tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	6f36f8842c	cmd/tailscale, magicsock: add debug command to flip DERP homes For testing netmap patchification server-side. Updates #1909 Change-Id: Ib1d784bd97b8d4a31e48374b4567404aae5280cc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrew Lytvynov	e6aa7b815d	clientupdate,cmd/tailscale/cli: use cli.Stdout/Stderr (#9694 ) In case cli.Stdout/Stderr get overriden, all CLI output should use them instead of os.Stdout/Stderr. Update the `update` command to follow this pattern. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	9 months ago
Andrew Lytvynov	3ee756757b	cmd/tailscale/cli: add update notification to "up" (#9644 ) Add available update message in "tailscale up" output. Also update the message in "tailscale status" to match and mention auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	9 months ago
Rhea Ghosh	dc1c7cbe3e	taildrop: initial commit of taildrop functionality refactoring (#9676 ) Over time all taildrop functionality will be contained in the taildrop package. This will include end to end unit tests. This is simply the first smallest piece to move over. There is no functionality change in this commit. Updates tailscale/corp#14772 Signed-off-by: Rhea Ghosh <rhea@tailscale.com> Co-authored-by: Joseph Tsai <joetsai@tailscale.com>	9 months ago
Brad Fitzpatrick	93c6e1d53b	tstest/deptest: add check that x/exp/{maps,slices} imported as xfoo Updates #cleanup Change-Id: I4cbb5e477c739deddf7a46b66f286c9fdb106279 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrew Dunham	286c6ce27c	net/dns/resolver: race UDP and TCP queries (#9544 ) Instead of just falling back to making a TCP query to an upstream DNS server when the UDP query returns a truncated query, also start a TCP query in parallel with the UDP query after a given race timeout. This ensures that if the upstream DNS server does not reply over UDP (or if the response packet is blocked, or there's an error), we can still make queries if the server replies to TCP queries. This also adds a new package, util/race, to contain the logic required for racing two different functions and returning the first non-error answer. Updates tailscale/corp#14809 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I4311702016c1093b1beaa31b135da1def6d86316	9 months ago
Val	73e53dcd1c	cmd/tailscale,ipn/ipnlocal: print debug component names Make the 'tailscale debug component-logs' command print the component names for which extra logging can be turned on, for easier discoverability of debug functions. Updates #cleanup Co-authored-by: Paul Scott <paul@tailscale.com> Signed-off-by: Val <valerie@tailscale.com>	9 months ago
Tom DNetto	656a77ab4e	net/packet: implement methods for rewriting v6 addresses Implements the ability for the address-rewriting code to support rewriting IPv6 addresses. Specifically, UpdateSrcAddr & UpdateDstAddr. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates https://github.com/tailscale/corp/issues/11202	9 months ago
Brad Fitzpatrick	d2ea9bb1eb	cmd/cloner: fix typo in test type's name s/SliceContianer/SliceContainer/g Updates #9604 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
James Tucker	ab810f1f6d	cmd/cloner: add regression test for slice nil/empty semantics We had a misstep with the semantics when applying an optimization that showed up in the roll into corp. This test ensures that case and related cases must be retained. Updates #9410 Updates #9601 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Claire Wang	a56e58c244	util/syspolicy: add read boolean setting (#9592 )	9 months ago
James Tucker	324f0d5f80	cmd/cloner,*: revert: optimize nillable slice cloner This reverts commit `ee90cd02fd`. The outcome is not identical for empty slices. Cloner really needs tests! Updates #9601 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	ee90cd02fd	cmd/cloner,*: optimize nillable slice cloner A wild @josharian appears with a good suggestion for a refactor, thanks Josh! Updates #9410 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	0c8c374a41	go.mod: bump all dependencies except go-billy go-billy is held back at v5.4.1 in order to avoid a newly introduced subdependency that is not compatible with plan9. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	87bc831730	go.mod,cmd/tsconnect: bump esbuild Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Maisem Ali	d71184d674	cmd/containerboot: only wipeout serve config when TS_SERVE_CONFIG is set Fixes #9558 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Denton Gentry	4823a7e591	cmd/containerboot: set TS_AUTH_ONCE default to true. 1.50.0 switched containerboot from using `tailscale up` to `tailscale login`. A side-effect is that a re-usable authkey is now re-applied on every boot by `tailscale login`, where `tailscale up` would ignore an authkey if already authenticated. Though this looks like it is changing the default, in reality it is setting the default to match what 1.48 and all prior releases actually implemented. Fixes https://github.com/tailscale/tailscale/issues/9539 Fixes https://github.com/tailscale/corp/issues/14953 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	9 months ago
