tailscale

Commit Graph

Author	SHA1	Message	Date
KevinLiang10	550923d953	fix handler related and some nit Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com>	11 months ago
KevinLiang10	8c8750f1b3	ipn/ipnlocal: Support TCP and Web VIP services This commit intend to provide support for TCP and Web VIP services and also allow user to use Tun for VIP services if they want to. The commit includes: 1.Setting TCP intercept function for VIP Services. 2.Update netstack to send packet written from WG to netStack handler for VIP service. 3.Return correct TCP hander for VIP services when netstack acceptTCP. This commit also includes unit tests for if the local backend setServeConfig would set correct TCP intercept function and test if a hander gets returned when getting TCPHandlerForDst. The shouldProcessInbound check is not unit tested since the test result just depends on mocked functions. There should be an integration test to cover shouldProcessInbound and if the returned TCP handler actually does what the serveConfig says. Updates tailscale/corp#24604 Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com>	11 months ago
Brad Fitzpatrick	150cd30b1d	ipn/ipnlocal: also use LetsEncrypt-baked-in roots for cert validation We previously baked in the LetsEncrypt x509 root CA for our tlsdial package. This moves that out into a new "bakedroots" package and is now also shared by ipn/ipnlocal's cert validation code (validCertPEM) that decides whether it's time to fetch a new cert. Otherwise, a machine without LetsEncrypt roots locally in its system roots is unable to use tailscale cert/serve and fetch certs. Fixes #14690 Change-Id: Ic88b3bdaabe25d56b9ff07ada56a27e3f11d7159 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	51adaec35a	Revert "ipn/ipnlocal: re-advertise appc routes on startup (#14609 )" This reverts commit `1b303ee5ba` (#14609). It caused a deadlock; see tailscale/corp#25965 Updates tailscale/corp#25965 Updates #13680 Updates #14606	11 months ago
Irbe Krumina	69a985fb1e	ipn/ipnlocal,tailcfg: communicate to control whether funnel is enabled (#14688 ) Adds a new Hostinfo.IngressEnabled bool field that holds whether funnel is currently enabled for the node. Triggers control update when this value changes. Bumps capver so that control can distinguish the new field being false vs non-existant in previous clients. This is part of a fix for an issue where nodes with any AllowFunnel block set in their serve config are being displayed as if actively routing funnel traffic in the admin panel. Updates tailscale/tailscale#11572 Updates tailscale/corp#25931 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	11 months ago
Irbe Krumina	6c30840cac	ipn: [serve] warn that foreground funnel won't work if shields are up (#14685 ) We throw error early with a warning if users attempt to enable background funnel for a node that does not allow incoming connections (shields up), but if it done in foreground mode, we just silently fail (the funnel command succeeds, but the connections are not allowed). This change makes sure that we also error early in foreground mode. Updates tailscale/tailscale#11049 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	11 months ago
Andrea Gottardo	c79b736a85	ipnlocal: allow overriding os.Hostname() via syspolicy (#14676 ) Updates tailscale/corp#25936 This defines a new syspolicy 'Hostname' and allows an IT administrator to override the value we normally read from os.Hostname(). This is particularly useful on Android and iOS devices, where the hostname we get from the OS is really just the device model (a platform restriction to prevent fingerprinting). If we don't implement this, all devices on the customer's side will look like `google-pixel-7a-1`, `google-pixel-7a-2`, `google-pixel-7a-3`, etc. and it is not feasible for the customer to use the API or worse the admin console to manually fix these names. Apply code review comment by @nickkhyl Signed-off-by: Andrea Gottardo <andrea@gottardo.me> Co-authored-by: Nick Khyl <1761190+nickkhyl@users.noreply.github.com>	11 months ago
Nick Khyl	0481042738	ipn/ipnserver: fix a deadlock in (*Server).blockWhileIdentityInUse If the server was in use at the time of the initial check, but disconnected and was removed from the activeReqs map by the time we registered a waiter, the ready channel will never be closed, resulting in a deadlock. To avoid this, we check whether the server is still busy after registering the wait. Fixes #14655 Signed-off-by: Nick Khyl <nickk@tailscale.com>	11 months ago
Nick Khyl	62fb857857	ipn/ipnserver: fix TestConcurrentOSUserSwitchingOnWindows I made a last-minute change in #14626 to split a single loop that created 1_000 concurrent connections into an inner and outer loop that create 100 concurrent connections 10 times. This introduced a race because the last user's connection may still be active (from the server's perspective) when a new outer iteration begins. Since every new client gets a unique ClientID, but we reuse usernames and UIDs, the server may let a user in (as the UID matches, which is fine), but the test might then fail due to a ClientID mismatch: server_test.go:232: CurrentUser(Initial): got &{S-1-5-21-1-0-0-1001 User-4 <nil> Client-2 false false}; want &{S-1-5-21-1-0-0-1001 User-4 <nil> Client-114 false false} In this PR, we update (*testIPNServer).blockWhileInUse to check whether the server is currently busy and wait until it frees up. We then call blockWhileInUse at the end of each outer iteration so that the server is always in a known idle state at the beginning of the inner loop. We also check that the current user is not set when the server is idle. Updates tailscale/corp#25804 Updates #14655 (found when working on it) Signed-off-by: Nick Khyl <nickk@tailscale.com>	11 months ago
Andrew Lytvynov	1b303ee5ba	ipn/ipnlocal: re-advertise appc routes on startup (#14609 ) There's at least one example of stored routes and advertised routes getting out of sync. I don't know how they got there yet, but this would backfill missing advertised routes on startup from stored routes. Also add logging in LocalBackend.AdvertiseRoute to record when new routes actually get put into prefs. Updates #14606 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	11 months ago
Nick Khyl	6fac2903e1	ipn/ipnserver: fix race condition where LocalBackend is reset after a different user connects In this commit, we add a failing test to verify that ipn/ipnserver.Server correctly sets and unsets the current user when two different clients send requests concurrently (A sends request, B sends request, A's request completes, B's request completes). The expectation is that the user who wins the race becomes the current user from the LocalBackend's perspective, remaining in this state until they disconnect, after which a different user should be able to connect and use the LocalBackend. We then fix the second of two bugs in (*Server).addActiveHTTPRequest, where a race condition causes the LocalBackend's state to be reset after a new client connects, instead of after the last active request of the previous client completes and the server becomes idle. Fixes tailscale/corp#25804 Signed-off-by: Nick Khyl <nickk@tailscale.com>	11 months ago
Nick Khyl	f33f5f99c0	ipn/{ipnlocal,ipnserver}: remove redundant (LocalBackend).ResetForClientDisconnect In this commit, we add a failing test to verify that ipn/ipnserver.Server correctly sets and unsets the current user when two different users connect sequentially (A connects, A disconnects, B connects, B disconnects). We then fix the test by updating (ipn/ipnserver.Server).addActiveHTTPRequest to avoid calling (LocalBackend).ResetForClientDisconnect again after a new user has connected and been set as the current user with (LocalBackend).SetCurrentUser(). Since ipn/ipnserver.Server does not allow simultaneous connections from different Windows users and relies on the LocalBackend's current user, and since we already reset the LocalBackend's state by calling ResetForClientDisconnect when the last active request completes (indicating the server is idle and can accept connections from any Windows user), it is unnecessary to track the last connected user on the ipnserver.Server side or call ResetForClientDisconnect again when the user changes. Additionally, the second call to ResetForClientDisconnect occurs after the new user has been set as the current user, resetting the correct state for the new user instead of the old state of the now-disconnected user, causing issues. Updates tailscale/corp#25804 Signed-off-by: Nick Khyl <nickk@tailscale.com>	11 months ago
Nick Khyl	c3c4c96489	ipn/{ipnauth,ipnlocal,ipnserver}, client/tailscale: make ipnserver.Server testable We update client/tailscale.LocalClient to allow specifying an optional Transport (http.RoundTripper) for LocalAPI HTTP requests, and implement one that injects an ipnauth.TestActor via request headers. We also add several functions and types to make testing an ipn/ipnserver.Server possible (or at least easier). We then use these updates to write basic tests for ipnserver.Server, ensuring it works on non-Windows platforms and correctly sets and unsets the LocalBackend's current user when a Windows user connects and disconnects. We intentionally omit tests for switching between different OS users and will add them in follow-up commits. Updates tailscale/corp#25804 Signed-off-by: Nick Khyl <nickk@tailscale.com>	11 months ago
Nick Khyl	d0ba91bdb2	ipn/ipnserver: use ipnauth.Actor instead of *ipnserver.actor whenever possible In preparation for adding test coverage for ipn/ipnserver.Server, we update it to use ipnauth.Actor instead of its concrete implementation where possible. Updates tailscale/corp#25804 Signed-off-by: Nick Khyl <nickk@tailscale.com>	11 months ago
Brad Fitzpatrick	2fc4455e6d	all: add Node.HomeDERP int, phase out "127.3.3.40:$region" hack [capver 111] This deprecates the old "DERP string" packing a DERP region ID into an IP:port of 127.3.3.40:$REGION_ID and just uses an integer, like PeerChange.DERPRegion does. We still support servers sending the old form; they're converted to the new form internally right when they're read off the network. Updates #14636 Change-Id: I9427ec071f02a2c6d75ccb0fcbf0ecff9f19f26f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Nick Khyl	66269dc934	ipn/ipnlocal: allow Peer API access via either V4MasqAddr or V6MasqAddr when both are set This doesn't seem to have any immediate impact, but not allowing access via the IPv6 masquerade address when an IPv4 masquerade address is also set seems like a bug. Updates #cleanup Updates #14570 (found when working on it) Signed-off-by: Nick Khyl <nickk@tailscale.com>	11 months ago
