tailscale

Commit Graph

Author	SHA1	Message	Date
Tom DNetto	c08cf2a9c6	all: declare & plumb IPv6 masquerade address for peer This PR plumbs through awareness of an IPv6 SNAT/masquerade address from the wire protocol through to the low-level (tstun / wgengine). This PR is the first in two PRs for implementing IPv6 NAT support to/from peers. A subsequent PR will implement the data-plane changes to implement IPv6 NAT - this is just plumbing. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates ENG-991	9 months ago
Andrew Dunham	d9ae7d670e	net/portmapper: add clientmetric for UPnP error codes This should allow us to gather a bit more information about errors that we encounter when creating UPnP mappings. Since we don't have a "LabelMap" construction for clientmetrics, do what sockstats does and lazily register a new metric when we see a new code. Updates #9343 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ibb5aadd6138beb58721f98123debcc7273b611ba	9 months ago
Maisem Ali	19a9d9037f	tailcfg: add NodeCapMap Like PeerCapMap, add a field to `tailcfg.Node` which provides a map of Capability to raw JSON messages which are deferred to be parsed later by the application code which cares about the specific capabilities. This effectively allows us to prototype new behavior without having to commit to a schema in tailcfg, and it also opens up the possibilities to develop custom behavior in tsnet applications w/o having to plumb through application specific data in the MapResponse. Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Maisem Ali	4da0689c2c	tailcfg: add Node.HasCap helpers This makes a follow up change less noisy. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Maisem Ali	d06b48dd0a	tailcfg: add RawMessage This adds a new RawMessage type backed by string instead of the json.RawMessage which is backed by []byte. The byte slice makes the generated views be a lot more defensive than the need to be which we can get around by using a string instead. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Sonia Appasamy	258f16f84b	ipn/ipnlocal: add tailnet MagicDNS name to ipn.LoginProfile Start backfilling MagicDNS suffixes on LoginProfiles. Updates #9286 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Brad Fitzpatrick	0d991249e1	types/netmap: remove NetworkMap.{Addresses,MachineStatus} And convert all callers over to the methods that check SelfNode. Now we don't have multiple ways to express things in tests (setting fields on SelfNode vs NetworkMap, sometimes inconsistently) and don't have multiple ways to check those two fields (often only checking one or the other). Updates #9443 Change-Id: I2d7ba1cf6556142d219fae2be6f484f528756e3c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Marwan Sulaiman	d25217c9db	cmd/tailscale/cli: error when serving foreground if bg already exists This PR fixes a bug to make sure that we don't allow two configs exist with duplicate ports Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Brad Fitzpatrick	98b5da47e8	types/views: add SliceContainsFunc like slices.ContainsFunc Needed for a future change. Updates #cleanup Change-Id: I6d89ee8a048b3bb1eb9cfb2e5a53c93aed30b021 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Maisem Ali	a61caea911	tailcfg: define a type for NodeCapability Instead of untyped string, add a type to identify these. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Brad Fitzpatrick	3d37328af6	wgengine, proxymap: split out port mapping from Engine to new type (Continuing quest to remove rando stuff from the "Engine") Updates #cleanup Change-Id: I77f39902c2194410c10c054b545d70c9744250b0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	db2f37d7c6	ipn/ipnlocal: add some test accessors Updates tailscale/corp#12990 Change-Id: I82801ac4c003d2c7e1352c514adb908dbf01be87 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	9538e9f970	ipn/ipnlocal: keep internal map updated of latest Nodes post mutations We have some flaky integration tests elsewhere that have no one place to ask about the state of the world. This makes LocalBackend be that place (as it's basically there anyway) but doesn't yet add the ForTest accessor method. This adds a LocalBackend.peers map[NodeID]NodeView that is incrementally updated as mutations arrive. And then we start moving away from using NetMap.Peers at runtime (UpdateStatus no longer uses it now). And remove another copy of NodeView in the LocalBackend nodeByAddr map. Change that to point into b.peers instead. Future changes will then start streaming whole-node-granularity peer change updates to WatchIPNBus clients, tracking statefully per client what each has seen. This will get the GUI clients from receiving less of a JSON storm of updates all the time. Updates #1909 Change-Id: I14a976ca9f493bdf02ba7e6e05217363dcf422e5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	926c990a09	types/netmap: start phasing out Addresses, add GetAddresses method NetworkMap.Addresses is redundant with the SelfNode.Addresses. This works towards a TODO to delete NetworkMap.Addresses and replace it with a method. This is similar to #9389. Updates #cleanup Change-Id: Id000509ca5d16bb636401763d41bdb5f38513ba0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	fb5ceb03e3	types/netmap: deprecate NetworkMap.MachineStatus, add accessor method Step 1 of deleting it, per TODO. Updates #cleanup Change-Id: I1d3d0165ae5d8b20610227d60640997b73568733 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	0f3c279b86	ipn/ipnlocal: delete some unused code Updates #cleanup Change-Id: I90b46c476f135124d97288e776c2b428b351b8b8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	760b945bc0	ipn/{ipnlocal,ipnstate}: start simplifying UpdateStatus/StatusBuilder * Remove unnecessary mutexes (there's no concurrency) * Simplify LocalBackend.UpdateStatus using the StatusBuilder.WantPeers field that was added in `0f604923d3`, removing passing around some method values into func args. And then merge two methods. More remains, but this is a start. Updates #9433 Change-Id: Iaf2d7ec6e4e590799f00bae185465a4fd089b822 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
James Tucker	8ab46952d4	net/ping: fix ICMP echo code field to 0 The code was trying to pass the ICMP protocol number here (1), which is not a valid code. Many servers will not respond to echo messages with codes other than 0. https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes-8 Updates #9299 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	f6845b10f6	ipn/ipnlocal: plumb ExitNodeDNSResolvers for IsWireGuardOnly exit nodes This enables installing default resolvers specified by tailcfg.Node.ExitNodeDNSResolvers when the exit node is selected. Updates #9377 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	e7727db553	tailcfg: add DNS address list for IsWireGuardOnly nodes Tailscale exit nodes provide DNS service over the peer API, however IsWireGuardOnly nodes do not have a peer API, and instead need client DNS parameters passed in their node description. For Mullvad nodes this will contain the in network 10.64.0.1 address. Updates #9377 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Maisem Ali	335a5aaf9a	cmd/k8s-operator: add APISERVER_PROXY env The kube-apiserver proxy in the operator would only run in auth proxy mode but thats not always desirable. There are situations where the proxy should just be a transparent proxy and not inject auth headers, so do that using a new env var APISERVER_PROXY and deprecate the AUTH_PROXY env. THe new env var has three options `false`, `true` and `noauth`. Updates #8317 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
James Tucker	4c693d2ee8	net/dns/publicdns: update Mullvad DoH server list The following IPs are not used anymore: 193.19.108.2 and 193.19.108.3. All of the servers are now named consistently under dns.mullvad.net. Several new servers were added. https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/ Updates #5416 Updates #9345 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Charlotte Brandhorst-Satzkorn	8428a64b56	words: holy mole we need some more mammals Particularly of the polydactyl kind. Updates #14698 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	9 months ago
James Tucker	1858ad65c8	cmd/cloner: do not allocate slices when the source is nil tailcfg.Node zero-value clone equality checks failed when I added a []*foo to the structure, as the zero value and it's clone contained a different slice header. Updates #9377 Updates #9408 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
James Tucker	85155ddaf3	tailcfg: remove completed TODO from IsWireGuardOnly Updates #7826 Signed-off-by: James Tucker <james@tailscale.com>	9 months ago
Tyler Smalley	dfefaa5e35	Use parent serve config Signed-off-by: Tyler Smalley <tyler@tailscale.com>	9 months ago
Marwan Sulaiman	f3a5bfb1b9	cmd/tailscale/cli: add set serve validations This PR adds validations for the new new funnel/serve commands under the following rules: 1. There is always a single config for one port (bg or fg). 2. Foreground configs under the same port cannot co-exists (for now). 3. Background configs can change as long as the serve type is the same. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Andrew Lytvynov	7ce1c6f981	.github/workflows: fix slack-action format in govulncheck.yml (#9390 ) Currently slack messages for errors fail: https://github.com/tailscale/tailscale/actions/runs/6159104272/job/16713248204 ``` Error: Unexpected token in JSON at position 151 ``` This is likely due to the line break in the text. Restructure the message to use separate title/text and fix the slack webhook body. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	9 months ago
Marwan Sulaiman	3421784e37	cmd/tailscale/cli: use optimistic concurrency control on SetServeConfig This PR uses the etag/if-match pattern to ensure multiple calls to SetServeConfig are synchronized. It currently errors out and asks the user to retry but we can add occ retries as a follow up. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago
Brad Fitzpatrick	6e66e5beeb	cmd/tsconnect/wasm: pass a netmon to ipnserver.New It became required as of `6e967446e4` Updates #8052 Change-Id: I08d100534254865293c1beca5beff8e529e4e9ac Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	99bb355791	wgengine: remove DiscoKey method from Engine interface It has one user (LocalBackend) which can ask magicsock itself. Updates #cleanup Change-Id: I8c03cbb1e5ba57b0b442621b5fa467030c14a2e2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Will Norris	9843e922b8	README: update docs for building web client Move into the main "building" section and add the missing `yarn install` step. Updates #9312 Signed-off-by: Will Norris <will@tailscale.com>	9 months ago
Tyler Smalley	82c1dd8732	cmd/tailscale: funnel wip cleanup and additional test coverage (#9316 ) General cleanup and additional test coverage of WIP code. * use enum for serveType * combine instances of ServeConfig access within unset * cleanMountPoint rewritten into cleanURLPath as it only handles URL paths * refactor and test expandProxyTargetDev > Note > Behind the `TAILSCALE_USE_WIP_CODE` flag updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	9 months ago
Brad Fitzpatrick	3c276d7de2	wgengine: remove SetDERPMap method from Engine interface (continuing the mission of removing rando methods from the Engine interface that we don't need anymore) Updates #cleanup Change-Id: Id5190917596bf04d7185c3b331a852724a3f5a16 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	67396d716b	ipn/ipnlocal: remove defensiveness around not having a magicsock.Conn We always have one. Stop pretending we might not. Instead, add one early panic in NewLocalBackend if we actually don't. Updates #cleanup Change-Id: Iba4b78ed22cb6248e59c2b01a79355ca7a200ec8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	b8a4c96c53	wgengine: remove LinkChange method from Engine interface It was only used by Android, until https://github.com/tailscale/tailscale-android/pull/131 which does the call to the netMon directly instead. Updates #cleanup Change-Id: Iab8a1d8f1e63250705835c75f40e2cd8c1c4d5b8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	727b1432a8	wgengine: remove SetNetInfoCallback method from Engine LocalBackend can talk to magicsock on its own to do this without the "Engine" being involved. (Continuing a little side quest of cleaning up the Engine interface...) Updates #cleanup Change-Id: I8654acdca2b883b1bd557fdc0cfb90cd3a418a62 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrew Dunham	ad4c11aca1	net/netmon: log when the gateway/self IP changes This logs that the gateway/self IP address has changed if one of the new values differs. Updates #8992 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0919424b68ad97fbe1204dd36317ed6f5915411f	9 months ago
License Updater	45eafe1b06	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	9 months ago
Brad Fitzpatrick	eb9f1db269	cmd/tsconnect/wasm: register netstack.Impl with tsd.System I missed this in `343c0f1031` and I guess we don't have integration tests for wasm. But it compiled! :) Updates #fixup to a #cleanup Change-Id: If147b90bab254d144ec851a392e8db10ab97f98e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	343c0f1031	wgengine{,/netstack}: remove AddNetworkMapCallback from Engine interface It had exactly one user: netstack. Just have LocalBackend notify netstack when here's a new netmap instead, simplifying the bloated Engine interface that has grown a bunch of non-Engine-y things. (plenty of rando stuff remains after this, but it's a start) Updates #cleanup Change-Id: I45e10ab48119e962fc4967a95167656e35b141d8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
David Crawshaw	47ffbffa97	clientupdate: add root key (#9364 ) Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	9 months ago
Brad Fitzpatrick	39ade4d0d4	tstest/integration: add start of integration tests for incremental map updates This adds a new integration test with two nodes where the first gets a incremental MapResponse (with only PeersRemoved set) saying that the second node disappeared. This extends the testcontrol package to support sending raw MapResponses to nodes. Updates #1909 Change-Id: Iea0c25c19cf0d72b52dba5a46d01b5cc87b9b39d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	9203916a4a	control/controlknobs: move more controlknobs code from controlclient Updates #cleanup Change-Id: I2b8b6ac97589270f307bfb20e33674894ce873b5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Brad Fitzpatrick	3af051ea27	control/controlclient, types/netmap: start plumbing delta netmap updates Currently only the top four most popular changes: endpoints, DERP home, online, and LastSeen. Updates #1909 Change-Id: I03152da176b2b95232b56acabfb55dcdfaa16b79 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrew Lytvynov	c0ade132e6	clientupdate: restart tailscale after install on DSM6 (#9363 ) DSM6 does not automatically restart packages on install, we have to do it explicitly. Also, DSM6 has a filter for publishers in Package Center. Make the error message more helpful when update fails because of this filter not allowing our package. Fixes #9361 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	9 months ago
Brad Fitzpatrick	668a0dd5ab	cmd/tailscale/cli: fix panic in netcheck print when no DERP home Fixes #8016 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrew Dunham	9ee173c256	net/portmapper: fall back to permanent UPnP leases if necessary Some routers don't support lease times for UPnP portmapping; let's fall back to adding a permanent lease in these cases. Additionally, add a proper end-to-end test case for the UPnP portmapping behaviour. Updates #9343 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I17dec600b0595a5bfc9b4d530aff6ee3109a8b12	9 months ago
Brad Fitzpatrick	7c1ed38ab3	ipn/ipnlocal: fix missing controlknobs.Knobs plumbing I missed connecting some controlknobs.Knobs pieces in `4e91cf20a8` resulting in that breaking control knobs entirely. Whoops. The fix in ipn/ipnlocal (where it makes a new controlclient) but to atone, I also added integration tests. Those integration tests use a new "tailscale debug control-knobs" which by itself might be useful for future debugging. Updates #9351 Change-Id: Id9c89c8637746d879d5da67b9ac4e0d2367a3f0d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Marwan Sulaiman	12d4685328	ipn/localapi, ipn/ipnlocal: add etag support for SetServeConfig This PR adds optimistic concurrency control in the local client and api in order to ensure multiple writes of the ServeConfig do not conflict with each other. Updates #9273 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	9 months ago

1 2 3 4 5 ...

6330 Commits (c08cf2a9c6209e4fdef896921af66bbe737b8a24) All Branches Search

6330 Commits (c08cf2a9c6209e4fdef896921af66bbe737b8a24)

All Branches