777 Commits (c2f37c891c6c6c37c1320ad7edf77f94292c4fb5)

Author	SHA1	Message	Date
Jonathan Nobels	52710945f5	control/controlclient, ipn: add client audit logging (#14950) ... updates tailscale/corp#26435 Adds client support for sending audit logs to control via /machine/audit-log. Specifically implements audit logging for user initiated disconnections. This will require further work to optimize the peristant storage and exclusion via build tags for mobile: tailscale/corp#27011 tailscale/corp#27012 Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	9 months ago
Brad Fitzpatrick	836c01258d	go.toolchain.branch: update to Go 1.24 (#15016) ... * go.toolchain.branch: update to Go 1.24 Updates #15015 Change-Id: I29c934ec17e60c3ac3264f30fbbe68fc21422f4d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> * cmd/testwrapper: fix for go1.24 Updates #15015 Signed-off-by: Paul Scott <paul@tailscale.com> * go.mod,Dockerfile: bump to Go 1.24 Also bump golangci-lint to a version that was built with 1.24 Updates #15015 Signed-off-by: Andrew Lytvynov <awly@tailscale.com> --------- Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Paul Scott <paul@tailscale.com> Signed-off-by: Andrew Lytvynov <awly@tailscale.com> Co-authored-by: Paul Scott <paul@tailscale.com> Co-authored-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Nick Khyl	6df5c8f32e	various: keep tailscale connected when Always On mode is enabled on Windows ... In this PR, we enable the registration of LocalBackend extensions to exclude code specific to certain platforms or environments. We then introduce desktopSessionsExt, which is included only in Windows builds and only if the ts_omit_desktop_sessions tag is disabled for the build. This extension tracks desktop sessions and switches to (or remains on) the appropriate profile when a user signs in or out, locks their screen, or disconnects a remote session. As desktopSessionsExt requires an ipn/desktop.SessionManager, we register it with tsd.System for the tailscaled subprocess on Windows. We also fix a bug in the sessionWatcher implementation where it attempts to close a nil channel on stop. Updates #14823 Updates tailscale/corp#26247 Signed-off-by: Nick Khyl <nickk@tailscale.com>	10 months ago
James Tucker	f2f7fd12eb	go.mod: bump bart ... Bart has had some substantial improvements in internal representation, update functions, and other optimizations to reduce memory usage and improve runtime performance. Updates tailscale/corp#26353 Signed-off-by: James Tucker <james@tailscale.com>	10 months ago
Anton	f35c49d211	net/dns: update to illarion/gonotify/v3 to fix a panic ... Fixes #14699 Signed-off-by: Anton <anton@tailscale.com>	10 months ago
Brad Fitzpatrick	27f8e2e31d	go.mod: bump x/* deps ... Notably, this pulls in https://go.googlesource.com/net/+/2dab271ff1b7396498746703d88fefcddcc5cec7 for golang/go#71557. Updates #8043 Change-Id: I3637dbf27b90423dd4d54d147f12688b51f3ce36 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
James Tucker	e113b106a6	go.mod,wgengine/netstack: use cubic congestion control, bump gvisor ... Cubic performs better than Reno in higher BDP scenarios, and enables the use of the hystart++ implementation contributed by Coder. This improves throughput on higher BDP links with a much faster ramp. gVisor is bumped as well for some fixes related to send queue processing and RTT tracking. Updates #9707 Updates #10408 Updates #12393 Updates tailscale/corp#24483 Updates tailscale/corp#25169 Signed-off-by: James Tucker <james@tailscale.com>	10 months ago
Brad Fitzpatrick	05ac21ebe4	all: use new LocalAPI client package location ... It was moved in f57fa3cbc3. Updates tailscale/corp#22748 Change-Id: I19f965e6bded1d4c919310aa5b864f2de0cd6220 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Percy Wegmann	f57fa3cbc3	client,localclient: move localclient.go to client/local package ... Updates tailscale/corp#22748 Signed-off-by: Percy Wegmann <percy@tailscale.com>	10 months ago
Mike O'Driscoll	d5316a4fbb	cmd/derper: add setec secret support (#14890) ... Add setec secret support for derper. Support dev mode via env var, and setec via secrets URL. For backwards compatibility use setec load from file also. Updates tailscale/corp#25756 Signed-off-by: Mike O'Driscoll <mikeo@tailscale.com>	10 months ago
Percy Wegmann	2e95313b8b	ssh,tempfork/gliderlabs/ssh: replace github.com/tailscale/golang-x-crypto/ssh with golang.org/x/crypto/ssh ... The upstream crypto package now supports sending banners at any time during authentication, so the Tailscale fork of crypto/ssh is no longer necessary. github.com/tailscale/golang-x-crypto is still needed for some custom ACME autocert functionality. tempfork/gliderlabs is still necessary because of a few other customizations, mostly related to TTY handling. Originally implemented in 46fd4e58a2, which was reverted in b60f6b849a to keep the change out of v1.80. Updates #8593 Signed-off-by: Percy Wegmann <percy@tailscale.com>	10 months ago
Percy Wegmann	b60f6b849a	Revert "ssh,tempfork/gliderlabs/ssh: replace github.com/tailscale/golang-x-crypto/ssh with golang.org/x/crypto/ssh" ... This reverts commit 46fd4e58a2. We don't want to include this in 1.80 yet, but can add it back post 1.80. Updates #8593 Signed-off-by: Percy Wegmann <percy@tailscale.com>	10 months ago
Percy Wegmann	46fd4e58a2	ssh,tempfork/gliderlabs/ssh: replace github.com/tailscale/golang-x-crypto/ssh with golang.org/x/crypto/ssh ... The upstream crypto package now supports sending banners at any time during authentication, so the Tailscale fork of crypto/ssh is no longer necessary. github.com/tailscale/golang-x-crypto is still needed for some custom ACME autocert functionality. tempfork/gliderlabs is still necessary because of a few other customizations, mostly related to TTY handling. Updates #8593 Signed-off-by: Percy Wegmann <percy@tailscale.com>	10 months ago
Brad Fitzpatrick	2691b9f6be	tempfork/acme: add new package for x/crypto package acme fork, move ... We've been maintaining temporary dev forks of golang.org/x/crypto/{acme,ssh} in https://github.com/tailscale/golang-x-crypto instead of using this repo's tempfork directory as we do with other packages. The reason we were doing that was because x/crypto/ssh depended on x/crypto/ssh/internal/poly1305 and I hadn't noticed there are forwarding wrappers already available in x/crypto/poly1305. It also depended internal/bcrypt_pbkdf but we don't use that so it's easy to just delete that calling code in our tempfork/ssh. Now that our SSH changes have been upstreamed, we can soon unfork from SSH. That leaves ACME remaining. This change copies our tailscale/golang-x-crypto/acme code to tempfork/acme but adds a test that our vendored copied still matches our tailscale/golang-x-crypto repo, where we can continue to do development work and rebases with upstream. A comment on the new test describes the expected workflow. While we could continue to just import & use tailscale/golang-x-crypto/acme, it seems a bit nicer to not have that entire-fork-of-x-crypto visible at all in our transitive deps and the questions that invites. Showing just a fork of an ACME client is much less scary. It does add a step to the process of hacking on the ACME client code, but we do that approximately never anyway, and the extra step is very incremental compared to the existing tedious steps. Updates #8593 Updates #10238 Change-Id: I8af4378c04c1f82e63d31bf4d16dba9f510f9199 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Brad Fitzpatrick	bce05ec6c3	control/controlclient,tempfork/httprec: don't link httptest, test certs for c2n ... The c2n handling code was using the Go httptest package's ResponseRecorder code but that's in a test package which brings in Go's test certs, etc. This forks the httptest recorder type into its own package that only has the recorder and adds a test that we don't re-introduce a dependency on httptest. Updates #12614 Change-Id: I3546f49972981e21813ece9064cc2be0b74f4b16 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Brad Fitzpatrick	8c925899e1	go.mod: bump depaware, add --internal flag to stop hiding internal packages ... The hiding of internal packages has hidden things I wanted to see a few times now. Stop hiding them. This makes depaware.txt output a bit longer, but not too much. Plus we only really look at it with diffs & greps anyway; it's not like anybody reads the whole thing. Updates #12614 Change-Id: I868c89eeeddcaaab63e82371651003629bc9bda8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Brad Fitzpatrick	68a66ee81b	feature/capture: move packet capture to feature/*, out of iOS + CLI ... We had the debug packet capture code + Lua dissector in