tailscale

Commit Graph

Author	SHA1	Message	Date
Ross Zurowski	832f1028c7	net/netutil: parse IP forwarding val as int, not bool (#8455 ) This commit updates our IP forwarding parsing logic to allow the less common but still valid value of `2` to be parsed as `true`, which fixes an error some users encountered. Fixes #8375 Signed-off-by: Ross Zurowski <ross@rosszurowski.com>	1 year ago
Brad Fitzpatrick	a874f1afd8	all: adjust case of "IPv4" and "IPv6" Updates #docs Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
valscale	e26376194d	ipn/ipnlocal: validate ping type (#8458 ) Correct a minor cut-n-paste error that resulted in an invalid or missing ping type being accepted as a disco ping. Fixes #8457 Signed-off-by: Val <valerie@tailscale.com>	1 year ago
Brad Fitzpatrick	77f56794c9	types/key: add test for NodePublic.Shard Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Tom DNetto	1377618dbc	tsnet: expose field to configure Wireguard port Signed-off-by: Tom DNetto <tom@tailscale.com> Updates #1748	1 year ago
Maisem Ali	8e840489ed	cmd/testwrapper: only retry flaky failed tests Redo the testwrapper to track and only retry flaky tests instead of retrying the entire pkg. It also fails early if a non-flaky test fails. This also makes it so that the go test caches are used. Fixes #7975 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Anton Tolchanov	2cf6e12790	hostinfo: make lxcfs container check more specific Instead of treating any lxcfs mount as an indicator that we're running in a container, check for one of the mounts actually used by LXC containers. For reference, here's a list of mounts I am seeing in an LXC container: ``` $ grep lxcfs /proc/mounts lxcfs /proc/cpuinfo fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/diskstats fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/loadavg fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/meminfo fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/stat fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/swaps fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /proc/uptime fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 lxcfs /sys/devices/system/cpu/online fuse.lxcfs rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other 0 0 ``` Fixes #8444 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Maisem Ali	c11af12a49	.github: actually run tests in CI Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	ba41d14320	syncs: add ShardedMap type Updates tailscale/corp#7354 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	1f57088cbd	words: ovuliferous was a bit too much, but... Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	3417ddc00c	tailcfg: add location field to hostinfo This change adds Location field to HostInfo. Location contains the option for a Country, CountryCode, City, CityCode and a Priority. Neither of these fields are populated by default. The Priority field is used to determine the priority an exit node should be given for use, if the field is set. The higher the value set, the higher priority the node should be given for use. Updates tailscale/corp#12146 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
phirework	2a9817da39	api.md: add info for key description (#8429 ) Updates tailscale/corp#7773 Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
David Anderson	bfe5623a86	tool/gocross: make gocross behave with pre-release Go toolchains Also switch the wrapper script to use bash not posix shell. We now depend on bash elsewhere for saner behavior in esoteric areas, so might as well use it everywhere for consistency. Fixes #8425 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	4a58b1c293	release/dist/synology: remove 'version' field from ui/config As far as I can tell from the DSM documentation and known undocumented fields, there is no 'version' field in this config file that DSM cares about. Updates #8232 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	7c1068b7ac	util/goroutines: let ScrubbedGoroutineDump get only current stack ScrubbedGoroutineDump previously only returned the stacks of all goroutines. I also want to be able to use this for only the current goroutine's stack. Add a bool param to support both ways. Updates tailscale/corp#5149 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
phirework	fbacc0bd39	go.toolchain: switch to tailscale.go1.21 (#8415 ) Updates #8419 Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
