archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
5,477 Commits
619 Branches
134 Tags
94 MiB
ox/corp-19592-2
ox/11854-3
ox/deepcache
nickkhyl/userdial-tailscale-routes
nickkhyl/userdial-dns-forwarder
fran/appc-ensmallen-gh-preset
main
irbekrm/dnsconfigdocs
flakes
clairew/last-suggested-exit-node
ox/11854-3-sftp
andrew/two-nodes-flaky
percy/cherry-pick-2648d475d751b47755958f47a366e300b6b6de0a
irbekrm/docim
ox/corp-19592
actions/licenses
dependabot/github_actions/golangci/golangci-lint-action-5.0.0
dependabot/github_actions/peter-evans/create-pull-request-6.0.5
ox/11954-3
ox/11854
kevin/Split_Remove_advertised_routes_from_pref
jwhited/derp-stun-xdp
dsnet/logtail-buffer2
bradfitz/dataplane_logs_no_logs_no_support
nickkhyl/ipn-user-identity
irbekrm/extsvcnftableslb
andrew/dns-wrap-errors
release-branch/1.64
noncombatant/safeweb-cleanup
bradfitz/login_retry
patrickod/installer-yml-fixup
release-branch/1.64.0
fran/appc-store-routes-by-source
andrew/controlclient-use-last-addr
enable-exit-node-dst-logs
clairew/peer-node-capability-documentation
revert-11590-catzkorn/penguin
enable-exit-node-dst-logs-2
licenses/corp
dsnet/logpolicy-opts
licenses/android
jonathan/taildrop_path
licenses/cli
release-branch/1.62
clairew/log-dst-exit-node
fran/appc-domain-delte-prototype
irbekrm/maybe_fix_v6
oxtoacart/golden_memory
irbekrm/cherry_fix_panic
oxtoacart/no_indent_status
angott/corp-18441
18366-xcodeios-support-serial-number-collection-via-mdm-on-ios
soniaappasamy/serve-funnel-ui
brafitz/remote-config
andrew/control-key-store
maisem/proxy-1
kradalby/api-latency-histogram
release-branch/1.60
irbekrm/accept_routes
andrew/netstack-forwarder-debug
oxtoacart/immediately_access_shares
knyar/varz
knyar/install
irbekrm/splitkeys
oxtoacart/automount
angott/sleep-debug-apis
clairew/suggest-non-mullvad-exit-node
tom/tka4
clairew/add-latitude-longitude
irbekrm/operatorversion
oxtoacart/dsnet_codereview_fixes
clairew/client-suggest-node-poc
andrew/authurl-rename
andrew/workgraph
raggi/rand
flyingsquirrel_bak
will/containerboot-webui
irbekrm/clustermagicdns
noncombatant/add-hello-systemd
catzkorn/jira
release-branch/1.58
kradalby/view-only-type
clairew/add-disco-pong-padding
clairew/receive-icmp-errors
dgentry-b10911
irbekrm/proxyclass2
irbekrm/proxyclass
irbekrm/byocerts
knyar/worklifeposture
dsnet/httpio
will/webclient-mobile
will/webclient-csrf
irbekrm/static_crd
irbekrm/manifests_crd
maisem/exp-k8s
release-branch/1.44
irbekrm/containerbootdeclarativeconf
kube_exp
irbekrm/conf
raggi/stun-subprocess
andrew/nixos-vm-tests
irbekrm/set_args
andrew/peer-ipv6-addrs
irbekrm/external_services
irbekrm/os
irbekrm/pull_in_certs
dependabot/github_actions/github/codeql-action-3
dependabot/github_actions/actions/upload-artifact-4
irbekrm/kube_build_tags
release-branch/1.56
jwhited/derp-cmm-timestamp
naman/web-client-update-fixes
angott/ios-no-global-resolver
dependabot/github_actions/actions/setup-go-5
soniaappasamy/use-swr
marwan/displayname
release-branch/1.54
danderson/debug-garden
jwhited/unsafe-exp
clairew/test-wrapper-file
bradfitz/compontent_logs
kradalby-keys-db-interface
kradalby/keys-db-interface
andrew/upnp-unfork
bm/tsoidc
irbekrm/le
knyar/restartmap
kristoffer/editable-tailnet-displayname
raggi/document-deprecated-approach
dsnet/statestore
awly/version-override
bradfitz/silentdisco_knob
richard/15372
raggi/icmplistener
awly/linux-sudoers-local-admin-poc
release-branch/1.52
soniaappasamy/web-auth-restructure
maisem/art
bradfitz/ipx_set_contains
knyar/derpmesh
irbekrm/chartandcli
richard/15037-2
bradfitz/linuxfw_nil_table
richard/15037
bradfitz/tbug
bradfitz/derp_mesh
valscale/meshFix
will/sonia/web-tailscaled
tyler/serve-status
maisem/ni
maisem/hi
rhea/apple-test
dgentry-nix-flake