Brad Fitzpatrick	cfda1ff709	cmd/viewer,all: consistently use "read-only" instead of "readonly" Updates #cleanup Change-Id: I8e4e3497d3d0ec5b16a73aedda500fe5cfa37a67 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Nick Khyl	da9965d51c	cmd/viewer,types/views,various: avoid allocations in pointer field getters whenever possible In this PR, we add a generic views.ValuePointer type that can be used as a view for pointers to basic types and struct types that do not require deep cloning and do not have corresponding view types. Its Get/GetOk methods return stack-allocated shallow copies of the underlying value. We then update the cmd/viewer codegen to produce getters that return either concrete views when available or ValuePointer views when not, for pointer fields in generated view types. This allows us to avoid unnecessary allocations compared to returning pointers to newly allocated shallow copies. Updates #14570 Signed-off-by: Nick Khyl <nickk@tailscale.com>	11 months ago
Brad Fitzpatrick	69b90742fe	util/uniq,types/lazy,*: delete code that's now in Go std sync.OnceValue and slices.Compact were both added in Go 1.21. cmp.Or was added in Go 1.22. Updates #8632 Updates #11058 Change-Id: I89ba4c404f40188e1f8a9566c8aaa049be377754 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
KevinLiang10	2af255790d	ipn/ipnlocal: add VIPServices hash to return body of vip-services c2n endpoint This commit updates the return body of c2n endpoint /vip-services to keep hash generation logic on client side. Updates tailscale/corp#24510 Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com>	11 months ago
Irbe Krumina	fc8b6d9c6a	ipn/conf.go: add VIPServices to tailscaled configfile (#14345 ) Updates tailscale/corp#24795 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	11 months ago
Nahum Shalman	9373a1b902	all: illumos/solaris userspace only support Updates #14565 Change-Id: I743148144938794db0a224873ce76c10dbe6fa5f Signed-off-by: Nahum Shalman <nahamu@gmail.com>	11 months ago
Brad Fitzpatrick	8d6b996483	ipn/ipnlocal: add client metric gauge for number of IPNBus connections Updates #1708 Change-Id: Ic7e28d692b4c48e78c842c26234b861fe42a916e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
KevinLiang10	009da8a364	ipn/ipnlocal: connect serve config to c2n endpoint This commit updates the VIPService c2n endpoint on client to response with actual VIPService configuration stored in the serve config. Fixes tailscale/corp#24510 Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com>	11 months ago
Brad Fitzpatrick	041622c92f	ipn/ipnlocal: move where auto exit node selection happens In the process, because I needed it for testing, make all LocalBackend-managed goroutines be accounted for. And then in tests, verify they're no longer running during LocalBackend.Shutdown. Updates tailscale/corp#19681 Change-Id: Iad873d4df7d30103a4a7863dfacf9e078c77e6a3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	07aae18bca	ipn/ipnlocal, util/goroutines: track goroutines for tests, shutdown Updates #14520 Updates #14517 (in that I pulled this out of there) Change-Id: Ibc28162816e083fcadf550586c06805c76e378fc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	2fb361a3cf	ipn: declare NotifyWatchOpt consts without using iota Updates #cleanup Updates #1909 (noticed while working on that) Change-Id: I505001e5294287ad2a937b4db61d9e67de70fa14 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	2b8f02b407	ipn: convert ServeConfig Range methods to iterators These were the last two Range funcs in this repo. Updates #12912 Change-Id: I6ba0a911933cb5fc4e43697a9aac58a8035f9622 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	4b56bf9039	types/views: remove various Map Range funcs; use iterators everywhere The remaining range funcs in the tree are RangeOverTCPs and RangeOverWebs in ServeConfig; those will be cleaned up separately. Updates #12912 Change-Id: Ieeae4864ab088877263c36b805f77aa8e6be938d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	47bd0723a0	all: use iterators in more places instead of Range funcs And misc cleanup along the way. Updates #12912 Change-Id: I0cab148b49efc668c6f5cdf09c740b84a713e388 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	1e2e319e7d	util/slicesx: add MapKeys and MapValues from golang.org/x/exp/maps Importing the ~deprecated golang.org/x/exp/maps as "xmaps" to not shadow the std "maps" was getting ugly. And using slices.Collect on an iterator is verbose & allocates more. So copy (x)maps.Keys+Values into our slicesx package instead. Updates #cleanup Updates #12912 Updates #14514 (pulled out of that change) Change-Id: I5e68d12729934de93cf4a9cd87c367645f86123a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	e3bcb2ec83	ipn/ipnlocal: use context.CancelFunc type for doc clarity Using context.CancelFunc as the type (instead of func()) answers questions like whether it's okay to call it multiple times, whether it blocks, etc. And that's the type it actually is in this case. Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	03b9361f47	ipn: update reference to Notify's Swift definition Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Brad Fitzpatrick	ff095606cc	all: add means to set device posture attributes from node Updates tailscale/corp#24690 Updates #4077 Change-Id: I05fe799beb1d2a71d1ec3ae08744cc68bcadae2a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Joe Tsai	b62a013ecb	Switch logging service from log.tailscale.io to log.tailscale.com (#14398 ) Updates tailscale/corp#23617 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	12 months ago
James Tucker	7f9ebc0a83	cmd/tailscale,net/netcheck: add debug feature to force preferred DERP This provides an interface for a user to force a preferred DERP outcome for all future netchecks that will take precedence unless the forced region is unreachable. The option does not persist and will be lost when the daemon restarts. Updates tailscale/corp#18997 Updates tailscale/corp#24755 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
KevinLiang10	3f54572539	IPN: Update ServeConfig to accept configuration for Services. This commit updates ServeConfig to allow configuration to Services (VIPServices for now) via Serve. The scope of this commit is only adding the Services field to ServeConfig. The field doesn't actually allow packet flowing yet. The purpose of this commit is to unblock other work on k8s end. Updates #22953 Signed-off-by: KevinLiang10 <37811973+KevinLiang10@users.noreply.github.com>	1 year ago
Anton Tolchanov	bb80f14ff4	ipn/localapi: count localapi requests to metric endpoints Updates tailscale/corp#22075 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Mario Minardi	26de518413	ipn/ipnlocal: only check CanUseExitNode if we are attempting to use one (#14230 ) In https://github.com/tailscale/tailscale/pull/13726 we added logic to `checkExitNodePrefsLocked` to error out on platforms where using an exit node is unsupported in order to give users more obvious feedback than having this silently fail downstream. The above change neglected to properly check whether the device in question was actually trying to use an exit node when doing the check and was incorrectly returning an error on any calls to `checkExitNodePrefsLocked` on platforms where using an exit node is not supported as a result. This change remedies this by adding a check to see whether the device is attempting to use an exit node before doing the `CanUseExitNode` check. Updates https://github.com/tailscale/corp/issues/24835 Signed-off-by: Mario Minardi <mario@tailscale.com>	1 year ago
Nick Khyl	36b7449fea	ipn/ipnlocal: rebuild allowed suggested exit nodes when syspolicy changes In this PR, we update LocalBackend to rebuild the set of allowed suggested exit nodes whenever the AllowedSuggestedExitNodes syspolicy setting changes. Additionally, we request a new suggested exit node when this occurs, enabling its use if the ExitNodeID syspolicy setting is set to auto:any. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	eb3cd32911	ipn/ipnlocal: update ipn.Prefs when there's a change in syspolicy settings In this PR, we update ipnlocal.NewLocalBackend to subscribe to policy change notifications and reapply syspolicy settings to the current profile's ipn.Prefs whenever a change occurs. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	2ab66d9698	ipn/ipnlocal: move syspolicy handling from setExitNodeID to applySysPolicy This moves code that handles ExitNodeID/ExitNodeIP syspolicy settings from (*LocalBackend).setExitNodeID to applySysPolicy. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	462e1fc503	ipn/{ipnlocal,localapi}, wgengine/netstack: call (*LocalBackend).Shutdown when tests that create them complete We have several places where LocalBackend instances are created for testing, but they are rarely shut down when the tests that created them exit. In this PR, we update newTestLocalBackend and similar functions to use testing.TB.Cleanup(lb.Shutdown) to ensure LocalBackend instances are properly shut down during test cleanup. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Irbe Krumina	00517c8189	kube/{kubeapi,kubeclient},ipn/store/kubestore,cmd/{containerboot,k8s-operator}: emit kube store Events (#14112 ) Adds functionality to kube client to emit Events. Updates kube store to emit Events when tailscaled state has been loaded, updated or if any errors where encountered during those operations. This should help in cases where an error related to state loading/updating caused the Pod to crash in a loop- unlike logs of the originally failed container instance, Events associated with the Pod will still be accessible even after N restarts. Updates tailscale/tailscale#14080 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Brad Fitzpatrick	da70a84a4b	ipn/ipnlocal: fix build, remove another Notify.BackendLogID reference that crept in I merged `5cae7c51bf` (removing Notify.BackendLogID) and `93db503565` (adding another reference to Notify.BackendLogID) that didn't have merge conflicts, but didn't compile together. This removes the new reference, fixing the build. Updates #14129 Change-Id: I9bb68efd977342ea8822e525d656817235039a66 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	93db503565	ipn/ipnlocal: add IPN Bus NotifyRateLimit watch bit NotifyRateLimit Limit spamming GUIs with boring updates to once in 3 seconds, unless the notification is relatively interesting and the GUI should update immediately. This is basically @barnstar's #14119 but with the logic moved to be per-watch-session (since the bit is per session), rather than globally. And this distinguishes notable Notify messages (such as state changes) and makes them send immediately. Updates tailscale/corp#24553 Change-Id: I79cac52cce85280ce351e65e76ea11e107b00b49 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	5cae7c51bf	ipn: remove unused Notify.BackendLogID Updates #14129 Change-Id: I13b5df8765e786a4a919d6b2e72afe987000b2d1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Naman Sood	aefbed323f	ipn,tailcfg: add VIPService struct and c2n to fetch them from client (#14046 ) * ipn,tailcfg: add VIPService struct and c2n to fetch them from client Updates tailscale/corp#22743, tailscale/corp#22955 Signed-off-by: Naman Sood <mail@nsood.in> * more review fixes Signed-off-by: Naman Sood <mail@nsood.in> * don't mention PeerCapabilityServicesDestination since it's currently unused Signed-off-by: Naman Sood <mail@nsood.in> --------- Signed-off-by: Naman Sood <mail@nsood.in>	1 year ago
Brad Fitzpatrick	4e0fc037e6	all: use iterators over slice views more This gets close to all of the remaining ones. Updates #12912 Change-Id: I9c672bbed2654a6c5cab31e0cbece6c107d8c6fa Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Anton Tolchanov	64d70fb718	ipn/ipnlocal: log a summary of posture identity response Perhaps I was too opimistic in #13323 thinking we won't need logs for this. Let's log a summary of the response without logging specific identifiers. Updates tailscale/corp#24437 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Irbe Krumina	2c8859c2e7	client/tailscale,ipn/{ipnlocal,localapi}: add a pre-shutdown localAPI endpoint that terminates control connections. (#14028 ) Adds a /disconnect-control local API endpoint that just shuts down control client. This can be run before shutting down an HA subnet router/app connector replica - it will ensure that all connection to control are dropped and control thus considers this node inactive and tells peers to switch over to another replica. Meanwhile the existing connections keep working (assuming that the replica is given some graceful shutdown period). Updates tailscale/tailscale#14020 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Brad Fitzpatrick	01185e436f	types/result, util/lineiter: add package for a result type, use it This adds a new generic result type (motivated by golang/go#70084) to try it out, and uses it in the new lineutil package (replacing the old lineread package), changing that package to return iterators: sometimes over []byte (when the input is all in memory), but sometimes iterators over results of []byte, if errors might happen at runtime. Updates #12912 Updates golang/go#70084 Change-Id: Iacdc1070e661b5fb163907b1e8b07ac7d51d3f83 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	d09e9d967f	ipn/ipnlocal: reload prefs correctly on ReloadConfig We were only updating the ProfileManager and not going down the EditPrefs path which meant the prefs weren't applied till either the process restarted or some other pref changed. This makes it so that we reconfigure everything correctly when ReloadConfig is called. Updates #13032 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Nick Khyl	3f626c0d77	cmd/tailscale/cli, client/tailscale, ipn/localapi: add tailscale syspolicy {list,reload} commands In this PR, we add the tailscale syspolicy command with two subcommands: list, which displays policy settings, and reload, which forces a reload of those settings. We also update the LocalAPI and LocalClient to facilitate these additions. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Irbe Krumina	45354dab9b	ipn,tailcfg: add app connector config knob to conffile (#13942 ) Make it possible to advertise app connector via a new conffile field. Also bumps capver - conffile deserialization errors out if unknonw fields are set, so we need to know which clients understand the new field. Updates tailscale/tailscale#11113 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Anton Tolchanov	9545e36007	cmd/tailscale/cli: add 'tailscale metrics' command - `tailscale metrics print`: to show metric values in console - `tailscale metrics write`: to write metrics to a file (with a tempfile & rename dance, which is atomic on Unix). Also, remove the `TS_DEBUG_USER_METRICS` envknob as we are getting more confident in these metrics. Updates tailscale/corp#22075 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Anton Tolchanov	38af62c7b3	ipn/ipnlocal: remove the primary routes gauge for now Not confident this is the right way to expose this, so let's remote it for now. Updates tailscale/corp#22075 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Anton Tolchanov	94fa6d97c5	ipn/ipnlocal: log errors while fetching serial numbers If the client cannot fetch a serial number, write a log message helping the user understand what happened. Also, don't just return the error immediately, since we still have a chance to collect network interface addresses. Updates #5902 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Irbe Krumina	9d1348fe21	ipn/store/kubestore: don't error if state cannot be preloaded (#13926 ) Preloading of state from kube Secret should not error if the Secret does not exist. Updates tailscale/tailscale#7671 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Irbe Krumina	853fe3b713	ipn/store/kubestore: cache state in memory (#13918 ) Cache state in memory on writes, read from memory in reads. kubestore was previously always reading state from a Secret. This change should fix bugs caused by temporary loss of access to kube API server and imporove overall performance Fixes #7671 Updates tailscale/tailscale#12079,tailscale/tailscale#13900 Signed-off-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Nick Khyl	e815ae0ec4	util/syspolicy, ipn/ipnlocal: update syspolicy package to utilize syspolicy/rsop In this PR, we update the syspolicy package to utilize syspolicy/rsop under the hood, and remove syspolicy.CachingHandler, syspolicy.windowsHandler and related code which is no longer used. We mark the syspolicy.Handler interface and RegisterHandler/SetHandlerForTest functions as deprecated, but keep them temporarily until they are no longer used in other repos. We also update the package to register setting definitions for all existing policy settings and to register the Registry-based, Windows-specific policy stores when running on Windows. Finally, we update existing internal and external tests to use the new API and add a few more tests and benchmarks. Updates #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	874db2173b	ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login We add the ClientID() method to the ipnauth.Actor interface and updated ipnserver.actor to implement it. This method returns a unique ID of the connected client if the actor represents one. It helps link a series of interactions initiated by the client, such as when a notification needs to be sent back to a specific session, rather than all active sessions, in response to a certain request. We also add LocalBackend.WatchNotificationsAs and LocalBackend.StartLoginInteractiveAs methods, which are like WatchNotifications and StartLoginInteractive but accept an additional parameter specifying an ipnauth.Actor who initiates the operation. We store these actor identities in watchSession.owner and LocalBackend.authActor, respectively,and implement LocalBackend.sendTo and related helper methods to enable sending notifications to watchSessions associated with actors (or, more broadly, identifiable recipients). We then use the above to change who receives the BrowseToURL notifications: - For user-initiated, interactive logins, the notification is delivered only to the user who initiated the process. If the initiating actor represents a specific connected client, the URL notification is sent back to the same LocalAPI client that called StartLoginInteractive. Otherwise, the notification is sent to all clients connected as that user. Currently, we only differentiate between users on Windows, as it is inherently a multi-user OS. - In all other cases (e.g., node key expiration), we send the notification to all connected users. Updates tailscale/corp#18342 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Naman Sood	22c89fcb19	cmd/tailscale,ipn,tailcfg: add `tailscale advertise` subcommand behind envknob (#13734 ) Signed-off-by: Naman Sood <mail@nsood.in>	1 year ago
Mario Minardi	d32d742af0	ipn/ipnlocal: error when trying to use exit node on unsupported platform (#13726 ) Adds logic to `checkExitNodePrefsLocked` to return an error when attempting to use exit nodes on a platform where this is not supported. This mirrors logic that was added to error out when trying to use `ssh` on an unsupported platform, and has very similar semantics. Fixes https://github.com/tailscale/tailscale/issues/13724 Signed-off-by: Mario Minardi <mario@tailscale.com>	1 year ago
