tailscale

Commit Graph

Author	SHA1	Message	Date
dependabot[bot]	7f0fcf8571	go.mod: bump github.com/pkg/sftp from 1.13.3 to 1.13.4 Bumps [github.com/pkg/sftp](https://github.com/pkg/sftp) from 1.13.3 to 1.13.4. - [Release notes](https://github.com/pkg/sftp/releases) - [Commits](https://github.com/pkg/sftp/compare/v1.13.3...v1.13.4) --- updated-dependencies: - dependency-name: github.com/pkg/sftp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
Brad Fitzpatrick	3a72ebb109	ipn: test TestFileStore in a fresh subdirectory Fixes #2923 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Aaron Klotz	21e9f98fc1	ipn, paths: unconditionally attempt to set state dir perms, but only if the state dir is ours We unconditionally set appropriate perms on the statefile dir. We look at the basename of the statefile dir, and if it is "tailscale", then we set perms as appropriate. Fixes #2925 Updates #2856 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Brad Fitzpatrick	82117f7a63	safesocket: actually fix CLI on macsys build Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ec2249b6f2	cmd/tailscale: add debug -env Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	5bc6d17f87	safesocket: fix CLI for macsys GUI variant Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ace2faf7ec	cmd/tailscale: make debug profiling output - mean stdout Because the macOS CLI runs in the sandbox, including the filesystem, so users would be confused that -cpu-profile=prof.cpu succeeds but doesn't write to their current directory, but rather in some random Library/Containers directory somewhere on the machine (which varies depending on the Mac build type: App Store vs System Extension) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	efb84ca60d	ipn/localapi, cmd/tailscale: add CPU & memory profile support, debug command This was already possible on Linux if you ran tailscaled with --debug (which runs net/http/pprof), but it requires the user have the Go toolchain around. Also, it wasn't possible on macOS, as there's no way to run the IPNExtension with a debug server (it doesn't run tailscaled). And on Windows it's super tedious: beyond what users want to do or what we want to explain. Instead, put it in "tailscale debug" so it works and works the same on all platforms. Then we can ask users to run it when we're debugging something and they can email us the output files. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	27bc4e744c	cmd/tailscale/web: support TLS from env vars. pfSense stores its SSL certificate and key in the PHP config. We wrote PHP code to pull the two out of the PHP config and into environment variables before running "tailscale web". The pfSense web UI is served over https, we need "tailscale web" to also support https in order to put it in an <iframe>. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
dependabot[bot]	b7b7d21514	go.mod: bump github.com/frankban/quicktest from 1.13.0 to 1.13.1 Bumps [github.com/frankban/quicktest](https://github.com/frankban/quicktest) from 1.13.0 to 1.13.1. - [Release notes](https://github.com/frankban/quicktest/releases) - [Commits](https://github.com/frankban/quicktest/compare/v1.13.0...v1.13.1) --- updated-dependencies: - dependency-name: github.com/frankban/quicktest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	46b59e8c48	go.mod: bump github.com/google/uuid from 1.1.2 to 1.3.0 Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.1.2 to 1.3.0. - [Release notes](https://github.com/google/uuid/releases) - [Commits](https://github.com/google/uuid/compare/v1.1.2...v1.3.0) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
Brad Fitzpatrick	b0481ba37a	go.mod: bump x/tools Fixes #2912 (which had rebase issues) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
dependabot[bot]	9219ca49f5	go.mod: bump golang.zx2c4.com/wireguard/windows from 0.3.16 to 0.4.9 Bumps golang.zx2c4.com/wireguard/windows from 0.3.16 to 0.4.9. --- updated-dependencies: - dependency-name: golang.zx2c4.com/wireguard/windows dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
Brad Fitzpatrick	9ca334a560	cmd/tailscaled: appease a security scanner There are two reasons this can't ever go to actual logs, but rewrite it to make it happy. Fixes tailscale/corp#2695 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	1eabb5b2d9	ipn: don't log IPN messages that may contain an authkey. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
