tailscale

Commit Graph

Author	SHA1	Message	Date
Andrew Dunham	42fd964090	control/controlclient: use dnscache.Resolver for Noise client This passes the *dnscache.Resolver down from the Direct client into the Noise client and from there into the controlhttp client. This retains the Resolver so that it can share state across calls instead of creating a new resolver. Updates #4845 Updates #6110 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ia5d6af1870f3b5b5d7dd5685d775dcf300aec7af	1 year ago
License Updater	979d29b5f5	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Anton Tolchanov	1f4a34588b	.github: test installer script in CI in docker Every time we change `installer.sh`, run it in a few docker containers based on different Linux distros, just as a simple test. Also includes a few changes to the installer script itself to make installation work in docker: - install dnf config-manager command before running it - run zypper in non-interactive mode - update pacman indexes before installing packages Updates https://github.com/tailscale/corp/issues/8952 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Denton Gentry	a82f275619	cmd/sniproxy: Set App name in tsnet hostinfo Updates #1748 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
James Tucker	b3c3a9f174	syncs: add Map.Len to get the length of the Map I need this for a corp change where I have a set as a queue, and make a different decisison if the set is empty. Updates tailscale/corp#10344 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
ayanamist	042f82ea32	build_dist.sh: make cross-compilation friendly for env CC specified Signed-off-by: ayanamist <ayanamist@gmail.com>	1 year ago
dependabot[bot]	633d08bd7b	.github: Bump actions/setup-go from 3 to 4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
James Tucker	d35ce1add9	syncs: add documentation to Map.Range Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	c3ab36cb9d	words: charlotte 1 spell-checking-linter 0 (#7993 ) Can't have a dupe when the dupe is wrong. Clearly we need to up our spell checking game. Did anyone say AI? Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
James Tucker	8032b966a1	.github/workflows: add recency bias to action cache keys The action cache restore process either matches the restore key pattern exactly, or uses a matching prefix with the most recent date. If the restore key is an exact match, then no updates are uploaded, but if we've just computed tests executions for more recent code then we will likely want to use those results in future runs. Appending run_id to the cache key will give us an always new key, and then we will be restore a recently uploaded cache that is more likely has a higher overlap with the code being tested. Updates #7975 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Kyle Carberry	d78b334964	cmd/derper: disable http2 DERP doesn't support HTTP/2. If an HTTP/2 proxy was placed in front of a DERP server requests would fail because the connection would be initialized with HTTP/2, which the DERP client doesn't support. Signed-off-by: Kyle Carberry <kyle@carberry.com>	1 year ago
Charlotte Brandhorst-Satzkorn	161d1d281a	net/ping,netcheck: add v6 pinging capabilities to pinger (#7971 ) This change adds a v6conn to the pinger to enable sending pings to v6 addrs. Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Denton Gentry	1145b9751d	VERSION.txt: this is v1.41.0 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Brad Fitzpatrick	1e876a3c1d	ipn/ipnlocal: fix fmt format arg type mismatch in log line It was printing like "v0xxxxxxxx" after version.Long became a func in `8b2ae47c31`. Fixes #7976 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	a8f10c23b2	cmd/tailscale/cli: [up] reuse --advertise-tags for OAuth key generation We need to always specify tags when creating an AuthKey from an OAuth key. Check for that, and reuse the `--advertise-tags` param. Updates #7982 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	b2b5379348	cmd/tailscale/cli: [up] change oauth authkey format Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	13de36303d	cmd/tailscale/cli: [up] add experimental oauth2 authkey support Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
James Tucker	095d3edd33	ipn/ipnlocal: reenable profile tests on Windows This fix does not seem ideal, but the test infrastructure using a local goos doesn't seem to avoid all of the associated challenges, but is somewhat deeply tied to the setup. The core issue this addresses for now is that when run on Windows there can be no code paths that attempt to use an invalid UID string, which on Windows is described in [1]. For the goos="linux" tests, we now explicitly skip the affected migration code if runtime.GOOS=="windows", and for the Windows test we explicitly use the running users uid, rather than just the string "user1". We also now make the case where a profile exists and has already been migrated a non-error condition toward the outer API. Updates #7876 [1] https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
James Tucker	43819309e1	.github/workflows: split tests and benchmarks for caching Benchmark flags prevent test caching, so benchmarks are now executed independently of tests. Fixes #7975 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Maisem Ali	1b8a0dfe5e	ssh/tailssh: also handle recording upload failure during writes Previously we would error out when the recording server disappeared after the in memory buffer filled up for the io.Copy. This makes it so that we handle failing open correctly in that path. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
shayne	018a382729	cmd/tailscale/cli: [serve] fix MinGW path conversion (#7964 ) Fixes #7963 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
License Updater	2e07245384	licenses: update android licenses Signed-off-by: License Updater <noreply@tailscale.com>	1 year ago
License Updater	aa87e999dc	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Maisem Ali	f58751eb2b	net/packet: add NAT support for DCCP and GRE Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Marwan Sulaiman	ce11c82d51	ipn/store/awsstore: persist state with intelligent tiering Fixes #6784 This PR makes it so that we can persist the tailscaled state with intelligent tiering which increases the capacity from 4kb to 8kb Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	1 year ago
Brad Fitzpatrick	90ba26cea1	net/netcheck: fix crash when IPv6 kinda but not really works Looks like on some systems there's an IPv6 address, but then opening a IPv6 UDP socket fails later. Probably some firewall. Tolerate it better and don't crash. To repro: check the "udp6" to something like "udp7" (something that'll fail) and run "go run ./cmd/tailscale netcheck" on a machine with active IPv6. It used to crash and now it doesn't. Fixes #7949 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	7778d708a6	ssh/tailssh: handle dialing multiple recorders and failing open This adds support to try dialing out to multiple recorders each with a 5s timeout and an overall 30s timeout. It also starts respecting the actions `OnRecordingFailure` field if set, if it is not set it fails open. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	f66ddb544c	tailcfg: add SSHRecorderFailureAction and SSHRecordingFailureNotifyRequest This allows control to specify how to handle situations where the recorder isn't available. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Flakes Updater	e3b2250e26	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply@tailscale.com>	1 year ago
Andrew Dunham	6f521c138d	tailcfg: add CanPort80 field to DERPNode A follow-up PR will start using this field after we set it in our production DERPMap. Updates #7925 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Idb41b79e6055dddb8944f79d91ad4a186ace98c7	1 year ago
Andrew Dunham	04a3118d45	net/tstun: add tests for captureHook Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I630f852d9f16c951c721b34f2bc4128e68fe9475	1 year ago
Denton Gentry	c791e64881	scripts/installer: add Deepin, RisiOS. Fixes https://github.com/tailscale/tailscale/issues/7862 Fixes https://github.com/tailscale/tailscale/issues/7899 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Mihai Parparita	7330aa593e	all: avoid repeated default interface lookups On some platforms (notably macOS and iOS) we look up the default interface to bind outgoing connections to. This is both duplicated work and results in logspam when the default interface is not available (i.e. when a phone has no connectivity, we log an error and thus cause more things that we will try to upload and fail). Fixed by passing around a netmon.Monitor to more places, so that we can use its cached interface state. Fixes #7850 Updates #7621 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Will Norris	7f17e04a5a	log/sockstatlog: bump logInterval to 10 seconds We are seeing indications that some devices are still getting into an upload loop. Bump logInterval in case these devices are on slow connections that are taking more than 3 seconds to uploads sockstats. Updates #7719 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Mihai Parparita	4722f7e322	all: move network monitoring from wgengine/monitor to net/netmon We're using it in more and more places, and it's not really specific to our use of Wireguard (and does more just link/interface monitoring). Also removes the separate interface we had for it in sockstats -- it's a small enough package (we already pull in all of its dependencies via other paths) that it's not worth the extra complexity. Updates #7621 Updates #7850 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Andrew Dunham	3ede3aafe4	ipn/localapi: also verify STUN queries work in 'debug derp' Updates #6526 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I274b7ed53ee0be3fb94fdb00cafe06a1d676e1cf	1 year ago
James Tucker	f844791e15	safesocket: enable test to run on Windows unpriviliged I manually tested that the code path that relaxes pipe permissions is not executed when run with elevated priviliges, and the test also passes in that case. Updates #7876 Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