Brad Fitzpatrick	508980603b	ipn/conffile: don't depend on hujson on iOS/Android Fixes #13772 Change-Id: I3ae03a5ee48c801f2e5ea12d1e54681df25d4604 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	2531065d10	clientupdate, ipn/localapi: don't use google/uuid, thin iOS deps We were using google/uuid in two places and that brought in database/sql/driver. We didn't need it in either place. Updates #13760 Updates tailscale/corp#20099 Change-Id: Ieed32f1bebe35d35f47ec5a2a429268f24f11f1f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Nick Khyl	da40609abd	util/syspolicy, ipn: add "tailscale debug component-logs" support Fixes #13313 Fixes #12687 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Brad Fitzpatrick	383120c534	ipn/ipnlocal: don't run portlist code unless service collection is on We were selectively uploading it, but we were still gathering it, which can be a waste of CPU. Also remove a bunch of complexity that I don't think matters anymore. And add an envknob to force service collection off on a single node, even if the tailnet policy permits it. Fixes #13463 Change-Id: Ib6abe9e29d92df4ffa955225289f045eeeb279cf Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Kristoffer Dalby	77832553e5	ipn/ipnlocal: add advertised and primary route metrics Updates tailscale/corp#22075 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	1 year ago
Kristoffer Dalby	7d1160ddaa	{ipn,net,tsnet}: use tsaddr helpers Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	1 year ago
Kristoffer Dalby	0e0e53d3b3	util/usermetrics: make usermetrics non-global this commit changes usermetrics to be non-global, this is a building block for correct metrics if a go process runs multiple tsnets or in tests. Updates #13420 Updates tailscale/corp#22075 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	1 year ago
Andrea Gottardo	8a6f48b455	cli: add `tailscale dns query` (#13368 ) Updates tailscale/tailscale#13326 Adds a CLI subcommand to perform DNS queries using the internal DNS forwarder and observe its internals (namely, which upstream resolvers are being used). Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	1 year ago
Joe Tsai	dc86d3589c	types/views: add SliceView.All iterator (#13536 ) And convert a all relevant usages. Updates #12912 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
Brad Fitzpatrick	9f9470fc10	ipnlocal,proxymap,wgengine/netstack: add optional WhoIs/proxymap debug Updates tailscale/corp#20600 Change-Id: I2bb17af0f40603ada1ba4cecc087443e00f9392a Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	0970615b1b	ipn/ipnlocal: don't program system DNS when node key is expired (#13370 ) This mimics having Tailscale in the 'Stopped' state by programming an empty DNS configuration when the current node key is expired. Updates tailscale/support-escalations#55 Change-Id: I68ff4665761fb621ed57ebf879263c2f4b911610 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	1 year ago
Irbe Krumina	209567e7a0	kube,cmd/{k8s-operator,containerboot},envknob,ipn/store/kubestore,*/depaware.txt: rename packages (#13418 ) Rename kube/{types,client,api} -> kube/{kubetypes,kubeclient,kubeapi} so that we don't need to rename the package on each import to convey that it's kubernetes specific. Updates#cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Irbe Krumina	d6dfb7f242	kube,cmd/{k8s-operator,containerboot},envknob,ipn/store/kubestore,*/depaware.txt: split out kube types (#13417 ) Further split kube package into kube/{client,api,types}. This is so that consumers who only need constants/static types don't have to import the client and api bits. Updates#cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Nick Khyl	e7b5e8c8cd	ipn/ipnserver: remove IdleTimeout We no longer need this on Windows, and it was never required on other platforms. It just results in more short-lived connections unless we use HTTP/2. Updates tailscale/corp#18342 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Anton Tolchanov	fd6686d81a	tka: truncate long rotation signature chains When a rotation signature chain reaches a certain size, remove the oldest rotation signature from the chain before wrapping it in a new rotation signature. Since all previous rotation signatures are signed by the same wrapping pubkey (node's own tailnet lock key), the node can re-construct the chain, re-signing previous rotation signatures. This will satisfy the existing certificate validation logic. Updates #13185 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Andrea Gottardo	d060b3fa02	cli: implement `tailscale dns status` (#13353 ) Updates tailscale/tailscale#13326 This PR begins implementing a `tailscale dns` command group in the Tailscale CLI. It provides an initial implementation of `tailscale dns status` which dumps the state of the internal DNS forwarder. Two new endpoints were added in LocalAPI to support the CLI functionality: - `/netmap`: dumps a copy of the last received network map (because the CLI shouldn't have to listen to the ipn bus for a copy) - `/dns-osconfig`: dumps the OS DNS configuration (this will be very handy for the UI clients as well, as they currently do not display this information) My plan is to implement other subcommands mentioned in tailscale/tailscale#13326, such as `query`, in later PRs. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	1 year ago
Nick Khyl	5bc9fafab8	ipn/ipnlocal: always send auth URL notifications when a user requests interactive login This PR changes how LocalBackend handles interactive (initiated via StartLoginInteractive) and non-interactive (e.g., due to key expiration) logins, and when it sends the authURL to the connected clients. Specifically, - When a user initiates an interactive login by clicking Log In in the GUI, the LocalAPI calls StartLoginInteractive. If an authURL is available and hasn't expired, we immediately send it to all connected clients, suggesting them to open that URL in a browser. Otherwise, we send a login request to the control plane and set a flag indicating that an interactive login is in progress. - When LocalBackend receives an authURL from the control plane, we check if it differs from the previous one and whether an interactive login is in progress. If either condition is true, we notify all connected clients with the new authURL and reset the interactive login flag. We reset the auth URL and flags upon a successful authentication, when a different user logs in and when switching Tailscale login profiles. Finally, we remove the redundant dedup logic added to WatchNotifications in #12096 and revert the tests to their original state to ensure that calling StartLoginInteractive always produces BrowseToURL notifications, either immediately or when the authURL is received from the control plane. Fixes #13296 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	2f2aeaeaeb	ipn/ipnlocal: fix a nil pointer dereference when serving /localapi/v0/tka/status Fixes #13330 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	959285e0c5	ipn/ipnlocal: fix race condition that results in a panic sending on a closed channel Fixes #13288 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	b48c8db69c	ipn/ipnlocal: set WantRunning upon an interactive login, but not during a seamless renewal or a profile switch The LocalBackend's state machine starts in NoState and soon transitions to NeedsLogin if there's no auto-start profile, with the profileManager starting with a new empty profile. Notably, entering the NeedsLogin state blocks engine updates. We expect the user to transition out of this state by logging in interactively, and we set WantRunning to true when controlclient enters the StateAuthenticated state. While our intention is correct, and completing an interactive login should set WantRunning to true, our assumption that logging into the current Tailscale profile is the only way to transition out of the NeedsLogin state is not accurate. Another common transition path includes an explicit profile switch (via LocalBackend.SwitchProfile) or an implicit switch when a Windows user connects to the backend. This results in a bug where WantRunning is set to true even when it was previously set to false, and the user expressed no intention of changing it. A similar issue occurs when switching from (sic) a Tailnet that has seamlessRenewalEnabled, regardless of the current state of the LocalBackend's state machine, and also results in unexpectedly set WantRunning. While this behavior is generally undesired, it is also incorrect that it depends on the control knobs of the Tailnet we're switching from rather than the Tailnet we're switching to. However, this issue needs to be addressed separately. This PR updates LocalBackend.SetControlClientStatus to only set WantRunning to true in response to an interactive login as indicated by a non-empty authURL. Fixes #6668 Fixes #11280 Updates #12756 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	80b2b45d60	ipn/ipnlocal: refactor and cleanup profileManager In preparation for multi-user and unattended mode improvements, we are refactoring and cleaning up `ipn/ipnlocal.profileManager`. The concept of the "current user", which is only relevant on Windows, is being deprecated and will soon be removed to allow more than one Windows user to connect and utilize `LocalBackend` according to that user's access rights to the device and specific Tailscale profiles. We plan to pass the user's identity down to the `profileManager`, where it can be used to determine the user's access rights to a given `LoginProfile`. While the new permission model in `ipnauth` requires more work and is currently blocked pending PR reviews, we are updating the `profileManager` to reduce its reliance on the concept of a single OS user being connected to the backend at the same time. We extract the switching to the default Tailscale profile, which may also trigger legacy profile migration, from `profileManager.SetCurrentUserID`. This introduces `profileManager.DefaultUserProfileID`, which returns the default profile ID for the current user, and `profileManager.SwitchToDefaultProfile`, which is essentially a shorthand for `pm.SwitchProfile(pm.DefaultUserProfileID())`. Both methods will eventually be updated to accept the user's identity and utilize that user's default profile. We make access checks more explicit by introducing the `profileManager.checkProfileAccess` method. The current implementation continues to use `profileManager.currentUserID` and `LoginProfile.LocalUserID` to determine whether access to a given profile should be granted. This will be updated to utilize the `ipnauth` package and the new permissions model once it's ready. We also expand access checks to be used more widely in the `profileManager`, not just when switching or listing profiles. This includes access checks in methods like `SetPrefs` and, most notably, `DeleteProfile` and `DeleteAllProfiles`, preventing unprivileged Windows users from deleting Tailscale profiles owned by other users on the same device, including profiles owned by local admins. We extract `profileManager.ProfilePrefs` and `profileManager.SetProfilePrefs` methods that can be used to get and set preferences of a given `LoginProfile` if `profileManager.checkProfileAccess` permits access to it. We also update `profileManager.setUnattendedModeAsConfigured` to always enable unattended mode on Windows if `Prefs.ForceDaemon` is true in the current `LoginProfile`, even if `profileManager.currentUserID` is `""`. This facilitates enabling unattended mode via `tailscale up --unattended` even if `tailscale-ipn.exe` is not running, such as when a Group Policy or MDM-deployed script runs at boot time, or when Tailscale is used on a Server Code or otherwise headless Windows environments. See #12239, #2137, #3186 and https://github.com/tailscale/tailscale/pull/6255#issuecomment-2016623838 for details. Fixes #12239 Updates tailscale/corp#18342 Updates #3186 Updates #2137 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Nick Khyl	961ee321e8	ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend Currently, we use PermitRead/PermitWrite/PermitCert permission flags to determine which operations are allowed for a LocalAPI client. These checks are performed when localapi.Handler handles a request. Additionally, certain operations (e.g., changing the serve config) requires the connected user to be a local admin. This approach is inherently racey and is subject to TOCTOU issues. We consider it to be more critical on Windows environments, which are inherently multi-user, and therefore we prevent more than one OS user from connecting and utilizing the LocalBackend at the same time. However, the same type of issues is also applicable to other platforms when switching between profiles that have different OperatorUser values in ipn.Prefs. We'd like to allow more than one Windows user to connect, but limit what they can see and do based on their access rights on the device (e.g., an local admin or not) and to the currently active LoginProfile (e.g., owner/operator or not), while preventing TOCTOU issues on Windows and other platforms. Therefore, we'd like to pass an actor from the LocalAPI to the LocalBackend to represent the user performing the operation. The LocalBackend, or the profileManager down the line, will then check the actor's access rights to perform a given operation on the device and against the current (and/or the target) profile. This PR does not change the current permission model in any way, but it introduces the concept of an actor and includes some preparatory work to pass it around. Temporarily, the ipnauth.Actor interface has methods like IsLocalSystem and IsLocalAdmin, which are only relevant to the current permission model. It also lacks methods that will actually be used in the new model. We'll be adding these gradually in the next PRs and removing the deprecated methods and the Permit* flags at the end of the transition. Updates tailscale/corp#18342 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Kristoffer Dalby	a2c42d3cd4	usermetric: add initial user-facing metrics This commit adds a new usermetric package and wires up metrics across the tailscale client. Updates tailscale/corp#22075 Co-authored-by: Anton Tolchanov <anton@tailscale.com> Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	1 year ago
James Tucker	8af50fa97c	ipn/ipnlocal: update routes on link change with ExitNodeAllowLANAccess On a major link change the LAN routes may change, so on linkChange where ChangeDelta.Major, we need to call authReconfig to ensure that new routes are observed and applied. Updates tailscale/corp#22574 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Jordan Whited	641693d61c	ipn/ipnlocal: install IPv6 service addr route (#13252 ) This is the equivalent of quad-100, but for IPv6. This is technically already contained in the Tailscale IPv6 ULA prefix, but that is only installed when remote peers are visible via control with contained addrs. The service addr should always be reachable. Updates #1152 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Brad Fitzpatrick	e54c81d1d0	types/views: add Slice.All iterator And convert a few callers as an example, but nowhere near all. Updates #12912 Change-Id: I5eaa12a29a6cd03b58d6f1072bd27bc0467852f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Percy Wegmann	4637ac732e	ipn/ipnlocal: remember last notified taildrive shares and only notify if they've changed Fixes #13195 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 year ago
Anton Tolchanov	151b77f9d6	cmd/tl-longchain: tool to re-sign nodes with long rotation signatures In Tailnet Lock, there is an implicit limit on the number of rotation signatures that can be chained before the signature becomes too long. This program helps tailnet admins to identify nodes that have signatures with long chains and prints commands to re-sign those node keys with a fresh direct signature. It's a temporary mitigation measure, and we will remove this tool as we design and implement a long-term approach for rotation signatures. Example output: ``` 2024/08/20 18:25:03 Self: does not need re-signing 2024/08/20 18:25:03 Visible peers with valid signatures: 2024/08/20 18:25:03 Peer xxx2.yy.ts.net. (100.77.192.34) nodeid=nyDmhiZiGA11KTM59, current signature kind=direct: does not need re-signing 2024/08/20 18:25:03 Peer xxx3.yy.ts.net. (100.84.248.22) nodeid=ndQ64mDnaB11KTM59, current signature kind=direct: does not need re-signing 2024/08/20 18:25:03 Peer xxx4.yy.ts.net. (100.85.253.53) nodeid=nmZfVygzkB21KTM59, current signature kind=rotation: chain length 4, printing command to re-sign tailscale lock sign nodekey:530bddbfbe69e91fe15758a1d6ead5337aa6307e55ac92dafad3794f8b3fc661 tlpub:4bf07597336703395f2149dce88e7c50dd8694ab5bbde3d7c2a1c7b3e231a3c2 ``` To support this, the NetworkLockStatus localapi response now includes information about signatures of all peers rather than just the invalid ones. This is not displayed by default in `tailscale lock status`, but will be surfaced in `tailscale lock status --json`. Updates #13185 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Kristoffer Dalby	01aa01f310	ipn/ipnlocal: network-lock, error if no pubkey instead of panic Updates tailscale/corp#20931 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	1 year ago
Andrea Gottardo	9d2b1820f1	ipnlocal: support setting authkey at login using syspolicy (#13061 ) Updates tailscale/corp#22120 Adds the ability to start the backend by reading an authkey stored in the syspolicy database (MDM). This is useful for devices that are provisioned in an unattended fashion. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	1 year ago
Percy Wegmann	74b9fa1348	ipn/localapi: only flush relevant data in multiFilePostResponseWriter.Flush() This prevents two things: 1. Crashing if there's no response body 2. Sending a nonsensical 0 response status code Updates tailscale/corp#22357 Signed-off-by: Percy Wegmann <percy@tailscale.com>	1 year ago
Brad Fitzpatrick	4c2e978f1e	cmd/tailscale/cli: support passing network lock keys via files Fixes tailscale/corp#22356 Change-Id: I959efae716a22bcf582c20d261fb1b57bacf6dd9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Naman Sood	f79183dac7	cmd/tsidp: add funnel support (#12591 ) * cmd/tsidp: add funnel support Updates #10263. Signed-off-by: Naman Sood <mail@nsood.in> * look past funnel-ingress-node to see who we're authenticating Signed-off-by: Naman Sood <mail@nsood.in> * fix comment typo Signed-off-by: Naman Sood <mail@nsood.in> * address review feedback, support Basic auth for /token Turns out you need to support Basic auth if you do client ID/secret according to OAuth. Signed-off-by: Naman Sood <mail@nsood.in> * fix typos Signed-off-by: Naman Sood <mail@nsood.in> * review fixes Signed-off-by: Naman Sood <mail@nsood.in> * remove debugging log Signed-off-by: Naman Sood <mail@nsood.in> * add comments, fix header Signed-off-by: Naman Sood <mail@nsood.in> --------- Signed-off-by: Naman Sood <mail@nsood.in>	1 year ago
Andrea Gottardo	949b15d858	net/captivedetection: call SetHealthy once connectivity restored (#12974 ) Fixes tailscale/tailscale#12973 Updates tailscale/tailscale#1634 There was a logic issue in the captive detection code we shipped in https://github.com/tailscale/tailscale/pull/12707. Assume a captive portal has been detected, and the user notified. Upon switching to another Wi-Fi that does not have a captive portal, we were issuing a signal to interrupt any pending captive detection attempt. However, we were not also setting the `captive-portal-detected` warnable to healthy. The result was that any "captive portal detected" alert would not be cleared from the UI. Also fixes a broken log statement value. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	1 year ago
Andrea Gottardo	90be06bd5b	health: introduce captive-portal-detected Warnable (#12707 ) Updates tailscale/tailscale#1634 This PR introduces a new `captive-portal-detected` Warnable which is set to an unhealthy state whenever a captive portal is detected on the local network, preventing Tailscale from connecting. ipn/ipnlocal: fix captive portal loop shutdown Change-Id: I7cafdbce68463a16260091bcec1741501a070c95 net/captivedetection: fix mutex misuse ipn/ipnlocal: ensure that we don't fail to start the timer Change-Id: I3e43fb19264d793e8707c5031c0898e48e3e7465 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	1 year ago
Irbe Krumina	57856fc0d5	ipn,wgengine/magicsock: allow setting static node endpoints via tailscaled configfile (#12882 ) wgengine/magicsock,ipn: allow setting static node endpoints via tailscaled config file. Adds a new StaticEndpoints field to tailscaled config that can be used to statically configure the endpoints that the node advertizes. This field will replace TS_DEBUG_PRETENDPOINTS env var that can be used to achieve the same. Additionally adds some functionality that ensures that endpoints are updated when configfile is reloaded. Also, refactor configuring/reconfiguring components to use the same functionality when configfile is parsed the first time or subsequent times (after reload). Previously a configfile reload did not result in resetting of prefs. Now it does- but does not yet tell the relevant components to consume the new prefs. This is to be done in a follow-up. Updates tailscale/tailscale#12578 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	1 year ago
