tailscale

Commit Graph

Author	SHA1	Message	Date
Aaron Klotz	37925b3e7a	go.mod, cmd/tailscaled, ipn/localapi, util/osdiag, util/winutil, util/winutil/authenticode: add Windows module list to OS-specific logs that are written upon bugreport * We update wingoes to pick up new version information functionality (See pe/version.go in the https://github.com/dblohm7/wingoes repo); * We move the existing LogSupportInfo code (including necessary syscall stubs) out of util/winutil into a new package, util/osdiag, and implement the public LogSupportInfo function may be implemented for other platforms as needed; * We add a new reason argument to LogSupportInfo and wire that into localapi's bugreport implementation; * We add module information to the Windows implementation of LogSupportInfo when reason indicates a bugreport. We enumerate all loaded modules in our process, and for each one we gather debug, authenticode signature, and version information. Fixes #7802 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	10 months ago
Sonia Appasamy	301e59f398	tailcfg,ipn/localapi,client/tailscale: add QueryFeature endpoint Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Brad Fitzpatrick	ab7749aed7	go.toolchain.rev: go1.21rc4 (now that VERSION file is updated upstream) Updates #8419 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Andrew Lytvynov	f57cc19ba2	cmd/tailscale/cli: add latest version output to "tailscale version" (#8700 ) Add optional `--upstream` flag to `tailscale version` to fetch the latest upstream release version from `pkgs.tailscale.com`. This is useful to diagnose `tailscale update` behavior or write other tooling. Example output: $ tailscale version --upstream --json { "majorMinorPatch": "1.47.35", "short": "1.47.35", "long": "1.47.35-t6afffece8", "unstableBranch": true, "gitCommit": "6afffece8a32509aa7a4dc2972415ec58d8316de", "cap": 66, "upstream": "1.45.61" } Fixes #8669 RELNOTE=adds "tailscale version --upstream" Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
License Updater	b4c1f039b6	licenses: update android licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	10 months ago
Brad Fitzpatrick	c3b979a176	go.toolchain.rev: bump to ~go1.21rc4 Updates tailscale/go#69 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Sonia Appasamy	34bfd7b419	tailcfg: add CapabilityHTTPS const A #cleanup Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Brad Fitzpatrick	66e46bf501	ipnlocal, net/*: deprecate interfaces.GetState, use netmon more for it Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
License Updater	6d65c04987	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	10 months ago
Tom DNetto	767e839db5	all: implement lock revoke-keys command The revoke-keys command allows nodes with tailnet lock keys to collaborate to erase the use of a compromised key, and remove trust in it. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates ENG-1848	10 months ago
Aaron Klotz	7adf15f90e	cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support Previously, tailscale upgrade was doing the bare minimum for checking authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do better: * WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't determine whose signature is valid; tailscale upgrade should also ensure that the binary is actually signed by us. * I added the ability to check the signatures of MSI files. * In future PRs I will be adding diagnostic logging that lists details about every module (ie, DLL) loaded into our process. As part of that metadata, I want to be able to extract information about who signed the binaries. This code is modelled on some C++ I wrote for Firefox back in the day. See https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp for reference. Fixes #8284 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	10 months ago
Denton Gentry	ec9213a627	cmd/sniproxy: add client metrics Count number of sessions, number of DNS queries answered successfully and in error, and number of http->https redirects. Updates #1748 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	10 months ago
Andrew Lytvynov	eef15b4ffc	cmd/dist,release/dist: sign release tarballs with an ECDSA key (#8759 ) Pass an optional PEM-encoded ECDSA key to `cmd/dist` to sign all built tarballs. The signature is stored next to the tarball with a `.sig` extension. Tested this with an `openssl`-generated key pair and verified the resulting signature. Updates #8760 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
David Anderson	ed46442cb1	client/tailscale/apitype: document never-nil property of WhoIsResponse Every time I use WhoIsResponse I end up writing mildly irritating nil-checking for both Node and UserProfile, but it turns out our code guarantees that both are non-nil in successful whois responses. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
Brad Fitzpatrick	5ebb271322	derp/derphttp: add optional Client.BaseContext hook Like net/http.Server.BaseContext, this lets callers specify a base context for dials. Updates tailscale/corp#12702 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Maisem Ali	058d427fa6	tailcfg: add helper to unmarshal PeerCap values Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
salman aljammaz	68f8e5678e	wgengine/magicsock: remove dead code (#8745 ) The nonce value is not read by anything, and di.sharedKey.Seal() a few lines below generates its own. #cleanup Signed-off-by: salman <salman@tailscale.com>	10 months ago
License Updater	0554deb48c	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	10 months ago
David Anderson	6114247d0a	types/logid: add a Compare method Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	52212f4323	all: update exp/slices and fix call sites slices.SortFunc suffered a late-in-cycle API breakage. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
Claire Wang	90a7d3066c	derp: use tstime (#8634 ) Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	10 months ago
Claire Wang	2315bf246a	ipn: use tstime (#8597 ) Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	10 months ago
Andrew Lytvynov	c1ecae13ab	ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731 ) While our `shouldStartDomainRenewal` check is correct, `getCertPEM` would always bail if the existing cert is not expired. Add the same `shouldStartDomainRenewal` check to `getCertPEM` to make it proceed with renewal when existing certs are still valid but should be renewed. The extra check is expensive (ARI request towards LetsEncrypt), so cache the last check result for 1hr to not degrade `tailscale serve` performance. Also, asynchronous renewal is great for `tailscale serve` but confusing for `tailscale cert`. Add an explicit flag to `GetCertPEM` to force a synchronous renewal for `tailscale cert`. Fixes #8725 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
tinku-tailscale	aa37be70cf	api.md: update device authorize API docs to allow for deauth (#8728 ) Signed-off-by: tinku-tailscale <139132124+tinku-tailscale@users.noreply.github.com>	10 months ago
Charlotte Brandhorst-Satzkorn	35bdbeda9f	cli: introduce exit-node subcommand to list and filter exit nodes This change introduces a new subcommand, `exit-node`, along with a subsubcommand of `list` and a `--filter` flag. Exit nodes without location data will continue to be displayed when `status` is used. Exit nodes with location data will only be displayed behind `exit-node list`, and in status if they are the active exit node. The `filter` flag can be used to filter exit nodes with location data by country. Exit nodes with Location.Priority data will have only the highest priority option for each country and city listed. For countries with multiple cities, a <Country> <Any> option will be displayed, indicating the highest priority node within that country. Updates tailscale/corp#13025 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	10 months ago
David Anderson	9d89e85db7	wgengine/magicsock: document mysterious-looking assignment Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	84777354a0	wgengine/magicsock: factor out more separable parts Updates #8720 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	9a76deb4b0	disco: move disco pcap helper to disco package Updates tailscale/corp#13464 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	cde37f5307	wgengine/magicsock: factor out peerMap into separate file Updates tailscale/corp#13464 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	f7016d8c00	wgengine/magicsock: factor out endpoint into its own file Updates tailscale/corp#13464 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	c2831f6614	wgengine/magicsock: delete unused stuff Updates tailscale/corp#13464 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
Andrew Lytvynov	9edb848505	cmd/tailscale/cli: implement update on FreeBSD (#8710 ) Implement `tailscale update` on FreeBSD. This is much simpler than other platforms because `pkg rquery` lets us get the version in their repos without any extra parsing. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Maisem Ali	1ecc16da5f	tailcfg,ipn/ipnlocal,wgengine: add values to PeerCapabilities Define PeerCapabilty and PeerCapMap as the new way of sending down inter-peer capability information. Previously, this was unstructured and you could only send down strings which got too limiting for certain usecases. Instead add the ability to send down raw JSON messages that are opaque to Tailscale but provide the applications to define them however they wish. Also update accessors to use the new values. Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Andrew Lytvynov	306deea03a	cmd/tailscale/cli,version/distro: update support for Alpine (#8701 ) Similar to Arch support, use the latest version info from the official `apk` repo and don't offer explicit track or version switching. Add detection for Alpine Linux in version/distro along the way. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
David Anderson	6afffece8a	net/art: use more intelligible, go-ish state tracking in table.Get Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	4f14ed2ad6	net/art: use encoding/binary for address bit twiddling Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	f1cd67488d	net/art: move slice closer to its use Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	44ad7b3746	net/art: factor out picking the right strideTable for addr family Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	125b982ba5	net/art: make Table.Get alloc-free Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	b76d8a88ae	net/art: document return value of strideTable.delete Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	b242e2c2cb	net/art: reword confusing function docstring Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	8478358d77	net/art: use "index", not "idx" in function names Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	de5c6ed4be	net/art: document valid values of strideTable.prefix Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	736a44264f	net/art: fix comment typo Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	1e6f0bb608	net/art: fix slowPrefixTable bugs found by fuzzing One is a straight "I forgot how to Go" bug, the others are semantic mismatches with the main implementation around masking the prefixes passed to insert/delete. Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	aaca911904	net/art: add another consistency test for insert/delete Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	b145a22f55	net/art: add more exhaustive table testing Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	9cc3f7a3d6	net/art: fix format of debug output Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	ac657caaf1	net/art: add debug hooks to strideTable Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	fcf4d044fa	net/art: implement path compression optimization Updates #7781 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago

1 2 3 4 5 ...

5970 Commits (37925b3e7a96e93faa61d8251ca50b6ab918d694) All Branches Search

5970 Commits (37925b3e7a96e93faa61d8251ca50b6ab918d694)

All Branches