tailscale

adrian/suggest-test-cleanup

maisem/appc2

main

adrian/allowed-suggestion-empty

release-branch/1.66

fran/maisem-test-w-flag

jwhited/stunstamp

irbekrm/proxycidrs

knyar/tnlock-obsolete

jwhited/derp-stun-xdp

flakes

andrew/singleflight-context

irbekrm/sessionrecorder

raggi/peerapidns

icio/public-key-short

actions/licenses

clairew/handle-auto-exit-node-value

fran/appc-store-routes-track-write-rate

irbekrm/rec_cap

irbekrm/move_kube_cap

noncombatant/fix-12186

maisem/appc

knyar/install2

maisem/tsnet-udp

will/tsnet-udp

raggi/web-zst-precompress

irbekrm/dnsconfigdocs

raggi/gocross-empty-goos-goarch

maisem/test

icio/tsweb-nested-stdhandler

andrew/dns-fallback

awly/offline-auto-updates

andrew/prom-omit-metrics

dependabot/github_actions/golangci/golangci-lint-action-6.0.1

jwhited/android-packet-vectors

knyar/renew

bradfitz/debug_tstest

clairew/revert-storing-last-suggested

andrew/debug-integration-tests

fran/appc-ensmallen-gh-preset

ox/11854-3-sftp

percy/cherry-pick-2648d475d751b47755958f47a366e300b6b6de0a

irbekrm/docim

ox/corp-19592

dependabot/github_actions/peter-evans/create-pull-request-6.0.5

ox/11954-3

ox/11854

kevin/Split_Remove_advertised_routes_from_pref

dsnet/logtail-buffer2

bradfitz/dataplane_logs_no_logs_no_support

nickkhyl/ipn-user-identity

irbekrm/extsvcnftableslb

andrew/dns-wrap-errors

release-branch/1.64

noncombatant/safeweb-cleanup

bradfitz/login_retry

patrickod/installer-yml-fixup

release-branch/1.64.0

fran/appc-store-routes-by-source

andrew/controlclient-use-last-addr

enable-exit-node-dst-logs

clairew/peer-node-capability-documentation

revert-11590-catzkorn/penguin

enable-exit-node-dst-logs-2

licenses/corp

dsnet/logpolicy-opts

licenses/android

jonathan/taildrop_path

licenses/cli

release-branch/1.62

clairew/log-dst-exit-node

fran/appc-domain-delte-prototype

irbekrm/maybe_fix_v6

oxtoacart/golden_memory

irbekrm/cherry_fix_panic

oxtoacart/no_indent_status

angott/corp-18441

18366-xcodeios-support-serial-number-collection-via-mdm-on-ios

soniaappasamy/serve-funnel-ui

brafitz/remote-config

andrew/control-key-store

maisem/proxy-1

kradalby/api-latency-histogram

release-branch/1.60

irbekrm/accept_routes

andrew/netstack-forwarder-debug

oxtoacart/immediately_access_shares

knyar/varz

knyar/install

irbekrm/splitkeys

oxtoacart/automount

angott/sleep-debug-apis

clairew/suggest-non-mullvad-exit-node

tom/tka4

clairew/add-latitude-longitude

irbekrm/operatorversion

oxtoacart/dsnet_codereview_fixes

clairew/client-suggest-node-poc

andrew/workgraph

raggi/rand

flyingsquirrel_bak

will/containerboot-webui

irbekrm/clustermagicdns

noncombatant/add-hello-systemd

catzkorn/jira

release-branch/1.58

kradalby/view-only-type

clairew/add-disco-pong-padding

clairew/receive-icmp-errors

dgentry-b10911

irbekrm/proxyclass2

irbekrm/proxyclass

irbekrm/byocerts

knyar/worklifeposture

dsnet/httpio

will/webclient-mobile

will/webclient-csrf

irbekrm/static_crd

irbekrm/manifests_crd

maisem/exp-k8s

release-branch/1.44

irbekrm/containerbootdeclarativeconf

kube_exp

irbekrm/conf

