tailscale

Commit Graph

Author	SHA1	Message	Date
Matt Layher	a217f1fccf	all: fix nilness issues Signed-off-by: Matt Layher <mdlayher@gmail.com>	6 months ago
Will Norris	c5208f8138	client/web: small tweaks for small screens Add left and right padding around entire client so that the cards don't run into the side of the screen. Also tighten up vertical spacing in couple of places. Updates #10261 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Andrew Dunham	c4ccdd1bd1	net/interfaces: ensure we return valid 'self' IP in LikelyHomeRouterIP Before this fix, LikelyHomeRouterIP could return a 'self' IP that doesn't correspond to the gateway address, since it picks the first private address when iterating over the set interfaces as the 'self' IP, without checking that the address corresponds with the previously-detected gateway. This behaviour was introduced by accident in `aaf2df7`, where we deleted the following code: for _, prefix := range privatev4s { if prefix.Contains(gateway) && prefix.Contains(ip) { myIP = ip ok = true return } } Other than checking that 'gateway' and 'ip' were private IP addresses (which were correctly replaced with a call to the netip.Addr.IsPrivate method), it also implicitly checked that both 'gateway' and 'ip' were a part of the same prefix, and thus likely to be the same interface. Restore that behaviour by explicitly checking pfx.Contains(gateway), which, given that the 'ip' variable is derived from our prefix 'pfx', ensures that the 'self' IP will correspond to the returned 'gateway'. Fixes #10466 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Iddd2ee70cefb9fb40071986fefeace9ca2441ee6	6 months ago
Mario Minardi	6b083a8ddf	client/web: add metric logging logic to the web client (#10434 ) Add metric logging logic for the web client frontend. This is an initial pass of adding the base logic, plus a single point where it is used for validation that the logging is working correctly. More metric logging calls will follow in subsquent PRs. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com>	6 months ago
Will Norris	9c4b73d77d	client/web: handle login client inside an iframe If the login client is inside an iframe, open the management client in a new window, since it can't be loaded in the frame. Updates #10261 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Will Norris	9441a4e15d	client/web: render 404 message in empty card Switch the "feature disabled" page to use the same treatment. Updates #10261 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Sonia Appasamy	65643f6606	client/web: update device and connected icon Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Will Norris	f5989f317f	client/web: handle offline exit nodes If the currently selected exit node is offline, render the exit node selector in red with an error message. Update exit nodes in the dropdown to indicate if they are offline, and don't allow them to be selected. This also updates some older color values to use the new colors. Updates #10261 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Sonia Appasamy	b144391c06	client/web: add cancel button to subnet router input section Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	95e9d22a16	client/web: button, link, and other small UI updates Makes the following changes: * Use “link” class in various spots * Remove button appearance on Exit Node dropdown in readonly mode * Update `-stone-` colors to `-gray-` (couple spots missed by original color config commit) * Pull full ui/button component from admin panel, and update buttons throughout UI to use this component * Remove various buttons in readonly view to match mocks * Add route (and “pending approval”) highlights to Subnet router settings card * Delete legacy client button styles from index.css * Fix overflow of IPv6 address on device details view Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Aaron Klotz	64a26b221b	net/dns: use an additional registry setting to disable dynamic DNS updates for our interface on Windows Fixes #9775 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	6 months ago
Irbe Krumina	49fd0a62c9	cmd/k8s-operator: generate static kube manifests from the Helm chart. (#10436 ) * cmd/k8s-operator: generate static manifests from Helm charts This is done to ensure that there is a single source of truth for the operator kube manifests. Also adds linux node selector to the static manifests as this was added as a default to the Helm chart. Static manifests can now be generated by running `go generate tailscale.com/cmd/k8s-operator`. Updates tailscale/tailscale#9222 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	6 months ago
Andrew Lytvynov	263e01c47b	wgengine/filter: add protocol-agnostic packet checker (#10446 ) For use in ACL tests, we need a way to check whether a packet is allowed not just with TCP, but any protocol. Updates #3561 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	6 months ago
Flakes Updater	c85532270f	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	6 months ago
Adrian Dewhurst	2003d1139f	go.mod: update certstore Updates tailscale/coral#118 Change-Id: Ie535ab890f95d13d050b2acc7d4ad1e3f8316877 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	6 months ago
