554 Commits (8976b34cb80ece41b7e8ed0fb54c554bfca6173b)

Author	SHA1	Message	Date
James Tucker	5ee0c6bf1d	derp/derpserver: add a unique sender cardinality estimate ... Adds an observation point that may identify potentially abusive traffic patterns at outlier values. Updates tailscale/corp#24681 Signed-off-by: James Tucker <james@tailscale.com>	1 week ago
Tom Proctor	6637003cc8	cmd/cigocacher,go.mod: add cigocacher cmd ... Adds cmd/cigocacher as the client to cigocached for Go caching over HTTP. The HTTP cache is best-effort only, and builds will fall back to disk-only cache if it's not available, much like regular builds. Not yet used in CI; that will follow in another PR once we have runners available in this repo with the right network setup for reaching cigocached. Updates tailscale/corp#10808 Change-Id: I13ae1a12450eb2a05bd9843f358474243989e967 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>	1 week ago
Andrew Lytvynov	de8ed203e0	go.mod: bump golang.org/x/crypto (#18011) ... Pick up fixes for https://pkg.go.dev/vuln/GO-2025-4134 Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 weeks ago
Andrew Lytvynov	d01081683c	go.mod: bump golang.org/x/crypto (#17907) ... Pick up a fix for https://pkg.go.dev/vuln/GO-2025-4116 (even though we're not affected). Updates #cleanup Change-Id: I9f2571b17c1f14db58ece8a5a34785805217d9dd Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 weeks ago
Andrew Dunham	3a41c0c585	ipn/ipnlocal: add PROXY protocol support to Funnel/Serve ... This adds the --proxy-protocol flag to 'tailscale serve' and 'tailscale funnel', which tells the Tailscale client to prepend a PROXY protocol[1] header when making connections to the proxied-to backend. I've verified that this works with our existing funnel servers without additional work, since they pass along source address information via PeerAPI already. Updates #7747 [1]: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt Change-Id: I647c24d319375c1b33e995555a541b7615d2d203 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 weeks ago
M. J. Fromberger	061e6266cf	util/eventbus: allow logging of slow subscribers (#17705) ... Add options to the eventbus.Bus to plumb in a logger. Route that logger in to the subscriber machinery, and trigger a log message to it when a subscriber fails to respond to its delivered events for 5s or more. The log message includes the package, filename, and line number of the call site that created the subscription. Add tests that verify this works. Updates #17680 Change-Id: I0546516476b1e13e6a9cf79f19db2fe55e56c698 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	1 month ago
M. J. Fromberger	95426b79a9	logtail: avoid racing eventbus subscriptions with shutdown (#17695) ... In #17639 we moved the subscription into NewLogger to ensure we would not race subscribing with shutdown of the eventbus client. Doing so fixed that problem, but exposed another: As we were only servicing events occasionally when waiting for the network to come up, we could leave the eventbus to stall in cases where a number of network deltas arrived later and weren't processed. To address that, let's separate the concerns: As before, we'll Subscribe early to avoid conflicts with shutdown; but instead of using the subscriber directly to determine readiness, we'll keep track of the last-known network state in a selectable condition that the subscriber updates for us. When we want to wait, we'll wait on that condition (or until our context ends), ensuring all the events get processed in a timely manner. Updates #17638 Updates #15160 Change-Id: I28339a372be4ab24be46e2834a218874c33a0d2d Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>	1 month ago
Brad Fitzpatrick	54cee33bae	go.toolchain.rev: update to Go 1.25.3 ... Updates tailscale/go#140 Updates tailscale/go#142 Updates tailscale/go#138 Change-Id: Id25b6fa4e31eee243fec17667f14cdc48243c59e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Brad Fitzpatrick	9a72513fa4	go.toolchain.rev: bump Go to 1.25.2 ... Updates tailscale/go#135 Change-Id: I89cfb49b998b2fd0264f8d5f4a61af839cd06626 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Tom Meadows	cd2a3425cb	cmd/tsrecorder: adds sending api level logging to tsrecorder (#16960) ... Updates #17141 Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>	2 months ago