Brad Fitzpatrick	8b80d63b42	wgengine/magicsock: clarify a log message is a warning, not an error Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Joe Tsai	61886e031e	ssh/tailssh: fix double race condition with non-pty command (#8405 ) There are two race conditions in output handling. The first race condition is due to a misuse of exec.Cmd.StdoutPipe. The documentation explicitly forbids concurrent use of StdoutPipe with exec.Cmd.Wait (see golang/go#60908) because Wait will close both sides of the pipe once the process ends without any guarantees that all data has been read from the pipe. To fix this, we allocate the os.Pipes ourselves and manage cleanup ourselves when the process has ended. The second race condition is because sshSession.run waits upon exec.Cmd to finish and then immediately proceeds to call ss.Exit, which will close all output streams going to the SSH client. This may interrupt any asynchronous io.Copy still copying data. To fix this, we close the write-side of the os.Pipes after the process has finished (and before calling ss.Exit) and synchronously wait for the io.Copy routines to finish. Fixes #7601 Signed-off-by: Joe Tsai <joetsai@digital-static.net> Co-authored-by: Maisem Ali <maisem@tailscale.com>	1 year ago
dependabot[bot]	d4de60c3ae	.github: Bump actions/checkout from 1 to 3 Bumps [actions/checkout](https://github.com/actions/checkout) from 1 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v1...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
Charlotte Brandhorst-Satzkorn	30d9201a11	VERSION.txt: this is v1.45.0 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Brad Fitzpatrick	32b8f25ed1	Revert "ssh/tailssh: change to user directory when running login/command" This reverts commit `dc5bc32d8f`. It broke tests. (sadly, ones which we have disabled on CI, but go test ./ssh/tailssh broke)	1 year ago
Aaron Bieber	6829caf6de	tsnet: remove extra wording from Store comment	1 year ago
Brad Fitzpatrick	e48c0bf0e7	ipn/ipnlocal: quiet some spammy network lock logging Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
valscale	f314fa4a4a	prober: fix data race when altering derpmap (#8397 ) Move the clearing of STUNOnly flag to the updateMap() function. Fixes #8395 Signed-off-by: Val <valerie@tailscale.com>	1 year ago
Derek Burdick	dc5bc32d8f	ssh/tailssh: change to user directory when running login/command On redhat 9 and similarly locked down systems, root user does not have access to a users directory. This fix does not set a directory for the incubator process and instead sets the directory when the actual process requested by remote user is executed. Fixes #8118 Signed-off-by: Derek Burdick <derek-burdick@users.noreply.github.com>	1 year ago
shayne	6697690b55	{cmd/tailscale/cli,ipn}: add http support to tailscale serve (#8358 ) Updates #8357 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Brad Fitzpatrick	a2153afeeb	types/views: add Slice methods on Slice views Updates #cleanup for change elsewhere. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Sonia Appasamy	0f5090c526	ipn/ipnlocal: add docs header to serve HTTP proxy Adds a `Tailscale-Headers-Info` header whenever the `Tailscale-User-` headers are filled from the HTTP proxy handler. Planning on hooking this shorturl up to KB docs about the header values (i.e. what's a login name vs. display name) and security considerations to keep in mind while using these headers - notibly that they can also be filled from external requests that do not hit tailscaled. Updates https://github.com/tailscale/tailscale/issues/6954 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
valscale	88097b836a	prober: allow monitoring of nodes marked as STUN only in default derpmap (#8391 ) prober uses NewRegionClient() to connect to a derper using a faked up single-node region, but NewRegionClient() fails to connect if there is no non-STUN only client in the region. Set the STUN only flag to false before we call NewRegionClient() so we can monitor nodes marked as STUN only in the default derpmap. Updates #11492 Signed-off-by: Val <valerie@tailscale.com>	1 year ago
Maisem Ali	2ae670eb71	ssh/tailssh: work around lack of scontext in SELinux Trying to SSH when SELinux is enforced results in errors like: ``` ➜ ~ ssh ec2-user@<ip> Last login: Thu Jun 1 22:51:44 from <ip2> ec2-user: no shell: Permission denied Connection to <ip> closed. ``` while the `/var/log/audit/audit.log` has ``` type=AVC msg=audit(1685661291.067:465): avc: denied { transition } for pid=5296 comm="login" path="/usr/bin/bash" dev="nvme0n1p1" ino=2564 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0 ``` The right fix here would be to somehow install the appropriate context when tailscale is installed on host, but until we figure out a way to do that stop using the `login` cmd in these situations. Updates #4908 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Ross Zurowski	0ed088b47b	tka: add function for generating signing deeplinks (#8385 ) This commit continues the work from #8303, providing a method for a tka.Authority to generate valid deeplinks for signing devices. We'll use this to provide the necessary deeplinks for users to sign from their mobile devices. Updates #8302 Signed-off-by: Ross Zurowski <ross@rosszurowski.com>	1 year ago