Andrew Lytvynov	e7bf6e716b	cmd/tailscale: add --min-validity flag to the cert command (#12822 ) Some users run "tailscale cert" in a cron job to renew their certificates on disk. The time until the next cron job run may be long enough for the old cert to expire with our default heristics. Add a `--min-validity` flag which ensures that the returned cert is valid for at least the provided duration (unless it's longer than the cert lifetime set by Let's Encrypt). Updates #8725 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Adrian Dewhurst	54f58d1143	ipn/ipnlocal: add comment explaining auto exit node migration Updates tailscale/corp#19681 Change-Id: I6d396780b058ff0fbea0e9e53100f04ef3b76339 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	1 year ago
Adrian Dewhurst	8882c6b730	ipn/ipnlocal: wait for DERP before auto exit node migration Updates tailscale/corp#19681 Change-Id: I31dec154aa3b5edba01f10eec37640f631729cb2 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	1 year ago
Adrian Dewhurst	0834712c91	ipn: allow FQDN in exit node selection To match the format of exit node suggestions and ensure that the result is not ambiguous, relax exit node CLI selection to permit using a FQDN including the trailing dot. Updates #12618 Change-Id: I04b9b36d2743154aa42f2789149b2733f8555d3f Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	1 year ago
Anton Tolchanov	5d61d1c7b0	log/sockstatlog: don't block for more than 5s on shutdown Fixes tailscale/corp#21618 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Claire Wang	49bf63cdd0	ipn/ipnlocal: check for offline auto exit node in SetControlClientStatus (#12772 ) Updates tailscale/corp#19681 Signed-off-by: Claire Wang <claire@tailscale.com>	1 year ago
Nick Khyl	fc28c8e7f3	cmd/cloner, cmd/viewer, util/codegen: add support for generic types and interfaces This adds support for generic types and interfaces to our cloner and viewer codegens. It updates these packages to determine whether to make shallow or deep copies based on the type parameter constraints. Additionally, if a template parameter or an interface type has View() and Clone() methods, we'll use them for getters and the cloner of the owning structure. Updates #12736 Signed-off-by: Nick Khyl <nickk@tailscale.com>	1 year ago
Anton Tolchanov	874972b683	posture: add network hardware addresses to posture identity If an optional `hwaddrs` URL parameter is present, add network interface hardware addresses to the posture identity response. Just like with serial numbers, this requires client opt-in via MDM or `tailscale set --posture-checking=true` (https://tailscale.com/kb/1326/device-identity) Updates tailscale/corp#21371 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Brad Fitzpatrick	c6af5bbfe8	all: add test for package comments, fix, add comments as needed Updates #cleanup Change-Id: Ic4304e909d2131a95a38b26911f49e7b1729aaef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Lytvynov	7b1c764088	ipn/ipnlocal: gate systemd-run flags on systemd version (#12747 ) We added a workaround for --wait, but didn't confirm the other flags, which were added in systemd 235 and 236. Check systemd version for deciding when to set all 3 flags. Fixes #12136 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Andrew Lytvynov	b8af91403d	clientupdate: return true for CanAutoUpdate for macsys (#12746 ) While `clientupdate.Updater` won't be able to apply updates on macsys, we use `clientupdate.CanAutoUpdate` to gate the EditPrefs endpoint in localAPI. We should allow the GUI client to set AutoUpdate.Apply on macsys for it to properly get reported to the control plane. This also allows the tailnet-wide default for auto-updates to propagate to macsys clients. Updates https://github.com/tailscale/corp/issues/21339 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Claire Wang	8965e87fa8	ipn/ipnlocal: handle auto value for ExitNodeID syspolicy (#12512 ) Updates tailscale/corp#19681 Signed-off-by: Claire Wang <claire@tailscale.com>	1 year ago
Anton Tolchanov	781f79408d	ipn/ipnlocal: allow multiple signature chains from the same SigCredential Detection of duplicate Network Lock signature chains added in `01847e0123` failed to account for chains originating with a SigCredential signature, which is used for wrapped auth keys. This results in erroneous removal of signatures that originate from the same re-usable auth key. This change ensures that multiple nodes created by the same re-usable auth key are not getting filtered out by the network lock. Updates tailscale/corp#19764 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Anton Tolchanov	4651827f20	tka: test SigCredential signatures and netmap filtering This change moves handling of wrapped auth keys to the `tka` package and adds a test covering auth key originating signatures (SigCredential) in netmap. Updates tailscale/corp#19764 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Adrian Dewhurst	8f7588900a	ipn/ipnlocal: fix nil pointer dereference and add related test Fixes #12644 Change-Id: I3589b01a9c671937192caaedbb1312fd906ca712 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	1 year ago
Andrew Lytvynov	2064dc20d4	health,ipn/ipnlocal: hide update warning when auto-updates are enabled (#12631 ) When auto-udpates are enabled, we don't need to nag users to update after a new release, before we release auto-updates. Updates https://github.com/tailscale/corp/issues/20081 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	1 year ago
Josh McKinney	1d6ab9f9db	cmd/serve: don't convert localhost to 127.0.0.1 This is not valid in many situations, specifically when running a local astro site that listens on localhost, but ignores 127.0.0.1 Fixes: https://github.com/tailscale/tailscale/issues/12201 Signed-off-by: Josh McKinney <joshka@users.noreply.github.com>	1 year ago
Andrew Dunham	0323dd01b2	ci: enable checklocks workflow for specific packages This turns the checklocks workflow into a real check, and adds annotations to a few basic packages as a starting point. Updates #12625 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I2b0185bae05a843b5257980fc6bde732b1bdd93f	1 year ago
Naman Sood	75254178a0	ipn/ipnlocal: don't bind localListener if its context is canceled (#12621 ) The context can get canceled during backoff, and binding after that makes the listener impossible to close afterwards. Fixes #12620. Signed-off-by: Naman Sood <mail@nsood.in>	1 year ago
Andrew Dunham	30f8d8199a	ipn/ipnlocal: fix data race in tests We can observe a data race in tests when logging after a test is finished. `b.onHealthChange` is called in a goroutine after being registered with `health.Tracker.RegisterWatcher`, which calls callbacks in `setUnhealthyLocked` in a new goroutine. See: https://github.com/tailscale/tailscale/actions/runs/9672919302/job/26686038740 Updates #12054 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ibf22cc994965d88a9e7236544878d5373f91229e	1 year ago
Brad Fitzpatrick	d5e692f7e7	ipn/ipnlocal: check operator user via osuser package So non-local users (e.g. Kerberos on FreeIPA) on Linux can be looked up. Our default binaries are built with pure Go os/user which only supports the classic /etc/passwd and not any libc-hooked lookups. Updates #12601 Change-Id: I9592db89e6ca58bf972f2dcee7a35fbf44608a4f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	5ec01bf3ce	wgengine/filter: support FilterRules matching on srcIP node caps [capver 100] See #12542 for background. Updates #12542 Change-Id: Ida312f700affc00d17681dc7551ee9672eeb1789 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrea Gottardo	d6a8fb20e7	health: include DERP region name in bad derp notifications (#12530 ) Fixes tailscale/corp#20971 We added some Warnables for DERP failure situations, but their Text currently spits out the DERP region ID ("10") in the UI, which is super ugly. It would be better to provide the RegionName of the DERP region that is failing. We can do so by storing a reference to the last-known DERP map in the health package whenever we fetch one, and using it when generating the notification text. This way, the following message... > Tailscale could not connect to the relay server '10'. The server might be temporarily unavailable, or your Internet connection might be down. becomes: > Tailscale could not connect to the 'Seattle' relay server. The server might be temporarily unavailable, or your Internet connection might be down. which is a lot more user-friendly. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	1 year ago
Andrew Dunham	45d2f4301f	proxymap, various: distinguish between different protocols Previously, we were registering TCP and UDP connections in the same map, which could result in erroneously removing a mapping if one of the two connections completes while the other one is still active. Add a "proto string" argument to these functions to avoid this. Additionally, take the "proto" argument in LocalAPI, and plumb that through from the CLI and add a new LocalClient method. Updates tailscale/corp#20600 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I35d5efaefdfbf4721e315b8ca123f0c8af9125fb	1 year ago
