tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	eefee6f149	all: use cmpx.Or where it made sense I left a few out where writing it explicitly was better for various reasons. Updates #8296 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Aaron Klotz	2aa8299c37	cmd/tailscaled, util/winutil: log our registry keys during tailscaled startup In order to improve our ability to understand the state of policies and registry settings when troubleshooting, we enumerate all values in all subkeys. x/sys/windows does not already offer this, so we need to call RegEnumValue directly. For now we're just logging this during startup, however in a future PR I plan to also trigger this code during a bugreport. I also want to log more than just registry. Fixes #8141 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Vince Prignano	1a691ec5b2	cmd/k8s-operator: update controller-runtime to v0.15 Fixes #8170 Signed-off-by: Vince Prignano <vince@prigna.com>	1 year ago
David Anderson	32e0ba5e68	release/dist/synology: build synology packages with cmd/dist Updates #8217 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Gabriel Martinez	03e848e3b5	cmd/k8s-operator: add support for priorityClassName Updates #8155 Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt>	1 year ago
Derek Kaser	7c88eeba86	cmd/tailscale: allow Tailscale to work with Unraid web interface (#8062 ) Updates tailscale/tailscale#8026 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	1 year ago
Sonia Appasamy	f0ee03dfaf	cmd/tailscale/cli: [serve] add reset flag Usage: `tailscale serve reset` Fixes #8139 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Brad Fitzpatrick	4664318be2	client/tailscale: revert CreateKey API change, add Client.CreateKeyWithExpiry The client/tailscale is a stable-ish API we try not to break. Revert the Client.CreateKey method as it was and add a new CreateKeyWithExpiry method to do the new thing. And document the expiry field and enforce that the time.Duration can't be between in range greater than 0 and less than a second. Updates #7143 Updates #8124 (reverts it, effectively) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
shayne	678bb92bb8	cmd/tailscale/cli: [up] fix CreateKey missing argument (#8124 ) Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Matt Brown	9b6e48658f	client: allow the expiry time to be specified for new keys Adds a parameter for create key that allows a number of seconds (less than 90) to be specified for new keys. Fixes https://github.com/tailscale/tailscale/issues/7965 Signed-off-by: Matthew Brown <matthew@bargrove.com>	1 year ago
Maisem Ali	85215ed58a	cmd/k8s-operator: handle NotFound secrets getSingleObject can return `nil, nil`, getDeviceInfo was not handling that case which resulted in panics. Fixes #7303 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Joe Tsai	84c99fe0d9	logtail: be less aggressive about re-uploads (#8117 ) The retry logic was pathological in the following ways: * If we restarted the logging service, any pending uploads would be placed in a retry-loop where it depended on backoff.Backoff, which was too aggresive. It would retry failures within milliseconds, taking at least 10 retries to hit a delay of 1 second. * In the event where a logstream was rate limited, the aggressive retry logic would severely exacerbate the problem since each retry would also log an error message. It is by chance that the rate of log error spam does not happen to exceed the rate limit itself. We modify the retry logic in the following ways: * We now respect the "Retry-After" header sent by the logging service. * Lacking a "Retry-After" header, we retry after a hard-coded period of 30 to 60 seconds. This avoids the thundering-herd effect when all nodes try reconnecting to the logging service at the same time after a restart. * We do not treat a status 400 as having been uploaded. This is simply not the behavior of the logging service. Updates #tailscale/corp#11213 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
Brad Fitzpatrick	cb2fd5be92	cmd/tsconnect: fix forgotten API change for wasm Fix regression from `6e967446e4` Updates #8036 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	4f454f4122	util/codegen: support embedded fields I noticed cmd/{cloner,viewer} didn't support structs with embedded fields while working on a change in another repo. This adds support. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Craig Rodrigues	827abbeeaa	cmd/k8s-operator: print version in startup logs Fixes: #7813 Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org>	1 year ago
