tailscale

Commit Graph

Author	SHA1	Message	Date
salman aljammaz	25a7204bb4	wgengine,ipn,cmd/tailscale: add size option to ping (#8739 ) This adds the capability to pad disco ping message payloads to reach a specified size. It also plumbs it through to the tailscale ping -size flag. Disco pings used for actual endpoint discovery do not use this yet. Updates #311. Signed-off-by: salman <salman@tailscale.com> Co-authored-by: Val <valerie@tailscale.com>	11 months ago
Claire Wang	a17c45fd6e	control: use tstime instead of time (#8595 ) Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	11 months ago
Sonia Appasamy	301e59f398	tailcfg,ipn/localapi,client/tailscale: add QueryFeature endpoint Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	11 months ago
Andrew Lytvynov	f57cc19ba2	cmd/tailscale/cli: add latest version output to "tailscale version" (#8700 ) Add optional `--upstream` flag to `tailscale version` to fetch the latest upstream release version from `pkgs.tailscale.com`. This is useful to diagnose `tailscale update` behavior or write other tooling. Example output: $ tailscale version --upstream --json { "majorMinorPatch": "1.47.35", "short": "1.47.35", "long": "1.47.35-t6afffece8", "unstableBranch": true, "gitCommit": "6afffece8a32509aa7a4dc2972415ec58d8316de", "cap": 66, "upstream": "1.45.61" } Fixes #8669 RELNOTE=adds "tailscale version --upstream" Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Tom DNetto	767e839db5	all: implement lock revoke-keys command The revoke-keys command allows nodes with tailnet lock keys to collaborate to erase the use of a compromised key, and remove trust in it. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates ENG-1848	11 months ago
Aaron Klotz	7adf15f90e	cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support Previously, tailscale upgrade was doing the bare minimum for checking authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do better: * WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't determine whose signature is valid; tailscale upgrade should also ensure that the binary is actually signed by us. * I added the ability to check the signatures of MSI files. * In future PRs I will be adding diagnostic logging that lists details about every module (ie, DLL) loaded into our process. As part of that metadata, I want to be able to extract information about who signed the binaries. This code is modelled on some C++ I wrote for Firefox back in the day. See https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp for reference. Fixes #8284 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	11 months ago
David Anderson	52212f4323	all: update exp/slices and fix call sites slices.SortFunc suffered a late-in-cycle API breakage. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	11 months ago
Claire Wang	90a7d3066c	derp: use tstime (#8634 ) Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	11 months ago
Charlotte Brandhorst-Satzkorn	35bdbeda9f	cli: introduce exit-node subcommand to list and filter exit nodes This change introduces a new subcommand, `exit-node`, along with a subsubcommand of `list` and a `--filter` flag. Exit nodes without location data will continue to be displayed when `status` is used. Exit nodes with location data will only be displayed behind `exit-node list`, and in status if they are the active exit node. The `filter` flag can be used to filter exit nodes with location data by country. Exit nodes with Location.Priority data will have only the highest priority option for each country and city listed. For countries with multiple cities, a <Country> <Any> option will be displayed, indicating the highest priority node within that country. Updates tailscale/corp#13025 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	11 months ago
Andrew Lytvynov	9edb848505	cmd/tailscale/cli: implement update on FreeBSD (#8710 ) Implement `tailscale update` on FreeBSD. This is much simpler than other platforms because `pkg rquery` lets us get the version in their repos without any extra parsing. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Andrew Lytvynov	306deea03a	cmd/tailscale/cli,version/distro: update support for Alpine (#8701 ) Similar to Arch support, use the latest version info from the official `apk` repo and don't offer explicit track or version switching. Add detection for Alpine Linux in version/distro along the way. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Andrew Lytvynov	894b237a70	cmd/tailscale/cli: implement update for dnf/yum-based distros (#8678 ) This is the Fedora family of distros, including CentOS, RHEL and others. Tested in `fedora:latest` and `centos:7` containers. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Brad Fitzpatrick	88cc0ad9f7	util/linuxfw: remove yet-unused code to fix linux/arm64 crash The util/linuxfw/iptables.go had a bunch of code that wasn't yet used (in prep for future work) but because of its imports, ended up initializing code deep within gvisor that panicked on init on arm64 systems not using 4KB pages. This deletes the unused code to delete the imports and remove the panic. We can then cherry-pick this back to the branch and restore it later in a different way. A new test makes sure we don't regress in the future by depending on the panicking package in question. Fixes #8658 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Chris Palmer	32d486e2bf	cmd/tailscale/cli: ensure custom UsageFunc is always set (#8665 ) Updates #6995 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	11 months ago