Brad Fitzpatrick	801aac59db	Makefile, cmd/*/depaware.txt: split out vendor packages explicitly ... depaware was merging golang.org/x/foo and std's vendor/golang.org/x/foo packages (which could both be in the binary!), leading to confusing output, especially when I was working on eliminating duplicate packages imported under different names. This makes the depaware output longer and grosser, but doesn't hide reality from us. Updates #17305 Change-Id: I21cc3418014e127f6c1a81caf4e84213ce84ab57 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 months ago
Brad Fitzpatrick	6f9f190f4d	go.toolchain.rev: bump to Go 1.25.1 ... Updates #17064 Change-Id: Ibbca837e0921fe9f82fc931dde8bb51b017e4e48 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 months ago
Brad Fitzpatrick	1a98943204	go.mod: bump github.com/ulikunitz/xz for security warning ... Doesn't look to affect us, but pacifies security scanners. See 88ddf1d0d9 It's for decoding. We only use this package for encoding (via github.com/google/rpmpack / github.com/goreleaser/nfpm/v2). Updates #8043 Change-Id: I87631aa5048f9514bb83baf1424f6abb34329c46 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 months ago
Patrick O'Doherty	c5429cd49c	go.toolchain.branch: bump to go1.25 (#16954) ... go.toolchain.rev: bump go1.25 version flake.nix: bump Go to 1.25 Updates #16330 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	3 months ago
Claus Lensbøl	fafb514538	client/systray: go back to using upstream library (#16938) ... We had a fix in a local branch, but upstream has merged it now. Updates #1708 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	3 months ago
Joe Tsai	fbb91758ac	cmd/viewer, types/views: implement support for json/v2 (#16852) ... This adds support for having every viewer type implement jsonv2.MarshalerTo and jsonv2.UnmarshalerFrom. This provides a significant boost in performance as the json package no longer needs to validate the entirety of the JSON value outputted by MarshalJSON, nor does it need to identify the boundaries of a JSON value in order to call UnmarshalJSON. For deeply nested and recursive MarshalJSON or UnmarshalJSON calls, this can improve runtime from O(N²) to O(N). This still references "github.com/go-json-experiment/json" instead of the experimental "encoding/json/v2" package now available in Go 1.25 under goexperiment.jsonv2 so that code still builds without the experiment tag. Of note, the "github.com/go-json-experiment/json" package aliases the standard library under the right build conditions. Updates tailscale/corp#791 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
Andrew Lytvynov	b5283ab13a	go.toolchain.rev: bump to 1.24.6 (#16811) ... Updates https://github.com/tailscale/corp/issues/31103 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	4 months ago
Claus Lensbøl	3fe022877a	client/systray: temporarily replace systray module (#16807) ... We are waiting for a PR to be reviewed upstream. https://github.com/fyne-io/systray/pull/100 Updates #1708 Signed-off-by: Claus Lensbøl <claus@tailscale.com>	4 months ago
Andrew Lytvynov	f80ea92030	.github/workflows: enforce github action version pinning (#16768) ... Use https://github.com/stacklok/frizbee via the new `go tool` support from Go 1.24. Updates https://github.com/tailscale/corp/issues/31017 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	4 months ago
Jordan Whited	097c2bcf67	go.mod: bump wireguard-go (#16578) ... So that conn.PeerAwareEndpoint is always evaluated per-packet, rather than at least once per packet batch. Updates tailscale/corp#30042 Signed-off-by: Jordan Whited <jordan@tailscale.com>	5 months ago
Jordan Whited	04e8d21b0b	go.mod: bump wg-go to fix keepalive detection (#16535) ... Updates tailscale/corp#30364 Signed-off-by: Jordan Whited <jordan@tailscale.com>	5 months ago
Jordan Whited	5b0074729d	go.mod,wgengine/magicsock: implement conn.InitiationAwareEndpoint (#16486) ... Since a [*lazyEndpoint] makes wireguard-go responsible for peer ID, but wireguard-go may not yet be configured for said peer, we need a JIT hook around initiation message reception to call what is usually called from an [*endpoint]. Updates tailscale/corp#30042 Signed-off-by: Jordan Whited <jordan@tailscale.com>	5 months ago
