tailscale

Commit Graph

Author	SHA1	Message	Date
Paul Scott	a50e4e604e	cmd/tailscale/cli: remove duplicate "tailscale " in drive subcmd usage Updates #cleanup Signed-off-by: Paul Scott <paul@tailscale.com>	2 years ago
Paul Scott	62d4be873d	cmd/tailscale/cli: fix drive --help usage identation Updates #cleanup Signed-off-by: Paul Scott <paul@tailscale.com>	2 years ago
Brad Fitzpatrick	7c1d6e35a5	all: use Go 1.22 range-over-int Updates #11058 Change-Id: I35e7ef9b90e83cac04ca93fd964ad00ed5b48430 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	0fba9e7570	cmd/tailscale/cli: prevent concurrent Start calls in 'up' Seems to deflake tstest/integration tests. I can't reproduce it anymore on one of my VMs that was consistently flaking after a dozen runs before. Now I can run hundreds of times. Updates #11649 Fixes #7036 Change-Id: I2f7d4ae97500d507bdd78af9e92cd1242e8e44b8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Claire Wang	9171b217ba	cmd/tailscale, ipn/ipnlocal: add suggest exit node CLI option (#11407 ) Updates tailscale/corp#17516 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Paul Scott	da4e92bf01	cmd/tailscale/cli: prefix all --help usages with "tailscale ...", some tidying Also capitalises the start of all ShortHelp, allows subcommands to be hidden with a "HIDDEN: " prefix in their ShortHelp, and adds a TS_DUMP_HELP envknob to look at all --help messages together. Fixes #11664 Signed-off-by: Paul Scott <paul@tailscale.com>	2 years ago
Percy Wegmann	9da135dd64	cmd/tailscale/cli: moved share.go to drive.go Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	1e0ebc6c6d	cmd/tailscale/cli: rename share command to drive Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Brad Fitzpatrick	e6983baa73	cmd/tailscale/cli: fix macOS crash reading envknob in init (#11667 ) And add a test. Regression from `a5e1f7d703` Fixes tailscale/corp#19036 Change-Id: If90984049af0a4820c96e1f77ddf2fce8cb3043f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Chloé Vulquin	0f3a292ebd	cli/configure: respect $KUBECONFIG (#11604 ) cmd/tailscale/cli: respect $KUBECONFIG * `$KUBECONFIG` is a `$PATH`-like: it defines a list. `tailscale config kubeconfig` works like the rest of the ecosystem so that if $KUBECONFIG is set it will write to the first existant file in the list, if none exist then the final entry in the list. * if `$KUBECONFIG` is an empty string, the old logic takes over. Notes: * The logic for file detection is inlined based on what `kind` does. Technically it's a race condition, since the file could be removed/added in between the processing steps, but the fallout shouldn't be too bad. https://github.com/kubernetes-sigs/kind/blob/v0.23.0-alpha/pkg/cluster/internal/kubeconfig/internal/kubeconfig/paths.go * The sandboxed (App Store) variant relies on a specific temporary entitlement to access the ~/.kube/config file. The entitlement is only granted to specific files, and so is not applicable to paths supplied by the user at runtime. While there may be other ways to achieve this access to arbitrary kubeconfig files, it's out of scope for now. Updates #11645 Signed-off-by: Chloé Vulquin <code@toast.bunkerlabs.net>	2 years ago
Brad Fitzpatrick	c71e8db058	cmd/tailscale/cli: stop spamming os.Stdout/os.Stderr in tests After: bradfitz@book1pro tailscale.com % ./tool/go test -c ./cmd/tailscale/cli bradfitz@book1pro tailscale.com % ./cli.test bradfitz@book1pro tailscale.com % Before: bradfitz@book1pro tailscale.com % ./tool/go test -c ./cmd/tailscale/cli bradfitz@book1pro tailscale.com % ./cli.test Warning: funnel=on for foo.test.ts.net:443, but no serve config run: `tailscale serve --help` to see how to configure handlers Warning: funnel=on for foo.test.ts.net:443, but no serve config run: `tailscale serve --help` to see how to configure handlers USAGE funnel <serve-port> {on\|off} funnel status [--json] Funnel allows you to publish a 'tailscale serve' server publicly, open to the entire internet. Turning off Funnel only turns off serving to the internet. It does not affect serving to your tailnet. SUBCOMMANDS status show current serve/funnel status error: path must be absolute error: invalid TCP source "localhost:5432": missing port in address error: invalid TCP source "tcp://somehost:5432" must be one of: localhost or 127.0.0.1 tcp://somehost:5432error: invalid TCP source "tcp://somehost:0" must be one of: localhost or 127.0.0.1 tcp://somehost:0error: invalid TCP source "tcp://somehost:65536" must be one of: localhost or 127.0.0.1 tcp://somehost:65536error: path must be absolute error: cannot serve web; already serving TCP You