tailscale

Commit Graph

Author	SHA1	Message	Date
salman aljammaz	25a7204bb4	wgengine,ipn,cmd/tailscale: add size option to ping (#8739 ) This adds the capability to pad disco ping message payloads to reach a specified size. It also plumbs it through to the tailscale ping -size flag. Disco pings used for actual endpoint discovery do not use this yet. Updates #311. Signed-off-by: salman <salman@tailscale.com> Co-authored-by: Val <valerie@tailscale.com>	11 months ago
Sonia Appasamy	301e59f398	tailcfg,ipn/localapi,client/tailscale: add QueryFeature endpoint Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	11 months ago
Andrew Lytvynov	f57cc19ba2	cmd/tailscale/cli: add latest version output to "tailscale version" (#8700 ) Add optional `--upstream` flag to `tailscale version` to fetch the latest upstream release version from `pkgs.tailscale.com`. This is useful to diagnose `tailscale update` behavior or write other tooling. Example output: $ tailscale version --upstream --json { "majorMinorPatch": "1.47.35", "short": "1.47.35", "long": "1.47.35-t6afffece8", "unstableBranch": true, "gitCommit": "6afffece8a32509aa7a4dc2972415ec58d8316de", "cap": 66, "upstream": "1.45.61" } Fixes #8669 RELNOTE=adds "tailscale version --upstream" Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Tom DNetto	767e839db5	all: implement lock revoke-keys command The revoke-keys command allows nodes with tailnet lock keys to collaborate to erase the use of a compromised key, and remove trust in it. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates ENG-1848	11 months ago
Aaron Klotz	7adf15f90e	cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support Previously, tailscale upgrade was doing the bare minimum for checking authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do better: * WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't determine whose signature is valid; tailscale upgrade should also ensure that the binary is actually signed by us. * I added the ability to check the signatures of MSI files. * In future PRs I will be adding diagnostic logging that lists details about every module (ie, DLL) loaded into our process. As part of that metadata, I want to be able to extract information about who signed the binaries. This code is modelled on some C++ I wrote for Firefox back in the day. See https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp for reference. Fixes #8284 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	11 months ago
David Anderson	52212f4323	all: update exp/slices and fix call sites slices.SortFunc suffered a late-in-cycle API breakage. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	11 months ago
Charlotte Brandhorst-Satzkorn	35bdbeda9f	cli: introduce exit-node subcommand to list and filter exit nodes This change introduces a new subcommand, `exit-node`, along with a subsubcommand of `list` and a `--filter` flag. Exit nodes without location data will continue to be displayed when `status` is used. Exit nodes with location data will only be displayed behind `exit-node list`, and in status if they are the active exit node. The `filter` flag can be used to filter exit nodes with location data by country. Exit nodes with Location.Priority data will have only the highest priority option for each country and city listed. For countries with multiple cities, a <Country> <Any> option will be displayed, indicating the highest priority node within that country. Updates tailscale/corp#13025 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	11 months ago
Andrew Lytvynov	9edb848505	cmd/tailscale/cli: implement update on FreeBSD (#8710 ) Implement `tailscale update` on FreeBSD. This is much simpler than other platforms because `pkg rquery` lets us get the version in their repos without any extra parsing. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Andrew Lytvynov	306deea03a	cmd/tailscale/cli,version/distro: update support for Alpine (#8701 ) Similar to Arch support, use the latest version info from the official `apk` repo and don't offer explicit track or version switching. Add detection for Alpine Linux in version/distro along the way. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Andrew Lytvynov	894b237a70	cmd/tailscale/cli: implement update for dnf/yum-based distros (#8678 ) This is the Fedora family of distros, including CentOS, RHEL and others. Tested in `fedora:latest` and `centos:7` containers. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Chris Palmer	32d486e2bf	cmd/tailscale/cli: ensure custom UsageFunc is always set (#8665 ) Updates #6995 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	11 months ago