Will Norris	f9550e0bed	client/web: indicate if ACLs prevent access Use the packet filter rules to determine if any device is allowed to connect on port 5252. This does not check whether a specific device can connect (since we typically don't know the source device when this is used). Nor does it specifically check for wide-open ACLs, which is something we may provide a warning about in the future. Update the login popover content to display information when the src device is unable to connect to the dst device over its Tailscale IP. If we know it's an ACL issue, mention that, otherwise list a couple of things to check. In both cases, link to a placeholder URL to get more information about web client connection issues. Updates #10261 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Sonia Appasamy	5e125750bc	client/web: center and fix height of header Centers login pill with Tailscale icon, and fixes height of login pill. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
OSS Updater	f13255d54d	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	6 months ago
Sonia Appasamy	7a4ba609d9	client/web: show features based on platform support Hiding/disabling UI features when not available on the running client. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	7d61b827e8	client/web: adjust colors and some UI margins Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	b155c7a091	client/web: move postcss config into package.json A little cleanup. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Aaron Klotz	db39a43f06	util/winutil: add support for restarting Windows processes in specific sessions This PR is all about adding functionality that will enable the installer's upgrade sequence to terminate processes belonging to the previous version, and then subsequently restart instances belonging to the new version within the session(s) corresponding to the processes that were killed. There are multiple parts to this: * We add support for the Restart Manager APIs, which allow us to query the OS for a list of processes locking specific files; * We add the RestartableProcess and RestartableProcesses types that query additional information about the running processes that will allow us to correctly restart them in the future. These types also provide the ability to terminate the processes. * We add the StartProcessInSession family of APIs that permit us to create new processes within specific sessions. This is needed in order to properly attach a new GUI process to the same RDP session and desktop that its previously-terminated counterpart would have been running in. * I tweaked the winutil token APIs again. * A lot of this stuff is pretty hard to test without a very elaborate harness, but I added a unit test for the most complicated part (though it requires LocalSystem to run). Updates https://github.com/tailscale/corp/issues/13998 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	6 months ago
Andrew Lytvynov	59d1077e28	clientupdate: cleanup tailscale binary copies on Windows (#10433 ) When updating on Windows, we make a copy of the tailscale.exe file in a temp directory to perform the update, because the original tailscale.exe gets deleted during the update. This can eat up disk space if a machine is stuck doing repeated failed update attempts. Clean up old copies explicitly before making a new one, same as we do with MSIs. Updates #10082 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	6 months ago
Marwan Sulaiman	b819f66eb1	tsweb: propagate RequestID via context and entire request The recent addition of RequestID was only populated if the HTTP Request had returned an error. This meant that the underlying handler has no access to this request id and any logs it may have emitted were impossible to correlate to that request id. Therefore, this PR adds a middleware to generate request ids and pass them through the request context. The tsweb.StdHandler automatically populates this request id if the middleware is being used. Finally, inner handlers can use the context to retrieve that same request id and use it so that all logs and events can be correlated. Updates #2549 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	6 months ago
Juergen Knaack	c27aa9e7ff	net/dns: fix darwin dns resolver files putting each nameserver on one line in /etc/resolver/<domain> fixes: #10134 Signed-off-by: Juergen Knaack <jk@jk-1.de>	6 months ago
Sonia Appasamy	cbd0b60743	client/web: remove ControlAdminURL override Was setting this for testing, snuck into the merged version. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	bcc9b44cb1	client/web: hide admin panel links for non-tailscale control servers Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Claire Wang	8af503b0c5	syspolicy: add exit node related policies (#10172 ) Adds policy keys ExitNodeID and ExitNodeIP. Uses the policy keys to determine the exit node in preferences. Fixes tailscale/corp#15683 Signed-off-by: Claire Wang <claire@tailscale.com>	6 months ago
Sonia Appasamy	ecd1ccb917	client/web: add subnet routes view Add UI view for mutating the node's advertised subnet routes. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	7aa981ba49	client/web: remove duplicate WhoIs call Fixes a TODO in web.authorizeRequest. `getSession` calls `WhoIs` already. Call `getSession` earlier in `authorizeRequest` so we can avoid the duplicate `WhoIs` check on the same request. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Sonia Appasamy	bc4e303846	ipn/ipnstate: add AllowedIPs to PeerStatus Adds AllowedIPs to PeerStatus, allowing for easier lookup of the routes allowed to be routed to a node. Will be using the AllowedIPs of the self node from the web client interface to display approval status of advertised routes. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Andrew Lytvynov	ac4b416c5b	cmd/tailscale,ipn/ipnlocal: pass available update as health message (#10420 ) To be consistent with the formatting of other warnings, pass available update health message instead of handling ClientVersion in he CLI. Fixes #10312 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	6 months ago