the CLI + the iOS app. Now we don't, with tests to lock it in. As a bonus, tailscale.com/net/packet and tailscale.com/net/flowtrack no longer appear in the CLI's binary either. A new build tag ts_omit_capture disables the packet capture code and was added to build_dist.sh's --extra-small mode. Updates #12614 Change-Id: I79b0628c0d59911bd4d510c732284d97b0160f10 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Nick Khyl	f0db47338e	cmd/tailscaled,util/syspolicy/source,util/winutil/gp: disallow acquiring the GP lock during service startup ... In v1.78, we started acquiring the GP lock when reading policy settings. This led to a deadlock during Tailscale installation via Group Policy Software Installation because the GP engine holds the write lock for the duration of policy processing, which in turn waits for the installation to complete, which in turn waits for the service to enter the running state. In this PR, we prevent the acquisition of GP locks (aka EnterCriticalPolicySection) during service startup and update the Windows Registry-based util/syspolicy/source.PlatformPolicyStore to handle this failure gracefully. The GP lock is somewhat optional; it’s safe to read policy settings without it, but acquiring the lock is recommended when reading multiple values to prevent the Group Policy engine from modifying settings mid-read and to avoid inconsistent results. Fixes #14416 Signed-off-by: Nick Khyl <nickk@tailscale.com>	10 months ago
Brad Fitzpatrick	d6abbc2e61	net/tstun: move TAP support out to separate package feature/tap ... Still behind the same ts_omit_tap build tag. See #14738 for background on the pattern. Updates #12614 Change-Id: I03fb3d2bf137111e727415bd8e713d8568156ecc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Brad Fitzpatrick	1562a6f2f2	feature/*: make Wake-on-LAN conditional, start supporting modular features ... This pulls out the Wake-on-LAN (WoL) code out into its own package (feature/wakeonlan) that registers itself with various new hooks around tailscaled. Then a new build tag (ts_omit_wakeonlan) causes the package to not even be linked in the binary. Ohter new packages include: * feature: to just record which features are loaded. Future: dependencies between features. * feature/condregister: the package with all the build tags that tailscaled, tsnet, and the Tailscale Xcode project extension can empty (underscore) import to load features as a function of the defined build tags. Future commits will move of our "ts_omit_foo" build tags into this style. Updates #12614 Change-Id: I9c5378dafb1113b62b816aabef02714db3fc9c4a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	10 months ago
Brad Fitzpatrick	150cd30b1d	ipn/ipnlocal: also use LetsEncrypt-baked-in roots for cert validation ... We previously baked in the LetsEncrypt x509 root CA for our tlsdial package. This moves that out into a new "bakedroots" package and is now also shared by ipn/ipnlocal's cert validation code (validCertPEM) that decides whether it's time to fetch a new cert. Otherwise, a machine without LetsEncrypt roots locally in its system roots is unable to use tailscale cert/serve and fetch certs. Fixes #14690 Change-Id: Ic88b3bdaabe25d56b9ff07ada56a27e3f11d7159 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	d8b00e39ef	cmd/tailscaled: add some more depchecker dep tests ... As we look to add github.com/prometheus/client_golang/prometheus to more parts of the codebase, lock in that we don't use it in tailscaled, primarily for binary size reasons. Updates #12614 Change-Id: I03c100d12a05019a22bdc23ce5c4df63d5a03ec6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Aaron Klotz	fcf90260ce	atomicfile: use ReplaceFile on Windows so that attributes and ACLs are preserved ... I moved the actual rename into separate, GOOS-specific files. On non-Windows, we do a simple os.Rename. On Windows, we first try ReplaceFile with a fallback to os.Rename if the target file does not exist. ReplaceFile is the recommended way to rename the file in this use case, as it preserves attributes and ACLs set on the target file. Updates #14428 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	11 months ago
Brad Fitzpatrick	414a01126a	go.mod: bump mdlayher/netlink and u-root/uio to use Go 1.21 NativeEndian ... This finishes the work started in #14616. Updates #8632 Change-Id: I4dc07d45b1e00c3db32217c03b21b8b1ec19e782 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	69b90742fe	util/uniq,types/lazy,*: delete code that's now in Go std ... sync.OnceValue and slices.Compact were both added in Go 1.21. cmp.Or was added in Go 1.22. Updates #8632 Updates #11058 Change-Id: I89ba4c404f40188e1f8a9566c8aaa049be377754 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Nahum Shalman	9373a1b902	all: illumos/solaris userspace only support ... Updates #14565 Change-Id: I743148144938794db0a224873ce76c10dbe6fa5f Signed-off-by: Nahum Shalman <nahamu@gmail.com>	11 months ago
Brad Fitzpatrick	1e2e319e7d	util/slicesx: add MapKeys and MapValues from golang.org/x/exp/maps ... Importing the ~deprecated golang.org/x/exp/maps as "xmaps" to not shadow the std "maps" was getting ugly. And using slices.Collect on an iterator is verbose & allocates more. So copy (x)maps.Keys+Values into our slicesx package instead. Updates #cleanup Updates #12912 Updates #14514 (pulled out of that change) Change-Id: I5e68d12729934de93cf4a9cd87c367645f86123a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
James Tucker	aa04f61d5e	net/netcheck: adjust HTTPS latency check to connection time and avoid data race ... The go-httpstat package has a data race when used with connections that are performing happy-eyeballs connection setups as we are in the DERP client. There is a long-stale PR upstream to address this, however revisiting the purpose of this code suggests we don't really need httpstat here. The code populates a latency table that may be used to compare to STUN latency, which is a lightweight RTT check. Switching out the reported timing here to simply the request HTTP request RTT avoids the problematic package. Fixes tailscale/corp#25095 Signed-off-by: James Tucker <james@tailscale.com>	12 months ago
Nick Khyl	7c8f663d70	cmd/tailscaled: log SCM interactions if the policy setting is enabled at the time of interaction ... This updates the syspolicy.LogSCMInteractions check to run at the time of an interaction, just before logging a message, instead of during service startup. This ensures the most recent policy setting is used if it has changed since the service started. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	50bf32a0ba	cmd/tailscaled: flush DNS if FlushDNSOnSessionUnlock is true upon receiving a session change notification ... In this PR, we move the syspolicy.FlushDNSOnSessionUnlock check from service startup to when a session change notification is received. This ensures that the most recent policy setting value is used if it has changed since the service started. We also plan to handle session change notifications for unrelated reasons and need to decouple notification subscriptions from DNS anyway. Updates #12687 Updates tailscale/corp#18342 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Brad Fitzpatrick	020cacbe70	derp/derphttp: don't link websockets other than on GOOS=js ... Or unless the new "ts_debug_websockets" build tag is set. Updates #1278 Change-Id: Ic4c4f81c1924250efd025b055585faec37a5491d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	c3306bfd15	control/controlhttp/controlhttpserver: split out Accept to its own package ... Otherwise all the clients only using control/controlhttp for the ts2021 HTTP client were also pulling in WebSocket libraries, as the server side always needs to speak websockets, but only GOOS=js clients speak it. This doesn't yet totally remove the websocket dependency on Linux because Linux has a envknob opt-in to act like GOOS=js for manual testing and force the use of WebSockets for DERP only (not control). We can put that behind a build tag in a future change to eliminate the dep on all GOOSes. Updates #1278 Change-Id: I4f60508f4cad52bf8c8943c8851ecee506b7ebc9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	23880eb5b0	cmd/tailscaled: support "ts_omit_ssh" build tag to remove SSH ... Some environments would like to remove Tailscale SSH support for the binary for various reasons when not needed (either for peace of mind, or the ~1MB of binary space savings). Updates tailscale/corp#24454 Updates #1278 Updates #12614 Change-Id: Iadd6c5a393992c254b5dc9aa9a526916f96fd07a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	01185e436f	types/result, util/lineiter: add package for a result type, use it ... This adds a new generic result type (motivated by golang/go#70084) to try it out, and uses it in the new lineutil package (replacing the old lineread package), changing that package to return iterators: sometimes over []byte (when the input is all in memory), but sometimes iterators over results of []byte, if errors might happen at runtime. Updates #12912 Updates golang/go#70084 Change-Id: Iacdc1070e661b5fb163907b1e8b07ac7d51d3f83 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	634cc2ba4a	wgengine/netstack: remove unused taildrive deps ... A filesystem was plumbed into netstack in 993acf4475 but hasn't been used since 2d5d6f5403. Remove it. Noticed while rebasing a Tailscale fork elsewhere. Updates tailscale/corp#16827 Change-Id: Ib76deeda205ffe912b77a59b9d22853ebff42813 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Nick Khyl	3f626c0d77	cmd/tailscale/cli, client/tailscale, ipn/localapi: add tailscale syspolicy {list,reload} commands ... In this PR, we add the tailscale syspolicy command with two subcommands: list, which displays policy settings, and reload, which forces a reload of those settings. We also update the LocalAPI and LocalClient to facilitate these additions. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	e815ae0ec4	util/syspolicy, ipn/ipnlocal: update syspolicy package to utilize syspolicy/rsop ... In this PR, we update the syspolicy package to utilize syspolicy/rsop under the hood, and remove syspolicy.CachingHandler, syspolicy.windowsHandler and related code which is no longer used. We mark the syspolicy.Handler interface and RegisterHandler/SetHandlerForTest functions as deprecated, but keep them temporarily until they are no longer used in other repos. We also update the package to register setting definitions for all existing policy settings and to register the Registry-based, Windows-specific policy stores when running on Windows. Finally, we update existing internal and external tests to use the new API and add a few more tests and benchmarks. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Maisem Ali	d4d21a0bbf	net/tstun: restore tap mode functionality ... It had bit-rotted likely during the transition to vector io in 76389d8baf. Tested on Ubuntu 24.04 by creating a netns and doing the DHCP dance to get an IP. Updates #2589 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Andrea Gottardo	fd77965f23	net/tlsdial: call out firewalls blocking Tailscale in health warnings (#13840) ... Updates tailscale/tailscale#13839 Adds a new blockblame package which can detect common MITM SSL certificates used by network appliances. We use this in `tlsdial` to display a dedicated health warning when we cannot connect to control, and a network appliance MITM attack is detected. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	1 year ago
Mario Minardi	d32d742af0	ipn/ipnlocal: error when trying to use exit node on unsupported platform (#13726) ... Adds logic to `checkExitNodePrefsLocked` to return an error when attempting to use exit nodes on a platform where this is not supported. This mirrors logic that was added to error out when trying to use `ssh` on an unsupported platform, and has very similar semantics. Fixes https://github.com/tailscale/tailscale/issues/13724 Signed-off-by: Mario Minardi <mario@tailscale.com>	1 year ago
Brad Fitzpatrick	1938685d39	clientupdate: don't link distsign on platforms that don't download ... Updates tailscale/corp#20099 Change-Id: Ie3b782379b19d5f7890a8d3a378096b4f3e8a612 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	2531065d10	clientupdate, ipn/localapi: don't use google/uuid, thin iOS deps ... We were using google/uuid in two places and that brought in database/sql/driver. We didn't need it in either place. Updates #13760 Updates tailscale/corp#20099 Change-Id: Ieed32f1bebe35d35f47ec5a2a429268f24f11f1f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Nick Khyl	da40609abd	util/syspolicy, ipn: add "tailscale debug component-logs" support ... Fixes #13313 Fixes #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Kristoffer Dalby	0e0e53d3b3	util/usermetrics: make usermetrics non-global ... this commit changes usermetrics to be non-global, this is a building block for correct metrics if a go process runs multiple tsnets or in tests. Updates #13420 Updates tailscale/corp#22075 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	1 year ago
Irbe Krumina	209567e7a0	kube,cmd/{k8s-operator,containerboot},envknob,ipn/store/kubestore,*/depaware.txt: rename packages (#13418) ... Rename kube/{types,client,api} -> kube/{kubetypes,kubeclient,kubeapi} so that we don't need to rename the package on each import to convey that it's kubernetes specific. Updates#cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Irbe Krumina	d6dfb7f242	kube,cmd/{k8s-operator,containerboot},envknob,ipn/store/kubestore,*/depaware.txt: split out kube types (#13417) ... Further split kube package into kube/{client,api,types}. This is so that consumers who only need constants/static types don't have to import the client and api bits. Updates#cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Irbe Krumina	ecd64f6ed9	cmd/k8s-operator,kube: set app name for Kubernetes Operator proxies (#13410) ... Updates tailscale/corp#22920 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Andrew Dunham	1c972bc7cb	wgengine/magicsock: actually use AF_PACKET socket for raw disco ... Previously, despite what the commit said, we were using a raw IP socket that was *not* an AF_PACKET socket, and thus was subject to the host firewall rules. Switch to using a real AF_PACKET socket to actually get the functionality we want. Updates #13140 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: If657daeeda9ab8d967e75a4f049c66e2bca54b78	1 year ago
Nick Khyl	961ee321e8	ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend ... Currently, we use PermitRead/PermitWrite/PermitCert permission flags to determine which operations are allowed for a LocalAPI client. These checks are performed when localapi.Handler handles a request. Additionally, certain operations (e.g., changing the serve config) requires the connected user to be a local admin. This approach is inherently racey and is subject to TOCTOU issues. We consider it to be more critical on Windows environments, which are inherently multi-user, and therefore we prevent more than one OS user from connecting and utilizing the LocalBackend at the same time. However, the same type of issues is also applicable to other platforms when switching between profiles that have different OperatorUser values in ipn.Prefs. We'd like to allow more than one Windows user to connect, but limit what they can see and do based on their access rights on the device (e.g., an local admin or not) and to the currently active LoginProfile (e.g., owner/operator or not), while preventing TOCTOU issues on Windows and other platforms. Therefore, we'd like to pass an actor from the LocalAPI to the LocalBackend to represent the user performing the operation. The LocalBackend, or the profileManager down the line, will then check the actor's access rights to perform a given operation on the device and against the current (and/or the target) profile. This PR does not change the current permission model in any way, but it introduces the concept of an actor and includes some preparatory work to pass it around. Temporarily, the ipnauth.Actor interface has methods like IsLocalSystem and IsLocalAdmin, which are only relevant to the current permission model. It also lacks methods that will actually be used in the new model. We'll be adding these gradually in the next PRs and removing the deprecated methods and the Permit* flags at the end of the transition. Updates tailscale/corp#18342 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Kristoffer Dalby	a2c42d3cd4	usermetric: add initial user-facing metrics ... This commit adds a new usermetric package and wires up metrics across the tailscale client. Updates tailscale/corp#22075 Co-authored-by: Anton Tolchanov <anton@tailscale.com> Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	1 year ago
Percy Wegmann	d00d6d6dc2	go.mod: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink ... After the upstream PR is merged, we can point directly at github.com/vishvananda/netlink and retire github.com/tailscale/netlink. See https://github.com/vishvananda/netlink/pull/1006 Updates #12298 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 year ago
Ilarion Kovalchuk	0cb7eb9b75	net/dns: updated gonotify dependency to v2 that supports closable context ... Signed-off-by: Ilarion Kovalchuk <illarion.kovalchuk@gmail.com>	1 year ago