dgentry-coverage
c761d10
bradfitz/gocross_wantver
awly/ipnlocal-watchnotifications-clientversion
bradfitz/integration_more_tun
bradfitz/recursive_controlknob
dgentry-authkey
maisem/login-renew
irbekrm/maisem/nf-runner
maisem/fix-gocross
dependabot/npm_and_yarn/cmd/tsconnect/postcss-8.4.31
bm/4via6
bradfitz/sessionactivetimeout
release-branch/1.50
rhea/taildrop-resume
andrew/peercap-ipv6-aaaa
irbekrm/k8sipnftheuristics
irbekrm/kubeipnft
irbekrm/k8sipnft
maisem/no-auth-once
dgentry-istoreos
knyar/posturemac
dependabot/github_actions/tibdex/github-app-token-2.1.0
irbekrm/egress
raggi/restore-extra-records-dns
aaron/win_process_mitigations
danderson/lru-rollback
maisem/fix
clairew/mdm-interface
angott/userdefaults-reader
andrew/bump-esbuild
andrew/netns-more-logging
release-branch/1.48
irbekrm/k8s-autopilot
dsnet/viewer-jsonv2
marwan/altmem_stash
irbekrm/k8s-nftables
marwan/postmem
maisem/fix-deadlock
bradfitz/matrix
irbekrm/egress-dns
bradfitz/wait_unpause
bradfitz/calc_state
irbekrm/svc_conditions
soniaappasamy/fix-test-flake
marwan/servedev
soniaappasamy/fix-web-client-lock
raggi/netfilter-runtime
raggi/netfilter-add-modes
marwan/scmem
bradfitz/ignore_ula
clairew/tstime-net
clairew/tstime-wgengine
bradfitz/tkasig_type
shayne/k8s-serve
bradfitz/gui_netmap
macsys-update
catzkorn/netcheckuout
andrew/doctor-conntrack
tsweb/client-ui
maisem/onceval
valscale/ptb
maisem/remove-loginname
raggi/gotoolchain
irbekrm/improve_logout
maisem/doc
rhea/egress
maisem/tsnet-ssh
noncombatant/large-int-string
release-branch/1.46
andrew/captive-portal-package
s/pmtud
andrew/derp-bound-latency
andrew/health-state
maisem/caps
bradfitz/gokrazy_dns
clairew/use-tstime-etc
bradfitz/negdep
raggi/stunc
raggi/gvisor-hostarch-deptest
crawshaw/art-table
irbekrm/fix_logout_loop
clairew/refactor-new-timer
clairew/test-wrapper-write-file
maisem/m1
s/tsnetd
thisisparker/firstwords
bradfitz/countrycode
crawshaw/stunchild
tom/disco
maisem/ssh-incomplete-read
raggi/v6masq
dsnet/syncs-map-range-mutable
release-branch/1.42
maisem/alpine-bump
raggi/heartbeat-timebomb
raggi/derp-probe-stun-loss
raggi/tsdebugger
tom/derp
andrew/ipn-debug-1.42.0
maisem/blocked
marwan/portlistrefactor
marwan/noconstructor
angott/allow-thunderbolt-bridge
marwan/polleropts
marwan/noconstructor2
andrew/slicesx-deduplicate
unraid-web
release-branch/1.40
kristoffer/enable-mips-pkgs
s/eq
raggi/atomiccloseonce
raggi/bump-goreleaserv2
marwan/tmp
catzkorn/addrsend
raggi/gofuzz
shayne/funnel_cmd
release-branch/1.38
dgentry/atomicfile
andrew/derp-region-location
tom/tka6
maisem/k8s-cache
azure
maisem/tun-1
andrew/fastjson
crawshaw/lnclose
crawshaw/tsnet1
maisem/tsnet-funnel-2
crawshaw/httpconnect
Xe/tsnet-funnel
dgentry/sniproxy-dns
andrew/util-dnsconfig
andrew/cloudenv-location
release-branch/1.36
aaron/migrate_windows
crawshaw/pidlisten
maisem/waiter
andrew/router-drop-ula
will/vizerr
danderson/mkversion
crawshaw/activesum
andrew/doctor-scutil
danderson/version-private3
bradfitz/sassy
bradfitz/win_unattended_warning
andrew/hostinfo-HavePortMap
skriptble/ssh-recording-persist
maisem/funnel-k8s
maisem/clean2
crawshaw/ondemanddomains
maisem/c1
danderson/helm
andrew/peer-status-KeyExpiry
bradfitz/noise_debug_more
release-branch/1.34
cloner
danderson/backport
clairew/tsnet_get_own_ip
bradfitz/tidy
maisem/wakegroup
raggi/tsweb-compression
bradfitz/fix_ipn_cloner
danderson/bootstrap
will/enforce-hostname
mihaip/delete-all-profiles
release-branch/1.32
shayne/serve_empty_text_handler
bradfitz/hostinfo_ingress_bit
mihaip/logout-async-start
net-audit-log/1.32
bradfitz/set_prefs_locked
mihaip/fas
bradfitz/port_intercept
andrew/net-tsaddr-mapviaaddr
danderson/tsburrito
andrew/tstest-goroutine-ignore
andrew/monitor-link-change
danderson/k8s
