tailscale

Commit Graph

Author	SHA1	Message	Date
Tom DNetto	ce46d92ed2	go.{mod,sum}: update inet.af/tcpproxy to fix flaking test ``` [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.085s [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.030s ``` Fixes: #10056 Signed-off-by: Tom DNetto <tom@tailscale.com>	7 months ago
Joe Tsai	975c5f7684	taildrop: lazily perform full deletion scan after first taildrop use (#10137 ) Simply reading the taildrop directory can pop up security dialogs on platforms like macOS. Avoid this by only performing garbage collection of partial and deleted files after the first received taildrop file, which would have prompted the security dialog window. Updates tailscale/corp#14772 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	7 months ago
Jordan Whited	e848736927	control/controlknobs,wgengine/magicsock: implement SilentDisco toggle (#10195 ) This change exposes SilentDisco as a control knob, and plumbs it down to magicsock.endpoint. No changes are being made to magicsock.endpoint disco behavior, yet. Updates #540 Signed-off-by: Jordan Whited <jordan@tailscale.com> Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago
Kristoffer Dalby	fe7f7bff4f	posture: ignore not found serial errors Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	7 months ago
Sonia Appasamy	86c8ab7502	client/web: add readonly/manage toggle Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
James Tucker	c54d680682	ipn,tailconfig: clean up unreleased and removed app connector service This was never released, and is replaced by HostInfo.AppConnector. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	7 months ago
James Tucker	0b6636295e	tailcfg,ipn/ipnlocal: add hostinfo field to replace service entry Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	7 months ago
Andrew Lytvynov	1f4a38ed49	clientupdate: add support for QNAP (#10179 ) Use the `qpkg_cli` to check for updates and install them. There are a couple special things about this compare to other updaters: * qpkg_cli can tell you when upgrade is available, but not what the version is * qpkg_cli --add Tailscale works for new installs, upgrades and reinstalling existing version; even reinstall of existing version takes a while Updates #10178 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
James Tucker	45be37cb01	ipn/ipnlocal: ensure that hostinfo is updated on app connector preference changes Some conditional paths may otherwise skip the hostinfo update, so kick it off asynchronously as other code paths do. Updates tailscale/corp#15437 Signed-off-by: James Tucker <james@tailscale.com>	7 months ago
James Tucker	933d201bba	ipn/policy: mark AppConnector service as interesting Updates #15437 Signed-off-by: James Tucker <james@tailscale.com>	7 months ago
James Tucker	1a143963ec	appc: prevent duplication of wildcard entries on map updates Updates #15437 Signed-off-by: James Tucker <james@tailscale.com>	7 months ago
Andrew Lytvynov	6cce5fe001	go.toolchain.rev: bump to Go 1.21.4 (#10189 ) Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
Brad Fitzpatrick	53c4adc982	ssh/tailssh: add envknobs to force override forwarding, sftp, pty Updates tailscale/corp#15735 Change-Id: Ib1303406be925c3231ce7e0950a173ad12626492 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago
Brad Fitzpatrick	ffabe5fe21	ssh/tailssh: fix sftp metric increment location We were incrementing the sftp metric on regular sessions too, not just sftp. Updates #cleanup Change-Id: I63027a39cffb3e03397c6e4829b1620c10fa3130 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago
Naman Sood	e57fd9cda4	ipn/{ipnlocal,ipnstate,localapi}: add localapi endpoints for client self-update (#10188 ) * ipn/{ipnlocal,ipnstate,localapi}: add localapi endpoints for client self-update Updates #10187. Signed-off-by: Naman Sood <mail@nsood.in> * depaware Updates #10187. Signed-off-by: Naman Sood <mail@nsood.in> * address review feedback Signed-off-by: Naman Sood <mail@nsood.in> --------- Signed-off-by: Naman Sood <mail@nsood.in>	7 months ago
Andrew Lytvynov	55cd5c575b	ipn/localapi: only perform local-admin check in serveServeConfig (#10163 ) On unix systems, the check involves executing sudo, which is slow. Instead of doing it for every incoming request, move the logic into localapi serveServeConfig handler and do it as needed. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
James Tucker	73de6a1a95	appc: add support for matching wildcard domains The app connector matches a configuration of "*.example.com" to mean any sub-domain of example.com. Updates #15437 Signed-off-by: James Tucker <james@tailscale.com>	7 months ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	7 months ago
Andrew Lytvynov	1fc1077052	ssh/tailssh,util: extract new osuser package from ssh code (#10170 ) This package is a wrapper for os/user that handles non-cgo builds, gokrazy and user shells. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
