tailscale

Commit Graph

Author	SHA1	Message	Date
Maisem Ali	4de1601ef4	ssh/tailssh: add support for sending multiple banners Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
License Updater	91b5c50b43	licenses: update win/apple licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Maisem Ali	ecf6cdd830	ssh/tailssh: add TestSSHAuthFlow Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	f16b77de5d	ssh/tailssh: do the full auth flow during ssh auth Fixes #5091 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
License Updater	c8a3d02989	licenses: update android licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Brad Fitzpatrick	6d76764f37	ipn/ipnlocal: fix taildrop target list UI bug The macOS and iOS apps that used the /localapi/v0/file-targets handler were getting too many candidate targets. They wouldn't actually accept the file. This is effectively just a UI glitch in the wrong hosts being listed as valid targets from the source side. Change-Id: I6907a5a1c3c66920e5ec71601c044e722e7cb888 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	b84ec521bf	ssh/tailssh: do not send EOT on session disconnection This was assumed to be the fix for mosh not working, however turns out all we really needed was the duplicate fd also introduced in the same commit (`af412e8874`). Fixes #5103 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Joe Tsai	82f5f438e0	wgengine/wgcfg: plumb down audit log IDs (#5855 ) The node and domain audit log IDs are provided in the map response, but are ultimately going to be used in wgengine since that's the layer that manages the tstun.Wrapper. Do the plumbing work to get this field passed down the stack. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Mihai Parparita	92ad56ddcb	cmd/tsconnect: close the SSH session an unload event instead of beforeunload The window may not end up getting unloaded (if other beforeunload handlers prevent the event), thus we should only close the SSH session if it's truly getting unloaded. Updates tailscale/corp#7304 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Joe Tsai	84e8f25c21	net/tstun: rename statististics method (#5852 ) Rename StatisticsEnable as SetStatisticsEnabled to be consistent with other similarly named methods. Rename StatisticsExtract as ExtractStatistics to follow the convention where methods start with a verb. It was originally named with Statistics as a prefix so that statistics related methods would sort well in godoc, but that property no longer holds. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	dd045a3767	net/flowtrack: add json tags to Tuple (#5849 ) By convention, JSON serialization uses camelCase. Specify such names on the Tuple type. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	a73c423c8a	net/tunstats: add Counts.Add (#5848 ) The Counts.Add method merges two Counts together. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	3af0d4d0f2	logtail: always record timestamps in UTC (#5732 ) Upstream optimizations to the Go time package will make unmarshaling of time.Time 3-6x faster. See: * https://go.dev/cl/425116 * https://go.dev/cl/425197 * https://go.dev/cl/429862 The last optimization avoids a []byte -> string allocation if the timestamp string less than than 32B. Unfortunately, the presence of a timezone breaks that optimization. Drop recording of timezone as this is non-essential information. Most of the performance gains is upon unmarshal, but there is also a slight performance benefit to not marshaling the timezone as well. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	c321363d2c	logtail: support a copy ID (#5851 ) The copy ID operates similar to a CC in email where a message is sent to both the primary ID and also the copy ID. A given log message is uploaded once, but the log server records it twice for each ID. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	24ebf161e8	net/tstun: instrument Wrapper with statistics gathering (#5847 ) If Wrapper.StatisticsEnable is enabled, then per-connection counters are maintained. If enabled, Wrapper.StatisticsExtract must be periodically called otherwise there is unbounded memory growth. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Tom DNetto	a37ee8483f	ipn/ipnlocal: fix data race from missing lock in NetworkLockStatus Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	7714261566	go.toolchain.rev: update to Go 1.19.2 Changes: https://github.com/tailscale/go/commits/build-3fd24dee31726924c1b61c8037a889b30b8aa0f6 Change-Id: I61b83eef2b812879544a5226687606ae792b0786 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	8602061f32	ipn/ipnlocal,tka: Fix bugs found by integration testing * tka.State.staticValidateCheckpoint could call methods on a contained key prior to calling StaticValidate on that key * Remove broken backoff / RPC retry logic from tka methods in ipn/ipnlocal, to be fixed at a later time * Fix NetworkLockModify() which would attempt to take b.mu twice and deadlock, remove now-unused dependence on netmap * Add methods on ipnlocal.LocalBackend to be used in integration tests * Use TAILSCALE_USE_WIP_CODE as the feature flag so it can be manipulated in tests Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	73db56af52	ipn/ipnlocal: filter peers with bad signatures when tka is enabled Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Kristoffer Dalby	01ebef0f4f	tailcfg: add views for ControlDialPlan (#5843 )	2 years ago
Will Norris	62bc1052a2	tsweb: allow HTTPError to unwrap errors Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
License Updater	2243dbccb7	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Brad Fitzpatrick	b1bd96f114	go.mod, ssh/tailssh: fix ImplictAuthMethod typo Fixes #5745 Change-Id: Ie8bc88bd465a9cb35b0ae7782d61ce96480473ee Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
David Anderson	fde20f3403	cmd/pgproxy: link to blog post at the top. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Mihai Parparita	7ffd2fe005	cmd/tsconnect: switch to non-beta versions of xterm and related packages xterm 5.0 was released a few weeks ago, and it picks up xtermjs/xterm.js#4069, which was the main reason why we were on a 5.0 beta. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Joe Tsai	2934c5114c	net/tunstats: new package to track per-connection counters (#5818 ) High-level API: type Statistics struct { ... } type Counts struct { TxPackets, TxBytes, RxPackets, RxBytes uint64 } func (Statistics) UpdateTx([]byte) func (Statistics) UpdateRx([]byte) func (*Statistics) Extract() map[flowtrack.Tuple]Counts The API accepts a []byte instead of a packet.Parsed so that a future implementation can directly hash the address and port bytes, which are contiguous in most IP packets. This will be useful for a custom concurrent-safe hashmap implementation. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
