tailscale

Commit Graph

Author	SHA1	Message	Date
Ross Zurowski	6d02a48d8d	ipn: add `TailnetStatus` field to `tailscale status --json` (#3865 ) We need to capture some tailnet-related information for some Docker features we're building. This exposes the tailnet name and MagicDNS information via `tailscale status --json`. Fixes tailscale/corp#3670 Signed-off-by: Ross Zurowski <ross@rosszurowski.com>	2 years ago
Brad Fitzpatrick	01e8a152f7	ipn/ipnlocal: log most of Hostinfo once non-verbose at start-up Our previous Hostinfo logging was all as a side effect of telling control. And it got marked as verbose (as it was) This adds a one-time Hostinfo logging that's not verbose, early in start-up. Change-Id: I1896222b207457b9bb12ffa7cf361761fa4d3b3a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	a19c110dd3	envknob: track, log env knobs in use Fixes #3921 Change-Id: I8186053b5c09c43f0358b4e7fdd131361a6d8f2e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	2db6cd1025	ipn/ipnlocal, wgengine/magicsock, logpolicy: quiet more logs Updates #1548 Change-Id: Ied169f872e93be2857890211f2e018307d4aeadc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	86a902b201	all: adjust some log verbosity Updates #1548 Change-Id: Ia55f1b5dc7dfea09a08c90324226fb92cd10fa00 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	bd90781b34	ipn/ipnlocal, wgengine/netstack: use netstack for peerapi server We're finding a bunch of host operating systems/firewalls interact poorly with peerapi. We either get ICMP errors from the host or users need to run commands to allow the peerapi port: https://github.com/tailscale/tailscale/issues/3842#issuecomment-1025133727 ... even though the peerapi should be an internal implementation detail. Rather than fight the host OS & firewalls, this change handles the server side of peerapi entirely in netstack (except on iOS), so it never makes its way to the host OS where it might be messed with. Two main downsides are: 1) netstack isn't as fast, but we don't really need speed for peerapi. And actually, with fewer trips to/from the kernel, we might actually make up for some of the netstack performance loss by staying in userspace. 2) tcpdump / Wireshark etc packet captures will no longer see the peerapi traffic. Oh well. Crawshaw's been wanting to add packet capture server support to tailscaled, so we'll probably do that sooner now. A future change might also then use peerapi for the client-side (except on iOS). Updates #3842 (probably fixes, as well as many exit node issues I bet) Change-Id: Ibc25edbb895dc083d1f07bd3cab614134705aa39 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	857cd6c0d7	ipn/ipnstate: add TailnetName to status RELNOTE=tailscale status --json \| jq .TailnetName Fixes tailscale/corp#3665 Change-Id: I85de027ba2781eb31ee1e0c5ab913b0dfa5b4c86 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	f3c0023add	wgengine/netstack: add an SSH server experiment Disabled by default. To use, run tailscaled with: TS_SSH_ALLOW_LOGIN=you@bar.com And enable with: $ TAILSCALE_USE_WIP_CODE=true tailscale up --ssh=true Then ssh [any-user]@[your-tailscale-ip] for a root bash shell. (both the "root" and "bash" part are temporary) Updates #3802 Change-Id: I268f8c3c95c8eed5f3231d712a5dc89615a406f0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	41fd4eab5c	envknob: add new package for all the strconv.ParseBool(os.Getenv(..)) A new package can also later record/report which knobs are checked and set. It also makes the code cleaner & easier to grep for env knobs. Change-Id: Id8a123ab7539f1fadbd27e0cbeac79c2e4f09751 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	3690bfecb0	ipn/ipnlocal: fix cert fetching on macOS GUI platforms And clarify the directory they get written to when under the sandbox. Fixes #3667 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	506c727e30	ipnlocal, net/{dns,tsaddr,tstun}, wgengine: support MagicDNS on IPv6 Fixes #3660 RELNOTE=MagicDNS now works over IPv6 when CGNAT IPv4 is disabled. Change-Id: I001e983df5feeb65289abe5012dedd177b841b45 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	b09000ad5d	ipn/localapi: add debug handler to Rebind, ReSTUN magicsock And more later probably. Updates #3619 Change-Id: Ia4cba34a7c0dcce4d2eddec8aae17f32b51c207f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Josh Bleecher Snyder	add6dc8ccc	ipn/ipnlocal: make TestShrinkDefaultRoute hermetic Make shrinkDefaultRoute a pure function. Instead of calling interfaceRoutes, accept that information as parameters. Hard-code those parameters in TestShrinkDefaultRoute. Fixes #3580 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	2 years ago