andrew/debug-subnet-router
andrew/metrics-distribution
knyar/prober
crawshaw/accumulatorcfg
bradfitz/keyboard-interactive
maisem/unused-ssh-field
bradfitz/tailpipe
maisem/ssh-port-forward-no-session
vm
raggi/accept-routes-filter
nyghtowl/tailnet-name2
buildjet
buildjet-vs-github
andrew/netns-macos-route
maisem/exit-lan
walterp-api
andrew/linux-router-v4-disabled
bradfitz/distro_ubuntu
tom/iptables
release-branch/1.30
tom/tka2
andrew/dnscache-debugging-1.22.2
andrew/controlclient-dial
raggi/experiment-queues
bradfitz/u32
ip6tables
maisem/dns-5
catzkorn/derp-benchmark
maisem/dns-3
jwhited/wireguard-go-vectorized-bind
catzkorn/otel-init
bradfitz/appendf
mihaip/js-cli
dsnet/tsweb-499s
bradfitz/deephash_early_exit
crawshaw/xdp
dsnet/logtail-zstd-single-segment
Xe/gitops-pusher-three-version-problem
Xe/gitops-pusher-acl-test-error-output
Xe/gitops-pusher-ffcli
bradfitz/ssh_auth_none_demo
release-branch/1.28
catzkorn/otel-derp
bradfitz/shared_split_dns
nyghtowl/fix-resolved
release-branch/1.26
bradfitz/explicit_empty_test_3808
crawshaw/preservenetinfo
miriah-3808-reset-operator
dsnet/tsnet-logging
mihaip/wasm-taildrop
crawshaw/stunname
bradfitz/wasm_play
maisem/reg
bradfitz/dot
bradfitz/tcp_flows
release-branch/1.24
raggi/netstack_fwd_close
bradfitz/netstack_fwd_close
merge-tag
cross-android
bradfitz/kmod
bradfitz/ssh_banner
bradfitz/ping
tom/integration
bradfitz/ssh_policy_earlier
maisem/cu
bradfitz/derpy_cast
bradfitz/cli_admin
release-branch/1.22
maisem/ssh-policiy-2
maisem/ssh-policiy-1
aaron/go-ole-ref
bradfitz/key_rotation_prep
josh/tswebflags
release-branch/1.20
crawshaw/envtype
danderson/tsweb-server
bradfitz/autocert_force
bradfitz/use_netstack_upstream
Xe/winui-bugreport-without-tailscaled
bradfitz/hostinfo_basically_equal
release-branch/1.18
aaron/loglog
aaron/dnsapc
bradfitz/demo_client_hijack
bradfitz/windns
bradfitz/exit_node_forward_dns
bradfitz/1.18.1
Xe/tailtlsproxy
bradfitz/allsrc
josh/peermap
danderson/ebpf
bradfitz/1_16_stress_netmap
danderson/nodekey-move
danderson/nodekey-delete-old
danderson/nodekey-cleanup
danderson/magicsock-discokey
release-branch/1.16
danderson/magicsock-node-key
crawshaw/updatefallback
release-branch/1.14
bradfitz/1.14
bradfitz/updates
josh/immutable-views
bradfitz/portmap_gh_actions
danderson/kernel-tailscale
bradfitz/win_default_route
release-branch/1.12
jknodt/logging
simenghe/add-tsmpping-call
josh/opt-getstatus
Aadi/speedtest-tailscaled
dsnet/admin-cli
bradfitz/portmap_test
jknodt/portmap_test
upnpdebug
jknodt/upnp_reuse
crawshaw/peerdoh
josh/debug-flake
simenghe/pingresult-work
jknodt/derp_flow
tps/tailscaled
jknodt/vms_ref
jknodt/integ_test
josh/fast-time
josh/coarsetime
bradfitz/derp_flow
release-branch/1.10
josh/io_uring
josh/deflake-pipe-again
Xe/testcontrol-v6
jknodt/io-uring
simenghe/admin-ping-test
jknodt/periodic_probe
simenghe/isoping
Xe/private-logcatcher-in-process
simenghe/tcpnodeping
bradfitz/deephash_methods
crawshaw/deephash
josh/de-select-tstun-wrapper
Xe/debug-nixos-build
simenghe/isoping-experiment
crawshaw/dnswslhackery
jknodt/userderp
jknodt/bw_rep2
crawshaw/wslresolvconf
jknodt/upnp
crawshaw/magicdnsalways
simenghe/flakeresolve
rec_in_use_after_5_sec
bradfitz/acme
release-branch/1.8
simenghe/add-httphandlers-ping
simenghe/add-ping-route-testcontrol-mux
simeng-pingtest
Xe/test-install-script-libvirtd
apenwarr/check184
crawshaw/newbackendserver
adding-address-ips-totestcontrolnode
onebinary
Xe/synology-does-actually-work-with-subnet-routes-til
bradfitz/netstack_port_map
bradfitz/demo_pinger
apenwarr/fixes
apenwarr/relogin
josh/NewIPPort
josh/IPWithPort
bradfitz/integration_tests
josh/opt-dp-wip
bradfitz/ping_notes
bradfitz/dropped_by_filter_logspam
bradfitz/netstack_drop_silent
bradfitz/log_rate_test
