tailscale

Commit Graph

Author	SHA1	Message	Date
James Tucker	5c38f0979e	tsweb/promvarz: fix repeated expvar definition in test expvar can only be defined once, so running tests with a repeat counter will fail if the variables are defined inside of the test function. Observed failure: ``` --- FAIL: TestHandler (0.00s) panic: Reuse of exported var name: gauge_promvarz_test_expvar [recovered] panic: Reuse of exported var name: gauge_promvarz_test_expvar goroutine 9 [running]: testing.tRunner.func1.2({0x100f267e0, 0x1400026e770}) /usr/local/go/src/testing/testing.go:1526 +0x1c8 testing.tRunner.func1() /usr/local/go/src/testing/testing.go:1529 +0x364 panic({0x100f267e0, 0x1400026e770}) /usr/local/go/src/runtime/panic.go:884 +0x1f4 log.Panicln({0x140000b8e20?, 0x1a?, 0x1400026e750?}) /usr/local/go/src/log/log.go:398 +0x60 expvar.Publish({0x100e2b21d, 0x1a}, {0x100fd7a08?, 0x140000232c0}) /usr/local/go/src/expvar/expvar.go:284 +0xc0 expvar.NewInt(...) /usr/local/go/src/expvar/expvar.go:304 tailscale.com/tsweb/promvarz.TestHandler(0x14000082b60) /Users/charlotte/ts-src/tailscale/tsweb/promvarz/promvarz_test.go:18 +0x5c testing.tRunner(0x14000082b60, 0x100fd5858) /usr/local/go/src/testing/testing.go:1576 +0x104 created by testing.(*T).Run /usr/local/go/src/testing/testing.go:1629 +0x370 FAIL tailscale.com/tsweb/promvarz 0.149s ``` Fixes #8065 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	024d48d9c1	tailcfg: bump capability version This change bumps the capability version to 62, after support for sending SSHEventNotificationRequests to control via noise for failure events was introduced. Updates tailscale/corp#9967 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	29ded8f9f9	ssh/tailssh,tailcfg: add connID to ssheventnotifyrequest and castheader This change adds a ConnectionID field to both SSHEventNotifyRequest and CastHeader that identifies the ID of a connection to the SSH server. Updates tailscale/corp#9967 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	68307c1411	ssh/tailssh: send ssh event notifications on recording failures This change sends an SSHEventNotificationRequest over noise when a SSH session is set to fail closed and the session is unable to start because a recorder is not available or a session is terminated because connection to the recorder is ended. Each of these scenarios have their own event type. Updates tailscale/corp#9967 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	2804327074	tailcfg: update rename SSHFailureNotifyRequest and add EventType This change renames SSHFailureNotifyRequest to SSHEventNotifyRequest to better reflect the additional events we could add in the future. This change also adds an EventType used to catagories the events. Updates tailscale/corp#9967 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	8d3d48e000	ipn/ipnlocal: add NodeKey func to return the public node NodeKey This change introduces a NodeKey func on localbackend that returns the public node key. Updates tailscale/corp#9967 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Brad Fitzpatrick	8864112a0c	ipn/ipnlocal: bound how long cert fetchher checks for existing DNS records It was supposed to be best effort but in some cases (macsys at least, per @marwan-at-work) it hangs and exhausts the whole context.Context deadline so we fail to make the SetDNS call to the server. Updates #8067 Updates #3273 etc Change-Id: Ie1f04abe9689951484748aecdeae312afbafdb0f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
James Tucker	9ed3a061c3	net/netns: fix segv when no tailscale interface is found `interfaces.Tailscale()` returns all zero values when it finds no Tailscale interface and encounters no errors. The netns package was treating no error as a signal that it would receive a non-zero pointer value leading to nil pointer dereference. Observed in: ``` --- FAIL: TestGetInterfaceIndex (0.00s) --- FAIL: TestGetInterfaceIndex/IP_and_port (0.00s) panic: runtime error: invalid memory address or nil pointer dereference [recovered] panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x1029eb7d8] goroutine 7 [running]: testing.tRunner.func1.2({0x102a691e0, 0x102bc05c0}) /Users/raggi/.cache/tailscale-go/src/testing/testing.go:1526 +0x1c8 testing.tRunner.func1() /Users/raggi/.cache/tailscale-go/src/testing/testing.go:1529 +0x384 panic({0x102a691e0, 0x102bc05c0}) /Users/raggi/.cache/tailscale-go/src/runtime/panic.go:884 +0x204 tailscale.com/net/netns.getInterfaceIndex(0x14000073f28, 0x1028d0284?, {0x1029ef3b7, 0xa}) /Users/raggi/src/github.com/tailscale/tailscale/net/netns/netns_darwin.go:114 +0x228 tailscale.com/net/netns.TestGetInterfaceIndex.func2(0x14000138000) /Users/raggi/src/github.com/tailscale/tailscale/net/netns/netns_darwin_test.go:37 +0x54 testing.tRunner(0x14000138000, 0x140000551b0) /Users/raggi/.cache/tailscale-go/src/testing/testing.go:1576 +0x10c created by testing.(*T).Run /Users/raggi/.cache/tailscale-go/src/testing/testing.go:1629 +0x368 FAIL tailscale.com/net/netns 0.824s ``` Fixes #8064 Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
Brad Fitzpatrick	6e967446e4	tsd: add package with System type to unify subsystem init, discovery This is part of an effort to clean up tailscaled initialization between tailscaled, tailscaled Windows service, tsnet, and the mac GUI. Updates #8036 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Derek Kaser	0d7303b798	various: add detection and Taildrop for Unraid Updates tailscale/tailscale#8025 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	1 year ago
