tailscale

Commit Graph

Author	SHA1	Message	Date
Irbe Krumina	97a44d6453	go.{mod,sum},cmd/{k8s-operator,derper,stund}/depaware.txt: bump kube deps (#14601 ) Updates kube deps and mkctr, regenerates kube yamls with the updated tooling. Updates#cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	11 months ago
Brad Fitzpatrick	414a01126a	go.mod: bump mdlayher/netlink and u-root/uio to use Go 1.21 NativeEndian This finishes the work started in #14616. Updates #8632 Change-Id: I4dc07d45b1e00c3db32217c03b21b8b1ec19e782 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	a841f9d87b	go.mod: bump some deps Most of these are effectively no-ops, but appease security scanners. At least one (x/net for x/net/html) only affect builds from the open source repo, since we already had it updated in our "corp" repo: golang.org/x/net v0.33.1-0.20241230221519-e9d95ba163f7 ... and that's where we do the official releases from. e.g. tailscale.io % go install tailscale.com/cmd/tailscaled tailscale.io % go version -m ~/go/bin/tailscaled \| grep x/net dep golang.org/x/net v0.33.1-0.20241230221519-e9d95ba163f7 h1:raAbYgZplPuXQ6s7jPklBFBmmLh6LjnFaJdp3xR2ljY= tailscale.io % cd ../tailscale.com tailscale.com % go install tailscale.com/cmd/tailscaled tailscale.com % go version -m ~/go/bin/tailscaled \| grep x/net dep golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= Updates #8043 Updates #14599 Change-Id: I6e238cef62ca22444145a5313554aab8709b33c9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Andrew Lytvynov	d8579a48b9	go.mod: bump go-git to v5.13.1 (#14584 ) govulncheck flagged a couple fresh vulns in that package: * https://pkg.go.dev/vuln/GO-2025-3367 * https://pkg.go.dev/vuln/GO-2025-3368 I don't believe these affect us, as we only do any git stuff from release tooling which is all internal and with hardcoded repo URLs. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Brad Fitzpatrick	220dc56f01	go.mod: bump tailscale/wireguard-go for Solaris/Illumos Updates #14565 Change-Id: Ifb88ab2ee1997c00c3d4316be04f6f4cc71b2cd3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	cc4aa435ef	go.mod: bump github.com/tailscale/peercred for Solaris This pulls in Solaris/Illumos-specific: https://github.com/tailscale/peercred/pull/10 https://go-review.googlesource.com/c/sys/+/639755 Updates tailscale/peercred#10 (from @nshalman) Change-Id: I8211035fdcf84417009da352927149d68905c0f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Joe Tsai	ad8d8e37de	go.mod: update github.com/go-json-experiment/json (#14522 ) Updates tailscale/corp#11038 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	11 months ago
James Tucker	b37a478cac	go.mod: bump x/net and dependencies Pulling in upstream fix for #14201. Updates #14201 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Brad Fitzpatrick	f1e1048977	go.mod: bump tailscale/wireguard-go Updates #11899 Change-Id: Ibd75134a20798c84c7174ba3af639cf22836c7d7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Irbe Krumina	e38522c081	go.{mod,sum},build_docker.sh: bump mkctr, add ability to set OCI annotations for images (#14065 ) Updates tailscale/tailscale#12914 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Andrew Dunham	7ec8bdf8b1	go.mod: upgrade golangci-lint To pull in the fix for mgechev/revive#863 - seen in the GitHub Actions check below: https://github.com/tailscale/tailscale/actions/runs/11057524933/job/30721507353?pr=13600 Updates #13602 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ia04adc5d74bdbde14204645ca948794447b16776	1 year ago
Brad Fitzpatrick	71ff3d7c39	go.mod: bump github.com/illarion/gonotify/v2 Updates #13359 Change-Id: I28e048bf9d1d114d07d140f165f4ea89a82be79f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Jordan Whited	7aa766ee65	net/tstun: probe TCP GRO (#13376 ) Disable TCP & UDP GRO if the probe fails. torvalds/linux@e269d79c7d broke virtio_net TCP & UDP GRO causing GRO writes to return EINVAL. The bug was then resolved later in torvalds/linux@89add40066. The offending commit was pulled into various LTS releases. Updates #13041 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Will Norris	3c66ee3f57	cmd/systray: add a basic linux systray app This adds a systray app for linux, similar to the apps for macOS and windows. There are already a number of community-developed systray apps, but most of them are either long abandoned, are built for a specific desktop environment, or simply wrap the tailscale CLI. This uses fyne.io/systray (a fork of github.com/getlantern/systray) which uses newer D-Bus specifications to render the tray icon and menu. This results in a pretty broad support for modern desktop environments. This initial commit lacks a number of features like profile switching, device listing, and exit node selection. This is really focused on the application structure, the interaction with LocalAPI, and some system integration pieces like the app icon, notifications, and the clipboard. Updates #1708 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Percy Wegmann	743d296073	update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink Fixes #12298 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 year ago