raggi/stun-subprocess

andrew/nixos-vm-tests

irbekrm/set_args

andrew/peer-ipv6-addrs

irbekrm/external_services

irbekrm/os

irbekrm/pull_in_certs

dependabot/github_actions/github/codeql-action-3

dependabot/github_actions/actions/upload-artifact-4

irbekrm/kube_build_tags

release-branch/1.56

jwhited/derp-cmm-timestamp

naman/web-client-update-fixes

dependabot/github_actions/actions/setup-go-5

soniaappasamy/use-swr

marwan/displayname

release-branch/1.54

danderson/debug-garden

jwhited/unsafe-exp

clairew/test-wrapper-file

bradfitz/compontent_logs

kradalby-keys-db-interface

kradalby/keys-db-interface

andrew/upnp-unfork

bm/tsoidc

irbekrm/le

knyar/restartmap

kristoffer/editable-tailnet-displayname

raggi/document-deprecated-approach

dsnet/statestore

awly/version-override

bradfitz/silentdisco_knob

richard/15372

raggi/icmplistener

awly/linux-sudoers-local-admin-poc

release-branch/1.52

soniaappasamy/web-auth-restructure

maisem/art

bradfitz/ipx_set_contains

knyar/derpmesh

irbekrm/chartandcli

richard/15037-2

bradfitz/linuxfw_nil_table

richard/15037

bradfitz/tbug

bradfitz/derp_mesh

valscale/meshFix

will/sonia/web-tailscaled

tyler/serve-status

maisem/ni

maisem/hi

rhea/apple-test

dgentry-nix-flake

dgentry-coverage

c761d10

bradfitz/gocross_wantver

awly/ipnlocal-watchnotifications-clientversion

bradfitz/integration_more_tun

bradfitz/recursive_controlknob

dgentry-authkey

maisem/login-renew

irbekrm/maisem/nf-runner

maisem/fix-gocross

dependabot/npm_and_yarn/cmd/tsconnect/postcss-8.4.31

bm/4via6

bradfitz/sessionactivetimeout

release-branch/1.50

rhea/taildrop-resume

andrew/peercap-ipv6-aaaa

irbekrm/k8sipnftheuristics

irbekrm/kubeipnft

irbekrm/k8sipnft

maisem/no-auth-once

dgentry-istoreos

knyar/posturemac

dependabot/github_actions/tibdex/github-app-token-2.1.0

irbekrm/egress

raggi/restore-extra-records-dns

aaron/win_process_mitigations

danderson/lru-rollback

maisem/fix

clairew/mdm-interface

angott/userdefaults-reader

andrew/bump-esbuild

andrew/netns-more-logging

release-branch/1.48

irbekrm/k8s-autopilot

dsnet/viewer-jsonv2

marwan/altmem_stash

irbekrm/k8s-nftables

marwan/postmem

maisem/fix-deadlock

bradfitz/matrix

irbekrm/egress-dns

bradfitz/wait_unpause

bradfitz/calc_state

irbekrm/svc_conditions

soniaappasamy/fix-test-flake

marwan/servedev

soniaappasamy/fix-web-client-lock

raggi/netfilter-runtime

raggi/netfilter-add-modes

marwan/scmem

bradfitz/ignore_ula

clairew/tstime-net

clairew/tstime-wgengine

bradfitz/tkasig_type

shayne/k8s-serve

bradfitz/gui_netmap

macsys-update

catzkorn/netcheckuout

andrew/doctor-conntrack

tsweb/client-ui

maisem/onceval

valscale/ptb

maisem/remove-loginname

raggi/gotoolchain

irbekrm/improve_logout

maisem/doc

rhea/egress

maisem/tsnet-ssh

noncombatant/large-int-string

release-branch/1.46

andrew/captive-portal-package

s/pmtud

andrew/derp-bound-latency

andrew/health-state

maisem/caps

bradfitz/gokrazy_dns

clairew/use-tstime-etc

bradfitz/negdep

raggi/stunc

raggi/gvisor-hostarch-deptest

crawshaw/art-table

irbekrm/fix_logout_loop

clairew/refactor-new-timer