Brad Fitzpatrick	696711cc17	all: switch to and require Go 1.23 ... Updates #12912 Change-Id: Ib4ae26eb5fb68ad2216cab4913811b94f7eed5b6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Jordan Whited	df6014f1d7	net/tstun,wgengine{/netstack/gro}: refactor and re-enable gVisor GRO for Linux (#13172) ... In 2f27319baf we disabled GRO due to a data race around concurrent calls to tstun.Wrapper.Write(). This commit refactors GRO to be thread-safe, and re-enables it on Linux. This refactor now carries a GRO type across tstun and netstack APIs with a lifetime that is scoped to a single tstun.Wrapper.Write() call. In 25f0a3fc8f we used build tags to prevent importation of gVisor's GRO package on iOS as at the time we believed it was contributing to additional memory usage on that platform. It wasn't, so this commit simplifies and removes those build tags. Updates tailscale/corp#22353 Updates tailscale/corp#22125 Updates #6816 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
tomholford	16bb541adb	wgengine/magicsock: replace deprecated poly1305 (#13184) ... Signed-off-by: tomholford <tomholford@users.noreply.github.com>	1 year ago
Kyle Carberry	6c852fa817	go.{mod,sum}: migrate from nhooyr.io/websocket to github.com/coder/websocket ... Coder has just adopted nhooyr/websocket which unfortunately changes the import path. `github.com/coder/coder` imports `tailscale.com/net/wsconn` which was still pointing to `nhooyr.io/websocket`, but this change updates it. See https://coder.com/blog/websocket Updates #13154 Change-Id: I3dec6512472b14eae337ae22c5bcc1e3758888d5 Signed-off-by: Kyle Carberry <kyle@carberry.com>	1 year ago
Brad Fitzpatrick	4c2e978f1e	cmd/tailscale/cli: support passing network lock keys via files ... Fixes tailscale/corp#22356 Change-Id: I959efae716a22bcf582c20d261fb1b57bacf6dd9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Nick Khyl	67df9abdc6	util/syspolicy/setting: add package that contains types for the next syspolicy PRs ... Package setting contains types for defining and representing policy settings. It facilitates the registration of setting definitions using Register and RegisterDefinition, and the retrieval of registered setting definitions via Definitions and DefinitionOf. This package is intended for use primarily within the syspolicy package hierarchy, and added in a preparation for the next PRs. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Brad Fitzpatrick	0686bc8b19	cmd/tailscaled: add env knob to control default verbosity ... Updates #13038 Change-Id: Ic0e6dfc7a8d127ab5ce0ae9aab9119c56e19b636 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	2e32abc3e2	cmd/tailscaled: allow setting env via linux cmdline for integration tests ... Updates #13038 Change-Id: I51e016d0eb7c14647159706c08f017fdedd68e2a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Jordan Whited	f0230ce0b5	go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GRO for Linux (#12921) ... This commit implements TCP GRO for packets being written to gVisor on Linux. Windows support will follow later. The wireguard-go dependency is updated in order to make use of newly exported IP checksum functions. gVisor is updated in order to make use of newly exported stack.PacketBuffer GRO logic. TCP throughput towards gVisor, i.e. TUN write direction, is dramatically improved as a result of this commit. Benchmarks show substantial improvement, sometimes as high as 2x. High bandwidth-delay product paths remain receive window limited, bottlenecked by gVisor's default TCP receive socket buffer size. This will be addressed in a follow-on commit. The iperf3 results below demonstrate the effect of this commit between two Linux computers with i5-12400 CPUs. There is roughly ~13us of round trip latency between them. The first result is from commit 57856fc without TCP GRO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 4.77 GBytes 4.10 Gbits/sec 20 sender [ 5] 0.00-10.00 sec 4.77 GBytes 4.10 Gbits/sec receiver The second result is from this commit with TCP GRO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 10.6 GBytes 9.14 Gbits/sec 20 sender [ 5] 0.00-10.00 sec 10.6 GBytes 9.14 Gbits/sec receiver Updates #6816 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Jordan Whited	7bc2ddaedc	go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GSO for Linux (#12869) ... This commit implements TCP GSO for packets being read from gVisor on Linux. Windows support will follow later. The wireguard-go dependency is updated in order to make use of newly exported GSO logic from its tun package. A new gVisor stack.LinkEndpoint implementation has been established (linkEndpoint) that is loosely modeled after its predecessor (channel.Endpoint). This new implementation supports GSO of monster TCP segments up to 64K in size, whereas channel.Endpoint only supports up to 32K. linkEndpoint will also be required for GRO, which will be implemented in a follow-on commit. TCP throughput from gVisor, i.e. TUN read direction, is dramatically improved as a result of this commit. Benchmarks show substantial improvement through a wide range of RTT and loss conditions, sometimes as high as 5x. The iperf3 results below demonstrate the effect of this commit between two Linux computers with i5-12400 CPUs. There is roughly ~13us of round trip latency between them. The first result is from commit 57856fc without TCP GSO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 2.51 GBytes 2.15 Gbits/sec 154 sender [ 5] 0.00-10.00 sec 2.49 GBytes 2.14 Gbits/sec receiver The second result is from this commit with TCP GSO. Starting Test: protocol: TCP, 1 streams, 131072 byte blocks - - - - - - - - - - - - - - - - - - - - - - - - - Test Complete. Summary Results: [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 12.6 GBytes 10.8 Gbits/sec 6 sender [ 5] 0.00-10.00 sec 12.6 GBytes 10.8 Gbits/sec receiver Updates #6816 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Jonathan Nobels	8a8ecac6a7	net/dns, cmd/tailscaled: plumb system health tracker into dns cleanup (#12969) ... fixes tailscale#12968 The dns manager cleanup func was getting passed a nil health tracker, which will panic. Fixed to pass it the system health tracker. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	1 year ago
Irbe Krumina	a21bf100f3	cmd/k8s-operator,k8s-operator/sessionrecording,sessionrecording,ssh/tailssh: refactor session recording functionality (#12945) ... cmd/k8s-operator,k8s-operator/sessionrecording,sessionrecording,ssh/tailssh: refactor session recording functionality Refactor SSH session recording functionality (mostly the bits related to Kubernetes API server proxy 'kubectl exec' session recording): - move the session recording bits used by both Tailscale SSH and the Kubernetes API server proxy into a shared sessionrecording package, to avoid having the operator to import ssh/tailssh - move the Kubernetes API server proxy session recording functionality into a k8s-operator/sessionrecording package, add some abstractions in preparation for adding support for a second streaming protocol (WebSockets) Updates tailscale/corp#19821 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Andrea Gottardo	90be06bd5b	health: introduce captive-portal-detected Warnable (#12707) ... Updates tailscale/tailscale#1634 This PR introduces a new `captive-portal-detected` Warnable which is set to an unhealthy state whenever a captive portal is detected on the local network, preventing Tailscale from connecting. ipn/ipnlocal: fix captive portal loop shutdown Change-Id: I7cafdbce68463a16260091bcec1741501a070c95 net/captivedetection: fix mutex misuse ipn/ipnlocal: ensure that we don't fail to start the timer Change-Id: I3e43fb19264d793e8707c5031c0898e48e3e7465 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	1 year ago
Nick Khyl	8bd442ba8c	util/winutil/gp, net/dns: add package for Group Policy API ... This adds a package with GP-related functions and types to be used in the future PRs. It also updates nrptRuleDatabase to use the new package instead of its own gpNotificationWatcher implementation. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	e21d8768f9	types/opt: add generic Value[T any] for optional values of any types ... Updates #12736 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Aaron Klotz	7dd76c3411	net/netns: add Windows support for bind-to-interface-by-route ... This is implemented via GetBestInterfaceEx. Should we encounter errors or fail to resolve a valid, non-Tailscale interface, we fall back to returning the index for the default interface instead. Fixes #12551 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Andrew Dunham	24976b5bfd	cmd/tailscale/cli: actually perform Noise request in 'debug ts2021' ... This actually performs a Noise request in the 'debug ts2021' command, instead of just exiting once we've dialed a connection. This can help debug certain forms of captive portals and deep packet inspection that will allow a connection, but will RST the connection when trying to send data on the post-upgraded TCP connection. Updates #1634 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I1e46ca9c9a0751c55f16373a6a76cdc24fec1f18	1 year ago
