tailscale

Commit Graph

Author	SHA1	Message	Date
Maisem Ali	235309adc4	all: store NL keys per profile This moves the NetworkLock key from a dedicated StateKey to be part of the persist.Persist struct. This struct is stored as part for ipn.Prefs and is also the place where we store the NodeKey. It also moves the ChonkDir from "/tka" to "/tka-profile/<profile-id>". The rename was intentional to be able to delete the "/tka" dir if it exists. This means that we will have a unique key per profile, and a unique directory per profile. Note: `tailscale logout` will delete the entire profile, including any keys. It currently does not delete the ChonkDir. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	fe81ee62d7	ipn/ipnlocal: do controlclient.Shutdown in a different goroutine We do not need to wait for it to complete. And we might have to call Shutdown from callback from the controlclient which might already be holding a lock that Shutdown requires. Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Tom DNetto	42855d219b	ipn/ipnlocal: fix checks for node-key presence in TKA logic Found by tests in another repo. TKA code wasn't always checking enough to be sure a node-key was set for the current state. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	7c285fe7ee	ipn/ipnlocal: fix error message typo in ingress peerapi handler Updates tailscale/corp#7515 Change-Id: I81edd7d9f8958eef61be71d3d34e545cd3347008 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	3114eacbb8	ipn/ipnlocal: don't warn about serve listener failing on IPv6-less machines Fixes #6303 Change-Id: Ie1ce12938f68dfa0533246bbe3b9d7f3e749a243 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	3f8e185003	health: add Warnable, move ownership of warnable items to callers The health package was turning into a rando dumping ground. Make a new Warnable type instead that callers can request an instance of, and then Set it locally in their code without the health package being aware of all the things that are warnable. (For plenty of things the health package will want to know details of how Tailscale works so it can better prioritize/suppress errors, but lots of the warnings are pretty leaf-y and unrelated) This just moves two of the health warnings. Can probably move more later. Change-Id: I51e50e46eb633f4e96ced503d3b18a1891de1452 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	b87cb2c4a5	ipn/ipnlocal: call restart backend on user changes This makes it so that the backend also restarts when users change, otherwise an extra call to Start was required. Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	8e85227059	cmd/tailscale/cli: [set] handle selectively modifying routes/exit node Noticed this while debugging something else, we would reset all routes if either `--advertise-exit-node` or `--advertise-routes` were set. This handles correctly updating them. Also added tests. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	26d1fc867e	ipn/ipnlocal: delete profile on logout Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	9e70daad6f	ipn/ipnlocal: make TKA tests not have side effects It left the envknob turned on which meant that running all the tests in the package had different behavior than running just any one test. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
shayne	74e892cbc2	ipn/ipnlocal: listen to serve ports on netmap addrs (#6282 ) Updates tailscale/corp#7515 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	2 years ago
Brad Fitzpatrick	08e110ebc5	cmd/tailscale: make "up", "status" warn if routes and --accept-routes off Example output: # Health check: # - Some peers are advertising routes but --accept-routes is false Also, move "tailscale status" health checks to the bottom, where they won't be lost in large netmaps. Updates #2053 Updates #6266 Change-Id: I5ae76a0cd69a452ce70063875cd7d974bfeb8f1a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	4c31183781	cmd/tailscale,ipn: minor fixes to tailscale lock commands * Fix broken add/remove key commands * Make lock status display whether the node is signed Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Maisem Ali	6cc0036b40	ipn/ipnlocal: use updated prefs in tkaSyncIfNeeded Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	f00a49667d	control/controlclient: make Status.Persist a PersistView Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	4d330bac14	ipn/ipnlocal: add support for multiple user profiles Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	c9d6a9cb4d	ipn/ipnlocal: add optional TLS termination on proxied TCP connections Updates tailscale/corp#7515 Change-Id: Ib250fa20275971563adccfa72db48e0cec02b7a5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Pat Maddox	9bf3ef4167	ssh/tailssh: add Tailscale SSH (server) support on FreeBSD Change-Id: I607194b6ef99205e777f3df93a74ffe1a2e0344c Signed-off-by: Pat Maddox <pat@ratiopbc.com>	2 years ago
shayne	e3a66e4d2f	ipn/localapi: introduce get/set config for serve (#6243 ) Updates tailscale/corp#7515 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	2 years ago
Brad Fitzpatrick	7b5866ac0a	ipn/ipnlocal: support serving files/directories too Updates tailscale/corp#7515 Change-Id: I7b4c924005274ba57763264313d70d2a0c55da30 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	d7bfef12cf	ipn/ipnlocal: support https+insecure:// backend proxy targets Updates tailscale/corp#7515 Change-Id: Ie50295c09e4a16959b37087d8165c4d7360db37f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	9dfb0916c2	ipn/ipnlocal, tailcfg: wire up ingress peerapi Updates tailscale/corp#7515 Co-authored-by: Shayne Sweeney <shayne@tailscale.com> Change-Id: I7eac7b4ac37fd8e8a9e0469594c1e9e7dd0da666 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Aaron Klotz	73b8968404	ipn/ipnlocal: ensure Persist information is saved to server mode start state Numerous issues have been filed concerning an inability to install and run Tailscale headlessly in unattended mode, particularly after rebooting. The server mode `Prefs` stored in `server-state.conf` were not being updated with `Persist` state once the node had been succesfully logged in. Users have been working around this by finagling with the GUI to make it force a state rewrite. This patch makes that unnecessary by ensuring the required server mode state is updated when prefs are updated by the control client. Fixes https://github.com/tailscale/tailscale/issues/3186 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Brad Fitzpatrick	32a4ff3e5f	ipn/ipnlocal: implement the reverse proxy HTTP handler type Updates tailscale/corp#7515 Change-Id: Icbfe57f44b9516388edc0556eb04a370a9e3e009 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6beb3184d5	ipn/ipnlocal: don't serve a TLS cert unless it has webserver config Even if the name is right, or is configured on a different port. Updates tailscale/corp#7515 Change-Id: I8b721968f3241af10d98431e1b5ba075223e6cd3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	1a94c309ea	ipn/ipnlocal: support web TLS ports other than 443 Updates tailscale/corp#7515 Change-Id: I87df50b1bc92efd1d8c538c2ad4f1222361e4d6b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	4797bacb7c	ipn/ipnlocal: send RST when serving an actionless TCPPortHandler Updates tailscale/corp#7515 Change-Id: I790f1b5d1e8a887e39bb573b4610b8f37a3f5963 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	b683921b87	ipn/ipnlocal: add start of handling TCP proxying Updates tailscale/corp#7515 Change-Id: I82d19b5864674b2169f25ec8e429f60a543e0c57 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	4bccc02413	ipn/ipnlocal: use ServerConfig views internally Updates tailscale/corp#7515 Change-Id: Ica2bc44b92d281d5ce16cee55b7ca51c7910145c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	25e26c16ee	ipn/ipnlocal: start implementing web server bits of serve Updates tailscale/corp#7515 Change-Id: I96f4016161ba3c370492da941274c6d9a234c2bb Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	df5e40f731	ipn: add WebServerConfig, add views cmd/viewer couldn't deal with that map-of-map. Add a wrapper type instead, which also gives us a place to add future stuff. Updates tailscale/corp#7515 Change-Id: I44a4ca1915300ea8678e5b0385056f0642ccb155 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	2daf0f146c	ipn/ipnlocal, wgengine/netstack: start handling ports for future serving Updates tailscale/corp#7515 Change-Id: I966e936e72a2ee99be8d0f5f16872b48cc150258 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6d8320a6e9	ipn/{ipnlocal,localapi}: move most of cert.go to ipnlocal Leave only the HTTP/auth bits in localapi. Change-Id: I8e23fb417367f1e0e31483e2982c343ca74086ab Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	5bb7e0307c	cmd/tailscale, ipn/ipnlocal: add debug command to write to StateStore for dev Not for end users (unless directed by support). Mostly for ease of development for some upcoming webserver work. Change-Id: I43acfed217514567acb3312367b24d620e739f88 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	da8def8e13	all: remove old +build tags The //go:build syntax was introduced in Go 1.17: https://go.dev/doc/go1.17#build-lines gofmt has kept the +build and go:build lines in sync since then, but enough time has passed. Time to remove them. Done with: perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build') Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	6afe26575c	ipn: make Notify.Prefs be a *ipn.PrefsView It is currently a `ipn.PrefsView` which means when we do a JSON roundtrip, we go from an invalid Prefs to a valid one. This makes it a pointer, which fixes the JSON roundtrip. This was introduced in `0957bc5af2`. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	e55ae53169	tailcfg: add Node.UnsignedPeerAPIOnly to let server mark node as peerapi-only capver 48 Change-Id: I20b2fa81d61ef8cc8a84e5f2afeefb68832bd904 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Dunham	e975cb6b05	ipn/ipnlocal: fix test flake when we log after a test completes This switches from using an atomic.Bool to a mutex for reasons that are described in the commit, and should address the flakes that we're still seeing. Fixes #3020 Change-Id: I4e39471c0eb95886db03020ea1ccf688c7564a11 Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Tom DNetto	0af57fce4c	cmd/tailscale,ipn: implement lock sign command Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	910db02652	client/tailscale, tsnet, ipn/ipnlocal: prove nodekey ownership over noise Fixes #5972 Change-Id: Ic33a93d3613ac5dbf172d6a8a459ca06a7f9e547 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	d98305c537	cmd,ipn/ipnlocal,tailcfg: implement TKA disablement * Plumb disablement values through some of the internals of TKA enablement. * Transmit the node's TKA hash at the end of sync so the control plane understands each node's head. * Implement /machine/tka/disable RPC to actuate disablement on the control plane. There is a partner PR for the control server I'll send shortly. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Anton Tolchanov	193afe19cb	ipn/ipnlocal: add tags and a few other details to self status This makes tags, creation time, exit node option and primary routes for the current node exposed via `tailscale status --json` Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 years ago
Mihai Parparita	4e6e3bd13d	ipn/ipnlocal: fix a log line having function pointers instead of values Followup to using ipn.PrefsView (#6031). Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Maisem Ali	2a9ba28def	ipn/ipnlocal: set prefs before calling tkaSyncIfNeeded Caught this in a test in a different repo. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	9f39c3b10f	ipn/ipnlocal: make EditPrefs strip private keys before returning Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	a2d15924fb	types/persist: add PublicNodeKey helper Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	0957bc5af2	ipn/ipnlocal: use ipn.PrefsView Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	def089f9c9	portlist: unexport all Poller fields, removing unused one, rework channels Poller.C and Poller.c were duplicated for one caller. Add an accessor returning the receive-only version instead. It'll inline. Poller.Err was unused. Remove. Then Poller is opaque. The channel usage and shutdown was a bit sketchy. Clean it up. And document some things. Change-Id: I5669e54f51a6a13492cf5485c83133bda7ea3ce9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	9475801ebe	ipn/ipnlocal: fix E.G.G. port number accounting Change-Id: Id35461fdde79448372271ba54f6e6af586f2304d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	630bcb5b67	tsnet,client/tailscale: add APIClient which runs API over Noise. Updates tailscale/corp#4383 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago

1 2 3 4 5 ...

446 Commits (b08f37d069064ce0abb25b933b60a0934ff2178a)