Chenyang Gao	b9fb8ac702	fix sys.Set(router) issue will crash the daemon in some OSs Signed-off-by: Chenyang Gao <gps949@outlook.com> in commit `6e96744`, the tsd system type has been added. Which will cause the daemon will crash on some OSs (Windows, darwin and so on). The root cause is that on those OSs, handleSubnetsInNetstack() will return true and set the conf.Router with a wrapper. Later in NewUserspaceEngine() it will do subsystem set and found that early set router mismatch to current value, then panic.	1 year ago
Brad Fitzpatrick	6e967446e4	tsd: add package with System type to unify subsystem init, discovery This is part of an effort to clean up tailscaled initialization between tailscaled, tailscaled Windows service, tsnet, and the mac GUI. Updates #8036 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Derek Kaser	0d7303b798	various: add detection and Taildrop for Unraid Updates tailscale/tailscale#8025 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	1 year ago
Brad Fitzpatrick	9e9ea6e974	go.mod: bump all deps possible that don't break the build This holds back gvisor, kubernetes, goreleaser, and esbuild, which all had breaking API changes. Updates #8043 Updates #7381 Updates #8042 (updates u-root which adds deps) Change-Id: I889759bea057cd3963037d41f608c99eb7466a5b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	ddb4040aa0	wgengine/magicsock: add address selection for wireguard only endpoints (#7979 ) This change introduces address selection for wireguard only endpoints. If a endpoint has not been used before, an address is randomly selected to be used based on information we know about, such as if they are able to use IPv4 or IPv6. When an address is initially selected, we also initiate a new ICMP ping to the endpoints addresses to determine which endpoint offers the best latency. This information is then used to update which endpoint we should be using based on the best possible route. If the latency is the same for a IPv4 and an IPv6 address, IPv6 will be used. Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Denton Gentry	a82f275619	cmd/sniproxy: Set App name in tsnet hostinfo Updates #1748 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Kyle Carberry	d78b334964	cmd/derper: disable http2 DERP doesn't support HTTP/2. If an HTTP/2 proxy was placed in front of a DERP server requests would fail because the connection would be initialized with HTTP/2, which the DERP client doesn't support. Signed-off-by: Kyle Carberry <kyle@carberry.com>	1 year ago
Charlotte Brandhorst-Satzkorn	161d1d281a	net/ping,netcheck: add v6 pinging capabilities to pinger (#7971 ) This change adds a v6conn to the pinger to enable sending pings to v6 addrs. Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Maisem Ali	a8f10c23b2	cmd/tailscale/cli: [up] reuse --advertise-tags for OAuth key generation We need to always specify tags when creating an AuthKey from an OAuth key. Check for that, and reuse the `--advertise-tags` param. Updates #7982 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	b2b5379348	cmd/tailscale/cli: [up] change oauth authkey format Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	13de36303d	cmd/tailscale/cli: [up] add experimental oauth2 authkey support Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
shayne	018a382729	cmd/tailscale/cli: [serve] fix MinGW path conversion (#7964 ) Fixes #7963 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Mihai Parparita	7330aa593e	all: avoid repeated default interface lookups On some platforms (notably macOS and iOS) we look up the default interface to bind outgoing connections to. This is both duplicated work and results in logspam when the default interface is not available (i.e. when a phone has no connectivity, we log an error and thus cause more things that we will try to upload and fail). Fixed by passing around a netmon.Monitor to more places, so that we can use its cached interface state. Fixes #7850 Updates #7621 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Mihai Parparita	4722f7e322	all: move network monitoring from wgengine/monitor to net/netmon We're using it in more and more places, and it's not really specific to our use of Wireguard (and does more just link/interface monitoring). Also removes the separate interface we had for it in sockstats -- it's a small enough package (we already pull in all of its dependencies via other paths) that it's not worth the extra complexity. Updates #7621 Updates #7850 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Andrew Dunham	f85dc6f97c	ci: add more lints (#7909 ) This is a follow-up to #7905 that adds two more linters and fixes the corresponding findings. As per the previous PR, this only flags things that are "obviously" wrong, and fixes the issues found. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8739bdb7bc4f75666a7385a7a26d56ec13741b7c	1 year ago