Brad Fitzpatrick	86e0f9b912	net/ipset, wgengine/filter/filtertype: add split-out packages ... This moves NewContainsIPFunc from tsaddr to new ipset package. And wgengine/filter types gets split into wgengine/filter/filtertype, so netmap (and thus the CLI, etc) doesn't need to bring in ipset, bart, etc. Then add a test making sure the CLI deps don't regress. Updates #1278 Change-Id: Ia246d6d9502bbefbdeacc4aef1bed9c8b24f54d5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Nick Khyl	c32efd9118	various: create a catch-all NRPT rule when "Override local DNS" is enabled on Windows ... Without this rule, Windows 8.1 and newer devices issue parallel DNS requests to DNS servers associated with all network adapters, even when "Override local DNS" is enabled and/or a Mullvad exit node is being used, resulting in DNS leaks. This also adds "disable-local-dns-override-via-nrpt" nodeAttr that can be used to disable the new behavior if needed. Fixes tailscale/corp#20718 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Aaron Klotz	bd2a6d5386	util/winutil: add UserProfile type for (un)loading user profiles ... S4U logons do not automatically load the associated user profile. In this PR we add UserProfile to handle that part. Windows docs indicate that we should try to resolve a remote profile path when present, so we attempt to do so when the local computer is joined to a domain. Updates #12383 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Aaron Klotz	3511d1f8a2	cmd/tailscaled, net/dns, wgengine/router: start Windows child processes with DETACHED_PROCESS when I/O is being piped ... When we're starting child processes on Windows that are CLI programs that don't need to output to a console, we should pass in DETACHED_PROCESS as a CreationFlag on SysProcAttr. This prevents the OS from even creating a console for the child (and paying the associated time/space penalty for new conhost processes). This is more efficient than letting the OS create the console window and then subsequently trying to hide it, which we were doing at a few callsites. Fixes #12270 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Maisem Ali	36e8e8cd64	wgengine/magicsock: use math/rands/v2 ... Updates #11058 Co-authored-by: James Tucker <james@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	4a8cb1d9f3	all: use math/rand/v2 more ... Updates #11058 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	42cfbf427c	tsnet,wgengine/netstack: add ListenPacket and tests ... This adds a new ListenPacket function on tsnet.Server which acts mostly like `net.ListenPacket`. Unlike `Server.Listen`, this requires listening on a specific IP and does not automatically listen on both V4 and V6 addresses of the Server when the IP is unspecified. To test this, it also adds UDP support to tsdial.Dialer.UserDial and plumbs it through the localapi. Then an associated test to make sure the UDP functionality works from both sides. Updates #12182 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	1ea100e2e5	cmd/tailscaled, ipn/conffile: support ec2 user-data config file ... Updates #1412 Updates #1866 Change-Id: I4d08fb233b80c2078b3b28ffc18559baabb4a081 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	9a64c06a20	all: do not depend on the testing package ... Discovered while looking for something else. Updates tailscale/corp#18935 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Andrea Gottardo	e5f67f90a2	xcode: allow ICMP ping relay on macOS + iOS platforms (#12048) ... Fixes tailscale/tailscale#10393 Fixes tailscale/corp#15412 Fixes tailscale/corp#19808 On Apple platforms, exit nodes and subnet routers have been unable to relay pings from Tailscale devices to non-Tailscale devices due to sandbox restrictions imposed on our network extensions by Apple. The sandbox prevented the code in netstack.go from spawning the `ping` process which we were using. Replace that exec call with logic to send an ICMP echo request directly, which appears to work in userspace, and not trigger a sandbox violation in the syslog. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	2 years ago
Brad Fitzpatrick	727c0d6cfd	ipn/ipnserver: close a small race in ipnserver, ~simplify code ... There was a small window in ipnserver after we assigned a LocalBackend to the ipnserver's atomic but before we Start'ed it where our initalization Start could conflict with API calls from the LocalAPI. Simplify that a bit and lay out the rules in the docs. Updates #12028 Change-Id: Ic5f5e4861e26340599184e20e308e709edec68b1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Nick Khyl	caa3d7594f	ipn/ipnlocal, net/tsdial: plumb routes into tsdial and use them in UserDial ... We'd like to use tsdial.Dialer.UserDial instead of SystemDial for DNS over TCP. This is primarily necessary to properly dial internal DNS servers accessible over Tailscale and subnet routes. However, to avoid issues when switching between Wi-Fi and cellular, we need to ensure that we don't retain connections to any external addresses on the old interface. Therefore, we need to determine which dialer to use internally based on the configured routes. This plumbs routes and localRoutes from router.Config to tsdial.Dialer, and updates UserDial to use either the peer dialer or the system dialer, depending on the network address and the configured routes. Updates tailscale/corp#18725 Fixes #4529 Signed-off-by: Nick Khyl <nickk@tailscale.com>	2 years ago
Andrew Lytvynov	ce5c80d0fe	clientupdate: exec systemctl instead of using dbus to restart (#11923) ... Shell out to "systemctl", which lets us drop an extra dependency. Updates https://github.com/tailscale/corp/issues/18935 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Brad Fitzpatrick	b9adbe2002	net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon ... In prep for most of the package funcs in net/interfaces to become methods in a long-lived netmon.Monitor that can cache things. (Many of the funcs are very heavy to call regularly, whereas the long-lived netmon.Monitor can subscribe to things from the OS and remember answers to questions it's asked regularly later) Updates tailscale/corp#10910 Updates tailscale/corp#18960 Updates #7967 Updates #3299 Change-Id: Ie4e8dedb70136af2d611b990b865a822cd1797e5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6b95219e3a	net/netmon, add: add netmon.State type alias of interfaces.State ... ... in prep for merging the net/interfaces package into net/netmon. This is a no-op change that updates a bunch of the API signatures ahead of a future change to actually move things (and remove the type alias) Updates tailscale/corp#10910 Updates tailscale/corp#18960 Updates #7967 Updates #3299 Change-Id: I477613388f09389214db0d77ccf24a65bff2199c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	3672f29a4e	net/netns, net/dns/resolver, etc: make netmon required in most places ... The goal is to move more network state accessors to netmon.Monitor where they can be cheaper/cached. But first (this change and others) we need to make sure the one netmon.Monitor is plumbed everywhere. Some notable bits: * tsdial.NewDialer is added, taking a now-required netmon * because a tsdial.Dialer always has a netmon, anything taking both a Dialer and a NetMon is now redundant; take only the Dialer and get the NetMon from that if/when needed. * netmon.NewStatic is added, primarily for tests Updates tailscale/corp#10910 Updates tailscale/corp#18960 Updates #7967 Updates #3299 Change-Id: I877f9cb87618c4eb037cee098241d18da9c01691 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	745931415c	health, all: remove health.Global, finish plumbing health.Tracker ... Updates #11874 Updates #4136 Change-Id: I414470f71d90be9889d44c3afd53956d9f26cd61 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6d69fc137f	ipn/{ipnlocal,localapi},wgengine{,/magicsock}: plumb health.Tracker ... Down to 25 health.Global users. After this remains controlclient & net/dns & wgengine/router. Updates #11874 Updates #4136 Change-Id: I6dd1856e3d9bf523bdd44b60fb3b8f7501d5dc0d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	723c775dbb	tsd, ipnlocal, etc: add tsd.System.HealthTracker, start some plumbing ... This adds a health.Tracker to tsd.System, accessible via a new tsd.System.HealthTracker method. In the future, that new method will return a tsd.System-specific HealthTracker, so multiple tsnet.Servers in the same process are isolated. For now, though, it just always returns the temporary health.Global value. That permits incremental plumbing over a number of changes. When the second to last health.Global reference is gone, then the tsd.System.HealthTracker implementation can return a private Tracker. The primary plumbing this does is adding it to LocalBackend and its dozen and change health calls. A few misc other callers are also plumbed. Subsequent changes will flesh out other parts of the tree (magicsock, controlclient, etc). Updates #11874 Updates #4136 Change-Id: Id51e73cfc8a39110425b6dc19d18b3975eac75ce Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Joe Tsai	63b3c82587	ipn/local: log OS-specific diagnostic information as JSON (#11700) ... There is an undocumented 16KiB limit for text log messages. However, the limit for JSON messages is 256KiB. Even worse, logging JSON as text results in significant overhead since each double quote needs to be escaped. Instead, use logger.Logf.JSON to explicitly log the info as JSON. We also modify osdiag to return the information as structured data rather than implicitly have the package log on our behalf. This gives more control to the caller on how to log. Updates #7802 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Aaron Klotz	7132b782d4	hostinfo: use Distro field for distinguishing Windows Server builds ... Some editions of Windows server share the same build number as their client counterpart; we must use an additional field found in the OS version information to distinguish between them. Even though "Distro" has Linux connotations, it is the most appropriate hostinfo field. What is Windows Server if not an alternate distribution of Windows? This PR populates Distro with "Server" when applicable. Fixes #11785 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Claire Wang	9171b217ba	cmd/tailscale, ipn/ipnlocal: add suggest exit node CLI option (#11407) ... Updates tailscale/corp#17516 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Brad Fitzpatrick	a1abd12f35	cmd/tailscaled, net/tstun: build for aix/ppc64 ... At least in userspace-networking mode. Fixes #11361 Change-Id: I78d33f0f7e05fe9e9ee95b97c99b593f8fe498f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Joe Tsai	7a77a2edf1	logtail: optimize JSON processing (#11671) ... Changes made: * Avoid "encoding/json" for JSON processing, and instead use "github.com/go-json-experiment/json/jsontext". Use jsontext.Value.IsValid for validation, which is much faster. Use jsontext.AppendQuote instead of our own JSON escaping. * In drainPending, use a different maxLen depending on lowMem. In lowMem mode, it is better to perform multiple uploads than it is to construct a large body that OOMs the process. * In drainPending, if an error is encountered draining, construct an error message in the logtail JSON format rather than something that is invalid JSON. * In appendTextOrJSONLocked, use jsontext.Decoder to check whether the input is a valid JSON object. This is faster than the previous approach of unmarshaling into map[string]any and then re-marshaling that data structure. This is especially beneficial for network flow logging, which produces relatively large JSON objects. * In appendTextOrJSONLocked, enforce maxSize on the input. If too large, then we may end up in a situation where the logs can never be uploaded because it exceeds the maximum body size that the Tailscale logs service accepts. * Use "tailscale.com/util/truncate" to properly truncate a string on valid UTF-8 boundaries. * In general, remove unnecessary spaces in JSON output. Performance: name old time/op new time/op delta WriteText 776ns ± 2% 596ns ± 1% -23.24% (p=0.000 n=10+10) WriteJSON 110µs ± 0% 9µs ± 0% -91.77% (p=0.000 n=8+8) name old alloc/op new alloc/op delta WriteText 448B ± 0% 0B -100.00% (p=0.000 n=10+10) WriteJSON 37.9kB ± 0% 0.0kB ± 0% -99.87% (p=0.000 n=10+10) name old allocs/op new allocs/op delta WriteText 1.00 ± 0% 0.00 -100.00% (p=0.000 n=10+10) WriteJSON 1.08k ± 0% 0.00k ± 0% -99.91% (p=0.000 n=10+10) For text payloads, this is 1.30x faster. For JSON payloads, this is 12.2x faster. Updates #cleanup Updates tailscale/corp#18514 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
James Tucker	db760d0bac	cmd/tailscaled: move cleanup to an implicit action during startup ... This removes a potentially increased boot delay for certain boot topologies where they block on ExecStartPre that may have socket activation dependencies on other system services (such as systemd-resolved and NetworkManager). Also rename cleanup to clean up in affected/immediately nearby places per code review commentary. Fixes #11599 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Maisem Ali	3f4c5daa15	wgengine/netstack: remove SubnetRouterWrapper ... It was used when we only supported subnet routers on linux and would nil out the SubnetRoutes slice as no other router worked with it, but now we support subnet routers on ~all platforms. The field it was setting to nil is now only used for network logging and nowhere else, so keep the field but drop the SubnetRouterWrapper as it's not useful. Updates #cleanup Change-Id: Id03f9b6ec33e47ad643e7b66e07911945f25db79 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	98cf71cd73	tailscale: switch tailfs to drive syntax for api and logs (#11625) ... This change switches the api to /drive, rather than the previous /tailfs as well as updates the log lines to reflect the new value. It also cleans up some existing tailfs references. Updates tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	93618a3518	tailscale: update tailfs functions and vars to use drive naming (#11597) ... This change updates all tailfs functions and the majority of the tailfs variables to use the new drive naming. Updates tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	14683371ee	tailscale: update tailfs file and package names (#11590) ... This change updates the tailfs file and package names to their new naming convention. Updates #tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Percy Wegmann	66e4d843c1	ipn/localapi: add support for multipart POST to file-put ... This allows sending multiple files via Taildrop in one request. Progress is tracked via ipn.Notify. Updates tailscale/corp#18202 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	8b8b315258	net/tstun: use gaissmai/bart instead of tempfork/device ... This implementation uses less memory than tempfork/device, which helps avoid OOM conditions in the iOS VPN extension when switching to a Tailnet with ExitNode routing enabled. Updates tailscale/corp#18514 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Joe Tsai	85febda86d	all: use zstdframe where sensible (#11491) ... Use the zstdframe package where sensible instead of plumbing around our own zstd.Encoder just for stateless operations. This causes logtail to have a dependency on zstd, but that's arguably okay since zstd support is implicit to the protocol between a client and the logging service. Also, virtually every caller to logger.NewLogger was manually setting up a zstd.Encoder anyways, meaning that zstd was functionally always a dependency. Updates #cleanup Updates tailscale/corp#18514 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Brad Fitzpatrick	69f4b4595a	wgengine{,/wgint}: add wgint.Peer wrapper type, add to wgengine.Engine ... This adds a method to wgengine.Engine and plumbed down into magicsock to add a way to get a type-safe Tailscale-safe wrapper around a wireguard-go device.Peer that only exposes methods that are safe for Tailscale to use internally. It also removes HandshakeAttempts from PeerStatusLite that was just added as it wasn't needed yet and is now accessible ala cart as needed from the Peer type accessor. None of this is used yet. Updates #7617 Change-Id: I07be0c4e6679883e6eeddf8dbed7394c9e79c5f4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Nick Khyl	7ef1fb113d	cmd/tailscaled, ipn/ipnlocal, wgengine: shutdown tailscaled if wgdevice is closed ... Tailscaled becomes inoperative if the Tailscale Tunnel wintun adapter is abruptly removed. wireguard-go closes the device in case of a read error, but tailscaled keeps running. This adds detection of a closed WireGuard device, triggering a graceful shutdown of tailscaled. It is then restarted by the tailscaled watchdog service process. Fixes #11222 Signed-off-by: Nick Khyl <nickk@tailscale.com>	2 years ago
