tailscale

Commit Graph

Author	SHA1	Message	Date
Jenny Zhang	c446451bfa	cmd/gitops-pusher: only use OAuth creds if non-empty string `os.LookupEnv` may return true if the variable is present in the environment but an empty string. We should only attempt to set OAuth Config if thsoe values are non-empty. Updates gitops-acl-action#33 Signed-off-by: Jenny Zhang <jz@tailscale.com>	4 months ago
Percy Wegmann	993acf4475	tailfs: initial implementation Add a WebDAV-based folder sharing mechanism that is exposed to local clients at 100.100.100.100:8080 and to remote peers via a new peerapi endpoint at /v0/tailfs. Add the ability to manage folder sharing via the new 'share' CLI sub-command. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago
Joe Tsai	2e404b769d	all: use new AppendEncode methods available in Go 1.22 (#11079 ) Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
Joe Tsai	94a4f701c2	all: use reflect.TypeFor now available in Go 1.22 (#11078 ) Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
Joe Tsai	efddad7d7d	util/deephash: cleanup TODO in TestHash (#11080 ) Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
Charlotte Brandhorst-Satzkorn	0f042b9814	cmd/tailscale/cli: fix exit node status output (#11076 ) This change fixes the format of tailscale status output when location based exit nodes are present. Fixes #11065 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	4 months ago
Andrea Gottardo	6c79f55d48	ipnlocal: force-regen new authURL when it is too old (#10971 ) Fixes tailscale/support-escalations#23. authURLs returned by control expire after 1 hour from creation. Customer reported that the Tailscale client on macOS would sending users to a stale authentication page when clicking on the `Login...` menu item. This can happen when clicking on Login after leaving the device unattended for several days. The device key expires, leading to the creation of a new authURL, however the client doesn't keep track of when the authURL was created. Meaning that `login-interactive` would send the user to an authURL that had expired server-side a long time before. This PR ensures that whenever `login-interactive` is called via LocalAPI, an authURL that is too old won't be used. We force control to give us a new authURL whenever it's been more than 30 minutes since the last authURL was sent down from control. Apply suggestions from code review Set interval to 6 days and 23 hours Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	4 months ago
Sonia Appasamy	1217f655c0	cmd/dist: update logs for synology builds Update logs for synology builds to more clearly callout which variant is being built. The two existing variants are: 1. Sideloaded (can be manual installed on a device by anyone) 2. Package center distribution (by the tailscale team) Updates #cleanup Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	4 months ago
OSS Updater	664b861cd4	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	4 months ago
Will Norris	6f0c5e0c05	client/web: use smart quotes in web UI frontend add the curly-quotes eslint plugin (same that we use for the admin panel), and fix existing straight quotes in the current web UI. Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	4 months ago
Will Norris	128c99d4ae	client/web: add new readonly mode The new read-only mode is only accessible when running `tailscale web` by passing a new `-readonly` flag. This new mode is identical to the existing login mode with two exceptions: - the management client in tailscaled is not started (though if it is already running, it is left alone) - the client does not prompt the user to login or switch to the management client. Instead, a message is shown instructing the user to use other means to manage the device. Updates #10979 Signed-off-by: Will Norris <will@tailscale.com>	4 months ago
License Updater	9f0eaa4464	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	4 months ago
License Updater	78f257d9f8	licenses: update android licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	4 months ago
License Updater	5486d8aaf9	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	4 months ago
Irbe Krumina	a6cc2fdc3e	cmd/{containerboot,k8s-operator/deploy/manifests}: optionally allow proxying cluster traffic to a cluster target via ingress proxy (#11036 ) * cmd/containerboot,cmd/k8s-operator/deploy/manifests: optionally forward cluster traffic via ingress proxy. If a tailscale Ingress has tailscale.com/experimental-forward-cluster-traffic-via-ingress annotation, configure the associated ingress proxy to have its tailscale serve proxy to listen on Pod's IP address. This ensures that cluster traffic too can be forwarded via this proxy to the ingress backend(s). In containerboot, if EXPERIMENTAL_PROXY_CLUSTER_TRAFFIC_VIA_INGRESS is set to true and the node is Kubernetes operator ingress proxy configured via Ingress, make sure that traffic from within the cluster can be proxied to the ingress target. Updates tailscale/tailscale#10499 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	4 months ago
Flakes Updater	2404b1444e	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	4 months ago
Brad Fitzpatrick	c424e192c0	.github/workflows: temporarily disable broken oss-fuzz action Updates #11064 Updates #11058 Change-Id: I63acc13dece3379a0b2df573afecfd245b7cd6c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Brad Fitzpatrick	2bd3c1474b	util/cmpx: delete now that we're using Go 1.22 Updates #11058 Change-Id: I09dea8e86f03ec148b715efca339eab8b1f0f644 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Brad Fitzpatrick	5ea071186e	Dockerfile: use Go 1.22 Updates #11058 Change-Id: I0f63be498be33d71bd90b7956f9fe9666fd7a696 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Brad Fitzpatrick	9612001cf4	.github/workflows: update golangci-lint for Go 1.22 Updates #11058 Change-Id: I3785c1f1bea4a4663e7e5fb6d209d3caedae436d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Brad Fitzpatrick	b6153efb7d	go.mod, README.md: use Go 1.22 Updates #11058 Change-Id: I95eecdc7afe2b5f8189016fdb8a773f78e9f5c42 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 months ago
Tom DNetto	653721541c	tsweb: normalize passkey identities in bucketed stats Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: corp#17075	4 months ago
Tom DNetto	8d6d9d28ba	tsweb: normalize common StableID's in bucketed stats, export as LabelMap Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: corp#17075	4 months ago
James Tucker	e0762fe331	words: add a list of things you should yahoo! Updates #self Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
James Tucker	0b16620b80	.github/workflows: add privileged tests workflow We had missed regressions from privileged tests not running, now they can run. Updates #cleanup Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
James Tucker	0f5e031133	appc: optimize dns response observation for large route tables Advertise DNS discovered addresses as a single preference update rather than one at a time. Sort the list of observed addresses and use binary search to consult the list. Updates tailscale/corp#16636 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
Andrew Lytvynov	db3776d5bf	go.toolchain.rev: bump to Go 1.22.0 (#11055 ) Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	4 months ago
Tom DNetto	af931dcccd	tsweb: replace domains/emails in paths when bucketing stats Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: corp#17075	4 months ago
Tom DNetto	36efc50817	tsweb: implementing bucketed statistics for started/finished counts Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: corp#17075	4 months ago
Maisem Ali	b752bde280	types/views: add SliceMapKey[T] views.Slice are meant to be immutable, and if used as such it is at times desirable to use them as a key in a map. For non-viewed slices it was kinda doable by creating a custom key struct but views.Slice didn't allow for the same so add a method to create that struct here. Updates tailscale/corp#17122 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 months ago
kari-ts	5595b61b96	ipn/localapi: more http status cleanup (#10995 ) Use Http.StatusOk instead of 200 Updates #cleanup	4 months ago
Chris Palmer	a633a30711	cmd/hello: link to the Hello KB article (#11022 ) Fixes https://github.com/tailscale/corp/issues/17104 Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	4 months ago
Joe Tsai	60657ac83f	util/deephash: tighten up SelfHasher API (#11012 ) Providing a hash.Block512 is an implementation detail of how deephash works today, but providing an opaque type with mostly equivalent API (i.e., HashUint8, HashBytes, etc. methods) is still sensible. Thus, define a public Hasher type that exposes exactly the API that an implementation of SelfHasher would want to call. This gives us freedom to change the hashing algorithm of deephash at some point in the future. Also, this type is likely going to be called by types that are going to memoize their own hash results, we additionally add a HashSum method to simplify this use case. Add documentation to SelfHasher on how a type might implement it. Updates: corp#16409 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
Joe Tsai	84f8311bcd	util/deephash: document pathological deephash behavior (#11010 ) Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	4 months ago
James Tucker	ba70cbb930	ipn/ipnlocal: fix app connector route advertisements on exit nodes If an app connector is also configured as an exit node, it should still advertise discovered routes that are not covered by advertised routes, excluding the exit node routes. Updates tailscale/corp#16928 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
James Tucker	e1a4b89dbe	appc,ipn/ipnlocal: add app connector routes if any part of a CNAME chain is routed If any domain along a CNAME chain matches any of the routed domains, add routes for the discovered domains. Fixes tailscale/corp#16928 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
Tom DNetto	2aeef4e610	util/deephash: implement SelfHasher to allow types to hash themselves Updates: corp#16409 Signed-off-by: Tom DNetto <tom@tailscale.com>	4 months ago
James Tucker	b4b2ec7801	ipn/ipnlocal: fix pretty printing of multi-record peer DNS results The API on the DNS record parser is slightly subtle and requires explicit handling of unhandled records. Failure to advance previously resulted in an infinite loop in the pretty responder for any reply that contains a record other than A/AAAA/TXT. Updates tailscale/corp#16928 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
Percy Wegmann	fad6bae764	ipnlocal: log failure to get ssh host keys When reporting ssh host keys to control, log a warning if we're unable to get the SSH host keys. Updates tailscale/escalations#21 Signed-off-by: Percy Wegmann <percy@tailscale.com>	4 months ago
Chris Palmer	9744ad47e3	cmd/hello: avoid deprecated apis (#10957 ) Updates #cleanup Signed-off-by: Chris Palmer <cpalmer@tailscale.com>	4 months ago
Will Norris	13f8a669d5	cmd/gitops-pusher: fix logic for checking credentials gitops-pusher supports authenticating with an API key or OAuth credentials (added in #7393). You shouldn't ever use both of those together, so we error if both are set. In tailscale/gitops-acl-action#24, OAuth support is being added to the GitHub action. In that environment, both the TS_API_KEY and OAuth variables will be set, even if they are empty values. This causes an error in gitops-pusher which expects only one to be set. Update gitops-pusher to check that only one set of environment variables are non-empty, rather than just checking if they are set. Updates #7393 Signed-off-by: Will Norris <will@tailscale.com>	4 months ago
Charlotte Brandhorst-Satzkorn	cce189bde1	words: i like the direction this list is taking Updates tailscale/corp#14698 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	4 months ago
Andrew Lytvynov	fbfc3b7e51	cmd/tailscale/cli: run Watch with NotifyNoPrivateKeys (#10950 ) When running as non-root non-operator user, you get this error: ``` $ tailscale serve 8080 Access denied: watch IPN bus access denied, must set ipn.NotifyNoPrivateKeys when not running as admin/root or operator Use 'sudo tailscale serve 8080' or 'tailscale up --operator=$USER' to not require root. ``` It should fail, but the error message is confusing. With this fix: ``` $ tailscale serve 8080 sending serve config: Access denied: serve config denied Use 'sudo tailscale serve 8080' or 'tailscale up --operator=$USER' to not require root. ``` Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	4 months ago
James Tucker	0f3b2e7b86	util/expvarx: add a time and concurrency limiting expvar.Func wrapper expvarx.SafeFunc wraps an expvar.Func with a time limit. On reaching the time limit, calls to Value return nil, and no new concurrent calls to the underlying expvar.Func will be started until the call completes. Updates tailscale/corp#16999 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
Andrew Dunham	fd94d96e2b	net/portmapper: support legacy "urn:dslforum-org" portmapping services These are functionally the same as the "urn:schemas-upnp-org" services with a few minor changes, and are still used by older devices. Support them to improve our ability to obtain an external IP on such networks. Updates #10911 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I05501fad9d6f0a3b8cf19fc95eee80e7d16cc2cf	4 months ago
Irbe Krumina	75f1d3e7d7	ipn/ipnlocal: fix failing test (#10937 ) Updates#cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	4 months ago
Irbe Krumina	6ee956333f	ipn/ipnlocal: fix proxy path that matches mount point (#10864 ) Don't append a trailing slash to a request path to the reverse proxy that matches the mount point exactly. Updates tailscale/tailscale#10730 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	4 months ago
Jordan Whited	8b47322acc	wgengine/magicsock: implement probing of UDP path lifetime (#10844 ) This commit implements probing of UDP path lifetime on the tail end of an active direct connection. Probing configuration has two parts - Cliffs, which are various timeout cliffs of interest, and CycleCanStartEvery, which limits how often a probing cycle can start, per-endpoint. Initially a statically defined default configuration will be used. The default configuration has cliffs of 10s, 30s, and 60s, with a CycleCanStartEvery of 24h. Probing results are communicated via clientmetric counters. Probing is off by default, and can be enabled via control knob. Probing is purely informational and does not yet drive any magicsock behaviors. Updates #540 Signed-off-by: Jordan Whited <jordan@tailscale.com>	4 months ago
James Tucker	0e2cb76abe	appc: add test to ensure that individual IPs are not removed during route updates If control advised the connector to advertise a route that had already been discovered by DNS it would be incorrectly removed. Now those routes are preserved. Updates tailscale/corp#16833 Signed-off-by: James Tucker <james@tailscale.com>	4 months ago
Charlotte Brandhorst-Satzkorn	ce4553b988	appc,ipn/ipnlocal: optimize preference adjustments when routes update This change allows us to perform batch modification for new route advertisements and route removals. Additionally, we now handle the case where newly added routes are covered by existing ranges. This change also introduces a new appctest package that contains some shared functions used for testing. Updates tailscale/corp#16833 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	4 months ago

1 2 3 4 5 ...

7119 Commits (c446451bfa39d6421a7012cdc2d46543445d0f80) All Branches Search

7119 Commits (c446451bfa39d6421a7012cdc2d46543445d0f80)

All Branches