Chris Palmer	3c53bedbbf	cmd/tailscale/cli: limit Darwin-only option to Darwin (#8657 )	11 months ago
Andrew Lytvynov	efd6d90dd7	cmd/tailscale/cli: implement update for arch-based distros (#8655 ) Arch version of tailscale is not maintained by us, but is generally up-to-date with our releases. Therefore "tailscale update" is just a thin wrapper around "pacman -Sy tailscale" with different flags. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Chris Palmer	3f6b0d8c84	cmd/tailscale/cli: make `tailscale update` query `softwareupdate` (#8641 ) * cmd/tailscale/cli: make `tailscale update` query `softwareupdate` Even on macOS when Tailscale was installed via the App Store, we can check for and even install new versions if people ask explicitly. Also, warn if App Store AutoUpdate is not turned on. Updates #6995	11 months ago
Tom DNetto	abcb7ec1ce	cmd/tailscale: warn if node is locked out on bringup Updates https://github.com/tailscale/corp/issues/12718 Signed-off-by: Tom DNetto <tom@tailscale.com>	11 months ago
Will Norris	f8b0caa8c2	serve: fix hostname for custom http ports When using a custom http port like 8080, this was resulting in a constructed hostname of `host.tailnet.ts.net:8080.tailnet.ts.net` when looking up the serve handler. Instead, strip off the port before adding the MagicDNS suffix. Also use the actual hostname in `serve status` rather than the literal string "host". Fixes #8635 Signed-off-by: Will Norris <will@tailscale.com>	11 months ago
Andrew Lytvynov	7a82fd8dbe	ipn/ipnlocal: add optional support for ACME Renewal Info (ARI) (#8599 )	12 months ago
Denton Gentry	4f95b6966b	cmd/tailscale: remove TS_EXPERIMENT_OAUTH_AUTHKEY guardrail We've had support for OAuth client keys in `--authkey=...` for several releases, and we're using it in https://github.com/tailscale/github-action Remove the TS_EXPERIMENT_* guardrail, it is fully supported now. Fixes https://github.com/tailscale/tailscale/issues/8403 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	12 months ago
Andrew Dunham	a7648a6723	net/dnsfallback: run recursive resolver and compare results When performing a fallback DNS query, run the recursive resolver in a separate goroutine and compare the results returned by the recursive resolver with the results we get from "regular" bootstrap DNS. This will allow us to gather data about whether the recursive DNS resolver works better, worse, or about the same as "regular" bootstrap DNS. Updates #5853 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ifa0b0cc9eeb0dccd6f7a3d91675fe44b3b34bd48	12 months ago
Maisem Ali	2e19790f61	types/views: add JSON marshal/unmarshal and AsMap to Map This allows cloning a Map as well as marshaling the Map as JSON. Updates tailscale/corp#12754 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Tom DNetto	97ee0bc685	cmd/tailscale: improve error message when signing without a tailnet lock key Updates #8568 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Andrew Dunham	ab310a7f60	derp: use new net/tcpinfo package Updates #8413 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8bf8046517195a6d42cabb32d6ec7f1f79cef860	1 year ago
KevinLiang10	243ce6ccc1	util/linuxfw: decoupling IPTables logic from linux router This change is introducing new netfilterRunner interface and moving iptables manipulation to a lower leveled iptables runner. For #391 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	1 year ago
phirework	fbacc0bd39	go.toolchain: switch to tailscale.go1.21 (#8415 ) Updates #8419 Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
shayne	6697690b55	{cmd/tailscale/cli,ipn}: add http support to tailscale serve (#8358 ) Updates #8357 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Graham Christensen	4dda949760	tailscale ping: note that `-c` can take 0 for infinity Signed-off-by: Graham Christensen <graham@grahamc.com>	1 year ago
