597c783efc06574fa4c8f211e68d835f20b6ccb	1 year ago
License Updater	0aa7b495d5	licenses: update win/apple licenses Signed-off-by: License Updater <noreply@tailscale.com>	1 year ago
David Anderson	02a2dcfc86	go.toolchain.rev: use new statically built toolchain Also removes the toolchain builds from flake.nix. For now the flake build uses upstream Go 1.20, a followup change will switch it back to our custom toolchain. Updates tailscale/corp#9005 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Andrew Dunham	2dc3dc21a8	util/multierr: implement Go 1.20+'s multiple error Unwrap Now that Go 1.20 is released, multierr.Error can implement Unwrap() []error Updates #7123 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ic28c2579de6799801836c447afbca8cdcba732cf	1 year ago
Andrew Dunham	5ba2543828	ipn/ipnlocal: print warning about DNS servers in bugreport --diagnose If the user passes the --diagnose flag, print a warning if any of the default or fallback DNS resolvers are Tailscale IPs. This can interfere with the ability to connect to the controlplane, and is typically something to pay attention to if there's a connectivity issue. Change-Id: Ib14bf6228c037877fbdcd22b069212b1a4b2c456 Signed-off-by: Andrew Dunham <andrew@tailscale.com>	1 year ago
License Updater	c4eb857405	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	1 year ago
Brad Fitzpatrick	03645f0c27	net/{netns,netstat}: use new x/sys/cpu.IsBigEndian See golang/go#57237 Change-Id: If47ab6de7c1610998a5808e945c4177c561eab45 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	2755f3843c	health, net/tlsdial: add healthcheck for self-signed cert When we make a connection to a server, we previously would verify with the system roots, and then fall back to verifying with our baked-in Let's Encrypt root if the system root cert verification failed. We now explicitly check for, and log a health error on, self-signed certificates. Additionally, we now always verify against our baked-in Let's Encrypt root certificate and log an error if that isn't successful. We don't consider this a health failure, since if we ever change our server certificate issuer in the future older non-updated versions of Tailscale will no longer be healthy despite being able to connect. Updates #3198 Change-Id: I00be5ceb8afee544ee795e3c7a2815476abc4abf Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	1 year ago
Andrew Dunham	7393ce5e4f	wgengine/magicsock: add envknob to print information about port selection To aid in debugging where a customer has static port-forwards set up and there are issues establishing a connection through that port. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ic5558bcdb40c9119b83f79dcacf2233b07777f2a	1 year ago
Brad Fitzpatrick	cf8dd7aa09	all: use Go 1.20's bytes.Clone Updates #7123 Updates #6257 (more to do in other repos) Change-Id: I073e2a6d81a5d7fbecc29caddb7e057ff65239d0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	f7b3156f16	.github/workflows: delete CIFuzz job It doesn't yet support Go 1.20. We can bring it back later. Updates #7123 Change-Id: I6c4a4090e910d06f34c3f4d612e737989fe85812 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	b1248442c3	all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork Updates #7123 Updates #5309 Change-Id: I90bcd87a2fb85a91834a0dd4be6e03db08438672 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	623176ebc9	go.toolchain.branch: update to Go 1.20 Updates #7123 Change-Id: I64f6d8de5bb511a23318118b4ea1146247f1ad7c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Will Norris	10085063fb	util/vizerror: add As function to get wrapped Error Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	51e1ab5560	fixup! util/vizerror: add new package for visible errors Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	648aa00a28	fixup! util/vizerror: add new package for visible errors Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	a6c6979b85	fixup! util/vizerror: add new package for visible errors Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	598ec463bc	fixup! util/vizerror: add new package for visible errors Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	8e6a1ab175	util/vizerror: add new package for visible errors Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Brad Fitzpatrick	27d146d4f8	.github/ISSUE_TEMPLATE: add link to wiki/OtherSoftwareInterop Add question about https://github.com/tailscale/tailscale/wiki/OtherSoftwareInterop in the issue template. Change-Id: I6ca374654e9f67be9cb447bb5d5f66a9087fd945 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	ca45fe2d46	cmd/tailscale/cli: delete ActLikeCLI It's since been rewritten in Swift. #cleanup Change-Id: I0860d681e8728697804ce565f63c5613b8b1088c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago

1 2 3 4 5 ...

5274 Commits (0e4f2bdd0caf992950fab4f53554b8dbcb22cac3) All Branches Search

5274 Commits (0e4f2bdd0caf992950fab4f53554b8dbcb22cac3)

All Branches