Flakes Updater	909e9eabe4	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	1 year ago
Andrew Dunham	b6d20e6f8f	go.mod, net/dns/recursive: update github.com/miekg/dns Updates #cleanup Change-Id: If4de6a84448a17dd81cc2a8af788bd18c3d0bbe3 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	1 year ago
Maisem Ali	1302295299	Dockerfile.base: install iputils Fixes #8361 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
License Updater	c6794dec11	licenses: update android licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Nick O'Neill	c783f28228	tool/gocross: properly set simulator deployment target (#8355 ) Fixes tailscale/corp#11876 Signed-off-by: Nick O'Neill <nick@tailscale.com>	1 year ago
License Updater	c1cbd41fdc	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Sonia Appasamy	e1cdcf7708	ipn/ipnlocal: add identity headers to HTTP serve proxy Adds two new headers to HTTP serve proxy: - `Tailscale-User-Login`: Filled with requester's login name. - `Tailscale-User-Name`: Filled with requester's display name. These headers only get filled when the SrcAddr is associated with a non-tagged (i.e. user-owned) node within the client's Tailnet. The headers are passed through empty when the request originated from another tailnet, or the public internet (via funnel). Updates https://github.com/tailscale/tailscale/issues/6954 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Claire Wang	80692edcb8	.github/workflows: Add docker build check (#8345 ) Fixes #8344 Signed-off-by: Claire Wang <claire@tailscale.com>	1 year ago
Claire Wang	27a0f0a55b	Remove unused dependency from dockerfile (#8343 ) Closes #8342 Signed-off-by: Claire Wang <claire@tailscale.com>	1 year ago
Andrea Gottardo	99f17a7135	tka: provide verify-deeplink local API endpoint (#8303 ) * tka: provide verify-deeplink local API endpoint Fixes https://github.com/tailscale/tailscale/issues/8302 Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Address code review comments Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Address code review comments by Ross Signed-off-by: Andrea Gottardo <andrea@tailscale.com> * Improve error encoding, fix logic error Signed-off-by: Andrea Gottardo <andrea@tailscale.com> --------- Signed-off-by: Andrea Gottardo <andrea@tailscale.com>	1 year ago
Graham Christensen	4dda949760	tailscale ping: note that `-c` can take 0 for infinity Signed-off-by: Graham Christensen <graham@grahamc.com>	1 year ago
Brad Fitzpatrick	a076213f58	net/memnet: add optional Listener.NewConn config knob Updates tailscale/corp#11620 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
License Updater	4451a7c364	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Maisem Ali	fe95d81b43	ipn/ipnlocal,wgengine/netstack: move LocalBackend specifc serving logic to LocalBackend The netstack code had a bunch of logic to figure out if the LocalBackend should handle an incoming connection and then would call the function directly on LocalBackend. Move that logic to LocalBackend and refactor the methods to return conn handlers. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Denton Gentry	5b110685fb	wgengine/netstack: increase maxInFlightConnectionAttempts Address reports of subnet router instability when running in `--tun=userspace-networking` mode. Fixes https://github.com/tailscale/corp/issues/12184 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
License Updater	0b3b81b37a	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
dependabot[bot]	6172f9590b	.github: Bump golangci/golangci-lint-action from 3.4.0 to 3.6.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.4.0 to 3.6.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](`08e2f20817...639cd343e1`) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
Brad Fitzpatrick	1543e233e6	net/tstun, tsnet: make happier on WASI Also fix a js/wasm issue with tsnet in the process. (same issue as WASI) Updates #8320 Fixes #8315 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Flakes Updater	167e154bcc	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	1 year ago

... 3 4 5 6 7 ...

6037 Commits (0e9f04c83c38eefac6bf55657184f22d11d777b9) All Branches Search

6037 Commits (0e9f04c83c38eefac6bf55657184f22d11d777b9)

All Branches