Brad Fitzpatrick	856d32b4a9	cmd/testwrapper: include flake URL in JSON metadata Updates tailscale/corp#14975 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrea Barisani	b5b4298325	go.mod,*: bump gvisor Updates #9253 Signed-off-by: Andrea Barisani <andrea@inversepath.com> Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Brad Fitzpatrick	2c92f94e2a	cmd/testwrapper: output machine-readable JSON on test flakes For parsing by other tools. Updates tailscale/corp#14975 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Maisem Ali	354455e8be	ipn: use NodeCapMap in CheckFunnel These were missed when adding NodeCapMap and resulted in tsnet binaries not being able to turn on funnel. Fixes #9566 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Claire Wang	e3d6236606	winutil: refactor methods to get values from registry to also return (#9536 ) errors Updates tailscale/corp#14879 Signed-off-by: Claire Wang <claire@tailscale.com>	9 months ago
Irbe Krumina	bdd9eeca90	cmd/k8s-operator: fix reconcile filters (#9533 ) Ensure that when there is an event on a Tailscale managed Ingress or Service child resource, the right parent type gets reconciled Updates tailscale/tailscale#502 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	9 months ago
Marwan Sulaiman	651620623b	ipn/ipnlocal: close foreground sessions on SetServeConfig This PR ensures zombie foregrounds are shutdown if a new ServeConfig is created that wipes the ongoing foreground ones. For example, "tailscale serve\|funnel reset\|off" should close all open sessions. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Brad Fitzpatrick	04fabcd359	ipn/{ipnlocal,localapi}, cli: add debug force-netmap-update For loading testing & profiling the cost of full netmap updates. Updates #1909 Change-Id: I0afdf5de9967f8d95c7f81d5b531ed1c92c3208f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Joe Tsai	36242904f1	go.mod: update github.com/go-json-experiment/json (#9508 ) Update github.com/go-json-experiment/json to the latest version and fix the build in light of some breaking API changes. Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	10 months ago
James Tucker	a82a74f2cf	cmd/containerboot: avoid leaking bash scripts after test runs The test was sending SIGKILL to containerboot, which results in no signal propagation down to the bash script that is running as a child process, thus it leaks. Minor changes to the test daemon script, so that it cleans up the socket that it creates on exit, and spawns fewer processes. Fixes tailscale/corp#14833 Signed-off-by: James Tucker <james@tailscale.com>	10 months ago
Maisem Ali	4669e7f7d5	cmd/containerboot: add iptables based MSS clamping for ingress/egress proxies In typical k8s setups, the MTU configured on the eth0 interfaces is typically 1500 which results in packets being dropped when they make it to proxy pods as the tailscale0 interface has a 1280 MTU. As the primary use of this functionality is TCP, add iptables based MSS clamping to allow connectivity. Updates #502 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Irbe Krumina	c5b2a365de	cmd/k8s-operator: fix egress service name (#9494 ) Updates https://github.com/tailscale/tailscale/issues/502 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	10 months ago
Maisem Ali	5f4d76c18c	cmd/k8s-operator: rename egress annotation It was tailscale.com/ts-tailnet-target-ip, which was pretty redundant. Change it to tailscale.com/tailnet-ip. Updates #502 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Will Norris	652f77d236	client/web: switch to using prebuilt web client assets Updates tailscale/corp#13775 Co-authored-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com>	10 months ago
Maisem Ali	19a9d9037f	tailcfg: add NodeCapMap Like PeerCapMap, add a field to `tailcfg.Node` which provides a map of Capability to raw JSON messages which are deferred to be parsed later by the application code which cares about the specific capabilities. This effectively allows us to prototype new behavior without having to commit to a schema in tailcfg, and it also opens up the possibilities to develop custom behavior in tsnet applications w/o having to plumb through application specific data in the MapResponse. Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Maisem Ali	4da0689c2c	tailcfg: add Node.HasCap helpers This makes a follow up change less noisy. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Maisem Ali	d06b48dd0a	tailcfg: add RawMessage This adds a new RawMessage type backed by string instead of the json.RawMessage which is backed by []byte. The byte slice makes the generated views be a lot more defensive than the need to be which we can get around by using a string instead. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Brad Fitzpatrick	0d991249e1	types/netmap: remove NetworkMap.{Addresses,MachineStatus} And convert all callers over to the methods that check SelfNode. Now we don't have multiple ways to express things in tests (setting fields on SelfNode vs NetworkMap, sometimes inconsistently) and don't have multiple ways to check those two fields (often only checking one or the other). Updates #9443 Change-Id: I2d7ba1cf6556142d219fae2be6f484f528756e3c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Marwan Sulaiman	d25217c9db	cmd/tailscale/cli: error when serving foreground if bg already exists This PR fixes a bug to make sure that we don't allow two configs exist with duplicate ports Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Maisem Ali	a61caea911	tailcfg: define a type for NodeCapability Instead of untyped string, add a type to identify these. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
Brad Fitzpatrick	3d37328af6	wgengine, proxymap: split out port mapping from Engine to new type (Continuing quest to remove rando stuff from the "Engine") Updates #cleanup Change-Id: I77f39902c2194410c10c054b545d70c9744250b0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Brad Fitzpatrick	db2f37d7c6	ipn/ipnlocal: add some test accessors Updates tailscale/corp#12990 Change-Id: I82801ac4c003d2c7e1352c514adb908dbf01be87 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Brad Fitzpatrick	fb5ceb03e3	types/netmap: deprecate NetworkMap.MachineStatus, add accessor method Step 1 of deleting it, per TODO. Updates #cleanup Change-Id: I1d3d0165ae5d8b20610227d60640997b73568733 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Maisem Ali	335a5aaf9a	cmd/k8s-operator: add APISERVER_PROXY env The kube-apiserver proxy in the operator would only run in auth proxy mode but thats not always desirable. There are situations where the proxy should just be a transparent proxy and not inject auth headers, so do that using a new env var APISERVER_PROXY and deprecate the AUTH_PROXY env. THe new env var has three options `false`, `true` and `noauth`. Updates #8317 Signed-off-by: Maisem Ali <maisem@tailscale.com>	10 months ago
James Tucker	1858ad65c8	cmd/cloner: do not allocate slices when the source is nil tailcfg.Node zero-value clone equality checks failed when I added a []*foo to the structure, as the zero value and it's clone contained a different slice header. Updates #9377 Updates #9408 Signed-off-by: James Tucker <james@tailscale.com>	10 months ago
Tyler Smalley	dfefaa5e35	Use parent serve config Signed-off-by: Tyler Smalley <tyler@tailscale.com>	10 months ago
Marwan Sulaiman	f3a5bfb1b9	cmd/tailscale/cli: add set serve validations This PR adds validations for the new new funnel/serve commands under the following rules: 1. There is always a single config for one port (bg or fg). 2. Foreground configs under the same port cannot co-exists (for now). 3. Background configs can change as long as the serve type is the same. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Marwan Sulaiman	3421784e37	cmd/tailscale/cli: use optimistic concurrency control on SetServeConfig This PR uses the etag/if-match pattern to ensure multiple calls to SetServeConfig are synchronized. It currently errors out and asks the user to retry but we can add occ retries as a follow up. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	10 months ago
Brad Fitzpatrick	6e66e5beeb	cmd/tsconnect/wasm: pass a netmon to ipnserver.New It became required as of `6e967446e4` Updates #8052 Change-Id: I08d100534254865293c1beca5beff8e529e4e9ac Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Tyler Smalley	82c1dd8732	cmd/tailscale: funnel wip cleanup and additional test coverage (#9316 ) General cleanup and additional test coverage of WIP code. * use enum for serveType * combine instances of ServeConfig access within unset * cleanMountPoint rewritten into cleanURLPath as it only handles URL paths * refactor and test expandProxyTargetDev > Note > Behind the `TAILSCALE_USE_WIP_CODE` flag updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	10 months ago
Brad Fitzpatrick	eb9f1db269	cmd/tsconnect/wasm: register netstack.Impl with tsd.System I missed this in `343c0f1031` and I guess we don't have integration tests for wasm. But it compiled! :) Updates #fixup to a #cleanup Change-Id: If147b90bab254d144ec851a392e8db10ab97f98e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Brad Fitzpatrick	343c0f1031	wgengine{,/netstack}: remove AddNetworkMapCallback from Engine interface It had exactly one user: netstack. Just have LocalBackend notify netstack when here's a new netmap instead, simplifying the bloated Engine interface that has grown a bunch of non-Engine-y things. (plenty of rando stuff remains after this, but it's a start) Updates #cleanup Change-Id: I45e10ab48119e962fc4967a95167656e35b141d8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Brad Fitzpatrick	9203916a4a	control/controlknobs: move more controlknobs code from controlclient Updates #cleanup Change-Id: I2b8b6ac97589270f307bfb20e33674894ce873b5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago

1 2 3 4 5 ...

1495 Commits (6f36f8842c3ee0908e1d4e50f9d0d9a387c9d980)