Brad Fitzpatrick	67e912824a	all: adjust some build tags for wasi A start. Updates #8320 Change-Id: I64057f977be51ba63ce635c56d67de7ecec415d1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	eefee6f149	all: use cmpx.Or where it made sense I left a few out where writing it explicitly was better for various reasons. Updates #8296 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Derek Kaser	7c88eeba86	cmd/tailscale: allow Tailscale to work with Unraid web interface (#8062 ) Updates tailscale/tailscale#8026 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	1 year ago
Sonia Appasamy	f0ee03dfaf	cmd/tailscale/cli: [serve] add reset flag Usage: `tailscale serve reset` Fixes #8139 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Brad Fitzpatrick	4664318be2	client/tailscale: revert CreateKey API change, add Client.CreateKeyWithExpiry The client/tailscale is a stable-ish API we try not to break. Revert the Client.CreateKey method as it was and add a new CreateKeyWithExpiry method to do the new thing. And document the expiry field and enforce that the time.Duration can't be between in range greater than 0 and less than a second. Updates #7143 Updates #8124 (reverts it, effectively) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
shayne	678bb92bb8	cmd/tailscale/cli: [up] fix CreateKey missing argument (#8124 ) Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Derek Kaser	0d7303b798	various: add detection and Taildrop for Unraid Updates tailscale/tailscale#8025 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	1 year ago
Brad Fitzpatrick	9e9ea6e974	go.mod: bump all deps possible that don't break the build This holds back gvisor, kubernetes, goreleaser, and esbuild, which all had breaking API changes. Updates #8043 Updates #7381 Updates #8042 (updates u-root which adds deps) Change-Id: I889759bea057cd3963037d41f608c99eb7466a5b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	161d1d281a	net/ping,netcheck: add v6 pinging capabilities to pinger (#7971 ) This change adds a v6conn to the pinger to enable sending pings to v6 addrs. Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Maisem Ali	a8f10c23b2	cmd/tailscale/cli: [up] reuse --advertise-tags for OAuth key generation We need to always specify tags when creating an AuthKey from an OAuth key. Check for that, and reuse the `--advertise-tags` param. Updates #7982 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	b2b5379348	cmd/tailscale/cli: [up] change oauth authkey format Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	13de36303d	cmd/tailscale/cli: [up] add experimental oauth2 authkey support Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
shayne	018a382729	cmd/tailscale/cli: [serve] fix MinGW path conversion (#7964 ) Fixes #7963 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Mihai Parparita	7330aa593e	all: avoid repeated default interface lookups On some platforms (notably macOS and iOS) we look up the default interface to bind outgoing connections to. This is both duplicated work and results in logspam when the default interface is not available (i.e. when a phone has no connectivity, we log an error and thus cause more things that we will try to upload and fail). Fixed by passing around a netmon.Monitor to more places, so that we can use its cached interface state. Fixes #7850 Updates #7621 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Mihai Parparita	4722f7e322	all: move network monitoring from wgengine/monitor to net/netmon We're using it in more and more places, and it's not really specific to our use of Wireguard (and does more just link/interface monitoring). Also removes the separate interface we had for it in sockstats -- it's a small enough package (we already pull in all of its dependencies via other paths) that it's not worth the extra complexity. Updates #7621 Updates #7850 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Andrew Dunham	f85dc6f97c	ci: add more lints (#7909 ) This is a follow-up to #7905 that adds two more linters and fixes the corresponding findings. As per the previous PR, this only flags things that are "obviously" wrong, and fixes the issues found. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8739bdb7bc4f75666a7385a7a26d56ec13741b7c	1 year ago
Andrew Dunham	228d0c6aea	net/netcheck: use dnscache.Resolver when resolving DERP IPs This also adds a bunch of tests for this function to ensure that we're returning the proper IP(s) in all cases. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0d9d57170dbab5f2bf07abdf78ecd17e0e635399	1 year ago
Tom DNetto	6a627e5a33	net, wgengine/capture: encode NAT addresses in pcap stream Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
phirework	c0e0a5458f	cmd/tailscale: show reauth etc. links even if no login name (#7803 ) Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
shayne	81fd00a6b7	cmd/tailscale/cli: [serve] add support for proxy paths (#7800 )	1 year ago
shayne	59879e5770	cmd/tailscale/cli: make serve and funnel visible in list (#7737 )	1 year ago

1 2 3 4 5 ...

653 Commits (25a7204bb4d6c007417f0562abadf1ce4246683e)