tailscale

Commit Graph

Author	SHA1	Message	Date
phirework	2d29f77b24	cmd/tailscale/cli: fix TUNmode display on synology web page (#7064 ) Fixes #7059 Signed-off-by: Jenny Zhang <jz@tailscale.com> Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
Vince Prignano	30380403d0	cmd/k8s-operator: remove use of InjectClient (deprecated) The dependency injection functionality has been deprecated a while back and it'll be removed in the 0.15 release of Controller Runtime. This changeset sets the Client after creating the Manager, instead of using InjectClient. Signed-off-by: Vince Prignano <vince@prigna.com>	1 year ago
Anton Tolchanov	e8b695626e	cmd/mkpkg: allow specifying recommended dependencies Updates #3151 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Brad Fitzpatrick	c8db70fd73	cmd/tailscale/cli: add debug set-expire command for testing Updates tailscale/corp#8811 Updates tailscale/corp#8613 Change-Id: I1c87806ca3ccc5c43e7ddbd6b4d521f73f7d29f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	06fff461dc	ipn/ipnstate: add PeerStatus.KeyExpiry for tailscale status --json Fixes #6712 Change-Id: I817cd5342fac8a956fcefda2d63158fa488f3395 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	b74db24149	tstest/integration: mark all integration tests as flaky Updates #7036 Change-Id: I3aec5ad680078199ba984bf8afc20b2f2eb37257 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	1 year ago
Brad Fitzpatrick	fd92fbd69e	cmd/tailscale/cli: only give systemctl hint on systemd systems Per recent user confusion on a QNAP issue. Change-Id: Ibda00013df793fb831f4088b40be8a04dfad17c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	ba5aa2c486	version, cmd/tailscale: add version.Meta, tailscale version --json Add `tailscale version --json` JSON output mode. This will be used later for a double-opt-in (per node consent like Tailscale SSH + control config) to let admins do remote upgrades via `tailscale update` via a c2n call, which would then need to verify the cmd/tailscale found on disk for running tailscale update corresponds to the running tailscaled, refusing if anything looks amiss. Plus JSON output modes are just nice to have, rather than parsing unstable/fragile/obscure text formats. Updates #6995 Updates #6907 Change-Id: I7821ab7fbea4612f4b9b7bdc1be1ad1095aca71b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	5ca22a0068	cmd/tailscale/cli: make 'tailscale update' support Debian/Ubuntu apt Updates #6995 Change-Id: I3355435db583755e0fc73d76347f6423b8939dfb Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	6793685bba	go.mod: bump AWS SDK past a breaking API change of theirs They changed a type in their SDK which meant others using the AWS APIs in their Go programs (with newer AWS modules in their caller go.mod) and then depending on Tailscale (for e.g. tsnet) then couldn't compile ipn/store/awsstore. Thanks to @thisisaaronland for bringing this up. Fixes #7019 Change-Id: I8d2919183dabd6045a96120bb52940a9bb27193b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
shayne	73399f784b	cmd/tailscale/cli: use mock impl of LocalClient for serve cmd (#6422 ) Create an interface and mock implementation of tailscale.LocalClient for serve command tests. Updates #6304 Closes #6372 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Brad Fitzpatrick	c129bf1da1	cmd/tailscale/cli: un-alpha login+switch in ShortUsage docs Change-Id: I580d4417cf03833dfa8f6a295fb416faa667c477 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	71a7b8581d	cmd/tailscale/cli: make "update" work on Windows Updates #6995 Co-authored-by: Aaron Klotz <aaron@tailscale.com> Change-Id: I16622f43156a70b6fbc8205239fd489d7378d57b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	aea251d42a	cmd/testwrapper: move from corp; mark magicsock test as flaky Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ibab5860f5797b3db151d3c27855333e43a9088a4	1 year ago
Tom DNetto	ee6d18e35f	cmd/tailscale/cli: implement --json for lock status and lock log cmds Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Brad Fitzpatrick	b657187a69	cmd/tailscale, logtail: add 'tailscale debug daemon-logs' logtail mechanism Fixes #6836 Change-Id: Ia6eb39ff8972e1aa149aeeb63844a97497c2cf04 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	d9144c73a8	cmd/tailscale: add start of "tailscale update" command Goal: one way for users to update Tailscale, downgrade, switch tracks, regardless of platform (Windows, most Linux distros, macOS, Synology). This is a start. Updates #755, etc Change-Id: I23466da1ba41b45f0029ca79a17f5796c2eedd92 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
phirework	f011a0923a	cmd/tailscale/cli: style synology outgoing access info (#6959 ) Follow-up to #6957. Updates #4015 Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
Brad Fitzpatrick	5eded58924	cmd/tailscale/cli: make web show/link Synology outgoing connection mode/docs Fixes #4015 Change-Id: I8230bb0cc3d621b6fa02ab2462cea104fa1e9cf9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	61dfbc0a6e	cmd/tailscale/cli: plumb TUN mode into tailscale web template UI works remains, but data is there now. Updates #4015 Change-Id: Ib91e94718b655ad60a63596e59468f3b3b102306 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