dependabot[bot]	c350321eec	go.mod: bump github.com/gliderlabs/ssh from 0.3.2 to 0.3.3 Bumps [github.com/gliderlabs/ssh](https://github.com/gliderlabs/ssh) from 0.3.2 to 0.3.3. - [Release notes](https://github.com/gliderlabs/ssh/releases) - [Commits](https://github.com/gliderlabs/ssh/compare/v0.3.2...v0.3.3) --- updated-dependencies: - dependency-name: github.com/gliderlabs/ssh dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	2bb915dd0a	go.mod: bump github.com/creack/pty from 1.1.9 to 1.1.15 Bumps [github.com/creack/pty](https://github.com/creack/pty) from 1.1.9 to 1.1.15. - [Release notes](https://github.com/creack/pty/releases) - [Commits](https://github.com/creack/pty/compare/v1.1.9...v1.1.15) --- updated-dependencies: - dependency-name: github.com/creack/pty dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	aaea175dd0	go.mod: bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5 Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.0.4 to 5.0.5. - [Release notes](https://github.com/godbus/dbus/releases) - [Commits](https://github.com/godbus/dbus/compare/v5.0.4...v5.0.5) --- updated-dependencies: - dependency-name: github.com/godbus/dbus/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	eeee713c69	go.mod: bump github.com/miekg/dns from 1.1.42 to 1.1.43 Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.42 to 1.1.43. - [Release notes](https://github.com/miekg/dns/releases) - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](https://github.com/miekg/dns/compare/v1.1.42...v1.1.43) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	dbce536316	go.mod: bump github.com/pkg/sftp from 1.13.0 to 1.13.3 Bumps [github.com/pkg/sftp](https://github.com/pkg/sftp) from 1.13.0 to 1.13.3. - [Release notes](https://github.com/pkg/sftp/releases) - [Commits](https://github.com/pkg/sftp/compare/v1.13.0...v1.13.3) --- updated-dependencies: - dependency-name: github.com/pkg/sftp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
dependabot[bot]	a56520c3c7	.github: Bump actions/setup-go from 1 to 2.1.4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 1 to 2.1.4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v1...v2.1.4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	3 years ago
David Anderson	562622a32c	.github: add dependabot config to update go.mod and github actions. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	4cf63b8df0	net/dnsfallback: update static map for new derp11. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	18086c4cb7	go.mod: bump github.com/klauspost/compress to 1.13.6 Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Aaron Klotz	f0aa7f70a4	Merge pull request #2893 from tailscale/aaron/programdata-perms-2 ipn, paths: ensure that the state directory for Windows has the corre…	3 years ago
Aaron Klotz	9ebb5d4205	ipn, paths: ensure that the state directory for Windows has the correct perms ProgramData has a permissive ACL. For us to safely store machine-wide state information, we must set a more restrictive ACL on our state directory. We set the ACL so that only talescaled's user (ie, LocalSystem) and the Administrators group may access our directory. We must include Administrators to ensure that logs continue to be easily accessible; omitting that group would force users to use special tools to log in interactively as LocalSystem, which is not ideal. (Note that the ACL we apply matches the ACL that was used for LocalSystem's AppData\Local). There are two cases where we need to reset perms: One is during migration from the old location to the new. The second case is for clean installations where we are creating the file store for the first time. Updates #2856 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Brad Fitzpatrick	b1a2abf41b	client/tailscale/example/servetls: add demo program for docs Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Dave Anderson	478775de6a	github: add code security scanning	3 years ago
Brad Fitzpatrick	7d8227e7a6	logpolicy: don't use C:\ProgramData use for tailscale-ipn GUI's log dir tailscale-ipn.exe (the GUI) shouldn't use C:\ProgramData. Also, migrate the earlier misnamed wg32/wg64 conf files if they're present. (That was stopped in `2db877caa3`, but the files exist from fresh 1.14 installs) Updates #2856 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	2db877caa3	version: fix CmdName on the tailscale-ipn.exe binary Don't return "wg64", "wg32", etc. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	93c2882a2f	wgengine: flush DNS cache after major link change. Windows has a public dns.Flush used in router_windows.go. However that won't work for platforms like Linux, where we need a different flush mechanism for resolved versus other implementations. We're instead adding a FlushCaches method to the dns Manager, which can be made to work on all platforms as needed. Fixes https://github.com/tailscale/tailscale/issues/2132 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Denton Gentry	280c84e46a	ipn/ipnserver, paths, logpolicy: move Window config files out of %LocalAppData% C:\WINDOWS\system32\config\systemprofile\AppData\Local\ is frequently cleared for almost any reason: Windows updates, System Restore, even various System Cleaner utilities. The server-state.conf file in AppData\Local could be deleted at any time, which would break login until the node is removed from the Admin Panel allowing it to create a new key. Carefully copy any AppData state to ProgramData at startup. If copying the state fails, continue to use AppData so at least there will be connectivity. If there is no state, use ProgramData. We also migrate the log.conf