Percy Wegmann	50fb8b9123	tailfs: replace webdavfs with reverse proxies ... Instead of modeling remote WebDAV servers as actual webdav.FS instances, we now just proxy traffic to them. This not only simplifies the code, but it also allows WebDAV locking to work correctly by making sure locks are handled by the servers that need to (i.e. the ones actually serving the files). Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Andrew Dunham	52f16b5d10	doctor/ethtool, ipn/ipnlocal: add ethtool bugreport check ... Updates #11137 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Idbe862d80e428adb044249c47d9096b87f29d5d8	2 years ago
Brad Fitzpatrick	61a1644c2a	go.mod, all: move away from inet.af domain seized by Taliban ... Updates inetaf/tcpproxy#39 Change-Id: I7fee276b116bd08397347c6c949011d76a2842cf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Percy Wegmann	55b372a79f	tailscaled: revert to using pointers for subcommands ... As part of #10631, we stopped using function pointers for subcommands, preventing us from registering platform-specific installSystemDaemon and uninstallSystemDaemon subcommands. Fixes #11099 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	87154a2f88	tailfs: fix startup issues on windows ... Starts TailFS for Windows too, initializes shares on startup. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	abab0d4197	tailfs: clean up naming and package structure ... - Restyles tailfs -> tailFS - Defines interfaces for main TailFS types - Moves implemenatation of TailFS into tailfsimpl package Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
James Tucker	24bac27632	util/rands: add Shuffle and Perm functions with on-stack RNG state ... The new math/rand/v2 package includes an m-local global random number generator that can not be reseeded by the user, which is suitable for most uses without the RNG pools we have in a number of areas of the code base. The new API still does not have an allocation-free way of performing a seeded operations, due to the long term compiler bug around interface parameter escapes, and the Source interface. This change introduces the two APIs that math/rand/v2 can not yet replace efficiently: seeded Perm() and Shuffle() operations. This implementation chooses to use the PCG random source from math/rand/v2, as with sufficient compiler optimization, this source should boil down to only two on-stack registers for random state under ideal conditions. Updates #17243 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Percy Wegmann	993acf4475	tailfs: initial implementation ... Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Brad Fitzpatrick	2bd3c1474b	util/cmpx: delete now that we're using Go 1.22 ... Updates #11058 Change-Id: I09dea8e86f03ec148b715efca339eab8b1f0f644 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
James Tucker	7e3bcd297e	go.mod,wgengine/netstack: bump gvisor ... Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	457102d070	go.mod: bump most deps for start of cycle ... Plan9 CI is disabled. 3p dependencies do not build for the target. Contributor enthusiasm appears to have ceased again, and no usage has been made. Skipped gvisor, nfpm, and k8s. Updates #5794 Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Andrew Dunham	7a0392a8a3	wgengine/netstack: expose gVisor metrics through expvar ... When tailscaled is run with "-debug 127.0.0.1:12345", these metrics are available at: http://localhost:12345/debug/metrics Updates #8210 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I19db6c445ac1f8344df2bc1066a3d9c9030606f8	2 years ago
James Tucker	8250582fe6	ipn/ipnlocal: make app connector configuration concurrent ... If there are routes changes as a side effect of an app connector configuration update, the connector configuration may want to reenter a lock, so must be started asynchronously. Updates tailscale/corp#16833 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	38a1cf748a	control/controlclient,util/execqueue: extract execqueue into a package ... This is a useful primitive for asynchronous execution of ordered work I want to use in another change. Updates tailscale/corp#16833 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Joe Tsai	c25968e1c5	all: make use of ctxkey everywhere (#10846) ... Also perform minor cleanups on the ctxkey package itself. Provide guidance on when to use ctxkey.Key[T] over ctxkey.New. Also, allow for interface kinds because the value wrapping trick also happens to fix edge cases with interfaces in Go. Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Andrew Lytvynov	4ec6a78551	go.mod: update golang-x-crypto fork (#10786) ... Pick up a bunch of recent upstream commits. Updates #8593 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Rhea Ghosh	4ce33c9758	taildrop: remove breaking abstraction layers for apple (#10728) ... Removes the avoidFinalRename logic and all associated code as it is no longer required by the Apple clients. Enables resume logic to be usable for Apple clients. Fixes tailscale/corp#14772 Signed-off-by: Rhea Ghosh <rhea@tailscale.com>	2 years ago
Andrew Dunham	46bdbb3878	cmd/tailscaled, tsnet: don't return an interface containing a nil pointer ... This tripped me up when I was testing something and wrote: if conn != nil { conn.Close() } In netstack mode, when an error occurred we were getting a non-nil error and a non-nil interface that contained a nil pointer. Instead, just return a nil interface value. Updates #cleanup Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Id9ef3dd24529e0e8c53adc60ed914c31fbb10cc4	2 years ago
Aaron Klotz	e32a064659	cmd/tailscaled: don't create a network monitor in the parent tailscaled on Windows ... The service is only used as a watchdog and for piping logs from the child process. We shouldn't be creating a network monitor in that case. Fixes #10732 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Andrew Lytvynov	2716250ee8	all: cleanup unused code, part 2 (#10670) ... And enable U1000 check in staticcheck. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Dunham	d05a572db4	net/portmapper: handle multiple UPnP discovery responses ... Instead of taking the first UPnP response we receive and using that to create port mappings, store all received UPnP responses, sort and deduplicate them, and then try all of them to obtain an external address. Updates #10602 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I783ccb1834834ee2a9ecbae2b16d801f2354302f	2 years ago
Sonia Appasamy	c2fe123232	cmd/tailscaled: update ConfigureWebClient's UseSocketOnly value ... Previously were always setting `UseSocketOnly` because we were comparing `args.socketpath != ""`, but `args.socketpath` flag always gets filled with `paths.DefaultTailscaledSocket()` when not provided. Rather than comparing to the empty string, compare to the default value to determine if `UseSocketOnly` should be set. Should fix issue with web client being unreachable for Mac App Store variant of the mac build. Updates #16054 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Aaron Klotz	0f646937e9	clientupdate: remove TS_NOLAUNCH and GUI restart hacks from autoupdate ... We've fixed the underlying issue in github.com/tailscale/corp/issues/13998. Fixes #10513 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Claire Wang	8af503b0c5	syspolicy: add exit node related policies (#10172) ... Adds policy keys ExitNodeID and ExitNodeIP. Uses the policy keys to determine the exit node in preferences. Fixes tailscale/corp#15683 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Maisem Ali	57129205e6	cmd/tailscaled: make tun mode default on gokrazy ... Now that we have nftable support this works fine and force it on gokrazy since 25a8daf405. Updates gokrazy/gokrazy#209 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Sonia Appasamy	6f7a1b51a8	ipn/ipnlocal: rename SetWebLocalClient to ConfigureWebClient ... For consistency with the "WebClient" naming of the other functions here. Also fixed a doc typo. A #cleanup Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Aaron Klotz	855f79fad7	cmd/tailscaled, util/winutil: changes to process and token APIs in winutil ... This PR changes the internal getTokenInfo function to use generics. I also removed our own implementations for obtaining a token's user and primary group in favour of calling the ones now available in x/sys/windows. Furthermore, I added two new functions for working with tokens, logon session IDs, and Terminal Services / RDP session IDs. I modified our privilege enabling code to allow enabling of multiple privileges via one single function call. Finally, I added the ProcessImageName function and updated the code in tailscaled_windows.go to use that instead of directly calling the underlying API. All of these changes will be utilized by subsequent PRs pertaining to this issue. Updates https://github.com/tailscale/corp/issues/13998 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Andrew Lytvynov	c3f1bd4c0a	clientupdate: fix auto-update on Windows over RDP (#10242) ... `winutil.WTSGetActiveConsoleSessionId` only works for physical desktop logins and does not return the session ID for RDP logins. We need to `windows.WTSEnumerateSessions` and find the active session. Fixes https://github.com/tailscale/corp/issues/15772 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Naman Sood	e57fd9cda4	ipn/{ipnlocal,ipnstate,localapi}: add localapi endpoints for client self-update (#10188) ... * ipn/{ipnlocal,ipnstate,localapi}: add localapi endpoints for client self-update Updates #10187. Signed-off-by: Naman Sood <mail@nsood.in> * depaware Updates #10187. Signed-off-by: Naman Sood <mail@nsood.in> * address review feedback Signed-off-by: Naman Sood <mail@nsood.in> --------- Signed-off-by: Naman Sood <mail@nsood.in>	2 years ago
Andrew Lytvynov	55cd5c575b	ipn/localapi: only perform local-admin check in serveServeConfig (#10163) ... On unix systems, the check involves executing sudo, which is slow. Instead of doing it for every incoming request, move the logic into localapi serveServeConfig handler and do it as needed. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071) ... Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	2 years ago
Andrew Lytvynov	1fc1077052	ssh/tailssh,util: extract new osuser package from ssh code (#10170) ... This package is a wrapper for os/user that handles non-cgo builds, gokrazy and user shells. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
James Tucker	f27b2cf569	appc,cmd/sniproxy,ipn/ipnlocal: split sniproxy configuration code out of appc ... The design changed during integration and testing, resulting in the earlier implementation growing in the appc package to be intended now only for the sniproxy implementation. That code is moved to it's final location, and the current App Connector code is now renamed. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Aaron Klotz	47019ce1f1	cmd/tailscaled: pre-load wintun.dll using a fully-qualified path ... In corp PR #14970 I updated the installer to set a security mitigation that always forces system32 to the front of the Windows dynamic linker's search path. Unfortunately there are other products out there that, partying like it's 1995, drop their own, older version of wintun.dll into system32. Since we look there first, we end up loading that old version. We can fix this by preloading wintun using a fully-qualified path. When wintun-go then loads wintun, the dynamic linker will hand it the module that was previously loaded by us. Fixes #10023, #10025, #10052 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
James Tucker	6ad54fed00	appc,ipn/ipnlocal: add App Connector domain configuration from mapcap ... The AppConnector is now configured by the mapcap from the control plane. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	b48b7d82d0	appc,ipn/ipnlocal,net/dns/resolver: add App Connector wiring when enabled in prefs ... An EmbeddedAppConnector is added that when configured observes DNS responses from the PeerAPI. If a response is found matching a configured domain, routes are advertised when necessary. The wiring from a configuration in the netmap capmap is not yet done, so while the connector can be enabled, no domains can yet be added. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Will Norris	66c7af3dd3	ipn: replace web client debug flag with node capability ... Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	2 years ago
Sonia Appasamy	89953b015b	ipn/ipnlocal,client/web: add web client to tailscaled ... Allows for serving the web interface from tailscaled, with the ability to start and stop the server via localapi endpoints (/web/start and /web/stop). This will be used to run the new full management web client, which will only be accessible over Tailscale (with an extra auth check step over noise) from the daemon. This switch also allows us to run the web interface as a long-lived service in environments where the CLI version is restricted to CGI, allowing us to manage certain auth state in memory. ipn/ipnlocal/web is stubbed out in ipn/ipnlocal/web_stub for ios builds to satisfy ios restriction from adding "text/template" and "html/template" dependencies. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	2 years ago
Aaron Klotz	95671b71a6	ipn, safesocket: use Windows token in LocalAPI ... On Windows, the idiomatic way to check access on a named pipe is for the server to impersonate the client on its current OS thread, perform access checks using the client's access token, and then revert the OS thread's access token back to its true self. The access token is a better representation of the client's rights than just a username/userid check, as it represents the client's effective rights at connection time, which might differ from their normal rights. This patch updates safesocket to do the aforementioned impersonation, extract the token handle, and then revert the impersonation. We retain the token handle for the remaining duration of the connection (the token continues to be valid even after we have reverted back to self). Since the token is a property of the connection, I changed ipnauth to wrap the concrete net.Conn to include the token. I then plumbed that change through ipnlocal, ipnserver, and localapi as necessary. I also added a PermitLocalAdmin flag to the localapi Handler which I intend to use for controlling access to a few new localapi endpoints intended for configuring auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	2 years ago
Adrian Dewhurst	5347e6a292	control/controlclient: support certstore without cgo ... We no longer build Windows releases with cgo enabled, which automatically turned off certstore support. Rather than re-enabling cgo, we updated our fork of the certstore package to no longer require cgo. This updates the package, cleans up how the feature is configured, and removes the cgo build tag requirement. Fixes tailscale/corp#14797 Fixes tailscale/coral#118 Change-Id: Iaea34340761c0431d759370532c16a48c0913374 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Brad Fitzpatrick	18bd98d35b	cmd/tailscaled,*: add start of configuration file support ... Updates #1412 Co-authored-by: Maisem Ali <maisem@tailscale.com> Change-Id: I38d559c1784d09fc804f521986c9b4b548718f7d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Rhea Ghosh	71271e41d6	ipn/{ipnlocal/peerapi, localapi} initial taildrop resume api plumbing (#9798) ... This change: * adds a partial files peerAPI endpoint to get a list of partial files * adds a helper function to extract the basename of a file * updates the peer put peerAPI endpoint * updates the file put localapi endpoint to allow resume functionality Updates #14772 Signed-off-by: Rhea Ghosh <rhea@tailscale.com>	2 years ago
Maisem Ali	5297bd2cff	cmd/tailscaled,net/tstun: fix data race on start-up in TUN mode ... Fixes #7894 Change-Id: Ice3f8019405714dd69d02bc07694f3872bb598b8 Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
James Tucker	96f01a73b1	tailcfg: import ProtoPortRange for local use ... Imported type and parsing, with minor modifications. Updates tailscale/corp#15043 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	c1ef55249a	types/ipproto: import and test string parsing for ipproto ... IPProto has been being converted to and from string formats in multiple locations with variations in behavior. TextMarshaller and JSONMarshaller implementations are now added, along with defined accepted and preferred formats to centralize the logic into a single cross compatible implementation. Updates tailscale/corp#15043 Fixes tailscale/corp#15141 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Maisem Ali	9d96e05267	net/packet: split off checksum munging into different pkg ... The current structure meant that we were embedding netstack in the tailscale CLI and in the GUIs. This removes that by isolating the checksum munging to a different pkg which is only called from `net/tstun`. Fixes #9756 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Andrew Lytvynov	677d486830	clientupdate: abort if current version is newer than latest (#9733) ... This is only relevant for unstable releases and local builds. When local version is newer than upstream, abort release. Also, re-add missing newlines in output that were missed in https://github.com/tailscale/tailscale/pull/9694. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago