tailscale

Commit Graph

Author	SHA1	Message	Date
Denton Gentry	9dd89b8c26	VERSION.txt: this is v1.32.3 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Tom DNetto	b7d0a67f5e	ipn/{localapi,ipnserver}: set a CSP for ServeHTMLStatus, refactor host check Signed-off-by: Tom DNetto <tom@tailscale.com> (cherry picked from commit `2a991a3541`)	3 years ago
Brad Fitzpatrick	7045359322	net/netcheck: deflake (maybe) magicsock's TestNewConn Updates #6207 Change-Id: I51d200d0b42b9a1ef799d0abfc8d4bd871c50cf2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `036334e913`)	3 years ago
Brad Fitzpatrick	49ae82e8bd	ipn/ipnserver: validate Host header on debug ServeHTMLStatus status Updates tailscale/corp#7948 Change-Id: I3a8c64f353af1eeae620812b2700ce4af4fbbc88 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `f18dde6ad1`)	3 years ago
Brad Fitzpatrick	7077adc475	ipn/localapi: require POST to add a bugreport marker The LocalClient.BugReport method already sends it via POST. Updates tailscale/corp#7948 Change-Id: I98dbd558c99d4296d934baa5ebc97052c7413073 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `a13753ae1e`)	3 years ago
Adrian Dewhurst	5e65717c7f	ipn/ipnlocal: fix integration test failure in tkaSyncIfNeeded In main, some of the prefs handling was reworked and some of those changes were cherry picked to 1.32. This prevents failures for the internal integration test for TKA that was failing due to an uninitialized prefs.Persist. Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	3 years ago
Mihai Parparita	39d73f9fae	ipn/ipnlocal: fix a log line having function pointers instead of values Followup to using ipn.PrefsView (#6031). Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Andrew Dunham	6dbfafd75f	cmd/tailscale, util/quarantine: set quarantine flags on files from Taildrop This sets the "com.apple.quarantine" flag on macOS, and the "Zone.Identifier" alternate data stream on Windows. Change-Id: If14f805467b0e2963067937d7f34e08ba1d1fa85 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> (cherry picked from commit `0af61f7c40`)	3 years ago
Andrew Dunham	f99a3e5fd9	ipn/localapi: set security headers Change-Id: I028b6ab91229e2f824e5a69856ca9e1844f7486e Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	3 years ago
Mihai Parparita	c68ba18d43	ipn/localapi: also allow localhost as the LocalAPI host The Mac and iOS LocalAPI clients make requests to it. Signed-off-by: Mihai Parparita <mihai@tailscale.com> (cherry picked from commit `b3da5de10f`)	3 years ago
Maisem Ali	6cee582f67	ipn/ipnlocal: move selfNode from peerAPIServer to peerAPIHandler The peerAPIHandler is instantiated per PeerAPI call so it is guaranteed to have the latest selfNode. Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `b0736fe6f7`)	3 years ago
Brad Fitzpatrick	0cd803e174	ipn/ipnlocal: also accept service IP IPv6 literal in brackets for quad100 The fix in `4fc8538e2` was sufficient for IPv6. Browsers (can?) send the IPv6 literal, even without a port number, in brackets. Updates tailscale/corp#7948 Change-Id: I0e429d3de4df8429152c12f251ab140b0c8f6b77 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `e9c851b04b`)	3 years ago
Denton Gentry	6a7e66b666	Fix cherry-pick related build breaks. ipn/ipnlocal/local.go: must include net/url. ipn/ipnlocal/peerapi_test.go: remove tailscale.com/util/must Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Maisem Ali	7a3a1e3e68	tailcfg: add CapabilityDebug Updates tailscale/corp#7948 Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `296e712591`)	3 years ago
Maisem Ali	637b4b72c0	ipn/ipnlocal: add some validation to PeerAPI Updates tailscale/corp#7948 Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `1e78fc462c`)	3 years ago
Brad Fitzpatrick	af0d2bd407	ipn/ipnlocal: move LocalBackend.validPopBrowserURL empty check from caller I was too late with review feedback to `513780f4f8`. Updates tailscale/corp#7948 Change-Id: I8fa3b4eba4efaff591a2d0bfe6ab4795638b7c3a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `1b56acf513`)	3 years ago
Maisem Ali	ca827b9a04	ipn/ipnlocal: move URL validation to LocalBackend Updates tailscale/corp#7948 Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `513780f4f8`)	3 years ago
Andrew Dunham	5cb9db9950	ipn/localapi: serve files with application/octet-stream Content-Type Updates tailscale/corp#7948 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I5f570c04974598c7abae4017e4a7a0f63492c87c (cherry picked from commit `4caca8619e`)	3 years ago
Brad Fitzpatrick	df91c8f153	ipn/ipnlocal: check quad100 Host header in info page Updates tailscale/corp#7948 Change-Id: I0ab61c764bff9ba8afaf9070db73e971eb018477 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `4fc8538e2f`)	3 years ago
Brad Fitzpatrick	7c1ba770be	client/tailscale/apitype: add LocalAPIHost const, use it Removes duplication. Updates tailcale/corp#7948 Change-Id: I564c912ecfde31ba2293124bb1316e433c2a10f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `976e88d430`)	3 years ago
Brad Fitzpatrick	c1522858bb	control/controlclient: filter PopBrowserURL values to https schemes No need for http://, etc. In case a control server sends a bogus value and GUIs don't also validate. Updates tailscale/corp#7948 Change-Id: I0b7dd86aa396bdabd88f0c4fe51831fb2ec4175a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `97319a1970`)	3 years ago
Maisem Ali	1251e128da	ipn: make Notify.Prefs be a *ipn.PrefsView It is currently a `ipn.PrefsView` which means when we do a JSON roundtrip, we go from an invalid Prefs to a valid one. This makes it a pointer, which fixes the JSON roundtrip. This was introduced in `0957bc5af2`. Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `6afe26575c`)	3 years ago
Maisem Ali	5ab91f8b99	ipn/ipnlocal: make EditPrefs strip private keys before returning Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `9f39c3b10f`)	3 years ago
Maisem Ali	3344521e88	types/persist: add PublicNodeKey helper Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `a2d15924fb`)	3 years ago
Maisem Ali	7dc95765f7	ipn/ipnlocal: use ipn.PrefsView Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `0957bc5af2`)	3 years ago
Maisem Ali	c7ddb42083	ipn/prefs: add views Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `20324eeebc`)	3 years ago
Brad Fitzpatrick	77ba681a7b	ipn: remove handle.go It was unused in this repo. The Windows client used it, but it can move there. Change-Id: I572816fd80cbbf1b8db734879b6280857d5bd2a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `afce773aae`)	3 years ago
Denton Gentry	54e8fa172b	VERSION.txt: this is v1.32.2 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Andrew Dunham	8a9888aea9	net/interfaces: don't dereference null pointer if no destination/netmask Fixes #6065 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I7159b8cbb8d5f47c0668cf83e59167f182f1defd (cherry picked from commit `95f3dd1346`)	3 years ago
Jordan Whited	5bdf8e21c8	wgengine/netstack: enable TCP SACK (#6066 ) TCP selective acknowledgement can improve throughput by an order of magnitude in the presence of loss. Signed-off-by: Jordan Whited <jordan@tailscale.com> (cherry picked from commit `a471681e28`)	3 years ago
Peter Cai	78c60b49f7	net/dnscache: Handle 4-in-6 addresses in DNS responses On Android, the system resolver can return IPv4 addresses as IPv6-mapped addresses (i.e. `::ffff:a.b.c.d`). After the switch to `net/netip` (`19008a3`), this case is no longer handled and a response like this will be seen as failure to resolve any IPv4 addresses. Handle this case by simply calling `Unmap()` on the returned IPs. Fixes #5698. Signed-off-by: Peter Cai <peter@typeblog.net> (cherry picked from commit `4597ec1037`)	3 years ago
Denton Gentry	f8497daa68	VERSION.txt: this is v1.32.1 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Maisem Ali	8023971bff	wgengine/router: [linux] add before deleting interface addrs Deleting may temporarily result in no addrs on the interface, which results in all other rules (like routes) to get dropped by the OS. I verified this fixes the problem. Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `74637f2c15`)	3 years ago
Andrew Dunham	0cc397e96d	cmd/derper, net/netcheck: add challenge/response to generate_204 endpoint The Lufthansa in-flight wifi generates a synthetic 204 response to the DERP server's /generate_204 endpoint. This PR adds a basic challenge/response to the endpoint; something sufficiently complicated that it's unlikely to be implemented by a captive portal. We can then check for the expected response to verify whether we're being MITM'd. Follow-up to #5601 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I94a68c9a16a7be7290200eea6a549b64f02ff48f (cherry picked from commit `223126fe5b`)	3 years ago
Anton Tolchanov	46235b790d	net/interfaces: improve default route detection Instead of treating any interface with a non-ifscope route as a potential default gateway, now verify that a given route is actually a default route (0.0.0.0/0 or ::/0). Fixes #5879 Signed-off-by: Anton Tolchanov <anton@tailscale.com> (cherry picked from commit `d499afac78`)	3 years ago
Anton Tolchanov	b6ce364bf7	net/interfaces: deduplicate route table parsing on Darwin and FreeBSD Signed-off-by: Anton Tolchanov <anton@tailscale.com> (cherry picked from commit `9c2ad7086c`)	3 years ago