don't have permission to enable this feature. This also moves the color handling up to a generic spot so it's not just one subcommand doing it itself. See https://github.com/tailscale/tailscale/issues/11626#issuecomment-2041795129 Fixes #11643 Updates #11626 Change-Id: I3a49e659dcbce491f4a2cb784be20bab53f72303 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	b0fbd85592	net/tsdial: partially fix "tailscale nc" (UserDial) on macOS At least in the case of dialing a Tailscale IP. Updates #4529 Change-Id: I9fd667d088a14aec4a56e23aabc2b1ffddafa3fe Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	a5e1f7d703	ipn/{ipnlocal,localapi}: add API to toggle use of exit node This is primarily for GUIs, so they don't need to remember the most recently used exit node themselves. This adds some CLI commands, but they're disabled and behind the WIP envknob, as we need to consider naming (on/off is ambiguous with running an exit node, etc) as well as automatic exit node selection in the future. For now the CLI commands are effectively developer debug things to test the LocalAPI. Updates tailscale/corp#18724 Change-Id: I9a32b00e3ffbf5b29bfdcad996a4296b5e37be7e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	ac2522092d	cmd/tailscale/cli: make exit-node list not random The output was changing randomly per run, due to range over a map. Then some misc style tweaks I noticed while debugging. Fixes #11629 Change-Id: I67aef0e68566994e5744d4828002f6eb70810ee1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Will Morrison	306bacc669	cmd/tailscale/cli: Add CLI command to update certs on Synology devices. Fixes #4674 Signed-off-by: Will Morrison <william.barr.morrison@gmail.com>	2 years ago
Charlotte Brandhorst-Satzkorn	98cf71cd73	tailscale: switch tailfs to drive syntax for api and logs (#11625 ) This change switches the api to /drive, rather than the previous /tailfs as well as updates the log lines to reflect the new value. It also cleans up some existing tailfs references. Updates tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	93618a3518	tailscale: update tailfs functions and vars to use drive naming (#11597 ) This change updates all tailfs functions and the majority of the tailfs variables to use the new drive naming. Updates tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	14683371ee	tailscale: update tailfs file and package names (#11590 ) This change updates the tailfs file and package names to their new naming convention. Updates #tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Andrea Gottardo	008676f76e	cmd/serve: update warning for sandboxed macOS builds (#11530 )	2 years ago
Andrew Lytvynov	5d41259a63	cmd/tailscale/cli: remove Beta tag from tailscale update (#11529 ) Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Brad Fitzpatrick	7b34154df2	all: deprecate Node.Capabilities (more), remove PeerChange.Capabilities [capver 89] First we had Capabilities []string. Then https://tailscale.com/blog/acl-grants (#4217) brought CapMap, a superset of Capabilities. Except we never really finished the transition inside the codebase to go all-in on CapMap. This does so. Notably, this coverts Capabilities on the wire early to CapMap internally so the code can only deal in CapMap, even against an old control server. In the process, this removes PeerChange.Capabilities support, which no known control plane sent anyway. They can and should use PeerChange.CapMap instead. Updates #11508 Updates #4217 Change-Id: I872074e226b873f9a578d9603897b831d50b25d9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Mario Minardi	d2ccfa4edd	cmd/tailscale,ipn/ipnlocal: enable web client over quad 100 by default (#11419 ) Enable the web client over 100.100.100.100 by default. Accepting traffic from [tailnet IP]:5252 still requires setting the `webclient` user pref. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com>	2 years ago
Andrea Gottardo	08ebac9acb	version,cli,safesocket: detect non-sandboxed macOS GUI (#11369 ) Updates ENG-2848 We can safely disable the App Sandbox for our macsys GUI, allowing us to use `tailscale ssh` and do a few other things that we've wanted to do for a while. This PR: - allows Tailscale SSH to be used from the macsys GUI binary when called from a CLI - tweaks the detection of client variants in prop.go, with new functions `IsMacSys()`, `IsMacSysApp()` and `IsMacAppSandboxEnabled()` Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	2 years ago
