tailscale

Commit Graph

Author	SHA1	Message	Date
Joe Tsai	9cb6c5bb78	util/httphdr: add new package for parsing HTTP headers (#9797 ) This adds support for parsing Range and Content-Range headers according to RFC 7230. The package could be extended in the future to handle other headers. Updates tailscale/corp#14772 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	8 months ago
Andrew Lytvynov	af5a586463	ipn/ipnlocal: include AutoUpdate prefs in HostInfo.AllowsUpdate (#9792 ) Updates #9260 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Claire Wang	754fb9a8a8	tailcfg: add tailnet field to register request (#9675 ) Updates tailscale/corp#10967 Signed-off-by: Claire Wang <claire@tailscale.com>	8 months ago
Joe Tsai	8f948638c5	taildrop: minor cleanups and fixes (#9786 ) Perform the same m==nil check in Manager.{PartialFiles,HashPartialFile} as we do in the other methods. Fix HashPartialFile is properly handle a length of -1. Updates tailscale/corp#14772 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	8 months ago
Joe Tsai	b1867eb23f	taildrop: add logic for resuming partial files (#9785 ) We add the following API: * type FileChecksums * type Checksum * func Manager.PartialFiles * func Manager.HashPartialFile * func ResumeReader The Manager methods provide the ability to query for partial files and retrieve a list of checksums for a given partial file. The ResumeReader function is a helper that wraps an io.Reader to discard content that is identical locally and remotely. The FileChecksums type represents the checksums of a file and is safe to JSON marshal and send over the wire. Updates tailscale/corp#14772 Signed-off-by: Joe Tsai <joetsai@digital-static.net> Co-authored-by: Rhea Ghosh <rhea@tailscale.com>	8 months ago
Maisem Ali	24f322bc43	ipn/ipnlocal: do unexpired cert renewals in the background We were eagerly doing a synchronous renewal of the cert while trying to serve traffic. Instead of that, just do the cert renewal in the background and continue serving traffic as long as the cert is still valid. This regressed in `c1ecae13ab` when we introduced ARI support and were trying to make the experience of `tailscale cert` better. However, that ended up regressing the experience for tsnet as it would not always doing the renewal synchronously. Fixes #9783 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Joe Tsai	1a78f240b5	tstime: add DefaultClock (#9691 ) In almost every single use of Clock, there is a default behavior we want to use when the interface is nil, which is to use the the standard time package. The Clock interface exists only for testing, and so tests that care about mocking time can adequately plumb the the Clock down the stack and through various data structures. However, the problem with Clock is that there are many situations where we really don't care about mocking time (e.g., measuring execution time for a log message), where making sure that Clock is non-nil is not worth the burden. In fact, in a recent refactoring, the biggest pain point was dealing with nil-interface panics when calling tstime.Clock methods where mocking time wasn't even needed for the relevant tests. This required wasted time carefully reviewing the code to make sure that tstime.Clock was always populated, and even then we're not statically guaranteed to avoid a nil panic. Ideally, what we want are default methods on Go interfaces, but such a language construct does not exist. However, we can emulate that behavior by declaring a concrete type that embeds the interface. If the underlying interface value is nil, it provides some default behavior (i.e., use StdClock). This provides us a nice balance of two goals: * We can plumb tstime.DefaultClock in all relevant places for use with mocking time in the tests that care. * For all other logic that don't care about, we never need to worry about whether tstime.DefaultClock is nil or not. This is especially relevant in production code where we don't want to panic. Longer-term, we may want to perform a large-scale change where we rename Clock to ClockInterface and rename DefaultClock to just Clock. Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	8 months ago
Naman Sood	7783a960e8	client/web: add metric for exit node advertising (#9781 ) * client/web: add metric for exit node advertising Updates tailscale/corp#15215 Signed-off-by: Naman Sood <mail@nsood.in> * client/web: use http request's context for IncrementCounter Updates #cleanup Signed-off-by: Naman Sood <mail@nsood.in> --------- Signed-off-by: Naman Sood <mail@nsood.in>	8 months ago
James Tucker	ce0830837d	appctype: introduce a configuration schema for app connectors Updates tailscale/corp#15043 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Joe Tsai	37c646d9d3	taildrop: improve the functionality and reliability of put (#9762 ) Changes made: * Move all HTTP related functionality from taildrop to ipnlocal. * Add two arguments to taildrop.Manager.PutFile to specify an opaque client ID and a resume offset (both unused for now). * Cleanup the logic of taildrop.Manager.PutFile to be easier to follow. * Implement file conflict handling where duplicate files are renamed (e.g., "IMG_1234.jpg" -> "IMG_1234 (2).jpg"). * Implement file de-duplication where "renaming" a partial file simply deletes it if it already exists with the same contents. * Detect conflicting active puts where a second concurrent put results in an error. Updates tailscale/corp#14772 Signed-off-by: Joe Tsai <joetsai@digital-static.net> Co-authored-by: Rhea Ghosh <rhea@tailscale.com>	8 months ago