Jordan Whited	f9e7131772	wgengine/magicsock: make lazyEndpoint load bearing for UDP relay (#16435) ... Cryptokey Routing identification is now required to set an [epAddr] into the peerMap for Geneve-encapsulated [epAddr]s. Updates tailscale/corp#27502 Updates tailscale/corp#29422 Updates tailscale/corp#30042 Signed-off-by: Jordan Whited <jordan@tailscale.com>	5 months ago
Brad Fitzpatrick	5b7cf7fc36	.github/workflows: do a go mod download & cache it before all jobs ... Updates tailscale/corp#28679 Change-Id: Ib0127cb2b03f781fc3187199abe4881e97074f5f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	6 months ago
Andrew Lytvynov	dac00e9916	go.mod: bump github.com/cloudflare/circl (#16264) ... See https://github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwm This dependency is used in our release builder indirectly via 3b22d8539b/go.mod (L6) We should not be affected, since this is used indirectly for pgp signatures on our .deb releases, where we use only trusted inputs. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	6 months ago
Jordan Whited	5f35143d83	go.mod,wgengine/magicsock: update wireguard-go (#16148) ... Our conn.Bind implementation is updated to make Send() offset-aware for future VXLAN/Geneve encapsulation support. Updates tailscale/corp#27502 Signed-off-by: Jordan Whited <jordan@tailscale.com>	6 months ago
Fran Bull	c9a5d638e9	tsconsensus: enable writing state to disk ... The comments in the raft code say to only use the InMemStore for tests. Updates #16027 Signed-off-by: Fran Bull <fran@tailscale.com>	6 months ago
Brad Fitzpatrick	401d6c0cfa	go.mod: bump golang.org/x deps ... Updates #8043 Change-Id: I8702a17130559353ccdecbe8b64eeee461ff09c3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	6 months ago
Andrew Lytvynov	3105ecd958	hostinfo,tailcfg: report TPM availability on windows/linux (#15831) ... Start collecting fleet data on TPM availability via hostinfo. Updates #15830 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
Andrew Lytvynov	cb7bf929aa	go.mod: bump gorilla/csrf@v1.7.3 (#15775) ... This is the same version as before, but the old one confuses govulncheck. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
James Tucker	10fd61f1bb	go.mod: bump golang.org/x/crypto and related ... Updates #15680 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Fran Bull	8597b25840	tsconsensus: add a tsconsensus package ... tsconsensus enables tsnet.Server instances to form a consensus. tsconsensus wraps hashicorp/raft with * the ability to do discovery via tailscale tags * inter node communication over tailscale * routing of commands to the leader Updates #14667 Signed-off-by: Fran Bull <fran@tailscale.com>	8 months ago
Andrew Lytvynov	46505ca338	tempfork/acme: update to latest version (#15543) ... Pull in https://github.com/tailscale/golang-x-crypto/pull/16 Updates #15542 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Brad Fitzpatrick	b3953ce0c4	ssh/tailssh: add Plan 9 support for Tailscale SSH ... Updates #5794 Change-Id: I7b05cd29ec02085cb503bbcd0beb61bf455002ac Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Brad Fitzpatrick	60847128df	net/tstun: add Plan 9 'tun' support ... Updates #5794 Change-Id: I8c466cae25ae79be1097450a63e8c25c7b519331 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Will Norris	e8b5f0b3c4	client/systray: use ico image format for windows ... Add the golang-image-ico package, which is an incredibly small package to handle the ICO container format with PNG inside. Some profile photos look quite pixelated when displayed at this size, but it's better than nothing, and any Windows support is just a bonus anyway. Updates #1708 Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Patrick O'Doherty	f0b395d851	go.mod update golang.org/x/net to 0.36.0 for govulncheck (#15296) ... Updates #cleanup Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	9 months ago
David Anderson	ef906763ee	util/eventbus: initial implementation of an in-process event bus ... Updates #15160 Signed-off-by: David Anderson <dave@tailscale.com> Co-authored-by: M. J. Fromberger <fromberger@tailscale.com>	9 months ago