Andrew Dunham	280255acae	various: add golangci-lint, fix issues (#7905 ) This adds an initial and intentionally minimal configuration for golang-ci, fixes the issues reported, and adds a GitHub Action to check new pull requests against this linter configuration. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8f38fbc315836a19a094d0d3e986758b9313f163	1 year ago
Mihai Parparita	9a655a1d58	net/dnsfallback: more explicitly pass through logf function Redoes the approach from #5550 and #7539 to explicitly pass in the logf function, instead of having global state that can be overridden. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Andrew Dunham	228d0c6aea	net/netcheck: use dnscache.Resolver when resolving DERP IPs This also adds a bunch of tests for this function to ensure that we're returning the proper IP(s) in all cases. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0d9d57170dbab5f2bf07abdf78ecd17e0e635399	1 year ago
Anton Tolchanov	8546ff98fb	tsweb: move varz handler(s) into separate modules This splits Prometheus metric handlers exposed by tsweb into two modules: - `varz.Handler` exposes Prometheus metrics generated by our expvar converter; - `promvarz.Handler` combines our expvar-converted metrics and native Prometheus metrics. By default, tsweb will use the promvarz handler, however users can keep using only the expvar converter. Specifically, `tailscaled` now uses `varz.Handler` explicitly, which avoids a dependency on the (heavyweight) Prometheus client. Updates https://github.com/tailscale/corp/issues/10205 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Anton Tolchanov	c153e6ae2f	prober: migrate to Prometheus metric library This provides an example of using native Prometheus metrics with tsweb. Prober library seems to be the only user of PrometheusVar, so I am removing support for it in tsweb. Updates https://github.com/tailscale/corp/issues/10205 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Anton Tolchanov	11e6247d2a	tsweb: expose native Prometheus metrics in /debug/varz The handler will expose built-in process and Go metrics by default, which currently duplicate some of the expvar-proxied metrics (`goroutines` vs `go_goroutines`, `memstats` vs `go_memstats`), but as long as their names are different, Prometheus server will just scrape both. This will change /debug/varz behaviour for most tsweb binaries, but notably not for control, which configures a `tsweb.VarzHandler` [explicitly](`a5b5d5167f/cmd/tailcontrol/tailcontrol.go (L779)`) Updates https://github.com/tailscale/corp/issues/10205 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Tom DNetto	6a627e5a33	net, wgengine/capture: encode NAT addresses in pcap stream Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
phirework	c0e0a5458f	cmd/tailscale: show reauth etc. links even if no login name (#7803 ) Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
shayne	81fd00a6b7	cmd/tailscale/cli: [serve] add support for proxy paths (#7800 )	1 year ago
valscale	7bfb7744b7	derp,magicsock: add debug envknobs for HTTP and derp server name (#7744 ) Make developing derp easier by: 1. Creating an envknob telling clients to use HTTP to connect to derp servers, so devs don't have to acquire a valid TLS cert. 2. Creating an envknob telling clients which derp server to connect to, so devs don't have to edit the ACLs in the admin console to add a custom DERP map. 3. Explaining how the -dev and -a command lines args to derper interact. To use this: 1. Run derper with -dev. 2. Run tailscaled with TS_DEBUG_USE_DERP_HTTP=1 and TS_DEBUG_USE_DERP_ADDR=localhost This will result in the client connecting to derp via HTTP on port 3340. Fixes #7700 Signed-off-by: Val <valerie@tailscale.com>	1 year ago