Mihai Parparita	78dec82736	net/wsconn: add back custom wrapper for turning a websocket.Conn into a net.Conn We removed it in #4806 in favor of the built-in functionality from the nhooyr.io/websocket package. However, it has an issue with deadlines that has not been fixed yet (see nhooyr/websocket#350). Temporarily go back to using a custom wrapper (using the fix from our fork) so that derpers will stop closing connections too aggressively. Updates #5921 Change-Id: I1597644e8ba47b413e33f2201eab935145566c0e Signed-off-by: Mihai Parparita <mihai@tailscale.com> (cherry picked from commit `9d04ffc782`)	3 years ago
Brad Fitzpatrick	7c2fdcd028	ipn/ipnlocal: fix E.G.G. port number accounting Change-Id: Id35461fdde79448372271ba54f6e6af586f2304d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `9475801ebe`)	3 years ago
Xe Iaso	613d624bea	tsnet/examples/tshello: update example for LocalClient method (#5966 ) Before this would silently fail if this program was running on a machine that was not already running Tailscale. This patch changes the WhoIs call to use the tsnet.Server LocalClient instead of the global tailscale LocalClient. Signed-off-by: Xe <xe@tailscale.com> Change-Id: Ieb830fbce81292acc4c3b4d1b675aa10766a18dc Signed-off-by: Xe <xe@tailscale.com> (cherry picked from commit `86c5bddce2`)	3 years ago
Andrew Dunham	d982963e0b	control/controlhttp: try to avoid flakes in TestDialPlan Updates tailscale/corp#7446 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ifcf3b5176f065c2e67cbb8943f6356dea720a9c5 (cherry picked from commit `a4e707bcf0`)	3 years ago
Maisem Ali	cdf7ae8066	kube: handle 201 as a valid status code. Fixes tailscale/corp#7478 Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `af966391c7`)	3 years ago
Denton Gentry	30afe38cb9	cmd/tailscale: correct --cpu-profile help text Signed-off-by: Denton Gentry <dgentry@tailscale.com> (cherry picked from commit `19dfdeb1bb`)	3 years ago
Andrew Dunham	2a6afafc76	cmd/tailscale, ipn: enable debug logs when --report flag is passed to bugreport (#5830 ) Change-Id: Id22e9f4a2dcf35cecb9cd19dd844389e38c922ec Signed-off-by: Andrew Dunham <andrew@tailscale.com> (cherry picked from commit `c32f9f5865`)	3 years ago
Tom DNetto	23a664325e	ipn/ipnlocal: make tkaSyncIfNeeded exclusive with a mutex Running corp/ipn#TestNetworkLockE2E has a 1/300 chance of failing, and deskchecking suggests thats whats happening are two netmaps are racing each other to be processed through tkaSyncIfNeededLocked. This happens in the first place because we release b.mu during network RPCs. To fix this, we make the tka sync logic an exclusive section, so two netmaps will need to wait for tka sync to complete serially (which is what we would want anyway, as the second run through probably wont need to sync). Signed-off-by: Tom DNetto <tom@tailscale.com> (cherry picked from commit `a515fc517b`)	3 years ago
Brad Fitzpatrick	b9e1c18578	net/netcheck: fix crash in checkCaptivePortal If netcheck happens before there's a derpmap. This seems to only affect Headscale because it doesn't send a derpmap as early? Change-Id: I51e0dfca8e40623e04702bc9cc471770ca20d2c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `9a264dac01`)	3 years ago
James Tucker	a5340a07cf	wgengine/router: fix MTU configuration on Windows Always set the MTU to the Tailscale default MTU. In practice we are missing applying an MTU for IPv6 on Windows prior to this patch. This is the simplest patch to fix the problem, the code in here needs some more refactoring. Fixes #5914 Signed-off-by: James Tucker <james@tailscale.com> (cherry picked from commit `4ec6d41682`)	3 years ago
Joe Tsai	ccca9faaf8	wgengine: fix typo in Engine.PeerForIP (#5912 ) Signed-off-by: Joe Tsai <joetsai@digital-static.net> (cherry picked from commit `49bae7fd5c`)	3 years ago
Sonia Appasamy	f7c15dd0b0	types/view: add ContainsNonExitSubnetRoutes func Signed-off-by: Sonia Appasamy <sonia@tailscale.com> (cherry picked from commit `5363a90272`)	3 years ago
Mihai Parparita	a780929391	derp/derphttp: fix nil pointer dereference when closing a netcheck client NewNetcheckClient only initializes a subset of fields of derphttp.Client, and the Close() call added by #5707 was result in a nil pointer dereference. Make Close() safe to call when using NewNetcheckClient() too. Fixes #5919 Signed-off-by: Mihai Parparita <mihai@tailscale.com> (cherry picked from commit `b2855cfd86`)	3 years ago
Denton Gentry	fc688fe024	VERSION.txt: this is v1.32.0 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago

1 2 3 4 5 ...

4637 Commits (9dd89b8c263d8a15dec313ea3ce77a6f2fcf2aaf) All Branches Search

4637 Commits (9dd89b8c263d8a15dec313ea3ce77a6f2fcf2aaf)

All Branches