887 Commits (c0c4791ce79e0818749cad0ebfc076ffb6f4767c)

Author	SHA1	Message	Date
Marwan Sulaiman	f232d4554a	cmd/tailscale: translate old serve commands to new ones ... This PR fixes the isLegacyInvocation to better catch serve and funnel legacy commands. In addition, it now also returns a string that translates the old command into the new one so that users can have an easier transition story. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Marwan Sulaiman	60e768fd14	cmd/tailscale: allow serve|funnel off to delete an entire port ... This PR allows you to do "tailscale serve -bg -https:4545 off" and it will delete all handlers under it. It will also prompt you for a y/n in case you wanted to delete a single port. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Tyler Smalley	d9081d6ba2	cmd/tailscale/cli: update serve/funnel CLI help text (#9895) ... updates #8489 ENG-2308 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Andrew Lytvynov	70f9c8a6ed	clientupdate: change Mac App Store support (#9891) ... In the sandboxed app from the app store, we cannot check `/Library/Preferences/com.apple.commerce.plist` or run `softwareupdate`. We can at most print a helpful message and open the app store page. Also, reenable macsys update function to mark it as supporting c2n updates. macsys support in `tailscale update` was fixed. Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Joe Tsai	469b7cabad	cmd/tailscale: improve taildrop progress printer on Linux (#9878) ... The progress printer was buggy where it would not print correctly and some of the truncation logic was faulty. The progress printer now prints something like: go1.21.3.linux-amd64.tar.gz 21.53MiB 13.83MiB/s 33.88% ETA 00:00:03 where it shows * the number of bytes transferred so far * the rate of bytes transferred (using a 1-second half-life for an exponentially weighted average) * the progress made as a percentage * the estimated time (as calculated from the rate of bytes transferred) Other changes: * It now correctly prints the progress for very small files * It prints at a faster rate (4Hz instead of 1Hz) * It uses IEC units for byte quantities (to avoid ambiguities of "kb" being kilobits or kilobytes) Updates tailscale/corp#14772 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Tyler Smalley	7a3ae39025	cmd/tailscale/cli: [serve/funnel] support omitting scheme for TCP (#9856) ... The `serve` command for TCP has always required the scheme of the target to be specified. However, when it's omitted the error message reported is misleading ``` error: failed to apply TCP serve: invalid TCP target "localhost:5900": missing port in address ``` Since we know the target is TCP, we shouldn't require it to be specified. This aligns with the changes for HTTP proxies in https://github.com/tailscale/tailscale/issues/8489 closes #9855 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Tyler Smalley	35376d52d4	cmd/tailscale/cli: [serve/funnel] provide correct command for disabling (#9859) ... The `off` subcommand removes a serve/funnel for the corresponding type and port. Previously, we were not providing this which would result in an error if someone was using something than the default https=443. closes #9858 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Andrew Lytvynov	33bb2bbfe9	tailcfg,cmd/tailscale: add UrgentSecurityUpdate flag to ClientVersion (#9848) ... This flag is used in clients to surface urgent updates more prominently. Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Tyler Smalley	ddb2a6eb8d	cmd/tailscale: promote new serve/funnel CLI to be default (#9833) ... The change is being kept to a minimum to make a revert easy if necessary. After the release, we will go back for a final cleanup. updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Brad Fitzpatrick	18bd98d35b	cmd/tailscaled,*: add start of configuration file support ... Updates #1412 Co-authored-by: Maisem Ali <maisem@tailscale.com> Change-Id: I38d559c1784d09fc804f521986c9b4b548718f7d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
James Tucker	96f01a73b1	tailcfg: import ProtoPortRange for local use ... Imported type and parsing, with minor modifications. Updates tailscale/corp#15043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	c1ef55249a	types/ipproto: import and test string parsing for ipproto ... IPProto has been being converted to and from string formats in multiple locations with variations in behavior. TextMarshaller and JSONMarshaller implementations are now added, along with defined accepted and preferred formats to centralize the logic into a single cross compatible implementation. Updates tailscale/corp#15043 Fixes tailscale/corp#15141 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Maisem Ali	9d96e05267	net/packet: split off checksum munging into different pkg ... The current structure meant that we were embedding netstack in the tailscale CLI and in the GUIs. This removes that by isolating the checksum munging to a different pkg which is only called from `net/tstun`. Fixes #9756 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Sonia Appasamy	7a0de2997e	client/web: remove unused context param from NewServer ... Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Andrew Lytvynov	677d486830	clientupdate: abort if current version is newer than latest (#9733) ... This is only relevant for unstable releases and local builds. When local version is newer than upstream, abort release. Also, re-add missing newlines in output that were missed in https://github.com/tailscale/tailscale/pull/9694. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Kristoffer Dalby	623926a25d	cmd/tailscale: add --posture-checking flag to set ... Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2 years ago
Brad Fitzpatrick	6f36f8842c	cmd/tailscale, magicsock: add debug command to flip DERP homes ... For testing netmap patchification server-side. Updates #1909 Change-Id: Ib1d784bd97b8d4a31e48374b4567404aae5280cc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Lytvynov	e6aa7b815d	clientupdate,cmd/tailscale/cli: use cli.Stdout/Stderr (#9694) ... In case cli.Stdout/Stderr get overriden, all CLI output should use them instead of os.Stdout/Stderr. Update the `update` command to follow this pattern. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Lytvynov	3ee756757b	cmd/tailscale/cli: add update notification to "up" (#9644) ... Add available update message in "tailscale up" output. Also update the message in "tailscale status" to match and mention auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Brad Fitzpatrick	93c6e1d53b	tstest/deptest: add check that x/exp/{maps,slices} imported as xfoo ... Updates #cleanup Change-Id: I4cbb5e477c739deddf7a46b66f286c9fdb106279 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Val	73e53dcd1c	cmd/tailscale,ipn/ipnlocal: print debug component names ... Make the 'tailscale debug component-logs' command print the component names for which extra logging can be turned on, for easier discoverability of debug functions. Updates #cleanup Co-authored-by: Paul Scott <paul@tailscale.com> Signed-off-by: Val <valerie@tailscale.com>	2 years ago
Tom DNetto	656a77ab4e	net/packet: implement methods for rewriting v6 addresses ... Implements the ability for the address-rewriting code to support rewriting IPv6 addresses. Specifically, UpdateSrcAddr & UpdateDstAddr. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates https://github.com/tailscale/corp/issues/11202	2 years ago