Brad Fitzpatrick	86e0f9b912	net/ipset, wgengine/filter/filtertype: add split-out packages This moves NewContainsIPFunc from tsaddr to new ipset package. And wgengine/filter types gets split into wgengine/filter/filtertype, so netmap (and thus the CLI, etc) doesn't need to bring in ipset, bart, etc. Then add a test making sure the CLI deps don't regress. Updates #1278 Change-Id: Ia246d6d9502bbefbdeacc4aef1bed9c8b24f54d5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	491483d599	cmd/viewer,type/views: add MapSlice for maps of slices This abstraction provides a nicer way to work with maps of slices without having to write out three long type params. This also allows it to provide an AsMap implementation which copies the map and the slices at least. Updates tailscale/corp#20910 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Andrea Gottardo	a8ee83e2c5	health: begin work to use structured health warnings instead of strings, pipe changes into ipn.Notify (#12406 ) Updates tailscale/tailscale#4136 This PR is the first round of work to move from encoding health warnings as strings and use structured data instead. The current health package revolves around the idea of Subsystems. Each subsystem can have (or not have) a Go error associated with it. The overall health of the backend is given by the concatenation of all these errors. This PR polishes the concept of Warnable introduced by @bradfitz a few weeks ago. Each Warnable is a component of the backend (for instance, things like 'dns' or 'magicsock' are Warnables). Each Warnable has a unique identifying code. A Warnable is an entity we can warn the user about, by setting (or unsetting) a WarningState for it. Warnables have: - an identifying Code, so that the GUI can track them as their WarningStates come and go - a Title, which the GUIs can use to tell the user what component of the backend is broken - a Text, which is a function that is called with a set of Args to generate a more detailed error message to explain the unhappy state Additionally, this PR also begins to send Warnables and their WarningStates through LocalAPI to the clients, using ipn.Notify messages. An ipn.Notify is only issued when a warning is added or removed from the Tracker. In a next PR, we'll get rid of subsystems entirely, and we'll start using structured warnings for all errors affecting the backend functionality. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	1 year ago
Brad Fitzpatrick	6908fb0de3	ipn/localapi,client/tailscale,cmd/derper: add WhoIs lookup by nodekey, use in derper Fixes #12465 Change-Id: I9b7c87315a3d2b2ecae2b8db9e94b4f5a1eef74a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Irbe Krumina	bc53ebd4a0	ipn/{ipnlocal,localapi},net/netkernelconf,client/tailscale,cmd/containerboot: optionally enable UDP GRO forwarding for containers (#12410 ) Add a new TS_EXPERIMENTAL_ENABLE_FORWARDING_OPTIMIZATIONS env var that can be set for tailscale/tailscale container running as a subnet router or exit node to enable UDP GRO forwarding for improved performance. See https://tailscale.com/kb/1320/performance-best-practices#linux-optimizations-for-subnet-routers-and-exit-nodes This is currently considered an experimental approach; the configuration support is partially to allow further experimentation with containerized environments to evaluate the performance improvements. Updates tailscale/tailscale#12295 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Adrian Dewhurst	0219317372	ipn/ipnlocal: improve sticky last suggestion The last suggested exit node needs to be incorporated in the decision making process when a new suggestion is requested, but currently it is not quite right: it'll be used if the suggestion code has an error or a netmap is unavailable, but it won't be used otherwise. Instead, this makes the last suggestion into a tiebreaker when making a random selection between equally-good options. If the last suggestion does not make it to the final selection pool, then a different suggestion will be made. Since LocalBackend.SuggestExitNode is back to being a thin shim that sets up the parameters to suggestExitNode, it no longer needs a test. Its test was unable to be comprehensive anyway as the code being tested contains an uncontrolled random number generator. Updates tailscale/corp#19681 Change-Id: I94ecc9a0d1b622de3df4ef90523f1d3e67b4bfba Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Andrew Lytvynov	7a7e314096	ipn/ipnlocal,clientupdate: allow auto-updates in contaienrs (#12391 ) We assume most containers are immutable and don't expect tailscale running in them to auto-update. But there's no reason to prohibit it outright. Ignore the tailnet-wide default auto-update setting in containers, but allow local users to turn on auto-updates via the CLI. RELNOTE=Auto-updates are allowed in containers, but ignore the tailnet-wide default. Fixes #12292 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Dunham	e88a5dbc92	various: fix lint warnings Some lint warnings caught by running 'make lint' locally. Updates #cleanup Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I1534ed6f2f5e1eb029658906f9d62607dad98ca3	2 years ago
Maisem Ali	4a8cb1d9f3	all: use math/rand/v2 more Updates #11058 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Andrew Lytvynov	347e3f3d9a	go.mod,ipn/ipnlocal: update the ACME fork (#12343 ) Update our fork of golang.org/x/crypto to pick up a fix for ACME ARI: `3fde5e568a` Fixes #12278 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Adrian Dewhurst	cf9f507d47	ipn/ipnlocal: only build allowed suggested node list once Rather than building a new suggested exit node set every time, compute it once on first use. Currently, syspolicy ensures that values do not change without a restart anyway. Since the set is being constructed in a separate func now, the test code that manipulates syspolicy can live there, and the TestSuggestExitNode can now run in parallel with other tests because it does not have global dependencies. Updates tailscale/corp#19681 Change-Id: Ic4bb40ccc91b671f9e542bd5ba9c96f942081515 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Andrew Lytvynov	379e2bf189	ipn/ipnlocal: stop offline auto-updates on shutdown (#12342 ) Clean up the updater goroutine on shutdown, in addition to doing that on backend state change. This fixes a goroutine leak on shutdown in tests. Updates #cleanup	2 years ago
Andrew Lytvynov	bc4c8b65c7	ipn/ipnlocal: periodically run auto-updates when "offline" (#12118 ) When the client is disconnected from control for any reason (typically just turned off), we should still attempt to update if auto-updates are enabled. This may help users who turn tailscale on infrequently for accessing resources. RELNOTE: Apply auto-updates even if the node is down or disconnected from the coordination server. Updates #12117 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Adrian Dewhurst	3bf2bddbb5	ipn/ipnlocal: improve testability of random node selection In order to test the sticky last suggestion code, a test was written for LocalBackend.SuggestExitNode but it contains a random number generator which makes writing comprehensive tests very difficult. This doesn't change how the last suggestion works, but it adds some infrastructure to make that easier in a later PR. This adds func parameters for the two randomized parts: breaking ties between DERP regions and breaking ties between nodes. This way tests can validate the entire list of tied options, rather than expecting a particular outcome given a particular random seed. As a result of this, the global random number generator can be used rather than seeding a local one each time. In order to see the tied nodes for the location based (i.e. Mullvad) case, pickWeighted needed to return a slice instead of a single arbitrary option, so there is a small change in how that works. Updates tailscale/corp#19681 Change-Id: I83c48a752abdec0f59c58ccfd8bfb3f3f17d0ea8 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Adrian Dewhurst	db6447ce63	ipn/ipnlocal: simplify suggest exit node tests This mostly removes a lot of repetition by predefining some nodes and other data structures, plus adds some helpers for creating Peer entries in the netmap. Several existing test cases were reworked to ensure better coverage of edge cases, and several new test cases were added to handle some additional responsibility that is in (or will be shortly moving in) suggestExitNode(). Updates tailscale/corp#19681 Change-Id: Ie14c2988d7fd482f7d6a877f78525f7788669b85 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Anton Tolchanov	01847e0123	ipn/ipnlocal: discard node keys that have been rotated out A non-signing node can be allowed to re-sign its new node keys following key renewal/rotation (e.g. via `tailscale up --force-reauth`). To be able to do this, node's TLK is written into WrappingPubkey field of the initial SigDirect signature, signed by a signing node. The intended use of this field implies that, for each WrappingPubkey, we typically expect to have at most one active node with a signature tracing back to that key. Multiple valid signatures referring to the same WrappingPubkey can occur if a client's state has been cloned, but it's something we explicitly discourage and don't support: https://tailscale.com/s/clone This change propagates rotation details (wrapping public key, a list of previous node keys that have been rotated out) to netmap processing, and adds tracking of obsolete node keys that, when found, will get filtered out. Updates tailscale/corp#19764 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 years ago
Maisem Ali	42cfbf427c	tsnet,wgengine/netstack: add ListenPacket and tests This adds a new ListenPacket function on tsnet.Server which acts mostly like `net.ListenPacket`. Unlike `Server.Listen`, this requires listening on a specific IP and does not automatically listen on both V4 and V6 addresses of the Server when the IP is unspecified. To test this, it also adds UDP support to tsdial.Dialer.UserDial and plumbs it through the localapi. Then an associated test to make sure the UDP functionality works from both sides. Updates #12182 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
ChandonPierre	0a5bd63d32	ipn/store/kubestore, cmd/containerboot: allow overriding client api server URL via ENV (#12115 ) Updates tailscale/tailscale#11397 Signed-off-by: Chandon Pierre <cpierre@coreweave.com>	2 years ago
