tailscale

Commit Graph

Author	SHA1	Message	Date
Tom DNetto	90a0aafdca	cmd/tailscale: warn if app-connector is enabled without ip forwarding Fixes: ENG-2446 Signed-off-by: Tom DNetto <tom@tailscale.com>	7 months ago
Naman Sood	e57fd9cda4	ipn/{ipnlocal,ipnstate,localapi}: add localapi endpoints for client self-update (#10188 ) * ipn/{ipnlocal,ipnstate,localapi}: add localapi endpoints for client self-update Updates #10187. Signed-off-by: Naman Sood <mail@nsood.in> * depaware Updates #10187. Signed-off-by: Naman Sood <mail@nsood.in> * address review feedback Signed-off-by: Naman Sood <mail@nsood.in> --------- Signed-off-by: Naman Sood <mail@nsood.in>	7 months ago
Andrew Lytvynov	55cd5c575b	ipn/localapi: only perform local-admin check in serveServeConfig (#10163 ) On unix systems, the check involves executing sudo, which is slow. Instead of doing it for every incoming request, move the logic into localapi serveServeConfig handler and do it as needed. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	8 months ago
Andrew Lytvynov	1fc1077052	ssh/tailssh,util: extract new osuser package from ssh code (#10170 ) This package is a wrapper for os/user that handles non-cgo builds, gokrazy and user shells. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Will Norris	fdbe511c41	cmd/tailscale: add -webclient flag to up and set Initially, only expose this flag on dev and unstable builds. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	942d720a16	cli/web: don't block startup on status req If the status request to check for the preview node cap fails, continue with starting up the legacy client. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Will Norris	7e81c83e64	cmd/tailscale: respect existing web client pref After running `tailscale web`, only disable the user pref if it was not already previously set. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	0ecfc1d5c3	client/web: fill devMode from an env var Avoids the need to pipe a web client dev flag through the tailscaled command. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Sonia Appasamy	191e2ce719	client/web: add ServerMode to web.Server Adds a new Mode to the web server, indicating the specific scenario the constructed server is intended to be run in. Also starts filling this from the cli/web and ipn/ipnlocal callers. From cli/web this gets filled conditionally based on whether the preview web client node cap is set. If not set, the existing "legacy" client is served. If set, both a login/lobby and full management client are started (in "login" and "manage" modes respectively). Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
James Tucker	f27b2cf569	appc,cmd/sniproxy,ipn/ipnlocal: split sniproxy configuration code out of appc The design changed during integration and testing, resulting in the earlier implementation growing in the appc package to be intended now only for the sniproxy implementation. That code is moved to it's final location, and the current App Connector code is now renamed. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Aaron Klotz	47019ce1f1	cmd/tailscaled: pre-load wintun.dll using a fully-qualified path In corp PR #14970 I updated the installer to set a security mitigation that always forces system32 to the front of the Windows dynamic linker's search path. Unfortunately there are other products out there that, partying like it's 1995, drop their own, older version of wintun.dll into system32. Since we look there first, we end up loading that old version. We can fix this by preloading wintun using a fully-qualified path. When wintun-go then loads wintun, the dynamic linker will hand it the module that was previously loaded by us. Fixes #10023, #10025, #10052 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	8 months ago
Irbe Krumina	af49bcaa52	cmd/k8s-operator: set different app type for operator with proxy (#10081 ) Updates tailscale/tailscale#9222 plain k8s-operator should have hostinfo.App set to 'k8s-operator', operator with proxy should have it set to 'k8s-operator-proxy'. In proxy mode, we were setting the type after it had already been set to 'k8s-operator' Signed-off-by: Irbe Krumina <irbe@tailscale.com>	8 months ago
James Tucker	6ad54fed00	appc,ipn/ipnlocal: add App Connector domain configuration from mapcap The AppConnector is now configured by the mapcap from the control plane. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
James Tucker	b48b7d82d0	appc,ipn/ipnlocal,net/dns/resolver: add App Connector wiring when enabled in prefs An EmbeddedAppConnector is added that when configured observes DNS responses from the PeerAPI. If a response is found matching a configured domain, routes are advertised when necessary. The wiring from a configuration in the netmap capmap is not yet done, so while the connector can be enabled, no domains can yet be added. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
David Anderson	37863205ec	cmd/k8s-operator: strip credentials from client config in noauth mode Updates tailscale/corp#15526 Signed-off-by: David Anderson <danderson@tailscale.com>	8 months ago
Rhea Ghosh	970eb5e784	cmd/k8s-operator: sanitize connection headers (#10063 ) Fixes tailscale/corp#15526 Signed-off-by: Rhea Ghosh <rhea@tailscale.com>	8 months ago
James Tucker	ca4c940a4d	ipn: introduce app connector advertisement preference and flags Introduce a preference structure to store the setting for app connector advertisement. Introduce the associated flags: tailscale up --advertise-connector{=true,=false} tailscale set --advertise-connector{=true,=false} ``` % tailscale set --advertise-connector=false % tailscale debug prefs \| jq .AppConnector.Advertise false % tailscale set --advertise-connector=true % tailscale debug prefs \| jq .AppConnector.Advertise true % tailscale up --advertise-connector=false % tailscale debug prefs \| jq .AppConnector.Advertise false % tailscale up --advertise-connector=true % tailscale debug prefs \| jq .AppConnector.Advertise true ``` Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Irbe Krumina	c2b87fcb46	cmd/k8s-operator/deploy/chart,.github/workflows: use helm chart API v2 (#10055 ) API v1 is compatible with helm v2 and v2 is not. However, helm v2 (the Tiller deployment mechanism) was deprecated in 2020 and no-one should be using it anymore. This PR also adds a CI lint test for helm chart Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	8 months ago