James Tucker	0c8c374a41	go.mod: bump all dependencies except go-billy ... go-billy is held back at v5.4.1 in order to avoid a newly introduced subdependency that is not compatible with plan9. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Maisem Ali	354455e8be	ipn: use NodeCapMap in CheckFunnel ... These were missed when adding NodeCapMap and resulted in tsnet binaries not being able to turn on funnel. Fixes #9566 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Marwan Sulaiman	651620623b	ipn/ipnlocal: close foreground sessions on SetServeConfig ... This PR ensures zombie foregrounds are shutdown if a new ServeConfig is created that wipes the ongoing foreground ones. For example, "tailscale serve|funnel reset|off" should close all open sessions. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Brad Fitzpatrick	04fabcd359	ipn/{ipnlocal,localapi}, cli: add debug force-netmap-update ... For loading testing & profiling the cost of full netmap updates. Updates #1909 Change-Id: I0afdf5de9967f8d95c7f81d5b531ed1c92c3208f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Will Norris	652f77d236	client/web: switch to using prebuilt web client assets ... Updates tailscale/corp#13775 Co-authored-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Maisem Ali	19a9d9037f	tailcfg: add NodeCapMap ... Like PeerCapMap, add a field to `tailcfg.Node` which provides a map of Capability to raw JSON messages which are deferred to be parsed later by the application code which cares about the specific capabilities. This effectively allows us to prototype new behavior without having to commit to a schema in tailcfg, and it also opens up the possibilities to develop custom behavior in tsnet applications w/o having to plumb through application specific data in the MapResponse. Updates #4217 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	4da0689c2c	tailcfg: add Node.HasCap helpers ... This makes a follow up change less noisy. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Marwan Sulaiman	d25217c9db	cmd/tailscale/cli: error when serving foreground if bg already exists ... This PR fixes a bug to make sure that we don't allow two configs exist with duplicate ports Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Maisem Ali	a61caea911	tailcfg: define a type for NodeCapability ... Instead of untyped string, add a type to identify these. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Tyler Smalley	dfefaa5e35	Use parent serve config ... Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Marwan Sulaiman	f3a5bfb1b9	cmd/tailscale/cli: add set serve validations ... This PR adds validations for the new new funnel/serve commands under the following rules: 1. There is always a single config for one port (bg or fg). 2. Foreground configs under the same port cannot co-exists (for now). 3. Background configs can change as long as the serve type is the same. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Marwan Sulaiman	3421784e37	cmd/tailscale/cli: use optimistic concurrency control on SetServeConfig ... This PR uses the etag/if-match pattern to ensure multiple calls to SetServeConfig are synchronized. It currently errors out and asks the user to retry but we can add occ retries as a follow up. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Tyler Smalley	82c1dd8732	cmd/tailscale: funnel wip cleanup and additional test coverage (#9316) ... General cleanup and additional test coverage of WIP code. * use enum for serveType * combine instances of ServeConfig access within unset * cleanMountPoint rewritten into cleanURLPath as it only handles URL paths * refactor and test expandProxyTargetDev > **Note** > Behind the `TAILSCALE_USE_WIP_CODE` flag updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Brad Fitzpatrick	668a0dd5ab	cmd/tailscale/cli: fix panic in netcheck print when no DERP home ... Fixes #8016 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	7c1ed38ab3	ipn/ipnlocal: fix missing controlknobs.Knobs plumbing ... I missed connecting some controlknobs.Knobs pieces in 4e91cf20a8 resulting in that breaking control knobs entirely. Whoops. The fix in ipn/ipnlocal (where it makes a new controlclient) but to atone, I also added integration tests. Those integration tests use a new "tailscale debug control-knobs" which by itself might be useful for future debugging. Updates #9351 Change-Id: Id9c89c8637746d879d5da67b9ac4e0d2367a3f0d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	4e91cf20a8	control/controlknobs, all: add plumbed Knobs type, not global variables ... Previously two tsnet nodes in the same process couldn't have disjoint sets of controlknob settings from control as both would overwrite each other's global variables. This plumbs a new controlknobs.Knobs type around everywhere and hangs the knobs sent by control on that instead. Updates #9351 Change-Id: I75338646d36813ed971b4ffad6f9a8b41ec91560 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Marwan Sulaiman	f12c71e71c	cmd/tailscale: reduce duplicate calls to LocalBackend ... This PR ensures calls to the LocalBackend are not happening multiples times and ensures the set/unset methods are only manipulating the serve config Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Andrew Lytvynov	d23b8ffb13	cmd/tailscale/cli,ipn: mention available update in "tailscale status" (#9205) ... Cache the last `ClientVersion` value that was received from coordination server and pass it in the localapi `/status` response. When running `tailscale status`, print a message if `RunningAsLatest` is `false`. Updates #6907 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Marwan Sulaiman	a1d4144b18	cmd/tailscale: combine foreground and background serve logic ... Previously, foreground mode only worked in the simple case of `tailscale funnel <port>`. This PR ensures that whatever you can do in the background can also be done in the foreground such as setting mount paths or tcp forwarding. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Tyler Smalley	70a9854b39	cmd/tailscale: add background mode to serve/funnel wip (#9202) ... > **Note** > Behind the `TAILSCALE_FUNNEL_DEV` flag * Expose additional listeners through flags * Add a --bg flag to run in the background * --set-path to set a path for a specific target (assumes running in background) See the parent issue for more context. Updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com>	2 years ago
Marwan Sulaiman	50990f8931	ipn, ipn/ipnlocal: add Foreground field for ServeConfig ... This PR adds a new field to the serve config that can be used to identify which serves are in "foreground mode" and then can also be used to ensure they do not get persisted to disk so that if Tailscaled gets ungracefully shutdown, the reloaded ServeConfig will not have those ports opened. Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Chris Palmer	ac7b4d62fd	cmd/tailscale/cli: make update visible in list (#8662) ... This also makes "HIDDEN: " work (requires the custom UsageFunc). Updates #6995 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	2 years ago
Sonia Appasamy	f824274093	cli/serve: shorten help text on error ... Our BETA serve help text is long and often hides the actual error in the user's usage. Instead of printing the full text, prompt users to use `serve --help` if they want the help info. Fixes #14274 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Will Norris	9a3bc9049c	client/web,cmd/tailscale: add prefix flag for web command ... We already had a path on the web client server struct, but hadn't plumbed it through to the CLI. Add that now and use it for Synology and QNAP instead of hard-coding the path. (Adding flag for QNAP is tailscale/tailscale-qpkg#112) This will allow supporting other environments (like unraid) without additional changes to the client/web package. Also fix a small bug in unraid handling to only include the csrf token on POST requests. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Andrew Lytvynov	34e3450734	cmd/tailscale,ipn: add auto-update flags and prefs (#8861) ... The flags are hidden for now. Adding propagation to tailscaled and persistence only. The prefs field is wrapped in a struct to allow for future expansion (like update schedule). Updates #6907 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Tyler Smalley	e1fbb5457b	cmd/tailscale: combine serve and funnel for debug wip funnel stream model (#9169) ... > **Note** > Behind the `TAILSCALE_USE_WIP_CODE` flag In preparing for incoming CLI changes, this PR merges the code path for the `serve` and `funnel` subcommands. See the parent issue for more context. The following commands will run in foreground mode when using the environment flag. ``` tailscale serve localhost:3000 tailscae funnel localhost:3000 ``` Replaces #9134 Updates #8489 Signed-off-by: Tyler Smalley <tyler@tailscale.com> Signed-off-by: Marwan Sulaiman <marwan@tailscale.com> Co-authored-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Andrew Lytvynov	4e72992900	clientupdate: add linux tarball updates (#9144) ... As a fallback to package managers, allow updating tailscale that was self-installed in some way. There are some tricky bits around updating the systemd unit (should we stick to local binary paths or to the ones in tailscaled.service?), so leaving that out for now. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Chris Palmer	ce1e02096a	ipn/ipnlocal: support most Linuxes in handleC2NUpdate (#9114) ... * ipn/ipnlocal: support most Linuxes in handleC2NUpdate Updates #6995 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	2 years ago
Brad Fitzpatrick	590c693b96	types/logger: add AsJSON ... Printing out JSON representation things in log output is pretty common. Updates #cleanup Change-Id: Ife2d2e321a18e6e1185efa8b699a23061ac5e5a4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Lytvynov	8d2eaa1956	clientupdate: download SPK and MSI packages with distsign (#9115) ... Reimplement `downloadURLToFile` using `distsign.Download` and move all of the progress reporting logic over there. Updates #6995 Updates #755 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Will Norris	d74c771fda	client/web: always use new web client; remove old client ... This uses the new react-based web client for all builds, not just with the --dev flag. If the web client assets have not been built, the client will serve a message that Tailscale was built without the web client, and link to build instructions. Because we will include the web client in all of our builds, this should only be seen by developers or users building from source. (And eventually this will be replaced by attempting to download needed assets as runtime.) We do now checkin the build/index.html file, which serves the error message when assets are unavailable. This will also eventually be used to trigger in CI when new assets should be built and uploaded to a well-known location. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Andrew Dunham	c86a610eb3	cmd/tailscale, net/portmapper: add --log-http option to "debug portmap" ... This option allows logging the raw HTTP requests and responses that the portmapper Client makes when using UPnP. This can be extremely helpful when debugging strange UPnP issues with users' devices, and might allow us to avoid having to instruct users to perform a packet capture. Updates #8992 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I2c3cf6930b09717028deaff31738484cc9b008e4	2 years ago
Sonia Appasamy	f3077c6ab5	client/web: add self node cache ... Adds a cached self node to the web client Server struct, which will be used from the web client api to verify that request came from the node's own machine (i.e. came from the web client frontend). We'll be using when we switch the web client api over to acting as a proxy to the localapi, to protect against DNS rebinding attacks. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Will Norris	824cd02d6d	client/web: cache csrf key when running in CGI mode ... Indicate to the web client when it is running in CGI mode, and if it is then cache the csrf key between requests. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Brad Fitzpatrick	5b6a90fb33	types/logger, cmd/tailscale/cli: flesh out, simplify some non-unix build tags ... Can write "wasm" instead of js || wasi1p, since there's only two: $ go tool dist list | grep wasm js/wasm wasip1/wasm Plus, if GOOS=wasip2 is added later, we're already set. Updates #5794 Change-Id: Ifcfb187c3775c17c9141bc721512dc4577ac4434 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	d58ba59fd5	cmd/tailscale/cli: make netcheck run even if machine lacks TLS certs ... We have a fancy package for doing TLS cert validation even if the machine doesn't have TLS certs (for LetsEncrypt only) but the CLI's netcheck command wasn't using it. Also, update the tlsdial's outdated package docs while here. Updates #cleanup Change-Id: I74b3cb645d07af4d8ae230fb39a60c809ec129ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Sonia Appasamy	78f087aa02	cli/web: pass existing localClient to web client ... Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Aaron Klotz	ea693eacb6	util/winutil: add RegisterForRestart, allowing programs to indicate their preferences to the Windows restart manager ... In order for the installer to restart the GUI correctly post-upgrade, we need the GUI to be able to register its restart preferences. This PR adds API support for doing so. I'm adding it to OSS so that it is available should we need to do any such registrations on OSS binaries in the future. Updates https://github.com/tailscale/corp/issues/13998 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Marwan Sulaiman	35ff5bf5a6	cmd/tailscale/cli, ipn/ipnlocal: [funnel] add stream mode ... Adds ability to start Funnel in the foreground and stream incoming connections. When foreground process is stopped, Funnel is turned back off for the port. Exampe usage: ``` TAILSCALE_FUNNEL_V2=on tailscale funnel 8080 ``` Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Brad Fitzpatrick	84b94b3146	types/netmap, all: make NetworkMap.SelfNode a tailcfg.NodeView ... Updates #1909 Change-Id: I8c470cbc147129a652c1d58eac9b790691b87606 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Sonia Appasamy	077bbb8403	client/web: add csrf protection to web client api ... Adds csrf protection and hooks up an initial POST request from the React web client. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Maisem Ali	8a5ec72c85	cmd/cloner: use maps.Clone and ptr.To ... Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	4511e7d64e	ipn/ipnstate: add PeerStatus.AltSharerUserID, stop mangling Node.User ... In b987b2ab18 (2021-01-12) when we introduced sharing we mapped the sharer to the userid at a low layer, mostly to fix the display of "tailscale status" and the client UIs, but also some tests. The commit earlier today, 7dec09d169, removed the 2.5yo option to let clients disable that automatic mapping, as clearly we were never getting around to it. This plumbs the Sharer UserID all the way to ipnstatus so the CLI itself can choose to print out the Sharer's identity over the node's original owner. Then we stop mangling Node.User and let clients decide how they want to render things. To ease the migration for the Windows GUI (which currently operates on tailcfg.Node via the NetMap from WatchIPNBus, instead of PeerStatus), a new method Node.SharerOrUser is added to do the mapping of Sharer-else-User. Updates #1909 Updates tailscale/corp#1183 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6e57dee7eb	cmd/viewer, types/views, all: un-special case slice of netip.Prefix ... Make it just a views.Slice[netip.Prefix] instead of its own named type. Having the special case led to circular dependencies in another WIP PR of mine. Updates #8948 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Marwan Sulaiman	72d2122cad	cmd/tailscale: change serve and funnel calls to StatusWithoutPeers ... The tailscale serve|funnel commands frequently call the LocalBackend's Status but they never need the peers to be included. This PR changes the call to be StatusWithoutPeers which should gain a noticeable speed improvement Updates #8489 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	2 years ago