Flakes Updater	d1ce7a9b5e	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	1 year ago
James Tucker	5def4f4a1c	go.mod: bump goreleaser deps Periodic update for start of cycle. goreleaser is not updated to v2 yet, but indirects updated. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Flakes Updater	1c6ff310ae	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	1 year ago
James Tucker	48605226dd	go.mod: bump gvisor Periodic update for start of cycle. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Maisem Ali	f46c1aede0	go.mod: bump k8s libs The key is to update sigs.k8s.io/controller-runtime and let it update others. Updates #8043 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	73d128238e	envknob: support tailscaled-env.txt on macOS too Updates #3707 Co-authored-by: Marwan Sulaiman <marwan@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Anton Tolchanov	787fc41fa4	scripts/installer.sh: check connectivity with pkgs.tailscale.com Installer script relies on pkgs.tailscale.com being reachable, both for checking what Linux distros are supported, but also for actually downloading repo configuration files, gpg keys and packages themselves. This change adds a simple reachability check which will print an error message when pkgs.tailscale.com is not reachable. Fixes https://github.com/tailscale/corp/issues/8952 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Flakes Updater	5783adcc6f	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	1 year ago
License Updater	503b6dd8be	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Brad Fitzpatrick	9e9ea6e974	go.mod: bump all deps possible that don't break the build This holds back gvisor, kubernetes, goreleaser, and esbuild, which all had breaking API changes. Updates #8043 Updates #7381 Updates #8042 (updates u-root which adds deps) Change-Id: I889759bea057cd3963037d41f608c99eb7466a5b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
M. J. Fromberger	459744c9ea	.github: mark bots for exemption by issuebot (#8041 ) #cleanup Change-Id: I13757ee20240166af72606d166e840ae3ee797d7 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	1 year ago
License Updater	7675d323fa	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	1 year ago
dependabot[bot]	270942094f	build(deps): bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.24+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.24) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
Maisem Ali	be190e990f	ssh/tailssh: restore support for recording locally We removed it earlier in `916aa782af`, but we still want to support it for some time longer. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	4d7927047c	wgengine/magicsock: annotate, skip flaky TestIsWireGuardOnlyPickEndpointByPing Updates #8037 Updates #7826 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	ddb4040aa0	wgengine/magicsock: add address selection for wireguard only endpoints (#7979 ) This change introduces address selection for wireguard only endpoints. If a endpoint has not been used before, an address is randomly selected to be used based on information we know about, such as if they are able to use IPv4 or IPv6. When an address is initially selected, we also initiate a new ICMP ping to the endpoints addresses to determine which endpoint offers the best latency. This information is then used to update which endpoint we should be using based on the best possible route. If the latency is the same for a IPv4 and an IPv6 address, IPv6 will be used. Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Brad Fitzpatrick	c1e6888fc7	derp: add a README.md with some docs Updates #docs Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	3ae7140690	net/tstun: handle exit nodes in NAT configs In the case where the exit node requires SNAT, we would SNAT all traffic not just the traffic meant to go through the exit node. This was a result of the default route being added to the routing table which would match basically everything. In this case, we need to account for all peers in the routing table not just the ones that require NAT. Fix and add a test. Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Andrew Dunham	bcf7b63d7e	wgengine/magicsock: add hysteresis to endpoint selection Avoid selecting an endpoint as "better" than the current endpoint if the total latency improvement is less than 1%. This adds some hysteresis to avoid flapping between endpoints for a minimal improvement in latency. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: If8312e1768ea65c4b4d4e13d8de284b3825d7a73	1 year ago
Tom DNetto	c5bf868940	ssh/tailssh: improve debug logging around revoked sessions Updates https://github.com/tailscale/corp/issues/10943 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Andrew Dunham	42fd964090	control/controlclient: use dnscache.Resolver for Noise client This passes the *dnscache.Resolver down from the Direct client into the Noise client and from there into the controlhttp client. This retains the Resolver so that it can share state across calls instead of creating a new resolver. Updates #4845 Updates #6110 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ia5d6af1870f3b5b5d7dd5685d775dcf300aec7af	1 year ago