Will Norris	09de240934	ipn/ipnlocal: allow connecting to local web client The local web client has the same characteristic as tailscale serve, in that it needs a local listener to allow for connections from the local machine itself when running in kernel networking mode. This change renames and adapts the existing serveListener to allow it to be used by the web client as well. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Brad Fitzpatrick	d36a0d42aa	tsnet: check a bit harder for https in Server.ListenFunnel This was mostly already fixed already indirectly in earlier commits but add a last second length check to this slice so it can't ever OOB. Fixes #7860 Change-Id: I31ac17fc93b5808deb09ff34e452fe37c87ddf3a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago
Andrew Lytvynov	bff786520e	clientupdate,ipn/ipnlocal: fix c2n update on freebsd (#10168 ) The c2n part was broken because we were not looking up the tailscale binary for that GOOS. The rest of the update was failing at the `pkg upgrade` confirmation prompt. We also need to manually restart tailscaled after update. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
Sonia Appasamy	d544e80fc1	client/web: populate device details view Fills /details page with real values, passed back from the /data endpoint. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Brad Fitzpatrick	d852c616c6	logtail: fix Logger.Write return result io.Writer says you need to write completely on err=nil. (the result int should be the same as the input buffer length) We weren't doing that. We used to, but at some point the verbose filtering was modifying buf before the final return of len(buf). We've been getting lucky probably, that callers haven't looked at our results and turned us into a short write error. Updates #cleanup Updates tailscale/corp#15664 Change-Id: I01e765ba35b86b759819e38e0072eceb9d10d75c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago
Tom DNetto	11a20f371a	ipn/ipnlocal: fix nil control client panic while updating TKA head As part of tailnet-lock netmap processing, the LocalBackend mutex is unlocked so we can potentially make a network call. Its possible (during shutdown or while the control client is being reset) for b.cc to become nil before the lock is picked up again. Fixes: #9554 Signed-off-by: Tom DNetto <tom@tailscale.com>	7 months ago
Tom DNetto	3496d62ed3	ipn/ipnlocal: add empty address to the app-connector localNets set App connectors handle DNS requests for app domains over PeerAPI, but a safety check verifies the requesting peer has at least permission to send traffic to 0.0.0.0:53 (or 2000:: for IPv6) before handling the DNS request. The correct filter rules are synthesized by the coordination server and sent down, but the address needs to be part of the 'local net' for the filter package to even bother checking the filter rules, so we set them here. See: https://github.com/tailscale/corp/issues/11961 for more information. Signed-off-by: Tom DNetto <tom@tailscale.com> Updates: ENG-2405	7 months ago
Will Norris	fdbe511c41	cmd/tailscale: add -webclient flag to up and set Initially, only expose this flag on dev and unstable builds. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Charlotte Brandhorst-Satzkorn	f937cb6794	tailcfg,ipn,appc: add c2n endpoint for appc domain routes This change introduces a c2n endpoint that returns a map of domains to a slice of resolved IP addresses for the domain. Fixes tailscale/corp#15657 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	7 months ago
Andrew Lytvynov	63062abadc	clientupdate: check whether running as root early (#10161 ) Check for root early, before we fetch the pkgs index. This avoids several seconds delay for the command to tell you to sudo. Updates #cleanup Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
Andrew Lytvynov	9b158db2c6	ipn/localapi: require root or sudo+operator access for SetServeConfig (#10142 ) For an operator user, require them to be able to `sudo tailscale` to use `tailscale serve`. This is similar to the Windows elevated token check. Updates tailscale/corp#15405 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
Will Norris	fc2d63bb8c	go.mod: updates web-client-prebuilt Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Will Norris	623f669239	client/web: pass URL prefix to frontend This allows wouter to route URLs properly when running in CGI mode. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Sonia Appasamy	0753ad6cf8	client/web: move useNodeData out of App component Only loading data once auth request has completed. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Will Norris	d530153d2f	go.mod: bump web-client-prebuilt Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Sonia Appasamy	5e095ddc20	client/web: add initial framework for exit node selector Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	de2af54ffc	client/web: pipe newSession through to readonly view Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	d73e923b73	client/web: add device details view Initial addition of device details view on the frontend. A little more backend piping work to come to fill all of the detail fields, for now using placeholders. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Will Norris	3e9026efda	client/web: show manage button in readonly view We render the readonly view in two situations: - the client is in login mode, and the device is connected - the client is in manage mode, but the user does not yet have a session If the user is not authenticated, and they are not currently on the Tailscale IP address, render a "Manage" button that will take them to the Tailcale IP of the device and immediately start check mode. Still to do is detecting if they have connectivity to the Tailscale IP, and disabling the button if not. Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
Thomas Kosiewski	96a80fcce3	Add support for custom DERP port in TLS prober Updates #10146 Signed-off-by: Thomas Kosiewski <thoma471@googlemail.com>	7 months ago
Charlotte Brandhorst-Satzkorn	839fee9ef4	wgengine/magicsock: handle wireguard only clean up and log messages This change updates log messaging when cleaning up wireguard only peers. This change also stops us unnecessarily attempting to clean up disco pings for wireguard only endpoints. Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	7 months ago
Sonia Appasamy	3269b36bd0	client/web: fix hotreload proxy Previously had HMR websocket set to run from a different port than the http proxy server. This was an old setting carried over from the corp repo admin panel config. It's messing with hot reloads when run from the tailscaled web client, as it keeps causing the full page to refresh each time a connection is made. Switching back to the default config here fixes things. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	942d720a16	cli/web: don't block startup on status req If the status request to check for the preview node cap fails, continue with starting up the legacy client. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Sonia Appasamy	7df2c5d6b1	client/web: add route management for ui pages Using wouter, a lightweight React routing library. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
License Updater	a97ead9ce4	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	7 months ago
License Updater	aeb5a8b123	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	7 months ago
Sonia Appasamy	f2a4c4fa55	client/web: build out client home page Hooks up more of the home page UI. Updates tailscale/corp#14335 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	7 months ago
Andrew Lytvynov	aba4bd0c62	util/winutil: simplify dropping privileges after use (#10099 ) To safely request and drop privileges, runtime.Lock/UnlockOSThread and windows.Impersonate/RevertToSelf should be called. Add these calls to winutil.EnableCurrentThreadPrivilege so that callers don't need to worry about it. Updates https://github.com/tailscale/corp/issues/15488 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	7 months ago
Anton Tolchanov	ef6a6e94f1	derp/derphttp: use a getter method to read server key To hold the mutex while accessing it. Fixes #10122 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	7 months ago
Brad Fitzpatrick	44c6909c92	control/controlclient: move watchdog out of mapSession In prep for making mapSession's lifetime not be 1:1 with a single HTTP response's lifetime, this moves the inactivity timer watchdog out of mapSession and into the caller that owns the streaming HTTP response. (This is admittedly closer to how it was prior to the mapSession type existing, but that was before we connected some dots which were impossible to even see before the mapSession type broke the code up.) Updates #7175 Change-Id: Ia108dac84a4953db41cbd30e73b1de4a2a676c11 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago
Brad Fitzpatrick	c87d58063a	control/controlclient: move lastPrintMap field from Direct to mapSession It was a really a mutable field owned by mapSession that we didn't move in earlier commits. Once moved, it's then possible to de-func-ify the code and turn it into a regular method rather than an installed optional hook. Noticed while working to move map session lifetimes out of Direct.sendMapRequest's single-HTTP-connection scope. Updates #7175 Updates #cleanup Change-Id: I6446b15793953d88d1cabf94b5943bb3ccac3ad9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago

1 2 3 4 5 ...

6741 Commits (ce46d92ed2b905a829a6a6281b90a972f1cfdfcc) All Branches Search

6741 Commits (ce46d92ed2b905a829a6a6281b90a972f1cfdfcc)

All Branches