Commit Graph

6849 Commits (b819f66eb1efab85dcf5550d4f0da92fb7ab2551)
 

Author SHA1 Message Date
James Tucker 71f2c67c6b go.mod: bump wingoes for cross-platform HRESULT definition
Updates #9579
Signed-off-by: James Tucker <james@tailscale.com>
1 year ago
Brad Fitzpatrick aae1a28a2b go.mod: add test that replace directives aren't added in oss
Prevent future problems like we earlier with go.mod replace directives
(e.g. removing our certstore replace in 6d6cf88d82 or wireguard-go
in ea5ee6f87c, both of which were reactions to problems caused by
go.mod replace in non-root modules, often because people are using tsnet
as a library from another module)

Updates #cleanup

Change-Id: I766715cfa7ce7021460ba4933bd2fa977c3081d2
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
Claire Wang 32c0156311
util: add syspolicy package (#9550)
Add a more generalized package for getting policies.
Updates tailcale/corp#10967

Signed-off-by: Claire Wang <claire@tailscale.com>
Co-authored-by: Adrian Dewhurst <adrian@tailscale.com>
1 year ago
Maisem Ali d71184d674 cmd/containerboot: only wipeout serve config when TS_SERVE_CONFIG is set
Fixes #9558

Signed-off-by: Maisem Ali <maisem@tailscale.com>
1 year ago
Brad Fitzpatrick 246e0ccdca tsnet: add a test for restarting a tsnet server, fix Windows
Thanks to @qur and @eric for debugging!

Fixes #6973

Change-Id: Ib2cf8f030cf595cc73dd061c72e78ac19f5fae5d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
Denton Gentry 4823a7e591 cmd/containerboot: set TS_AUTH_ONCE default to true.
1.50.0 switched containerboot from using `tailscale up`
to `tailscale login`. A side-effect is that a re-usable
authkey is now re-applied on every boot by `tailscale login`,
where `tailscale up` would ignore an authkey if already
authenticated.

Though this looks like it is changing the default, in reality
it is setting the default to match what 1.48 and all
prior releases actually implemented.

Fixes https://github.com/tailscale/tailscale/issues/9539
Fixes https://github.com/tailscale/corp/issues/14953

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
1 year ago
Brad Fitzpatrick 856d32b4a9 cmd/testwrapper: include flake URL in JSON metadata
Updates tailscale/corp#14975

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
Flakes Updater 2a7b3ada58 go.mod.sri: update SRI hash for go.mod changes
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
1 year ago
Andrea Barisani f50b2a87ec wgengine/netstack: refactor address construction and conversion
Updates #9252
Updates #9253

Signed-off-by: Andrea Barisani <andrea@inversepath.com>
Signed-off-by: James Tucker <james@tailscale.com>
1 year ago
Andrea Barisani b5b4298325 go.mod,*: bump gvisor
Updates #9253

Signed-off-by: Andrea Barisani <andrea@inversepath.com>
Signed-off-by: James Tucker <james@tailscale.com>
1 year ago
Brad Fitzpatrick 2c92f94e2a cmd/testwrapper: output machine-readable JSON on test flakes
For parsing by other tools.

Updates tailscale/corp#14975

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
Sonia Appasamy 5429ee2566 client/web: add debug mode for web client ui updates
UI updates staged behind debug mode flags. Initial new views added
in app.tsx, rendered based on the current debug setting.

Updates tailscale/corp#14335

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
1 year ago
Brad Fitzpatrick 5b3f5eabb5 control/controlclient: fix leaked http2 goroutines on shutdown
If a noise dial was happening concurrently with shutdown, the
http2 goroutines could leak.

Updates tailscale/corp#14950
Updates tailscale/corp#14515
Updates tailscale/corp#14139
Updates tailscale/corp#13175

Signed-off-by: Brad Fitzpatrick <brad@danga.com>
1 year ago
Brad Fitzpatrick 2c0f0ee759 tool/gocross: disable Linux static linking if GOCROSS_STATIC=0
So we can experiment with disabling static linking for tests in CI to
make GitHub Actions output less spammy.

Updates tailscale/corp#13113

Signed-off-by: Brad Fitzpatrick <brad@danga.com>
1 year ago
Sonia Appasamy 5d62b17cc5 client/web: add login client mode to web.Server
Adds new LoginOnly server option and swaps out API handler depending
on whether running in login mode or full web client mode.

Also includes some minor refactoring to the synology/qnap authorization
logic to allow for easier sharing between serveLoginAPI and serveAPI.

Updates tailscale/corp#14335

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
1 year ago
Maisem Ali 354455e8be ipn: use NodeCapMap in CheckFunnel
These were missed when adding NodeCapMap and resulted
in tsnet binaries not being able to turn on funnel.

Fixes #9566

Signed-off-by: Maisem Ali <maisem@tailscale.com>
1 year ago
James Tucker 5c2b2fa1f8 ipn/ipnlocal: plumb ExitNodeDNSResolvers for IsWireGuardOnly exit nodes
Control sends ExitNodeDNSResolvers when configured for IsWireGuardOnly
nodes that are to be used as the default resolver with a lower
precedence than split DNS, and a lower precedence than "Override local
DNS", but otherwise before local DNS is used when the exit node is in
use.

Neither of the below changes were problematic, but appeared so alongside
a number of other client and external changes. See tailscale/corp#14809.

Reland ea9dd8fabc.
Reland d52ab181c3.

Updates #9377
Updates tailscale/corp#14809

Signed-off-by: James Tucker <james@tailscale.com>
1 year ago
James Tucker ca4396107e types/key: update some doc strings for public key serialization
Updates #cleanup
Signed-off-by: James Tucker <james@tailscale.com>
1 year ago
James Tucker 80206b5323 wgengine/magicsock: add nodeid to panic condition on public key reuse
If the condition arises, it should be easy to track down.

Updates #9547
Signed-off-by: James Tucker <james@tailscale.com>
1 year ago
James Tucker 2066f9fbb2 util/linuxfw: fix crash in DelSNATRule when no rules are found
Appears to be a missing nil handling case. I looked back over other
usage of findRule and the others all have nil guards. findRule returns
nil when no rules are found matching the arguments.

Fixes #9553
Signed-off-by: James Tucker <james@tailscale.com>
1 year ago
Sonia Appasamy 697f92f4a7 client/web: refactor serveGetNodeData
Remove the "JSON" ending, we no longer have a non-JSON version,
it was removed in d74c771 when we switched from the legacy web
client to React.

Also combine getNodeData into serveGetNodeData now that serveGetNodeData
is the single caller of getNodeData.

A #cleanup

Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
1 year ago
Andrew Dunham d31460f793 net/portmapper: fix invalid UPnP metric name
Fixes #9551

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I06f3a15a668be621675be6cbc7e5bdcc006e8570
1 year ago
Brad Fitzpatrick 3e298e9380 go.toolchain.rev: bump go
Updates tailscale/go#74

Change-Id: I3858d785acadae6822e2387e5e62f234c4625927
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
Rhea Ghosh 0275afa0c6
ipn/ipnlocal: prevent putting file if file already exists (#9515)
Also adding tests to ensure this works.

Updates tailscale/corp#14772

Signed-off-by: Rhea Ghosh <rhea@tailscale.com>
1 year ago
Claire Wang e3d6236606
winutil: refactor methods to get values from registry to also return (#9536)
errors
Updates tailscale/corp#14879

Signed-off-by: Claire Wang <claire@tailscale.com>
1 year ago
Val c608660d12 wgengine,net,ipn,disco: split up and define different types of MTU
Prepare for path MTU discovery by splitting up the concept of
DefaultMTU() into the concepts of the Tailscale TUN MTU, MTUs of
underlying network interfaces, minimum "safe" TUN MTU, user configured
TUN MTU, probed path MTU to a peer, and maximum probed MTU. Add a set
of likely MTUs to probe.

Updates #311

Signed-off-by: Val <valerie@tailscale.com>
1 year ago
Val 578b357849 wgengine/netstack: use buffer pools for UDP packet forwarding
Use buffer pools for UDP packet forwarding to prepare for increasing the
forwarded UDP packet size for peer path MTU discovery.

Updates #311

Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Val <valerie@tailscale.com>
1 year ago
Irbe Krumina bdd9eeca90
cmd/k8s-operator: fix reconcile filters (#9533)
Ensure that when there is an event on a Tailscale managed Ingress or Service child resource, the right parent type gets reconciled

Updates tailscale/tailscale#502

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
1 year ago
Marwan Sulaiman 651620623b ipn/ipnlocal: close foreground sessions on SetServeConfig
This PR ensures zombie foregrounds are shutdown if a new
ServeConfig is created that wipes the ongoing foreground ones.
For example, "tailscale serve|funnel reset|off" should close
all open sessions.

Updates #8489

Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
1 year ago
Andrew Dunham 530aaa52f1 net/dns: retry forwarder requests over TCP
We weren't correctly retrying truncated requests to an upstream DNS
server with TCP. Instead, we'd return a truncated request to the user,
even if the user was querying us over TCP and thus able to handle a
large response.

Also, add an envknob and controlknob to allow users/us to disable this
behaviour if it turns out to be buggy ( DNS ).

Updates #9264

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: Ifb04b563839a9614c0ba03e9c564e8924c1a2bfd
1 year ago
Aaron Klotz 098d110746 VERSION.txt: this is v1.51.0
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
1 year ago
License Updater 7aed9712d8 licenses: update win/apple licenses
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
1 year ago
Brad Fitzpatrick 04fabcd359 ipn/{ipnlocal,localapi}, cli: add debug force-netmap-update
For loading testing & profiling the cost of full netmap updates.

Updates #1909

Change-Id: I0afdf5de9967f8d95c7f81d5b531ed1c92c3208f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
Anton Tolchanov 75dbd71f49 api.md: document the `invalid` field in Get Key API response
Updates tailscale/terraform-provider-tailscale#144

Signed-off-by: Anton Tolchanov <anton@tailscale.com>
1 year ago
Brad Fitzpatrick 241c983920 net/tstun: use untyped consts, simplify DefaultMTU func
Updates #cleanup

Change-Id: Ic9ad1d6134818699f777c66a31024e846dfdc5d4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
Brad Fitzpatrick 3b32d6c679 wgengine/magicsock, controlclient, net/dns: reduce some logspam
Updates #cleanup

Change-Id: I78b0697a01e94baa33f3de474b591e616fa5e6af
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
1 year ago
Val 08302c0731 Revert "wgengine/netstack: use buffer pools for UDP packet forwarding"
This reverts commit fb2f3e4741.

Signed-off-by: Val <valerie@tailscale.com>
1 year ago
Val 6cc5b272d8 Revert "wgengine,net,ipn,disco: split up and define different types of MTU"
This reverts commit 059051c58a.

Signed-off-by: Val <valerie@tailscale.com>
1 year ago
Val 059051c58a wgengine,net,ipn,disco: split up and define different types of MTU
Prepare for path MTU discovery by splitting up the concept of
DefaultMTU() into the concepts of the Tailscale TUN MTU, MTUs of
underlying network interfaces, minimum "safe" TUN MTU, user configured
TUN MTU, probed path MTU to a peer, and maximum probed MTU. Add a set
of likely MTUs to probe.

Updates #311

Signed-off-by: Val <valerie@tailscale.com>
1 year ago
Val fb2f3e4741 wgengine/netstack: use buffer pools for UDP packet forwarding
Use buffer pools for UDP packet forwarding to prepare for increasing the
forwarded UDP packet size for peer path MTU discovery.

Updates #311

Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Val <valerie@tailscale.com>
1 year ago
License Updater 81e8335e23 licenses: update tailscale{,d} licenses
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
1 year ago
Flakes Updater b83804cc82 go.mod.sri: update SRI hash for go.mod changes
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
1 year ago
Joe Tsai 36242904f1
go.mod: update github.com/go-json-experiment/json (#9508)
Update github.com/go-json-experiment/json to the latest version
and fix the build in light of some breaking API changes.

Updates #cleanup

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
1 year ago
James Tucker a82a74f2cf cmd/containerboot: avoid leaking bash scripts after test runs
The test was sending SIGKILL to containerboot, which results in no
signal propagation down to the bash script that is running as a child
process, thus it leaks.

Minor changes to the test daemon script, so that it cleans up the socket
that it creates on exit, and spawns fewer processes.

Fixes tailscale/corp#14833
Signed-off-by: James Tucker <james@tailscale.com>
1 year ago
License Updater c5006f143f licenses: update win/apple licenses
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
1 year ago
Aaron Klotz ea6ca78963 release/dist, tool/gocross: add fake "windowsdll" GOOS to gocross
We're going to need to build a DLL containing custom actions for the installer.
This patch adds the foundations of that capability to dist and gocross.

Updates https://github.com/tailscale/corp/issues/13998

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
1 year ago
Joe Tsai 5473d11caa
ipn/ipnlocal: perform additional sanity check in diskPath (#9500)
Use filepath.IsLocal to further validate the baseName.

Updates tailscale/corp#14772

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
1 year ago
Val 65dc711c76 control,tailcfg,wgengine/magicsock: add nodeAttr to enable/disable peer MTU
Add a nodeAttr to enable/disable peer path MTU discovery.

Updates #311

Signed-off-by: Val <valerie@tailscale.com>
1 year ago
Val 95635857dc wgengine/magicsock: replace CanPMTUD() with ShouldPMTUD()
Replace CanPMTUD() with ShouldPMTUD() to check if peer path MTU discovery should
be enabled, in preparation for adding support for enabling/disabling peer MTU
dynamically.

Updated #311

Signed-off-by: Val <valerie@tailscale.com>
1 year ago
Val a5ae21a832 wgengine/magicsock: improve don't fragment bit set/get support
Add an enable/disable argument to setDontFragment() in preparation for dynamic
enable/disable of peer path MTU discovery. Add getDontFragment() to get the
status of the don't fragment bit from a socket.

Updates #311

Co-authored-by: James Tucker <james@tailscale.com>
Signed-off-by: Val <valerie@tailscale.com>
1 year ago