Irbe Krumina	2791b5d5cc	go.{mod,sum}: bump mkctr (#15161) ... Updates tailscale/tailscale#15159 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	9 months ago
Joe Tsai	ae303d41dd	go.mod: bump github.com/go-json-experiment/json (#15010) ... The upstream module has seen significant work making the v1 emulation layer a high fidelity re-implementation of v1 "encoding/json". This addresses several upstream breaking changes: * MarshalJSONV2 renamed as MarshalJSONTo * UnmarshalJSONV2 renamed as UnmarshalJSONFrom * Options argument removed from MarshalJSONV2 * Options argument removed from UnmarshalJSONV2 Updates tailscale/corp#791 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	9 months ago
Andrew Lytvynov	d7508b24c6	go.mod: bump golang.org/x/crypto (#15123) ... There were two recent CVEs. The one that sorta affects us is https://groups.google.com/g/golang-announce/c/qN_GDasRQSA (SSH DoS). Updates #15124 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	9 months ago
Brad Fitzpatrick	836c01258d	go.toolchain.branch: update to Go 1.24 (#15016) ... * go.toolchain.branch: update to Go 1.24 Updates #15015 Change-Id: I29c934ec17e60c3ac3264f30fbbe68fc21422f4d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> * cmd/testwrapper: fix for go1.24 Updates #15015 Signed-off-by: Paul Scott <paul@tailscale.com> * go.mod,Dockerfile: bump to Go 1.24 Also bump golangci-lint to a version that was built with 1.24 Updates #15015 Signed-off-by: Andrew Lytvynov <awly@tailscale.com> --------- Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Paul Scott <paul@tailscale.com> Signed-off-by: Andrew Lytvynov <awly@tailscale.com> Co-authored-by: Paul Scott <paul@tailscale.com> Co-authored-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Andrew Lytvynov	cc923713f6	tempfork/acme: pull in latest changes for Go 1.24 (#15062) ... 9a281fd8fa Updates #15015 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Brad Fitzpatrick	cbf3852b5d	cmd/testwrapper: temporarily remove test coverage support ... testwrapper doesn't work with Go 1.24 and the coverage support is making it harder to debug. Updates #15015 Updates tailscale/corp#26659 Change-Id: I0125e881d08c92f1ecef88b57344f6bbb571b569 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
James Tucker	f2f7fd12eb	go.mod: bump bart ... Bart has had some substantial improvements in internal representation, update functions, and other optimizations to reduce memory usage and improve runtime performance. Updates tailscale/corp#26353 Signed-off-by: James Tucker <james@tailscale.com>	10 months ago
Anton	f35c49d211	net/dns: update to illarion/gonotify/v3 to fix a panic ... Fixes #14699 Signed-off-by: Anton <anton@tailscale.com>	10 months ago
Brad Fitzpatrick	27f8e2e31d	go.mod: bump x/* deps ... Notably, this pulls in https://go.googlesource.com/net/+/2dab271ff1b7396498746703d88fefcddcc5cec7 for golang/go#71557. Updates #8043 Change-Id: I3637dbf27b90423dd4d54d147f12688b51f3ce36 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
James Tucker	e113b106a6	go.mod,wgengine/netstack: use cubic congestion control, bump gvisor ... Cubic performs better than Reno in higher BDP scenarios, and enables the use of the hystart++ implementation contributed by Coder. This improves throughput on higher BDP links with a much faster ramp. gVisor is bumped as well for some fixes related to send queue processing and RTT tracking. Updates #9707 Updates #10408 Updates #12393 Updates tailscale/corp#24483 Updates tailscale/corp#25169 Signed-off-by: James Tucker <james@tailscale.com>	10 months ago
Mike O'Driscoll	d5316a4fbb	cmd/derper: add setec secret support (#14890) ... Add setec secret support for derper. Support dev mode via env var, and setec via secrets URL. For backwards compatibility use setec load from file also. Updates tailscale/corp#25756 Signed-off-by: Mike O'Driscoll <mikeo@tailscale.com>	10 months ago
Brad Fitzpatrick	496347c724	go.mod: bump inetaf/tcpproxy ... To fix a logging crash. Updates tailscale/corp#20503 Change-Id: I1beafe34afeb577aaaf6800a408faf6454b16912 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago