tailscale

Commit Graph

Author	SHA1	Message	Date
Jordan Whited	bef6e2831a	cmd/tailscale: move call to cli.CleanUpArgs() from main() into cli.Run() (#4954 ) Not all distributions build from package main. Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
soypete	412c4c55e2	cmd/tailscale: make up respect explicitly empty --operator= value Fixes #3808 Signed-off-by: soypete <miriah@tailscale.com>	2 years ago
mattn	1d04e01d1e	use C:\Windows\System32\OpenSSH\ssh.exe (#4933 ) cmd/tailscale: make ssh command prefer Windows ssh.exe over PATH Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>	2 years ago
Brad Fitzpatrick	467eb2eca0	cmd/tailscale/cli, ipn/ipnlocal: give SSH tips when off/unconfigured Updates #3802 Change-Id: I6b9a3175f68a6daa670f912561f2c2ececc07770 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	13d0b8e6a4	control/controlclient, net/dnscache: use typed singleflight fork Change-Id: I12be4c5a91ae3a812fe88d9b2d15526fdbb5a921 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	d3643fa151	cmd/tailscale: add 'debug ts2021' Noise connectivity subcommand Updates #3488 Change-Id: I9272e68f66c4cf36fb98dd1248a74d3817447690 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Mihai Parparita	edc90ebc61	net/wsconn: remove homegrown wrapper for turning a websocket.Conn into a net.Conn The one from the nhooyr/websocket package seems to work equally well. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Brad Fitzpatrick	0d972678e7	cmd/tailscale/cli: disable 'tailscale ssh' on sandboxed macOS Updates #3802 Updates #4518 Fixes #4628 Change-Id: I194d2cc30fc8e38b66d4910787efbce14317b0ff Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	2bac8b6013	Revert "cmd/tailscale/cli: disallow --ssh on Synology" This reverts commit `03e3e6abcd` in favor of #4785. Change-Id: Ied65914106917c4cb8d15d6ad5e093a6299d1d48 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	03e3e6abcd	cmd/tailscale/cli: disallow --ssh on Synology Updates tailscale/corp#5468 Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Jordan Whited	43f9c25fd2	cmd/tailscale: surface authentication errors in status.Health (#4748 ) Fixes #3713 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Mihai Parparita	a9f32656f5	control/controlhttp: allow client and server to communicate over WebSockets We can't do Noise-over-HTTP in Wasm/JS (because we don't have bidirectional communication), but we should be able to do it over WebSockets. Reuses derp WebSocket support that allows us to turn a WebSocket connection into a net.Conn. Updates #3157 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Maisem Ali	67325d334e	cmd/tailscale/cli: add lose-ssh risk This makes it so that the user is notified that the action they are about to take may result in them getting disconnected from the machine. It then waits for 5s for the user to maybe Ctrl+C out of it. It also introduces a `--accept-risk=lose-ssh` flag for automation, which allows the caller to pre-acknowledge the risk. The two actions that cause this are: - updating `--ssh` from `true` to `false` - running `tailscale down` Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	4d85cf586b	cmd/tailscale, ipn/ipnlocal: add "peerapi" ping type For debugging when stuff like #4750 isn't working. RELNOTE=tailscale ping -peerapi Change-Id: I9c52c90fb046e3ab7d2b121387073319fbf27b99 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Aaron Klotz	b005b79236	net/dns, paths, util/winutil: change net/dns/windowsManager NRPT management to support more than 50 domains. AFAICT this isn't documented on MSDN, but based on the issue referenced below, NRPT rules are not working when a rule specifies > 50 domains. This patch modifies our NRPT rule generator to split the list of domains into chunks as necessary, and write a separate rule for each chunk. For compatibility reasons, we continue to use the hard-coded rule ID, but as additional rules are required, we generate new GUIDs. Those GUIDs are stored under the Tailscale registry path so that we know which rules are ours. I made some changes to winutils to add additional helper functions in support of both the code and its test: I added additional registry accessors, and also moved some token accessors from paths to util/winutil. Fixes https://github.com/tailscale/coral/issues/63 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Aaron Klotz	c163b2a3f1	util/winutil, util/winutil/vss: remove winrestore and vss as they are unnecessary. I wrote this code way back at the beginning of my tenure at Tailscale when we had concerns about needing to restore deleted machine keys from backups. We never ended up using this functionality, and the code is now getting in the way, so we might as well remove it. Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Mihai Parparita	eda647cb47	cmd/tailscale/cli: fix ssh CLI command breaking the Wasm build Adds a stub for syscall.Exec when GOOS=js. We also had a separate branch for Windows, might as well use the same mechanism there too. For #3157 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
James Tucker	f9e86e64b7	*: use WireGuard where logged, printed or named Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Brad Fitzpatrick	3e1f2d01f7	ipn/ipnlocal: move Ping method from IPN bus to LocalBackend (HTTP) Change-Id: I61759f1dae8d9d446353db54c8b1e13bfffb3287 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
James Tucker	ae483d3446	wgengine, net/packet, cmd/tailscale: add ICMP echo Updates tailscale/corp#754 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Brad Fitzpatrick	87ba528ae0	client/tailscale: move/copy all package funcs to new LocalClient type Remove all global variables, and clean up tsnet and cmd/tailscale's usage. This is in prep for using this package for the web API too (it has the best package name). RELNOTE=tailscale.com/client/tailscale package refactored w/ LocalClient type Change-Id: Iba9f162fff0c520a09d1d4bd8862f5c5acc9d7cd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6bed781259	all: gofmt all Well, goimports actually (which adds the normal import grouping order we do) Change-Id: I0ce1b1c03185f3741aad67c14a7ec91a838de389 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	50eb8c5add	cmd/tailscale: mostly fix 'tailscale ssh' on macOS (sandbox) Still a little wonky, though. See the tcsetattr error and inability to hit Ctrl-D, for instance: bradfitz@laptop ~ % tailscale.app ssh foo@bar tcsetattr: Operation not permitted # Authentication checked with Tailscale SSH. # Time since last authentication: 1h13m22s foo@bar:~$ ^D ^D ^D Updates #4518 Updates #4529 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	48e5f4ff88	cmd/tailscale/cli: add 'debug stat' subcommand For debugging what's visible inside the macOS sandbox. But could also be useful for giving users portable commands during debugging without worrying about which OS they're on. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
James Tucker	928d1fddd2	cmd/tailscale: s/-authkey/-auth-key/ in help text Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Maisem Ali	90b5f6286c	cmd/tailscale: use double quotes in the ssh subcommands Single-quote escaping is insufficient apparently. Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	db70774685	cmd/tailscale/cli: do not use syscall.Exec from macOS sandbox Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	d413850bd7	cmd/tailscale: add "debug via" subcommand to do CIDR math for via ranges $ tailscale debug via 0xb 10.2.0.0/16 fd7a:115c:a1e0:b1a:0🅱️a02:0/112 $ tailscale debug via fd7a:115c:a1e0:b1a:0🅱️a02:0/112 site 11 (0xb), 10.2.0.0/16 Previously: `3ae701f0eb` This adds a little debug tool to do CIDR math to make converting between those ranges easier for now. Updates #3616 Change-Id: I98302e95d17765bfaced3ecbb71cbd43e84bff46 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	945879fa38	cmd/tailscale: [ssh] enable StrictHostKeyChecking mode Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	8f5e5bff1e	cmd/tailscale, etc: make "tailscale up --ssh" fail fast when unavailable Fail on unsupported platforms (must be Linux or macOS tailscaled with WIP env) or when disabled by admin (with TS_DISABLE_SSH_SERVER=1) Updates #3802 Change-Id: I5ba191ed0d8ba4ddabe9b8fc1c6a0ead8754b286 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	f0e2272e04	cmd/tailscale: unhide 'up --ssh' behind WIP env var Updates #3802 Change-Id: I99c550c2e4450640b0ee6ab060f178dde1360553 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	c87ed52ad4	cmd/tailscale: add id-token subcommand RELNOTE=Initial support for getting OIDC ID Tokens Updates tailscale/corp#4347 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	3ae701f0eb	net/tsaddr, wgengine/netstack: add IPv6 range that forwards to site-relative IPv4 This defines a new magic IPv6 prefix, fd7a:115c:a1e0:b1a::/64, a subset of our existing /48, where the final 32 bits are an IPv4 address, and the middle 32 bits are a user-chosen "site ID". (which must currently be 0000:00xx; the top 3 bytes must be zero for now) e.g., I can say my home LAN's "site ID" is "0000:00bb" and then advertise its 10.2.0.0/16 IPv4 range via IPv6, like: tailscale up --advertise-routes=fd7a:115c:a1e0:b1a::bb:10.2.0.0/112 (112 being /128 minuse the /96 v6 prefix length) Then people in my tailnet can: $ curl '[fd7a:115c:a1e0:b1a::bb:10.2.0.230]' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" .... Updates #3616, etc RELNOTE=initial support for TS IPv6 addresses to route v4 "via" specific nodes Change-Id: I9b49b6ad10410a24b5866b9fbc69d3cae1f600ef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
David Eger	f992749b98	cmd/tailscale: Add file get --loop flag. To "automatically receive taildrop files to my Downloads directory," user currently has to run 'tailscale file get' in a loop. Make it easy to do this without shell. Updates: #2312 Signed-off-by: David Eger <david.eger@gmail.com>	2 years ago
Xiaochao Dong (@damnever)	7d97800d52	cmd/tailscale: make web mode preserve URL scheme in Synology redirect Signed-off-by: Xiaochao Dong (@damnever) <the.xcdong@gmail.com>	2 years ago
oliverpool	0b273e1857	cmd/tailscale: drop special exit code 125 for gokrazy No needed since gokrazy doesn't restart successful processes anymore: https://github.com/gokrazy/gokrazy/pull/127 Signed-off-by: Olivier Charvin <git@olivier.pfad.fr>	2 years ago
Brad Fitzpatrick	753f1bfad4	cmd/tailscale: write fewer known_hosts, resolve ssh host to FQDN early Updates #3802 Change-Id: Ic44fa2e6661a9c046e725c04fa6b8213d3d4d2b2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	df93158aac	cmd/tailscale: generate known_hosts file for 'tailscale ssh' Updates #3802 Change-Id: I7a0052392f000ee44fc8e719f6666756aab91f3d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	8294915780	cmd/tailscale/cli: add start of 'ssh' subcommand Updates #3802 Change-Id: Iabc07c00c7e4f43944cfe7daec8d2b66ac002289 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	06fcf3b225	cmd/tailscale: make status --peers=false work earlier + in JSON mode And return an error if you use non-flag arguments. Change-Id: I0dd6c357eb5cabd0f17020f21ba86406aea21681 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	5df12b9059	client/tailscale, cmd/tailscale, localapi: add 'tailscale nc' (actually) Adds missing file from `fc12cbfcd3`. GitHub was having issues earlier and it was all green because the checks never actually ran, but the DCO non-Actions check at least did, so "green" and I merged, not realizing it hadn't really run anything. Updates #3802 Change-Id: I29f605eebe5336f1f3ca28ebb78b092dd99d9fd8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	fc12cbfcd3	client/tailscale, cmd/tailscale, localapi: add 'tailscale nc' This adds a "tailscale nc" command that acts a bit like "nc", but dials out via tailscaled via localapi. This is a step towards a "tailscale ssh", as we'll use "tailscale nc" as a ProxyCommand for in some cases (notably in userspace mode). But this is also just useful for debugging & scripting. Updates #3802 RELNOTE=tailscale nc Change-Id: Ia5c37af2d51dd0259d5833d80264d3ad5f68446a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Aaron Klotz	6e91f872af	net/tshttpproxy: ensure we pass the correct flags to WinHttpOpen on Win7 and Win8.0 The best flag to use on Win7 and Win8.0 is deprecated in Win8.1, so we resolve the flag depending on OS version info. Fixes https://github.com/tailscale/tailscale/issues/4201 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Josh Bleecher Snyder	0868329936	all: use any instead of interface{} My favorite part of generics. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	2 years ago
Josh Bleecher Snyder	997b19545b	syncs: use TryLock and TryRLock instead of unsafe The docs say: Note that while correct uses of TryLock do exist, they are rare, and use of TryLock is often a sign of a deeper problem in a particular use of mutexes. Rare code! Or bad code! Who can tell! Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	2 years ago
Brad Fitzpatrick	1f22507c06	version: use Go 1.18's git stamping as default implementation No more manual version bumps! Fixes #81 Change-Id: I3a9e544a7248f0b83bcbacbaabbc4dabc435e62d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Josh Bleecher Snyder	71b535fc94	go.mod: require Go 1.18 Also, update depaware for Go 1.18's dependency tree. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	2 years ago
David Eger	5be42c0af1	cmd/tailscale: add file get options for dealing with existing files A new flag --conflict=(skip\|overwrite\|rename) lets users specify what to do when receiving files that match a same-named file in the target directory. Updates #3548 Signed-off-by: David Eger <david.eger@gmail.com>	2 years ago
Aaron Klotz	f8a4df66de	cmd/tailscale/cli, ipn: move exit node IP parsing and validation from cli into prefs. We need to be able to provide the ability for the GUI clients to resolve and set the exit node IP from an untrusted string, thus enabling the ability to specify that information via enterprise policy. This patch moves the relevant code out of the handler for `tailscale up`, into a method on `Prefs` that may then be called by GUI clients. We also update tests accordingly. Updates https://github.com/tailscale/corp/issues/4239 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Joonas Kuorilehto	c1b3500a05	cmd/tailscale: allow use of flags in gokrazy Enable use of command line arguments with tailscale cli on gokrazy. Before this change using arguments like "up" would cause tailscale cli to be repeatedly restarted by gokrazy process supervisor. We never want to have gokrazy restart tailscale cli, even if user would manually start the process. Expected usage is that user creates files: flags/tailscale.com/cmd/tailscale/flags.txt: up flags/tailscale.com/cmd/tailscaled/flags.txt: --statedir=/perm/tailscaled/ --tun=userspace-networking Then tailscale prints URL for user to log in with browser. Alternatively it should be possible to use up with auth key to allow unattended gokrazy installs. Signed-off-by: Joonas Kuorilehto <joneskoo@derbian.fi>	2 years ago

1 2 3 4 5 ...

422 Commits (88133c361e8cc267b9e45c90f357f96084c60a0c)