clairew/test-wrapper-write-file

maisem/m1

s/tsnetd

bradfitz/countrycode

crawshaw/stunchild

tom/disco

maisem/ssh-incomplete-read

raggi/v6masq

dsnet/syncs-map-range-mutable

release-branch/1.42

maisem/alpine-bump

raggi/heartbeat-timebomb

raggi/derp-probe-stun-loss

raggi/tsdebugger

tom/derp

andrew/ipn-debug-1.42.0

maisem/blocked

marwan/portlistrefactor

marwan/noconstructor

angott/allow-thunderbolt-bridge

marwan/polleropts

marwan/noconstructor2

andrew/slicesx-deduplicate

unraid-web

release-branch/1.40

kristoffer/enable-mips-pkgs

s/eq

raggi/atomiccloseonce

raggi/bump-goreleaserv2

marwan/tmp

catzkorn/addrsend

raggi/gofuzz

shayne/funnel_cmd

release-branch/1.38

dgentry/atomicfile

andrew/derp-region-location

tom/tka6

maisem/k8s-cache

azure

maisem/tun-1

andrew/fastjson

crawshaw/lnclose

crawshaw/tsnet1

maisem/tsnet-funnel-2

crawshaw/httpconnect

Xe/tsnet-funnel

dgentry/sniproxy-dns

andrew/util-dnsconfig

andrew/cloudenv-location

release-branch/1.36

aaron/migrate_windows

crawshaw/pidlisten

maisem/waiter

andrew/router-drop-ula

will/vizerr

danderson/mkversion

crawshaw/activesum

andrew/doctor-scutil

danderson/version-private3

bradfitz/sassy

bradfitz/win_unattended_warning

andrew/hostinfo-HavePortMap

skriptble/ssh-recording-persist

maisem/funnel-k8s

maisem/clean2

crawshaw/ondemanddomains

maisem/c1

danderson/helm

andrew/peer-status-KeyExpiry

bradfitz/noise_debug_more

release-branch/1.34

cloner

danderson/backport

clairew/tsnet_get_own_ip

bradfitz/tidy

maisem/wakegroup

raggi/tsweb-compression

bradfitz/fix_ipn_cloner

danderson/bootstrap

will/enforce-hostname

mihaip/delete-all-profiles

release-branch/1.32

shayne/serve_empty_text_handler

bradfitz/hostinfo_ingress_bit

mihaip/logout-async-start

net-audit-log/1.32

bradfitz/set_prefs_locked

mihaip/fas

bradfitz/port_intercept

andrew/net-tsaddr-mapviaaddr

danderson/tsburrito

andrew/tstest-goroutine-ignore

andrew/monitor-link-change

danderson/k8s

andrew/debug-subnet-router

andrew/metrics-distribution

knyar/prober

crawshaw/accumulatorcfg

bradfitz/keyboard-interactive

maisem/unused-ssh-field

bradfitz/tailpipe

maisem/ssh-port-forward-no-session

raggi/accept-routes-filter

nyghtowl/tailnet-name2

buildjet

buildjet-vs-github

andrew/netns-macos-route

maisem/exit-lan

walterp-api

andrew/linux-router-v4-disabled

bradfitz/distro_ubuntu

tom/iptables

release-branch/1.30

tom/tka2

andrew/dnscache-debugging-1.22.2

andrew/controlclient-dial

raggi/experiment-queues

bradfitz/u32

ip6tables

maisem/dns-5

catzkorn/derp-benchmark

maisem/dns-3

jwhited/wireguard-go-vectorized-bind

catzkorn/otel-init

bradfitz/appendf

mihaip/js-cli

dsnet/tsweb-499s

bradfitz/deephash_early_exit

crawshaw/xdp

dsnet/logtail-zstd-single-segment

Xe/gitops-pusher-three-version-problem

Xe/gitops-pusher-acl-test-error-output

Xe/gitops-pusher-ffcli

bradfitz/ssh_auth_none_demo

release-branch/1.28

catzkorn/otel-derp

bradfitz/shared_split_dns

nyghtowl/fix-resolved

release-branch/1.26

bradfitz/explicit_empty_test_3808

crawshaw/preservenetinfo

miriah-3808-reset-operator