bradfitz/issue_1840_rebased_tree
bradfitz/issue_1849_rebased_tree
crawshaw/syno
apenwarr/statefix
apenwarr/statetest
josh/wip/endpoint-serialize
apenwarr/ioslogin
rosszurowski/cli-fix-typo
bradfitz/cli_pretty
bradfitz/win_delete_retry
bradfitz/sleep
naman/netstack-request-logging
naman/ephem-expand-range
bradfitz/macos_progress
bradfitz/ip_of
crawshaw/localapi404
crawshaw/movefiles
crawshaw/socket
crawshaw/cgi
naman/netstack-subnet-routing
josh/wip/create-endpoint-no-public-key
Xe/log-target-registry-key
release-branch/1.6
bradfitz/ipv6_link_local_strip
bradfitz/darwin_gw
Xe/disallow-local-ip-for-exit-node
release-branch/1.4
crawshaw/upjson
bradfitz/proposed_1.4.6
bradfitz/derp_steer
crawshaw/tailscalestatus
Xe/reset-logid-on-logout-login
naman/netstack-incoming
mkramlich/macos-brew2
naman/netstack-outgoing-udp-test
mkramlich/macos-brew
bradfitz/proposed-1.4.5
peske/ifacewatcher
Xe/hello-vr
crawshaw/filchsync
Xe/derphttp-panic-fix
peske/elnotfound
Xe/rel-144-fix-ipv6-broken-in-tests
bradfitz/darwin_creds
josh/longblock
josh/udp-alloc-less
josh/simplify-filch
josh/remove-ipcgetfilter
Xe/envvar-name-TS
Xe/TS-envvar-name
Xe/do-windows-logserver-better
Xe/log-target-flag
crawshaw/ipuint
bradfitz/hello
bradfitz/linux_v6_off
bradfitz/call_me_maybe_eps
bradfitz/api_docs
alexbrainman/use_wg_dns_code
naman/netstack-use-tailscale-ip
josh/debug-TestLikelyHomeRouterIPSyscallExec
noerror-not-notimp
bradfitz/umaskless_permissions
naman/netstack-bump-version
bradfitz/lite_endpoint_update
c22wen/api-docs
bradfitz/grafana_auth_proxy
crawshaw/dnsguid
nix-shell
release-branch/1.2
bradfitz/acl_tags_in_tailscale_status
bradfitz/expiry_spin
josh/no-goroutine-per-udp-read-2
crawshaw/tailcfg
bradfitz/wgengine_monitor_windows_take2
netstat-unsafe
bradfitz/ipn_empty
bradfitz/win_firewall_async
bradfitz/machine_key
apenwarr/faketun
crawshaw/cloner
crawshaw/jsonhandler
c22wen/route-addr
c22wen/magicsock.go
bradfitz/gvisor_netstack
crawshaw/loadtest
dshynkev/dns-autoset
crawshaw/e2etest
bradfitz/win_wpad_pac
release-branch/1.0
bradfitz/linux_default_route_interface
bradfitz/release-branch-1.0
crawshaw/restartlimit
clone
dshynkev/dns-name
dshynkev/dns-refactor
bradfitz/go_vet
crawshaw/tswebextra
crawshaw/pinger2
lzjluzijie/all_proxy
rate-limiting
lzjluzijie/227_http_proxy
crawshaw/rebind
crawshaw/hostinfo
crawshaw/derp-nokeepalives
crawshaw/derptimeout
crawshaw/derpdial2
crawshaw/derpdial
crawshaw/ipn
crawshaw/e2e_test
crawshaw/ipn2
crawshaw/magicsock
crawshaw/magicsock-infping
crawshaw/spray
crawshaw/br1
v1.64.2
v1.64.1
v1.64.0
v1.62.1
v1.62.0
v1.60.1
v1.60.0
v1.58.2
v1.58.1
v1.58.0
v1.44.3
v1.56.1
v1.56.0
v1.54.1
v1.54.0
v1.52.1
v1.52.0
v1.50.1
v1.50.0
v1.48.2
v1.48.1
v1.48.0
v1.46.1
v1.46.0
v1.44.2
v1.44.0
v1.42.1
v1.42.0
v1.40.1
v1.40.0
v1.38.4
v1.38.3
v1.38.2
v1.38.1
v1.38.0
v1.36.2
v1.36.1
v1.36.0
v1.34.2
v1.34.1
v1.34.0
v1.32.3
v1.32.2
v1.32.1
v1.32.0
v1.30.2
v1.30.1
v1.30.0
v1.28.0
v1.26.2
v1.26.1
v1.26.0
v1.24.2
v1.24.1
v1.24.0
v1.22.2
v1.22.1
v1.22.0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.18.2
v1.18.1
v1.18.0
v1.16.2
v1.16.1
v1.16.0
v1.14.6
v1.14.5
v1.14.4
v1.14.3
v1.14.0
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.12.0
v1.10.2
v1.10.1
v1.10.0
v1.8.8
v1.8.7
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.6.0
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.2.10
v1.2.9
v1.2.8
v1.2.7
v1.2.6
v1.2.5
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.1.0
v1.0.0
v0.100.0
v0.99.1
v0.99.0
v0.98.1
v0.98
v0.98.0
v0.97
v0.96.1
v0.96
coral-gitops
gitops-1.30.0
gitops-1.58.2
nginx-auth-0.1.2
v0.100.0-107
v0.100.0-153
v1.61.0-pre
v1.63.0-pre
v1.65.0-pre
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '60a028a4f6'
${ noResults }
Commit Graph

