tailscale

Commit Graph

Author	SHA1	Message	Date
Andrew Dunham	c1c50cfcc0	util/cloudenv: add support for DigitalOcean Updates #4984 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ib229eb40af36a80e6b0fd1dd0cabb07f0d50a7d1	4 months ago
Percy Wegmann	55b372a79f	tailscaled: revert to using pointers for subcommands As part of #10631, we stopped using function pointers for subcommands, preventing us from registering platform-specific installSystemDaemon and uninstallSystemDaemon subcommands. Fixes #11099 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago
Percy Wegmann	87154a2f88	tailfs: fix startup issues on windows Starts TailFS for Windows too, initializes shares on startup. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago
Percy Wegmann	ddcffaef7a	tailfs: disable TailFSForLocal via policy Adds support for node attribute tailfs:access. If this attribute is not present, Tailscale will not accept connections to the local TailFS server at 100.100.100.100:8080. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago
Percy Wegmann	abab0d4197	tailfs: clean up naming and package structure - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago
dependabot[bot]	79b547804b	build(deps-dev): bump vite from 4.4.9 to 4.5.2 in /client/web Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 4.4.9 to 4.5.2. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v4.5.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v4.5.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>	4 months ago
James Tucker	24bac27632	util/rands: add Shuffle and Perm functions with on-stack RNG state The new math/rand/v2 package includes an m-local global random number generator that can not be reseeded by the user, which is suitable for most uses without the RNG pools we have in a number of areas of the code base. The new API still does not have an allocation-free way of performing a seeded operations, due to the long term compiler bug around interface parameter escapes, and the Source interface. This change introduces the two APIs that math/rand/v2 can not yet replace efficiently: seeded Perm() and Shuffle() operations. This implementation chooses to use the PCG random source from math/rand/v2, as with sufficient compiler optimization, this source should boil down to only two on-stack registers for random state under ideal conditions. Updates #17243 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
Sonia Appasamy	2bb837a9cf	client/web: only check policy caps for tagged nodes For user-owned nodes, only the owner is ever allowed to manage the node. Updates tailscale/corp#16695 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	4 months ago
Andrew Dunham	6f6383f69e	.github: fuzzing is now unbroken Updates #cleanup Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I10dca601c79411b412180a46b3f82136e40544b0	4 months ago
Keisuke Umegaki	7039c06d9b	fix toolchain not available error (#11083 ) Relates to golang/go#62278 Updates #11058 Signed-off-by: keisku <keisuke.umegaki.630@gmail.com>	4 months ago
Patrick O'Doherty	7c52b27daf	Revert "tsweb: update ServeMux matching to 1.22.0 syntax (#11087 )" (#11089 ) This reverts commit `291f91d164`. Updates #cleanup This PR needs additional changes to the registration of child handlers under /debug Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	4 months ago
Patrick O'Doherty	291f91d164	tsweb: update ServeMux matching to 1.22.0 syntax (#11087 ) Updates #cleanup Go 1.22.0 introduced the ability to use more expressive routing patterns that include HTTP method when constructing ServeMux entries. Applications that attempted to use these patterns in combination with the old `tsweb.Debugger` would experience a panic as Go would not permit the use of matching rules with mixed level of specificity. Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>	4 months ago
Jenny Zhang	c446451bfa	cmd/gitops-pusher: only use OAuth creds if non-empty string `os.LookupEnv` may return true if the variable is present in the environment but an empty string. We should only attempt to set OAuth Config if thsoe values are non-empty. Updates gitops-acl-action#33 Signed-off-by: Jenny Zhang <jz@tailscale.com>	4 months ago
Percy Wegmann	993acf4475	tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago
Joe Tsai	2e404b769d	all: use new AppendEncode methods available in Go 1.22 (#11079 ) Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
Joe Tsai	94a4f701c2	all: use reflect.TypeFor now available in Go 1.22 (#11078 ) Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
Joe Tsai	efddad7d7d	util/deephash: cleanup TODO in TestHash (#11080 ) Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