dsnet/tsnet-logging

mihaip/wasm-taildrop

crawshaw/stunname

bradfitz/wasm_play

maisem/reg

bradfitz/dot

bradfitz/tcp_flows

release-branch/1.24

raggi/netstack_fwd_close

bradfitz/netstack_fwd_close

merge-tag

cross-android

bradfitz/kmod

bradfitz/ssh_banner

bradfitz/ping

tom/integration

bradfitz/ssh_policy_earlier

maisem/cu

bradfitz/derpy_cast

bradfitz/cli_admin

release-branch/1.22

maisem/ssh-policiy-2

maisem/ssh-policiy-1

aaron/go-ole-ref

bradfitz/key_rotation_prep

josh/tswebflags

release-branch/1.20

crawshaw/envtype

danderson/tsweb-server

bradfitz/autocert_force

bradfitz/use_netstack_upstream

Xe/winui-bugreport-without-tailscaled

bradfitz/hostinfo_basically_equal

release-branch/1.18

aaron/loglog

aaron/dnsapc

bradfitz/demo_client_hijack

bradfitz/windns

bradfitz/exit_node_forward_dns

bradfitz/1.18.1

Xe/tailtlsproxy

bradfitz/allsrc

josh/peermap

danderson/ebpf

bradfitz/1_16_stress_netmap

danderson/nodekey-move

danderson/nodekey-delete-old

danderson/nodekey-cleanup

danderson/magicsock-discokey

release-branch/1.16

danderson/magicsock-node-key

crawshaw/updatefallback

release-branch/1.14

bradfitz/1.14

bradfitz/updates

josh/immutable-views

bradfitz/portmap_gh_actions

danderson/kernel-tailscale

bradfitz/win_default_route

release-branch/1.12

jknodt/logging

simenghe/add-tsmpping-call

josh/opt-getstatus

Aadi/speedtest-tailscaled

dsnet/admin-cli

bradfitz/portmap_test

jknodt/portmap_test

upnpdebug

jknodt/upnp_reuse

crawshaw/peerdoh

josh/debug-flake

simenghe/pingresult-work

jknodt/derp_flow

tps/tailscaled

jknodt/vms_ref

jknodt/integ_test

josh/fast-time

josh/coarsetime

bradfitz/derp_flow

release-branch/1.10

josh/io_uring

josh/deflake-pipe-again

Xe/testcontrol-v6

jknodt/io-uring

simenghe/admin-ping-test

jknodt/periodic_probe

simenghe/isoping

Xe/private-logcatcher-in-process

simenghe/tcpnodeping

bradfitz/deephash_methods

crawshaw/deephash

josh/de-select-tstun-wrapper

Xe/debug-nixos-build

simenghe/isoping-experiment

crawshaw/dnswslhackery

jknodt/userderp

jknodt/bw_rep2

crawshaw/wslresolvconf

jknodt/upnp

crawshaw/magicdnsalways

simenghe/flakeresolve

rec_in_use_after_5_sec

bradfitz/acme

release-branch/1.8

simenghe/add-httphandlers-ping

simenghe/add-ping-route-testcontrol-mux

simeng-pingtest

Xe/test-install-script-libvirtd

apenwarr/check184

crawshaw/newbackendserver

adding-address-ips-totestcontrolnode

onebinary

Xe/synology-does-actually-work-with-subnet-routes-til

bradfitz/netstack_port_map

bradfitz/demo_pinger

apenwarr/fixes

apenwarr/relogin

josh/NewIPPort

josh/IPWithPort

bradfitz/integration_tests

josh/opt-dp-wip

bradfitz/ping_notes

bradfitz/dropped_by_filter_logspam

bradfitz/netstack_drop_silent

bradfitz/log_rate_test

bradfitz/issue_1840_rebased_tree

bradfitz/issue_1849_rebased_tree

crawshaw/syno

apenwarr/statefix

apenwarr/statetest

josh/wip/endpoint-serialize

apenwarr/ioslogin

rosszurowski/cli-fix-typo

bradfitz/cli_pretty

bradfitz/win_delete_retry

bradfitz/sleep

naman/netstack-request-logging

naman/ephem-expand-range

bradfitz/macos_progress

bradfitz/ip_of

crawshaw/localapi404

crawshaw/movefiles

crawshaw/socket

crawshaw/cgi

naman/netstack-subnet-routing

josh/wip/create-endpoint-no-public-key

Xe/log-target-registry-key

release-branch/1.6

bradfitz/ipv6_link_local_strip

bradfitz/darwin_gw

Xe/disallow-local-ip-for-exit-node

release-branch/1.4

crawshaw/upjson

bradfitz/proposed_1.4.6

bradfitz/derp_steer

crawshaw/tailscalestatus

Xe/reset-logid-on-logout-login

naman/netstack-incoming

mkramlich/macos-brew2

naman/netstack-outgoing-udp-test

mkramlich/macos-brew

bradfitz/proposed-1.4.5

peske/ifacewatcher

Xe/hello-vr

crawshaw/filchsync

Xe/derphttp-panic-fix

peske/elnotfound

Xe/rel-144-fix-ipv6-broken-in-tests

bradfitz/darwin_creds

josh/longblock

josh/udp-alloc-less

josh/simplify-filch

josh/remove-ipcgetfilter

Xe/envvar-name-TS

Xe/TS-envvar-name

Xe/do-windows-logserver-better

Xe/log-target-flag

crawshaw/ipuint

bradfitz/hello

bradfitz/linux_v6_off

bradfitz/call_me_maybe_eps

bradfitz/api_docs

alexbrainman/use_wg_dns_code

naman/netstack-use-tailscale-ip

josh/debug-TestLikelyHomeRouterIPSyscallExec

noerror-not-notimp

bradfitz/umaskless_permissions

naman/netstack-bump-version

bradfitz/lite_endpoint_update

c22wen/api-docs

bradfitz/grafana_auth_proxy

crawshaw/dnsguid

nix-shell

release-branch/1.2

bradfitz/acl_tags_in_tailscale_status

bradfitz/expiry_spin

josh/no-goroutine-per-udp-read-2

crawshaw/tailcfg

bradfitz/wgengine_monitor_windows_take2

netstat-unsafe

bradfitz/ipn_empty

bradfitz/win_firewall_async

bradfitz/machine_key

apenwarr/faketun

crawshaw/cloner

crawshaw/jsonhandler

c22wen/route-addr

c22wen/magicsock.go

bradfitz/gvisor_netstack

crawshaw/loadtest

dshynkev/dns-autoset

crawshaw/e2etest

bradfitz/win_wpad_pac

release-branch/1.0

bradfitz/linux_default_route_interface

bradfitz/release-branch-1.0

crawshaw/restartlimit

clone

dshynkev/dns-name

dshynkev/dns-refactor

bradfitz/go_vet

crawshaw/tswebextra

crawshaw/pinger2

lzjluzijie/all_proxy

rate-limiting

lzjluzijie/227_http_proxy

crawshaw/rebind

crawshaw/hostinfo

crawshaw/derp-nokeepalives

crawshaw/derptimeout

crawshaw/derpdial2

crawshaw/derpdial

crawshaw/ipn

crawshaw/e2e_test

crawshaw/ipn2

crawshaw/magicsock

crawshaw/magicsock-infping

crawshaw/spray

crawshaw/br1

v1.66.4

v1.66.3

v1.66.2

v1.66.1

v1.66.0

v1.64.2

v1.64.1

v1.64.0

v1.62.1

v1.62.0

v1.60.1

v1.60.0

v1.58.2

v1.58.1

v1.58.0

v1.44.3

v1.56.1

v1.56.0

v1.54.1

v1.54.0

v1.52.1

v1.52.0

v1.50.1

v1.50.0

v1.48.2

v1.48.1

v1.48.0

v1.46.1

v1.46.0

v1.44.2

v1.44.0

v1.42.1

v1.42.0

v1.40.1

v1.40.0

v1.38.4

v1.38.3

v1.38.2

v1.38.1

v1.38.0

v1.36.2

v1.36.1

v1.36.0

v1.34.2

v1.34.1

v1.34.0

v1.32.3

v1.32.2

v1.32.1

v1.32.0

v1.30.2

v1.30.1

v1.30.0

v1.28.0

v1.26.2

v1.26.1

v1.26.0

v1.24.2

v1.24.1

v1.24.0

v1.22.2

v1.22.1

v1.22.0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.18.2

v1.18.1

v1.18.0

v1.16.2

v1.16.1

v1.16.0

v1.14.6

v1.14.5

v1.14.4

v1.14.3

v1.14.0

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.12.0

v1.10.2

v1.10.1

v1.10.0

v1.8.8

v1.8.7

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.6.0

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.2.10

v1.2.9

v1.2.8

v1.2.7

v1.2.6

v1.2.5

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.1.0

v1.0.0

v0.100.0

v0.99.1

v0.99.0

v0.98.1

v0.98

v0.98.0

v0.97

v0.96.1

v0.96

coral-gitops

gitops-1.30.0

gitops-1.58.2

nginx-auth-0.1.2

v0.100.0-107

v0.100.0-153

v1.61.0-pre

v1.63.0-pre

v1.65.0-pre

v1.67.0-pre

Commit Graph

Author	SHA1	Message	Date
Percy Wegmann	6c160e6321	ipn,tailfs: tie TailFS share configuration to user profile Previously, the configuration of which folders to share persisted across profile changes. Now, it is tied to the user's profile. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 months ago
Percy Wegmann	232a2d627c	tailfs: only impersonate unprivileged user if able to sudo -u as that user When serving TailFS shares, tailscaled executes another tailscaled to act as a file server. It attempts to execute this child process as an unprivileged user using sudo -u. This is important to avoid accessing files as root, which would result in potential privilege escalation. Previously, tailscaled assumed that it was running as someone who can sudo -u, and would fail if it was unable to sudo -u. With this commit, if tailscaled is unable to sudo -u as the requested user, and tailscaled is not running as root, then tailscaled executes the the file server process under the same identity that ran tailscaled, since this is already an unprivileged identity. In the unlikely event that tailscaled is running as root but is unable to sudo -u, it will refuse to run the child file server process in order to avoid privilege escalation. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 months ago
Percy Wegmann	e324a5660f	ipn: include full tailfs shares in ipn notifications This allows the Mac application to regain access to restricted folders after restarts. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 months ago
Percy Wegmann	80f1cb6227	tailfs: support storing bookmark data on shares This allows the sandboxed Mac application to store security- scoped URL bookmarks in order to maintain access to restricted folders across restarts. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 months ago
Percy Wegmann	05acf76392	tailfs: fix race condition in tailfs_test Ues a noop authenticator to avoid potential races in gowebdav's built-in authenticator. Fixes #11259 Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 months ago
Percy Wegmann	50fb8b9123	tailfs: replace webdavfs with reverse proxies Instead of modeling remote WebDAV servers as actual webdav.FS instances, we now just proxy traffic to them. This not only simplifies the code, but it also allows WebDAV locking to work correctly by making sure locks are handled by the servers that need to (i.e. the ones actually serving the files). Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	3 months ago
Percy Wegmann	abab0d4197	tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago
Percy Wegmann	993acf4475	tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago

8 Commits (2827330c6adacd9a67940621b5f05b589527c550)