tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	66f27c4beb	all: require Go 1.21 Updates #8419 Change-Id: I809b6a4d59d92a2ab6ec587ccbb9053376bf02c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Maisem Ali	682fd72f7b	util/testenv: add new package to hold InTest Removes duplicated code. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Maisem Ali	3e255d76e1	ipn/ipnlocal: fix profile duplication We would only look for duplicate profiles when a new login occurred but when using `--force-reauth` we could switch users which would end up with duplicate profiles. Updates #7726 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Maisem Ali	500b9579d5	ipn/ipnlocal: add test to find issues with profile duplication There are a few situations where we end up with duplicate profiles. Add tests to identify those situations, fix in followup. Updates #7726 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Maisem Ali	734928d3cb	control/controlclient: make Direct own all changes to Persist It was being modified in two places in Direct for the auth routine and then in LocalBackend when a new NetMap was received. This was confusing, so make Direct also own changes to Persist when a new NetMap is received. Updates #7726 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Maisem Ali	6aaf1d48df	types/persist: drop duplicated Persist.LoginName It was duplicated from Persist.UserProfile.LoginName, drop it. Updates #7726 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
KevinLiang10	ae63c51ff1	wgengine/router: add auto selection heuristic for iptables/nftables This commit replaces the TS_DEBUG_USE_NETLINK_NFTABLES envknob with a TS_DEBUG_FIREWALL_MODE that should be set to either 'iptables' or 'nftables' to select firewall mode manually, other wise tailscaled will automatically choose between iptables and nftables depending on environment and system availability. updates: #319 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	10 months ago
Maisem Ali	17ed2da94d	control/controlclient: use ptr.To Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Maisem Ali	82454b57dd	ipn/ipnlocal: make tests pass when offline Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
salman aljammaz	25a7204bb4	wgengine,ipn,cmd/tailscale: add size option to ping (#8739 ) This adds the capability to pad disco ping message payloads to reach a specified size. It also plumbs it through to the tailscale ping -size flag. Disco pings used for actual endpoint discovery do not use this yet. Updates #311. Signed-off-by: salman <salman@tailscale.com> Co-authored-by: Val <valerie@tailscale.com>	10 months ago
Sonia Appasamy	49896cbdfa	ipn/ipnlocal: add profile pic header to serve HTTP proxy Fixes #8807 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Brad Fitzpatrick	c56e94af2d	ipn: avoid useless no-op WriteState calls Rather than make each ipn.StateStore implementation guard against useless writes (a write of the same value that's already in the store), do writes via a new wrapper that has a fast path for the unchanged case. This then fixes profileManager's flood of useless writes to AWS SSM, etc. Updates #8785 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
License Updater	a3f11e7710	licenses: update android licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	10 months ago
Flakes Updater	10acc06389	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	10 months ago
Claire Wang	a17c45fd6e	control: use tstime instead of time (#8595 ) Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	10 months ago
License Updater	a8e32f1a4b	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	10 months ago
Andrew Lytvynov	371e1ebf07	cmd/dist,release/dist: expose RPM signing hook (#8789 ) Plumb a signing callback function to `unixpkgs.rpmTarget` to allow signing RPMs. This callback is optional and RPMs will build unsigned if not set, just as before. Updates https://github.com/tailscale/tailscale/issues/1882 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Andrew Lytvynov	eb6883bb5a	go.mod: upgrade nfpm to v2 (#8786 ) Upgrade the nfpm package to the latest version to pick up `24a43c5ad7`. The upgrade is from v0 to v2, so there was some breakage to fix. Generated packages should have the same contents as before. Updates https://github.com/tailscale/tailscale/issues/1882 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Aaron Klotz	37925b3e7a	go.mod, cmd/tailscaled, ipn/localapi, util/osdiag, util/winutil, util/winutil/authenticode: add Windows module list to OS-specific logs that are written upon bugreport * We update wingoes to pick up new version information functionality (See pe/version.go in the https://github.com/dblohm7/wingoes repo); * We move the existing LogSupportInfo code (including necessary syscall stubs) out of util/winutil into a new package, util/osdiag, and implement the public LogSupportInfo function may be implemented for other platforms as needed; * We add a new reason argument to LogSupportInfo and wire that into localapi's bugreport implementation; * We add module information to the Windows implementation of LogSupportInfo when reason indicates a bugreport. We enumerate all loaded modules in our process, and for each one we gather debug, authenticode signature, and version information. Fixes #7802 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	10 months ago
Sonia Appasamy	301e59f398	tailcfg,ipn/localapi,client/tailscale: add QueryFeature endpoint Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Brad Fitzpatrick	ab7749aed7	go.toolchain.rev: go1.21rc4 (now that VERSION file is updated upstream) Updates #8419 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Andrew Lytvynov	f57cc19ba2	cmd/tailscale/cli: add latest version output to "tailscale version" (#8700 ) Add optional `--upstream` flag to `tailscale version` to fetch the latest upstream release version from `pkgs.tailscale.com`. This is useful to diagnose `tailscale update` behavior or write other tooling. Example output: $ tailscale version --upstream --json { "majorMinorPatch": "1.47.35", "short": "1.47.35", "long": "1.47.35-t6afffece8", "unstableBranch": true, "gitCommit": "6afffece8a32509aa7a4dc2972415ec58d8316de", "cap": 66, "upstream": "1.45.61" } Fixes #8669 RELNOTE=adds "tailscale version --upstream" Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
License Updater	b4c1f039b6	licenses: update android licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	10 months ago
Brad Fitzpatrick	c3b979a176	go.toolchain.rev: bump to ~go1.21rc4 Updates tailscale/go#69 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Sonia Appasamy	34bfd7b419	tailcfg: add CapabilityHTTPS const A #cleanup Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	10 months ago
Brad Fitzpatrick	66e46bf501	ipnlocal, net/*: deprecate interfaces.GetState, use netmon more for it Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
License Updater	6d65c04987	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	10 months ago
Tom DNetto	767e839db5	all: implement lock revoke-keys command The revoke-keys command allows nodes with tailnet lock keys to collaborate to erase the use of a compromised key, and remove trust in it. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates ENG-1848	10 months ago
Aaron Klotz	7adf15f90e	cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support Previously, tailscale upgrade was doing the bare minimum for checking authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do better: * WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't determine whose signature is valid; tailscale upgrade should also ensure that the binary is actually signed by us. * I added the ability to check the signatures of MSI files. * In future PRs I will be adding diagnostic logging that lists details about every module (ie, DLL) loaded into our process. As part of that metadata, I want to be able to extract information about who signed the binaries. This code is modelled on some C++ I wrote for Firefox back in the day. See https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp for reference. Fixes #8284 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	10 months ago
Denton Gentry	ec9213a627	cmd/sniproxy: add client metrics Count number of sessions, number of DNS queries answered successfully and in error, and number of http->https redirects. Updates #1748 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	10 months ago
Andrew Lytvynov	eef15b4ffc	cmd/dist,release/dist: sign release tarballs with an ECDSA key (#8759 ) Pass an optional PEM-encoded ECDSA key to `cmd/dist` to sign all built tarballs. The signature is stored next to the tarball with a `.sig` extension. Tested this with an `openssl`-generated key pair and verified the resulting signature. Updates #8760 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
David Anderson	ed46442cb1	client/tailscale/apitype: document never-nil property of WhoIsResponse Every time I use WhoIsResponse I end up writing mildly irritating nil-checking for both Node and UserProfile, but it turns out our code guarantees that both are non-nil in successful whois responses. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
Brad Fitzpatrick	5ebb271322	derp/derphttp: add optional Client.BaseContext hook Like net/http.Server.BaseContext, this lets callers specify a base context for dials. Updates tailscale/corp#12702 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Maisem Ali	058d427fa6	tailcfg: add helper to unmarshal PeerCap values Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
salman aljammaz	68f8e5678e	wgengine/magicsock: remove dead code (#8745 ) The nonce value is not read by anything, and di.sharedKey.Seal() a few lines below generates its own. #cleanup Signed-off-by: salman <salman@tailscale.com>	10 months ago
License Updater	0554deb48c	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	10 months ago
David Anderson	6114247d0a	types/logid: add a Compare method Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	52212f4323	all: update exp/slices and fix call sites slices.SortFunc suffered a late-in-cycle API breakage. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
Claire Wang	90a7d3066c	derp: use tstime (#8634 ) Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	10 months ago
Claire Wang	2315bf246a	ipn: use tstime (#8597 ) Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	10 months ago
Andrew Lytvynov	c1ecae13ab	ipn/{ipnlocal,localapi}: actually renew certs before expiry (#8731 ) While our `shouldStartDomainRenewal` check is correct, `getCertPEM` would always bail if the existing cert is not expired. Add the same `shouldStartDomainRenewal` check to `getCertPEM` to make it proceed with renewal when existing certs are still valid but should be renewed. The extra check is expensive (ARI request towards LetsEncrypt), so cache the last check result for 1hr to not degrade `tailscale serve` performance. Also, asynchronous renewal is great for `tailscale serve` but confusing for `tailscale cert`. Add an explicit flag to `GetCertPEM` to force a synchronous renewal for `tailscale cert`. Fixes #8725 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
tinku-tailscale	aa37be70cf	api.md: update device authorize API docs to allow for deauth (#8728 ) Signed-off-by: tinku-tailscale <139132124+tinku-tailscale@users.noreply.github.com>	10 months ago
Charlotte Brandhorst-Satzkorn	35bdbeda9f	cli: introduce exit-node subcommand to list and filter exit nodes This change introduces a new subcommand, `exit-node`, along with a subsubcommand of `list` and a `--filter` flag. Exit nodes without location data will continue to be displayed when `status` is used. Exit nodes with location data will only be displayed behind `exit-node list`, and in status if they are the active exit node. The `filter` flag can be used to filter exit nodes with location data by country. Exit nodes with Location.Priority data will have only the highest priority option for each country and city listed. For countries with multiple cities, a <Country> <Any> option will be displayed, indicating the highest priority node within that country. Updates tailscale/corp#13025 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	10 months ago
David Anderson	9d89e85db7	wgengine/magicsock: document mysterious-looking assignment Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	84777354a0	wgengine/magicsock: factor out more separable parts Updates #8720 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	9a76deb4b0	disco: move disco pcap helper to disco package Updates tailscale/corp#13464 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	cde37f5307	wgengine/magicsock: factor out peerMap into separate file Updates tailscale/corp#13464 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	f7016d8c00	wgengine/magicsock: factor out endpoint into its own file Updates tailscale/corp#13464 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
David Anderson	c2831f6614	wgengine/magicsock: delete unused stuff Updates tailscale/corp#13464 Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
Andrew Lytvynov	9edb848505	cmd/tailscale/cli: implement update on FreeBSD (#8710 ) Implement `tailscale update` on FreeBSD. This is much simpler than other platforms because `pkg rquery` lets us get the version in their repos without any extra parsing. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago

1 2 3 4 5 ...

5988 Commits (66f27c4beb87305ff59077ecba8467fe0c7fd5f1) All Branches Search

5988 Commits (66f27c4beb87305ff59077ecba8467fe0c7fd5f1)

All Branches