Brad Fitzpatrick	bc0eb6b914	all: import x/exp/maps as xmaps to distinguish from Go 1.21 "maps" ... Updates #8419 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	e8551d6b40	all: use Go 1.21 slices, maps instead of x/exp/{slices,maps} ... Updates #8419 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Sonia Appasamy	18280ebf7d	client/web: hook up data fetching to fill --dev React UI ... Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	f101a75dce	cmd/tailscale/cli: fix comment accuracy ... All exit nodes are shown under this subcommand. Updates tailscale/corp#13025 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Sonia Appasamy	1a64166073	cli/serve: add interactive flow for enabling HTTPS certs ... When trying to use serve with https, send users through https cert provisioning enablement before editing the ServeConfig. Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Sonia Appasamy	0052830c64	cli/serve: funnel interactive enablement flow tweaks ... 1. Add metrics to funnel flow. 2. Stop blocking users from turning off funnels when no longer in their node capabilities. 3. Rename LocalClient.IncrementMetric to IncrementCounter to better callout its usage is only for counter clientmetrics. Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Brad Fitzpatrick	a1b8d703d6	tstime/mono: remove unsafe ... This removes the unsafe/linkname and only uses the standard library. It's a bit slower, for now, but https://go.dev/cl/518336 should get us back. On darwin/arm64, without https://go.dev/cl/518336 pkg: tailscale.com/tstime/mono │ before │ after │ │ sec/op │ sec/op vs base │ MonoNow-8 16.20n ± 0% 19.75n ± 0% +21.92% (p=0.000 n=10) TimeNow-8 39.46n ± 0% 39.40n ± 0% -0.16% (p=0.002 n=10) geomean 25.28n 27.89n +10.33% And with it, MonoNow-8 16.34n ± 1% 16.93n ± 0% +3.67% (p=0.001 n=10) TimeNow-8 39.55n ± 15% 38.46n ± 1% -2.76% (p=0.000 n=10) geomean 25.42n 25.52n +0.41% Updates #8839 Updates tailscale/go#70 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
James Tucker	de8e55fda6	net/netcheck,wgengine/magicsock: reduce coupling between netcheck and magicsock ... Netcheck no longer performs I/O itself, instead it makes requests via SendPacket and expects users to route reply traffic to ReceiveSTUNPacket. Netcheck gains a Standalone function that stands up sockets and goroutines to implement I/O when used in a standalone fashion. Magicsock now unconditionally routes STUN traffic to the netcheck.Client that it hosts, and plumbs the send packet sink. The CLI is updated to make use of the Standalone mode. Fixes #8723 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Brad Fitzpatrick	92fc9a01fa	cmd/tailscale: add debug commands to break connections ... For testing reconnects. Updates tailscale/corp#5761 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Sonia Appasamy	16bc9350e3	client/web: add barebones vite dev setup ... Currently just serving a "Hello world" page when running the web cli in --dev mode. Updates tailscale/corp#13775 Co-authored-by: Will Norris <will@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Andrew Lytvynov	215480a022	cmd/tailscale/cli,clientupdate: extract new clientupdate package (#8827) ... Extract the self-update logic from cmd/tailscale/cli into a standalone package that could be used from tailscaled later. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Sonia Appasamy	2bc98abbd9	client/web: add web client Server struct ... Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Sonia Appasamy	7815fbe17a	tailscale/cli: add interactive flow for enabling Funnel ... Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Will Norris	f9066ac1f4	client/web: extract web client from cli package ... move the tailscale web client out of the cmd/tailscale/cli package, into a new client/web package. The remaining cli/web.go file is still responsible for parsing CLI flags and such, and then calls into client/web. This will allow the web client to be hooked into from other contexts (for example, from a tsnet server), and provide a dedicated space to add more functionality to this client. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Will Norris	69f1324c9e	cmd/tailscale: refactor shared utility methods ... Refactor two shared functions used by the tailscale cli, calcAdvertiseRoutes and licensesURL. These are used by the web client as well as other tailscale subcommands. The web client is being moved out of the cli package, so move these two functions to new locations. Updates tailscale/corp#13775 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Maisem Ali	682fd72f7b	util/testenv: add new package to hold InTest ... Removes duplicated code. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	6aaf1d48df	types/persist: drop duplicated Persist.LoginName ... It was duplicated from Persist.UserProfile.LoginName, drop it. Updates #7726 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
salman aljammaz	25a7204bb4	wgengine,ipn,cmd/tailscale: add size option to ping (#8739) ... This adds the capability to pad disco ping message payloads to reach a specified size. It also plumbs it through to the tailscale ping -size flag. Disco pings used for actual endpoint discovery do not use this yet. Updates #311. Signed-off-by: salman <salman@tailscale.com> Co-authored-by: Val <valerie@tailscale.com>	2 years ago
Claire Wang	a17c45fd6e	control: use tstime instead of time (#8595) ... Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Sonia Appasamy	301e59f398	tailcfg,ipn/localapi,client/tailscale: add QueryFeature endpoint ... Updates tailscale/corp#10577 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Andrew Lytvynov	f57cc19ba2	cmd/tailscale/cli: add latest version output to "tailscale version" (#8700) ... Add optional `--upstream` flag to `tailscale version` to fetch the latest upstream release version from `pkgs.tailscale.com`. This is useful to diagnose `tailscale update` behavior or write other tooling. Example output: $ tailscale version --upstream --json { "majorMinorPatch": "1.47.35", "short": "1.47.35", "long": "1.47.35-t6afffece8", "unstableBranch": true, "gitCommit": "6afffece8a32509aa7a4dc2972415ec58d8316de", "cap": 66, "upstream": "1.45.61" } Fixes #8669 RELNOTE=adds "tailscale version --upstream" Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Tom DNetto	767e839db5	all: implement lock revoke-keys command ... The revoke-keys command allows nodes with tailnet lock keys to collaborate to erase the use of a compromised key, and remove trust in it. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates ENG-1848	2 years ago