Charlotte Brandhorst-Satzkorn	0f042b9814	cmd/tailscale/cli: fix exit node status output (#11076 ) This change fixes the format of tailscale status output when location based exit nodes are present. Fixes #11065 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	4 months ago
Andrea Gottardo	6c79f55d48	ipnlocal: force-regen new authURL when it is too old (#10971 ) Fixes tailscale/support-escalations#23. authURLs returned by control expire after 1 hour from creation. Customer reported that the Tailscale client on macOS would sending users to a stale authentication page when clicking on the `Login...` menu item. This can happen when clicking on Login after leaving the device unattended for several days. The device key expires, leading to the creation of a new authURL, however the client doesn't keep track of when the authURL was created. Meaning that `login-interactive` would send the user to an authURL that had expired server-side a long time before. This PR ensures that whenever `login-interactive` is called via LocalAPI, an authURL that is too old won't be used. We force control to give us a new authURL whenever it's been more than 30 minutes since the last authURL was sent down from control. Apply suggestions from code review Set interval to 6 days and 23 hours Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	4 months ago
Sonia Appasamy	1217f655c0	cmd/dist: update logs for synology builds Update logs for synology builds to more clearly callout which variant is being built. The two existing variants are: 1. Sideloaded (can be manual installed on a device by anyone) 2. Package center distribution (by the tailscale team) Updates #cleanup Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	4 months ago
OSS Updater	664b861cd4	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	4 months ago
Will Norris	6f0c5e0c05	client/web: use smart quotes in web UI frontend add the curly-quotes eslint plugin (same that we use for the admin panel), and fix existing straight quotes in the current web UI. Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	4 months ago
Will Norris	128c99d4ae	client/web: add new readonly mode The new read-only mode is only accessible when running `tailscale web` by passing a new `-readonly` flag. This new mode is identical to the existing login mode with two exceptions: - the management client in tailscaled is not started (though if it is already running, it is left alone) - the client does not prompt the user to login or switch to the management client. Instead, a message is shown instructing the user to use other means to manage the device. Updates #10979 Signed-off-by: Will Norris <will@tailscale.com>	4 months ago
License Updater	9f0eaa4464	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	4 months ago
License Updater	78f257d9f8	licenses: update android licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	4 months ago
License Updater	5486d8aaf9	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	4 months ago
Irbe Krumina	a6cc2fdc3e	cmd/{containerboot,k8s-operator/deploy/manifests}: optionally allow proxying cluster traffic to a cluster target via ingress proxy (#11036 ) * cmd/containerboot,cmd/k8s-operator/deploy/manifests: optionally forward cluster traffic via ingress proxy. If a tailscale Ingress has tailscale.com/experimental-forward-cluster-traffic-via-ingress annotation, configure the associated ingress proxy to have its tailscale serve proxy to listen on Pod's IP address. This ensures that cluster traffic too can be forwarded via this proxy to the ingress backend(s). In containerboot, if EXPERIMENTAL_PROXY_CLUSTER_TRAFFIC_VIA_INGRESS is set to true and the node is Kubernetes operator ingress proxy configured via Ingress, make sure that traffic from within the cluster can be proxied to the ingress target. Updates tailscale/tailscale#10499 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	4 months ago
Flakes Updater	2404b1444e	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	4 months ago
Brad Fitzpatrick	c424e192c0	.github/workflows: temporarily disable broken oss-fuzz action Updates #11064 Updates #11058 Change-Id: I63acc13dece3379a0b2df573afecfd245b7cd6c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Brad Fitzpatrick	2bd3c1474b	util/cmpx: delete now that we're using Go 1.22 Updates #11058 Change-Id: I09dea8e86f03ec148b715efca339eab8b1f0f644 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Brad Fitzpatrick	5ea071186e	Dockerfile: use Go 1.22 Updates #11058 Change-Id: I0f63be498be33d71bd90b7956f9fe9666fd7a696 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Brad Fitzpatrick	9612001cf4	.github/workflows: update golangci-lint for Go 1.22 Updates #11058 Change-Id: I3785c1f1bea4a4663e7e5fb6d209d3caedae436d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Brad Fitzpatrick	b6153efb7d	go.mod, README.md: use Go 1.22 Updates #11058 Change-Id: I95eecdc7afe2b5f8189016fdb8a773f78e9f5c42 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Tom DNetto	653721541c	tsweb: normalize passkey identities in bucketed stats Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: corp#17075	4 months ago