Chris Palmer	3c53bedbbf	cmd/tailscale/cli: limit Darwin-only option to Darwin (#8657 )	11 months ago
Andrew Lytvynov	efd6d90dd7	cmd/tailscale/cli: implement update for arch-based distros (#8655 ) Arch version of tailscale is not maintained by us, but is generally up-to-date with our releases. Therefore "tailscale update" is just a thin wrapper around "pacman -Sy tailscale" with different flags. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Chris Palmer	3f6b0d8c84	cmd/tailscale/cli: make `tailscale update` query `softwareupdate` (#8641 ) * cmd/tailscale/cli: make `tailscale update` query `softwareupdate` Even on macOS when Tailscale was installed via the App Store, we can check for and even install new versions if people ask explicitly. Also, warn if App Store AutoUpdate is not turned on. Updates #6995	11 months ago
Tom DNetto	abcb7ec1ce	cmd/tailscale: warn if node is locked out on bringup Updates https://github.com/tailscale/corp/issues/12718 Signed-off-by: Tom DNetto <tom@tailscale.com>	11 months ago
Will Norris	f8b0caa8c2	serve: fix hostname for custom http ports When using a custom http port like 8080, this was resulting in a constructed hostname of `host.tailnet.ts.net:8080.tailnet.ts.net` when looking up the serve handler. Instead, strip off the port before adding the MagicDNS suffix. Also use the actual hostname in `serve status` rather than the literal string "host". Fixes #8635 Signed-off-by: Will Norris <will@tailscale.com>	11 months ago
Denton Gentry	4f95b6966b	cmd/tailscale: remove TS_EXPERIMENT_OAUTH_AUTHKEY guardrail We've had support for OAuth client keys in `--authkey=...` for several releases, and we're using it in https://github.com/tailscale/github-action Remove the TS_EXPERIMENT_* guardrail, it is fully supported now. Fixes https://github.com/tailscale/tailscale/issues/8403 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	12 months ago
Tom DNetto	97ee0bc685	cmd/tailscale: improve error message when signing without a tailnet lock key Updates #8568 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
shayne	6697690b55	{cmd/tailscale/cli,ipn}: add http support to tailscale serve (#8358 ) Updates #8357 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Graham Christensen	4dda949760	tailscale ping: note that `-c` can take 0 for infinity Signed-off-by: Graham Christensen <graham@grahamc.com>	1 year ago
Brad Fitzpatrick	eefee6f149	all: use cmpx.Or where it made sense I left a few out where writing it explicitly was better for various reasons. Updates #8296 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Derek Kaser	7c88eeba86	cmd/tailscale: allow Tailscale to work with Unraid web interface (#8062 ) Updates tailscale/tailscale#8026 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	1 year ago
Sonia Appasamy	f0ee03dfaf	cmd/tailscale/cli: [serve] add reset flag Usage: `tailscale serve reset` Fixes #8139 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Brad Fitzpatrick	4664318be2	client/tailscale: revert CreateKey API change, add Client.CreateKeyWithExpiry The client/tailscale is a stable-ish API we try not to break. Revert the Client.CreateKey method as it was and add a new CreateKeyWithExpiry method to do the new thing. And document the expiry field and enforce that the time.Duration can't be between in range greater than 0 and less than a second. Updates #7143 Updates #8124 (reverts it, effectively) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
shayne	678bb92bb8	cmd/tailscale/cli: [up] fix CreateKey missing argument (#8124 ) Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Derek Kaser	0d7303b798	various: add detection and Taildrop for Unraid Updates tailscale/tailscale#8025 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	1 year ago
Maisem Ali	a8f10c23b2	cmd/tailscale/cli: [up] reuse --advertise-tags for OAuth key generation We need to always specify tags when creating an AuthKey from an OAuth key. Check for that, and reuse the `--advertise-tags` param. Updates #7982 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	b2b5379348	cmd/tailscale/cli: [up] change oauth authkey format Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	13de36303d	cmd/tailscale/cli: [up] add experimental oauth2 authkey support Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
shayne	018a382729	cmd/tailscale/cli: [serve] fix MinGW path conversion (#7964 ) Fixes #7963 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Mihai Parparita	7330aa593e	all: avoid repeated default interface lookups On some platforms (notably macOS and iOS) we look up the default interface to bind outgoing connections to. This is both duplicated work and results in logspam when the default interface is not available (i.e. when a phone has no connectivity, we log an error and thus cause more things that we will try to upload and fail). Fixed by passing around a netmon.Monitor to more places, so that we can use its cached interface state. Fixes #7850 Updates #7621 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Andrew Dunham	f85dc6f97c	ci: add more lints (#7909 ) This is a follow-up to #7905 that adds two more linters and fixes the corresponding findings. As per the previous PR, this only flags things that are "obviously" wrong, and fixes the issues found. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8739bdb7bc4f75666a7385a7a26d56ec13741b7c	1 year ago
Andrew Dunham	228d0c6aea	net/netcheck: use dnscache.Resolver when resolving DERP IPs This also adds a bunch of tests for this function to ensure that we're returning the proper IP(s) in all cases. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0d9d57170dbab5f2bf07abdf78ecd17e0e635399	1 year ago
phirework	c0e0a5458f	cmd/tailscale: show reauth etc. links even if no login name (#7803 ) Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
shayne	81fd00a6b7	cmd/tailscale/cli: [serve] add support for proxy paths (#7800 )	1 year ago
shayne	59879e5770	cmd/tailscale/cli: make serve and funnel visible in list (#7737 )	1 year ago
Anton Tolchanov	2a933c1903	cmd/tailscale: extend hostname validation (#7678 ) In addition to checking the total hostname length, validate characters used in each DNS label and label length. Updates https://github.com/tailscale/corp/issues/10012 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
shayne	43f7ec48ca	funnel: change references from alpha to beta (#7613 ) Updates CLI and docs to reference Funnel as beta Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Tom DNetto	60cd4ac08d	cmd/tailscale/cli: move tskey-wrap functionality under lock sign Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Mihai Parparita	e1fb687104	cmd/tailscale/cli: fix inconsistency between serve text and example command Use the same local port number in both, and be more precise about what is being forwarded Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
James 'zofrex' Sanderson	9534783758	tailscale/cmd: Warn for up --force-reauth over SSH without accepting the risk (#7575 ) Fixes #6377 Signed-off-by: James Sanderson <jsanderson@tailscale.com>	1 year ago
shayne	2b892ad6e7	cmd/tailscale/cli: [serve] rework commands based on feedback (#6521 ) ``` $ tailscale serve https:<port> <mount-point> <source> [off] $ tailscale serve tcp:<port> tcp://localhost:<local-port> [off] $ tailscale serve tls-terminated-tcp:<port> tcp://localhost:<local-port> [off] $ tailscale serve status [--json] $ tailscale funnel <serve-port> {on\|off} $ tailscale funnel status [--json] ``` Fixes: #6674 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Maisem Ali	5e8a80b845	all: replace /kb/ links with /s/ equivalents Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	09aed46d44	cmd/tailscale/cli: update docs and unhide configure Also call out Alpha. Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	3ff44b2307	ipn: add Funnel port check from nodeAttr Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	ccdd534e81	tsnet: add ListenFunnel This lets a tsnet binary share a server out over Tailscale Funnel. Signed-off-by: David Crawshaw <crawshaw@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Tom DNetto	92fc243755	cmd/tailscale: annotate tailnet-lock keys which wrap pre-auth keys Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Tom DNetto	3471fbf8dc	cmd/tailscale: surface node-key for locked out tailnet-lock peers Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Tom DNetto	ce99474317	all: implement preauth-key support with tailnet lock Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Andrew Dunham	be107f92d3	wgengine/magicsock: track per-endpoint changes in ringbuffer This change adds a ringbuffer to each magicsock endpoint that keeps a fixed set of "changes"–debug information about what updates have been made to that endpoint. Additionally, this adds a LocalAPI endpoint and associated "debug peer-status" CLI subcommand to fetch the set of changes for a given IP or hostname. Updates tailscale/corp#9364 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I34f726a71bddd0dfa36ec05ebafffb24f6e0516a	1 year ago

1 2 3 4 5 ...

461 Commits (25a7204bb4d6c007417f0562abadf1ce4246683e)