Aaron Klotz	7adf15f90e	cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support ... Previously, tailscale upgrade was doing the bare minimum for checking authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do better: * WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't determine *whose* signature is valid; tailscale upgrade should also ensure that the binary is actually signed *by us*. * I added the ability to check the signatures of MSI files. * In future PRs I will be adding diagnostic logging that lists details about every module (ie, DLL) loaded into our process. As part of that metadata, I want to be able to extract information about who signed the binaries. This code is modelled on some C++ I wrote for Firefox back in the day. See https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp for reference. Fixes #8284 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
David Anderson	52212f4323	all: update exp/slices and fix call sites ... slices.SortFunc suffered a late-in-cycle API breakage. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Claire Wang	90a7d3066c	derp: use tstime (#8634) ... Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	35bdbeda9f	cli: introduce exit-node subcommand to list and filter exit nodes ... This change introduces a new subcommand, `exit-node`, along with a subsubcommand of `list` and a `--filter` flag. Exit nodes without location data will continue to be displayed when `status` is used. Exit nodes with location data will only be displayed behind `exit-node list`, and in status if they are the active exit node. The `filter` flag can be used to filter exit nodes with location data by country. Exit nodes with Location.Priority data will have only the highest priority option for each country and city listed. For countries with multiple cities, a <Country> <Any> option will be displayed, indicating the highest priority node within that country. Updates tailscale/corp#13025 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Andrew Lytvynov	9edb848505	cmd/tailscale/cli: implement update on FreeBSD (#8710) ... Implement `tailscale update` on FreeBSD. This is much simpler than other platforms because `pkg rquery` lets us get the version in their repos without any extra parsing. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Lytvynov	306deea03a	cmd/tailscale/cli,version/distro: update support for Alpine (#8701) ... Similar to Arch support, use the latest version info from the official `apk` repo and don't offer explicit track or version switching. Add detection for Alpine Linux in version/distro along the way. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Lytvynov	894b237a70	cmd/tailscale/cli: implement update for dnf/yum-based distros (#8678) ... This is the Fedora family of distros, including CentOS, RHEL and others. Tested in `fedora:latest` and `centos:7` containers. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Brad Fitzpatrick	88cc0ad9f7	util/linuxfw: remove yet-unused code to fix linux/arm64 crash ... The util/linuxfw/iptables.go had a bunch of code that wasn't yet used (in prep for future work) but because of its imports, ended up initializing code deep within gvisor that panicked on init on arm64 systems not using 4KB pages. This deletes the unused code to delete the imports and remove the panic. We can then cherry-pick this back to the branch and restore it later in a different way. A new test makes sure we don't regress in the future by depending on the panicking package in question. Fixes #8658 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Chris Palmer	32d486e2bf	cmd/tailscale/cli: ensure custom UsageFunc is always set (#8665) ... Updates #6995 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	2 years ago
Chris Palmer	3c53bedbbf	cmd/tailscale/cli: limit Darwin-only option to Darwin (#8657)	2 years ago
Andrew Lytvynov	efd6d90dd7	cmd/tailscale/cli: implement update for arch-based distros (#8655) ... Arch version of tailscale is not maintained by us, but is generally up-to-date with our releases. Therefore "tailscale update" is just a thin wrapper around "pacman -Sy tailscale" with different flags. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Chris Palmer	3f6b0d8c84	cmd/tailscale/cli: make `tailscale update` query `softwareupdate` (#8641) ... * cmd/tailscale/cli: make `tailscale update` query `softwareupdate` Even on macOS when Tailscale was installed via the App Store, we can check for and even install new versions if people ask explicitly. Also, warn if App Store AutoUpdate is not turned on. Updates #6995	2 years ago
Tom DNetto	abcb7ec1ce	cmd/tailscale: warn if node is locked out on bringup ... Updates https://github.com/tailscale/corp/issues/12718 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Will Norris	f8b0caa8c2	serve: fix hostname for custom http ports ... When using a custom http port like 8080, this was resulting in a constructed hostname of `host.tailnet.ts.net:8080.tailnet.ts.net` when looking up the serve handler. Instead, strip off the port before adding the MagicDNS suffix. Also use the actual hostname in `serve status` rather than the literal string "host". Fixes #8635 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Andrew Lytvynov	7a82fd8dbe	ipn/ipnlocal: add optional support for ACME Renewal Info (ARI) (#8599)	2 years ago
Denton Gentry	4f95b6966b	cmd/tailscale: remove TS_EXPERIMENT_OAUTH_AUTHKEY guardrail ... We've had support for OAuth client keys in `--authkey=...` for several releases, and we're using it in https://github.com/tailscale/github-action Remove the TS_EXPERIMENT_* guardrail, it is fully supported now. Fixes https://github.com/tailscale/tailscale/issues/8403 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	2 years ago
Andrew Dunham	a7648a6723	net/dnsfallback: run recursive resolver and compare results ... When performing a fallback DNS query, run the recursive resolver in a separate goroutine and compare the results returned by the recursive resolver with the results we get from "regular" bootstrap DNS. This will allow us to gather data about whether the recursive DNS resolver works better, worse, or about the same as "regular" bootstrap DNS. Updates #5853 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ifa0b0cc9eeb0dccd6f7a3d91675fe44b3b34bd48	2 years ago
Maisem Ali	2e19790f61	types/views: add JSON marshal/unmarshal and AsMap to Map ... This allows cloning a Map as well as marshaling the Map as JSON. Updates tailscale/corp#12754 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Tom DNetto	97ee0bc685	cmd/tailscale: improve error message when signing without a tailnet lock key ... Updates #8568 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Andrew Dunham	ab310a7f60	derp: use new net/tcpinfo package ... Updates #8413 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8bf8046517195a6d42cabb32d6ec7f1f79cef860	2 years ago
KevinLiang10	243ce6ccc1	util/linuxfw: decoupling IPTables logic from linux router ... This change is introducing new netfilterRunner interface and moving iptables manipulation to a lower leveled iptables runner. For #391 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	2 years ago
phirework	fbacc0bd39	go.toolchain: switch to tailscale.go1.21 (#8415) ... Updates #8419 Signed-off-by: Jenny Zhang <jz@tailscale.com>	2 years ago
shayne	6697690b55	{cmd/tailscale/cli,ipn}: add http support to tailscale serve (#8358) ... Updates #8357 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Graham Christensen	4dda949760	tailscale ping: note that `-c` can take 0 for infinity ... Signed-off-by: Graham Christensen <graham@grahamc.com>	3 years ago
Brad Fitzpatrick	67e912824a	all: adjust some build tags for wasi ... A start. Updates #8320 Change-Id: I64057f977be51ba63ce635c56d67de7ecec415d1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	eefee6f149	all: use cmpx.Or where it made sense ... I left a few out where writing it explicitly was better for various reasons. Updates #8296 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Derek Kaser	7c88eeba86	cmd/tailscale: allow Tailscale to work with Unraid web interface (#8062) ... Updates tailscale/tailscale#8026 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	3 years ago
Sonia Appasamy	f0ee03dfaf	cmd/tailscale/cli: [serve] add reset flag ... Usage: `tailscale serve reset` Fixes #8139 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	3 years ago
Brad Fitzpatrick	4664318be2	client/tailscale: revert CreateKey API change, add Client.CreateKeyWithExpiry ... The client/tailscale is a stable-ish API we try not to break. Revert the Client.CreateKey method as it was and add a new CreateKeyWithExpiry method to do the new thing. And document the expiry field and enforce that the time.Duration can't be between in range greater than 0 and less than a second. Updates #7143 Updates #8124 (reverts it, effectively) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
shayne	678bb92bb8	cmd/tailscale/cli: [up] fix CreateKey missing argument (#8124) ... Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Derek Kaser	0d7303b798	various: add detection and Taildrop for Unraid ... Updates tailscale/tailscale#8025 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	3 years ago
Brad Fitzpatrick	9e9ea6e974	go.mod: bump all deps possible that don't break the build ... This holds back gvisor, kubernetes, goreleaser, and esbuild, which all had breaking API changes. Updates #8043 Updates #7381 Updates #8042 (updates u-root which adds deps) Change-Id: I889759bea057cd3963037d41f608c99eb7466a5b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Charlotte Brandhorst-Satzkorn	161d1d281a	net/ping,netcheck: add v6 pinging capabilities to pinger (#7971) ... This change adds a v6conn to the pinger to enable sending pings to v6 addrs. Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	3 years ago
Maisem Ali	a8f10c23b2	cmd/tailscale/cli: [up] reuse --advertise-tags for OAuth key generation ... We need to always specify tags when creating an AuthKey from an OAuth key. Check for that, and reuse the `--advertise-tags` param. Updates #7982 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	b2b5379348	cmd/tailscale/cli: [up] change oauth authkey format ... Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	13de36303d	cmd/tailscale/cli: [up] add experimental oauth2 authkey support ... Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
shayne	018a382729	cmd/tailscale/cli: [serve] fix MinGW path conversion (#7964) ... Fixes #7963 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Mihai Parparita	7330aa593e	all: avoid repeated default interface lookups ... On some platforms (notably macOS and iOS) we look up the default interface to bind outgoing connections to. This is both duplicated work and results in logspam when the default interface is not available (i.e. when a phone has no connectivity, we log an error and thus cause more things that we will try to upload and fail). Fixed by passing around a netmon.Monitor to more places, so that we can use its cached interface state. Fixes #7850 Updates #7621 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Mihai Parparita	4722f7e322	all: move network monitoring from wgengine/monitor to net/netmon ... We're using it in more and more places, and it's not really specific to our use of Wireguard (and does more just link/interface monitoring). Also removes the separate interface we had for it in sockstats -- it's a small enough package (we already pull in all of its dependencies via other paths) that it's not worth the extra complexity. Updates #7621 Updates #7850 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Andrew Dunham	f85dc6f97c	ci: add more lints (#7909) ... This is a follow-up to #7905 that adds two more linters and fixes the corresponding findings. As per the previous PR, this only flags things that are "obviously" wrong, and fixes the issues found. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8739bdb7bc4f75666a7385a7a26d56ec13741b7c	3 years ago
Andrew Dunham	228d0c6aea	net/netcheck: use dnscache.Resolver when resolving DERP IPs ... This also adds a bunch of tests for this function to ensure that we're returning the proper IP(s) in all cases. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0d9d57170dbab5f2bf07abdf78ecd17e0e635399	3 years ago
Tom DNetto	6a627e5a33	net, wgengine/capture: encode NAT addresses in pcap stream ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
phirework	c0e0a5458f	cmd/tailscale: show reauth etc. links even if no login name (#7803) ... Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 years ago
shayne	81fd00a6b7	cmd/tailscale/cli: [serve] add support for proxy paths (#7800)	3 years ago
shayne	59879e5770	cmd/tailscale/cli: make serve and funnel visible in list (#7737)	3 years ago
Anton Tolchanov	2a933c1903	cmd/tailscale: extend hostname validation (#7678) ... In addition to checking the total hostname length, validate characters used in each DNS label and label length. Updates https://github.com/tailscale/corp/issues/10012 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	3 years ago
shayne	43f7ec48ca	funnel: change references from alpha to beta (#7613) ... Updates CLI and docs to reference Funnel as beta Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
valscale	74eb99aed1	derp, derphttp, magicsock: send new unknown peer frame when destination is unknown (#7552) ... * wgengine/magicsock: add envknob to send CallMeMaybe to non-existent peer For testing older client version responses to the PeerGone packet format change. Updates #4326 Signed-off-by: Val <valerie@tailscale.com> * derp: remove dead sclient struct member replaceLimiter Leftover from an previous solution to the duplicate client problem. Updates #2751 Signed-off-by: Val <valerie@tailscale.com> * derp, derp/derphttp, wgengine/magicsock: add new PeerGone message type Not Here Extend the PeerGone message type by adding a reason byte. Send a PeerGone "Not Here" message when an endpoint sends a disco message to a peer that this server has no record of. Fixes #4326 Signed-off-by: Val <valerie@tailscale.com> --------- Signed-off-by: Val <valerie@tailscale.com>	3 years ago
Tom DNetto	60cd4ac08d	cmd/tailscale/cli: move tskey-wrap functionality under lock sign ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Mihai Parparita	e1fb687104	cmd/tailscale/cli: fix inconsistency between serve text and example command ... Use the same local port number in both, and be more precise about what is being forwarded Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
James 'zofrex' Sanderson	9534783758	tailscale/cmd: Warn for up --force-reauth over SSH without accepting the risk (#7575) ... Fixes #6377 Signed-off-by: James Sanderson <jsanderson@tailscale.com>	3 years ago