Will Norris	66c7af3dd3	ipn: replace web client debug flag with node capability Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Brad Fitzpatrick	3d7fb6c21d	derp/derphttp: fix race in mesh watcher The derphttp client automatically reconnects upon failure. RunWatchConnectionLoop called derphttp.Client.WatchConnectionChanges once, but that wrapper method called the underlying derp.Client.WatchConnectionChanges exactly once on derphttp.Client's currently active connection. If there's a failure, we need to re-subscribe upon all reconnections. This removes the derphttp.Client.WatchConnectionChanges method, which was basically impossible to use correctly, and changes it to be a boolean field on derphttp.Client alongside MeshKey and IsProber. Then it moves the call to the underlying derp.Client.WatchConnectionChanges to derphttp's client connection code, so it's resubscribed on any reconnect. Some paranoia is then added to make sure people hold the API right, not calling derphttp.Client.RunWatchConnectionLoop on an already-started Client without having set the bool to true. (But still auto-setting it to true if that's the first method that's been called on that derphttp.Client, as is commonly the case, and prevents existing code from breaking) Fixes tailscale/corp#9916 Supercedes tailscale/tailscale#9719 Co-authored-by: Val <valerie@tailscale.com> Co-authored-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Anton Tolchanov <anton@tailscale.com> Signed-off-by: Brad Fitzpatrick <brad@danga.com>	8 months ago
Tom DNetto	a7c80c332a	cmd/sniproxy: implement support for control configuration, multiple addresses * Implement missing tests for sniproxy * Wire sniproxy to new appc package * Add support to tsnet for routing subnet router traffic into netstack, so it can be handled Updates: https://github.com/tailscale/corp/issues/15038 Signed-off-by: Tom DNetto <tom@tailscale.com>	8 months ago
Will Norris	28ad910840	ipn: add user pref for running web client This is not currently exposed as a user-settable preference through `tailscale up` or `tailscale set`. Instead, the preference is set when turning the web client on and off via localapi. In a subsequent commit, the pref will be used to automatically start the web client on startup when appropriate. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Sonia Appasamy	89953b015b	ipn/ipnlocal,client/web: add web client to tailscaled Allows for serving the web interface from tailscaled, with the ability to start and stop the server via localapi endpoints (/web/start and /web/stop). This will be used to run the new full management web client, which will only be accessible over Tailscale (with an extra auth check step over noise) from the daemon. This switch also allows us to run the web interface as a long-lived service in environments where the CLI version is restricted to CGI, allowing us to manage certain auth state in memory. ipn/ipnlocal/web is stubbed out in ipn/ipnlocal/web_stub for ios builds to satisfy ios restriction from adding "text/template" and "html/template" dependencies. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Irbe Krumina	ed1b935238	cmd/k8s-operator: allow to install operator via helm (#9920 ) Initial helm manifests. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Maisem Ali	9107b5eadf	cmd/tailscale/cli: use status before doing interactive feature query We were inconsistent whether we checked if the feature was already enabled which we could do cheaply using the locally available status. We would do the checks fine if we were turning on funnel, but not serve. This moves the cap checks down into enableFeatureInteractive so that are always run. Updates #9984 Co-authored-by: Tyler Smalley <tyler@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Aaron Klotz	95671b71a6	ipn, safesocket: use Windows token in LocalAPI On Windows, the idiomatic way to check access on a named pipe is for the server to impersonate the client on its current OS thread, perform access checks using the client's access token, and then revert the OS thread's access token back to its true self. The access token is a better representation of the client's rights than just a username/userid check, as it represents the client's effective rights at connection time, which might differ from their normal rights. This patch updates safesocket to do the aforementioned impersonation, extract the token handle, and then revert the impersonation. We retain the token handle for the remaining duration of the connection (the token continues to be valid even after we have reverted back to self). Since the token is a property of the connection, I changed ipnauth to wrap the concrete net.Conn to include the token. I then plumbed that change through ipnlocal, ipnserver, and localapi as necessary. I also added a PermitLocalAdmin flag to the localapi Handler which I intend to use for controlling access to a few new localapi endpoints intended for configuring auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	8 months ago
Tyler Smalley	131518eed1	cmd/tailscale/cli: improve error when bg serve config is present (#9961 ) We prevent shodow configs when starting a foreground when a background serve config already exists for the serve type and port. This PR improves the messaging to let the user know how to remove the previous config. Updates #8489 ENG-2314 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	8 months ago
Tyler Smalley	1873bc471b	cmd/tailscale/cli: remove http flag for funnel command (#9955 ) The `--http` flag can not be used with Funnel, so we should remove it to remove confusion. Updates #8489 ENG-2316 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	8 months ago
Marwan Sulaiman	5f3cdaf283	cmd/tailscale/cli: chage port flags to uint for serve and funnel This PR changes the -https, -http, -tcp, and -tls-terminated-tcp flags from string to int and also updates the validation to ensure they fit the uint16 size as the flag library does not have a Uint16Var method. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	8 months ago
Marwan Sulaiman	a7e4cebb90	cmd/tailscale/cli: refactor TestServeDevConfigMutations The TestServeDevConfigMutations test has 63 steps that all run under the same scope. This tests breaks them out into isolated subtests that can be run independently. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	8 months ago
Andrew Lytvynov	21b6d373b0	cmd/tailscale/cli: unhide auto-update flags and mark update as Beta (#9954 ) Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Marwan Sulaiman	f5a7551382	cmd/tailscale: fix help message for serve funnel We currently print out "run tailscale serve --help" when the subcmd might be funnel. This PR ensures the right subcmd is passed. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	8 months ago