5477 Commits (60a028a4f61aaa84fe2bc400d4a150f5d2f5d485)
 

Author SHA1 Message Date
dependabot[bot] 60a028a4f6 .github: Bump peter-evans/create-pull-request from 4.1.4 to 4.2.4 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.1.4 to 4.2.4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](ad43dccb4d...38e0b6e68b)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 1 year ago
dependabot[bot] 927e2e3e7c .github: Bump actions/setup-go from 3 to 4 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 1 year ago
Nahum Shalman 82e067e0ff build_dist.sh: make cross-compilation friendly 
Signed-off-by: Nahum Shalman <nahamu@gmail.com>
 1 year ago
Maisem Ali 95494a155e .github: use unique names for jobs 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
James 'zofrex' Sanderson 9534783758
tailscale/cmd: Warn for up --force-reauth over SSH without accepting the risk (#7575) 
Fixes #6377

Signed-off-by: James Sanderson <jsanderson@tailscale.com>
 1 year ago
Maisem Ali f34590d9ed tsnet: add test for Funnel connections 
For the logic added in b797f77.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Maisem Ali c6d96a2b61 tsnet: do not start logtail in tests 
It was trying to upload logs in tests.

skip-issuebot

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
David Anderson 0498d5ea86 tool/gocross: delete bootstrap tarball downloads after use 
Signed-off-by: David Anderson <danderson@tailscale.com>
 1 year ago
David Anderson 1f95bfedf7 tool/gocross: adjust Xcode flags to match new Xcode env 
Xcode changed how/what data it exports to build steps at some point
recently, so our old way of figuring out the minimum support version
for clang stopped working.

Updates tailscale/corp#4095

Signed-off-by: David Anderson <danderson@tailscale.com>
 1 year ago
Kurnia D Win 9526858b1e control/controlclient: fix accidental backoff reset 
Signed-off-by: Kurnia D Win <kurnia.d.win@gmail.com>
 1 year ago
David Anderson df3996cae3 tool/gocross: bootstrap correctly on an older toolchain 
Sometimes, our cached toolchain ends up being an older version of
Go, older than our go.mod allows. In that scenario, gocross-wrapper.sh
would find a usable toolchain, but then fail to compile gocross.

This change makes the wrapper script check that the cached toolchain's
minor version is good enough to build tailscale.com, and re-bootstraps
in shell if not.

Signed-off-by: David Anderson <danderson@tailscale.com>
 1 year ago
Mihai Parparita 97b6d3e917 sockstats: remove per-interface stats from Get 
They're not needed for the sockstats logger, and they're somewhat
expensive to return (since they involve the creation of a map per
label). We now have a separate GetInterfaces() method that returns
them instead (which we can still use in the PeerAPI debug endpoint).

If changing sockstatlog to sample at 10,000 Hz (instead of the default
of 10Hz), the CPU usage would go up to 59% on a iPhone XS. Removing the
per-interface stats drops it to 20% (a no-op implementation of Get that
returns a fixed value is 16%).

Updates tailscale/corp#9230
Updates #3363

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 1 year ago
David Anderson 9ebab961c9 version/mkversion: don't break on tagged go.mod entries 
I thought our versioning scheme would make go.mod include a commit hash
even on stable builds. I was wrong. Fortunately, the rest of this code
wants anything that 'git rev-parse' understands (to convert it into a full
git hash), and tags qualify.

Signed-off-by: David Anderson <danderson@tailscale.com>
 1 year ago
Denton Gentry 6d3490f399 VERSION.txt: this is 1.39 
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 1 year ago
License Updater 51b0169b10 licenses: update win/apple licenses 
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
 1 year ago
Maisem Ali b4d3e2928b tsnet: avoid deadlock on close 
tsnet.Server.Close was calling listener.Close with the server mutex
held, but the listener close method tries to grab that mutex, resulting
in a deadlock.

Co-authored-by: David Crawshaw <crawshaw@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
shayne 2b892ad6e7
cmd/tailscale/cli: [serve] rework commands based on feedback (#6521) 
```
$ tailscale serve https:<port> <mount-point> <source> [off]
$ tailscale serve tcp:<port> tcp://localhost:<local-port> [off]
$ tailscale serve tls-terminated-tcp:<port> tcp://localhost:<local-port> [off]
$ tailscale serve status [--json]

$ tailscale funnel <serve-port> {on|off}
$ tailscale funnel status [--json]
```

Fixes: #6674

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
 1 year ago
Will Norris 6ef2105a8e log/sockstatlog: only start once; don't copy ticker 
Signed-off-by: Will Norris <will@tailscale.com>
 1 year ago
Maisem Ali 8c4adde083 log/sockstatlog: also shutdown the poll goroutine 
Co-authored-by: Will Norris <will@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Maisem Ali c87782ba9d cmd/k8s-operator: drop trailing dot in tagged node name 
Also update tailcfg docs.

Updates #5055

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Will Norris 09e0ccf4c2 ipn: add c2n endpoint for sockstats logs 
Signed-off-by: Will Norris <will@tailscale.com>
 1 year ago
Will Norris a1d9f65354 ipn,log: add logger for sockstat deltas 
Signed-off-by: Will Norris <will@tailscale.com>
Co-authored-by: Melanie Warrick <warrick@tailscale.com>
 1 year ago
Maisem Ali 5e8a80b845 all: replace /kb/ links with /s/ equivalents 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Maisem Ali 558735bc63 cmd/k8s-operator: require HTTPS to be enabled for AuthProxy 
Updates #5055

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Maisem Ali 489e27f085 cmd/k8s-operator: make auth proxy pass tags as Impersonate-Group 
We were not handling tags at all, pass them through as Impersonate-Group headers.
And use the FQDN for tagged nodes as Impersonate-User.

Updates #5055

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Maisem Ali 56526ff57f tailcfg: bump capver for 1.38 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Maisem Ali 09aed46d44 cmd/tailscale/cli: update docs and unhide configure 
Also call out Alpha.

Updates #7220

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Maisem Ali 223713d4a1 tailcfg,all: add and use Node.IsTagged() 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Andrew Dunham 83fa17d26c various: pass logger.Logf through to more places 
Updates #7537

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: Id89acab70ea678c8c7ff0f44792d54c7223337c6
 1 year ago
Maisem Ali 958c89470b
tsnet: add CertDomains helper (#7533) 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
shayne e109cf9fdd
tsnet/tsnet: clear ipn.ServeConfig on Up for tsnet apps (#7534) 
We persist the ServeConfig, even for tsnet apps. It's quite possible for
the ServeConfig to be out of step with the code. Example: If you run
`ListenFunnel` then later turn it off, the ServeConfig will still show
it enabled, the admin console will show it enabled, but the packet
handler will reject the packets.

Workaround by clearing the ServeConfig in `tsnet.Up`

Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
 1 year ago
Maisem Ali 3ff44b2307 ipn: add Funnel port check from nodeAttr 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Maisem Ali ccdd534e81 tsnet: add ListenFunnel 
This lets a tsnet binary share a server out over Tailscale Funnel.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
 1 year ago
Denton Gentry 047b324933 scripts/installer: add PureOS and Amazon Linux Next 
Fixes https://github.com/tailscale/tailscale/issues/7410

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 1 year ago
Andrew Dunham f0d6228c52 ipn/localapi: flesh out the 'debug derp' checks 
Updates #6526

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: Ic18d9ff288b9c7b8d5ab1bd77dd59693cd776cc4
 1 year ago
License Updater 920de86cee licenses: update android licenses 
Signed-off-by: License Updater <noreply@tailscale.com>
 1 year ago
Mihai Parparita b64d78d58f sockstats: refactor validation to be opt-in 
Followup to #7499 to make validation a separate function (
GetWithValidation vs. Get). This way callers that don't need it don't
pay the cost of a syscall per active TCP socket.

Also clears the conn on close, so that we don't double-count the stats.

Also more consistently uses Go doc comments for the exported API of the
sockstats package.

Updates tailscale/corp#9230
Updates #3363

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 1 year ago
Mihai Parparita ea81bffdeb sockstats: export as client metrics 
Though not fine-grained enough to be useful for detailed analysis, we
might as well export that we gather as client metrics too, since we have
an upload/analysis pipeline for them.

clientmetric.Metric.Add is an atomic add, so it's pretty cheap to also
do per-packet.

Updates tailscale/corp#9230
Updates #3363

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 1 year ago
Maisem Ali 1e72de6b72 ipn/ipnlocal: remove WIP restriction for Tailscale SSH on macOS 
It kinda works fine now on macOS with the recent fixes in 0582829 and
 5787989d.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Tom DNetto 92fc243755 cmd/tailscale: annotate tailnet-lock keys which wrap pre-auth keys 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 1 year ago
Tom DNetto 3471fbf8dc cmd/tailscale: surface node-key for locked out tailnet-lock peers 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 1 year ago
Maisem Ali b797f773c7 ipn/ipnlocal: add support for funnel in tsnet 
Previously the part that handled Funnel connections was not
aware of any listeners that tsnet.Servers might have had open
so it would check against the ServeConfig and fail.

Adding a ServeConfig for a TCP proxy was also not suitable in this
scenario as that would mean creating two different listeners and have
one forward to the other, which really meant that you could not have
funnel and tailnet-only listeners on the same port.

This also introduces the ipn.FunnelConn as a way for users to identify
whether the call is coming over funnel or not. Currently it only holds
the underlying conn and the target as presented in the "Tailscale-Ingress-Target"
header.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Joe Tsai dad78f31f3
syncs: add WaitGroup wrapper (#7481) 
The addition of WaitGroup.Go in the standard library has been
repeatedly proposed and rejected.
See golang/go#18022, golang/go#23538, and golang/go#39863

In summary, the argument for WaitGroup.Go is that it avoids bugs like:

	go func() {
		wg.Add(1)
		defer wg.Done()
		...
	}()

where the increment happens after execution (not before)
and also (to a lesser degree) because:

	wg.Go(func() {
		...
	})

is shorter and more readble.

The argument against WaitGroup.Go is that the provided function
takes no arguments and so inputs and outputs must closed over
by the provided function. The most common race bug for goroutines
is that the caller forgot to capture the loop iteration variable,
so this pattern may make it easier to be accidentally racy.
However, that is changing with golang/go#57969.

In my experience the probability of race bugs due to the former
still outwighs the latter, but I have no concrete evidence to prove it.

The existence of errgroup.Group.Go and frequent utility of the method
at least proves that this is a workable pattern and
the possibility of accidental races do not appear to
manifest as frequently as feared.

A reason *not* to use errgroup.Group everywhere is that there are many
situations where it doesn't make sense for the goroutine to return an error
since the error is handled in a different mechanism
(e.g., logged and ignored, formatted and printed to the frontend, etc.).
While you can use errgroup.Group by always returning nil,
the fact that you *can* return nil makes it easy to accidentally return
an error when nothing is checking the return of group.Wait.
This is not a hypothetical problem, but something that has bitten us
in usages that was only using errgroup.Group without intending to use
the error reporting part of it.

Thus, add a (yet another) variant of WaitGroup here that
is identical to sync.WaitGroup, but with an extra method.

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
 1 year ago
Maisem Ali be027a9899 control/controlclient: improve handling of concurrent lite map requests 
This reverts commit 6eca47b16c and fixes forward.

Previously the first ever streaming MapRequest that a client sent would also
set ReadOnly to true as it didn't have any endpoints and expected/relied on the
map poll to restart as soon as it got endpoints. However with 48f6c1eba4,
we would no longer restart MapRequests as frequently as we used to, so control
would only ever get the first streaming MapRequest which had ReadOnly=true.

Control would treat this as an uninteresting request and would not send it
any further netmaps, while the client would happily stay in the map poll forever
while litemap updates happened in parallel.

This makes it so that we never set `ReadOnly=true` when we are doing a streaming
MapRequest. This is no longer necessary either as most endpoint discovery happens
over disco anyway.

Co-authored-by: Andrew Dunham <andrew@du.nham.ca>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Joe Tsai 87b4bbb94f
tstime/rate: add Value (#7491) 
Add Value, which measures the rate at which an event occurs,
exponentially weighted towards recent activity.
It is guaranteed to occupy O(1) memory, operate in O(1) runtime,
and is safe for concurrent use.

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
 1 year ago
Mihai Parparita 4c2f67a1d0 net/sockstat: fix per-interface statistics not always being available 
withSockStats may be called before setLinkMonitor, in which case we
don't have a populated knownInterfaces map. Since we pre-populate the
per-interface counters at creation time, we would end up with an
empty map. To mitigate this, we do an on-demand request for the list of
interfaces.

This would most often happen with the logtail instrumentation, since we
initialize it very early on.

Updates tailscale/corp#9230

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 1 year ago
Maisem Ali e69682678f ssh/tailssh: use context.WithCancelCause 
It was using a custom implmentation of the context.WithCancelCause,
replace usage with stdlib.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 1 year ago
Mihai Parparita a2be1aabfa logtail: remove unncessary response read 
Effectively reverts #249, since the server side was fixed (with #251?)
to send a 200 OK/content-length 0 response.

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 1 year ago
Tom DNetto ce99474317 all: implement preauth-key support with tailnet lock 
Signed-off-by: Tom DNetto <tom@tailscale.com>
 1 year ago
Mihai Parparita f4f8ed98d9 sockstats: add validation for TCP socket stats 
We can use the TCP_CONNECTION_INFO getsockopt() on Darwin to get
OS-collected tx/rx bytes for TCP sockets. Since this API is not available
for UDP sockets (or on Linux/Android), we can't rely on it for actual
stats gathering.

However, we can use it to validate the stats that we collect ourselves
using read/write hooks, so that we can be more confident in them. We
do need additional hooks from the Go standard library (added in
tailscale/go#59) to be able to collect them.

Updates tailscale/corp#9230
Updates #3363

Signed-off-by: Mihai Parparita <mihai@tailscale.com>
 1 year ago