shayne	2b892ad6e7	cmd/tailscale/cli: [serve] rework commands based on feedback (#6521) ... ``` $ tailscale serve https:<port> <mount-point> <source> [off] $ tailscale serve tcp:<port> tcp://localhost:<local-port> [off] $ tailscale serve tls-terminated-tcp:<port> tcp://localhost:<local-port> [off] $ tailscale serve status [--json] $ tailscale funnel <serve-port> {on|off} $ tailscale funnel status [--json] ``` Fixes: #6674 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Maisem Ali	5e8a80b845	all: replace /kb/ links with /s/ equivalents ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	09aed46d44	cmd/tailscale/cli: update docs and unhide configure ... Also call out Alpha. Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	3ff44b2307	ipn: add Funnel port check from nodeAttr ... Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	ccdd534e81	tsnet: add ListenFunnel ... This lets a tsnet binary share a server out over Tailscale Funnel. Signed-off-by: David Crawshaw <crawshaw@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Tom DNetto	92fc243755	cmd/tailscale: annotate tailnet-lock keys which wrap pre-auth keys ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Tom DNetto	3471fbf8dc	cmd/tailscale: surface node-key for locked out tailnet-lock peers ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Tom DNetto	ce99474317	all: implement preauth-key support with tailnet lock ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Andrew Dunham	be107f92d3	wgengine/magicsock: track per-endpoint changes in ringbuffer ... This change adds a ringbuffer to each magicsock endpoint that keeps a fixed set of "changes"–debug information about what updates have been made to that endpoint. Additionally, this adds a LocalAPI endpoint and associated "debug peer-status" CLI subcommand to fetch the set of changes for a given IP or hostname. Updates tailscale/corp#9364 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I34f726a71bddd0dfa36ec05ebafffb24f6e0516a	3 years ago
Maisem Ali	b9ebf7cf14	tstest: add method to Replace values for tests ... We have many function pointers that we replace for the duration of test and restore it on test completion, add method to do that. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Andrew Dunham	73fa7dd7af	util/slicesx: add package for generic slice functions, use ... Now that we're using rand.Shuffle in a few locations, create a generic shuffle function and use it instead. While we're at it, move the interleaveSlices function to the same package for use. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0b00920e5b3eea846b6cedc30bd34d978a049fd3	3 years ago
Tom DNetto	e2d652ec4d	ipn,cmd/tailscale: implement resigning nodes on tka key removal ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Andrew Dunham	3f8e8b04fd	cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI ... The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it to the 'tailscale debug' CLI that is available on all platforms instead, accessed over LocalAPI. Updates #7377 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I47bffe4461e036fab577c2e51e173f4003592ff7	3 years ago
Mihai Parparita	3e71e0ef68	net/sockstats: remove explicit dependency on wgengine/monitor ... Followup to #7177 to avoid adding extra dependencies to the CLI. We instead declare an interface for the link monitor. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Denton Gentry	51288221ce	cmd/tailscale: use request Schema+Host for QNAP authLogin.cgi ... QNAP allows users to set the port number for the management WebUI, which includes authLogin.cgi. If they do, then connecting to localhost:8080 fails. https://github.com/tailscale/tailscale-qpkg/issues/74#issuecomment-1407486911 Fixes https://github.com/tailscale/tailscale/issues/7108 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Aaron Klotz	f18beaa1e4	cmd/mkmanifest, cmd/tailscale, cmd/tailscaled: remove Windows arm32 resources from OSS ... Given recent changes in corp, I originally thought we could remove all of the syso files, but then I realized that we still need them so that binaries built purely from OSS (without going through corp) will still receive a manifest. We can remove the arm32 one though, since we don't support 32-bit ARM on Windows. Updates https://github.com/tailscale/corp/issues/9576 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Mihai Parparita	9cb332f0e2	sockstats: instrument networking code paths ... Uses the hooks added by tailscale/go#45 to instrument the reads and writes on the major code paths that do network I/O in the client. The convention is to use "<package>.<type>:<label>" as the annotation for the responsible code path. Enabled on iOS, macOS and Android only, since mobile platforms are the ones we're most interested in, and we are less sensitive to any throughput degradation due to the per-I/O callback overhead (macOS is also enabled for ease of testing during development). For now just exposed as counters on a /v0/sockstats PeerAPI endpoint. We also keep track of the current interface so that we can break out the stats by interface. Updates tailscale/corp#9230 Updates #3363 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Sonia Appasamy	0c1510739c	cmd/tailscale/cli: update device authorization copy ... "Device Authorization" was recently renamed to "Device Approval" on the control side. This change updates the linux cli to match. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	3 years ago
Jordan Whited	d4122c9f0a	cmd/tailscale/cli: fix TestUpdatePrefs over Tailscale SSH (#7374) ... Fixes #7373 Signed-off-by: Jordan Whited <jordan@tailscale.com>	3 years ago
Maisem Ali	d811c5a7f0	cmd/tailscale/cli: handle home dir correctly on macOS for kubeconfig ... This ensures that we put the kubeconfig in the correct directory from within the macOS Sandbox when paired with tailscale/corp@3035ef7 Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	c01c84ea8e	cmd/tailscale/cli: add "configure kubeconfig" subcommand ... It takes in a node hostname and configures the local kubeconfig file to point to that. Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	181a3da513	cmd/tailscale/cli: add a hidden configure subcommand ... Also make `tailscale configure-host` an alias to `tailscale configure synology` Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Jenny Zhang	fe5558094c	cmd/tailscale/cli: add logout and debug info to web ... Fixes #7238 Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 years ago
David Anderson	70a2929a12	version: make all exported funcs compile-time constant or lazy ... Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	8b2ae47c31	version: unexport all vars, turn Short/Long into funcs ... The other formerly exported values aren't used outside the package, so just unexport them. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Tom DNetto	99b9d7a621	all: implement pcap streaming for datapath debugging ... Updates: tailscale/corp#8470 Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	03645f0c27	net/{netns,netstat}: use new x/sys/cpu.IsBigEndian ... See golang/go#57237 Change-Id: If47ab6de7c1610998a5808e945c4177c561eab45 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Andrew Dunham	2755f3843c	health, net/tlsdial: add healthcheck for self-signed cert ... When we make a connection to a server, we previously would verify with the system roots, and then fall back to verifying with our baked-in Let's Encrypt root if the system root cert verification failed. We now explicitly check for, and log a health error on, self-signed certificates. Additionally, we now always verify against our baked-in Let's Encrypt root certificate and log an error if that isn't successful. We don't consider this a health failure, since if we ever change our server certificate issuer in the future older non-updated versions of Tailscale will no longer be healthy despite being able to connect. Updates #3198 Change-Id: I00be5ceb8afee544ee795e3c7a2815476abc4abf Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	3 years ago
Brad Fitzpatrick	b1248442c3	all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork ... Updates #7123 Updates #5309 Change-Id: I90bcd87a2fb85a91834a0dd4be6e03db08438672 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ca45fe2d46	cmd/tailscale/cli: delete ActLikeCLI ... It's since been rewritten in Swift. #cleanup Change-Id: I0860d681e8728697804ce565f63c5613b8b1088c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Will Norris	71029cea2d	all: update copyright and license headers ... This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com>	3 years ago