Andrew Lytvynov	d3bc575f35	cmd/tailscale/cli: set Sparkle auto-update on macsys (#9952 ) On `tailscale set --auto-update`, set the Sparkle plist option for it. Also make macsys report not supporting auto-updates over c2n, since they will be triggered by Sparkle locally. Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Tyler Smalley	269a498c1e	cmd/tailscale/cli: serve --set-path should not force background mode (#9905 ) A few people have run into issues with understanding why `--set-path` started in background mode, and/or why they couldn't use a path in foreground mode. This change allows `--set-path` to be used in either case (foreground or background). updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	8 months ago
Andrew Lytvynov	593c086866	clientupdate: distinguish when auto-updates are possible (#9896 ) clientupdate.Updater will have a non-nil Update func in a few cases where it doesn't actually perform an update: * on Arch-like distros, where it prints instructions on how to update * on macOS app store version, where it opens the app store page Add a new clientupdate.Arguments field to cause NewUpdater to fail when we hit one of these cases. This results in c2n updates being "not supported" and `tailscale set --auto-update` returning an error. Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Tyler Smalley	35d7b3aa27	cmd/tailscale/cli: updates help and background messaging (#9929 ) * Fixes issue with template string not being provided in help text * Updates background information to provide full URL, including path, to make it clear the source and destination * Restores some tests * Removes AllowFunnel in ServeConfig if no proxy exists for that port. updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	8 months ago
Marwan Sulaiman	c53ee37912	cmd/tailscale: add set-raw to the new serve funnel commands This PR adds the same set-raw from the old flow into the new one so that users can continue to use it when transitioning into the new flow. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	8 months ago
Marwan Sulaiman	f232d4554a	cmd/tailscale: translate old serve commands to new ones This PR fixes the isLegacyInvocation to better catch serve and funnel legacy commands. In addition, it now also returns a string that translates the old command into the new one so that users can have an easier transition story. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	8 months ago
Marwan Sulaiman	60e768fd14	cmd/tailscale: allow serve\|funnel off to delete an entire port This PR allows you to do "tailscale serve -bg -https:4545 off" and it will delete all handlers under it. It will also prompt you for a y/n in case you wanted to delete a single port. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	8 months ago
Irbe Krumina	e9956419f6	cmd/k8s-operator: allow cleanup of cluster resources for deleted devices (#9917 ) Users should delete proxies by deleting or modifying the k8s cluster resources that they used to tell the operator to create they proxy. With this flow, the tailscale operator will delete the associated device from the control. However, in some cases users might have already deleted the device from the control manually. Updates tailscale/tailscale#9773 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	8 months ago
Tyler Smalley	d9081d6ba2	cmd/tailscale/cli: update serve/funnel CLI help text (#9895 ) updates #8489 ENG-2308 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	8 months ago
Adrian Dewhurst	5347e6a292	control/controlclient: support certstore without cgo We no longer build Windows releases with cgo enabled, which automatically turned off certstore support. Rather than re-enabling cgo, we updated our fork of the certstore package to no longer require cgo. This updates the package, cleans up how the feature is configured, and removes the cgo build tag requirement. Fixes tailscale/corp#14797 Fixes tailscale/coral#118 Change-Id: Iaea34340761c0431d759370532c16a48c0913374 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	8 months ago
Andrew Lytvynov	70f9c8a6ed	clientupdate: change Mac App Store support (#9891 ) In the sandboxed app from the app store, we cannot check `/Library/Preferences/com.apple.commerce.plist` or run `softwareupdate`. We can at most print a helpful message and open the app store page. Also, reenable macsys update function to mark it as supporting c2n updates. macsys support in `tailscale update` was fixed. Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Joe Tsai	469b7cabad	cmd/tailscale: improve taildrop progress printer on Linux (#9878 ) The progress printer was buggy where it would not print correctly and some of the truncation logic was faulty. The progress printer now prints something like: go1.21.3.linux-amd64.tar.gz 21.53MiB 13.83MiB/s 33.88% ETA 00:00:03 where it shows * the number of bytes transferred so far * the rate of bytes transferred (using a 1-second half-life for an exponentially weighted average) * the progress made as a percentage * the estimated time (as calculated from the rate of bytes transferred) Other changes: * It now correctly prints the progress for very small files * It prints at a faster rate (4Hz instead of 1Hz) * It uses IEC units for byte quantities (to avoid ambiguities of "kb" being kilobits or kilobytes) Updates tailscale/corp#14772 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	8 months ago
Tyler Smalley	7a3ae39025	cmd/tailscale/cli: [serve/funnel] support omitting scheme for TCP (#9856 ) The `serve` command for TCP has always required the scheme of the target to be specified. However, when it's omitted the error message reported is misleading ``` error: failed to apply TCP serve: invalid TCP target "localhost:5900": missing port in address ``` Since we know the target is TCP, we shouldn't require it to be specified. This aligns with the changes for HTTP proxies in https://github.com/tailscale/tailscale/issues/8489 closes #9855 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	8 months ago
Tyler Smalley	35376d52d4	cmd/tailscale/cli: [serve/funnel] provide correct command for disabling (#9859 ) The `off` subcommand removes a serve/funnel for the corresponding type and port. Previously, we were not providing this which would result in an error if someone was using something than the default https=443. closes #9858 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	8 months ago