salman	8a1201ac42	cmd/tailscale: correct order for -terminate-tls flag in serve tcp usage The -terminate-tls flag is for the tcp subsubcommand, not the serve subcommand like the usage example suggests. Signed-off-by: salman <salman@tailscale.com>	1 year ago
Denton Gentry	22ebb25e83	cmd/tailscale: disable HTTPS verification for QNAP auth. QNAP's "Force HTTPS" mode redirects even localhost HTTP to HTTPS, but uses a self-signed certificate which fails verification. We accommodate this by disabling checking of the cert. Fixes https://github.com/tailscale/tailscale/issues/6903 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Brad Fitzpatrick	1116602d4c	ssh/tailssh: add OpenBSD support for Tailscale SSH And bump go.mod for https://github.com/u-root/u-root/pull/2593 Change-Id: I36ec94c5b2b76d671cb739f1e9a1a43ca1d9d1b1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	39efba528f	cmd/containerboot: use TS_AUTHKEY as the parameter for auth keys We still accept the previous TS_AUTH_KEY for backwards compatibility, but the documented option name is the spelling we use everywhere else. Updates #6321 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	69c0b7e712	ipn/ipnlocal: add c2n handler to flush logtail for support debugging Updates tailscale/corp#8564 Change-Id: I0c619d4007069f90cffd319fba66bd034d63e84d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Tom DNetto	673b3d8dbd	net/dns,userspace: remove unused DNS paths, normalize query limit on iOS With `a42a594bb3`, iOS uses netstack and hence there are no longer any platforms which use the legacy MagicDNS path. As such, we remove it. We also normalize the limit for max in-flight DNS queries on iOS (it was 64, now its 256 as per other platforms). It was 64 for the sake of being cautious about memory, but now we have 50Mb (iOS-15 and greater) instead of 15Mb so we have the spare headroom. Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Tom DNetto	907f85cd67	cmd/tailscale,tka: make KeyID return an error instead of panicking Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Tom DNetto	8724aa254f	cmd/tailscale,tka: implement compat for TKA messages, minor UX tweaks Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
David Anderson	91e64ca74f	cmd/tailscale/cli: redact private key in debug netmap output by default This makes `tailscale debug watch-ipn` safe to use for troubleshooting user issues, in addition to local debugging during development. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Denton Gentry	467ace7d0c	cmd/tailscale: use localhost for QNAP authLogin.cgi When the user clicks on the Tailscale app in the QNAP App Center, we do a GET from /cgi-bin/authLogin.cgi to look up their SID. If the user clicked "secure login" on the QNAP login page to use HTTPS, then our access to authLogin.cgi will also use HTTPS but the certiciate is self-signed. Our GET fails with: Get "https://10.1.10.41/cgi-bin/authLogin.cgi?sid=abcd0123": x509: cannot validate certificate for 10.1.10.41 because it doesn't contain any IP SANs or similar errors. Instead, access QNAP authentication via http://localhost:8080/ as documented in https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf Fixes https://github.com/tailscale/tailscale-qpkg/issues/62 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Brad Fitzpatrick	aad6830df0	util/codegen, all: use latest year, not time.Now, in generated files Updates #6865 Change-Id: I6b86c646968ebbd4553cf37df5e5612fbf5c5f7d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	7bfb9999ee	cmd/printdep: support printing the toolchain SRI hash. Updates #6845. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	3599364312	cmd/nardump: Go tool to build Nix NARs and compute their hashes. Updates #6845. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Claire Wang	a45c9f982a	wgengine/netstack: change netstack API to require LocalBackend The macOS client was forgetting to call netstack.Impl.SetLocalBackend. Change the API so that it can't be started without one, eliminating this class of bug. Then update all the callers. Updates #6764 Change-Id: I2b3a4f31fdfd9fdbbbbfe25a42db0c505373562f Signed-off-by: Claire Wang <claire@tailscale.com> Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
andig	14e8afe444	go.mod, etc: bump gvisor Fixes #6554 Change-Id: Ia04ae37a47b67fa57091c9bfe1d45a1842589aa8 Signed-off-by: andig <cpuidle@gmx.de>	1 year ago
Brad Fitzpatrick	8aac77aa19	cmd/tailscale: fix "up" warning about netfilter-mode on Synology Fixes #6811 Change-Id: Ia43723e6ebedc9b01729897cec271c462b16e9ae Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	a1ded4c166	cmd/sync-containers: add a dry-run option. Updates tailscale/corp#8461 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	e5fe205c31	cmd/sync-containers: program to sync tags between container registries. Updates tailscale/corp#8461 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	a06217a8bd	cmd/tailscale/cli: hide Windows named pipe default name in flag help It's long & distracting for how low value it is. Fixes #6766 Change-Id: I51364f25c0088d9e63deb9f692ba44031f12251b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Jordan Whited	914d115f65	go.mod: bump tailscale/wireguard-go for big-endian fix (#6785 ) Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