Irbe Krumina	ea55f96310	cmd/tailscale/cli: fix configuring partially empty kubeconfig (#11417 ) When a user deletes the last cluster/user/context from their kubeconfig via 'kubectl delete-[cluster\|user\|context] command, kubectx sets the relevant field in kubeconfig to 'null'. This was breaking our conversion logic that was assuming that the field is either non-existant or is an array. Updates tailscale/corp#18320 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Percy Wegmann	e496451928	ipn,cmd/tailscale,client/tailscale: add support for renaming TailFS shares - Updates API to support renaming TailFS shares. - Adds a CLI rename subcommand for renaming a share. - Renames the CLI subcommand 'add' to 'set' to make it clear that this is an add or update. - Adds a unit test for TailFS in ipnlocal Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	6c160e6321	ipn,tailfs: tie TailFS share configuration to user profile Previously, the configuration of which folders to share persisted across profile changes. Now, it is tied to the user's profile. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Sonia Appasamy	c58c59ee54	{ipn,cmd/tailscale/cli}: move ServeConfig mutation logic to ipn/serve Moving logic that manipulates a ServeConfig into recievers on the ServeConfig in the ipn package. This is setup work to allow the web client and cli to both utilize these shared functions to edit the serve config. Any logic specific to flag parsing or validation is left untouched in the cli command. The web client will similarly manage its validation of user's requested changes. If validation logic becomes similar-enough, we can make a serve util for shared functionality, which likely does not make sense in ipn. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Sonia Appasamy	65c3c690cf	{ipn/serve,cmd/tailscale/cli}: move some shared funcs to ipn In preparation for changes to allow configuration of serve/funnel from the web client, this commit moves some functionality that will be shared between the CLI and web client to the ipn package's serve.go file, where some other util funcs are already defined. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Anton Tolchanov	8cc5c51888	health: warn about reverse path filtering and exit nodes When reverse path filtering is in strict mode on Linux, using an exit node blocks all network connectivity. This change adds a warning about this to `tailscale status` and the logs. Example in `tailscale status`: ``` - not connected to home DERP region 22 - The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 ``` Example in the logs: ``` 2024/02/21 21:17:07 health("overall"): error: multiple errors: not in map poll The following issues on your machine will likely make usage of exit nodes impossible: [interface "eth0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1; see https://github.com/tailscale/tailscale/issues/3310 ``` Updates #3310 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 years ago
Andrea Gottardo	c8c999d7a9	cli/debug: rename DERP debug mode (#11220 ) Renames a debug flag in the CLI. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	2 years ago
Percy Wegmann	15b2c674bf	cmd/tailscale: add node attribute instructions to share command help This adds details on how to configure node attributes to allow sharing and accessing shares. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Paul Scott	7708ab68c0	cmd/tailscale/cli: pass "-o 'CanonicalizeHostname no'" to ssh Fixes #10348 Signed-off-by: Paul Scott <paul@tailscale.com>	2 years ago
Will Norris	6b582cb8b6	cmd/tailscale: support clickable IPv6 web client addresses Instead of constructing the `ip:port` string ourselves, use netip.AddrPortFrom which handles IPv6 correctly. Updates #11164 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Will Norris	24487815e1	cmd/tailscale: make web client URL clickable Updates #11151 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Percy Wegmann	d0ef3a25df	cmd/tailscale: hide share subcommand Fixes #1115 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	abab0d4197	tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	993acf4475	tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Joe Tsai	94a4f701c2	all: use reflect.TypeFor now available in Go 1.22 (#11078 ) Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Charlotte Brandhorst-Satzkorn	0f042b9814	cmd/tailscale/cli: fix exit node status output (#11076 ) This change fixes the format of tailscale status output when location based exit nodes are present. Fixes #11065 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Will Norris	128c99d4ae	client/web: add new readonly mode The new read-only mode is only accessible when running `tailscale web` by passing a new `-readonly` flag. This new mode is identical to the existing login mode with two exceptions: - the management client in tailscaled is not started (though if it is already running, it is left alone) - the client does not prompt the user to login or switch to the management client. Instead, a message is shown instructing the user to use other means to manage the device. Updates #10979 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Brad Fitzpatrick	2bd3c1474b	util/cmpx: delete now that we're using Go 1.22 Updates #11058 Change-Id: I09dea8e86f03ec148b715efca339eab8b1f0f644 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Lytvynov	fbfc3b7e51	cmd/tailscale/cli: run Watch with NotifyNoPrivateKeys (#10950 ) When running as non-root non-operator user, you get this error: ``` $ tailscale serve 8080 Access denied: watch IPN bus access denied, must set ipn.NotifyNoPrivateKeys when not running as admin/root or operator Use 'sudo tailscale serve 8080' or 'tailscale up --operator=$USER' to not require root. ``` It should fail, but the error message is confusing. With this fix: ``` $ tailscale serve 8080 sending serve config: Access denied: serve config denied Use 'sudo tailscale serve 8080' or 'tailscale up --operator=$USER' to not require root. ``` Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
James Tucker	457102d070	go.mod: bump most deps for start of cycle Plan9 CI is disabled. 3p dependencies do not build for the target. Contributor enthusiasm appears to have ceased again, and no usage has been made. Skipped gvisor, nfpm, and k8s. Updates #5794 Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Joe Tsai	c25968e1c5	all: make use of ctxkey everywhere (#10846 ) Also perform minor cleanups on the ctxkey package itself. Provide guidance on when to use ctxkey.Key[T] over ctxkey.New. Also, allow for interface kinds because the value wrapping trick also happens to fix edge cases with interfaces in Go. Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Charlotte Brandhorst-Satzkorn	e6910974ca	cmd/tailscale/cli: add description to exit-node CLI command This change adds a description to the exit-node CLI command. This description will be displayed when using `tailscale -h` and `tailscale exit-node -h`. Fixes #10787 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Sonia Appasamy	ea9c7f991a	cli/set: add printout when web client started Prints a helpful message with the web UI's address when running tailscale set --webclient. Updates tailscale/corp#16345 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Andrew Dunham	20f3f706a4	net/netutil: allow 16-bit 4via6 site IDs The prefix has space for 32-bit site IDs, but the validateViaPrefix function would previously have disallowed site IDs greater than 255. Fixes tailscale/corp#16470 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I4cdb0711dafb577fae72d86c4014cf623fa538ef	2 years ago
Adrian Dewhurst	c05c4bdce4	ipn: apply ControlURL policy before login Unlike most prefs, the ControlURL policy needs to take effect before login. This resolves an issue where on first start, even when the ControlURL policy is set, it will generate a login URL to the Tailscale SaaS server. Updates tailscale/coral#118 Fixes #10736 Change-Id: I6da2a521f64028c15dbb6ac8175839fc3cc4e858 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Andrew Dunham	d3574a350f	cmd/tailscale, ipn/ipnlocal: add 'debug dial-types' command This command allows observing whether a given dialer ("SystemDial", "UserDial", etc.) will successfully obtain a connection to a provided host, from inside tailscaled itself. This is intended to help debug a variety of issues from subnet routers to split DNS setups. Updates #9619 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ie01ebb5469d3e287eac633ff656783960f697b84	2 years ago
Chris Palmer	5deeb56b95	cmd/tailscale/cli: document usage more clearly (#10681 ) The IP argument is required; only the port is optional. Updates #10605 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	2 years ago
Andrew Lytvynov	2716250ee8	all: cleanup unused code, part 2 (#10670 ) And enable U1000 check in staticcheck. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Gavin Greenwalt	865ee25a57	cmd/tailscale/cli: update debug.go (#10644 ) redundant run "portmap debugging" word 'debugging' Signed-off-by: Gavin Greenwalt <gavin@sfstudios.com>	2 years ago
Andrew Dunham	a661287c4b	util/cmpx: remove code that's in the stdlib now The cmpx.Compare function (and associated interface) are now available in the standard library as cmp.Compare. Remove our version of it and use the version from the standard library. Updates #cleanup Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I4be3ac63d466c05eb7a0babb25cb0d41816fbd53	2 years ago
Andrew Lytvynov	945cf836ee	ipn: apply tailnet-wide default for auto-updates (#10508 ) When auto-update setting in local Prefs is unset, apply the tailnet default value from control. This only happens once, when we apply the default (or when the user manually overrides it), tailnet default no longer affects the node. Updates #16244 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Dunham	d05a572db4	net/portmapper: handle multiple UPnP discovery responses Instead of taking the first UPnP response we receive and using that to create port mappings, store all received UPnP responses, sort and deduplicate them, and then try all of them to obtain an external address. Updates #10602 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I783ccb1834834ee2a9ecbae2b16d801f2354302f	2 years ago
Andrew Dunham	727acf96a6	net/netcheck: use DERP frames as a signal for home region liveness This uses the fact that we've received a frame from a given DERP region within a certain time as a signal that the region is stil present (and thus can still be a node's PreferredDERP / home region) even if we don't get a STUN response from that region during a netcheck. This should help avoid DERP flaps that occur due to losing STUN probes while still having a valid and active TCP connection to the DERP server. RELNOTE=Reduce home DERP flapping when there's still an active connection Updates #8603 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: If7da6312581e1d434d5c0811697319c621e187a0	2 years ago
Maisem Ali	3aa6468c63	cmd/tailscale/cli: add whois subcommand Initial implementation of a `tailscale whois` subcommand which allows users to observe metadata associated with a Tailscale IP. It also has a `--json` flag to allow consumption programmatically. Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Andrew Lytvynov	d8493d4bd5	clientupdate: add explicit Track to Arguments (#10548 ) Instead of overloading the Version field, add an explicit Track field. This fixes a bug where passing a track name in `args.Version` would keep the track name in `updater.Version` and pass it down the code path to commands like `apt-get install`. Now, `updater.Version` should always be a version (or empty string). Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Lytvynov	e25f114916	ipn,cmd/tailscale/cli: support hierarchical MaskedPrefs (#10507 ) Some fields if `ipn.Prefs` are structs. `ipn.MaskedPrefs` has a single level of boolean `*Set` flags, which doesn't map well to nested structs within `ipn.Prefs`. Change `MaskedPrefs` and `ApplyEdits` to support `FooSet` struct fields that map to a nested struct of `ipn.Prefs` like `AutoUpdates`. Each struct field in `MaskedPrefs` is just a bundle of more `Set` bool fields or other structs. This allows you to have a `Set` flag for any arbitrarily-nested field of `ipn.Prefs`. Also, make `ApplyEdits` match fields between `Prefs` and `MaskedPrefs` by name instead of order, to make it a bit less finicky. It's probably slower but `ipn.ApplyEdits` should not be in any hot path. As a result, `AutoUpdate.Check` and `AutoUpdate.Apply` fields don't clobber each other when set individually. Updates #16247 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Aaron Klotz	0f646937e9	clientupdate: remove TS_NOLAUNCH and GUI restart hacks from autoupdate We've fixed the underlying issue in github.com/tailscale/corp/issues/13998. Fixes #10513 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Andrew Dunham	3f576fc4ca	ci: run 'go vet' in golangci-lint; fix errors in tests Updates #cleanup Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ice78fc907bad24c1de749a1595e212ef2db4b8bb	2 years ago
Naman Sood	0a59754eda	linuxfw,wgengine/route,ipn: add c2n and nodeattrs to control linux netfilter Updates tailscale/corp#14029. Signed-off-by: Naman Sood <mail@nsood.in>	2 years ago
Sonia Appasamy	7a4ba609d9	client/web: show features based on platform support Hiding/disabling UI features when not available on the running client. Updates #10261 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Andrew Lytvynov	ac4b416c5b	cmd/tailscale,ipn/ipnlocal: pass available update as health message (#10420 ) To be consistent with the formatting of other warnings, pass available update health message instead of handling ClientVersion in he CLI. Fixes #10312 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Lytvynov	5a9e935597	clientupdate: implement update for Unraid (#10344 ) Use the [`plugin` CLI](https://forums.unraid.net/topic/72240-solved-is-there-a-way-to-installuninstall-plugins-from-script/#comment-676870) to fetch and apply the update. Updates https://github.com/tailscale/tailscale/issues/10184 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Jenny Zhang	d5d84f1a68	cmd/tailscale: also warn about IP forwarding if using CLI set We warn users about IP forwarding being disabled when using `--avertise-routes` in `tailscale up`, this adds the same warnings to `tailscale set`. Updates tailscale/corp#9968 Signed-off-by: Jenny Zhang <jz@tailscale.com>	2 years ago