Aaron Klotz	90fd04cbde	ipn/ipnlocal, util/winutil/policy: modify Windows profile migration to load legacy prefs from within tailscaled I realized that a lot of the problems that we're seeing around migration and LocalBackend state can be avoided if we drive Windows pref migration entirely from within tailscaled. By doing it this way, tailscaled can automatically perform the migration as soon as the connection with the client frontend is established. Since tailscaled is already running as LocalSystem, it already has access to the user's local AppData directory. The profile manager already knows which user is connected, so we simply need to resolve the user's prefs file and read it from there. Of course, to properly migrate this information we need to also check system policies. I moved a bunch of policy resolution code out of the GUI and into a new package in util/winutil/policy. Updates #7626 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Andrew Dunham	8d3acc9235	util/sysresources, magicsock: scale DERP buffer based on system memory This adds the util/sysresources package, which currently only contains a function to return the total memory size of the current system. Then, we modify magicsock to scale the number of buffered DERP messages based on the system's available memory, ensuring that we never use a value lower than the previous constant of 32. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ib763c877de4d0d4ee88869078e7d512f6a3a148d	1 year ago
shayne	59879e5770	cmd/tailscale/cli: make serve and funnel visible in list (#7737 )	1 year ago
Mihai Parparita	02582083d5	cmd/tsconnect: allow root directory to be passed in #7339 changed the root directory logic to find the ancestor of the cwd with a go.mod file. This works when running the the binary from this repo directly, but breaks when we're a dependency in another repo. Allow the directory to be passed in via a -rootdir flag (the repo that depends on it can then use `go list -m -f '{{.Dir}}' tailscale.com` or similar to pass in the value). Updates tailscale/corp#10165 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Andrew Dunham	38e4d303a2	net/tshttpproxy: don't proxy through ourselves When running a SOCKS or HTTP proxy, configure the tshttpproxy package to drop those addresses from any HTTP_PROXY or HTTPS_PROXY environment variables. Fixes #7407 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I6cd7cad7a609c639780484bad521c7514841764b	1 year ago
Maisem Ali	985535aebc	net/tstun,wgengine/*: add support for NAT to routes This adds support to make exit nodes and subnet routers work when in scenarios where NAT is required. It also updates the NATConfig to be generated from a `wgcfg.Config` as that handles merging prefs with the netmap, so it has the required information about whether an exit node is already configured and whether routes are accepted. Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Andrew Dunham	c98652c333	doctor/permissions: add new check to print process permissions Since users can run tailscaled in a variety of ways (root, non-root, non-root with process capabilities on Linux), this check will print the current process permissions to the log to aid in debugging. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ida93a206123f98271a0c664775d0baba98b330c7	1 year ago
James Tucker	a31e43f760	go.mod: bump gvisor to 20230320 for dispatcher locking Upstream improved code around an issue showing up in CI, where sometimes shutdown will race on endpoint.dispatcher being nil'd, causing a panic down stack of injectInbound. The upstream patch makes some usage more safe, but it does not itself fix the local issue. See panic in https://github.com/tailscale/tailscale/actions/runs/4548299564/jobs/8019187385#step:7:843 See fix in google/gvisor@13d7bf69d8 Updates #7715 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Anton Tolchanov	2a933c1903	cmd/tailscale: extend hostname validation (#7678 ) In addition to checking the total hostname length, validate characters used in each DNS label and label length. Updates https://github.com/tailscale/corp/issues/10012 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
shayne	43f7ec48ca	funnel: change references from alpha to beta (#7613 ) Updates CLI and docs to reference Funnel as beta Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
