tailscale

Commit Graph

Author	SHA1	Message	Date
Nick Khyl	63242007ae	VERSION.txt: this is v1.90.5 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 month ago
Brad Fitzpatrick	300e6062bf	cmd/k8s-operator/generate: skip tests if no network or Helm is down Updates helm/helm#31434 Change-Id: I5eb20e97ff543f883d5646c9324f50f54180851d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `d5a40c01ab`)	1 month ago
Brad Fitzpatrick	1a6c31538e	sessionrecording: fix regression in recent http2 package change In `3f5c560fd4` I changed to use std net/http's HTTP/2 support, instead of pulling in x/net/http2. But I forgot to update DialTLSContext to DialContext, which meant it was falling back to using the std net.Dialer for its dials, instead of the passed-in one. The tests only passed because they were using localhost addresses, so the std net.Dialer worked. But in prod, where a tsnet Dialer would be needed, it didn't work, and would time out for 10 seconds before resorting to the old protocol. So this fixes the tests to use an isolated in-memory network to prevent that class of problem in the future. With the test change, the old code fails and the new code passes. Thanks to @jasonodonnell for debugging! Updates #17304 Updates `3f5c560fd4` Change-Id: I3602bafd07dc6548e2c62985af9ac0afb3a0e967 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `8996254647`)	1 month ago
Nick Khyl	68cba300e4	VERSION.txt: this is v1.90.4 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 month ago
M. J. Fromberger	2dd72f6ec2	Revert "logtail: avoid racing eventbus subscriptions with Shutdown (#17639 )" (#17684 ) This reverts commit `4346615d77`. We averted the shutdown race, but will need to service the subscriber even when we are not waiting for a change so that we do not delay the bus as a whole. Updates #17638 Change-Id: I5488466ed83f5ad1141c95267f5ae54878a24657 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com> (cherry picked from commit `db5815fb97`)	1 month ago
Brad Fitzpatrick	53004dded1	wgengine/magicsock: fix js/wasm crash regression loading non-existent portmapper Thanks for the report, @Need-an-AwP! Fixes #17681 Updates #9394 Change-Id: I2e0b722ef9b460bd7e79499192d1a315504ca84c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `edb11e0e60`)	1 month ago
srwareham	033adc398c	cmd/tailscale/cli: move JetKVM scripts to /userdata/init.d for persistence (#17610 ) Updates #16524 Updates jetkvm/rv1106-system#34 Signed-off-by: srwareham <ebriouscoding@gmail.com> (cherry picked from commit `f4e2720821`)	1 month ago
Max Coulombe	bad03eefa1	feature/identityfederation: strip query params on clientID (#17666 ) Updates #9192 Change-Id: I35c88df8a0242ecc19a23265d392ef78ac176b9d Signed-off-by: mcoulombe <max@tailscale.com> (cherry picked from commit `34e992f59d`)	1 month ago
Patrick O'Doherty	dc3c15b4c6	control/controlclient: back out HW key attestation (#17664 ) Temporarily back out the TPM-based hw attestation code while we debug Windows exceptions. Updates tailscale/corp#31269 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com> (cherry picked from commit `a760cbe33f`)	1 month ago
Nick Khyl	c50fe71822	VERSION.txt: this is v1.90.3 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 month ago
M. J. Fromberger	597acd8663	logtail: avoid racing eventbus subscriptions with Shutdown (#17639 ) When the eventbus is enabled, set up the subscription for change deltas at the beginning when the client is created, rather than waiting for the first awaitInternetUp check. Otherwise, it is possible for a check to race with the client close in Shutdown, which triggers a panic. Updates #17638 Change-Id: I461c07939eca46699072b14b1814ecf28eec750c Signed-off-by: M. J. Fromberger <fromberger@tailscale.com> (cherry picked from commit `4346615d77`)	1 month ago
Claus Lensbøl	e6a3669277	net/tsdial: do not panic if setting the same eventbus twice (#17640 ) Updates #17638 Signed-off-by: Claus Lensbøl <claus@tailscale.com> (cherry picked from commit `fd0e541e5d`)	1 month ago
Nick Khyl	8bcd44ecf0	VERSION.txt: this is v1.90.2 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 month ago
Claus Lensbøl	b0f0bce928	health: compare warnable codes to avoid errors on release branch (#17637 ) This compares the warnings we actually care about and skips the unstable warnings and the changes with no warnings. Fixes #17635 Signed-off-by: Claus Lensbøl <claus@tailscale.com> (cherry picked from commit `7418583e47`)	1 month ago
Brad Fitzpatrick	c81ef9055b	util/linuxfw: fix 32-bit arm regression with iptables This fixes a regression from `dd615c8fdd` that moved the newIPTablesRunner constructor from a any-Linux-GOARCH file to one that was only amd64 and arm64, thus breaking iptables on other platforms (notably 32-bit "arm", as seen on older Pis running Buster with iptables) Tested by hand on a Raspberry Pi 2 w/ Buster + iptables for now, for lack of automated 32-bit arm tests at the moment. But filed #17629. Fixes #17623 Updates #17629 Change-Id: Iac1a3d78f35d8428821b46f0fed3f3717891c1bd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `8576a802ca`)	1 month ago
Patrick O'Doherty	9fe44b3718	feature/tpm: use withSRK to probe TPM availability (#17627 ) On some platforms e.g. ChromeOS the owner hierarchy might not always be available to us. To avoid stale sealing exceptions later we probe to confirm it's working rather than rely solely on family indicator status. Updates #17622 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com> (cherry picked from commit `672b1f0e76`)	1 month ago
Patrick O'Doherty	a8ae316858	feature/tpm: check TPM family data for compatibility (#17624 ) Check that the TPM we have opened is advertised as a 2.0 family device before using it for state sealing / hardware attestation. Updates #17622 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com> (cherry picked from commit `36ad24b20f`)	1 month ago
Nick Khyl	75b0c6f164	VERSION.txt: this is v1.90.1 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 month ago
Nick Khyl	3c78146ece	VERSION.txt: this is v1.90.0 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 month ago
License Updater	4e1c270f90	licenses: update license notices Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 month ago
Alex Chan	4673992b96	tka: created a shared testing library for Chonk This patch creates a set of tests that should be true for all implementations of Chonk and CompactableChonk, which we can share with the SQLite implementation in corp. It includes all the existing tests, plus a test for LastActiveAncestor which was in corp but not in oss. Updates https://github.com/tailscale/corp/issues/33465 Signed-off-by: Alex Chan <alexc@tailscale.com>	1 month ago
Alex Chan	c961d58091	cmd/tailscale: improve the error message for `lock log` with no lock Previously, running `tailscale lock log` in a tailnet without Tailnet Lock enabled would return a potentially confusing error: $ tailscale lock log 2025/10/20 11:07:09 failed to connect to local Tailscale service; is Tailscale running? It would return this error even if Tailscale was running. This patch fixes the error to be: $ tailscale lock log Tailnet Lock is not enabled Fixes #17586 Signed-off-by: Alex Chan <alexc@tailscale.com>	1 month ago
Max Coulombe	6a73c0bdf5	cmd/tailscale/cli,feature: add support for identity federation (#17529 ) Add new arguments to `tailscale up` so authkeys can be generated dynamically via identity federation. Updates #9192 Signed-off-by: mcoulombe <max@tailscale.com>	2 months ago
Brad Fitzpatrick	54cee33bae	go.toolchain.rev: update to Go 1.25.3 Updates tailscale/go#140 Updates tailscale/go#142 Updates tailscale/go#138 Change-Id: Id25b6fa4e31eee243fec17667f14cdc48243c59e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
David Bond	9083ef1ac4	cmd/k8s-operator: allow pod tolerations on nameservers (#17260 ) This commit modifies the `DNSConfig` custom resource to allow specifying [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) on the nameserver pods. This will allow users to dictate where their nameserver pods are located within their clusters. Fixes: https://github.com/tailscale/tailscale/issues/17092 Signed-off-by: David Bond <davidsbond93@gmail.com>	2 months ago
Andrew Lytvynov	6493206ac7	.github/workflows: pin nix-related github actions (#17574 ) Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 months ago
Alex Chan	8d119f62ee	wgengine/magicsock: minor tidies in Test_endpoint_maybeProbeUDPLifetimeLocked * Remove a couple of single-letter `l` variables * Use named struct parameters in the test cases for readability * Delete `wantAfterInactivityForFn` parameter when it returns the default zero Updates #cleanup Signed-off-by: Alex Chan <alexc@tailscale.com>	2 months ago
Alex Chan	55a43c3736	tka: don't look up parent/child information from purged AUMs We soft-delete AUMs when they're purged, but when we call `ChildAUMs()`, we look up soft-deleted AUMs to find the `Children` field. This patch changes the behaviour of `ChildAUMs()` so it only looks at not-deleted AUMs. This means we don't need to record child information on AUMs any more, which is a minor space saving for any newly-recorded AUMs. Updates https://github.com/tailscale/tailscale/issues/17566 Updates https://github.com/tailscale/corp/issues/27166 Signed-off-by: Alex Chan <alexc@tailscale.com>	2 months ago
Alex Chan	c3acf25d62	tka: remove an unused Mem.Orphans() method This method was added in `cca25f6` in the initial in-memory implementation of Chonk, but it's not part of the Chonk interface and isn't implemented or used anywhere else. Let's get rid of it. Updates https://github.com/tailscale/corp/issues/33465 Signed-off-by: Alex Chan <alexc@tailscale.com>	2 months ago
Alex Chan	0ce88aa343	all: use a consistent capitalisation for "Tailnet Lock" Updates https://github.com/tailscale/corp/issues/13108 Signed-off-by: Alex Chan <alexc@tailscale.com>	2 months ago
David Bond	419fba40e0	k8s-operator/api-proxy: put kube api server events behind environment variable (#17550 ) This commit modifies the k8s-operator's api proxy implementation to only enable forwarding of api requests to tsrecorder when an environment variable is set. This new environment variable is named `TS_EXPERIMENTAL_KUBE_API_EVENTS`. Updates https://github.com/tailscale/corp/issues/32448 Signed-off-by: David Bond <davidsbond93@gmail.com>	2 months ago
Joe Tsai	e804b64358	wgengine/netlog: merge connstats into package (#17557 ) Merge the connstats package into the netlog package and unexport all of its declarations. Remove the buildfeatures.HasConnStats and use HasNetLog instead. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 months ago
Joe Tsai	e75f13bd93	net/connstats: prepare to remove package (#17554 ) The connstats package was an unnecessary layer of indirection. It was seperated out of wgengine/netlog so that net/tstun and wgengine/magicsock wouldn't need a depenedency on the concrete implementation of network flow logging. Instead, we simply register a callback for counting connections. This PR does the bare minimum work to prepare tstun and magicsock to only care about that callback. A future PR will delete connstats and merge it into netlog. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 months ago
Joe Tsai	6d897c4ab4	types/netlogtype: remove CBOR representation (#17545 ) Remove CBOR representation since it was never used. We should support CBOR in the future, but for remove it for now so that it is less work to add more fields. Also, rely on just omitzero for JSON now that it is supported in Go 1.24. Updates tailscale/corp#33352 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 months ago
Jordan Whited	743e5ac696	cmd/tailscale: surface relay-server-port set flag (#17528 ) Fixes tailscale/corp#31186 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 months ago
Brad Fitzpatrick	1a93a8a704	feature/tpm: quiet log output a bit I was debugging a customer issue and saw in their 1.88.3 logs: TPM: error opening: stat /dev/tpm0: no such file or directory That's unnecessary output. The lack of TPM will be reported by them having a nil Hostinfo.TPM, which is plenty elsewhere in logs. Let's only write out an "error opening" line if it's an interesting error. (perhaps permissions, or EIO, etc) Updates #cleanup Change-Id: I3f987f6bf1d3ada03473ca3eef555e9cfafc7677 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Claus Lensbøl	005e264b54	util/eventbus/eventbustest: add support for synctest instead of timers (#17522 ) Before synctest, timers was needed to allow the events to flow into the test bus. There is still a timer, but this one is not derived from the test deadline and it is mostly arbitrary as synctest will render it practically non-existent. With this approach, tests that do not need to test for the absence of events do not rely on synctest. Updates #15160 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	2 months ago
Patrick O'Doherty	d8a6d0183c	ipn/ipnlocal: strip AttestationKey in redacted prefs view (#17527 ) Updates tailscale/corp#31269 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	2 months ago
Aaron Klotz	7c49cab1a6	clientupdate, util/osshare, util/winutil, version: improve Windows GUI filename resolution and WinUI build awareness On Windows arm64 we are going to need to ship two different GUI builds; one for Win10 (GOARCH=386) and one for Win11 (GOARCH=amd64, tags += winui). Due to quirks in MSI packaging, they cannot both share the same filename. This requires some fixes in places where we have hardcoded "tailscale-ipn" as the GUI filename. We also do some cleanup in clientupdate to ensure that autoupdates will continue to work correctly with the temporary "-winui" package variant. Fixes #17480 Updates https://github.com/tailscale/corp/issues/29940 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 months ago
Patrick O'Doherty	e45557afc0	types/persist: add AttestationKey (#17281 ) Extend Persist with AttestationKey to record a hardware-backed attestation key for the node's identity. Add a flag to tailscaled to allow users to control the use of hardware-backed keys to bind node identity to individual machines. Updates tailscale/corp#31269 Change-Id: Idcf40d730a448d85f07f1bebf387f086d4c58be3 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	2 months ago
Joe Tsai	a2dc517d7d	all: specify explicit JSON format for time.Duration (#17307 ) The default representation of time.Duration has different JSON representation between v1 and v2. Apply an explicit format flag that uses the v1 representation so that this behavior does not change if serialized with v2. Updates tailscale/corp#791 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 months ago
Jonathan Nobels	8e98ecb5f7	net/netmon: handle net.IPAddr types during interface address parsing (#17523 ) updates tailscale/tailscale#16836 Android's altNetInterfaces implementation now returns net.IPAddr types which netmon wasn't handling. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	2 months ago
Jordan Whited	af15ee9c5f	wgengine/magicsock: add clientmetrics for TX bytes/packets by af & conn type (#17515 ) Updates tailscale/corp#33206 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 months ago
M. J. Fromberger	0a33aae823	util/eventbus: run subscriber functions in a goroutine (#17510 ) With a channel subscriber, the subscription processing always occurs on another goroutine. The SubscriberFunc (prior to this commit) runs its callbacks on the client's own goroutine. This changes the semantics, though: In addition to more directly pushing back on the publisher, a publisher and subscriber can deadlock in a SubscriberFunc but succeed on a Subscriber. They should behave equivalently regardless which interface they use. Arguably the caller should deal with this by creating its own goroutine if it needs to. However, that loses much of the benefit of the SubscriberFunc API, as it will need to manage the lifecycle of that goroutine. So, for practical ergonomics, let's make the SubscriberFunc do this management on the user's behalf. (We discussed doing this in #17432, but decided not to do it yet). We can optimize this approach further, if we need to, without changing the API. Updates #17487 Change-Id: I19ea9e8f246f7b406711f5a16518ef7ff21a1ac9 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	2 months ago
Naman Sood	f157f3288d	cmd/tailscale/cli,ipn/conffile: add declarative config mode for Services (#17435 ) This commit adds the subcommands `get-config` and `set-config` to Serve, which can be used to read the current Tailscale Services configuration in a standard syntax and provide a configuration to declaratively apply with that same syntax. Both commands must be provided with either `--service=svc:service` for one service, or `--all` for all services. When writing a config, `--set-config --all` will overwrite all existing Services configuration, and `--set-config --service=svc:service` will overwrite all configuration for that particular Service. Incremental changes are not supported. Fixes tailscale/corp#30983. cmd/tailscale/cli: hide serve "get-config"/"set-config" commands for now tailscale/corp#33152 tracks unhiding them when docs exist. Signed-off-by: Naman Sood <mail@nsood.in>	2 months ago
Tom Meadows	08eae9affd	sessionrecording: add destination to struct for tsrecorder (#17520 ) when tsrecorder receives events, it populates this field with information about the node the request was sent to. Updates #17141 Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>	2 months ago
Anton Tolchanov	072e6a39f4	tsweb/varz: add support for ShardedInt metrics Fixes tailscale/corp#33236 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 months ago
M. J. Fromberger	154d36f73d	wgengine/magicsock: do not apply node view updates to a closed Conn (#17517 ) Fixes #17516 Change-Id: Iae2dab42d6f7bc618478d360a1005537c1fa1bbd Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	2 months ago
Jordan Whited	16a05c7680	wgengine/magicsock: fix docs for send clientmetrics (#17514 ) Updates #cleanup Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 months ago
Jordan Whited	adf308a064	wgengine/magicsock: add clientmetrics for RX bytes by af & conn type (#17512 ) Updates tailscale/corp#33206 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 months ago

1 2 3 4 5 ...

9794 Commits (63242007ae0430ee99e6f63664d62d5237013142) All Branches Search

9794 Commits (63242007ae0430ee99e6f63664d62d5237013142)

All Branches