tailscale

Commit Graph

Author	SHA1	Message	Date
Aaron Klotz	f18beaa1e4	cmd/mkmanifest, cmd/tailscale, cmd/tailscaled: remove Windows arm32 resources from OSS Given recent changes in corp, I originally thought we could remove all of the syso files, but then I realized that we still need them so that binaries built purely from OSS (without going through corp) will still receive a manifest. We can remove the arm32 one though, since we don't support 32-bit ARM on Windows. Updates https://github.com/tailscale/corp/issues/9576 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Sonia Appasamy	7985f5243a	cmd/k8s-operator: update device authorization copy "Device Authorization" was recently renamed to "Device Approval" on the control side. This change updates the k8s operator to match. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Sonia Appasamy	bb7033174c	cmd/tsconnect: update device authorization copy "Device Authorization" was recently renamed to "Device Approval" on the control side. This change updates tsconnect to match. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Mihai Parparita	9cb332f0e2	sockstats: instrument networking code paths Uses the hooks added by tailscale/go#45 to instrument the reads and writes on the major code paths that do network I/O in the client. The convention is to use "<package>.<type>:<label>" as the annotation for the responsible code path. Enabled on iOS, macOS and Android only, since mobile platforms are the ones we're most interested in, and we are less sensitive to any throughput degradation due to the per-I/O callback overhead (macOS is also enabled for ease of testing during development). For now just exposed as counters on a /v0/sockstats PeerAPI endpoint. We also keep track of the current interface so that we can break out the stats by interface. Updates tailscale/corp#9230 Updates #3363 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Sonia Appasamy	0c1510739c	cmd/tailscale/cli: update device authorization copy "Device Authorization" was recently renamed to "Device Approval" on the control side. This change updates the linux cli to match. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Joe Tsai	0d19f5d421	all: replace logtail.{Public,Private}ID with logid.{Public,Private}ID (#7404 ) The log ID types were moved to a separate package so that code that only depend on log ID types do not need to link in the logic for the logtail client itself. Not all code need the logtail client. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
Vladimir Pouzanov	e3211ff88b	Add support for OAuth tokens #7394 (#7393 ) Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>	1 year ago
Maisem Ali	49c206fe1e	tailcfg,hostinfo: add App field to identify tsnet uses This allows us to differentiate between the various tsnet apps that we have like `golinks` and `k8s-operator`. Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Denton Gentry	bf7573c9ee	cmd/nginx-auth: build for arm64 Fixes https://github.com/tailscale/tailscale/issues/6978 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Jordan Whited	d4122c9f0a	cmd/tailscale/cli: fix TestUpdatePrefs over Tailscale SSH (#7374 ) Fixes #7373 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
David Anderson	587eb32a83	release/dist: add forgotten license headers Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	cf74ee49ee	release/dist/cli: factor out the CLI boilerplace from cmd/dist Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	fc4b25d9fd	release: open-source release build logic for unix packages Updates tailscale/corp#9221 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Maisem Ali	06a10125fc	cmd/k8s-operator: set hostinfo.Package This allows identifying the operator. Updates #5055 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
David Anderson	0b8f89c79c	cmd/tsconnect: find the build dir independently of -trimpath trimmed builds don't have absolute path information in executable metadata, which leads the runtime.Caller approach failing mysteriously in yarn with complaints about relative package paths. So, instead of using embedded package metadata to find paths, expect that we're being invoked within the tailscale repo, and locate the tsconnect directory that way. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	1dadbbb72a	version/mkversion: open-source version generation logic In preparation for moving more of the release building here too. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Maisem Ali	d811c5a7f0	cmd/tailscale/cli: handle home dir correctly on macOS for kubeconfig This ensures that we put the kubeconfig in the correct directory from within the macOS Sandbox when paired with tailscale/corp@3035ef7 Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	c01c84ea8e	cmd/tailscale/cli: add "configure kubeconfig" subcommand It takes in a node hostname and configures the local kubeconfig file to point to that. Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	181a3da513	cmd/tailscale/cli: add a hidden configure subcommand Also make `tailscale configure-host` an alias to `tailscale configure synology` Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Jenny Zhang	fe5558094c	cmd/tailscale/cli: add logout and debug info to web Fixes #7238 Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
David Anderson	bd81d520ab	cmd/printdep: print correct toolchain URL In the switch to static toolchains, we removed a legacy oddity from the toolchain URL structure, but forgot to update printdep. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	70a2929a12	version: make all exported funcs compile-time constant or lazy Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	8b2ae47c31	version: unexport all vars, turn Short/Long into funcs The other formerly exported values aren't used outside the package, so just unexport them. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Denton Gentry	5bca44d572	cmd/sync-containers: update latest and stable tags Fixes https://github.com/tailscale/tailscale/issues/7251 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Mihai Parparita	fa932fefe7	net/interfaces: redo how we get the default interface on macOS and iOS With #6566 we added an external mechanism for getting the default interface, and used it on macOS and iOS (see tailscale/corp#8201). The goal was to be able to get the default physical interface even when using an exit node (in which case the routing table would say that the Tailscale utun* interface is the default). However, the external mechanism turns out to be unreliable in some cases, e.g. when multiple cellular interfaces are present/toggled (I have occasionally gotten my phone into a state where it reports the pdp_ip1 interface as the default, even though it can't actually route traffic). It was observed that `ifconfig -v` on macOS reports an "effective interface" for the Tailscale utn* interface, which seems promising. By examining the ifconfig source code, it turns out that this is done via a SIOCGIFDELEGATE ioctl syscall. Though this is a private API, it appears to have been around for a long time (e.g. it's in the 10.13 xnu release at https://opensource.apple.com/source/xnu/xnu-4570.41.2/bsd/net/if_types.h.auto.html) and thus is unlikely to go away. We can thus use this ioctl if the routing table says that a utun* interface is the default, and go back to the simpler mechanism that we had before #6566. Updates #7184 Updates #7188 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Will Norris	6ef834a6b7	get-authkey: require tags to be specified Tailnet-owned auth keys (which all OAuth-created keys are) must include tags, since there is no user to own the registered devices. Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Maisem Ali	05adf22383	cmd/k8s-operator: add support for running an auth proxy Updates #5055 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Tom DNetto	99b9d7a621	all: implement pcap streaming for datapath debugging Updates: tailscale/corp#8470 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Denton Gentry	4daba23cd4	cmd/get-authkey: add an OAuth API client to produce an authkey Updates https://github.com/tailscale/tailscale/issues/3243 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Maisem Ali	6bae55e351	ipn/ipnlocal: add support to store certs in k8s secrets Fixes #5676 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
David Anderson	02a2dcfc86	go.toolchain.rev: use new statically built toolchain Also removes the toolchain builds from flake.nix. For now the flake build uses upstream Go 1.20, a followup change will switch it back to our custom toolchain. Updates tailscale/corp#9005 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	03645f0c27	net/{netns,netstat}: use new x/sys/cpu.IsBigEndian See golang/go#57237 Change-Id: If47ab6de7c1610998a5808e945c4177c561eab45 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	2755f3843c	health, net/tlsdial: add healthcheck for self-signed cert When we make a connection to a server, we previously would verify with the system roots, and then fall back to verifying with our baked-in Let's Encrypt root if the system root cert verification failed. We now explicitly check for, and log a health error on, self-signed certificates. Additionally, we now always verify against our baked-in Let's Encrypt root certificate and log an error if that isn't successful. We don't consider this a health failure, since if we ever change our server certificate issuer in the future older non-updated versions of Tailscale will no longer be healthy despite being able to connect. Updates #3198 Change-Id: I00be5ceb8afee544ee795e3c7a2815476abc4abf Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	1 year ago
Brad Fitzpatrick	b1248442c3	all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork Updates #7123 Updates #5309 Change-Id: I90bcd87a2fb85a91834a0dd4be6e03db08438672 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Will Norris	51e1ab5560	fixup! util/vizerror: add new package for visible errors Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Brad Fitzpatrick	ca45fe2d46	cmd/tailscale/cli: delete ActLikeCLI It's since been rewritten in Swift. #cleanup Change-Id: I0860d681e8728697804ce565f63c5613b8b1088c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Mihai Parparita	0039993359	cmd/tsconnect: update to xterm.js 5.1 It includes xtermjs/xterm.js#4216, which improves handling of some escape sequences. Unfortunately it's not enough to fix the issue with `ponysay`, but it does not hurt to be up to date. Updates #6090 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Anton Tolchanov	100d8e909e	cmd/derpprobe: migrate to the prober framework `prober.DERP` was created in #5988 based on derpprobe. Having used it instead of derpprobe for a few months, I think we have enough confidence that it works and can now migrate derpprobe to use the prober framework and get rid of code duplication. A few notable changes in behaviour: - results of STUN probes over IPv4 and IPv6 are now reported separately; - TLS probing now includes OCSP verification; - probe names in the output have changed; - ability to send Slack notification from the prober has been removed. Instead, the prober now exports metrics in Expvar (/debug/vars) and Prometheus (/debug/varz) formats. Fixes https://github.com/tailscale/corp/issues/8497 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Brad Fitzpatrick	01e736e1d5	go.toolchain.rev: update to Go 1.20rc3 Updates #7123 Change-Id: Ibdf53530251c120e7e20c24abcf4a05f2ff7ac97 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	04b57a371e	ipn/ipnlocal: drop not required StateKey parameter This is #cleanup now that #7121 is merged. Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Mihai Parparita	73d33e3f20	cmd/tsconnect: use empty string as the default state store key Makes the Wasm client more similar to the others, and allows the default profile to be correctly picked up when restarting the client in dev mode (where we persist the state in sessionStorage). Also update README to reflect that Go wasm changes can be picked up with just a reload (as of #5383) Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Maisem Ali	4441609d8f	safesocket: remove the now unused WindowsLocalPort Also drop the port param from safesocket.Listen. #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
David Anderson	e51cf1b09d	cmd/k8s-operator: use unstable tailscale image as well We need a post-1.36 tailscale image to handle custom hostnames correctly. Updates #502 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	0dc9cbc9ab	cmd/k8s-operator: use the unstable operator image There is no stable release yet, and for alpha we want people on the unstable build while we iterate. Updates #502 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Will Norris	947c14793a	all: update tools that manage copyright headers Update all code generation tools, and those that check for license headers to use the new standard header. Also update copyright statement in LICENSE file. Fixes #6865 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Will Norris	71029cea2d	all: update copyright and license headers This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Brad Fitzpatrick	a1b4ab34e6	util/httpm: add new package for prettier HTTP method constants See package doc. Change-Id: Ibbfc8e1f98294217c56f3a9452bd93ffa3103572 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Denton Gentry	7439bc7ba6	cmd/sync-containers: add github.Keychain Running sync-containers in a GitHub workflow will be simpler if we check github.Keychain, which uses the GITHUB_TOKEN if present. Updates https://github.com/tailscale/corp/issues/8461 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
David Anderson	9bd6a2fb8d	cmd/k8s-operator: support setting a custom hostname. Updates #502 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Xe Iaso	038d25bd04	cmd/nginx-auth: update Expected-Tailnet documentation (#6055 ) Signed-off-by: Xe Iaso <xe@tailscale.com>	1 year ago

1 2 3 4 5 ...

1210 Commits (311352d1959a7a89d6394ea8210fb7235fb6c57c)