License Updater	979d29b5f5	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Anton Tolchanov	1f4a34588b	.github: test installer script in CI in docker Every time we change `installer.sh`, run it in a few docker containers based on different Linux distros, just as a simple test. Also includes a few changes to the installer script itself to make installation work in docker: - install dnf config-manager command before running it - run zypper in non-interactive mode - update pacman indexes before installing packages Updates https://github.com/tailscale/corp/issues/8952 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Denton Gentry	a82f275619	cmd/sniproxy: Set App name in tsnet hostinfo Updates #1748 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
James Tucker	b3c3a9f174	syncs: add Map.Len to get the length of the Map I need this for a corp change where I have a set as a queue, and make a different decisison if the set is empty. Updates tailscale/corp#10344 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
ayanamist	042f82ea32	build_dist.sh: make cross-compilation friendly for env CC specified Signed-off-by: ayanamist <ayanamist@gmail.com>	1 year ago
dependabot[bot]	633d08bd7b	.github: Bump actions/setup-go from 3 to 4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
James Tucker	d35ce1add9	syncs: add documentation to Map.Range Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	c3ab36cb9d	words: charlotte 1 spell-checking-linter 0 (#7993 ) Can't have a dupe when the dupe is wrong. Clearly we need to up our spell checking game. Did anyone say AI? Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
James Tucker	8032b966a1	.github/workflows: add recency bias to action cache keys The action cache restore process either matches the restore key pattern exactly, or uses a matching prefix with the most recent date. If the restore key is an exact match, then no updates are uploaded, but if we've just computed tests executions for more recent code then we will likely want to use those results in future runs. Appending run_id to the cache key will give us an always new key, and then we will be restore a recently uploaded cache that is more likely has a higher overlap with the code being tested. Updates #7975 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Kyle Carberry	d78b334964	cmd/derper: disable http2 DERP doesn't support HTTP/2. If an HTTP/2 proxy was placed in front of a DERP server requests would fail because the connection would be initialized with HTTP/2, which the DERP client doesn't support. Signed-off-by: Kyle Carberry <kyle@carberry.com>	1 year ago
Charlotte Brandhorst-Satzkorn	161d1d281a	net/ping,netcheck: add v6 pinging capabilities to pinger (#7971 ) This change adds a v6conn to the pinger to enable sending pings to v6 addrs. Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Denton Gentry	1145b9751d	VERSION.txt: this is v1.41.0 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Brad Fitzpatrick	1e876a3c1d	ipn/ipnlocal: fix fmt format arg type mismatch in log line It was printing like "v0xxxxxxxx" after version.Long became a func in `8b2ae47c31`. Fixes #7976 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	a8f10c23b2	cmd/tailscale/cli: [up] reuse --advertise-tags for OAuth key generation We need to always specify tags when creating an AuthKey from an OAuth key. Check for that, and reuse the `--advertise-tags` param. Updates #7982 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	b2b5379348	cmd/tailscale/cli: [up] change oauth authkey format Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	13de36303d	cmd/tailscale/cli: [up] add experimental oauth2 authkey support Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
James Tucker	095d3edd33	ipn/ipnlocal: reenable profile tests on Windows This fix does not seem ideal, but the test infrastructure using a local goos doesn't seem to avoid all of the associated challenges, but is somewhat deeply tied to the setup. The core issue this addresses for now is that when run on Windows there can be no code paths that attempt to use an invalid UID string, which on Windows is described in [1]. For the goos="linux" tests, we now explicitly skip the affected migration code if runtime.GOOS=="windows", and for the Windows test we explicitly use the running users uid, rather than just the string "user1". We also now make the case where a profile exists and has already been migrated a non-error condition toward the outer API. Updates #7876 [1] https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
James Tucker	43819309e1	.github/workflows: split tests and benchmarks for caching Benchmark flags prevent test caching, so benchmarks are now executed independently of tests. Fixes #7975 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Maisem Ali	1b8a0dfe5e	ssh/tailssh: also handle recording upload failure during writes Previously we would error out when the recording server disappeared after the in memory buffer filled up for the io.Copy. This makes it so that we handle failing open correctly in that path. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago

1 2 3 4 5 ...

5716 Commits (5c38f0979e5f6c599d665b4c0b53e0d09799e81b) All Branches Search

5716 Commits (5c38f0979e5f6c599d665b4c0b53e0d09799e81b)

All Branches