Percy Wegmann	d00d6d6dc2	go.mod: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink After the upstream PR is merged, we can point directly at github.com/vishvananda/netlink and retire github.com/tailscale/netlink. See https://github.com/vishvananda/netlink/pull/1006 Updates #12298 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 year ago
Ilarion Kovalchuk	0cb7eb9b75	net/dns: updated gonotify dependency to v2 that supports closable context Signed-off-by: Ilarion Kovalchuk <illarion.kovalchuk@gmail.com>	1 year ago
Brad Fitzpatrick	696711cc17	all: switch to and require Go 1.23 Updates #12912 Change-Id: Ib4ae26eb5fb68ad2216cab4913811b94f7eed5b6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Kyle Carberry	6c852fa817	go.{mod,sum}: migrate from nhooyr.io/websocket to github.com/coder/websocket Coder has just adopted nhooyr/websocket which unfortunately changes the import path. `github.com/coder/coder` imports `tailscale.com/net/wsconn` which was still pointing to `nhooyr.io/websocket`, but this change updates it. See https://coder.com/blog/websocket Updates #13154 Change-Id: I3dec6512472b14eae337ae22c5bcc1e3758888d5 Signed-off-by: Kyle Carberry <kyle@carberry.com>	1 year ago
Aaron Bieber	c987cf1255	go.mod: pull in latest github.com/creack/pty This latest version allows for building on various OpenBSD architectures. (such as openbsd/riscv64) Updates #8043 Change-Id: Ie9a8738e6aa96335214d5750e090db35e526a4a4 Signed-off-by: Aaron Bieber <aaron@bolddaemon.com>	1 year ago
Brad Fitzpatrick	1ed958fe23	tstest/natlab/vnet: add start of virtual network-based NAT Lab Updates #13038 Change-Id: I3c74120d73149c1329288621f6474bbbcaa7e1a6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Jordan Whited	f0230ce0b5	go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GRO for Linux (#12921 ) This commit implements TCP GRO for packets being written to gVisor on Linux. Windows support will follow later. The wireguard-go dependency is updated in order to make use of newly exported IP checksum functions. gVisor is updated in order to make use of newly exported stack.PacketBuffer GRO logic. TCP throughput towards gVisor, i.e. TUN write direction, is dramatically improved as a result of this commit. Benchmarks show substantial improvement, sometimes as high as 2x. High bandwidth-delay product paths remain receive window limited, bottlenecked by gVisor's default TCP receive socket buffer size. This will be addressed in a follow-on commit. The iperf3 results below demonstrate the effect of this commit between two Linux computers with i5-12400 CPUs. There is roughly ~13us of round trip latency between them. The first result is from commit `57856fc` without TCP GRO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 4.77 GBytes 4.10 Gbits/sec 20 sender [ 5] 0.00-10.00 sec 4.77 GBytes 4.10 Gbits/sec receiver The second result is from this commit with TCP GRO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 10.6 GBytes 9.14 Gbits/sec 20 sender [ 5] 0.00-10.00 sec 10.6 GBytes 9.14 Gbits/sec receiver Updates #6816 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Jordan Whited	7bc2ddaedc	go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GSO for Linux (#12869 ) This commit implements TCP GSO for packets being read from gVisor on Linux. Windows support will follow later. The wireguard-go dependency is updated in order to make use of newly exported GSO logic from its tun package. A new gVisor stack.LinkEndpoint implementation has been established (linkEndpoint) that is loosely modeled after its predecessor (channel.Endpoint). This new implementation supports GSO of monster TCP segments up to 64K in size, whereas channel.Endpoint only supports up to 32K. linkEndpoint will also be required for GRO, which will be implemented in a follow-on commit. TCP throughput from gVisor, i.e. TUN read direction, is dramatically improved as a result of this commit. Benchmarks show substantial improvement through a wide range of RTT and loss conditions, sometimes as high as 5x. The iperf3 results below demonstrate the effect of this commit between two Linux computers with i5-12400 CPUs. There is roughly ~13us of round trip latency between them. The first result is from commit `57856fc` without TCP GSO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 2.51 GBytes 2.15 Gbits/sec 154 sender [ 5] 0.00-10.00 sec 2.49 GBytes 2.14 Gbits/sec receiver The second result is from this commit with TCP GSO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 12.6 GBytes 10.8 Gbits/sec 6 sender [ 5] 0.00-10.00 sec 12.6 GBytes 10.8 Gbits/sec receiver Updates #6816 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
dependabot[bot]	1b64961320	build(deps): bump github.com/docker/docker (#12966 ) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.5+incompatible to 26.1.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v25.0.5...v26.1.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
Percy Wegmann	3088c6105e	go.mod: pull in latest github.com/tailscale/xnet This picks up https://github.com/tailscale/xnet/pull/1 so that clients can move files even when holding only a lock for the source file. Updates #12941 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 year ago
Irbe Krumina	c5623e0471	go.{mod,sum},tstest/tools,k8s-operator,cmd/k8s-operator: autogenerate CRD API docs (#12884 ) Re-instates the functionality that generates CRD API docs, but using a different library as the one we were using earlier seemed to have some issues with its Git history. Also regenerates the docs (make kube-generate-all). Updates tailscale/tailscale#12859 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Irbe Krumina	0f57b9340b	cmd/k8s-operator,tstest,go.{mod,sum}: remove fybrik.io/crdoc dependency (#12862 ) Remove fybrik.io/crdoc dependency as it is causing issues for folks attempting to vendor tailscale using GOPROXY=direct. This means that the CRD API docs in ./k8s-operator/api.md will no longer be generated- I am going to look at replacing it with another tool in a follow-up. Updates tailscale/tailscale#12859 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Brad Fitzpatrick	c6af5bbfe8	all: add test for package comments, fix, add comments as needed Updates #cleanup Change-Id: Ic4304e909d2131a95a38b26911f49e7b1729aaef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	2238ca8a05	go.mod: bump bart Updates #bart Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	c4b20c5411	go.mod: bump github.com/tailscale/wireguard-go Updates tailscale/corp#20732 Change-Id: Ic0272fe9a226afef4e23dfca5da8cd1d550c1cd6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Tom Proctor	d15250aae9	go.{mod,sum}: bump mkctr (#12654 ) go get github.com/tailscale/mkctr@main Pulls in changes to support a local target that only pushes a single-platform image to the machine's local image store. Fixes tailscale/mkctr#18 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	1 year ago
Jordan Whited	0bb82561ba	go.mod: update wireguard-go (#12645 ) This pulls in device.WaitPool fixes from tailscale/wireguard-go@1e08883 and tailscale/wireguard-go@cfa4567. Updates tailscale/corp#21095 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
dependabot[bot]	94defc4056	build(deps): bump golang.org/x/image from 0.15.0 to 0.18.0 Bumps [golang.org/x/image](https://github.com/golang/image) from 0.15.0 to 0.18.0. - [Commits](https://github.com/golang/image/compare/v0.15.0...v0.18.0) --- updated-dependencies: - dependency-name: golang.org/x/image dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
Jordan Whited	94415e8029	cmd/stunstamp: remove sqlite DB and API (#12604 ) stunstamp now sends data to Prometheus via remote write, and Prometheus can serve the same data. Retaining and cleaning up old data in sqlite leads to long probing pauses, and it's not worth investing more effort to optimize the schema and/or concurrency model. Updates tailscale/corp#20344 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Tom Proctor	3099323976	cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (#12463 ) Adds a new TailscaleProxyReady condition type for use in corev1.Service conditions. Also switch our CRDs to use metav1.Condition instead of ConnectorCondition. The Go structs are seralized identically, but it updates some descriptions and validation rules. Update k8s controller-tools and controller-runtime deps to fix the documentation generation for metav1.Condition so that it excludes comments and TODOs. Stop expecting the fake client to populate TypeMeta in tests. See kubernetes-sigs/controller-runtime#2633 for details of the change. Finally, make some minor improvements to validation for service hostnames. Fixes #12216 Co-authored-by: Irbe Krumina <irbe@tailscale.com> Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	1 year ago
Jordan Whited	65888d95c9	derp/xdp,cmd/xdpderper: initial skeleton (#12390 ) This commit introduces a userspace program for managing an experimental eBPF XDP STUN server program. derp/xdp contains the eBPF pseudo-C along with a Go pkg for loading it and exporting its metrics. cmd/xdpderper is a package main user of derp/xdp. Updates tailscale/corp#20689 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Irbe Krumina	3a6d3f1a5b	cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable (#11928 ) cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable Allow to configure images and image pull policies for individual proxies via ProxyClass.Spec.StatefulSet.Pod.{TailscaleContainer,TailscaleInitContainer}.Image, and ProxyClass.Spec.StatefulSet.Pod.{TailscaleContainer,TailscaleInitContainer}.ImagePullPolicy fields. Document that we have images in ghcr.io on the relevant Helm chart fields. Updates tailscale/tailscale#11675 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Andrew Lytvynov	347e3f3d9a	go.mod,ipn/ipnlocal: update the ACME fork (#12343 ) Update our fork of golang.org/x/crypto to pick up a fix for ACME ARI: `3fde5e568a` Fixes #12278 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Jordan Whited	d21c00205d	cmd/stunstamp: implement service to measure DERP STUN RTT (#12241 ) stunstamp timestamping includes userspace and SO_TIMESTAMPING kernel timestamping where available. Measurements are written locally to a sqlite DB, exposed over an HTTP API, and written to prometheus via remote-write protocol. Updates tailscale/corp#20344 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Percy Wegmann	08a9551a73	ssh/tailssh: fall back to using su when no TTY available on Linux This allows pam authentication to run for ssh sessions, triggering automation like pam_mkhomedir. Updates #11854 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Andrea Gottardo	e5f67f90a2	xcode: allow ICMP ping relay on macOS + iOS platforms (#12048 ) Fixes tailscale/tailscale#10393 Fixes tailscale/corp#15412 Fixes tailscale/corp#19808 On Apple platforms, exit nodes and subnet routers have been unable to relay pings from Tailscale devices to non-Tailscale devices due to sandbox restrictions imposed on our network extensions by Apple. The sandbox prevented the code in netstack.go from spawning the `ping` process which we were using. Replace that exec call with logic to send an ICMP echo request directly, which appears to work in userspace, and not trigger a sandbox violation in the syslog. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	2 years ago
Jordan Whited	a47ce618bd	net/tstun: implement env var for disabling UDP GRO on Linux (#11924 ) Certain device drivers (e.g. vxlan, geneve) do not properly handle coalesced UDP packets later in the stack, resulting in packet loss. Updates #11026 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Andrew Lytvynov	ce5c80d0fe	clientupdate: exec systemctl instead of using dbus to restart (#11923 ) Shell out to "systemctl", which lets us drop an extra dependency. Updates https://github.com/tailscale/corp/issues/18935 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Irbe Krumina	add62af7c6	util/linuxfw,go.{mod,sum}: don't log errors when deleting non-existant chains and rules (#11852 ) This PR bumps iptables to a newer version that has a function to detect 'NotExists' errors and uses that function to determine whether errors received on iptables rule and chain clean up are because the rule/chain does not exist- if so don't log the error. Updates corp#19336 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Andrew Lytvynov	e775de3c63	go.mod: bump golang.org/x/net (#11775 ) One more place to pick up a fix for https://pkg.go.dev/vuln/GO-2024-2687. Updates https://github.com/tailscale/corp/issues/18893 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
dependabot[bot]	449be38e03	build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#11410 ) * build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 Bumps google.golang.org/protobuf from 1.32.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * cmd/{derper,stund}: update depaware.txt Signed-off-by: Andrew Lytvynov <awly@tailscale.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Andrew Lytvynov <awly@tailscale.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Irbe Krumina	3ef7f895c8	go.{mod,sum}: bump nftables to the latest commit (#11772 ) Updates#deps Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Brad Fitzpatrick	a1abd12f35	cmd/tailscaled, net/tstun: build for aix/ppc64 At least in userspace-networking mode. Fixes #11361 Change-Id: I78d33f0f7e05fe9e9ee95b97c99b593f8fe498f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	0d8cd1645a	go.mod: bump github.com/gaissmai/bart To pick up https://github.com/gaissmai/bart/pull/17. Updates #deps Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Percy Wegmann	8b8b315258	net/tstun: use gaissmai/bart instead of tempfork/device This implementation uses less memory than tempfork/device, which helps avoid OOM conditions in the iOS VPN extension when switching to a Tailnet with ExitNode routing enabled. Updates tailscale/corp#18514 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Andrew Lytvynov	1e7050e73a	go.mod: bump github.com/docker/docker (#11515 ) There's a vulnerability https://pkg.go.dev/vuln/GO-2024-2659 that govulncheck flags, even though it's only reachable from tests and cmd/sync-containers and cannot be exploited there. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Dunham	62cf83eb92	go.mod: bump gvisor The `stack.PacketBufferPtr` type no longer exists; replace it with `*stack.PacketBuffer` instead. Updates #8043 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ib56ceff09166a042aa3d9b80f50b2aa2d34b3683	2 years ago