Brad Fitzpatrick	cf27761265	cmd/tsconnect/wasm: add missing tstun.Wrapper.Start call It's required as of the recent `5297bd2cff`. Updates #7894 Updates #9394 (sure would be nice) Change-Id: Id6672408dd8a6c82dba71022c8763e589d789fcd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Andrew Lytvynov	33bb2bbfe9	tailcfg,cmd/tailscale: add UrgentSecurityUpdate flag to ClientVersion (#9848 ) This flag is used in clients to surface urgent updates more prominently. Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Irbe Krumina	cac290da87	cmd/k8s-operator: users can configure firewall mode for kube operator proxies (#9769 ) * cmd/k8s-operator: users can configure operator to set firewall mode for proxies Users can now pass PROXY_FIREWALL_MODE={nftables,auto,iptables} to operator to make it create ingress/egress proxies with that firewall mode Also makes sure that if an invalid firewall mode gets configured, the operator will not start provisioning proxy resources, but will instead log an error and write an error event to the related Service. Updates tailscale/tailscale#9310 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	8 months ago
Tyler Smalley	ddb2a6eb8d	cmd/tailscale: promote new serve/funnel CLI to be default (#9833 ) The change is being kept to a minimum to make a revert easy if necessary. After the release, we will go back for a final cleanup. updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	8 months ago
Maisem Ali	f53c3be07c	cmd/k8s-operator: use our own container image instead of busybox We already have sysctl in the `tailscale/tailscale` image, just use that. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Brad Fitzpatrick	4dec0c6eb9	tstest, tstest/integration, github/workflows: shard integration tests Over four jobs for now. Updates #cleanup Change-Id: Ic2b1a739a454916893945a3f9efc480d6fcbd70b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Maisem Ali	e6ab7d3c14	cmd/testwrapper: parse args better Previously we were just smushing together args and not trying to parse the values at all. This resulted in the args to testwrapper being limited and confusing. This makes it so that testwrapper parses flags in the exact format as `go test` command and passes them down in the provided order. It uses tesing.Init to register flags that `go test` understands, however those are not the only flags understood by `go test` (such as `-exec`) so we register these separately. Updates tailscale/corp#14975 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Maisem Ali	4899c2c1f4	cmd/containerboot: revert to using tailscale up This partially reverts commits `a61a9ab087` and `7538f38671` and fully reverts `4823a7e591`. The goal of that commit was to reapply known config whenever the container restarts. However, that already happens when TS_AUTH_ONCE was false (the default back then). So we only had to selectively reapply the config if TS_AUTH_ONCE is true, this does exactly that. This is a little sad that we have to revert to `tailscale up`, but it fixes the backwards incompatibility problem. Updates tailscale/tailscale#9539 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Brad Fitzpatrick	18bd98d35b	cmd/tailscaled,*: add start of configuration file support Updates #1412 Co-authored-by: Maisem Ali <maisem@tailscale.com> Change-Id: I38d559c1784d09fc804f521986c9b4b548718f7d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Rhea Ghosh	71271e41d6	ipn/{ipnlocal/peerapi, localapi} initial taildrop resume api plumbing (#9798 ) This change: * adds a partial files peerAPI endpoint to get a list of partial files * adds a helper function to extract the basename of a file * updates the peer put peerAPI endpoint * updates the file put localapi endpoint to allow resume functionality Updates #14772 Signed-off-by: Rhea Ghosh <rhea@tailscale.com>	8 months ago
Brad Fitzpatrick	c363b9055d	tstest/integration: add tests for tun mode (requiring root) Updates #7894 Change-Id: Iff0b07b21ae28c712dd665b12918fa28d6f601d0 Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Maisem Ali	5297bd2cff	cmd/tailscaled,net/tstun: fix data race on start-up in TUN mode Fixes #7894 Change-Id: Ice3f8019405714dd69d02bc07694f3872bb598b8 Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Maisem Ali	1294b89792	cmd/k8s-operator: allow setting same host value for tls and ingress rules We were too strict and required the user not specify the host field at all in the ingress rules, but that degrades compatibility with existing helm charts. Relax the constraint so that rule.Host can either be empty, or match the tls.Host[0] value exactly. Fixes #9548 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Maisem Ali	2d4f808a4c	cmd/containerboot: fix time based serveConfig watcher This broke in a last minute refactor and seems to have never worked. Fixes #9686 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
James Tucker	96f01a73b1	tailcfg: import ProtoPortRange for local use Imported type and parsing, with minor modifications. Updates tailscale/corp#15043 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Maisem Ali	1cb9e33a95	cmd/k8s-operator: update env var in manifest to APISERVER_PROXY Replace the deprecated var with the one in docs to avoid confusion. Introduced in `335a5aaf9a`. Updates #8317 Fixes #9764 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
James Tucker	c1ef55249a	types/ipproto: import and test string parsing for ipproto IPProto has been being converted to and from string formats in multiple locations with variations in behavior. TextMarshaller and JSONMarshaller implementations are now added, along with defined accepted and preferred formats to centralize the logic into a single cross compatible implementation. Updates tailscale/corp#15043 Fixes tailscale/corp#15141 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Maisem Ali	9d96e05267	net/packet: split off checksum munging into different pkg The current structure meant that we were embedding netstack in the tailscale CLI and in the GUIs. This removes that by isolating the checksum munging to a different pkg which is only called from `net/tstun`. Fixes #9756 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Maisem Ali	fbfee6a8c0	cmd/containerboot: use linuxfw.NetfilterRunner This migrates containerboot to reuse the NetfilterRunner used by tailscaled instead of manipulating iptables rule itself. This has the added advantage of now working with nftables and we can potentially drop the `iptables` command from the container image in the future. Updates #9310 Co-authored-by: Irbe Krumina <irbe@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Sonia Appasamy	7a0de2997e	client/web: remove unused context param from NewServer Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Andrew Lytvynov	677d486830	clientupdate: abort if current version is newer than latest (#9733 ) This is only relevant for unstable releases and local builds. When local version is newer than upstream, abort release. Also, re-add missing newlines in output that were missed in https://github.com/tailscale/tailscale/pull/9694. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Brad Fitzpatrick	6b1ed732df	go.mod: bump x/net to 0.17 for CVE-2023-39325 https://go.googlesource.com/net/+/b225e7ca6dde1ef5a5ae5ce922861bda011cfabd Updates tailscale/corp#15165 Change-Id: Ia8b5e16b1acfe1b2400d321034b41370396f70e2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Kristoffer Dalby	7f540042d5	ipn/ipnlocal: use syspolicy to determine collection of posture data Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	9 months ago
Kristoffer Dalby	9eedf86563	posture: add get serial support for Windows/Linux This commit adds support for getting serial numbers from SMBIOS on Windows/Linux (and BSD) using go-smbios. Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	9 months ago
Kristoffer Dalby	9593cd3871	posture: add get serial stub for all platforms Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	9 months ago
Kristoffer Dalby	623926a25d	cmd/tailscale: add --posture-checking flag to set Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	9 months ago
Simon Leonhardt	553f657248	sniproxy allows configuration of hostname Signed-off-by: Simon Leonhardt <simon@controlzee.com>	9 months ago
Brad Fitzpatrick	6f36f8842c	cmd/tailscale, magicsock: add debug command to flip DERP homes For testing netmap patchification server-side. Updates #1909 Change-Id: Ib1d784bd97b8d4a31e48374b4567404aae5280cc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrew Lytvynov	e6aa7b815d	clientupdate,cmd/tailscale/cli: use cli.Stdout/Stderr (#9694 ) In case cli.Stdout/Stderr get overriden, all CLI output should use them instead of os.Stdout/Stderr. Update the `update` command to follow this pattern. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	9 months ago
Andrew Lytvynov	3ee756757b	cmd/tailscale/cli: add update notification to "up" (#9644 ) Add available update message in "tailscale up" output. Also update the message in "tailscale status" to match and mention auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	9 months ago
Rhea Ghosh	dc1c7cbe3e	taildrop: initial commit of taildrop functionality refactoring (#9676 ) Over time all taildrop functionality will be contained in the taildrop package. This will include end to end unit tests. This is simply the first smallest piece to move over. There is no functionality change in this commit. Updates tailscale/corp#14772 Signed-off-by: Rhea Ghosh <rhea@tailscale.com> Co-authored-by: Joseph Tsai <joetsai@tailscale.com>	9 months ago
Brad Fitzpatrick	93c6e1d53b	tstest/deptest: add check that x/exp/{maps,slices} imported as xfoo Updates #cleanup Change-Id: I4cbb5e477c739deddf7a46b66f286c9fdb106279 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrew Dunham	286c6ce27c	net/dns/resolver: race UDP and TCP queries (#9544 ) Instead of just falling back to making a TCP query to an upstream DNS server when the UDP query returns a truncated query, also start a TCP query in parallel with the UDP query after a given race timeout. This ensures that if the upstream DNS server does not reply over UDP (or if the response packet is blocked, or there's an error), we can still make queries if the server replies to TCP queries. This also adds a new package, util/race, to contain the logic required for racing two different functions and returning the first non-error answer. Updates tailscale/corp#14809 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I4311702016c1093b1beaa31b135da1def6d86316	9 months ago
Val	73e53dcd1c	cmd/tailscale,ipn/ipnlocal: print debug component names Make the 'tailscale debug component-logs' command print the component names for which extra logging can be turned on, for easier discoverability of debug functions. Updates #cleanup Co-authored-by: Paul Scott <paul@tailscale.com> Signed-off-by: Val <valerie@tailscale.com>	9 months ago
Tom DNetto	656a77ab4e	net/packet: implement methods for rewriting v6 addresses Implements the ability for the address-rewriting code to support rewriting IPv6 addresses. Specifically, UpdateSrcAddr & UpdateDstAddr. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates https://github.com/tailscale/corp/issues/11202	9 months ago
Brad Fitzpatrick	d2ea9bb1eb	cmd/cloner: fix typo in test type's name s/SliceContianer/SliceContainer/g Updates #9604 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
James Tucker	ab810f1f6d	cmd/cloner: add regression test for slice nil/empty semantics We had a misstep with the semantics when applying an optimization that showed up in the roll into corp. This test ensures that case and related cases must be retained. Updates #9410 Updates #9601 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Claire Wang	a56e58c244	util/syspolicy: add read boolean setting (#9592 )	9 months ago
James Tucker	324f0d5f80	cmd/cloner,*: revert: optimize nillable slice cloner This reverts commit `ee90cd02fd`. The outcome is not identical for empty slices. Cloner really needs tests! Updates #9601 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	ee90cd02fd	cmd/cloner,*: optimize nillable slice cloner A wild @josharian appears with a good suggestion for a refactor, thanks Josh! Updates #9410 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	0c8c374a41	go.mod: bump all dependencies except go-billy go-billy is held back at v5.4.1 in order to avoid a newly introduced subdependency that is not compatible with plan9. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	87bc831730	go.mod,cmd/tsconnect: bump esbuild Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Maisem Ali	d71184d674	cmd/containerboot: only wipeout serve config when TS_SERVE_CONFIG is set Fixes #9558 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Denton Gentry	4823a7e591	cmd/containerboot: set TS_AUTH_ONCE default to true. 1.50.0 switched containerboot from using `tailscale up` to `tailscale login`. A side-effect is that a re-usable authkey is now re-applied on every boot by `tailscale login`, where `tailscale up` would ignore an authkey if already authenticated. Though this looks like it is changing the default, in reality it is setting the default to match what 1.48 and all prior releases actually implemented. Fixes https://github.com/tailscale/tailscale/issues/9539 Fixes https://github.com/tailscale/corp/issues/14953 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	9 months ago