David Anderson	f867392970	cmd/tailscale/cli: add debug function to print the netmap It's possible to do this with a combination of watch-ipn and jq, but looking at the netmap while debugging is quite common, so it's nice to have a one-shot command to get it. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
David Anderson	fd22145b52	cmd/tailscale/cli: make 'debug watch-ipn' play nice with jq jq doens't like non-json output in the json stream, and works more happily when the input stream EOFs at some point. Move non-json words to stderr, and add a parameter to stop watching and exit after some number of objects. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Marwan Sulaiman	2dc0645368	ipn/ipnlocal,cmd/tailscale: persist tailnet name in user profile This PR starts to persist the NetMap tailnet name in SetPrefs so that tailscaled clients can use this value to disambiguate fast user switching from one tailnet to another that are under the same exact login. We will also try to backfill this information during backend starts and profile switches so that users don't have to re-authenticate their profile. The first client to use this new information is the CLI in 'tailscale switch -list' which now uses text/tabwriter to display the ID, Tailnet, and Account. Since account names are ambiguous, we allow the user to pass 'tailscale switch ID' to specify the exact tailnet they want to switch to. Updates #9286 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
James Tucker	28684b0538	cmd/tailscale/cli: correct app connector help text in set Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Brad Fitzpatrick	3bd382f369	wgengine/magicsock: add DERP homeless debug mode for testing In DERP homeless mode, a DERP home connection is not sought or maintained and the local node is not reachable. Updates #3363 Updates tailscale/corp#396 Change-Id: Ibc30488ac2e3cfe4810733b96c2c9f10a51b8331 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Sonia Appasamy	2dbd546766	client/web: remove DebugMode from GET /api/data No longer using this! Readonly state fully managed via auth endpoint. Also getting rid of old Legacy server mode. A #cleanup Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Will Norris	9b537f7c97	ipn: remove the preview-webclient node capability Now that 1.54 has released, and the new web client will be included in 1.56, we can remove the need for the node capability. This means that all 1.55 unstable builds, and then eventually the 1.56 build, will work without setting the node capability. The web client still requires the "webclient" user pref, so this does NOT mean that the web client will be on by default for all devices. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Will Norris	303a1e86f5	cmd/tailscale: expose --webclient for all builds This removes the dev/unstable build check for the --webclient flag on `tailscale set`, so that it will be included in the next major stable release (1.56) Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Andrew Dunham	e33bc64cff	net/dnsfallback: add singleflight to recursive resolver This prevents running more than one recursive resolution for the same hostname in parallel, which can use excessive amounts of CPU when called in a tight loop. Additionally, add tests that hit the network (when run with a flag) to test the lookup behaviour. Updates tailscale/corp#15261 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I39351e1d2a8782dd4c52cb04b3bd982eb651c81e	2 years ago
Sonia Appasamy	bb31912ea5	cmd/cli: remove --webclient flag from up Causing issues building a stable release. Getting rid of the flag for now because it was only available in unstable, can still be turned on through localapi. A #cleanup Co-authored-by: Will Norris <will@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Andrew Lytvynov	c3f1bd4c0a	clientupdate: fix auto-update on Windows over RDP (#10242 ) `winutil.WTSGetActiveConsoleSessionId` only works for physical desktop logins and does not return the session ID for RDP logins. We need to `windows.WTSEnumerateSessions` and find the active session. Fixes https://github.com/tailscale/corp/issues/15772 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Tom DNetto	90a0aafdca	cmd/tailscale: warn if app-connector is enabled without ip forwarding Fixes: ENG-2446 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Will Norris	fdbe511c41	cmd/tailscale: add -webclient flag to up and set Initially, only expose this flag on dev and unstable builds. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Sonia Appasamy	942d720a16	cli/web: don't block startup on status req If the status request to check for the preview node cap fails, continue with starting up the legacy client. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Will Norris	7e81c83e64	cmd/tailscale: respect existing web client pref After running `tailscale web`, only disable the user pref if it was not already previously set. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Sonia Appasamy	0ecfc1d5c3	client/web: fill devMode from an env var Avoids the need to pipe a web client dev flag through the tailscaled command. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Sonia Appasamy	191e2ce719	client/web: add ServerMode to web.Server Adds a new Mode to the web server, indicating the specific scenario the constructed server is intended to be run in. Also starts filling this from the cli/web and ipn/ipnlocal callers. From cli/web this gets filled conditionally based on whether the preview web client node cap is set. If not set, the existing "legacy" client is served. If set, both a login/lobby and full management client are started (in "login" and "manage" modes respectively). Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
James Tucker	ca4c940a4d	ipn: introduce app connector advertisement preference and flags Introduce a preference structure to store the setting for app connector advertisement. Introduce the associated flags: tailscale up --advertise-connector{=true,=false} tailscale set --advertise-connector{=true,=false} ``` % tailscale set --advertise-connector=false % tailscale debug prefs \| jq .AppConnector.Advertise false % tailscale set --advertise-connector=true % tailscale debug prefs \| jq .AppConnector.Advertise true % tailscale up --advertise-connector=false % tailscale debug prefs \| jq .AppConnector.Advertise false % tailscale up --advertise-connector=true % tailscale debug prefs \| jq .AppConnector.Advertise true ``` Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Will Norris	28ad910840	ipn: add user pref for running web client This is not currently exposed as a user-settable preference through `tailscale up` or `tailscale set`. Instead, the preference is set when turning the web client on and off via localapi. In a subsequent commit, the pref will be used to automatically start the web client on startup when appropriate. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Sonia Appasamy	89953b015b	ipn/ipnlocal,client/web: add web client to tailscaled Allows for serving the web interface from tailscaled, with the ability to start and stop the server via localapi endpoints (/web/start and /web/stop). This will be used to run the new full management web client, which will only be accessible over Tailscale (with an extra auth check step over noise) from the daemon. This switch also allows us to run the web interface as a long-lived service in environments where the CLI version is restricted to CGI, allowing us to manage certain auth state in memory. ipn/ipnlocal/web is stubbed out in ipn/ipnlocal/web_stub for ios builds to satisfy ios restriction from adding "text/template" and "html/template" dependencies. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Maisem Ali	9107b5eadf	cmd/tailscale/cli: use status before doing interactive feature query We were inconsistent whether we checked if the feature was already enabled which we could do cheaply using the locally available status. We would do the checks fine if we were turning on funnel, but not serve. This moves the cap checks down into enableFeatureInteractive so that are always run. Updates #9984 Co-authored-by: Tyler Smalley <tyler@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Aaron Klotz	95671b71a6	ipn, safesocket: use Windows token in LocalAPI On Windows, the idiomatic way to check access on a named pipe is for the server to impersonate the client on its current OS thread, perform access checks using the client's access token, and then revert the OS thread's access token back to its true self. The access token is a better representation of the client's rights than just a username/userid check, as it represents