tailscale

Commit Graph

Author	SHA1	Message	Date
Maisem Ali	945879fa38	cmd/tailscale: [ssh] enable StrictHostKeyChecking mode Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	8f5e5bff1e	cmd/tailscale, etc: make "tailscale up --ssh" fail fast when unavailable Fail on unsupported platforms (must be Linux or macOS tailscaled with WIP env) or when disabled by admin (with TS_DISABLE_SSH_SERVER=1) Updates #3802 Change-Id: I5ba191ed0d8ba4ddabe9b8fc1c6a0ead8754b286 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	f0e2272e04	cmd/tailscale: unhide 'up --ssh' behind WIP env var Updates #3802 Change-Id: I99c550c2e4450640b0ee6ab060f178dde1360553 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	93221b4535	ssh/tailssh: cache public keys fetched from URLs Updates #3802 Change-Id: I96715bae02bce6ea19f16b1736d1bbcd7bcf3534 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	3ffd88a84a	wgengine/monitor: do not set timeJumped on iOS/Android In `(Mon).Start` we don't run a timer to update `(Mon).lastWall` on iOS and Android as their sleep patterns are bespoke. However, in the debounce goroutine we would notice that the the wall clock hadn't been updated since the last event would assume that a time jump had occurred. This would result in non-events being considered as major-change events. This commit makes it so that `(*Mon).timeJumped` is never set to `true` on iOS and Android. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	ade7bd8745	ssh/tailssh: close sessions on policy change if no longer allowed Updates #3802 Change-Id: I98503c2505b77ac9d0cc792614fcdb691761a70c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	4ec83fbad6	ipn/ipnlocal: only call updateFilter with mutex held And rename to updateFilterLocked to prevent future mistakes. Fixes #4427 Change-Id: I4d37b90027d5ff872a339ce8180f5723704848dc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	cd916b728b	ipn/ipnlocal: add start of inter-user Taildrop Controlled by server-sent capability policy. To be initially used for SSH servers to record sessions to other nodes. Not yet productized into something user-accessible. (Notably, the list of Taildrop targets from the sender side isn't augmented yet.) This purely permits expanding the set of expands a node will accept a drop from. Updates #3802 Updates #4217 Change-Id: Id7a5bccd686490f8ef2cdc7dae7c07c440dc0085 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	f4f76eb275	net/dnsfallback: update from 'go generate' Change-Id: I93e0e6d9a4a471953c1ffef07f32605c5724aed8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	16f3520089	all: add arbitrary capability support Updates #4217 RELNOTE=start of WhoIsResponse capability support Change-Id: I6522998a911fe49e2f003077dad6164c017eed9b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
James Tucker	c591c91653	tailcfg, control/controlclient: TSMP & disco pings tailcfg.PingResponse formalizes the TSMP & disco response message, and controlclient is wired to send POST responses containing tailcfg.PingResponse for TSMP and disco PingRequests. Updates tailscale/corp#754 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	67192a2323	go.mod: bump u-root We only use the termios subpackage, so we're unaffected by CVE-2020-7665, but the bump will let dependabot return to slumber. Fixes https://github.com/tailscale/tailscale/security/dependabot/2 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Brad Fitzpatrick	8ee044ea4a	ssh/tailssh: make the SSH server a singleton, register with LocalBackend Remove the weird netstack -> tailssh dependency and instead have tailssh register itself with ipnlocal when linked. This makes tailssh.server a singleton, so we can have a global map of all sessions. Updates #3802 Change-Id: Iad5caec3a26a33011796878ab66b8e7b49339f29 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	da14e024a8	tailcfg, ssh/tailssh: optionally support SSH public keys in wire policy And clean up logging. Updates #3802 Change-Id: I756dc2d579a16757537142283d791f1d0319f4f0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	df9ce972c7	tailcfg, ipn/ipnlocal: add debug flag to enable one-big-CGNAT/10 route To experiment with avoiding Chrome ERR_NETWORK_CHANGED errors on route changes. Updates #3102 Change-Id: I339da14c684fdac45ac261566aa21bf2198672ff Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
phirework	52d32c94d8	net/dns/publicdns: add missing call to sync.Once.Do (#4410 ) Signed-off-by: Jenny Zhang <jz@tailscale.com>	2 years ago
phirework	83c734a6e0	net/dns, util/publicdns: extract public DNS mapping into own package (#4405 ) This extracts DOH mapping of known public DNS providers in forwarder.go into its own package, to be consumed by other repos Signed-off-by: Jenny Zhang <jz@tailscale.com>	2 years ago
James Tucker	8de7f9bff7	tailscaled: no longer tune gcpercent Usage of userspace-networking is increasing, and the aggressive GC tuning causes a significant reduction in performance in that mode. Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Xe Iaso	4f1d6c53cb	cmd/nginx-auth: create new Tailscale NGINX auth service (#4400 ) This conforms to the NGINX subrequest result authentication protocol[1] using the NGINX module `ngx_http_auth_request_module`. This is based on the example that @peterkeen provided on Twitter[2], but with several changes to make things more tightly locked down: * This listens over a UNIX socket instead of a TCP socket to prevent leakage to the network * This uses systemd socket activation so that systemd owns the socket and can then lock down the service to the bare minimum required to do its job without having to worry about dropping permissions * This provides additional information in HTTP response headers that can be useful for integrating with various services * This has a script to automagically create debian and redhat packages for easier distribution This will be written about on the Tailscale blog. There is more information in README.md. [1]: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-subrequest-authentication/ [2]: https://github.com/peterkeen/tailscale/blob/main/cmd/nginx-auth-proxy/nginx-auth-proxy.go Signed-off-by: Xe Iaso <xe@tailscale.com>	2 years ago
Maisem Ali	50b4b8b2c6	ipn/ipnlocal: make peerIPs return a sorted slice Currently peerIPs doesn't do any sorting of the routes it returns. This is typically fine, however imagine the case of an HA subnet router failover. When a route R moves from peer A to peer B, the output of peerIPs changes. This in turn causes all the deephash check inside wgengine to fail as the hashed value of [R1, R2] is different than the hashed value of [R2, R1]. When the hash check failes, it causes wgengine to reconfigure all routes in the OS. This is especially problematic for macOS and iOS where we use the NetworkExtension. This commit makes it that the peerIPs are always sorted when returned, thus making the hash be consistent as long as the list of routes remains static. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	a49d8d5200	Revert ".github/workflows: work around golang/go#51629" This reverts commit `2a412ac9ee`. Updates #4194 Change-Id: I0098b66b71d20bea301ca79058c1cdd201237dd0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	09c5c9eb83	go.mod: bump x/tools for go/packages generics fix Updates #4194 Change-Id: Ia992ffb14210d5ad53f8f98d12b80d64080998e6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	dec68166e4	tstest/integration/vms: smoke test derphttp through mitm proxies Updates #4377 Very smoky/high-level test to ensure that derphttp internals play well with an agressive (stare + bump) meddler-in-the-middle proxy. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Ilya Mateyko	2748750aa2	ipn/ipnstate: make status page more mobile-friendly Signed-off-by: Ilya Mateyko <me@astrophena.name>	2 years ago
Maisem Ali	c87ed52ad4	cmd/tailscale: add id-token subcommand RELNOTE=Initial support for getting OIDC ID Tokens Updates tailscale/corp#4347 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	3ae701f0eb	net/tsaddr, wgengine/netstack: add IPv6 range that forwards to site-relative IPv4 This defines a new magic IPv6 prefix, fd7a:115c:a1e0:b1a::/64, a subset of our existing /48, where the final 32 bits are an IPv4 address, and the middle 32 bits are a user-chosen "site ID". (which must currently be 0000:00xx; the top 3 bytes must be zero for now) e.g., I can say my home LAN's "site ID" is "0000:00bb" and then advertise its 10.2.0.0/16 IPv4 range via IPv6, like: tailscale up --advertise-routes=fd7a:115c:a1e0:b1a::bb:10.2.0.0/112 (112 being /128 minuse the /96 v6 prefix length) Then people in my tailnet can: $ curl '[fd7a:115c:a1e0:b1a::bb:10.2.0.230]' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" .... Updates #3616, etc RELNOTE=initial support for TS IPv6 addresses to route v4 "via" specific nodes Change-Id: I9b49b6ad10410a24b5866b9fbc69d3cae1f600ef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
David Eger	f992749b98	cmd/tailscale: Add file get --loop flag. To "automatically receive taildrop files to my Downloads directory," user currently has to run 'tailscale file get' in a loop. Make it easy to do this without shell. Updates: #2312 Signed-off-by: David Eger <david.eger@gmail.com>	2 years ago
James Tucker	f4aad61e67	wgengine/monitor: ignore duplicate RTM_NEWADDRs Ignoring the events at this layer is the simpler path for right now, a broader change should follow to suppress irrelevant change events in a higher layer so as to avoid related problems with other monitoring paths on other platforms. This approach may also carry a small risk that it applies an at-most-once invariant low in the chain that could be assumed otherwise higher in the code. I adjusted the newAddrMessage type to include interface index rather than a label, as labels are not always supplied, and in particular on my test hosts they were consistently missing for ipv6 address messages. I adjusted the newAddrMessage.Addr field to be populated from Attributes.Address rather than Attributes.Local, as again for ipv6 .Local was always empty, and with ipv4 the .Address and .Local contained the same contents in each of my test environments. Update #4282 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	2f69c383a5	wgengine/monitor: add envknob TS_DEBUG_NETLINK While I trust the test behavior, I also want to assert the behavior in a reproduction environment, this envknob gives me the log information I need to do so. Update #4282 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Tom DNetto	8f6d8cf979	tstest/integration/vms: test on stable nixos (21.11) I would like to do some more customized integration tests in the future, (specifically, bringing up a mitm proxy and testing tailscaled through that) so hoping to bring back the nixos wiring to support that. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
James Tucker	8226f1482c	go.mod: bump rtnetlink for address label encoding (#4386 ) This will enable me to land tests for the upcoming monitor change in PR #4385. Update #4385 Update #4282 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Tom DNetto	f923ce6f87	shell.nix: use tailscale-go for compilation This change builds a derivation for tailscale-go and makes it available in the users development environment. This is consistent with the shell.nix in corp/. Once go1.18 is in a stable Nixpkgs release we can avoid relying on derivations from nixpkgs head. For now, this works well, and the fetched derivations are cached in the Nix store according to the usual rules. Fixes #4231 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom	24bdcbe5c7	net/dns, net/dns/resolver, wgengine: refactor DNS request path (#4364 ) * net/dns, net/dns/resolver, wgengine: refactor DNS request path Previously, method calls into the DNS manager/resolver types handled DNS requests rather than DNS packets. This is fine for UDP as one packet corresponds to one request or response, however will not suit an implementation that supports DNS over TCP. To support PRs implementing this in the future, wgengine delegates all handling/construction of packets to the magic DNS endpoint, to the DNS types themselves. Handling IP packets at this level enables future support for both UDP and TCP. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	3b3d1b9350	tstest/integration/vms: consistently use two dashes for command-line switches Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Xiaochao Dong (@damnever)	7d97800d52	cmd/tailscale: make web mode preserve URL scheme in Synology redirect Signed-off-by: Xiaochao Dong (@damnever) <the.xcdong@gmail.com>	2 years ago
James Tucker	2550acfd9d	go.mod: bump netstack for clone reset fix (#4379 ) In tracking down issue #4144 and reading through the netstack code in detail, I discovered that the packet buf Clone path did not reset the packetbuf it was getting from the sync.Pool. The fix was sent upstream https://github.com/google/gvisor/pull/7385, and this bump pulls that in. At this time there is no known path that this fixes, however at the time of upstream submission this reset at least one field that could lead to incorrect packet routing if exercised, a situation that could therefore lead to an information leak. Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
David Anderson	f570372b4d	control/controlbase: don't enforce a max protocol version at handshake time. Doing so makes development unpleasant, because we have to first break the client by bumping to a version the control server rejects, then upgrade the control server to make it accept the new version. This strict rejection at handshake time is only necessary if we want to blocklist some vulnerable protocol versions in the future. So, switch to a default-permissive stance: until we have such a version that we have to eagerly block early, we'll accept whatever version the client presents, and leave it to the user of controlbase.Conn to make decisions based on that version. Noise still enforces that the client and server agree on what protocol version is being used, and the control server still has the option to finish the handshake and then hang up with an in-noise error, rather than abort at the handshake level. Updates #3488 Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
James Tucker	c6ac29bcc4	wgengine/netstack: disable refsvfs2 leak tracking (#4378 ) In addition an envknob (TS_DEBUG_NETSTACK_LEAK_MODE) now provides access to set leak tracking to more useful values. Fixes #4309 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Tom DNetto	858ab80172	tstest/integration/vms: fix docs, qemu-img invocation Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Xe Iaso	55161b3d92	cmd/mkpkg: use package flag (#4373 ) Also removes getopt Signed-off-by: Xe <xe@tailscale.com>	2 years ago
David Anderson	02ad987e24	control/controlbase: make the protocol version number selectable. This is so that we can plumb our client capability version through the protocol as the Noise version. The capability version increments more frequently than strictly required (the Noise version only needs to change when cryptographically-significant changes are made to the protocol, whereas the capability version also indicates changes in non-cryptographically-significant parts of the protocol), but this gives us a safe pre-auth way to determine if the client supports future protocol features, while still relying on Noise's strong assurance that the client and server have agreed on the same version. Currently, the server executes the same protocol regardless of the version number, and just presents the version to the caller so they can do capability-based things in the upper RPC protocol. In future, we may add a ratchet to disallow obsolete protocols, or vary the Noise handshake behavior based on requested version. Updates #3488 Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Xe Iaso	be861797b4	cmd/mkpkg: add name argument (#4372 ) * shell.nix: rename goimports to gotools Signed-off-by: Xe <xe@tailscale.com> * cmd/mkpkg: allow specifying description and name in flag args Signed-off-by: Xe <xe@tailscale.com>	2 years ago
Ramya Nagarajan	e014b4d970	api: update acl/validate data format (#4366 ) Expected input is JSON formatted []policy.ACLTest Signed-off-by: Ramya Nagarajan <ramya@tailscale.com>	2 years ago
Matt Layher	c79c72c4fc	go.mod: github.com/mdlayher/sdnotify@v1.0.0 Signed-off-by: Matt Layher <mdlayher@gmail.com>	2 years ago
Tom	6be7931eb4	net/dns/resolver: return symbolic PTR records for TS service IPs (#4361 ) Fixes #1233 Signed-off-by: Tom DNetto <tom@tailscale.com> Co-authored-by: Tom DNetto <tom@tailscale.com>	2 years ago
oliverpool	0b273e1857	cmd/tailscale: drop special exit code 125 for gokrazy No needed since gokrazy doesn't restart successful processes anymore: https://github.com/gokrazy/gokrazy/pull/127 Signed-off-by: Olivier Charvin <git@olivier.pfad.fr>	2 years ago
Maisem Ali	3603a18710	ipn/localapi: add endpoint to request id token Updates tailscale/corp#4347 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	035e8ab00e	tailcfg: add Token{Request,Response} types Updates tailscale/corp#4347 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Joe Tsai	01adcfa688	tailcfg: add omitempty to all fields of Hostinfo (#4360 ) This reduces the noise when marshaling only a subset of this type. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Maisem Ali	ac2033d98c	go.mod: bump staticcheck (#4359 ) Updates #4194 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago

1 2 3 4 5 ...

3905 Commits (945879fa38c3b71b24fdb52b24344acd06a2758a) All Branches Search

3905 Commits (945879fa38c3b71b24fdb52b24344acd06a2758a)

All Branches