Brad Fitzpatrick	856d32b4a9	cmd/testwrapper: include flake URL in JSON metadata Updates tailscale/corp#14975 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrea Barisani	b5b4298325	go.mod,*: bump gvisor Updates #9253 Signed-off-by: Andrea Barisani <andrea@inversepath.com> Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Brad Fitzpatrick	2c92f94e2a	cmd/testwrapper: output machine-readable JSON on test flakes For parsing by other tools. Updates tailscale/corp#14975 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Maisem Ali	354455e8be	ipn: use NodeCapMap in CheckFunnel These were missed when adding NodeCapMap and resulted in tsnet binaries not being able to turn on funnel. Fixes #9566 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Claire Wang	e3d6236606	winutil: refactor methods to get values from registry to also return (#9536 ) errors Updates tailscale/corp#14879 Signed-off-by: Claire Wang <claire@tailscale.com>	9 months ago
Irbe Krumina	bdd9eeca90	cmd/k8s-operator: fix reconcile filters (#9533 ) Ensure that when there is an event on a Tailscale managed Ingress or Service child resource, the right parent type gets reconciled Updates tailscale/tailscale#502 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	9 months ago
Marwan Sulaiman	651620623b	ipn/ipnlocal: close foreground sessions on SetServeConfig This PR ensures zombie foregrounds are shutdown if a new ServeConfig is created that wipes the ongoing foreground ones. For example, "tailscale serve\|funnel reset\|off" should close all open sessions. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Brad Fitzpatrick	04fabcd359	ipn/{ipnlocal,localapi}, cli: add debug force-netmap-update For loading testing & profiling the cost of full netmap updates. Updates #1909 Change-Id: I0afdf5de9967f8d95c7f81d5b531ed1c92c3208f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Joe Tsai	36242904f1	go.mod: update github.com/go-json-experiment/json (#9508 ) Update github.com/go-json-experiment/json to the latest version and fix the build in light of some breaking API changes. Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	9 months ago
James Tucker	a82a74f2cf	cmd/containerboot: avoid leaking bash scripts after test runs The test was sending SIGKILL to containerboot, which results in no signal propagation down to the bash script that is running as a child process, thus it leaks. Minor changes to the test daemon script, so that it cleans up the socket that it creates on exit, and spawns fewer processes. Fixes tailscale/corp#14833 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Maisem Ali	4669e7f7d5	cmd/containerboot: add iptables based MSS clamping for ingress/egress proxies In typical k8s setups, the MTU configured on the eth0 interfaces is typically 1500 which results in packets being dropped when they make it to proxy pods as the tailscale0 interface has a 1280 MTU. As the primary use of this functionality is TCP, add iptables based MSS clamping to allow connectivity. Updates #502 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Irbe Krumina	c5b2a365de	cmd/k8s-operator: fix egress service name (#9494 ) Updates https://github.com/tailscale/tailscale/issues/502 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	9 months ago
Maisem Ali	5f4d76c18c	cmd/k8s-operator: rename egress annotation It was tailscale.com/ts-tailnet-target-ip, which was pretty redundant. Change it to tailscale.com/tailnet-ip. Updates #502 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Will Norris	652f77d236	client/web: switch to using prebuilt web client assets Updates tailscale/corp#13775 Co-authored-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Maisem Ali	19a9d9037f	tailcfg: add NodeCapMap Like PeerCapMap, add a field to `tailcfg.Node` which provides a map of Capability to raw JSON messages which are deferred to be parsed later by the application code which cares about the specific capabilities. This effectively allows us to prototype new behavior without having to commit to a schema in tailcfg, and it also opens up the possibilities to develop custom behavior in tsnet applications w/o having to plumb through application specific data in the MapResponse. Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Maisem Ali	4da0689c2c	tailcfg: add Node.HasCap helpers This makes a follow up change less noisy. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Maisem Ali	d06b48dd0a	tailcfg: add RawMessage This adds a new RawMessage type backed by string instead of the json.RawMessage which is backed by []byte. The byte slice makes the generated views be a lot more defensive than the need to be which we can get around by using a string instead. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Brad Fitzpatrick	0d991249e1	types/netmap: remove NetworkMap.{Addresses,MachineStatus} And convert all callers over to the methods that check SelfNode. Now we don't have multiple ways to express things in tests (setting fields on SelfNode vs NetworkMap, sometimes inconsistently) and don't have multiple ways to check those two fields (often only checking one or the other). Updates #9443 Change-Id: I2d7ba1cf6556142d219fae2be6f484f528756e3c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Marwan Sulaiman	d25217c9db	cmd/tailscale/cli: error when serving foreground if bg already exists This PR fixes a bug to make sure that we don't allow two configs exist with duplicate ports Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Maisem Ali	a61caea911	tailcfg: define a type for NodeCapability Instead of untyped string, add a type to identify these. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Brad Fitzpatrick	3d37328af6	wgengine, proxymap: split out port mapping from Engine to new type (Continuing quest to remove rando stuff from the "Engine") Updates #cleanup Change-Id: I77f39902c2194410c10c054b545d70c9744250b0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	db2f37d7c6	ipn/ipnlocal: add some test accessors Updates tailscale/corp#12990 Change-Id: I82801ac4c003d2c7e1352c514adb908dbf01be87 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	fb5ceb03e3	types/netmap: deprecate NetworkMap.MachineStatus, add accessor method Step 1 of deleting it, per TODO. Updates #cleanup Change-Id: I1d3d0165ae5d8b20610227d60640997b73568733 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Maisem Ali	335a5aaf9a	cmd/k8s-operator: add APISERVER_PROXY env The kube-apiserver proxy in the operator would only run in auth proxy mode but thats not always desirable. There are situations where the proxy should just be a transparent proxy and not inject auth headers, so do that using a new env var APISERVER_PROXY and deprecate the AUTH_PROXY env. THe new env var has three options `false`, `true` and `noauth`. Updates #8317 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
James Tucker	1858ad65c8	cmd/cloner: do not allocate slices when the source is nil tailcfg.Node zero-value clone equality checks failed when I added a []*foo to the structure, as the zero value and it's clone contained a different slice header. Updates #9377 Updates #9408 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Tyler Smalley	dfefaa5e35	Use parent serve config Signed-off-by: Tyler Smalley <tyler@tailscale.com>	9 months ago
Marwan Sulaiman	f3a5bfb1b9	cmd/tailscale/cli: add set serve validations This PR adds validations for the new new funnel/serve commands under the following rules: 1. There is always a single config for one port (bg or fg). 2. Foreground configs under the same port cannot co-exists (for now). 3. Background configs can change as long as the serve type is the same. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Marwan Sulaiman	3421784e37	cmd/tailscale/cli: use optimistic concurrency control on SetServeConfig This PR uses the etag/if-match pattern to ensure multiple calls to SetServeConfig are synchronized. It currently errors out and asks the user to retry but we can add occ retries as a follow up. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Brad Fitzpatrick	6e66e5beeb	cmd/tsconnect/wasm: pass a netmon to ipnserver.New It became required as of `6e967446e4` Updates #8052 Change-Id: I08d100534254865293c1beca5beff8e529e4e9ac Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Tyler Smalley	82c1dd8732	cmd/tailscale: funnel wip cleanup and additional test coverage (#9316 ) General cleanup and additional test coverage of WIP code. * use enum for serveType * combine instances of ServeConfig access within unset * cleanMountPoint rewritten into cleanURLPath as it only handles URL paths * refactor and test expandProxyTargetDev > Note > Behind the `TAILSCALE_USE_WIP_CODE` flag updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	9 months ago
Brad Fitzpatrick	eb9f1db269	cmd/tsconnect/wasm: register netstack.Impl with tsd.System I missed this in `343c0f1031` and I guess we don't have integration tests for wasm. But it compiled! :) Updates #fixup to a #cleanup Change-Id: If147b90bab254d144ec851a392e8db10ab97f98e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	343c0f1031	wgengine{,/netstack}: remove AddNetworkMapCallback from Engine interface It had exactly one user: netstack. Just have LocalBackend notify netstack when here's a new netmap instead, simplifying the bloated Engine interface that has grown a bunch of non-Engine-y things. (plenty of rando stuff remains after this, but it's a start) Updates #cleanup Change-Id: I45e10ab48119e962fc4967a95167656e35b141d8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	9203916a4a	control/controlknobs: move more controlknobs code from controlclient Updates #cleanup Change-Id: I2b8b6ac97589270f307bfb20e33674894ce873b5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	668a0dd5ab	cmd/tailscale/cli: fix panic in netcheck print when no DERP home Fixes #8016 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	7c1ed38ab3	ipn/ipnlocal: fix missing controlknobs.Knobs plumbing I missed connecting some controlknobs.Knobs pieces in `4e91cf20a8` resulting in that breaking control knobs entirely. Whoops. The fix in ipn/ipnlocal (where it makes a new controlclient) but to atone, I also added integration tests. Those integration tests use a new "tailscale debug control-knobs" which by itself might be useful for future debugging. Updates #9351 Change-Id: Id9c89c8637746d879d5da67b9ac4e0d2367a3f0d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	4e91cf20a8	control/controlknobs, all: add plumbed Knobs type, not global variables Previously two tsnet nodes in the same process couldn't have disjoint sets of controlknob settings from control as both would overwrite each other's global variables. This plumbs a new controlknobs.Knobs type around everywhere and hangs the knobs sent by control on that instead. Updates #9351 Change-Id: I75338646d36813ed971b4ffad6f9a8b41ec91560 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Paul Scott	683ba62f3e	cmd/testwrapper: fix exit deflake (#9342 ) Sometimes `go test` would exit and close its stdout before we started reading it, and we would return that "file closed" error then forget to os.Exit(1). Fixed to prefer the go test subprocess error and exit regardless of the type of error. Fixes #9334 Signed-off-by: Paul Scott <paul@tailscale.com>	9 months ago
Brad Fitzpatrick	0396366aae	cmd/testwrapper/flakytest: don't spam stderr in Mark when not under wrapper If the user's running "go test" by hand, no need to spam stderr with the sentinel marker. It already calls t.Logf (which only gets output on actual failure, or verbose mode) which is enough to tell users it's known flaky. Stderr OTOH always prints out and is distracting to manual "go test" users. Updates #cleanup Change-Id: Ie5e6881bae291787c30f75924fa132f4a28abbb2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	9a86aa5732	all: depend on zstd unconditionally, remove plumbing to make it optional All platforms use it at this point, including iOS which was the original hold out for memory reasons. No more reason to make it optional. Updates #9332 Change-Id: I743fbc2f370921a852fbcebf4eb9821e2bdd3086 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Marwan Sulaiman	f12c71e71c	cmd/tailscale: reduce duplicate calls to LocalBackend This PR ensures calls to the LocalBackend are not happening multiples times and ensures the set/unset methods are only manipulating the serve config Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Andrew Lytvynov	d23b8ffb13	cmd/tailscale/cli,ipn: mention available update in "tailscale status" (#9205 ) Cache the last `ClientVersion` value that was received from coordination server and pass it in the localapi `/status` response. When running `tailscale status`, print a message if `RunningAsLatest` is `false`. Updates #6907 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Marwan Sulaiman	a1d4144b18	cmd/tailscale: combine foreground and background serve logic Previously, foreground mode only worked in the simple case of `tailscale funnel <port>`. This PR ensures that whatever you can do in the background can also be done in the foreground such as setting mount paths or tcp forwarding. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Tyler Smalley	70a9854b39	cmd/tailscale: add background mode to serve/funnel wip (#9202 ) > Note > Behind the `TAILSCALE_FUNNEL_DEV` flag * Expose additional listeners through flags * Add a --bg flag to run in the background * --set-path to set a path for a specific target (assumes running in background) See the parent issue for more context. Updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	10 months ago