Maisem Ali	1294b89792	cmd/k8s-operator: allow setting same host value for tls and ingress rules We were too strict and required the user not specify the host field at all in the ingress rules, but that degrades compatibility with existing helm charts. Relax the constraint so that rule.Host can either be empty, or match the tls.Host[0] value exactly. Fixes #9548 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Maisem Ali	2d4f808a4c	cmd/containerboot: fix time based serveConfig watcher This broke in a last minute refactor and seems to have never worked. Fixes #9686 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
James Tucker	4abd470322	tailcfg: implement text encoding for ProtoPortRange Updates tailscale/corp#15043 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
James Tucker	96f01a73b1	tailcfg: import ProtoPortRange for local use Imported type and parsing, with minor modifications. Updates tailscale/corp#15043 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Charlotte Brandhorst-Satzkorn	d62af8e643	words: flappy birds, but real life These birds have been visually identified as having tails. Science prevails. Updates tailscale/corp#9599 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	8 months ago
Maisem Ali	1cb9e33a95	cmd/k8s-operator: update env var in manifest to APISERVER_PROXY Replace the deprecated var with the one in docs to avoid confusion. Introduced in `335a5aaf9a`. Updates #8317 Fixes #9764 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
James Tucker	c1ef55249a	types/ipproto: import and test string parsing for ipproto IPProto has been being converted to and from string formats in multiple locations with variations in behavior. TextMarshaller and JSONMarshaller implementations are now added, along with defined accepted and preferred formats to centralize the logic into a single cross compatible implementation. Updates tailscale/corp#15043 Fixes tailscale/corp#15141 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Maisem Ali	319607625f	ipn/ipnlocal: fix log spam from now expected paths These log paths were actually unexpected until the refactor in `fe95d81b43`. This moves the logs to the callsites where they are actually unexpected. Fixes #9670 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Maisem Ali	9d96e05267	net/packet: split off checksum munging into different pkg The current structure meant that we were embedding netstack in the tailscale CLI and in the GUIs. This removes that by isolating the checksum munging to a different pkg which is only called from `net/tstun`. Fixes #9756 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Brad Fitzpatrick	8b630c91bc	wgengine/filter: use slices.Contains in another place We keep finding these. Updates #cleanup Change-Id: Iabc049b0f8da07341011356f0ecd5315c33ff548 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
James 'zofrex' Sanderson	0a412eba40	words: Na na na na na na na na na na na na na na na na (#9753 ) So gnarly! Updates tailscale/corp#14698 Signed-off-by: James Sanderson <jsanderson@tailscale.com>	8 months ago
James Tucker	11348fbe72	util/nocasemaps: import nocasemaps from corp This is a dependency of other code being imported later. Updates tailscale/corp#15043 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Maisem Ali	fbfee6a8c0	cmd/containerboot: use linuxfw.NetfilterRunner This migrates containerboot to reuse the NetfilterRunner used by tailscaled instead of manipulating iptables rule itself. This has the added advantage of now working with nftables and we can potentially drop the `iptables` command from the container image in the future. Updates #9310 Co-authored-by: Irbe Krumina <irbe@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Sonia Appasamy	7a0de2997e	client/web: remove unused context param from NewServer Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	8 months ago
Maisem Ali	aad3584319	util/linuxfw: move fake runner into pkg This allows using the fake runner in different packages that need to manage filter rules. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Tom DNetto	fffafc65d6	tsnet: support registering fallback TCP flow handlers For the app connector use-case, it doesnt make sense to use listeners, because then you would need to register thousands of listeners (for each proto/service/port combo) to handle ranges. Instead, we plumb through the TCPHandlerForFlow abstraction, to avoid using the listeners abstraction that would end up being a bit messy. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: https://github.com/tailscale/corp/issues/15038	8 months ago
David Anderson	9f05018419	clientupdate/distsign: add new prod root signing key to keychain Updates tailscale/corp#15179 Signed-off-by: David Anderson <danderson@tailscale.com>	8 months ago
Galen Guyer	04a8b8bb8e	net/dns: properly detect newer debian resolvconf Tailscale attempts to determine if resolvconf or openresolv is in use by running `resolvconf --version`, under the assumption this command will error when run with Debian's resolvconf. This assumption is no longer true and leads to the wrong commands being run on newer versions of Debian with resolvconf >= 1.90. We can now check if the returned version string starts with "Debian resolvconf" if the command is successful. Fixes #9218 Signed-off-by: Galen Guyer <galen@galenguyer.com>	8 months ago
Paul Scott	4e083e4548	util/cmpver: only consider ascii numerals (#9741 ) Fixes #9740 Signed-off-by: Paul Scott <paul@tailscale.com>	8 months ago
Maisem Ali	78a083e144	types/ipproto: drop IPProto from IPProtoVersion Based on https://github.com/golang/go/wiki/CodeReviewComments#package-names. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Maisem Ali	05a1f5bf71	util/linuxfw: move detection logic Just a refactor to consolidate the firewall detection logic in a single package so that it can be reused in a later commit by containerboot. Updates #9310 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
Maisem Ali	56c0a75ea9	tool/gocross: handle VERSION file not found Fixes #9734 Signed-off-by: Maisem Ali <maisem@tailscale.com>	8 months ago
James Tucker	ba6ec42f6d	util/linuxfw: add missing input rule to the tailscale tun Add an explicit accept rule for input to the tun interface, as a mirror to the explicit rule to accept output from the tun interface. The rule matches any packet in to our tun interface and accepts it, and the rule is positioned and prioritized such that it should be evaluated prior to conventional ufw/iptables/nft rules. Updates #391 Fixes #7332 Updates #9084 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Andrew Lytvynov	677d486830	clientupdate: abort if current version is newer than latest (#9733 ) This is only relevant for unstable releases and local builds. When local version is newer than upstream, abort release. Also, re-add missing newlines in output that were missed in https://github.com/tailscale/tailscale/pull/9694. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	8 months ago
Will Norris	7f08bddfe1	tailcfg: add type for web client auth response This will be returned from the upcoming control endpoints for doing web client session authentication. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Flakes Updater	00977f6de9	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	8 months ago
License Updater	0ccfcb515c	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	8 months ago
Brad Fitzpatrick	3749a3bbbb	go.toolchain.rev: bump for CVE-2023-39325 Updates tailscale/corp#15165 Change-Id: Ib001cfb44eb3e6d735dfece9bd3ae9eea13048c9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Brad Fitzpatrick	6b1ed732df	go.mod: bump x/net to 0.17 for CVE-2023-39325 https://go.googlesource.com/net/+/b225e7ca6dde1ef5a5ae5ce922861bda011cfabd Updates tailscale/corp#15165 Change-Id: Ia8b5e16b1acfe1b2400d321034b41370396f70e2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Brad Fitzpatrick	70de16bda7	ipn/localapi: make whois take IP or IP:port as documented, fix capmap netstack lookup The whois handler was documented as taking IP (e.g. 100.101.102.103) or IP:port (e.g. usermode 127.0.0.1:1234) but that got broken at some point and we started requiring a port always. Fix that. Also, found in the process of adding tests: fix the CapMap lookup in userspace mode (it was always returning the caps of 127.0.0.1 in userspace mode). Fix and test that too. Updates #9714 Change-Id: Ie9a59744286522fa91c4b70ebe89a1e94dbded26 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	8 months ago
Kristoffer Dalby	7f540042d5	ipn/ipnlocal: use syspolicy to determine collection of posture data Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	8 months ago
Kristoffer Dalby	d0b8bdf8f7	posture: add get serial support for macOS Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	8 months ago
Kristoffer Dalby	9eedf86563	posture: add get serial support for Windows/Linux This commit adds support for getting serial numbers from SMBIOS on Windows/Linux (and BSD) using go-smbios. Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	8 months ago
Val	249edaa349	wgengine/magicsock: add probed MTU metrics Record the number of MTU probes sent, the total bytes sent, the number of times we got a successful return from an MTU probe of a particular size, and the max MTU recorded. Updates #311 Signed-off-by: Val <valerie@tailscale.com>	8 months ago
Val	893bdd729c	disco,net/tstun,wgengine/magicsock: probe peer MTU Automatically probe the path MTU to a peer when peer MTU is enabled, but do not use the MTU information for anything yet. Updates #311 Signed-off-by: Val <valerie@tailscale.com>	8 months ago
Kristoffer Dalby	b4e587c3bd	tailcfg,ipn: add c2n endpoint for posture identity Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	8 months ago
Kristoffer Dalby	9593cd3871	posture: add get serial stub for all platforms Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	8 months ago
Kristoffer Dalby	623926a25d	cmd/tailscale: add --posture-checking flag to set Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	8 months ago
Kristoffer Dalby	886917c42b	ipn: add PostureChecks to Prefs Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	8 months ago
Simon Leonhardt	553f657248	sniproxy allows configuration of hostname Signed-off-by: Simon Leonhardt <simon@controlzee.com>	8 months ago

1 2 3 4 5 ...

6503 Commits (9cb6c5bb7865d9666b4965072dd757286b5cef95) All Branches Search

6503 Commits (9cb6c5bb7865d9666b4965072dd757286b5cef95)

All Branches