David Anderson	bdf3d2a63f	cmd/pgproxy: open-source our postgres TLS-enforcing proxy. From the original commit that implemented it: It accepts Postgres connections over Tailscale only, dials out to the configured upstream database with TLS (using strong settings, not the swiss cheese that postgres defaults to), and proxies the client through. It also keeps an audit log of the sessions it passed through, along with the Tailscale-provided machine and user identity of the connecting client. In our other repo, this was: commit 92e5edf98e8c2be362f564a408939a5fc3f8c539, Change-Id I742959faaa9c7c302bc312c7dc0d3327e677dc28. Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
License Updater	c5ce355756	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Florian Lehner	7e0ffc17fd	Address GO-2022-0969 HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service. Signed-off-by: Florian Lehner <dev@der-flo.net>	2 years ago
Florian Lehner	17348915fa	Address GO-2020-0042 Due to improper path santization, RPMs containing relative file paths can cause files to be written (or overwritten) outside of the target directory. Signed-off-by: Florian Lehner <dev@der-flo.net>	2 years ago
Brad Fitzpatrick	1841d0bf98	wgengine/magicsock: make debug-level stuff not logged by default And add a CLI/localapi and c2n mechanism to enable it for a fixed amount of time. Updates #1548 Change-Id: I71674aaf959a9c6761ff33bbf4a417ffd42195a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Dunham	5c69961a57	cmd/tailscale/cli: add --record flag to bugreport (#5826 ) Change-Id: I02bdc37a5c1a5a5d030c136ec5e84eb4c9ab1752 Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Andrew Dunham	e5636997c5	wgengine: don't re-allocate trimmedNodes map (#5825 ) Change-Id: I512945b662ba952c47309d3bf8a1b243e05a4736 Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
License Updater	445c8a4671	licenses: update win/apple licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Andrew Dunham	d7c0410ea8	ipn/localapi: print hostinfo and health on bugreport (#5816 ) This information is super helpful when debugging and it'd be nice to not have to scroll around in the logs to find it near a bugreport. Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Maisem Ali	4102a687e3	tsnet: fix netstack leak on Close Identified while investigating a goroutine leak in a different repo. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	5fc8843c4c	docs/k8s: [proxy] fix sysctl command Fixes #5805 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Mihai Parparita	8343b243e7	all: consistently initialize Logf when creating tsdial.Dialers Most visible when using tsnet.Server, but could have resulted in dropped messages in a few other places too. Fixes #5743 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Cuong Manh Le	a7efc7bd17	util/singleflight: sync with upstream Sync with golang.org/x/sync/singleflight at commit 8fcdb60fdcc0539c5e357b2308249e4e752147f1 Fixes #5790 Signed-off-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>	2 years ago
Josh Soref	d4811f11a0	all: fix spelling mistakes Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2 years ago
Joe Tsai	e73657d7aa	logpolicy: directly expose the logtail server URL (#5788 ) Callers of LogHost often jump through hoops to undo the loss of information dropped by LogHost (e.g., the HTTP scheme). Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Brad Fitzpatrick	bb7be74756	net/dns/publicdns: permit more NextDNS profile bits in its IPv6 suffix I brain-o'ed the math earlier. The NextDNS prefix is /32 (actually /33, but will guarantee last bit is 0), so we have 128-32 = 96 bits (12 bytes) of config/profile ID that we can extract. NextDNS doesn't currently use all those, but might. Updates #2452 Change-Id: I249bd28500c781e45425fd00fd3f46893ae226a2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Adrian Dewhurst	c581ce7b00	cmd/tailscale, client, ipn, tailcfg: add network lock modify command Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Andrew Dunham	420d841292	wgengine: log subnet router decision at v1 if we have a BIRD client (#5786 ) Updates tailscale/coral#82 Change-Id: I398d75f7e178ff7c531ca09899c82cf974fc30c9 Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Tom DNetto	58ffe928af	ipn/ipnlocal, tka: Implement TKA synchronization with the control plane Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	ab591906c8	wgengine/router: Increase range of rule priorities when detecting mwan3 Context: https://github.com/tailscale/tailscale/pull/5588#issuecomment-1260655929 It seems that if the interface at index 1 is down, the rule is not installed. As such, we increase the range we detect up to 2004 in the hope that at least one of the interfaces 1-4 will be up. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Mihai Parparita	9214b293e3	tstime: add ParseDuration helper function More expressive than time.ParseDuration, also accepting d (days) and w (weeks) literals. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Aaron Klotz	44f13d32d7	cmd/tailscaled, util/winutil: log Windows service diagnostics when the wintun device fails to install I added new functions to winutil to obtain the state of a service and all its depedencies, serialize them to JSON, and write them to a Logf. When tstun.New returns a wrapped ERROR_DEVICE_NOT_AVAILABLE, we know that wintun installation failed. We then log the service graph rooted at "NetSetupSvc". We are interested in that specific service because network devices will not install if that service is not running. Updates https://github.com/tailscale/tailscale/issues/5531 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Brad Fitzpatrick	18159431ab	logpolicy: fix, test LogHost to work as documented Change-Id: I225c9602a7587c69c237e336d0714fc8315ea6bd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Dunham	a5fab23e8f	net/dns: format OSConfig correctly with no pointers (#5766 ) Fixes tailscale/tailscale#5669 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago

1 2 3 4 5 ...

4582 Commits (4de1601ef44a4959543bdbb88f0cd90997bab2cf) All Branches Search

4582 Commits (4de1601ef44a4959543bdbb88f0cd90997bab2cf)

All Branches