Will Norris	26db9775f8	client/web: skip check mode for non-tailscale.com control servers (#10413 ) client/web: skip check mode for non-tailscale.com control servers Only enforce check mode if the control server URL ends in ".tailscale.com". This allows the web client to be used with headscale (or other) control servers while we work with the project to add check mode support (tracked in juanfont/headscale#1623). Updates #10261 Co-authored-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Sonia Appasamy	ab0e25beaa	client/web: fix Vite dev server build error `6e30c9d1f` added eslint to the web client. As a part of that change, the existing yarn.lock file was removed and yarn install run to build with a clean yarn dependencies set with latest versions. This caused a change in the "vite-plugin-rewrite-all" package that fails at build time with our existing vite config. This is a known bug with some suggested fixes: https://vitejs.dev/guide/troubleshooting.html#this-package-is-esm-only Rather than editing our package.json type, this commit reverts back the yarn.lock file to it's contents at the commit just before `6e30c9d1f` and then only runs yarn install to add the new eslint packages, rather than installing the latest versions of all packages. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Tom DNetto	8a660a6513	ipn/ipnlocal: update hostinfo when app connector state is toggled Updates: https://github.com/tailscale/corp/issues/16041 Signed-off-by: Tom DNetto <tom@tailscale.com>	6 months ago
Sonia Appasamy	6e30c9d1fe	client/web: add eslint Add eslint to require stricter typescript rules, particularly around required hook dependencies. This commit also updates any files that were now throwing errors with eslint. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Andrew Lytvynov	5a9e935597	clientupdate: implement update for Unraid (#10344 ) Use the [`plugin` CLI](https://forums.unraid.net/topic/72240-solved-is-there-a-way-to-installuninstall-plugins-from-script/#comment-676870) to fetch and apply the update. Updates https://github.com/tailscale/tailscale/issues/10184 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	6 months ago
Jordan Whited	5e861c3871	wgengine/netstack: disable RACK on Windows (#10402 ) Updates #9707 Signed-off-by: Jordan Whited <jordan@tailscale.com>	6 months ago
Sonia Appasamy	5f40b8a0bc	scripts/check_license_headers: enforce license on ts/tsx files Enforcing inclusion of our OSS license at the top of .ts and .tsx files. Also updates any relevant files in the repo that were previously missing the license comment. An additional `@license` comment is added to client/web/src/index.tsx to preserve the license in generated Javascript. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Jenny Zhang	09b4914916	tka: clarify field comment Updates #cleanup Signed-off-by: Jenny Zhang <jz@tailscale.com>	6 months ago
Denton Gentry	67f3b2a525	tsnet: add CapturePcap method for debugging Application code can call the tsnet s.CapturePcap(filename) method to write all packets, sent and received, to a pcap file. The cleartext packets are written, outside the Wireguard tunnel. This is expected to be useful for debugging. Updates https://github.com/tailscale/tailscale/issues/9707 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	6 months ago
Sonia Appasamy	b247435d66	client/web: scroll exit node dropdown to top on search When search input changes, reset the scroll to the top of the dropdown list. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	6 months ago
Jenny Zhang	d5d84f1a68	cmd/tailscale: also warn about IP forwarding if using CLI set We warn users about IP forwarding being disabled when using `--avertise-routes` in `tailscale up`, this adds the same warnings to `tailscale set`. Updates tailscale/corp#9968 Signed-off-by: Jenny Zhang <jz@tailscale.com>	6 months ago
Irbe Krumina	18ceb4e1f6	cmd/{containerboot,k8s-operator}: allow users to define tailnet egress target by FQDN (#10360 ) * cmd/containerboot: proxy traffic to tailnet target defined by FQDN Add a new Service annotation tailscale.com/tailnet-fqdn that users can use to specify a tailnet target for which an egress proxy should be deployed in the cluster. Updates tailscale/tailscale#10280 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	6 months ago
David Anderson	2a01df97b8	flake.nix: use vendorHash instead of vendorSha256 vendorSha256 is getting retired, and throws warning in builds. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	6 months ago
Flakes Updater	6b395f6385	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	6 months ago
Charlotte Brandhorst-Satzkorn	9e63bf5fd6	words: crikey! what a beauty of a list If I have to add a tail, or a scale, mate, I will add it. Updates tailscale/corp#14698 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	6 months ago
Tom DNetto	611e0a5bcc	appc,ipn/local: support wildcard when matching app-connectors Updates: ENG-2453 Signed-off-by: Tom DNetto <tom@tailscale.com>	6 months ago
Jordan Whited	1af7f5b549	wgengine/magicsock: fix typo in Conn.handlePingLocked() (#10365 ) Updates #cleanup Signed-off-by: Jordan Whited <jordan@tailscale.com>	6 months ago
Andrew Dunham	5aa7687b21	util/httpm: don't run test if .git doesn't exist Updates #9635 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I9089200f9327605036c88fc12834acece0c11694	6 months ago

1 2 3 4 5 ...

6872 Commits (a217f1fccfef555cd644256e4e8c095dcb9944a6) All Branches Search

6872 Commits (a217f1fccfef555cd644256e4e8c095dcb9944a6)

All Branches