Marwan Sulaiman	50990f8931	ipn, ipn/ipnlocal: add Foreground field for ServeConfig This PR adds a new field to the serve config that can be used to identify which serves are in "foreground mode" and then can also be used to ensure they do not get persisted to disk so that if Tailscaled gets ungracefully shutdown, the reloaded ServeConfig will not have those ports opened. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Paul Scott	96094cc07e	cmd/testwrapper: exit code 1 when go build fails (#9276 ) Fixes #9275 Fixes #8586 Fixes tailscale/corp#13115 Signed-off-by: Paul Scott <paul@tailscale.com>	10 months ago
Marwan Sulaiman	51d3220153	ipn, ipn/ipnlocal: remove log streaming for StreamServe This PR removes the per request logging to the CLI as the CLI will not be displaying those logs initially. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Chris Palmer	ac7b4d62fd	cmd/tailscale/cli: make update visible in list (#8662 ) This also makes "HIDDEN: " work (requires the custom UsageFunc). Updates #6995 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	10 months ago
Marwan Sulaiman	a4aa6507fa	ipn, ipn/ipnlocal: add session identifier for WatchIPNBus This PR adds a SessionID field to the ipn.Notify struct so that ipn buses can identify a session and register deferred clean up code in the future. The first use case this is for is to be able to tie foreground serve configs to a specific watch session and ensure its clean up when a connection is closed. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Brad Fitzpatrick	7175f06e62	util/rands: add package with HexString func We use it a number of places in different repos. Might as well make one. Another use is coming. Updates #cleanup Change-Id: Ib7ce38de0db35af998171edee81ca875102349a4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Sonia Appasamy	f824274093	cli/serve: shorten help text on error Our BETA serve help text is long and often hides the actual error in the user's usage. Instead of printing the full text, prompt users to use `serve --help` if they want the help info. Fixes #14274 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Maisem Ali	3280c81c95	.github,cmd/gitops-pusher: update to checkout@v4 checkout@v3 is broken: actions/checkout#1448 Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Maisem Ali	0f397baf77	cmd/testwrapper: emit logs of failed tests on timeout It would just fail the entire pkg, but would not print any logs. It was already tracking all the logs, so have it emit them when the pkg fails/times out. Updates #9231 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Brad Fitzpatrick	1262df0578	net/netmon, net/tsdial: add some link change metrics Updates #9040 Change-Id: I2c87572d79d2118bcf1f0122eccfe712c1bea9d5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Will Norris	9a3bc9049c	client/web,cmd/tailscale: add prefix flag for web command We already had a path on the web client server struct, but hadn't plumbed it through to the CLI. Add that now and use it for Synology and QNAP instead of hard-coding the path. (Adding flag for QNAP is tailscale/tailscale-qpkg#112) This will allow supporting other environments (like unraid) without additional changes to the client/web package. Also fix a small bug in unraid handling to only include the csrf token on POST requests. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	10 months ago
Andrew Lytvynov	34e3450734	cmd/tailscale,ipn: add auto-update flags and prefs (#8861 ) The flags are hidden for now. Adding propagation to tailscaled and persistence only. The prefs field is wrapped in a struct to allow for future expansion (like update schedule). Updates #6907 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Brad Fitzpatrick	055fdb235f	cmd/tailscaled, tstest/integration: make tailscaled die when parent dies I noticed that failed tests were leaving aroudn stray tailscaled processes on macOS at least. To repro, add this to tstest/integration: func TestFailInFewSeconds(t testing.T) { t.Parallel() time.Sleep(3 time.Second) os.Exit(1) t.Fatal("boom") } Those three seconds let the other parallel tests (with all their tailscaled child processes) start up and start running their tests, but then we violently os.Exit(1) the test driver and all the children were kept alive (and were spinning away, using all available CPU in gvisor scheduler code, which is a separate scary issue) Updates #cleanup Change-Id: I9c891ed1a1ec639fb2afec2808c04dbb8a460e0e Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Tyler Smalley	e1fbb5457b	cmd/tailscale: combine serve and funnel for debug wip funnel stream model (#9169 ) > Note > Behind the `TAILSCALE_USE_WIP_CODE` flag In preparing for incoming CLI changes, this PR merges the code path for the `serve` and `funnel` subcommands. See the parent issue for more context. The following commands will run in foreground mode when using the environment flag. ``` tailscale serve localhost:3000 tailscae funnel localhost:3000 ``` Replaces #9134 Updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com> Signed-off-by: Marwan Sulaiman <marwan@tailscale.com> Co-authored-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Maisem Ali	96277b63ff	ipn/ipnlocal: rename LogoutSync to Logout Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Brad Fitzpatrick	04e1ce0034	control/controlclient: remove unused StartLogout Updates #cleanup Co-authored-by: Maisem Ali <maisem@tailscale.com> Change-Id: I9d052fdbee787f1e8c872124e4bee61c7f04d142 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago

1 2 3 4 5 ...

1669 Commits (2caffeeb460a7b69fc8e329821e5e2cbbc10af27)