Irbe Krumina	45d27fafd6	cmd/k8s-operator,k8s-operator,go.{mod,sum},tstest/tools: add Tailscale Kubernetes operator API docs (#11246 ) Add logic to autogenerate CRD docs. .github/workflows/kubemanifests.yaml CI workflow will fail if the doc is out of date with regard to the current CRDs. Docs can be refreshed by running make kube-generate-all. Updates tailscale/tailscale#11023 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
OSS Updater	82c569a83a	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Percy Wegmann	50fb8b9123	tailfs: replace webdavfs with reverse proxies Instead of modeling remote WebDAV servers as actual webdav.FS instances, we now just proxy traffic to them. This not only simplifies the code, but it also allows WebDAV locking to work correctly by making sure locks are handled by the servers that need to (i.e. the ones actually serving the files). Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Brad Fitzpatrick	61a1644c2a	go.mod, all: move away from inet.af domain seized by Taliban Updates inetaf/tcpproxy#39 Change-Id: I7fee276b116bd08397347c6c949011d76a2842cf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Percy Wegmann	993acf4475	tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
OSS Updater	664b861cd4	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
James Tucker	7e3bcd297e	go.mod,wgengine/netstack: bump gvisor Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	457102d070	go.mod: bump most deps for start of cycle Plan9 CI is disabled. 3p dependencies do not build for the target. Contributor enthusiasm appears to have ceased again, and no usage has been made. Skipped gvisor, nfpm, and k8s. Updates #5794 Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
OSS Updater	d841ddcb13	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Andrew Lytvynov	4ec6a78551	go.mod: update golang-x-crypto fork (#10786 ) Pick up a bunch of recent upstream commits. Updates #8593 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
OSS Updater	e7d52eb2f8	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Irbe Krumina	e72f2b7791	go.{mod,sum}: bump mkctr (#10722 ) go get github.com/tailscale/mkctr@bf50773ba7349ced8de812c3d5437e8618bd4fa7 Updates tailscale/tailscale#9902 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Irbe Krumina	1a08ea5990	cmd/k8s-operator: operator can create subnetrouter (#9505 ) * k8s-operator,cmd/k8s-operator,Makefile,scripts,.github/workflows: add Connector kube CRD. Connector CRD allows users to configure the Tailscale Kubernetes operator to deploy a subnet router to expose cluster CIDRs or other CIDRs available from within the cluster to their tailnet. Also adds various CRD related machinery to generate CRD YAML, deep copy implementations etc. Engineers will now have to run 'make kube-generate-all` after changing kube files to ensure that all generated files are up to date. * cmd/k8s-operator,k8s-operator: reconcile Connector resources Reconcile Connector resources, create/delete subnetrouter resources in response to changes to Connector(s). Connector reconciler will not be started unless ENABLE_CONNECTOR env var is set to true. This means that users who don't want to use the alpha Connector custom resource don't have to install the Connector CRD to their cluster. For users who do want to use it the flow is: - install the CRD - install the operator (via Helm chart or using static manifests). For Helm users set .values.enableConnector to true, for static manifest users, set ENABLE_CONNECTOR to true in the static manifest. Updates tailscale/tailscale#502 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
OSS Updater	e78cb9aeb3	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	be19262cc5	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	afe138f18d	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	552b1ad094	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	501478dcdc	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	6389322619	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Adrian Dewhurst	2003d1139f	go.mod: update certstore Updates tailscale/coral#118 Change-Id: Ie535ab890f95d13d050b2acc7d4ad1e3f8316877 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
OSS Updater	f13255d54d	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Jordan Whited	e1d0d26686	go.mod: bump wireguard-go (#10352 ) This pulls in tailscale/wireguard-go@8cc8b8b and tailscale/wireguard-go@cc193a0, which improve throughput and latency under load. Updates tailscale/corp#11061 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Percy Wegmann	17501ea31a	ci: report test coverage to coveralls.io This records test coverage for the amd64 no race tests and uploads the results to coveralls.io. Updates #cleanup Signed-off-by: Ox Cart <ox.to.a.cart@gmail.com>	2 years ago
Irbe Krumina	66471710f8	cmd/k8s-operator: truncate long StatefulSet name prefixes (#10343 ) Kubernetes can generate StatefulSet names that are too long and result in invalid Pod revision hash label values. Calculate whether a StatefulSet name generated for a Service or Ingress will be too long and if so, truncate it. Updates tailscale/tailscale#10284 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
OSS Updater	fc8488fac0	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	3402998c1c	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
OSS Updater	146c4bacde	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Maisem Ali	7d4221c295	cmd/tsidp: add start of OIDC Tailscale IdP Updates #10263 Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Change-Id: I240bc9b5ecf2df6f92c45929d105fde66c06a860 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
OSS Updater	063657c65f	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	2 years ago
Tom DNetto	ce46d92ed2	go.{mod,sum}: update inet.af/tcpproxy to fix flaking test ``` [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.085s [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.030s ``` Fixes: #10056 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Will Norris	fc2d63bb8c	go.mod: updates web-client-prebuilt Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Will Norris	d530153d2f	go.mod: bump web-client-prebuilt Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Will Norris	cb07ed54c6	go.mod: update web-client-prebuilt Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
dependabot[bot]	535cb6c3f5	build(deps): bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2 years ago
Jordan Whited	bd488e4ff8	go.mod: update wireguard-go (#10046 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Jordan Whited	dd842d4d37	go.mod: update wireguard-go to enable TUN UDP GSO/GRO (#10029 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Aaron Klotz	95671b71a6	ipn, safesocket: use Windows token in LocalAPI On Windows, the idiomatic way to check access on a named pipe is for the server to impersonate the client on its current OS thread, perform access checks using the client's access token, and then revert the OS thread's access token back to its true self. The access token is a better representation of the client's rights than just a username/userid check, as it represents the client's effective rights at connection time, which might differ from their normal rights. This patch updates safesocket to do the aforementioned impersonation, extract the token handle, and then revert the impersonation. We retain the token handle for the remaining duration of the connection (the token continues to be valid even after we have reverted back to self). Since the token is a property of the connection, I changed ipnauth to wrap the concrete net.Conn to include the token. I then plumbed that change through ipnlocal, ipnserver, and localapi as necessary. I also added a PermitLocalAdmin flag to the localapi Handler which I intend to use for controlling access to a few new localapi endpoints intended for configuring auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Adrian Dewhurst	5347e6a292	control/controlclient: support certstore without cgo We no longer build Windows releases with cgo enabled, which automatically turned off certstore support. Rather than re-enabling cgo, we updated our fork of the certstore package to no longer require cgo. This updates the package, cleans up how the feature is configured, and removes the cgo build tag requirement. Fixes tailscale/corp#14797 Fixes tailscale/coral#118 Change-Id: Iaea34340761c0431d759370532c16a48c0913374 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Brad Fitzpatrick	7fd6cc3caa	go.mod: bump alexbrainman/sspi For https://github.com/alexbrainman/sspi/pull/13 Fixes #9131 (hopefully) Change-Id: I27bb00bbf5e03850f65f18c45f15c4441cc54b23 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6b1ed732df	go.mod: bump x/net to 0.17 for CVE-2023-39325 https://go.googlesource.com/net/+/b225e7ca6dde1ef5a5ae5ce922861bda011cfabd Updates tailscale/corp#15165 Change-Id: Ia8b5e16b1acfe1b2400d321034b41370396f70e2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Kristoffer Dalby	9eedf86563	posture: add get serial support for Windows/Linux This commit adds support for getting serial numbers from SMBIOS on Windows/Linux (and BSD) using go-smbios. Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2 years ago
James Tucker	41b05e6910	go.mod: bump wireguard-go Updates #9555 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	0c8c374a41	go.mod: bump all dependencies except go-billy go-billy is held back at v5.4.1 in order to avoid a newly introduced subdependency that is not compatible with plan9. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	84acf83019	go.mod,net/dnsfallback: bump go4.org/netipx Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	87bc831730	go.mod,cmd/tsconnect: bump esbuild Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	71f2c67c6b	go.mod: bump wingoes for cross-platform HRESULT definition Updates #9579 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Andrea Barisani	b5b4298325	go.mod,*: bump gvisor Updates #9253 Signed-off-by: Andrea Barisani <andrea@inversepath.com> Signed-off-by: James Tucker <james@tailscale.com>	2 years ago

1 2 3 4 5 ...

499 Commits (5ee0c6bf1df5a96f5f58198dcf9d3b241a8ccef1)