file. Very old versions of Tailscale named the EXE tailscale-ipn, so the log conf was tailscale-ipn.log.conf and more recent versions preserved this filename and cmdName in logs. In this migration we always update the filename to c:\ProgramData\Tailscale\tailscaled.log.conf Updates https://github.com/tailscale/tailscale/issues/2856 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Brad Fitzpatrick	aae622314e	tailcfg, health: add way for control plane to add problems to health check So if the control plane knows that something's broken about the node, it can include problem(s) in MapResponse and "tailscale status" will show it. (and GUIs in the future, as it's in ipnstate.Status/JSON) This also bumps the MapRequest.Version, though it's not strictly required. Doesn't hurt. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Josh Bleecher Snyder	b14db5d943	util/codegen: reorder AssertStructUnchanged args The fully qualified name of the type is thisPkg.tname, so write the args like that too. Suggested-by: Joe Tsai <joetsai@digital-static.net> Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	3cd85c0ca6	util/codegen: add ContainsPointers And use it in cmd/cloner. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	d5a0a4297e	cmd/cloner: unify switch cases And in the process, fix a bug: The fmt formatting was being applied by writef, not fmt.Sprintf, thus emitting a MISSING string. And there's no guarantee that fmt will be imported in the generated code. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	d8a8f70000	util/codegen: add NamedTypes And use it in cmd/cloner. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	367a973dc2	cmd/cloner: delete some debug code Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	081be3e96b	cmd/cloner: simplify code Change from a single-case type switch to a type assertion with an early return. That exposes that the name arg to gen is unneeded. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	d5ab18b2e6	cmd/cloner: add Clone context to regen struct assignments Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	618376dbc0	util/codegen: add AssertStructUnchanged Refactored out from cmd/cloner. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	fb66ff7c78	util/codegen: add package This is a package for shared utilities used in doing codegen programs. The inaugural API is for writing gofmt'd code to a file. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Adrian Dewhurst	4da559d7cc	control/controlclient: update machine certificate signature version This iterates on the original signature format. Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	3 years ago
Josh Bleecher Snyder	a722e48cef	wgengine/magicsock: skip alloc test with -race Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	07c09f470d	ipn/ipnlocal: do not shut down the backend halfway through TestStateMachine LocalBackend.Shutdown's docs say: > The backend can no longer be used after Shutdown returns. Nevertheless, TestStateMachine blithely calls Shutdown, talks some smack, and continues on, expecting things to work. Other uses of Shutdown in the codebase are as intended. Things mostly kinda work anyway, except that the wgengine.Engine has been shut down, so calls to Reconfig fail. Those get logged: > local.go:603: wgengine status error: engine closing; no status but otherwise ignored. However, the Reconfig failure caused one fewer call to pause/unpause than normal. Now the assertCalls lines match the equivalent ones earlier in the test. I don't see an obvious correct replacement for Shutdown in the context of this test; I'm not sure entirely what it is trying to accomplish. It is possible that many of the tests remaining after the prior call to Shutdown are now extraneous. They don't harm anything, though, so err on the side of safety and leave them for now. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	f834a4ade5	ipn/ipnlocal: fix minor typo in comment Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	221cc5f8f2	ipn/ipnlocal: reduce line noise in tests Use helpers and variadic functions to make the call sites a lot easier to read, since they occur a lot. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	45d3174c0d	ipn/ipnlocal: add LocalBackend.broadcastStatusChanged To reduce repetition. Also, document why we acquire the lock. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Josh Bleecher Snyder	b7ede14396	Revert "ipn/ipnlocal: remove locks around sync.Cond.Broadcast call" Reason for revert: Causes ipnlocal tests to deadlock intermittently. This reverts commit `1b15349e01`. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	3 years ago
Brad Fitzpatrick	a05086ef86	portlist: add debug knob to disable portlist collection For big servers. Per discussion with @crawshaw. Updates tailscale/corp#2566 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago

1 2 3 4 5 ...

3076 Commits (7f0fcf857152dd5e21c37369165cbe255b41f7e0) All Branches Search

3076 Commits (7f0fcf857152dd5e21c37369165cbe255b41f7e0)

All Branches