valscale	74eb99aed1	derp, derphttp, magicsock: send new unknown peer frame when destination is unknown (#7552 ) * wgengine/magicsock: add envknob to send CallMeMaybe to non-existent peer For testing older client version responses to the PeerGone packet format change. Updates #4326 Signed-off-by: Val <valerie@tailscale.com> * derp: remove dead sclient struct member replaceLimiter Leftover from an previous solution to the duplicate client problem. Updates #2751 Signed-off-by: Val <valerie@tailscale.com> * derp, derp/derphttp, wgengine/magicsock: add new PeerGone message type Not Here Extend the PeerGone message type by adding a reason byte. Send a PeerGone "Not Here" message when an endpoint sends a disco message to a peer that this server has no record of. Fixes #4326 Signed-off-by: Val <valerie@tailscale.com> --------- Signed-off-by: Val <valerie@tailscale.com>	1 year ago
Maisem Ali	8a11f76a0d	ipn/ipnlocal: fix cert storage in Kubernetes We were checking against the wrong directory, instead if we have a custom store configured just use that. Fixes #7588 Fixes #7665 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	df89b7de10	cmd/k8s-operator: disable HTTP/2 for the auth proxy Kubernetes uses SPDY/3.1 which is incompatible with HTTP/2, disable it in the transport and server. Fixes #7645 Fixes #7646 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Will Norris	57a008a1e1	all: pass log IDs as the proper type rather than strings This change focuses on the backend log ID, which is the mostly commonly used in the client. Tests which don't seem to make use of the log ID just use the zero value. Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Tom DNetto	60cd4ac08d	cmd/tailscale/cli: move tskey-wrap functionality under lock sign Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Mihai Parparita	e1fb687104	cmd/tailscale/cli: fix inconsistency between serve text and example command Use the same local port number in both, and be more precise about what is being forwarded Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Anton Tolchanov	50d211d1a4	cmd/derpprobe: allow running all probes at the same time This allows disabling spread mode, which is helpful if you are manually running derpprobe in `--once` mode against a small number of DERP machines. Updates https://github.com/tailscale/corp/issues/9916 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
James 'zofrex' Sanderson	9534783758	tailscale/cmd: Warn for up --force-reauth over SSH without accepting the risk (#7575 ) Fixes #6377 Signed-off-by: James Sanderson <jsanderson@tailscale.com>	1 year ago
shayne	2b892ad6e7	cmd/tailscale/cli: [serve] rework commands based on feedback (#6521 ) ``` $ tailscale serve https:<port> <mount-point> <source> [off] $ tailscale serve tcp:<port> tcp://localhost:<local-port> [off] $ tailscale serve tls-terminated-tcp:<port> tcp://localhost:<local-port> [off] $ tailscale serve status [--json] $ tailscale funnel <serve-port> {on\|off} $ tailscale funnel status [--json] ``` Fixes: #6674 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Maisem Ali	c87782ba9d	cmd/k8s-operator: drop trailing dot in tagged node name Also update tailcfg docs. Updates #5055 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Will Norris	a1d9f65354	ipn,log: add logger for sockstat deltas Signed-off-by: Will Norris <will@tailscale.com> Co-authored-by: Melanie Warrick <warrick@tailscale.com>	1 year ago
Maisem Ali	5e8a80b845	all: replace /kb/ links with /s/ equivalents Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	558735bc63	cmd/k8s-operator: require HTTPS to be enabled for AuthProxy Updates #5055 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	489e27f085	cmd/k8s-operator: make auth proxy pass tags as Impersonate-Group We were not handling tags at all, pass them through as Impersonate-Group headers. And use the FQDN for tagged nodes as Impersonate-User. Updates #5055 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	09aed46d44	cmd/tailscale/cli: update docs and unhide configure Also call out Alpha. Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	223713d4a1	tailcfg,all: add and use Node.IsTagged() Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	3ff44b2307	ipn: add Funnel port check from nodeAttr Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	ccdd534e81	tsnet: add ListenFunnel This lets a tsnet binary share a server out over Tailscale Funnel. Signed-off-by: David Crawshaw <crawshaw@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Tom DNetto	92fc243755	cmd/tailscale: annotate tailnet-lock keys which wrap pre-auth keys Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Tom DNetto	3471fbf8dc	cmd/tailscale: surface node-key for locked out tailnet-lock peers Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Maisem Ali	be027a9899	control/controlclient: improve handling of concurrent lite map requests This reverts commit `6eca47b16c` and fixes