Brad Fitzpatrick	a1b4ab34e6	util/httpm: add new package for prettier HTTP method constants ... See package doc. Change-Id: Ibbfc8e1f98294217c56f3a9452bd93ffa3103572 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
phirework	2d29f77b24	cmd/tailscale/cli: fix TUNmode display on synology web page (#7064) ... Fixes #7059 Signed-off-by: Jenny Zhang <jz@tailscale.com> Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 years ago
Brad Fitzpatrick	c8db70fd73	cmd/tailscale/cli: add debug set-expire command for testing ... Updates tailscale/corp#8811 Updates tailscale/corp#8613 Change-Id: I1c87806ca3ccc5c43e7ddbd6b4d521f73f7d29f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	06fff461dc	ipn/ipnstate: add PeerStatus.KeyExpiry for tailscale status --json ... Fixes #6712 Change-Id: I817cd5342fac8a956fcefda2d63158fa488f3395 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	fd92fbd69e	cmd/tailscale/cli: only give systemctl hint on systemd systems ... Per recent user confusion on a QNAP issue. Change-Id: Ibda00013df793fb831f4088b40be8a04dfad17c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ba5aa2c486	version, cmd/tailscale: add version.Meta, tailscale version --json ... Add `tailscale version --json` JSON output mode. This will be used later for a double-opt-in (per node consent like Tailscale SSH + control config) to let admins do remote upgrades via `tailscale update` via a c2n call, which would then need to verify the cmd/tailscale found on disk for running tailscale update corresponds to the running tailscaled, refusing if anything looks amiss. Plus JSON output modes are just nice to have, rather than parsing unstable/fragile/obscure text formats. Updates #6995 Updates #6907 Change-Id: I7821ab7fbea4612f4b9b7bdc1be1ad1095aca71b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	5ca22a0068	cmd/tailscale/cli: make 'tailscale update' support Debian/Ubuntu apt ... Updates #6995 Change-Id: I3355435db583755e0fc73d76347f6423b8939dfb Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
shayne	73399f784b	cmd/tailscale/cli: use mock impl of LocalClient for serve cmd (#6422) ... Create an interface and mock implementation of tailscale.LocalClient for serve command tests. Updates #6304 Closes #6372 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Brad Fitzpatrick	c129bf1da1	cmd/tailscale/cli: un-alpha login+switch in ShortUsage docs ... Change-Id: I580d4417cf03833dfa8f6a295fb416faa667c477 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	71a7b8581d	cmd/tailscale/cli: make "update" work on Windows ... Updates #6995 Co-authored-by: Aaron Klotz <aaron@tailscale.com> Change-Id: I16622f43156a70b6fbc8205239fd489d7378d57b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Tom DNetto	ee6d18e35f	cmd/tailscale/cli: implement --json for lock status and lock log cmds ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	b657187a69	cmd/tailscale, logtail: add 'tailscale debug daemon-logs' logtail mechanism ... Fixes #6836 Change-Id: Ia6eb39ff8972e1aa149aeeb63844a97497c2cf04 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d9144c73a8	cmd/tailscale: add start of "tailscale update" command ... Goal: one way for users to update Tailscale, downgrade, switch tracks, regardless of platform (Windows, most Linux distros, macOS, Synology). This is a start. Updates #755, etc Change-Id: I23466da1ba41b45f0029ca79a17f5796c2eedd92 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
phirework	f011a0923a	cmd/tailscale/cli: style synology outgoing access info (#6959) ... Follow-up to #6957. Updates #4015 Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 years ago
Brad Fitzpatrick	5eded58924	cmd/tailscale/cli: make web show/link Synology outgoing connection mode/docs ... Fixes #4015 Change-Id: I8230bb0cc3d621b6fa02ab2462cea104fa1e9cf9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	61dfbc0a6e	cmd/tailscale/cli: plumb TUN mode into tailscale web template ... UI works remains, but data is there now. Updates #4015 Change-Id: Ib91e94718b655ad60a63596e59468f3b3b102306 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
salman	8a1201ac42	cmd/tailscale: correct order for -terminate-tls flag in serve tcp usage ... The -terminate-tls flag is for the tcp subsubcommand, not the serve subcommand like the usage example suggests. Signed-off-by: salman <salman@tailscale.com>	3 years ago
Denton Gentry	22ebb25e83	cmd/tailscale: disable HTTPS verification for QNAP auth. ... QNAP's "Force HTTPS" mode redirects even localhost HTTP to HTTPS, but uses a self-signed certificate which fails verification. We accommodate this by disabling checking of the cert. Fixes https://github.com/tailscale/tailscale/issues/6903 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Tom DNetto	907f85cd67	cmd/tailscale,tka: make KeyID return an error instead of panicking ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Tom DNetto	8724aa254f	cmd/tailscale,tka: implement compat for TKA messages, minor UX tweaks ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
David Anderson	91e64ca74f	cmd/tailscale/cli: redact private key in debug netmap output by default ... This makes `tailscale debug watch-ipn` safe to use for troubleshooting user issues, in addition to local debugging during development. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Denton Gentry	467ace7d0c	cmd/tailscale: use localhost for QNAP authLogin.cgi ... When the user clicks on the Tailscale app in the QNAP App Center, we do a GET from /cgi-bin/authLogin.cgi to look up their SID. If the user clicked "secure login" on the QNAP login page to use HTTPS, then our access to authLogin.cgi will also use HTTPS but the certiciate is self-signed. Our GET fails with: Get "https://10.1.10.41/cgi-bin/authLogin.cgi?sid=abcd0123": x509: cannot validate certificate for 10.1.10.41 because it doesn't contain any IP SANs or similar errors. Instead, access QNAP authentication via http://localhost:8080/ as documented in https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf Fixes https://github.com/tailscale/tailscale-qpkg/issues/62 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Brad Fitzpatrick	8aac77aa19	cmd/tailscale: fix "up" warning about netfilter-mode on Synology ... Fixes #6811 Change-Id: Ia43723e6ebedc9b01729897cec271c462b16e9ae Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	a06217a8bd	cmd/tailscale/cli: hide Windows named pipe default name in flag help ... It's long & distracting for how low value it is. Fixes #6766 Change-Id: I51364f25c0088d9e63deb9f692ba44031f12251b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ca08e316af	util/endian: delete package; use updated josharian/native instead ... See josharian/native#3 Updates golang/go#57237 Change-Id: I238c04c6654e5b9e7d9cfb81a7bbc5e1043a84a2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
shayne	9d335aabb2	cmd/tailscale/cli: [ssh] fix typo in help text (#6694) ... arugments => arguments Signed-off-by: shayne <79330+shayne@users.noreply.github.com>	3 years ago
Walter Poupore	383e203fd2	cmd/tailscale/cli: update lock status help strings (#6675) ... Signed-off-by: Walter Poupore <walterp@tailscale.com> Signed-off-by: Walter Poupore <walterp@tailscale.com>	3 years ago
James Tucker	389238fe4a	cmd/tailscale/cli: add workaround for improper named socket quoting in ssh command ... This avoids the issue in the common case where the socket path is the default path, avoiding the immediate need for a Windows shell quote implementation. Updates #6639 Signed-off-by: James Tucker <james@tailscale.com>	3 years ago
Tom DNetto	e27f4f022e	cmd/tailscale/cli: add progress to tailscale file cp ... Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago