tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	41db1d7bba	tailcfg: deprecate Debug, flesh out Node.DERP docs Updates #docs Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Jenny Zhang	907c56c200	api.md: add documentation to API endpoint about SCIM group warnings Updates #8645 Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
Claire Wang	e1bcecc393	logtail: use tstime (#8607 ) Updates #8587 Signed-off-by: Claire Wang <claire@tailscale.com>	1 year ago
Joe Tsai	bb4b35e923	ssh: ignore io.EOF from sftp.Server.Serve If the connection provided to sftp.NewServer is closed, Serve returns the io.EOF error verbatim from io.Reader.Read. This is an odd error since this is an expected situation, so we manually ignore io.EOF. This is somewhat buggy since the sftp package itself incorrectly reports io.EOF in cases where it should actually be reporting io.ErrUnexpectedEOF. See https://github.com/pkg/sftp/pull/554 which patches Serve to return nil on clean closes and fixes buggy uses of io.ReadFull. Fixes #8592 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
Brad Fitzpatrick	88cc0ad9f7	util/linuxfw: remove yet-unused code to fix linux/arm64 crash The util/linuxfw/iptables.go had a bunch of code that wasn't yet used (in prep for future work) but because of its imports, ended up initializing code deep within gvisor that panicked on init on arm64 systems not using 4KB pages. This deletes the unused code to delete the imports and remove the panic. We can then cherry-pick this back to the branch and restore it later in a different way. A new test makes sure we don't regress in the future by depending on the panicking package in question. Fixes #8658 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	7560435eb5	tstest/deptest: add test-only package to unify negative dep tests Updates #8658 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Chris Palmer	32d486e2bf	cmd/tailscale/cli: ensure custom UsageFunc is always set (#8665 ) Updates #6995 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	1 year ago
Chris Palmer	3c53bedbbf	cmd/tailscale/cli: limit Darwin-only option to Darwin (#8657 )	1 year ago
Anton Tolchanov	388b124513	net/dns: detect when libnss_resolve is used Having `127.0.0.53` is not the only way to use `systemd-resolved`. An alternative way is to enable `libnss_resolve` module, which seems to now be used by default on Debian 12 bookworm. Fixes #8549 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Andrew Lytvynov	efd6d90dd7	cmd/tailscale/cli: implement update for arch-based distros (#8655 ) Arch version of tailscale is not maintained by us, but is generally up-to-date with our releases. Therefore "tailscale update" is just a thin wrapper around "pacman -Sy tailscale" with different flags. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Chris Palmer	3f6b0d8c84	cmd/tailscale/cli: make `tailscale update` query `softwareupdate` (#8641 ) * cmd/tailscale/cli: make `tailscale update` query `softwareupdate` Even on macOS when Tailscale was installed via the App Store, we can check for and even install new versions if people ask explicitly. Also, warn if App Store AutoUpdate is not turned on. Updates #6995	1 year ago
Tom DNetto	bec9815f02	tka: guard against key-length panics when verifying signatures In late 2022 a subtle but crucial part of documentation was added to ed25519.Verify: It will panic if len(publicKey) is not [PublicKeySize]. `02ed0e5e67` This change catches that error so it won't lead to a panic. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates https://github.com/tailscale/corp/issues/8568	1 year ago
Andrea Gottardo	486ab427b4	VERSION.txt: this is v1.47.0 (#8654 ) Signed-off-by: Andrea Gottardo <andrea@tailscale.com>	1 year ago
Andrew Lytvynov	7c04846eac	tsweb: relax CSP for debug handlers (#8649 ) Allow inline CSS for debug handlers to make prototyping easier. These are generally not accessible to the public and the small risk of CSS injection via user content seems acceptable. Also allow form submissions on the same domain, instead of banning all forms. An example of such form is http://webhooks.corp.ts.net:6359/debug/private-nodes/ Updates #3576 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Jenny Zhang	9ab70212f4	cmd/gitops-pusher: re-use existing types from acl package This changes the ACLTestError type to reuse the existing/identical types from the ACL implementation, to avoid issues in the future if the two types fall out of sync. Updates #8645 Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
Jenny Zhang	6b56e92acc	client/tailscale: add warnings slice to ACLTestFailureSummary Updates #8645 Signed-off-by: Jenny Zhang <jz@tailscale.com>	1 year ago
KevinLiang10	a3c7b21cd1	util/linuxfw: add nftables support This commit adds nftable rule injection for tailscaled. If tailscaled is started with envknob TS_DEBUG_USE_NETLINK_NFTABLES = true, the router will use nftables to manage firewall rules. Updates: #391 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>	1 year ago
Tom DNetto	abcb7ec1ce	cmd/tailscale: warn if node is locked out on bringup Updates https://github.com/tailscale/corp/issues/12718 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Tom DNetto	2c782d742c	tka: allow checkpoint AUMs to change TKA state Updates https://github.com/tailscale/corp/issues/8568 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Xe Iaso	24f0e91169	tsnet: add examples (#8289 ) Closes #8288 Follows the examples from the KB[1]. [1]: https://tailscale.com/kb/1244/tsnet/ Signed-off-by: Xe Iaso <xe@tailscale.com>	1 year ago
Val	1138f4eb5f	wgengine/router,ipn/ipnlocal: add MTU field to router config The MacOS client can't set the MTU when creating the tun due to lack of permissions, so add it to the router config and have MacOS set it in the callback using a method that it does have permissions for. Updates #8219 Signed-off-by: Val <valerie@tailscale.com>	1 year ago
Andrew Dunham	9b5e29761c	net/netcheck: ignore PreferredDERP changes that are small If the absolute value of the difference between the current PreferredDERP's latency and the best latency is <= 10ms, don't change it and instead prefer the previous value. This is in addition to the existing hysteresis that tries to remain on the previous DERP region if the relative improvement is small, but handles nodes that have low latency to >1 DERP region better. Updates #8603 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I1e34c94178f8c9a68a69921c5bc0227337514c70	1 year ago
dependabot[bot]	8bdc03913c	go.mod: bump github.com/docker/distribution (#8121 ) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	1 year ago
Maisem Ali	3304819739	metrics: add histogram support Add initial histogram support. Updates tailscale/corp#8641 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
License Updater	9101fabdf8	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Brad Fitzpatrick	94a51bdd62	go.toolchain.rev: bump Go to Go1.21rc3 Updates #8632 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Will Norris	f8b0caa8c2	serve: fix hostname for custom http ports When using a custom http port like 8080, this was resulting in a constructed hostname of `host.tailnet.ts.net:8080.tailnet.ts.net` when looking up the serve handler. Instead, strip off the port before adding the MagicDNS suffix. Also use the actual hostname in `serve status` rather than the literal string "host". Fixes #8635 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Andrew Lytvynov	c19b5bfbc3	.github/workflows: add govulncheck workflow (#8623 )	1 year ago
Claire Wang	0573f6e953	tstime: add Since method (#8622 ) Updates #8463 Signed-off-by: Claire Wang <claire@tailscale.com>	1 year ago
Maisem Ali	60e5761d60	control/controlclient: reset backoff in mapRoutine on netmap recv We were never resetting the backoff in streaming mapResponses. The call to `PollNetMap` always returns with an error. Changing that contract is harder, so manually reset backoff when a netmap is received. Updates tailscale/corp#12894 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Andrew Dunham	7aba0b0d78	net/netcheck, tailcfg: add DERPHomeParams and use it This allows providing additional information to the client about how to select a home DERP region, such as preferring a given DERP region over all others. Updates #8603 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I7c4a270f31d8585112fab5408799ffba5b75266f	1 year ago
Andrew Lytvynov	7a82fd8dbe	ipn/ipnlocal: add optional support for ACME Renewal Info (ARI) (#8599 )	1 year ago
Andrew Lytvynov	354885a08d	wgengine/netlog: fix nil pointer dereference in logtail (#8598 )	1 year ago
Denton Gentry	4f95b6966b	cmd/tailscale: remove TS_EXPERIMENT_OAUTH_AUTHKEY guardrail We've had support for OAuth client keys in `--authkey=...` for several releases, and we're using it in https://github.com/tailscale/github-action Remove the TS_EXPERIMENT_* guardrail, it is fully supported now. Fixes https://github.com/tailscale/tailscale/issues/8403 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
License Updater	c95de4c7a8	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
License Updater	3d70fecde4	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Andrew Lytvynov	96d7af3469	cmd/derper,tsweb: consistently add HTTP security headers (#8579 ) Add a few helper functions in tsweb to add common security headers to handlers. Use those functions for all non-tailscaled-facing endpoints in derper. Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Maisem Ali	8cda647a0f	cmd/testwrapper: handle build failures `go test -json` outputs invalid JSON when a build fails. Handle that case by reseting the json.Decode and continuing to read. Updates #8493 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Joe Tsai	49015b00fe	logtail: fix race condition with sockstats label (#8578 ) Updates tailscale/corp#8427 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
Tom DNetto	2bbedd2001	ipn: rename CapTailnetLockAlpha -> CapTailnetLock Updates tailscale/corp#8568 Signed-off-by: Tom DNetto <tom@tailscale.com>	1 year ago
Andrew Dunham	60ab8089ff	logpolicy, various: allow overriding log function This allows sending logs from the "logpolicy" package (and associated callees) to something other than the log package. The behaviour for tailscaled remains the same, passing in log.Printf Updates #8249 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ie1d43b75fa7281933d9225bffd388462c08a5f31	1 year ago
Flakes Updater	cd313e410b	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	1 year ago
Adrian Dewhurst	8c0572e088	go.mod: bump wireguard-go This pulls in IP checksum optimization on amd64, see tailscale/wireguard-go@bb2c8f2. Updates tailscale/corp#9755 Change-Id: I60e932fc4031703b56eb86a676465c5d02d99236 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	1 year ago
Andrew Dunham	a7648a6723	net/dnsfallback: run recursive resolver and compare results When performing a fallback DNS query, run the recursive resolver in a separate goroutine and compare the results returned by the recursive resolver with the results we get from "regular" bootstrap DNS. This will allow us to gather data about whether the recursive DNS resolver works better, worse, or about the same as "regular" bootstrap DNS. Updates #5853 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ifa0b0cc9eeb0dccd6f7a3d91675fe44b3b34bd48	1 year ago
Brad Fitzpatrick	ffaa6be8a4	tailcfg: add json omitempty to DNSConfig.ExitNodeFilteredSet We were storing a lot of "ExitNodeFilteredSet":null in the database. Updates tailscale/corp#1818 (found in the process) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	7b1c3dfd28	tailcfg,etc: remove unused tailcfg.Node.KeepAlive field The server hasn't sent it in ages. Updates #cleanup Change-Id: I9695ab0f074ec6fb006e11faf3cdfc5ca049fbf8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	f05a9f3e7f	tsnet: mark TestLoopbackLocalAPI as flakey Test flaked in CI. Updates #8557 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	339397ab74	wgengine/magicsock: remove noV4/noV6 check in addrForSendWireGuardLocked This change removes the noV4/noV6 check from addrForSendWireGuardLocked. On Android, the client panics when reaching `rand.Intn()`, likely due to the candidates list being containing no candidates. The suspicion is that the `noV4` and the `noV6` are both being triggered causing the loop to continue. Updates tailscale/corp#12938 Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
Maisem Ali	9d1a3a995c	control/controlclient: use ctx passed down to NoiseClient.getConn Without this, the client would just get stuck dialing even if the context was canceled. Updates tailscale/corp#12590 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Adrian Dewhurst	92fb80d55f	tstest, tstime: mockable timers and tickers This change introduces tstime.Clock which is the start of a mockable interface for use with testing other upcoming code changes. Fixes #8463 Change-Id: I59eabc797828809194575736615535d918242ec4 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	1 year ago

1 2 3 4 5 ...

6013 Commits (c40d095c359c6bf496351680794341adcbf5a015) All Branches Search

6013 Commits (c40d095c359c6bf496351680794341adcbf5a015)

All Branches