tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	b1248442c3	all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork Updates #7123 Updates #5309 Change-Id: I90bcd87a2fb85a91834a0dd4be6e03db08438672 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	0d794a10ff	go.mod: bump wintun-go For https://git.zx2c4.com/wintun-go/commit/?id=0fa3db229ce2036ae779de8ba03d336b7aa826bd Updates #6647 Change-Id: I1686b2c77df331fcb9fa4fae88e08232bb95f10b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	6793685bba	go.mod: bump AWS SDK past a breaking API change of theirs They changed a type in their SDK which meant others using the AWS APIs in their Go programs (with newer AWS modules in their caller go.mod) and then depending on Tailscale (for e.g. tsnet) then couldn't compile ipn/store/awsstore. Thanks to @thisisaaronland for bringing this up. Fixes #7019 Change-Id: I8d2919183dabd6045a96120bb52940a9bb27193b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Will Norris	fff617c988	go.mod: bump golang.org/x/net and dependencies I don't think CVE-2022-41717 necessarily impacts us (maybe as part of funnel?), but it came up in a recent security scan so worth updating anyway. Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Brad Fitzpatrick	1116602d4c	ssh/tailssh: add OpenBSD support for Tailscale SSH And bump go.mod for https://github.com/u-root/u-root/pull/2593 Change-Id: I36ec94c5b2b76d671cb739f1e9a1a43ca1d9d1b1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
andig	14e8afe444	go.mod, etc: bump gvisor Fixes #6554 Change-Id: Ia04ae37a47b67fa57091c9bfe1d45a1842589aa8 Signed-off-by: andig <cpuidle@gmx.de>	1 year ago
Brad Fitzpatrick	243490f932	go.mod: bump x/sys for linux/arm64 cpu SIGILL fix Bump to get `2204b6615f` Updates #5793 Change-Id: I6ab78824047cb2c8d042f3f3bf47368ec6da5a34 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	e5fe205c31	cmd/sync-containers: program to sync tags between container registries. Updates tailscale/corp#8461 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Jordan Whited	914d115f65	go.mod: bump tailscale/wireguard-go for big-endian fix (#6785 ) Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Brad Fitzpatrick	c02ccf6424	go.mod: bump dhcp dep to remove another endian package from our tree To pull in insomniacslk/dhcp#484 to pull in u-root/uio#8 Updates golang/go#57237 Change-Id: I1e56656e0dc9ec0b870f799fe3bc18b3caac1ee4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	3a5fc233aa	cmd/k8s-operator: use oauth credentials for API access. This automates both the operator's initial login, and provisioning/deprovisioning of proxies. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	d857fd00b3	cmd/k8s-operator: sprinkle debug logging throughout. As is convention in the k8s world, use zap for structured logging. For development, OPERATOR_LOGGING=dev switches to a more human-readable output than JSON. Updates #502 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	bc8f5a7734	cmd/k8s-operator: add a basic unit test. The test verifies one of the successful reconcile paths, where a client requests an exposed service via a LoadBalancer class. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	ca08e316af	util/endian: delete package; use updated josharian/native instead See josharian/native#3 Updates golang/go#57237 Change-Id: I238c04c6654e5b9e7d9cfb81a7bbc5e1043a84a2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	b2d4abf25a	cmd/k8s-operator: add a kubernetes operator. This was initially developed in a separate repo, but for build/release reasons and because go module management limits the damage of importing k8s things now, moving it into this repo. At time of commit, the operator enables exposing services over tailscale, with the 'tailscale' loadBalancerClass. It also currently requires an unreleased feature to access the Tailscale API, so is not usable yet. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	7b65b7f85c	go.mod: bump tailscale/wireguard-go for loong64 Updates tailscale/tailscale#6233 Change-Id: I5ba1826e79be51c03b19f2b31d73024410be4970 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	5a523fdc7f	go.mod: update deps to add support for GOARCH=loong64 Updates tailscale/tailscale#6233 Change-Id: Ibbc8e42607342e4ab4fc0b365ed628d82b56864d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Jordan Whited	ea5ee6f87c	all: update golang.zx2c4.com/wireguard to github.com/tailscale/wireguard-go (#6692 ) This is temporary while we work to upstream performance work in https://github.com/WireGuard/wireguard-go/pull/64. A replace directive is less ideal as it breaks dependent code without duplication of the directive. Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Jordan Whited	76389d8baf	net/tstun, wgengine/magicsock: enable vectorized I/O on Linux (#6663 ) This commit updates the wireguard-go dependency and implements the necessary changes to the tun.Device and conn.Bind implementations to support passing vectors of packets in tailscaled. This significantly improves throughput performance on Linux. Updates #414 Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: James Tucker <james@tailscale.com> Co-authored-by: James Tucker <james@tailscale.com>	1 year ago
Aaron Klotz	98f21354c6	cmd/tailscaled: add a special command to tailscaled's Windows service for removing WinTun WinTun is installed lazily by tailscaled while it is running as LocalSystem. Based upon what we're seeing in bug reports and support requests, removing WinTun as a lesser user may fail under certain Windows versions, even when that user is an Administrator. By adding a user-defined command code to tailscaled, we can ask the service to do the removal on our behalf while it is still running as LocalSystem. * The uninstall code is basically the same as it is in corp; * The command code will be sent as a service control request and is protected by the SERVICE_USER_DEFINED_CONTROL access right, which requires Administrator. I'll be adding follow-up patches in corp to engage this functionality. Updates https://github.com/tailscale/tailscale/issues/6433 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Brad Fitzpatrick	1598cd0361	net/tsaddr: remove ContainsFunc helpers (they're now in x/exp/slices) x/exp/slices now has ContainsFunc (golang/go#53983) so we can delete our versions. Change-Id: I5157a403bfc1b30e243bf31c8b611da25e995078 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	adc302f428	all: use named pipes on windows Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Aaron Klotz	033bd94d4c	cmd/tailscaled, wgengine/router: use wingoes/com for COM initialization instead of go-ole This patch removes the crappy, half-backed COM initialization used by `go-ole` and replaces that with the `StartRuntime` function from `wingoes`, a library I have started which, among other things, initializes COM properly. In particular, we should always be initializing COM to use the multithreaded apartment. Every single OS thread in the process becomes implicitly initialized as part of the MTA, so we do not need to concern ourselves as to whether or not any particular OS thread has initialized COM. Furthermore, we no longer need to lock the OS thread when calling methods on COM interfaces. Single-threaded apartments are designed solely for working with Win32 threads that have a message pump; any other use of the STA is invalid. Fixes https://github.com/tailscale/tailscale/issues/3137 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Tom DNetto	6708f9a93f	cmd/tailscale,ipn: implement lock log command This commit implements `tailscale lock log [--limit N]`, which displays an ordered list of changes to network-lock state in a manner familiar to `git log`. Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Andrew Dunham	a0ef51f570	cmd/{tailscale,tailscaled}: embed manifest into Windows binaries This uses a go:generate statement to create a bunch of .syso files that contain a Windows resource file. We check these in since they're less than 1KiB each, and are only included on Windows. Fixes #6429 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0512c3c0b2ab9d8d8509cf2037b88b81affcb81f	1 year ago
Brad Fitzpatrick	001f482aca	net/dns: make "direct" mode on Linux warn on resolv.conf fights Run an inotify goroutine and watch if another program takes over /etc/inotify.conf. Log if so. For now this only logs. In the future I want to wire it up into the health system to warn (visible in "tailscale status", etc) about the situation, with a short URL to more info about how you should really be using systemd-resolved if you want programs to not fight over your DNS files on Linux. Updates #4254 etc etc Change-Id: I86ad9125717d266d0e3822d4d847d88da6a0daaa Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6aab4fb696	cmd/tailscale/cli: start making cert output support pkcs12 (p12) output If the --key-file output filename ends in ".pfx" or ".p12", use pkcs12 format. This might not be working entirely correctly yet but might be enough for others to help out or experiment. Updates #2928 Updates #5011 Change-Id: I62eb0eeaa293b9fd5e27b97b9bc476c23dd27cf6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Pat Maddox	9bf3ef4167	ssh/tailssh: add Tailscale SSH (server) support on FreeBSD Change-Id: I607194b6ef99205e777f3df93a74ffe1a2e0344c Signed-off-by: Pat Maddox <pat@ratiopbc.com>	2 years ago
David Anderson	76904b82e7	cmd/containerboot: PID1 for running tailscaled in a container. This implements the same functionality as the former run.sh, but in Go and with a little better awareness of tailscaled's lifecycle. Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had where it would unconditionally try to reauth every time if you gave it an authkey, rather than try to use it only if auth is actually needed. This makes it a bit nicer to deploy these containers in automation, since you don't have to run the container once, then go and edit its definition to remove authkeys. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Brad Fitzpatrick	a0ed2c2eb5	go.mod: bump golang-x-crypto Fixes #5533 Change-Id: I403de0e9ed5a9a63055242a86720d6f4e0899af7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Joe Tsai	b2035a1dca	cmd/netlogfmt: handle any stream of network logs (#6108 ) Make netlogfmt useful regardless of the exact schema of the input. If a JSON object looks like a network log message, then unmarshal it as one and then print it. This allows netlogfmt to support both a stream of JSON objects directly serialized from netlogtype.Message, or the schema returned by the /api/v2/tailnet/{{tailnet}}/network-logs API endpoint. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	c21a3c4733	types/netlogtype: new package for network logging types (#6092 ) The netlog.Message type is useful to depend on from other packages, but doing so would transitively cause gvisor and other large packages to be linked in. Avoid this problem by moving all network logging types to a single package. We also update staticcheck to take in: `003d277bcf` Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Anton Tolchanov	26af329fde	prober: expand certificate verification logic in the TLS prober TLS prober now checks validity period for all server certificates and verifies OCSP revocation status for the leaf cert. Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 years ago
Brad Fitzpatrick	e24de8a617	ssh/tailssh: add password-forcing workaround for buggy SSH clients If the username includes a suffix of +password, then we accept password auth and just let them in like it were no auth. This exists purely for SSH clients that get confused by seeing success to their initial auth type "none". Co-authored-by: Maisem Ali <maisem@tailscale.com> Change-Id: I616d4c64d042449fb164f615012f3bae246e91ec Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	4de1601ef4	ssh/tailssh: add support for sending multiple banners Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	b1bd96f114	go.mod, ssh/tailssh: fix ImplictAuthMethod typo Fixes #5745 Change-Id: Ie8bc88bd465a9cb35b0ae7782d61ce96480473ee Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Florian Lehner	7e0ffc17fd	Address GO-2022-0969 HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service. Signed-off-by: Florian Lehner <dev@der-flo.net>	2 years ago
Florian Lehner	17348915fa	Address GO-2020-0042 Due to improper path santization, RPMs containing relative file paths can cause files to be written (or overwritten) outside of the target directory. Signed-off-by: Florian Lehner <dev@der-flo.net>	2 years ago
Brad Fitzpatrick	56f6fe204b	go.mod, wgengine/wgint: bump wireguard-go For `b51010ba13` Change-Id: Ibf767dfad98aef7e9f0505d91c0d26f924e046d5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	9bd9f37d29	go.mod: bump wireguard/windows, which moves to using net/netip Updates #5162 Change-Id: If99a3f0000bce0c01bdf44da1d513f236fd7cdf8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
dependabot[bot]	9996d94b3c	build(deps): bump github.com/u-root/u-root from 0.8.0 to 0.9.0 Bumps [github.com/u-root/u-root](https://github.com/u-root/u-root) from 0.8.0 to 0.9.0. - [Release notes](https://github.com/u-root/u-root/releases) - [Changelog](https://github.com/u-root/u-root/blob/main/RELEASES) - [Commits](https://github.com/u-root/u-root/compare/v0.8.0...v0.9.0) --- updated-dependencies: - dependency-name: github.com/u-root/u-root dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2 years ago
Mihai Parparita	ab159f748b	cmd/tsconnect: switch UI to Preact Reduces the amount of boilerplate to render the UI and makes it easier to respond to state changes (e.g. machine getting authorized, netmap changing, etc.) Preact adds ~13K to our bundle size (5K after Brotli) thus is a neglibible size contribution. We mitigate the delay in rendering the UI by having a static placeholder in the HTML. Required bumping the esbuild version to pick up evanw/esbuild#2349, which makes it easier to support Preact's JSX code generation. Fixes #5137 Fixes #5273 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Maisem Ali	eb32847d85	tailcfg: add CapabilityFileSharingTarget to identify FileTargets This adds the inverse to CapabilityFileSharingSend so that senders can identify who they can Taildrop to. Updates #2101 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	e1309e1323	all: require Go 1.19 Updates #5210 Change-Id: I2e950b4776636b4ea89b6566b60e4a87596a3a43 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	5d0e3d379c	go.mod: bump gvisor For https://github.com/google/gvisor/pull/7850 to quiet macOS warnings. Updates #5240 Change-Id: Iaa7abab20485c8ff40e5c9b16013aef4fd297a64 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	acc3b7f259	go.mod: bump inet.af/wf, tidy This removes inet.af/netaddr from go.{mod,sum}. Updates #5162 Change-Id: I7121e9fbb96d036cf188c51f0b53731570252d69 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	dd3e91b678	go.mod: tidy, remove inet.af/netaddr It was actually unused earlier, but I had a test program in my git workdir, keeping go mod tidy from cleaning it. (more CI needed, perhaps) Updates #5162 Change-Id: I9047a9aaa6fde7736d6ef516dc3bb652d06fe921 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	7eaf5e509f	net/netaddr: start migrating to net/netip via new netaddr adapter package Updates #5162 Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	9514ed33d2	go.mod: bump gvisor.dev/gvisor Pick up https://github.com/google/gvisor/pull/7787 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Mihai Parparita	6f5096fa61	cmd/tsconnect: initial scaffolding for Tailscale Connect browser client Runs a Tailscale client in the browser (via a WebAssembly build of the wasm package) and allows SSH access to machines. The wasm package exports a newIPN function, which returns a simple JS object with methods like start(), login(), logout() and ssh(). The golang.org/x/crypto/ssh package is used for the SSH client. Terminal emulation and QR code renedring is done via NPM packages (xterm and qrcode respectively), thus we also need a JS toolchain that can install and bundle them. Yarn is used for installation, and esbuild handles loading them and bundling for production serving. Updates #3157 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago

1 2 3 4 5 ...

349 Commits (b1248442c3e40371c34fdf5bd90138b3ece615a7)