David Anderson	af3127711a	cmd/containerboot: allow disabling secret storage in k8s. In some configurations, user explicitly do not want to store tailscale state in k8s secrets, because doing that leads to some annoying permission issues with sidecar containers. With this change, TS_KUBE_SECRET="" and TS_STATE_DIR=/foo will force storage to file when running in kubernetes. Fixes #6704. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	c02ccf6424	go.mod: bump dhcp dep to remove another endian package from our tree To pull in insomniacslk/dhcp#484 to pull in u-root/uio#8 Updates golang/go#57237 Change-Id: I1e56656e0dc9ec0b870f799fe3bc18b3caac1ee4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	8171eb600c	cmd/k8s-operator: move the operator into its own namespace. The operator creates a fair bit of internal cluster state to manage proxying, dumping it all in the default namespace is handy for development but rude for production. Updates #502 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	3a5fc233aa	cmd/k8s-operator: use oauth credentials for API access. This automates both the operator's initial login, and provisioning/deprovisioning of proxies. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	a7ab3429b6	cmd/k8s-operator: refactor reconcile loop, un-plumbing reconcile.Result. We used to need to do timed requeues in a few places in the reconcile logic, and the easiest way to do that was to plumb reconcile.Result return values around. But now we're purely event-driven, so the only thing we care about is whether or not an error occurred. Incidentally also fix a very minor bug where headless services would get completely ignored, rather than reconciled into the correct state. This shouldn't matter in practice because you can't transition from a headful to a headless service without a deletion, but for consistency let's avoid having a path that takes no definite action if a service of interest does exist. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Denton Gentry	da53b1347b	cmd/gitops-pusher: support alternate api-server URLs Fixes https://github.com/tailscale/coral/issues/90 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
David Anderson	835a73cc1f	cmd/k8s-operator: remove unnecessary timed requeue. Previously, we had to do blind timed requeues while waiting for the tailscale hostname, because we looked up the hostname through the API. But now the proxy container image writes back its hostname to the k8s secret, so we get an event-triggered reconcile automatically when the time is right. Updates #502 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	d857fd00b3	cmd/k8s-operator: sprinkle debug logging throughout. As is convention in the k8s world, use zap for structured logging. For development, OPERATOR_LOGGING=dev switches to a more human-readable output than JSON. Updates #502 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	8ccd707218	cmd/k8s-operator: remove times requeues in proxy deletion path. Our reconcile loop gets triggered again when the StatefulSet object finally disappears (in addition to when its deletion starts, as indicated by DeletionTimestamp != 0). So, we don't need to queue additional reconciliations to proceed with the remainder of the cleanup, that happens organically. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	9c77205ba1	cmd/k8s-operator: add more tests for "normal" paths. Tests cover configuring a proxy through an annotation rather than a LoadBalancerClass, and converting between those two modes at runtime. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	c902190e67	cmd/k8s-operator: factor out some of the larger expected test outputs. For other test cases, the operator is going to produce similar generated objects in several codepaths, and those objects are large. Move them out to helpers so that the main test code stays a bit more intelligible. The top-level Service that we start and end with remains in the main test body, because its shape at the start and end is one of the main things that varies a lot between test cases. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	8dbb3b8bbe	cmd/k8s-operator: remove unused structs. Cleanup missed in #6718 . Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	53a9cc76c7	cmd/k8s-operator: rename main.go -> operator.go. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	bc8f5a7734	cmd/k8s-operator: add a basic unit test. The test verifies one of the successful reconcile paths, where a client requests an exposed service via a LoadBalancer class. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	3b7ae39a06	cmd/k8s-operator: use the client's authkey method to create auth keys. Also introduces an intermediary interface for the tailscale client, in preparation for operator tests that fake out the Tailscale API interaction. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	ca08e316af	util/endian: delete package; use updated josharian/native instead See josharian/native#3 Updates golang/go#57237 Change-Id: I238c04c6654e5b9e7d9cfb81a7bbc5e1043a84a2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	b2d4abf25a	cmd/k8s-operator: add a kubernetes operator. This was initially developed in a separate repo, but for build/release reasons and because go module management limits the damage of importing k8s things now, moving it into this repo. At time of commit, the operator enables exposing services over tailscale, with the 'tailscale' loadBalancerClass. It also currently requires an unreleased feature to access the Tailscale API, so is not usable yet. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Aaron Klotz	53e2010b8a	cmd/tailscaled: change Windows implementation to shut down subprocess via closing its stdin We've been doing a hard kill of the subprocess, which is only safe as long as both the cli and gui are not running and the subprocess has had the opportunity to clean up DNS settings etc. If unattended mode is turned on, this is definitely unsafe. I changed babysitProc to close the subprocess's stdin to make it shut down, and then I plumbed a cancel function into the stdin reader on the subprocess side. Fixes https://github.com/tailscale/corp/issues/5621 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
shayne	9d335aabb2	cmd/tailscale/cli: [ssh] fix typo in help text (#6694 ) arugments => arguments Signed-off-by: shayne <79330+shayne@users.noreply.github.com>	1 year ago
Jordan Whited	ea5ee6f87c	all: update golang.zx2c4.com/wireguard to github.com/tailscale/wireguard-go (#6692 ) This is temporary while we work to upstream performance work in https://github.com/WireGuard/wireguard-go/pull/64. A replace directive is less ideal as it breaks dependent code without duplication of the directive. Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Walter Poupore	383e203fd2	cmd/tailscale/cli: update lock status help strings (#6675 ) Signed-off-by: Walter Poupore <walterp@tailscale.com> Signed-off-by: Walter Poupore <walterp@tailscale.com>	1 year ago
Jordan Whited	76389d8baf	net/tstun, wgengine/magicsock: enable vectorized I/O on Linux (#6663 ) This commit updates the wireguard-go dependency and implements the necessary changes to the tun.Device and conn.Bind implementations to support passing vectors of packets in tailscaled. This significantly improves throughput performance on Linux. Updates #414 Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: James Tucker <james@tailscale.com> Co-authored-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	389238fe4a	cmd/tailscale/cli: add workaround for improper named socket quoting in ssh command This avoids the issue in the common case where the socket path is the default path, avoiding the immediate need for a Windows shell quote implementation. Updates #6639 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Tom DNetto	e27f4f022e	cmd/tailscale/cli: add progress to tailscale file cp Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
shayne	98114bf608	cmd/tailscale/cli, ipn/localapi: add funnel status to status command (#6402 ) Fixes #6400 open up GETs for localapi serve-config to allow read-only access to ServeConfig `tailscale status` will include "Funnel on" status when Funnel is configured. Prints nothing if Funnel is not running. Example: $ tailscale status <nodes redacted> # Funnel on: # - https://node-name.corp.ts.net # - https://node-name.corp.ts.net:8443 # - tcp://node-name.corp.ts.net:10000 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	2 years ago
David Anderson	1b65630e83	cmd/containerboot: switch to IPN bus monitoring instead of polling. We still have to shell out to `tailscale up` because the container image's API includes "arbitrary flags to tailscale up", unfortunately. But this should still speed up startup a little, and also enables k8s-bound containers to update their device information as new netmap updates come in. Fixes #6657 Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Tom DNetto	55e0512a05	ipn/ipnlocal,cmd/tailscale: minor improvements to lock modify command * Do not print the status at the end of a successful operation * Ensure the key of the current node is actually trusted to make these changes Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Aaron Klotz	98f21354c6	cmd/tailscaled: add a special command to tailscaled's Windows service for removing WinTun WinTun is installed lazily by tailscaled while it is running as LocalSystem. Based upon what we're seeing in bug reports and support requests, removing WinTun as a lesser user may fail under certain Windows versions, even when that user is an Administrator. By adding a user-defined command code to tailscaled, we can ask the service to do the removal on our behalf while it is still running as LocalSystem. * The uninstall code is basically the same as it is in corp; * The command code will be sent as a service control request and is protected by the SERVICE_USER_DEFINED_CONTROL access right, which requires Administrator. I'll be adding follow-up patches in corp to engage this functionality. Updates https://github.com/tailscale/tailscale/issues/6433 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
David Anderson	367228ef82	cmd/containerboot: gracefully degrade if missing patch permissions in k8s. Fixes #6629. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Andrew Dunham	a887ca7efe	ipn/ipnlocal: improve redactErr to handle more cases This handles the case where the inner os.PathError is wrapped in another error type, and additionally will redact errors of type os.LinkError. Finally, add tests to verify that redaction works. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ie83424ff6c85cdb29fb48b641330c495107aab7c	2 years ago
David Anderson	e36c27bcd1	cmd/containerboot: check that k8s secret permissions are correct. Updates #6629. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	e79a1eb24a	cmd/containerboot: refactor tests to have more explicit phases. In preparation for making startup more complex with IPN bus watches. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	e04aaa7575	cmd/containerboot: split tailscaled bringup and auth phases. In preparation for reworking auth to use IPN bus watch. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	a469ec8ff6	cmd/containerboot: fix some lint. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Anton Tolchanov	5ff946a9e6	cmd/containerboot: fix TS_STATE_DIR environment variable It's supposed to set `--statedir` rather than `--state` file. Fixes #6634. Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 years ago
Brad Fitzpatrick	1598cd0361	net/tsaddr: remove ContainsFunc helpers (they're now in x/exp/slices) x/exp/slices now has ContainsFunc (golang/go#53983) so we can delete our versions. Change-Id: I5157a403bfc1b30e243bf31c8b611da25e995078 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Mihai Parparita	cb525a1aad	cmd/tailscaled: fix typo in netstack variable name Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Maisem Ali	96cad35870	cmd/tailscaled: rename variables to be more descriptive renamed from `useNetstack` to `onlyNetstack` which is 1 letter more but more descriptive because we always have netstack enabled and `useNetstack` doesn't convey what it is supposed to be used for. e.g. we always use netstack for Tailscale SSH. Also renamed shouldWrapNetstack to handleSubnetsInNetstack as it was only used to configure subnet routing via netstack. Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Mihai Parparita	5b8323509f	cmd/tailscale/cli: use "account" instead of "profile" in user-visible text Matches the UI clients Updates #713 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Maya Kaczorowski	d5b4d2e276	cmd/tailscale/cli: improve tailnet lock help (#6583 ) Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com> Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>	2 years ago
Walter Poupore	74b47eaad6	cmd/tailscale/cli: Fix 'tailscale switch' error message (#6585 ) Updates #713. Signed-off-by: Walter Poupore <walterp@tailscale.com> Signed-off-by: Walter Poupore <walterp@tailscale.com>	2 years ago
Maisem Ali	a5a3188b7e	cmd/tailscale/cli: unhide login and switch subcommands Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maya Kaczorowski	a1084047ce	cmd/tailscale/cli: capitalize Get (#6586 ) Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com> Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>	2 years ago
Tom DNetto	74c1f632f6	types/key,cmd/tailscale/cli: support tlpub prefix for tailnet-lock keys Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	8dd1418774	ipn{,/ipnlocal}: add ipn.NotifyInitial* flags to WatchIPNBus To simplify clients getting the initial state when they subscribe. Change-Id: I2490a5ab2411253717c74265a46a98012b80db82 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	197a4f1ae8	types/ptr: move all the ptrTo funcs to one new package's ptr.To Change-Id: Ia0b820ffe7aa72897515f19bd415204b6fe743c7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	9a80b8fb10	cmd/tailscale,ipn: surface TKA-filtered peers in lock status command Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	731be07777	cmd/tailscale/cli: show rotation key when suggesting lock sign command Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	f710d1cb20	cmd/tailscale/cli: add set --unattended on Windows Fixes #6567 Change-Id: I8cb57196c601466401f8602eb50456e7cf7c31ef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Denton Gentry	a200a23f97	Revert "cmd/tailscale: access QNAP via localhost" When running `tailscale web` as a standalone process, it was necessary to send auth requests to QTS using localhost to avoid hitting the proxy recursively. However running `tailscale web` as a process means it is consuming RAM all the time even when it isn't actively doing anything. After switching back to the `tailscale web` CGI mode, we don't need to specifically use localhost for QNAP auth. This reverts commit `e0cadc5496`. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	2 years ago
Maisem Ali	adc302f428	all: use named pipes on windows Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Tom DNetto	45042a76cd	cmd/tailscale,ipn: store disallowed TKA's in prefs, lock local-disable Take 2 of https://github.com/tailscale/tailscale/pull/6546 Builds on https://github.com/tailscale/tailscale/pull/6560 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	390d1bb871	Revert "ipn,types/persist: store disallowed TKA's in prefs, lock local-disable" This reverts commit `f1130421f0`. It was submitted with failing tests (go generate checks) Requires a lot of API changes to fix so rolling back instead of forward. Change-Id: I024e8885c0ed44675d3028a662f386dda811f2ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	f1130421f0	ipn,types/persist: store disallowed TKA's in prefs, lock local-disable Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	0a10a5632b	cmd/tailscaled: add TS_DEBUG_BACKEND_DELAY_SEC for testing async startup This adds an envknob to make testing async startup more reproducible. We want the Windows GUI to behave well when wintun is not (or it's doing its initial slow driver installation), but during testing it's often too fast to see that it's working. This lets it be slowed down. Updates #6522 Change-Id: I6ae19f46e270ea679cbaea32a53888efcf2943a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Joe Tsai	2e5d08ec4f	net/connstats: invert network logging data flow (#6272 ) Previously, tstun.Wrapper and magicsock.Conn managed their own statistics data structure and relied on an external call to Extract to extract (and reset) the statistics. This makes it difficult to ensure a maximum size on the statistics as the caller has no introspection into whether the number of unique connections is getting too large. Invert the control flow such that a connstats.Statistics is registered with tstun.Wrapper and magicsock.Conn. Methods on non-nil connstats.Statistics are called for every packet. This allows the implementation of connstats.Statistics (in the future) to better control when it needs to flush to ensure bounds on maximum sizes. The value registered into tstun.Wrapper and magicsock.Conn could be an interface, but that has two performance detriments: 1. Method calls on interface values are more expensive since they must go through a virtual method dispatch. 2. The implementation would need a sync.Mutex to protect the statistics value instead of using an atomic.Pointer. Given that methods on constats.Statistics are called for every packet, we want reduce the CPU cost on this hot path. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	35c10373b5	types/logid: move logtail ID types here (#6336 ) Many packages reference the logtail ID types, but unfortunately pull in the transitive dependencies of logtail. Fix this problem by putting the log ID types in its own package with minimal dependencies. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Aaron Klotz	6e33d2da2b	ipn/ipnauth, util/winutil: add temporary LookupPseudoUser workaround to address os/user.LookupId errors on Windows I added util/winutil/LookupPseudoUser, which essentially consists of the bits that I am in the process of adding to Go's standard library. We check the provided SID for "S-1-5-x" where 17 <= x <= 20 (which are the known pseudo-users) and then manually populate a os/user.User struct with the correct information. Fixes https://github.com/tailscale/tailscale/issues/869 Fixes https://github.com/tailscale/tailscale/issues/2894 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Brad Fitzpatrick	3b0de97e07	cmd/tailscaled: unify the two Windows paths + separate IPN server path tailscaled on Windows had two entirely separate start-up paths for running as a service vs in the foreground. It's been causing problems for ages. This unifies the two paths, making them be the same as the path used for every other platform. Also, it uses the new async LocalBackend support in ipnserver.Server so the Server can start serving HTTP immediately, even if tun takes awhile to come up. Updates #6535 Change-Id: Icc8c4f96d4887b54a024d7ac15ad11096b5a58cf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	ea25ef8236	util/set: add new set package for SetHandle type We use this pattern in a number of places (in this repo and elsewhere) and I was about to add a fourth to this repo which was crossing the line. Add this type instead so they're all the same. Also, we have another Set type (SliceSet, which tracks its keys in order) in another repo we can move to this package later. Change-Id: Ibbdcdba5443fae9b6956f63990bdb9e9443cefa9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago

1 2 3 4 5 ...

1210 Commits (311352d1959a7a89d6394ea8210fb7235fb6c57c)