Brad Fitzpatrick	8f43ddf1a2	ipn/ipnlocal, health: populate self node's Online bit in tailscale status One option was to just hide "offline" in the text output, but that doesn't fix the JSON output. The next option was to lie and say it's online in the JSON (which then fixes the "offline" in the text output). But instead, this sets the self node's "Online" to whether we're in an active map poll. Fixes #3564 Change-Id: I9b379989bd14655198959e37eec39bb570fb814a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Josh Bleecher Snyder	93ae11105d	ipn/ipnlocal: clear magicsock's netmap on logout magicsock was hanging onto its netmap on logout, which caused tailscale status to display partial information about a bunch of zombie peers. After logout, there should be no peers. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	2 years ago
Brad Fitzpatrick	cced414c7d	net/dns/resolver: add Windows ExitDNS service support, using net package Updates #1713 Updates #835 Change-Id: Ia71e96d0632c2d617b401695ad68301b07c1c2ec Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	7b9c7bc42b	ipn/ipnstate: remove old deprecated TailAddr IPv4-only field It's been a bunch of releases now since the TailscaleIPs slice replacement was added. Change-Id: I3bd80e1466b3d9e4a4ac5bedba8b4d3d3e430a03 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	878a20df29	net/dns: add GetBaseConfig to CallbackRouter. Allow users of CallbackRouter to supply a GetBaseConfig implementation. This is expected to be used on Android, which currently lacks both a) platform support for Split-DNS and b) a way to retrieve the current DNS servers. iOS/macOS also use the CallbackRouter but have platform support for SplitDNS, so don't need getBaseConfig. Updates https://github.com/tailscale/tailscale/issues/2116 Updates https://github.com/tailscale/tailscale/issues/988 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Brad Fitzpatrick	c0701b130d	ipn/ipnstate, cmd/tailscale: add Online bool to tailscale status & --json Fixes #3533 Change-Id: I2f6f0d712cf3f987fba1c15be74cdb5c8d565f04 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Todd Neal	c18dc57861	ipn/{ipnserver,ipnlocal}: support incoming Taildrop on TrueNAS Signed-off-by: Todd Neal <todd@tneal.org>	3 years ago
Brad Fitzpatrick	abc00e9c8d	ipn/{ipnserver,ipnlocal}: support incoming Taildrop on Synology If the user has a "Taildrop" shared folder on startup and the "tailscale" system user has read/write access to it, then the user can "tailscale file cp" to their NAS. Updates #2179 (would be fixes, but not super ideal/easy yet) Change-Id: I68e59a99064b302abeb6d8cc84f7d2a09f764990 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	9c5c9d0a50	ipn/ipnlocal, net/tsdial: make SOCKS/HTTP dials use ExitDNS And simplify, unexport some tsdial/netstack stuff in the the process. Fixes #3475 Change-Id: I186a5a5cbd8958e25c075b4676f7f6e70f3ff76e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	adc5997592	net/tsdial: give netstack a Dialer, start refactoring name resolution This starts to refactor tsdial.Dialer's name resolution to have different stages: in-memory MagicDNS vs system resolution. A future change will plug in ExitDNS resolution. This also plumbs a Dialer into netstack and unexports the dnsMap internals. And it removes some of the async AddNetworkMapCallback usage and replaces it with synchronous updates of the Dialer's netmap from LocalBackend, since the LocalBackend has the Dialer too. Updates #3475 Change-Id: Idcb7b1169878c74f0522f5151031ccbc49fe4cb4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	43983a4a3b	ipn/ipnlocal: run peerapi even if Taildrop storage not configured Change-Id: I77f9ecbe4617d01d13aa1127fa59c83f2aa3e1b8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	44d0c1ab06	ipn/ipnlocal: resolve exit node IP to ID at EditPrefs time. Without this, enabling an exit node immediately blackholes all traffic, but doesn't correctly let it flow to the exit node until the next netmap update. Fixes #3447 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	ad3d6e31f0	net/tsdial: move macOS/iOS peerapi sockopt logic from LocalBackend Change-Id: I812cae027c40c70cdc701427b1a1850cd9bcd60c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	c7fb26acdb	net/tsdial: also plumb TUN name and monitor into tsdial.Dialer In prep for moving stuff out of LocalBackend. Change-Id: I9725aa9c3ebc7275f8c40e040b326483c0340127 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	c37af58ea4	net/tsdial: move more weirdo dialing into new tsdial package, plumb Not done yet, but this move more of the outbound dial special casing from random packages into tsdial, which aspires to be the one unified place for all outbound dialing shenanigans. Then this plumbs it all around, so everybody is ultimately holding on to the same dialer. As of this commit, macOS/iOS using an exit node should be able to reach to the exit node's DoH DNS proxy over peerapi, doing the sockopt to stay within the Network Extension. A number of steps remain, including but limited to: * move a bunch more random dialing stuff * make netstack-mode tailscaled be able to use exit node's DNS proxy, teaching tsdial's resolver to use it when an exit node is in use. Updates #1713 Change-Id: I1e8ee378f125421c2b816f47bc2c6d913ddcd2f5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	3ae6f898cf	ipn/ipnlocal, net/dns/resolver: use exit node's DoH proxy when available Updates #1713 Change-Id: I3695a40ec12d2b4e6dac41cf4559daca6dddd68e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	2a95ee4680	cmd/tailscale, ipn/ipnstate: note which nodes are exit nodes in status Fixes #3446 Change-Id: Ib41d588e7fa434c02d134fa449f85b0e15083683 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	b811a316bc	tailcfg, ipn/ipnlocal: advertise a Service when exit node DNS proxy available Updates #1713 Change-Id: I20c8e2ad1062d82ef17363414e372133f4c7181e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	135580a5a8	tailcfg, ipn/ipnlocal, net/dns: forward exit node DNS on Unix to system DNS Updates #1713 Change-Id: I4c073fec0992d9e01a9a4ce97087d5af0efdc68d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	c2efe46f72	ipn/ipnlocal: restrict exit node DoH server based on ACL'ed packet filter Don't be a DoH DNS server to peers unless the Tailnet admin has permitted that peer autogroup:internet access. Updates #1713 Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	097602b3ca	ipn/ipnlocal: warn more precisely about IP forwarding issues on linux. If IP forwarding is disabled globally, but enabled per-interface on all interfaces, don't complain. If only some interfaces have forwarding enabled, warn that some subnet routing/exit node traffic may not work. Fixes #1586 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	33c541ae30	ipn/ipnlocal: populate self status from netmap in ipnlocal, not magicsock. Fixes #1933 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Josh Bleecher Snyder	955aa188b3	ipn/ipnlocal: fix logging We were missing an argument here. Also, switch to %q, in case anything weird is happening with these strings. Updates tailscale/corp#461 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	283ae702c1	ipn/ipnlocal: start adding DoH DNS server to peerapi when exit node Updates #1713 Change-Id: I8d9c488f779e7acc811a9bc18166a2726198a429 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	d6dde5a1ac	ipn/ipnlocal: handle key extensions after key has already expired Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	337757a819	ipn/ipnlocal, control/controlclient: don't propagate all map errors to UI Fixes regression from `81cabf48ec` which made all map errors be sent to the frontend UI. Fixes #3230 Change-Id: I7f142c801c7d15e268a24ddf901c3e6348b6729c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	0532eb30db	all: replace tailcfg.DiscoKey with key.DiscoPublic. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	649f7556e8	cmd/tailscaled, ipn: add tailscaled --statedir flag for var directory Fixes #2932 Change-Id: I1aa2b323ad542386d140f8336bcc4dcbb8310bd0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	3fd5f4380f	util/multierr: new package github.com/go-multierror/multierror served us well. But we need a few feature from it (implement Is), and it's not worth maintaining a fork of such a small module. Instead, I did a clean room implementation inspired by its API. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
David Anderson	7e6a1ef4f1	tailcfg: use key.NodePublic in wire protocol types. Updates #3206. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	7e8d5ed6f3	ipn: use key.NodePublic instead of tailcfg.NodeKey Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	c17250cee2	ipn/ipnstate: use key.NodePublic instead of tailcfg.NodeKey. Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	418adae379	various: use NodePublic.AsNodeKey() instead of tailcfg.NodeKeyFromNodePublic() Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Brad Fitzpatrick	429632d32c	ipn/ipnlocal: treat js/wasm interative logins as ephemeral for now At least until js/wasm starts using browser LocalStorage or something. But for the foreseeable future, any login from a browser should be considered ephemeral as the tab can close at any time and lose the wireguard key, never to be seen again. Updates #3157 Change-Id: I6c410d86dc7f9f233c3edd623313d9dee2085aac Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	c1d009b9e9	ipn/ipnstate: use key.NodePublic instead of the generic key.Public. Updates #3206. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	0c546a28ba	types/persist: use new node key type. Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Maisem Ali	81cabf48ec	control/controlclient,tailcfg: propagate registration errors to the frontend Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago

1 2 3 4 5

226 Commits (53998e26a6ce13de0f2a4b8b747206823f217e86)