tailscale

Commit Graph

Author	SHA1	Message	Date
Chris Palmer	3f6b0d8c84	cmd/tailscale/cli: make `tailscale update` query `softwareupdate` (#8641 ) * cmd/tailscale/cli: make `tailscale update` query `softwareupdate` Even on macOS when Tailscale was installed via the App Store, we can check for and even install new versions if people ask explicitly. Also, warn if App Store AutoUpdate is not turned on. Updates #6995	2 years ago
Tom DNetto	abcb7ec1ce	cmd/tailscale: warn if node is locked out on bringup Updates https://github.com/tailscale/corp/issues/12718 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Will Norris	f8b0caa8c2	serve: fix hostname for custom http ports When using a custom http port like 8080, this was resulting in a constructed hostname of `host.tailnet.ts.net:8080.tailnet.ts.net` when looking up the serve handler. Instead, strip off the port before adding the MagicDNS suffix. Also use the actual hostname in `serve status` rather than the literal string "host". Fixes #8635 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Andrew Lytvynov	7a82fd8dbe	ipn/ipnlocal: add optional support for ACME Renewal Info (ARI) (#8599 )	2 years ago
Denton Gentry	4f95b6966b	cmd/tailscale: remove TS_EXPERIMENT_OAUTH_AUTHKEY guardrail We've had support for OAuth client keys in `--authkey=...` for several releases, and we're using it in https://github.com/tailscale/github-action Remove the TS_EXPERIMENT_* guardrail, it is fully supported now. Fixes https://github.com/tailscale/tailscale/issues/8403 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	2 years ago
Andrew Dunham	a7648a6723	net/dnsfallback: run recursive resolver and compare results When performing a fallback DNS query, run the recursive resolver in a separate goroutine and compare the results returned by the recursive resolver with the results we get from "regular" bootstrap DNS. This will allow us to gather data about whether the recursive DNS resolver works better, worse, or about the same as "regular" bootstrap DNS. Updates #5853 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ifa0b0cc9eeb0dccd6f7a3d91675fe44b3b34bd48	2 years ago
Maisem Ali	2e19790f61	types/views: add JSON marshal/unmarshal and AsMap to Map This allows cloning a Map as well as marshaling the Map as JSON. Updates tailscale/corp#12754 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Tom DNetto	97ee0bc685	cmd/tailscale: improve error message when signing without a tailnet lock key Updates #8568 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Andrew Dunham	ab310a7f60	derp: use new net/tcpinfo package Updates #8413 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8bf8046517195a6d42cabb32d6ec7f1f79cef860	2 years ago
KevinLiang10	243ce6ccc1	util/linuxfw: decoupling IPTables logic from linux router This change is introducing new netfilterRunner interface and moving iptables manipulation to a lower leveled iptables runner. For #391 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	2 years ago
phirework	fbacc0bd39	go.toolchain: switch to tailscale.go1.21 (#8415 ) Updates #8419 Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 years ago
shayne	6697690b55	{cmd/tailscale/cli,ipn}: add http support to tailscale serve (#8358 ) Updates #8357 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Graham Christensen	4dda949760	tailscale ping: note that `-c` can take 0 for infinity Signed-off-by: Graham Christensen <graham@grahamc.com>	3 years ago
Brad Fitzpatrick	67e912824a	all: adjust some build tags for wasi A start. Updates #8320 Change-Id: I64057f977be51ba63ce635c56d67de7ecec415d1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	eefee6f149	all: use cmpx.Or where it made sense I left a few out where writing it explicitly was better for various reasons. Updates #8296 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Derek Kaser	7c88eeba86	cmd/tailscale: allow Tailscale to work with Unraid web interface (#8062 ) Updates tailscale/tailscale#8026 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	3 years ago
Sonia Appasamy	f0ee03dfaf	cmd/tailscale/cli: [serve] add reset flag Usage: `tailscale serve reset` Fixes #8139 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	3 years ago
Brad Fitzpatrick	4664318be2	client/tailscale: revert CreateKey API change, add Client.CreateKeyWithExpiry The client/tailscale is a stable-ish API we try not to break. Revert the Client.CreateKey method as it was and add a new CreateKeyWithExpiry method to do the new thing. And document the expiry field and enforce that the time.Duration can't be between in range greater than 0 and less than a second. Updates #7143 Updates #8124 (reverts it, effectively) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
shayne	678bb92bb8	cmd/tailscale/cli: [up] fix CreateKey missing argument (#8124 ) Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Derek Kaser	0d7303b798	various: add detection and Taildrop for Unraid Updates tailscale/tailscale#8025 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	3 years ago
Brad Fitzpatrick	9e9ea6e974	go.mod: bump all deps possible that don't break the build This holds back gvisor, kubernetes, goreleaser, and esbuild, which all had breaking API changes. Updates #8043 Updates #7381 Updates #8042 (updates u-root which adds deps) Change-Id: I889759bea057cd3963037d41f608c99eb7466a5b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Charlotte Brandhorst-Satzkorn	161d1d281a	net/ping,netcheck: add v6 pinging capabilities to pinger (#7971 ) This change adds a v6conn to the pinger to enable sending pings to v6 addrs. Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	3 years ago
Maisem Ali	a8f10c23b2	cmd/tailscale/cli: [up] reuse --advertise-tags for OAuth key generation We need to always specify tags when creating an AuthKey from an OAuth key. Check for that, and reuse the `--advertise-tags` param. Updates #7982 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	b2b5379348	cmd/tailscale/cli: [up] change oauth authkey format Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	13de36303d	cmd/tailscale/cli: [up] add experimental oauth2 authkey support Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
shayne	018a382729	cmd/tailscale/cli: [serve] fix MinGW path conversion (#7964 ) Fixes #7963 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Mihai Parparita	7330aa593e	all: avoid repeated default interface lookups On some platforms (notably macOS and iOS) we look up the default interface to bind outgoing connections to. This is both duplicated work and results in logspam when the default interface is not available (i.e. when a phone has no connectivity, we log an error and thus cause more things that we will try to upload and fail). Fixed by passing around a netmon.Monitor to more places, so that we can use its cached interface state. Fixes #7850 Updates #7621 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Mihai Parparita	4722f7e322	all: move network monitoring from wgengine/monitor to net/netmon We're using it in more and more places, and it's not really specific to our use of Wireguard (and does more just link/interface monitoring). Also removes the separate interface we had for it in sockstats -- it's a small enough package (we already pull in all of its dependencies via other paths) that it's not worth the extra complexity. Updates #7621 Updates #7850 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Andrew Dunham	f85dc6f97c	ci: add more lints (#7909 ) This is a follow-up to #7905 that adds two more linters and fixes the corresponding findings. As per the previous PR, this only flags things that are "obviously" wrong, and fixes the issues found. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8739bdb7bc4f75666a7385a7a26d56ec13741b7c	3 years ago
Andrew Dunham	228d0c6aea	net/netcheck: use dnscache.Resolver when resolving DERP IPs This also adds a bunch of tests for this function to ensure that we're returning the proper IP(s) in all cases. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0d9d57170dbab5f2bf07abdf78ecd17e0e635399	3 years ago
Tom DNetto	6a627e5a33	net, wgengine/capture: encode NAT addresses in pcap stream Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
phirework	c0e0a5458f	cmd/tailscale: show reauth etc. links even if no login name (#7803 ) Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 years ago
shayne	81fd00a6b7	cmd/tailscale/cli: [serve] add support for proxy paths (#7800 )	3 years ago
shayne	59879e5770	cmd/tailscale/cli: make serve and funnel visible in list (#7737 )	3 years ago
Anton Tolchanov	2a933c1903	cmd/tailscale: extend hostname validation (#7678 ) In addition to checking the total hostname length, validate characters used in each DNS label and label length. Updates https://github.com/tailscale/corp/issues/10012 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	3 years ago
shayne	43f7ec48ca	funnel: change references from alpha to beta (#7613 ) Updates CLI and docs to reference Funnel as beta Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
valscale	74eb99aed1	derp, derphttp, magicsock: send new unknown peer frame when destination is unknown (#7552 ) * wgengine/magicsock: add envknob to send CallMeMaybe to non-existent peer For testing older client version responses to the PeerGone packet format change. Updates #4326 Signed-off-by: Val <valerie@tailscale.com> * derp: remove dead sclient struct member replaceLimiter Leftover from an previous solution to the duplicate client problem. Updates #2751 Signed-off-by: Val <valerie@tailscale.com> * derp, derp/derphttp, wgengine/magicsock: add new PeerGone message type Not Here Extend the PeerGone message type by adding a reason byte. Send a PeerGone "Not Here" message when an endpoint sends a disco message to a peer that this server has no record of. Fixes #4326 Signed-off-by: Val <valerie@tailscale.com> --------- Signed-off-by: Val <valerie@tailscale.com>	3 years ago
Tom DNetto	60cd4ac08d	cmd/tailscale/cli: move tskey-wrap functionality under lock sign Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Mihai Parparita	e1fb687104	cmd/tailscale/cli: fix inconsistency between serve text and example command Use the same local port number in both, and be more precise about what is being forwarded Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
James 'zofrex' Sanderson	9534783758	tailscale/cmd: Warn for up --force-reauth over SSH without accepting the risk (#7575 ) Fixes #6377 Signed-off-by: James Sanderson <jsanderson@tailscale.com>	3 years ago
shayne	2b892ad6e7	cmd/tailscale/cli: [serve] rework commands based on feedback (#6521 ) ``` $ tailscale serve https:<port> <mount-point> <source> [off] $ tailscale serve tcp:<port> tcp://localhost:<local-port> [off] $ tailscale serve tls-terminated-tcp:<port> tcp://localhost:<local-port> [off] $ tailscale serve status [--json] $ tailscale funnel <serve-port> {on\|off} $ tailscale funnel status [--json] ``` Fixes: #6674 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Maisem Ali	5e8a80b845	all: replace /kb/ links with /s/ equivalents Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	09aed46d44	cmd/tailscale/cli: update docs and unhide configure Also call out Alpha. Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	3ff44b2307	ipn: add Funnel port check from nodeAttr Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	ccdd534e81	tsnet: add ListenFunnel This lets a tsnet binary share a server out over Tailscale Funnel. Signed-off-by: David Crawshaw <crawshaw@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Tom DNetto	92fc243755	cmd/tailscale: annotate tailnet-lock keys which wrap pre-auth keys Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Tom DNetto	3471fbf8dc	cmd/tailscale: surface node-key for locked out tailnet-lock peers Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Tom DNetto	ce99474317	all: implement preauth-key support with tailnet lock Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Andrew Dunham	be107f92d3	wgengine/magicsock: track per-endpoint changes in ringbuffer This change adds a ringbuffer to each magicsock endpoint that keeps a fixed set of "changes"–debug information about what updates have been made to that endpoint. Additionally, this adds a LocalAPI endpoint and associated "debug peer-status" CLI subcommand to fetch the set of changes for a given IP or hostname. Updates tailscale/corp#9364 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I34f726a71bddd0dfa36ec05ebafffb24f6e0516a	3 years ago
Maisem Ali	b9ebf7cf14	tstest: add method to Replace values for tests We have many function pointers that we replace for the duration of test and restore it on test completion, add method to do that. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Andrew Dunham	73fa7dd7af	util/slicesx: add package for generic slice functions, use Now that we're using rand.Shuffle in a few locations, create a generic shuffle function and use it instead. While we're at it, move the interleaveSlices function to the same package for use. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0b00920e5b3eea846b6cedc30bd34d978a049fd3	3 years ago
Tom DNetto	e2d652ec4d	ipn,cmd/tailscale: implement resigning nodes on tka key removal Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Andrew Dunham	3f8e8b04fd	cmd/tailscale, cmd/tailscaled: move portmapper debugging into tailscale CLI The debug flag on tailscaled isn't available in the macOS App Store build, since we don't have a tailscaled binary; move it to the 'tailscale debug' CLI that is available on all platforms instead, accessed over LocalAPI. Updates #7377 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I47bffe4461e036fab577c2e51e173f4003592ff7	3 years ago
Mihai Parparita	3e71e0ef68	net/sockstats: remove explicit dependency on wgengine/monitor Followup to #7177 to avoid adding extra dependencies to the CLI. We instead declare an interface for the link monitor. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Denton Gentry	51288221ce	cmd/tailscale: use request Schema+Host for QNAP authLogin.cgi QNAP allows users to set the port number for the management WebUI, which includes authLogin.cgi. If they do, then connecting to localhost:8080 fails. https://github.com/tailscale/tailscale-qpkg/issues/74#issuecomment-1407486911 Fixes https://github.com/tailscale/tailscale/issues/7108 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Aaron Klotz	f18beaa1e4	cmd/mkmanifest, cmd/tailscale, cmd/tailscaled: remove Windows arm32 resources from OSS Given recent changes in corp, I originally thought we could remove all of the syso files, but then I realized that we still need them so that binaries built purely from OSS (without going through corp) will still receive a manifest. We can remove the arm32 one though, since we don't support 32-bit ARM on Windows. Updates https://github.com/tailscale/corp/issues/9576 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Mihai Parparita	9cb332f0e2	sockstats: instrument networking code paths Uses the hooks added by tailscale/go#45 to instrument the reads and writes on the major code paths that do network I/O in the client. The convention is to use "<package>.<type>:<label>" as the annotation for the responsible code path. Enabled on iOS, macOS and Android only, since mobile platforms are the ones we're most interested in, and we are less sensitive to any throughput degradation due to the per-I/O callback overhead (macOS is also enabled for ease of testing during development). For now just exposed as counters on a /v0/sockstats PeerAPI endpoint. We also keep track of the current interface so that we can break out the stats by interface. Updates tailscale/corp#9230 Updates #3363 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Sonia Appasamy	0c1510739c	cmd/tailscale/cli: update device authorization copy "Device Authorization" was recently renamed to "Device Approval" on the control side. This change updates the linux cli to match. Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	3 years ago
Jordan Whited	d4122c9f0a	cmd/tailscale/cli: fix TestUpdatePrefs over Tailscale SSH (#7374 ) Fixes #7373 Signed-off-by: Jordan Whited <jordan@tailscale.com>	3 years ago
Maisem Ali	d811c5a7f0	cmd/tailscale/cli: handle home dir correctly on macOS for kubeconfig This ensures that we put the kubeconfig in the correct directory from within the macOS Sandbox when paired with tailscale/corp@3035ef7 Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	c01c84ea8e	cmd/tailscale/cli: add "configure kubeconfig" subcommand It takes in a node hostname and configures the local kubeconfig file to point to that. Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	181a3da513	cmd/tailscale/cli: add a hidden configure subcommand Also make `tailscale configure-host` an alias to `tailscale configure synology` Updates #7220 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Jenny Zhang	fe5558094c	cmd/tailscale/cli: add logout and debug info to web Fixes #7238 Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 years ago
David Anderson	70a2929a12	version: make all exported funcs compile-time constant or lazy Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
David Anderson	8b2ae47c31	version: unexport all vars, turn Short/Long into funcs The other formerly exported values aren't used outside the package, so just unexport them. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Tom DNetto	99b9d7a621	all: implement pcap streaming for datapath debugging Updates: tailscale/corp#8470 Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	03645f0c27	net/{netns,netstat}: use new x/sys/cpu.IsBigEndian See golang/go#57237 Change-Id: If47ab6de7c1610998a5808e945c4177c561eab45 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Andrew Dunham	2755f3843c	health, net/tlsdial: add healthcheck for self-signed cert When we make a connection to a server, we previously would verify with the system roots, and then fall back to verifying with our baked-in Let's Encrypt root if the system root cert verification failed. We now explicitly check for, and log a health error on, self-signed certificates. Additionally, we now always verify against our baked-in Let's Encrypt root certificate and log an error if that isn't successful. We don't consider this a health failure, since if we ever change our server certificate issuer in the future older non-updated versions of Tailscale will no longer be healthy despite being able to connect. Updates #3198 Change-Id: I00be5ceb8afee544ee795e3c7a2815476abc4abf Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	3 years ago
Brad Fitzpatrick	b1248442c3	all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork Updates #7123 Updates #5309 Change-Id: I90bcd87a2fb85a91834a0dd4be6e03db08438672 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ca45fe2d46	cmd/tailscale/cli: delete ActLikeCLI It's since been rewritten in Swift. #cleanup Change-Id: I0860d681e8728697804ce565f63c5613b8b1088c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Will Norris	71029cea2d	all: update copyright and license headers This updates all source files to use a new standard header for copyright and license declaration. Notably, copyright no longer includes a date, and we now use the standard SPDX-License-Identifier header. This commit was done almost entirely mechanically with perl, and then some minimal manual fixes. Updates #6865 Signed-off-by: Will Norris <will@tailscale.com>	3 years ago
Brad Fitzpatrick	a1b4ab34e6	util/httpm: add new package for prettier HTTP method constants See package doc. Change-Id: Ibbfc8e1f98294217c56f3a9452bd93ffa3103572 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
phirework	2d29f77b24	cmd/tailscale/cli: fix TUNmode display on synology web page (#7064 ) Fixes #7059 Signed-off-by: Jenny Zhang <jz@tailscale.com> Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 years ago
Brad Fitzpatrick	c8db70fd73	cmd/tailscale/cli: add debug set-expire command for testing Updates tailscale/corp#8811 Updates tailscale/corp#8613 Change-Id: I1c87806ca3ccc5c43e7ddbd6b4d521f73f7d29f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	06fff461dc	ipn/ipnstate: add PeerStatus.KeyExpiry for tailscale status --json Fixes #6712 Change-Id: I817cd5342fac8a956fcefda2d63158fa488f3395 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	fd92fbd69e	cmd/tailscale/cli: only give systemctl hint on systemd systems Per recent user confusion on a QNAP issue. Change-Id: Ibda00013df793fb831f4088b40be8a04dfad17c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ba5aa2c486	version, cmd/tailscale: add version.Meta, tailscale version --json Add `tailscale version --json` JSON output mode. This will be used later for a double-opt-in (per node consent like Tailscale SSH + control config) to let admins do remote upgrades via `tailscale update` via a c2n call, which would then need to verify the cmd/tailscale found on disk for running tailscale update corresponds to the running tailscaled, refusing if anything looks amiss. Plus JSON output modes are just nice to have, rather than parsing unstable/fragile/obscure text formats. Updates #6995 Updates #6907 Change-Id: I7821ab7fbea4612f4b9b7bdc1be1ad1095aca71b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	5ca22a0068	cmd/tailscale/cli: make 'tailscale update' support Debian/Ubuntu apt Updates #6995 Change-Id: I3355435db583755e0fc73d76347f6423b8939dfb Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
shayne	73399f784b	cmd/tailscale/cli: use mock impl of LocalClient for serve cmd (#6422 ) Create an interface and mock implementation of tailscale.LocalClient for serve command tests. Updates #6304 Closes #6372 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Brad Fitzpatrick	c129bf1da1	cmd/tailscale/cli: un-alpha login+switch in ShortUsage docs Change-Id: I580d4417cf03833dfa8f6a295fb416faa667c477 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	71a7b8581d	cmd/tailscale/cli: make "update" work on Windows Updates #6995 Co-authored-by: Aaron Klotz <aaron@tailscale.com> Change-Id: I16622f43156a70b6fbc8205239fd489d7378d57b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Tom DNetto	ee6d18e35f	cmd/tailscale/cli: implement --json for lock status and lock log cmds Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	b657187a69	cmd/tailscale, logtail: add 'tailscale debug daemon-logs' logtail mechanism Fixes #6836 Change-Id: Ia6eb39ff8972e1aa149aeeb63844a97497c2cf04 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	d9144c73a8	cmd/tailscale: add start of "tailscale update" command Goal: one way for users to update Tailscale, downgrade, switch tracks, regardless of platform (Windows, most Linux distros, macOS, Synology). This is a start. Updates #755, etc Change-Id: I23466da1ba41b45f0029ca79a17f5796c2eedd92 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
phirework	f011a0923a	cmd/tailscale/cli: style synology outgoing access info (#6959 ) Follow-up to #6957. Updates #4015 Signed-off-by: Jenny Zhang <jz@tailscale.com>	3 years ago
Brad Fitzpatrick	5eded58924	cmd/tailscale/cli: make web show/link Synology outgoing connection mode/docs Fixes #4015 Change-Id: I8230bb0cc3d621b6fa02ab2462cea104fa1e9cf9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	61dfbc0a6e	cmd/tailscale/cli: plumb TUN mode into tailscale web template UI works remains, but data is there now. Updates #4015 Change-Id: Ib91e94718b655ad60a63596e59468f3b3b102306 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
salman	8a1201ac42	cmd/tailscale: correct order for -terminate-tls flag in serve tcp usage The -terminate-tls flag is for the tcp subsubcommand, not the serve subcommand like the usage example suggests. Signed-off-by: salman <salman@tailscale.com>	3 years ago
Denton Gentry	22ebb25e83	cmd/tailscale: disable HTTPS verification for QNAP auth. QNAP's "Force HTTPS" mode redirects even localhost HTTP to HTTPS, but uses a self-signed certificate which fails verification. We accommodate this by disabling checking of the cert. Fixes https://github.com/tailscale/tailscale/issues/6903 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Tom DNetto	907f85cd67	cmd/tailscale,tka: make KeyID return an error instead of panicking Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Tom DNetto	8724aa254f	cmd/tailscale,tka: implement compat for TKA messages, minor UX tweaks Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
David Anderson	91e64ca74f	cmd/tailscale/cli: redact private key in debug netmap output by default This makes `tailscale debug watch-ipn` safe to use for troubleshooting user issues, in addition to local debugging during development. Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Denton Gentry	467ace7d0c	cmd/tailscale: use localhost for QNAP authLogin.cgi When the user clicks on the Tailscale app in the QNAP App Center, we do a GET from /cgi-bin/authLogin.cgi to look up their SID. If the user clicked "secure login" on the QNAP login page to use HTTPS, then our access to authLogin.cgi will also use HTTPS but the certiciate is self-signed. Our GET fails with: Get "https://10.1.10.41/cgi-bin/authLogin.cgi?sid=abcd0123": x509: cannot validate certificate for 10.1.10.41 because it doesn't contain any IP SANs or similar errors. Instead, access QNAP authentication via http://localhost:8080/ as documented in https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf Fixes https://github.com/tailscale/tailscale-qpkg/issues/62 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Brad Fitzpatrick	8aac77aa19	cmd/tailscale: fix "up" warning about netfilter-mode on Synology Fixes #6811 Change-Id: Ia43723e6ebedc9b01729897cec271c462b16e9ae Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	a06217a8bd	cmd/tailscale/cli: hide Windows named pipe default name in flag help It's long & distracting for how low value it is. Fixes #6766 Change-Id: I51364f25c0088d9e63deb9f692ba44031f12251b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	ca08e316af	util/endian: delete package; use updated josharian/native instead See josharian/native#3 Updates golang/go#57237 Change-Id: I238c04c6654e5b9e7d9cfb81a7bbc5e1043a84a2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
shayne	9d335aabb2	cmd/tailscale/cli: [ssh] fix typo in help text (#6694 ) arugments => arguments Signed-off-by: shayne <79330+shayne@users.noreply.github.com>	3 years ago
Walter Poupore	383e203fd2	cmd/tailscale/cli: update lock status help strings (#6675 ) Signed-off-by: Walter Poupore <walterp@tailscale.com> Signed-off-by: Walter Poupore <walterp@tailscale.com>	3 years ago
James Tucker	389238fe4a	cmd/tailscale/cli: add workaround for improper named socket quoting in ssh command This avoids the issue in the common case where the socket path is the default path, avoiding the immediate need for a Windows shell quote implementation. Updates #6639 Signed-off-by: James Tucker <james@tailscale.com>	3 years ago
Tom DNetto	e27f4f022e	cmd/tailscale/cli: add progress to tailscale file cp Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
shayne	98114bf608	cmd/tailscale/cli, ipn/localapi: add funnel status to status command (#6402 ) Fixes #6400 open up GETs for localapi serve-config to allow read-only access to ServeConfig `tailscale status` will include "Funnel on" status when Funnel is configured. Prints nothing if Funnel is not running. Example: $ tailscale status <nodes redacted> # Funnel on: # - https://node-name.corp.ts.net # - https://node-name.corp.ts.net:8443 # - tcp://node-name.corp.ts.net:10000 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Tom DNetto	55e0512a05	ipn/ipnlocal,cmd/tailscale: minor improvements to lock modify command * Do not print the status at the end of a successful operation * Ensure the key of the current node is actually trusted to make these changes Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Mihai Parparita	5b8323509f	cmd/tailscale/cli: use "account" instead of "profile" in user-visible text Matches the UI clients Updates #713 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Maya Kaczorowski	d5b4d2e276	cmd/tailscale/cli: improve tailnet lock help (#6583 ) Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com> Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>	3 years ago
Walter Poupore	74b47eaad6	cmd/tailscale/cli: Fix 'tailscale switch' error message (#6585 ) Updates #713. Signed-off-by: Walter Poupore <walterp@tailscale.com> Signed-off-by: Walter Poupore <walterp@tailscale.com>	3 years ago
Maisem Ali	a5a3188b7e	cmd/tailscale/cli: unhide login and switch subcommands Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maya Kaczorowski	a1084047ce	cmd/tailscale/cli: capitalize Get (#6586 ) Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com> Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>	3 years ago
Tom DNetto	74c1f632f6	types/key,cmd/tailscale/cli: support tlpub prefix for tailnet-lock keys Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	8dd1418774	ipn{,/ipnlocal}: add ipn.NotifyInitial* flags to WatchIPNBus To simplify clients getting the initial state when they subscribe. Change-Id: I2490a5ab2411253717c74265a46a98012b80db82 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	197a4f1ae8	types/ptr: move all the ptrTo funcs to one new package's ptr.To Change-Id: Ia0b820ffe7aa72897515f19bd415204b6fe743c7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Tom DNetto	9a80b8fb10	cmd/tailscale,ipn: surface TKA-filtered peers in lock status command Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Tom DNetto	731be07777	cmd/tailscale/cli: show rotation key when suggesting lock sign command Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	f710d1cb20	cmd/tailscale/cli: add set --unattended on Windows Fixes #6567 Change-Id: I8cb57196c601466401f8602eb50456e7cf7c31ef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	a200a23f97	Revert "cmd/tailscale: access QNAP via localhost" When running `tailscale web` as a standalone process, it was necessary to send auth requests to QTS using localhost to avoid hitting the proxy recursively. However running `tailscale web` as a process means it is consuming RAM all the time even when it isn't actively doing anything. After switching back to the `tailscale web` CGI mode, we don't need to specifically use localhost for QNAP auth. This reverts commit `e0cadc5496`. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Maisem Ali	adc302f428	all: use named pipes on windows Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Tom DNetto	45042a76cd	cmd/tailscale,ipn: store disallowed TKA's in prefs, lock local-disable Take 2 of https://github.com/tailscale/tailscale/pull/6546 Builds on https://github.com/tailscale/tailscale/pull/6560 Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	390d1bb871	Revert "ipn,types/persist: store disallowed TKA's in prefs, lock local-disable" This reverts commit `f1130421f0`. It was submitted with failing tests (go generate checks) Requires a lot of API changes to fix so rolling back instead of forward. Change-Id: I024e8885c0ed44675d3028a662f386dda811f2ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Tom DNetto	f1130421f0	ipn,types/persist: store disallowed TKA's in prefs, lock local-disable Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Tom DNetto	5c8d2fa695	cmd/tailscale,ipn: improve UX of lock init command, cosmetic changes Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	3b73727e39	cmd/tailscale: de-punycode hostnames in status display Still show original, but show de-punycode version in parens, similar to how we show DNS-less hostnames. Change-Id: I7e57da5e4029c5b49e8cd3014c350eddd2b3c338 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	109aa3b2fb	cmd/tailscale: add start of "debug derp" subcommand Updates #6526 Change-Id: I84e440a8bd837c383000ce0cec4ff36b24249e8b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	7e016c1d90	ipn/ipnserver: remove IPN protocol server Unused in this repo as of the earlier #6450 (`300aba61a6`) and unused in the Windows GUI as of tailscale/corp#8065. With this ipn.BackendServer is no longer used and could also be removed from this repo. The macOS and iOS clients still temporarily depend on it, but I can move it to that repo instead while and let its migration proceed on its own schedule while we clean this repo up. Updates #6417 Updates tailscale/corp#8051 Change-Id: Ie13f82af3eb9f96b3a21c56cdda51be31ddebdcf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
shayne	0c4c66948b	cmd/tailscale/cli: Improve messaging when Funnel is unavailable. (#6502 ) There are three specific requirements for Funnel to work: 1) They must accept an invite. 2) They must enable HTTPS. 3) The "funnel" node attribute must be appropriately set up in the ACLs. Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Brad Fitzpatrick	5f6fec0eba	cmd/tailscale: fix 'debug local-creds' hostname Fixes #6446 Change-Id: I82f0a3dcf6aca25b7f67265533ee30a9d939d86f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	300aba61a6	ipn, cmd/tailscale/cli: add LocalAPI IPN bus watch, Start, convert CLI Updates #6417 Updates tailscale/corp#8051 Change-Id: I1ca360730c45ffaa0261d8422877304277fc5625 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Tom DNetto	6708f9a93f	cmd/tailscale,ipn: implement lock log command This commit implements `tailscale lock log [--limit N]`, which displays an ordered list of changes to network-lock state in a manner familiar to `git log`. Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	0f7da5c7dc	ipn{,/ipnlocal}, client/tailscale: move Taildrop recv notifications to LocalAPI HTTP method Updates #6417 Change-Id: Iec544c477a0e5e9f1c6bf23555afec06255e2e22 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	41dd49391f	tstest/integration: add --accept-risk=all to tailscale down The test would fail if I was running it over SSH. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Andrew Dunham	a0ef51f570	cmd/{tailscale,tailscaled}: embed manifest into Windows binaries This uses a go:generate statement to create a bunch of .syso files that contain a Windows resource file. We check these in since they're less than 1KiB each, and are only included on Windows. Fixes #6429 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0512c3c0b2ab9d8d8509cf2037b88b81affcb81f	3 years ago
Maisem Ali	b94b91c168	cmd/tailscale/cli: add ability to set short names for profiles This adds a `--nickname` flag to `tailscale login\|set`. Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Mihai Parparita	33520920c3	all: use strs.CutPrefix and strs.CutSuffix more Updates places where we use HasPrefix + TrimPrefix to use the combined function. Updates #5309 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
shayne	bdd8ce6692	cmd/tailscale/cli: disallow empty text "" from serve CLI (#6416 ) Current behavior is broken. tailscale serve text / "" returns no error and shows up in tailscale serve status but requests return a 500 "empty handler". Adds an error if the user passes in an empty string for the text handler. Closes #6405 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
shayne	f52a6d1b8c	cmd/tailscale/cli, ipn: move serve CLI funcs on to ServeConfig (#6401 ) Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
shayne	a97369f097	cmd/tailscale/cli: flesh out serve CLI and tests (#6304 ) Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	3 years ago
Andrew Dunham	0af61f7c40	cmd/tailscale, util/quarantine: set quarantine flags on files from Taildrop This sets the "com.apple.quarantine" flag on macOS, and the "Zone.Identifier" alternate data stream on Windows. Change-Id: If14f805467b0e2963067937d7f34e08ba1d1fa85 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	3 years ago
Maisem Ali	f3519f7b29	cmd/tailscale/cli: add login and switch subcommands Updates #713 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	1f4669a380	all: standardize on LocalAPI Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	235309adc4	all: store NL keys per profile This moves the NetworkLock key from a dedicated StateKey to be part of the persist.Persist struct. This struct is stored as part for ipn.Prefs and is also the place where we store the NodeKey. It also moves the ChonkDir from "/tka" to "/tka-profile/<profile-id>". The rename was intentional to be able to delete the "/tka" dir if it exists. This means that we will have a unique key per profile, and a unique directory per profile. Note: `tailscale logout` will delete the entire profile, including any keys. It currently does not delete the ChonkDir. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Denton Gentry	e0cadc5496	cmd/tailscale: access QNAP via localhost QNAP 5.x works much better if we let Apache proxy tailscale web, which means the URLs can no longer be relative since apache sends us an internal URL. Access QNAP authentication via http://localhost:8080/ as documented in https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Tom DNetto	3271daf7a3	cmd/tailscale,ipn: support disablement args in lock cli, implement disable * Support specifiying disablement values in lock init command * Support specifying rotation key in lock sign command * Implement lock disable command * Implement disablement-kdf command Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	96e1582298	cmd/tailscale/cli: add debug 2021 --verbose flag Change-Id: Ic93c2a8451518755fb44b5c35272d9b9353fe4d4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	13bee8e91c	cmd/tailscale/cli: update serve debug set command after FUS profile change The key changed, but also we have a localapi method to set it anyway, so use that. Updates tailscale/corp#7515 Change-Id: Ia08ea2509f0bdd9b59e4c5de53aacf9a7d7eda36 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	8e85227059	cmd/tailscale/cli: [set] handle selectively modifying routes/exit node Noticed this while debugging something else, we would reset all routes if either `--advertise-exit-node` or `--advertise-routes` were set. This handles correctly updating them. Also added tests. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	0544d6ed04	cmd/tailscale/cli: continue fleshing out serve CLI tests The serve CLI doesn't exist yet, but we want nice tests for it when it does exist. Updates tailscale/corp#7515 Change-Id: Ib4c73d606242c4228f87410bbfd29bec52ca6c60 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	b5ac9172fd	cmd/tailscale/cli: move earlier shell test to its own files (I should've done this to start with.) Updates tailscale/corp#7515 Change-Id: I7fb88cf95772790fd415ecf28fc52bde95507641 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	29bc021dcd	cmd/tailscale/cli: add outline of serve CLI tests Updates tailscale/corp#7515 Change-Id: Ib3956d4756bdcea0da89238a3c520ce8ac8004ec Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	08e110ebc5	cmd/tailscale: make "up", "status" warn if routes and --accept-routes off Example output: # Health check: # - Some peers are advertising routes but --accept-routes is false Also, move "tailscale status" health checks to the bottom, where they won't be lost in large netmaps. Updates #2053 Updates #6266 Change-Id: I5ae76a0cd69a452ce70063875cd7d974bfeb8f1a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	6aab4fb696	cmd/tailscale/cli: start making cert output support pkcs12 (p12) output If the --key-file output filename ends in ".pfx" or ".p12", use pkcs12 format. This might not be working entirely correctly yet but might be enough for others to help out or experiment. Updates #2928 Updates #5011 Change-Id: I62eb0eeaa293b9fd5e27b97b9bc476c23dd27cf6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Tom DNetto	4c31183781	cmd/tailscale,ipn: minor fixes to tailscale lock commands * Fix broken add/remove key commands * Make lock status display whether the node is signed Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Maisem Ali	4d330bac14	ipn/ipnlocal: add support for multiple user profiles Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Mihai Parparita	7a07bc654b	ipn/localapi: rename /profile to /pprof Avoids name collision with profiles for user switching. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Joe Tsai	9a05cdd2b5	syncs: add Map (#6260 ) Map is a concurrent safe map that is a trivial wrapper over a Go map and a sync.RWMutex. It is optimized for use-cases where the entries change often, which is the opposite use-case of what sync.Map is optimized for. The API is patterned off of sync.Map, but made generic. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	3 years ago
Brad Fitzpatrick	25e26c16ee	ipn/ipnlocal: start implementing web server bits of serve Updates tailscale/corp#7515 Change-Id: I96f4016161ba3c370492da941274c6d9a234c2bb Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	c35dcd427f	cmd/tailscale/cli: make dev-store-set debug command a bit more magic Temporarily at least. Makes sharing scripts during development easier. Updates tailscale/corp#7515 Change-Id: I0e7aa461accd2c60740c1b37f3492b6bb58f1be3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	2daf0f146c	ipn/ipnlocal, wgengine/netstack: start handling ports for future serving Updates tailscale/corp#7515 Change-Id: I966e936e72a2ee99be8d0f5f16872b48cc150258 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	5bb7e0307c	cmd/tailscale, ipn/ipnlocal: add debug command to write to StateStore for dev Not for end users (unless directed by support). Mostly for ease of development for some upcoming webserver work. Change-Id: I43acfed217514567acb3312367b24d620e739f88 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	db2cc393af	util/dirwalk, metrics, portlist: add new package for fast directory walking This is similar to the golang.org/x/tools/internal/fastwalk I'd previously written but not recursive and using mem.RO. The metrics package already had some Linux-specific directory reading code in it. Move that out to a new general package that can be reused by portlist too, which helps its scanning of all /proc files: name old time/op new time/op delta FindProcessNames-8 2.79ms ± 6% 2.45ms ± 7% -12.11% (p=0.000 n=10+10) name old alloc/op new alloc/op delta FindProcessNames-8 62.9kB ± 0% 33.5kB ± 0% -46.76% (p=0.000 n=9+10) name old allocs/op new allocs/op delta FindProcessNames-8 2.25k ± 0% 0.38k ± 0% -82.98% (p=0.000 n=9+10) Change-Id: I75db393032c328f12d95c39f71c9742c375f207a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	da8def8e13	all: remove old +build tags The //go:build syntax was introduced in Go 1.17: https://go.dev/doc/go1.17#build-lines gofmt has kept the +build and go:build lines in sync since then, but enough time has passed. Time to remove them. Done with: perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build') Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	6afe26575c	ipn: make Notify.Prefs be a *ipn.PrefsView It is currently a `ipn.PrefsView` which means when we do a JSON roundtrip, we go from an invalid Prefs to a valid one. This makes it a pointer, which fixes the JSON roundtrip. This was introduced in `0957bc5af2`. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Tom DNetto	0af57fce4c	cmd/tailscale,ipn: implement lock sign command Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	a7f7e79245	cmd/tailscale/cli: hide old, useless --host-routes flag It was from very early Tailscale and no longer makes sense. Change-Id: I31b4e728789f26b0376ebe73aa1b4bbbb1d62607 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	f4ff26f577	types/pad32: delete package Use Go 1.19's new 64-bit alignment ~hidden feature instead. Fixes #5356 Change-Id: Ifcbcb115875a7da01df3bc29e9e7feadce5bc956 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Tom DNetto	d98305c537	cmd,ipn/ipnlocal,tailcfg: implement TKA disablement * Plumb disablement values through some of the internals of TKA enablement. * Transmit the node's TKA hash at the end of sync so the control plane understands each node's head. * Implement /machine/tka/disable RPC to actuate disablement on the control plane. There is a partner PR for the control server I'll send shortly. Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	7ad636f5b7	cmd/tailscale/cli: flesh out "tailscale ssh" CLI docs Per user feedback. Fixes #5877 Change-Id: Ib70ad57ec2507244fc54745f4e43c0ce13f51e9c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	3336d08d59	cmd/tailscale/cli: make set without args print usage Make "tailscale set" by itself be equivalent to "tailscale set -h" rather than just say "you did it wrong" and make people do another -h step. Change-Id: Iad2b2ddb2595c0121d2536de5b78648f3eded3e3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	7b6cd4e659	cmd/tailscale/cli: make set's usage match up's, other than defaults Fixes #6082 Change-Id: I92dc4726d866dcfd87e93ff09772601851d92ccf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	19b5586573	cmd/tailscale/cli: add beginnings of `tailscale set` Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Maisem Ali	0957bc5af2	ipn/ipnlocal: use ipn.PrefsView Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Mihai Parparita	9d04ffc782	net/wsconn: add back custom wrapper for turning a websocket.Conn into a net.Conn We removed it in #4806 in favor of the built-in functionality from the nhooyr.io/websocket package. However, it has an issue with deadlines that has not been fixed yet (see nhooyr/websocket#350). Temporarily go back to using a custom wrapper (using the fix from our fork) so that derpers will stop closing connections too aggressively. Updates #5921 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Brad Fitzpatrick	9475801ebe	ipn/ipnlocal: fix E.G.G. port number accounting Change-Id: Id35461fdde79448372271ba54f6e6af586f2304d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	45b7e8c23c	cmd/tailscale: make tailscale cert --serve-demo accept optional listen argument Change-Id: I48f2f4f74c9996b9ed4bee02c61f125d42154a34 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Denton Gentry	19dfdeb1bb	cmd/tailscale: correct --cpu-profile help text Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Andrew Dunham	c32f9f5865	cmd/tailscale, ipn: enable debug logs when --report flag is passed to bugreport (#5830 ) Change-Id: Id22e9f4a2dcf35cecb9cd19dd844389e38c922ec Signed-off-by: Andrew Dunham <andrew@tailscale.com>	3 years ago
Brad Fitzpatrick	1841d0bf98	wgengine/magicsock: make debug-level stuff not logged by default And add a CLI/localapi and c2n mechanism to enable it for a fixed amount of time. Updates #1548 Change-Id: I71674aaf959a9c6761ff33bbf4a417ffd42195a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Andrew Dunham	5c69961a57	cmd/tailscale/cli: add --record flag to bugreport (#5826 ) Change-Id: I02bdc37a5c1a5a5d030c136ec5e84eb4c9ab1752 Signed-off-by: Andrew Dunham <andrew@tailscale.com>	3 years ago
Josh Soref	d4811f11a0	all: fix spelling mistakes Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	3 years ago
Adrian Dewhurst	c581ce7b00	cmd/tailscale, client, ipn, tailcfg: add network lock modify command Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	3 years ago
Aaron Klotz	44f13d32d7	cmd/tailscaled, util/winutil: log Windows service diagnostics when the wintun device fails to install I added new functions to winutil to obtain the state of a service and all its depedencies, serialize them to JSON, and write them to a Logf. When tstun.New returns a wrapped ERROR_DEVICE_NOT_AVAILABLE, we know that wintun installation failed. We then log the service graph rooted at "NetSetupSvc". We are interested in that specific service because network devices will not install if that service is not running. Updates https://github.com/tailscale/tailscale/issues/5531 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	3 years ago
Emmanuel T Odeke	f981b1d9da	all: fix resource leaks with missing .Close() calls Fixes #5706 Signed-off-by: Emmanuel T Odeke <emmanuel@orijtech.com>	3 years ago
Andrew Dunham	b1867457a6	doctor: add package for running in-depth healthchecks; use in bugreport (#5413 ) Change-Id: Iaa4e5b021a545447f319cfe8b3da2bd3e5e5782b Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	3 years ago
Andrew Dunham	e1bdbfe710	tailcfg, control/controlhttp, control/controlclient: add ControlDialPlan field (#5648 ) * tailcfg, control/controlhttp, control/controlclient: add ControlDialPlan field This field allows the control server to provide explicit information about how to connect to it; useful if the client's link status can change after the initial connection, or if the DNS settings pushed by the control server break future connections. Change-Id: I720afe6289ec27d40a41b3dcb310ec45bd7e5f3e Signed-off-by: Andrew Dunham <andrew@tailscale.com>	3 years ago
Andrew Dunham	c6162c2a94	net/netcheck: add check for captive portal (#5593 ) This doesn't change any behaviour for now, other than maybe running a full netcheck more often. The intent is to start gathering data on captive portals, and additionally, seeing this in the 'tailscale netcheck' command should provide a bit of additional information to users. Updates #1634 Change-Id: I6ba08f9c584dc0200619fa97f9fde1a319f25c76 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	3 years ago
Berk D. Demir	ff13c66f55	cmd/tailscale: fix configure-host command for Synology `d5e7e309` changed the `hostinfo.GetVersion` from distro and distro version to UTS Name Release and moved distribution information under `hostinfo.Distro*`. `tailscale configure-host` command implementation for Synology DSM environments relies on the old semantics of this string for matching DSM Major version so it's been broken for a few days. Pull in `hostinfo` and prefix match `hostinfo.DistroVersion` to match DSM major version. Signed-off-by: Berk D. Demir <bdd@mindcast.org>	3 years ago
Brad Fitzpatrick	ed248b04a7	cmd/tailscale: remove leftover debug prints from earlier commit From `6632504f45` Change-Id: If21789232b3ecc14c1639cf87814af6fa73f535f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Maisem Ali	6632504f45	cmd/tailscale/cli: [up] move lose-ssh check after other validations The check was happening too early and in the case of error would wait 5 s and then error out. This makes it so that it does validations before the SSH check. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Andrew Dunham	9b71008ef2	control/controlhttp: move Dial options into options struct (#5661 ) This turns 'dialParams' into something more like net.Dialer, where configuration fields are public on the struct. Split out of #5648 Change-Id: I0c56fd151dc5489c3c94fb40d18fd639e06473bc Signed-off-by: Andrew Dunham <andrew@tailscale.com>	3 years ago
Eng Zer Jun	f0347e841f	refactor: move from io/ioutil to io and os packages The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Reference: https://golang.org/doc/go1.16#ioutil Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	3 years ago
Will Norris	f03a63910d	cmd/tailscale: add licenses link to web UI The `tailscale web` UI is the primary interface for Synology and Home Assistant users (and perhaps others), so is the logical place to put our open source license notices. I don't love adding things to what is currently a very minimal UI, but I'm not sure of a better option. Updates tailscale/corp#5780 Signed-off-by: Will Norris <will@tailscale.com>	3 years ago
Brad Fitzpatrick	ba3cc08b62	cmd/tailscale/cli: add backwards compatibility 'up' processing for legacy client Updates tailscale/corp#6781 Change-Id: I843fc810cbec0140d423d65db81e90179d6e0fa5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Bertrand Lorentz	a5ad57472a	cli/cert: Fix help message for --key-file Signed-off-by: Bertrand Lorentz <bertrand.lorentz@gmail.com>	3 years ago
Will Norris	d1dd04e327	cmd/tailscale: use platform specific license link	3 years ago
Will Norris	79cf550823	cmd/tailscale: add licenses subcommand Signed-off-by: Will Norris <will@tailscale.com>	3 years ago
Tom DNetto	facafd8819	client,cmd/tailscale,ipn,tka,types: implement tka initialization flow This PR implements the client-side of initializing network-lock with the Coordination server. Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Tom DNetto	18edd79421	control/controlclient,tailcfg: [capver 40] create KeySignature field in tailcfg.Node We calve out a space to put the node-key signature (used on tailnets where network lock is enabled). Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Kamal Nasser	f983962fc6	fix typo in incomplete default routes error message Signed-off-by: Kamal Nasser <hello@kamal.io>	3 years ago
Denton Gentry	3c8d257b3e	cmd/tailscale: set /dev/net perms in configure-host Several customers have had issues due to the permissions on /dev/net. Set permissions to 0755. Fixes https://github.com/tailscale/tailscale/issues/5048 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Maisem Ali	dbcc34981a	cmd/tailscale/cli: fix build break Accidental break from `64d482ff48`. Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	ec9d13bce5	hostinfo, net/netcheck: use CutPrefix Updates #5309 Change-Id: I37e594cfd245784bf810c493de68a66d3ff20677 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Andrew Dunham	f0d6f173c9	net/netcheck: try ICMP if UDP is blocked (#5056 ) Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	3 years ago
Tom DNetto	f50043f6cb	tka,types/key: remove dependency for tailcfg & types/ packages on tka Following the pattern elsewhere, we create a new tka-specific types package for the types that need to couple between the serialized structure types, and tka. Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Maisem Ali	a9f6cd41fd	all: use syncs.AtomicValue Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Brad Fitzpatrick	4950fe60bd	syncs, all: move to using Go's new atomic types instead of ours Fixes #5185 Change-Id: I850dd532559af78c3895e2924f8237ccc328449d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	8725b14056	all: migrate more code code to net/netip directly Instead of going through the tailscale.com/net/netaddr transitional wrappers. Updates #5162 Change-Id: I3dafd1c2effa1a6caa9b7151ecf6edd1a3fda3dd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Mihai Parparita	e846481731	cmd/tailscale/cli: use printf and outln consistently Fix some fmt.Println and fmt.Printf calls that crept in since `5df7ac70d6`. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	3 years ago
Brad Fitzpatrick	116f55ff66	all: gofmt for Go 1.19 Updates #5210 Change-Id: Ib02cd5e43d0a8db60c1f09755a8ac7b140b670be Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Tom DNetto	47f91dd732	cmd/tailscale{,d}: update depaware Signed-off-by: Tom DNetto <tom@tailscale.com>	3 years ago
Brad Fitzpatrick	a12aad6b47	all: convert more code to use net/netip directly perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.) perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. ) perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. ) goimports -w . Then delete some stuff from the net/netaddr shim package which is no longer neeed. Updates #5162 Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	6a396731eb	all: use various net/netip parse funcs directly Mechanical change with perl+goimports. Changed {Must,}Parse{IP,IPPrefix,IPPort} to their netip variants, then goimports -d . Finally, removed the net/netaddr wrappers, to prevent future use. Updates #5162 Change-Id: I59c0e38b5fbca5a935d701645789cddf3d7863ad Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
Brad Fitzpatrick	7eaf5e509f	net/netaddr: start migrating to net/netip via new netaddr adapter package Updates #5162 Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	3 years ago
David Anderson	c1cb3efbba	net/netcheck: test for OS IPv6 support as well as connectivity. This lets us distinguish "no IPv6 because the device's ISP doesn't offer IPv6" from "IPv6 is unavailable/disabled in the OS". Signed-off-by: David Anderson <danderson@tailscale.com>	3 years ago
Maisem Ali	c6648db333	cmd/tailscale/cli: make cert use localClient This was seeminlgy missed in `87ba528ae0`. Fixes #5072 Signed-off-by: Maisem Ali <maisem@tailscale.com>	3 years ago
Denton Gentry	9fcda1f0a0	cmd/tailscale/cli/web: add QNAP NAS_SID authentication QTS 5.0 doesn't always pass a qtoken, in some circumstances it sends a NAS_SID cookie for us to verify instead. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	3 years ago
Brad Fitzpatrick	6b71568eb7	util/cloudenv: add Azure support & DNS IPs And rewrite cloud detection to try to do only zero or one metadata discovery request for all clouds, only doing a first (or second) as confidence increases. Work remains for Windows, but a start. And add Cloud to tailcfg.Hostinfo, which helped with testing using "tailcfg debug hostinfo". Updates #4983 (Linux only) Updates #4984 Change-Id: Ib03337089122ce0cb38c34f724ba4b4812bc614e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Aaron Bieber	3f4fd64311	cmd/tailscale: exit loop when timeout and pingArgs.num are met Currently if you use '-c' and ping a host that times out, ping will continue running indefinitely. This change exits the loop with "no reply" when we time out, hit the value specified by '-c' and do not have anyPong. If we have anyPong it returns nil. Signed-off-by: Aaron Bieber <aaron@bolddaemon.com>	4 years ago
Brad Fitzpatrick	88c2afd1e3	ipn/ipnlocal, net/dns, util/cloudenv: specialize DNS config on Google Cloud This does three things: If you're on GCP, it adds a .internal DNS split route to the metadata server, so we never break GCP DNS names. This lets people have some Tailscale nodes on GCP and some not (e.g. laptops at home) without having to add a Tailnet-wide .internal DNS route. If you already have such a route, though, it won't overwrite it. * If the 100.100.100.100 DNS forwarder has nowhere to forward to, it forwards it to the GCP metadata IP, which forwards to 8.8.8.8. This means there are never errNoUpstreams ("upstream nameservers not set") errors on GCP due to e.g. mangled /etc/resolv.conf (GCP default VMs don't have systemd-resolved, so it's likely a DNS supremacy fight) * makes the DNS fallback mechanism use the GCP metadata IP as a fallback before our hosted HTTP-based fallbacks I created a default GCP VM from their web wizard. It has no systemd-resolved. I then made its /etc/resolv.conf be empty and deleted its GCP hostnames in /etc/hosts. I then logged in to a tailnet with no global DNS settings. With this, tailscaled writes /etc/resolv.conf (direct mode, as no systemd-resolved) and sets it to 100.100.100.100, which then has regular DNS via the metadata IP and .internal DNS via the metadata IP as well. If the tailnet configures explicit DNS servers, those are used instead, except for .internal. This also adds a new util/cloudenv package based on version/distro where the cloud type is only detected once. We'll likely expand it in the future for other clouds, doing variants of this change for other popular cloud environments. Fixes #4911 RELNOTES=Google Cloud DNS improvements Change-Id: I19f3c2075983669b2b2c0f29a548da8de373c7cf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Jordan Whited	bef6e2831a	cmd/tailscale: move call to cli.CleanUpArgs() from main() into cli.Run() (#4954 ) Not all distributions build from package main. Signed-off-by: Jordan Whited <jordan@tailscale.com>	4 years ago
soypete	412c4c55e2	cmd/tailscale: make up respect explicitly empty --operator= value Fixes #3808 Signed-off-by: soypete <miriah@tailscale.com>	4 years ago
mattn	1d04e01d1e	use C:\Windows\System32\OpenSSH\ssh.exe (#4933 ) cmd/tailscale: make ssh command prefer Windows ssh.exe over PATH Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>	4 years ago
Brad Fitzpatrick	467eb2eca0	cmd/tailscale/cli, ipn/ipnlocal: give SSH tips when off/unconfigured Updates #3802 Change-Id: I6b9a3175f68a6daa670f912561f2c2ececc07770 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	13d0b8e6a4	control/controlclient, net/dnscache: use typed singleflight fork Change-Id: I12be4c5a91ae3a812fe88d9b2d15526fdbb5a921 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	d3643fa151	cmd/tailscale: add 'debug ts2021' Noise connectivity subcommand Updates #3488 Change-Id: I9272e68f66c4cf36fb98dd1248a74d3817447690 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Mihai Parparita	edc90ebc61	net/wsconn: remove homegrown wrapper for turning a websocket.Conn into a net.Conn The one from the nhooyr/websocket package seems to work equally well. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	4 years ago
Brad Fitzpatrick	0d972678e7	cmd/tailscale/cli: disable 'tailscale ssh' on sandboxed macOS Updates #3802 Updates #4518 Fixes #4628 Change-Id: I194d2cc30fc8e38b66d4910787efbce14317b0ff Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	2bac8b6013	Revert "cmd/tailscale/cli: disallow --ssh on Synology" This reverts commit `03e3e6abcd` in favor of #4785. Change-Id: Ied65914106917c4cb8d15d6ad5e093a6299d1d48 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Maisem Ali	03e3e6abcd	cmd/tailscale/cli: disallow --ssh on Synology Updates tailscale/corp#5468 Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Jordan Whited	43f9c25fd2	cmd/tailscale: surface authentication errors in status.Health (#4748 ) Fixes #3713 Signed-off-by: Jordan Whited <jordan@tailscale.com>	4 years ago
Mihai Parparita	a9f32656f5	control/controlhttp: allow client and server to communicate over WebSockets We can't do Noise-over-HTTP in Wasm/JS (because we don't have bidirectional communication), but we should be able to do it over WebSockets. Reuses derp WebSocket support that allows us to turn a WebSocket connection into a net.Conn. Updates #3157 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	4 years ago
Maisem Ali	67325d334e	cmd/tailscale/cli: add lose-ssh risk This makes it so that the user is notified that the action they are about to take may result in them getting disconnected from the machine. It then waits for 5s for the user to maybe Ctrl+C out of it. It also introduces a `--accept-risk=lose-ssh` flag for automation, which allows the caller to pre-acknowledge the risk. The two actions that cause this are: - updating `--ssh` from `true` to `false` - running `tailscale down` Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	4d85cf586b	cmd/tailscale, ipn/ipnlocal: add "peerapi" ping type For debugging when stuff like #4750 isn't working. RELNOTE=tailscale ping -peerapi Change-Id: I9c52c90fb046e3ab7d2b121387073319fbf27b99 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Aaron Klotz	b005b79236	net/dns, paths, util/winutil: change net/dns/windowsManager NRPT management to support more than 50 domains. AFAICT this isn't documented on MSDN, but based on the issue referenced below, NRPT rules are not working when a rule specifies > 50 domains. This patch modifies our NRPT rule generator to split the list of domains into chunks as necessary, and write a separate rule for each chunk. For compatibility reasons, we continue to use the hard-coded rule ID, but as additional rules are required, we generate new GUIDs. Those GUIDs are stored under the Tailscale registry path so that we know which rules are ours. I made some changes to winutils to add additional helper functions in support of both the code and its test: I added additional registry accessors, and also moved some token accessors from paths to util/winutil. Fixes https://github.com/tailscale/coral/issues/63 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Aaron Klotz	c163b2a3f1	util/winutil, util/winutil/vss: remove winrestore and vss as they are unnecessary. I wrote this code way back at the beginning of my tenure at Tailscale when we had concerns about needing to restore deleted machine keys from backups. We never ended up using this functionality, and the code is now getting in the way, so we might as well remove it. Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Mihai Parparita	eda647cb47	cmd/tailscale/cli: fix ssh CLI command breaking the Wasm build Adds a stub for syscall.Exec when GOOS=js. We also had a separate branch for Windows, might as well use the same mechanism there too. For #3157 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	4 years ago
James Tucker	f9e86e64b7	*: use WireGuard where logged, printed or named Signed-off-by: James Tucker <james@tailscale.com>	4 years ago
Brad Fitzpatrick	3e1f2d01f7	ipn/ipnlocal: move Ping method from IPN bus to LocalBackend (HTTP) Change-Id: I61759f1dae8d9d446353db54c8b1e13bfffb3287 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
James Tucker	ae483d3446	wgengine, net/packet, cmd/tailscale: add ICMP echo Updates tailscale/corp#754 Signed-off-by: James Tucker <james@tailscale.com>	4 years ago
Brad Fitzpatrick	87ba528ae0	client/tailscale: move/copy all package funcs to new LocalClient type Remove all global variables, and clean up tsnet and cmd/tailscale's usage. This is in prep for using this package for the web API too (it has the best package name). RELNOTE=tailscale.com/client/tailscale package refactored w/ LocalClient type Change-Id: Iba9f162fff0c520a09d1d4bd8862f5c5acc9d7cd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	6bed781259	all: gofmt all Well, goimports actually (which adds the normal import grouping order we do) Change-Id: I0ce1b1c03185f3741aad67c14a7ec91a838de389 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	50eb8c5add	cmd/tailscale: mostly fix 'tailscale ssh' on macOS (sandbox) Still a little wonky, though. See the tcsetattr error and inability to hit Ctrl-D, for instance: bradfitz@laptop ~ % tailscale.app ssh foo@bar tcsetattr: Operation not permitted # Authentication checked with Tailscale SSH. # Time since last authentication: 1h13m22s foo@bar:~$ ^D ^D ^D Updates #4518 Updates #4529 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	48e5f4ff88	cmd/tailscale/cli: add 'debug stat' subcommand For debugging what's visible inside the macOS sandbox. But could also be useful for giving users portable commands during debugging without worrying about which OS they're on. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
James Tucker	928d1fddd2	cmd/tailscale: s/-authkey/-auth-key/ in help text Signed-off-by: James Tucker <james@tailscale.com>	4 years ago
Maisem Ali	90b5f6286c	cmd/tailscale: use double quotes in the ssh subcommands Single-quote escaping is insufficient apparently. Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Maisem Ali	db70774685	cmd/tailscale/cli: do not use syscall.Exec from macOS sandbox Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	d413850bd7	cmd/tailscale: add "debug via" subcommand to do CIDR math for via ranges $ tailscale debug via 0xb 10.2.0.0/16 fd7a:115c:a1e0:b1a:0🅱️a02:0/112 $ tailscale debug via fd7a:115c:a1e0:b1a:0🅱️a02:0/112 site 11 (0xb), 10.2.0.0/16 Previously: `3ae701f0eb` This adds a little debug tool to do CIDR math to make converting between those ranges easier for now. Updates #3616 Change-Id: I98302e95d17765bfaced3ecbb71cbd43e84bff46 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Maisem Ali	945879fa38	cmd/tailscale: [ssh] enable StrictHostKeyChecking mode Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	8f5e5bff1e	cmd/tailscale, etc: make "tailscale up --ssh" fail fast when unavailable Fail on unsupported platforms (must be Linux or macOS tailscaled with WIP env) or when disabled by admin (with TS_DISABLE_SSH_SERVER=1) Updates #3802 Change-Id: I5ba191ed0d8ba4ddabe9b8fc1c6a0ead8754b286 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	f0e2272e04	cmd/tailscale: unhide 'up --ssh' behind WIP env var Updates #3802 Change-Id: I99c550c2e4450640b0ee6ab060f178dde1360553 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Maisem Ali	c87ed52ad4	cmd/tailscale: add id-token subcommand RELNOTE=Initial support for getting OIDC ID Tokens Updates tailscale/corp#4347 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	3ae701f0eb	net/tsaddr, wgengine/netstack: add IPv6 range that forwards to site-relative IPv4 This defines a new magic IPv6 prefix, fd7a:115c:a1e0:b1a::/64, a subset of our existing /48, where the final 32 bits are an IPv4 address, and the middle 32 bits are a user-chosen "site ID". (which must currently be 0000:00xx; the top 3 bytes must be zero for now) e.g., I can say my home LAN's "site ID" is "0000:00bb" and then advertise its 10.2.0.0/16 IPv4 range via IPv6, like: tailscale up --advertise-routes=fd7a:115c:a1e0:b1a::bb:10.2.0.0/112 (112 being /128 minuse the /96 v6 prefix length) Then people in my tailnet can: $ curl '[fd7a:115c:a1e0:b1a::bb:10.2.0.230]' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" .... Updates #3616, etc RELNOTE=initial support for TS IPv6 addresses to route v4 "via" specific nodes Change-Id: I9b49b6ad10410a24b5866b9fbc69d3cae1f600ef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
David Eger	f992749b98	cmd/tailscale: Add file get --loop flag. To "automatically receive taildrop files to my Downloads directory," user currently has to run 'tailscale file get' in a loop. Make it easy to do this without shell. Updates: #2312 Signed-off-by: David Eger <david.eger@gmail.com>	4 years ago
Xiaochao Dong (@damnever)	7d97800d52	cmd/tailscale: make web mode preserve URL scheme in Synology redirect Signed-off-by: Xiaochao Dong (@damnever) <the.xcdong@gmail.com>	4 years ago
oliverpool	0b273e1857	cmd/tailscale: drop special exit code 125 for gokrazy No needed since gokrazy doesn't restart successful processes anymore: https://github.com/gokrazy/gokrazy/pull/127 Signed-off-by: Olivier Charvin <git@olivier.pfad.fr>	4 years ago
Brad Fitzpatrick	753f1bfad4	cmd/tailscale: write fewer known_hosts, resolve ssh host to FQDN early Updates #3802 Change-Id: Ic44fa2e6661a9c046e725c04fa6b8213d3d4d2b2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	df93158aac	cmd/tailscale: generate known_hosts file for 'tailscale ssh' Updates #3802 Change-Id: I7a0052392f000ee44fc8e719f6666756aab91f3d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	8294915780	cmd/tailscale/cli: add start of 'ssh' subcommand Updates #3802 Change-Id: Iabc07c00c7e4f43944cfe7daec8d2b66ac002289 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	06fcf3b225	cmd/tailscale: make status --peers=false work earlier + in JSON mode And return an error if you use non-flag arguments. Change-Id: I0dd6c357eb5cabd0f17020f21ba86406aea21681 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	5df12b9059	client/tailscale, cmd/tailscale, localapi: add 'tailscale nc' (actually) Adds missing file from `fc12cbfcd3`. GitHub was having issues earlier and it was all green because the checks never actually ran, but the DCO non-Actions check at least did, so "green" and I merged, not realizing it hadn't really run anything. Updates #3802 Change-Id: I29f605eebe5336f1f3ca28ebb78b092dd99d9fd8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	fc12cbfcd3	client/tailscale, cmd/tailscale, localapi: add 'tailscale nc' This adds a "tailscale nc" command that acts a bit like "nc", but dials out via tailscaled via localapi. This is a step towards a "tailscale ssh", as we'll use "tailscale nc" as a ProxyCommand for in some cases (notably in userspace mode). But this is also just useful for debugging & scripting. Updates #3802 RELNOTE=tailscale nc Change-Id: Ia5c37af2d51dd0259d5833d80264d3ad5f68446a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Aaron Klotz	6e91f872af	net/tshttpproxy: ensure we pass the correct flags to WinHttpOpen on Win7 and Win8.0 The best flag to use on Win7 and Win8.0 is deprecated in Win8.1, so we resolve the flag depending on OS version info. Fixes https://github.com/tailscale/tailscale/issues/4201 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Josh Bleecher Snyder	0868329936	all: use any instead of interface{} My favorite part of generics. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Josh Bleecher Snyder	997b19545b	syncs: use TryLock and TryRLock instead of unsafe The docs say: Note that while correct uses of TryLock do exist, they are rare, and use of TryLock is often a sign of a deeper problem in a particular use of mutexes. Rare code! Or bad code! Who can tell! Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	1f22507c06	version: use Go 1.18's git stamping as default implementation No more manual version bumps! Fixes #81 Change-Id: I3a9e544a7248f0b83bcbacbaabbc4dabc435e62d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	71b535fc94	go.mod: require Go 1.18 Also, update depaware for Go 1.18's dependency tree. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
David Eger	5be42c0af1	cmd/tailscale: add file get options for dealing with existing files A new flag --conflict=(skip\|overwrite\|rename) lets users specify what to do when receiving files that match a same-named file in the target directory. Updates #3548 Signed-off-by: David Eger <david.eger@gmail.com>	4 years ago
Aaron Klotz	f8a4df66de	cmd/tailscale/cli, ipn: move exit node IP parsing and validation from cli into prefs. We need to be able to provide the ability for the GUI clients to resolve and set the exit node IP from an untrusted string, thus enabling the ability to specify that information via enterprise policy. This patch moves the relevant code out of the handler for `tailscale up`, into a method on `Prefs` that may then be called by GUI clients. We also update tests accordingly. Updates https://github.com/tailscale/corp/issues/4239 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Joonas Kuorilehto	c1b3500a05	cmd/tailscale: allow use of flags in gokrazy Enable use of command line arguments with tailscale cli on gokrazy. Before this change using arguments like "up" would cause tailscale cli to be repeatedly restarted by gokrazy process supervisor. We never want to have gokrazy restart tailscale cli, even if user would manually start the process. Expected usage is that user creates files: flags/tailscale.com/cmd/tailscale/flags.txt: up flags/tailscale.com/cmd/tailscaled/flags.txt: --statedir=/perm/tailscaled/ --tun=userspace-networking Then tailscale prints URL for user to log in with browser. Alternatively it should be possible to use up with auth key to allow unattended gokrazy installs. Signed-off-by: Joonas Kuorilehto <joneskoo@derbian.fi>	4 years ago
Brad Fitzpatrick	f18bb6397b	cmd/tailscale: tell gokrazy to not manage the CLI as a daemon In the future we'll probably want to run the "tailscale web" server instead, but for now stop the infinite restart loop. See https://gokrazy.org/userguide/process-interface/ for details. Updates #1866 Change-Id: I4133a5fdb859b848813972620495865727fe397a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	55095df644	net/interfaces: get Linux default route from netlink as fallback If it's in a non-standard table, as it is on Unifi UDM Pro, apparently. Updates #4038 (probably fixes, but don't have hardware to verify) Change-Id: I2cb9a098d8bb07d1a97a6045b686aca31763a937 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Maisem Ali	497324ddf6	ipn/store: add common package for instantiating ipn.StateStores Also move KubeStore and MemStore into their own package. RELNOTE: tsnet now supports providing a custom ipn.StateStore. Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	29279b34fa	cmd/tailscale: make configure-host on Synology also add CAP_NET_RAW Updates #4012 Change-Id: Ic45b5709a73b4f1cd466823e177b52d1d20ba84e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Aaron Klotz	e31d68d64e	hostinfo: use the sentinel value set by the MSI installer to detect MSI package type The MSI installer sets a special sentinel value that we can use to detect it. I also removed the code that bails out when the installation path is not `Program Files`, as both the NSIS and MSI installers permit the user to install to a different path. Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Maisem Ali	c7a8f0992d	ipn/ipnlocal: use views for Peer.PrimaryRoutes and Peer.Tags RELNOTE=`tailscale status --json` now shows Tags and PrimaryRoutes Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	e921e1b02d	cmd/tailscale: add "tailscale debug hostinfo" subcommand Change-Id: Ifa09364d42e0516fdf80feddaf33c95880228049 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	94409db7e2	cmd/tailscale: rewrite --authkey to --auth-key That way humans don't have to remember which is correct. RELNOTE=--auth-key is the new --authkey, but --authkey still works Updates tailscale/corp#3486 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Maisem Ali	72d8672ef7	tailcfg: make Node.Hostinfo a HostinfoView Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	3c481d6b18	cmd/tailscale: add "tailscale configure-host" to prep a Synology machine at boot Updates #3761 Change-Id: Ib5ab9a4808ade074f48d3abee22c57d7670f9e21 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	02bdc654d5	cmd/tailscale: fix up --reset, again Also fix a somewhat related printing bug in the process where some paths would print "Success." inconsistently even when there otherwise was no output (in the EditPrefs path) Fixes #3830 Updates #3702 (which broke it once while trying to fix it) Change-Id: Ic51e14526ad75be61ba00084670aa6a98221daa5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
davideger	f31546809f	cmd/tailscale: propagate tailscaled 403s as AccessDeniedErrors So Linux/etc CLI users get helpful advice to run tailscale with --operator=$USER when they try to 'tailscale file {cp,get}' but are mysteriously forbidden. Signed-off-by: David Eger <eger@google.com> Signed-off-by: David Eger <david.eger@gmail.com>	4 years ago
Brad Fitzpatrick	f3c0023add	wgengine/netstack: add an SSH server experiment Disabled by default. To use, run tailscaled with: TS_SSH_ALLOW_LOGIN=you@bar.com And enable with: $ TAILSCALE_USE_WIP_CODE=true tailscale up --ssh=true Then ssh [any-user]@[your-tailscale-ip] for a root bash shell. (both the "root" and "bash" part are temporary) Updates #3802 Change-Id: I268f8c3c95c8eed5f3231d712a5dc89615a406f0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	41fd4eab5c	envknob: add new package for all the strconv.ParseBool(os.Getenv(..)) A new package can also later record/report which knobs are checked and set. It also makes the code cleaner & easier to grep for env knobs. Change-Id: Id8a123ab7539f1fadbd27e0cbeac79c2e4f09751 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	a076aaecc6	cmd/tailscale: use html/template for synoTokenRedirect The GitHub code scanner flagged this as a security vulnerability. I don't believe it was, but I couldn't convince myself of it 100%. Err on the safe side and use html/template to generate the HTML, with all necessary escaping. Fixes tailscale/corp#2698 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Maisem Ali	9e8a432146	cmd/tailscale/cli/web: fix typo where the html template data was being replaced instead of being appended to. Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	e6626366a2	cmd/tailscale: let 'tailscale up --reset' do a pref edit The --reset shouldn't imply that a Backend.Start is necessary. With this, it can do a Backend.EditPrefs instead, which then doesn't do all the heavy work that Start does. Also, Start on Windows behaves slightly differently than Linux etc in some cases because of tailscaled running in client mode on Windows (where the GUI supplies the prefs). Fixes #3702 Change-Id: I75c9f08d5e0052bf623074030a3a7fcaa677abf6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	3690bfecb0	ipn/ipnlocal: fix cert fetching on macOS GUI platforms And clarify the directory they get written to when under the sandbox. Fixes #3667 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	7d9b1de3aa	netcheck,portmapper,magicsock: ignore some UDP write errors on Linux Treat UDP send EPERM errors as a lost UDP packet, not something super fatal. That's just the Linux firewall preventing it from going out. And add a leaf package net/neterror for that (and future) policy that all three packages can share, with tests. Updates #3619 Change-Id: Ibdb838c43ee9efe70f4f25f7fc7fdf4607ba9c1d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	96cab21383	cmd/tailscale: add debug restun, rebind subcommands In the hidden debug menu. Change-Id: I20213f1f4e2290d36f9ff561bac0cc767400d5fd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	4512e213d5	cmd/tailscale: improve ping error message when logged out Refactor out the pretty status printing code from status, use it in ping. Fixes #3549 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	adc97e9c4d	cmd/tailscale: make --accept-routes default true on Windows, macOS GUI One of the most annoying parts of using the Tailscale CLI on Windows and the macOS GUI is that Tailscale's GUIs default to running with "Route All" (accept all non-exitnode subnet routes) but the CLI--being originally for Linux--uses the Linux default, which is to not accept subnets. Which means if a Windows user does, e.g.: tailscale up --advertise-exit-node Or: tailscale up --shields-up ... then it'd warn about reverting the --accept-routes option, which the user never explicitly used. Instead, make the CLI's default match the platform/GUI's default. Change-Id: I15c804b3d9b0266e9ca8651e0c09da0f96c9ef8d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	63cd581c3f	safesocket: add ConnectionStrategy, provide control over fallbacks `fee2d9fad` added support for cmd/tailscale to connect to IPNExtension. It came in two parts: If no socket was provided, dial IPNExtension first, and also, if dialing the socket failed, fall back to IPNExtension. The second half of that support caused the integration tests to fail when run on a machine that was also running IPNExtension. The integration tests want to wait until the tailscaled instances that they spun up are listening. They do that by dialing the new instance. But when that dial failed, it was falling back to IPNExtension, so it appeared (incorrectly) that tailscaled was running. Hilarity predictably ensued. If a user (or a test) explicitly provides a socket to dial, it is a reasonable assumption that they have a specific tailscaled in mind and don't want to fall back to IPNExtension. It is certainly true of the integration tests. Instead of adding a bool to Connect, split out the notion of a connection strategy. For now, the implementation remains the same, but with the details hidden a bit. Later, we can improve that. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	39ffa16853	net/dnscache, net/tsdial: add DNS caching to tsdial UserDial This is enough to handle the DNS queries as generated by Go's net package (which our HTTP/SOCKS client uses), and the responses generated by the ExitDNS DoH server. This isn't yet suitable for putting on 100.100.100.100 where a number of different DNS clients would hit it, as this doesn't yet do EDNS0. It might work, but it's untested and likely incomplete. Likewise, this doesn't handle anything about truncation, as the exchanges are entirely in memory between Go or DoH. That would also need to be handled later, if/when it's hooked up to 100.100.100.100. Updates #3507 Change-Id: I1736b0ad31eea85ea853b310c52c5e6bf65c6e2a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	c0701b130d	ipn/ipnstate, cmd/tailscale: add Online bool to tailscale status & --json Fixes #3533 Change-Id: I2f6f0d712cf3f987fba1c15be74cdb5c8d565f04 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Denton Gentry	ffb16cdffb	cmd/tailscale: add --json for up Print JSON to stdout containing everything needed for authentication. { "AuthURL": "https://login.tailscale.com/a/0123456789", "QR": "data:image/png;base64,iV...QmCC", "BackendState": "NeedsLogin" } { "BackendState": "Running" } Signed-off-by: Denton Gentry <dgentry@tailscale.com>	4 years ago
Josh Bleecher Snyder	de635ac0a8	cmd/tailscale: print more detail in connection failure error message Before: failed to connect to local tailscaled (which appears to be running). Got error: Get "http://local-tailscaled.sock/localapi/v0/status": EOF After: failed to connect to local tailscaled (which appears to be running as IPNExtension, pid 2118). Got error: Get "http://local-tailscaled.sock/localapi/v0/status": EOF This was useful just now, as it made it clear that tailscaled I thought I was connecting to might not in fact be running; there was a second tailscaled running that made the error message slightly misleading. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	003089820d	cmd/tailscale: fix setting revert checker's finding an exit node It was using the wrong prefs (intended vs current) to map the current exit node ID to an IP. Fixes #3480 Change-Id: I9f117d99a84edddb4cd1cb0df44a2f486abde6c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	03a323de4e	cmd/tailscale: don't allow setting exit node to known invalid value Fixes #3081 Change-Id: I34c378dfd51ee013c21962dbe79c49b1ba06c0c5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	a8f60cf6e8	cmd/tailscale: clarify which prefless flags don't need revert protection Fixes #3482 Change-Id: Icb51476b0d78d3758cb04df3b565e372b8289a46 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	f91481075d	cmd/tailscale: let --exit-node= take a machine name in addition to IP If you're online, let tailscale up --exit-node=NAME map NAME to its IP. We don't store the exit node name server-side in prefs, avoiding the concern raised earlier. Fixes #3062 Change-Id: Ieea5ceec1a30befc67e9d6b8a530b3cb047b6b40 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	2a95ee4680	cmd/tailscale, ipn/ipnstate: note which nodes are exit nodes in status Fixes #3446 Change-Id: Ib41d588e7fa434c02d134fa449f85b0e15083683 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	38d90fa330	net/portmapper: add clientmetrics for PCP/PMP responses Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	3181bbb8e4	cmd/tailscale: make file cp send files via tailscaled localapi So Taildrop sends work even if the local tailscaled is running in netstack mode, as it often is on Synology, etc. Updates #2179 (which is primarily about receiving, but both important) Change-Id: I9bd1afdc8d25717e0ab6802c7cf2f5e0bd89a3b2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	105c545366	cmd/tailscale/cli: don't complain about --accept-routes true->false on Synology Fixes #3176 Change-Id: I844883e741dccfa5e7771c853180e9f65fb7f7a4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago

... 4 5 6 7 8 ...

887 Commits (c0c4791ce79e0818749cad0ebfc076ffb6f4767c)