the client's effective rights at connection time, which might differ from their normal rights. This patch updates safesocket to do the aforementioned impersonation, extract the token handle, and then revert the impersonation. We retain the token handle for the remaining duration of the connection (the token continues to be valid even after we have reverted back to self). Since the token is a property of the connection, I changed ipnauth to wrap the concrete net.Conn to include the token. I then plumbed that change through ipnlocal, ipnserver, and localapi as necessary. I also added a PermitLocalAdmin flag to the localapi Handler which I intend to use for controlling access to a few new localapi endpoints intended for configuring auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Tyler Smalley	131518eed1	cmd/tailscale/cli: improve error when bg serve config is present (#9961 ) We prevent shodow configs when starting a foreground when a background serve config already exists for the serve type and port. This PR improves the messaging to let the user know how to remove the previous config. Updates #8489 ENG-2314 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Tyler Smalley	1873bc471b	cmd/tailscale/cli: remove http flag for funnel command (#9955 ) The `--http` flag can not be used with Funnel, so we should remove it to remove confusion. Updates #8489 ENG-2316 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Marwan Sulaiman	5f3cdaf283	cmd/tailscale/cli: chage port flags to uint for serve and funnel This PR changes the -https, -http, -tcp, and -tls-terminated-tcp flags from string to int and also updates the validation to ensure they fit the uint16 size as the flag library does not have a Uint16Var method. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Marwan Sulaiman	a7e4cebb90	cmd/tailscale/cli: refactor TestServeDevConfigMutations The TestServeDevConfigMutations test has 63 steps that all run under the same scope. This tests breaks them out into isolated subtests that can be run independently. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Andrew Lytvynov	21b6d373b0	cmd/tailscale/cli: unhide auto-update flags and mark update as Beta (#9954 ) Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Marwan Sulaiman	f5a7551382	cmd/tailscale: fix help message for serve funnel We currently print out "run tailscale serve --help" when the subcmd might be funnel. This PR ensures the right subcmd is passed. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Andrew Lytvynov	d3bc575f35	cmd/tailscale/cli: set Sparkle auto-update on macsys (#9952 ) On `tailscale set --auto-update`, set the Sparkle plist option for it. Also make macsys report not supporting auto-updates over c2n, since they will be triggered by Sparkle locally. Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Tyler Smalley	269a498c1e	cmd/tailscale/cli: serve --set-path should not force background mode (#9905 ) A few people have run into issues with understanding why `--set-path` started in background mode, and/or why they couldn't use a path in foreground mode. This change allows `--set-path` to be used in either case (foreground or background). updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Andrew Lytvynov	593c086866	clientupdate: distinguish when auto-updates are possible (#9896 ) clientupdate.Updater will have a non-nil Update func in a few cases where it doesn't actually perform an update: * on Arch-like distros, where it prints instructions on how to update * on macOS app store version, where it opens the app store page Add a new clientupdate.Arguments field to cause NewUpdater to fail when we hit one of these cases. This results in c2n updates being "not supported" and `tailscale set --auto-update` returning an error. Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Tyler Smalley	35d7b3aa27	cmd/tailscale/cli: updates help and background messaging (#9929 ) * Fixes issue with template string not being provided in help text * Updates background information to provide full URL, including path, to make it clear the source and destination * Restores some tests * Removes AllowFunnel in ServeConfig if no proxy exists for that port. updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Marwan Sulaiman	c53ee37912	cmd/tailscale: add set-raw to the new serve funnel commands This PR adds the same set-raw from the old flow into the new one so that users can continue to use it when transitioning into the new flow. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago

1 2 3 4 5 ...

887 Commits (c0c4791ce79e0818749cad0ebfc076ffb6f4767c)