Tom DNetto	8d6d9d28ba	tsweb: normalize common StableID's in bucketed stats, export as LabelMap Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: corp#17075	4 months ago
James Tucker	e0762fe331	words: add a list of things you should yahoo! Updates #self Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
James Tucker	0b16620b80	.github/workflows: add privileged tests workflow We had missed regressions from privileged tests not running, now they can run. Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
James Tucker	0f5e031133	appc: optimize dns response observation for large route tables Advertise DNS discovered addresses as a single preference update rather than one at a time. Sort the list of observed addresses and use binary search to consult the list. Updates tailscale/corp#16636 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
Andrew Lytvynov	db3776d5bf	go.toolchain.rev: bump to Go 1.22.0 (#11055 ) Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	4 months ago
Tom DNetto	af931dcccd	tsweb: replace domains/emails in paths when bucketing stats Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: corp#17075	4 months ago
Tom DNetto	36efc50817	tsweb: implementing bucketed statistics for started/finished counts Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: corp#17075	4 months ago
Maisem Ali	b752bde280	types/views: add SliceMapKey[T] views.Slice are meant to be immutable, and if used as such it is at times desirable to use them as a key in a map. For non-viewed slices it was kinda doable by creating a custom key struct but views.Slice didn't allow for the same so add a method to create that struct here. Updates tailscale/corp#17122 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 months ago
kari-ts	5595b61b96	ipn/localapi: more http status cleanup (#10995 ) Use Http.StatusOk instead of 200 Updates #cleanup	4 months ago
Chris Palmer	a633a30711	cmd/hello: link to the Hello KB article (#11022 ) Fixes https://github.com/tailscale/corp/issues/17104 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	4 months ago
Joe Tsai	60657ac83f	util/deephash: tighten up SelfHasher API (#11012 ) Providing a hash.Block512 is an implementation detail of how deephash works today, but providing an opaque type with mostly equivalent API (i.e., HashUint8, HashBytes, etc. methods) is still sensible. Thus, define a public Hasher type that exposes exactly the API that an implementation of SelfHasher would want to call. This gives us freedom to change the hashing algorithm of deephash at some point in the future. Also, this type is likely going to be called by types that are going to memoize their own hash results, we additionally add a HashSum method to simplify this use case. Add documentation to SelfHasher on how a type might implement it. Updates: corp#16409 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
Joe Tsai	84f8311bcd	util/deephash: document pathological deephash behavior (#11010 ) Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
James Tucker	ba70cbb930	ipn/ipnlocal: fix app connector route advertisements on exit nodes If an app connector is also configured as an exit node, it should still advertise discovered routes that are not covered by advertised routes, excluding the exit node routes. Updates tailscale/corp#16928 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
James Tucker	e1a4b89dbe	appc,ipn/ipnlocal: add app connector routes if any part of a CNAME chain is routed If any domain along a CNAME chain matches any of the routed domains, add routes for the discovered domains. Fixes tailscale/corp#16928 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
Tom DNetto	2aeef4e610	util/deephash: implement SelfHasher to allow types to hash themselves Updates: corp#16409 Signed-off-by: Tom DNetto <tom@tailscale.com>	4 months ago
James Tucker	b4b2ec7801	ipn/ipnlocal: fix pretty printing of multi-record peer DNS results The API on the DNS record parser is slightly subtle and requires explicit handling of unhandled records. Failure to advance previously resulted in an infinite loop in the pretty responder for any reply that contains a record other than A/AAAA/TXT. Updates tailscale/corp#16928 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago

1 2 3 4 5 ...

7131 Commits (c1c50cfcc047c65dbf230bf463d47a806d2f2210) All Branches Search

7131 Commits (c1c50cfcc047c65dbf230bf463d47a806d2f2210)

All Branches