James Tucker	cd35a79136	syncs: relax TestWatchMultipleValues timing on Windows The test is re-enabled for Windows with a relaxed time assertion. On Windows the runtime poller currently does not have sufficient resolution to meet the normal requirements for this test. See https://github.com/golang/go/issues/44343 for background. Updates #7876 Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
Andrew Dunham	f85dc6f97c	ci: add more lints (#7909 ) This is a follow-up to #7905 that adds two more linters and fixes the corresponding findings. As per the previous PR, this only flags things that are "obviously" wrong, and fixes the issues found. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8739bdb7bc4f75666a7385a7a26d56ec13741b7c	1 year ago
dependabot[bot]	5acc7c4b1e	.github: Bump ruby/action-slack from 3.0.0 to 3.2.1 Bumps [ruby/action-slack](https://github.com/ruby/action-slack) from 3.0.0 to 3.2.1. - [Release notes](https://github.com/ruby/action-slack/releases) - [Commits](https://github.com/ruby/action-slack/compare/v3.0.0...v3.2.1) --- updated-dependencies: - dependency-name: ruby/action-slack dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
dependabot[bot]	c328770184	.github: Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.4 to 5.0.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](`38e0b6e68b...5b4a9f6a9e`) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
License Updater	588a234fdc	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Maisem Ali	c3ef6fb4ee	ipn/ipnlocal: handle masquerade addresses in PeerAPI Without this, the peer fails to do anything over the PeerAPI if it has a masquerade address. ``` Apr 19 13:58:15 hydrogen tailscaled[6696]: peerapi: invalid request from <ip>:58334: 100.64.0.1/32 not found in self addresses ``` Updates #8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	85de580455	net/tsdial: do not use proxies when dialing out to PeerAPI Found this when adding a test that does a ping over PeerAPI. Our integration tests set up a trafficTrap to ensure that tailscaled does not call out to the internet, and it does so via a HTTP_PROXY. When adding a test for pings over PeerAPI, it triggered the trap and investigation lead to the realization that we were not removing the Proxy when trying to dial out to the PeerAPI. Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Mihai Parparita	d0906cda97	net/sockstats: expose debug info Exposes some internal state of the sockstats package via the C2N and PeerAPI endpoints, so that it can be used for debugging. For now this includes the estimated radio on percentage and a second-by-second view of the times the radio was active. Also fixes another off-by-one error in the radio on percentage that was leading to >100% values (if n seconds have passed since we started to monitor, there may be n + 1 possible seconds where the radio could have been on). Updates tailscale/corp#9230 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Will Norris	7c386ca6d2	net/sockstats: fix calculation of radio power usage When splitting the radio monitor usage array, we were splitting at now % 3600 to get values into chronological order. This caused the value for the final second to be included at the beginning of the ordered slice rather than the end. If there was activity during that final second, an extra five seconds of high power usage would get recorded in some cases. This could result in a final calculation of greater than 100% usage. This corrects that by splitting values at (now+1 % 3600). This also simplifies the percentage calculation by always rounding values down, which is sufficient for our usage. Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
License Updater	7f057d7489	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	1 year ago
Mihai Parparita	c7cea825ae	net/netns: don't log errors when we can't get the default route on Darwin It's somewhat common (e.g. when a phone has no reception), and leads to lots of logspam. Updates #7850 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Andrew Dunham	280255acae	various: add golangci-lint, fix issues (#7905 ) This adds an initial and intentionally minimal configuration for golang-ci, fixes the issues reported, and adds a GitHub Action to check new pull requests against this linter configuration. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8f38fbc315836a19a094d0d3e986758b9313f163	1 year ago
Joe Tsai	ff1b35ec6c	net/connstats: exclude traffic with internal Tailscale service (#7904 ) Exclude traffic with 100.100.100.100 (for IPv4) and with fd7a:115c:a1e0::53 (for IPv6) since this traffic with the Tailscale service running locally on the node. This traffic never left the node. It also happens to be a high volume amount of traffic since DNS requests occur over UDP with each request coming from a unique port, thus resulting in many discrete traffic flows. Fixes tailscale/corp#10554 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago

1 2 3 4 5 ...

5686 Commits (42fd96409023f2d2d8ec0111c18e6be0c4791bad) All Branches Search

5686 Commits (42fd96409023f2d2d8ec0111c18e6be0c4791bad)

All Branches