forward. Previously the first ever streaming MapRequest that a client sent would also set ReadOnly to true as it didn't have any endpoints and expected/relied on the map poll to restart as soon as it got endpoints. However with `48f6c1eba4`, we would no longer restart MapRequests as frequently as we used to, so control would only ever get the first streaming MapRequest which had ReadOnly=true. Control would treat this as an uninteresting request and would not send it any further netmaps, while the client would happily stay in the map poll forever while litemap updates happened in parallel. This makes it so that we never set `ReadOnly=true` when we are doing a streaming MapRequest. This is no longer necessary either as most endpoint discovery happens over disco anyway. Co-authored-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Tom DNetto	ce99474317	all: implement preauth-key support with tailnet lock Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Andrew Dunham	be107f92d3	wgengine/magicsock: track per-endpoint changes in ringbuffer This change adds a ringbuffer to each magicsock endpoint that keeps a fixed set of "changes"–debug information about what updates have been made to that endpoint. Additionally, this adds a LocalAPI endpoint and associated "debug peer-status" CLI subcommand to fetch the set of changes for a given IP or hostname. Updates tailscale/corp#9364 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I34f726a71bddd0dfa36ec05ebafffb24f6e0516a	1 year ago
shayne	f7a7957a11	sniproxy: add promote-https (#7487 ) Adds support for an HTTP server that promotes all requests to HTTPS. The flag is `-promote-https` and defaults to true. Updates #1748	1 year ago
Denton Gentry	b46c5ae82a	cmd/sniproxy: draw the rest of the DNS owl. Add a DNS server which always responds as its own IP addresses. Additionally add a tsnet TailscaleIPs() function to return the IP addresses, both IPv4 and IPv6. Updates https://github.com/tailscale/tailscale/issues/1748 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Tom DNetto	2263d9c44b	cmd/tsconnect: pop CTA to make everything work with tailnet lock Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Brad Fitzpatrick	0f4359116e	tsnet: add UDP support to Server.Listen No ListenPacket support yet, but Listen with a udp network type fit easier into netstack's model to start. Then added an example of using it to cmd/sniproxy with a little udp :53 handler. No tests in tsnet yet because we don't have support for dialing over UDP in tsnet yet. When that's done, a new test can test both sides. Updates #5871 Updates #1748 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	1a30b2d73f	all: use tstest.Replace more Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	b9ebf7cf14	tstest: add method to Replace values for tests We have many function pointers that we replace for the duration of test and restore it on test completion, add method to do that. Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Andrew Dunham	73fa7dd7af	util/slicesx: add package for generic slice functions, use Now that we're using rand.Shuffle in a few locations, create a generic shuffle function and use it instead. While we're at it, move the interleaveSlices function to the same package for use. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0b00920e5b3eea846b6cedc30bd34d978a049fd3	1 year ago
Tom DNetto	e2d652ec4d	ipn,cmd/tailscale: implement resigning nodes on tka key removal Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Andrew Dunham	3f8e8b04fd	cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it to the 'tailscale debug' CLI that is available on all platforms instead, accessed over LocalAPI. Updates #7377 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I47bffe4461e036fab577c2e51e173f4003592ff7	1 year ago
Mihai Parparita	3e71e0ef68	net/sockstats: remove explicit dependency on wgengine/monitor Followup to #7177 to avoid adding extra dependencies to the CLI. We instead declare an interface for the link monitor. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
shayne	d92ef4c215	cmd/derper: randomize IPs on refreshBootstrapDNS (#7440 ) This is to address a possible DNS failure on startup. Before this change IPv6 addresses would be listed first, and the client dialer would fail for hosts without IPv6 connectivity.	1 year ago
Brad Fitzpatrick	1410682fb6	cmd/sniproxy: add start of a tsnet-based SNI proxy $ curl https://canhazip.com/ 170.173.0.21 $ curl --resolve canhazip.com:443:100.85.165.81 https://canhazip.com/ 34.223.127.151 Updates #1748 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	e1530cdfcc	cmd/containerboot,kube: consolidate the two kube clients We had two implemenetations of the kube client, merge them. containerboot was also using a raw http.Transport, this also has the side effect of making it use a http.Client Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Denton Gentry	51288221ce	cmd/tailscale: use request Schema+Host for QNAP authLogin.cgi QNAP allows users to set the port number for the management WebUI, which includes authLogin.cgi. If they do, then connecting to localhost:8080 fails. https://github.com/tailscale/tailscale-qpkg/issues/74#issuecomment-1407486911 Fixes https://github.com/tailscale/tailscale/issues/7108 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Aaron Klotz	f18beaa1e4	cmd/mkmanifest, cmd/tailscale, cmd/tailscaled: remove Windows arm32 resources from OSS Given recent changes in corp, I originally thought we could remove all of the syso files, but then I realized that we still need them so that binaries built purely from OSS (without going through corp) will still receive a manifest. We can remove the arm32 one though, since we don't support 32-bit ARM on Windows. Updates https://github.com/tailscale/corp/issues/9576 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Sonia Appasamy	7985f5243a	cmd/k8s-operator: update device authorization copy "Device Authorization" was recently renamed to "Device Approval" on the control side. This change updates the k8s operator to match. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Sonia Appasamy	bb7033174c	cmd/tsconnect: update device authorization copy "Device Authorization" was recently renamed to "Device Approval" on the control side. This change updates tsconnect to match. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Mihai Parparita	9cb332f0e2	sockstats: instrument networking code paths Uses the hooks added by tailscale/go#45 to instrument the reads and writes on the major code paths that do network I/O in the client. The convention is to use "<package>.<type>:<label>" as the annotation for the responsible code path. Enabled on iOS, macOS and Android only, since mobile platforms are the ones we're most interested in, and we are less sensitive to any throughput degradation due to the per-I/O callback overhead (macOS is also enabled for ease of testing during development). For now just exposed as counters on a /v0/sockstats PeerAPI endpoint. We also keep track of the current interface so that we can break out the stats by interface. Updates tailscale/corp#9230 Updates #3363 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Sonia Appasamy	0c1510739c	cmd/tailscale/cli: update device authorization copy "Device Authorization" was recently renamed to "Device Approval" on the control side. This change updates the linux cli to match. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Joe Tsai	0d19f5d421	all: replace logtail.{Public,Private}ID with logid.{Public,Private}ID (#7404 ) The log ID types were moved to a separate package so that code that only depend on log ID types do not need to link in the logic for the logtail client itself. Not all code need the logtail client. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
Vladimir Pouzanov	e3211ff88b	Add support for OAuth tokens #7394 (#7393 ) Signed-off-by: Vladimir Pouzanov <farcaller@gmail.com>	1 year ago
Maisem Ali	49c206fe1e	tailcfg,hostinfo: add App field to identify tsnet uses This allows us to differentiate between the various tsnet apps that we have like `golinks` and `k8s-operator`. Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Denton Gentry	bf7573c9ee	cmd/nginx-auth: build for arm64 Fixes https://github.com/tailscale/tailscale/issues/6978 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Jordan Whited	d4122c9f0a	cmd/tailscale/cli: fix TestUpdatePrefs over Tailscale SSH (#7374 ) Fixes #7373 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
David Anderson	587eb32a83	release/dist: add forgotten license headers Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	cf74ee49ee	release/dist/cli: factor out the CLI boilerplace from cmd/dist Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	fc4b25d9fd	release: open-source release build logic for unix packages Updates tailscale/corp#9221 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago

1 2 3 4 5 ...

1347 Commits (69f1324c9e3b169bb8e71cf4584a7c276545e95d)