Anton Tolchanov	32120932a5	cmd/tailscale/cli: print node signature in `tailscale lock status` - Add current node signature to `ipnstate.NetworkLockStatus`; - Print current node signature in a human-friendly format as part of `tailscale lock status`. Examples: ``` $ tailscale lock status Tailnet lock is ENABLED. This node is accessible under tailnet lock. Node signature: SigKind: direct Pubkey: [OTB3a] KeyID: tlpub:44a0e23cd53a4b8acc02f6732813d8f5ba8b35d02d48bf94c9f1724ebe31c943 WrappingPubkey: tlpub:44a0e23cd53a4b8acc02f6732813d8f5ba8b35d02d48bf94c9f1724ebe31c943 This node's tailnet-lock key: tlpub:44a0e23cd53a4b8acc02f6732813d8f5ba8b35d02d48bf94c9f1724ebe31c943 Trusted signing keys: tlpub:44a0e23cd53a4b8acc02f6732813d8f5ba8b35d02d48bf94c9f1724ebe31c943 1 (self) tlpub:6fa21d242a202b290de85926ba3893a6861888679a73bc3a43f49539d67c9764 1 (pre-auth key kq3NzejWoS11KTM59) ``` For a node created via a signed auth key: ``` This node is accessible under tailnet lock. Node signature: SigKind: rotation Pubkey: [e3nAO] Nested: SigKind: credential KeyID: tlpub:6fa21d242a202b290de85926ba3893a6861888679a73bc3a43f49539d67c9764 WrappingPubkey: tlpub:3623b0412cab0029cb1918806435709b5947ae03554050f20caf66629f21220a ``` For a node that rotated its key a few times: ``` This node is accessible under tailnet lock. Node signature: SigKind: rotation Pubkey: [DOzL4] Nested: SigKind: rotation Pubkey: [S/9yU] Nested: SigKind: rotation Pubkey: [9E9v4] Nested: SigKind: direct Pubkey: [3QHTJ] KeyID: tlpub:44a0e23cd53a4b8acc02f6732813d8f5ba8b35d02d48bf94c9f1724ebe31c943 WrappingPubkey: tlpub:2faa280025d3aba0884615f710d8c50590b052c01a004c2b4c2c9434702ae9d0 ``` Updates tailscale/corp#19764 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 years ago
Andrew Lytvynov	776a05223b	ipn/ipnlocal: support c2n updates with old systemd versions (#12296 ) The `--wait` flag for `systemd-run` was added in systemd 232. While it is quite old, it doesn't hurt to special-case them and skip the `--wait` flag. The consequence is that we lose the update command output in logs, but at least auto-updates will work. Fixes #12136 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Brad Fitzpatrick	1ea100e2e5	cmd/tailscaled, ipn/conffile: support ec2 user-data config file Updates #1412 Updates #1866 Change-Id: I4d08fb233b80c2078b3b28ffc18559baabb4a081 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Walter Poupore	0acb61fbf8	serve.go, tsnet.go: Fix "in in" typo (#12279 ) Fixes #cleanup Signed-off-by: Walter Poupore <walterp@tailscale.com>	2 years ago
Claire Wang	f1d10c12ac	ipn/ipnlocal: allowed suggested exit nodes policy (#12240 ) Updates tailscale/corp#19681 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Maisem Ali	9a64c06a20	all: do not depend on the testing package Discovered while looking for something else. Updates tailscale/corp#18935 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Andrew Lytvynov	c9179bc261	various: disable stateful filtering by default (#12197 ) After some analysis, stateful filtering is only necessary in tailnets that use `autogroup:danger-all` in `src` in ACLs. And in those cases users explicitly specify that hosts outside of the tailnet should be able to reach their nodes. To fix local DNS breakage in containers, we disable stateful filtering by default. Updates #12108 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Brad Fitzpatrick	964282d34f	ipn,wgengine: remove vestigial Prefs.AllowSingleHosts It was requested by the first customer 4-5 years ago and only used for a brief moment of time. We later added netmap visibility trimming which removes the need for this. It's been hidden by the CLI for quite some time and never documented anywhere else. This keeps the CLI flag, though, out of caution. It just returns an error if it's set to anything but true (its default). Fixes #12058 Change-Id: I7514ba572e7b82519b04ed603ff9f3bdbaecfda7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	1384c24e41	control/controlclient: delete unused Client.Login Oauth2Token field Updates #12172 (then need to update other repos) Change-Id: I439f65e0119b09e00da2ef5c7a4f002f93558578 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	8aa5c3534d	ipn/ipnlocal: simplify authURL vs authURLSticky, remove interact field The previous LocalBackend & CLI 'up' changes improved some stuff, but might've been too aggressive in some edge cases. This simplifies the authURL vs authURLSticky distinction and removes the interact field, which seemed to just just be about duplicate URL suppression in IPN bus, back from when the IPN bus was a single client at a time. This moves that suppression to a different spot. Fixes #12119 Updates #12028 Updates #12042 Change-Id: I1f8800b1e82ccc1c8a0d7abba559e7404ddf41e4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Irbe Krumina	d86d1e7601	cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: turn off stateful filter for egress proxies. (#12075 ) Turn off stateful filtering for egress proxies to allow cluster traffic to be forwarded to tailnet. Allow configuring stateful filter via tailscaled config file. Deprecate EXPERIMENTAL_TS_CONFIGFILE_PATH env var and introduce a new TS_EXPERIMENTAL_VERSIONED_CONFIG env var that can be used to provide containerboot a directory that should contain one or more tailscaled config files named cap-<tailscaled-cap-version>.hujson. Containerboot will pick the one with the newest capability version that is not newer than its current capability version. Proxies with this change will not work with older Tailscale Kubernetes operator versions - users must ensure that the deployed operator is at the same version or newer (up to 4 version skew) than the proxies. Updates tailscale/tailscale#12061 Signed-off-by: Irbe Krumina <irbe@tailscale.com> Co-authored-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Claire Wang	e070af7414	ipnlocal, magicsock: add more description to storing last suggested exit (#11998 ) node related functions Updates tailscale/corp#19681 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Anton Tolchanov	6f4a1dc6bf	ipn/ipnlocal: fix another read of keyExpired outside mutex Updates #12039 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 years ago
Brad Fitzpatrick	e968b0ecd7	cmd/tailscale,controlclient,ipnlocal: fix 'up', deflake tests more The CLI's "up" is kinda chaotic and LocalBackend.Start is kinda chaotic and they both need to be redone/deleted (respectively), but this fixes some buggy behavior meanwhile. We were previously calling StartLoginInteractive (to start the controlclient's RegisterRequest) redundantly in some cases, causing test flakes depending on timing and up's weird state machine. We only need to call StartLoginInteractive in the client if Start itself doesn't. But Start doesn't tell us that. So cheat a bit and a put the information about whether there's a current NodeKey in the ipn.Status. It used to be accessible over LocalAPI via GetPrefs as a private key but we removed that for security. But a bool is fine. So then only call StartLoginInteractive if that bool is false and don't do it in the WatchIPNBus loop. Fixes #12028 Updates #12042 Change-Id: I0923c3f704a9d6afd825a858eb9a63ca7c1df294 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	e5ef35857f	ipn/ipnlocal: fix read of keyExpired outside mutex Fixes #12039 Change-Id: I28c8a282ce12619f17103e9535841f15394ce685 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	21509db121	ipn/ipnlocal, all: plumb health trackers in tests I saw some panics in CI, like: 2024-05-08T04:30:25.9553518Z ## WARNING: (non-fatal) nil health.Tracker (being strict in CI): 2024-05-08T04:30:25.9554043Z goroutine 801 [running]: 2024-05-08T04:30:25.9554489Z tailscale.com/health.(Tracker).nil(0x0) 2024-05-08T04:30:25.9555086Z tailscale.com/health/health.go:185 +0x70 2024-05-08T04:30:25.9555688Z tailscale.com/health.(Tracker).SetUDP4Unbound(0x0, 0x0) 2024-05-08T04:30:25.9556373Z tailscale.com/health/health.go:532 +0x2f 2024-05-08T04:30:25.9557296Z tailscale.com/wgengine/magicsock.(Conn).bindSocket(0xc0003b4808, 0xc0003b4878, {0x1fbca53, 0x4}, 0x0) 2024-05-08T04:30:25.9558301Z tailscale.com/wgengine/magicsock/magicsock.go:2481 +0x12c5 2024-05-08T04:30:25.9559026Z tailscale.com/wgengine/magicsock.(Conn).rebind(0xc0003b4808, 0x0) 2024-05-08T04:30:25.9559874Z tailscale.com/wgengine/magicsock/magicsock.go:2510 +0x16f 2024-05-08T04:30:25.9561038Z tailscale.com/wgengine/magicsock.NewConn({0xc000063c80, 0x0, 0xc000197930, 0xc000197950, 0xc000197960, {0x0, 0x0}, 0xc000197970, 0xc000198ee0, 0x0, ...}) 2024-05-08T04:30:25.9562402Z tailscale.com/wgengine/magicsock/magicsock.go:476 +0xd5f 2024-05-08T04:30:25.9563779Z tailscale.com/wgengine.NewUserspaceEngine(0xc000063c80, {{0x22c8750, 0xc0001976b0}, 0x0, {0x22c3210, 0xc000063c80}, {0x22c31d8, 0x2d3c900}, 0x0, 0x0, ...}) 2024-05-08T04:30:25.9564982Z tailscale.com/wgengine/userspace.go:389 +0x159d 2024-05-08T04:30:25.9565529Z tailscale.com/ipn/ipnlocal.newTestBackend(0xc000358b60) 2024-05-08T04:30:25.9566086Z tailscale.com/ipn/ipnlocal/serve_test.go:675 +0x2a5 2024-05-08T04:30:25.9566612Z ta Updates #11874 Change-Id: I3432ed52d670743e532be4642f38dbd6e3763b1b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	727c0d6cfd	ipn/ipnserver: close a small race in ipnserver, ~simplify code There was a small window in ipnserver after we assigned a LocalBackend to the ipnserver's atomic but before we Start'ed it where our initalization Start could conflict with API calls from the LocalAPI. Simplify that a bit and lay out the rules in the docs. Updates #12028 Change-Id: Ic5f5e4861e26340599184e20e308e709edec68b1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	32bc596062	ipn/ipnlocal: acquire b.mu once in Start We used to Lock, Unlock, Lock, Unlock quite a few times in Start resulting in all sorts of weird race conditions. Simplify it all and only Lock/Unlock once. Updates #11649 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	9380e2dfc6	ipn/ipnlocal: use lockAndGetUnlock in Start This removes one of the Lock,Unlock,Lock,Unlock at least in the Start function. Still has 3 more of these. Updates #11649 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	e1011f1387	ipn/ipnlocal: call SetNetInfoCallback from NewLocalBackend Instead of calling it from Start everytime, call it from NewLocalBackend once. Updates #11649 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Andrew Lytvynov	471731771c	ipn/ipnlocal: set default NoStatefulFiltering in ipn.NewPrefs (#12031 ) This way the default gets populated on first start, when no existing state exists to migrate. Also fix `ipn.PrefsFromBytes` to preserve empty fields, rather than layering `NewPrefs` values on top. Updates https://github.com/tailscale/corp/issues/19623 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Maisem Ali	e67069550b	ipn/ipnlocal,net/tstun,wgengine: create and plumb jailed packet filter This plumbs a packet filter for jailed nodes through to the tstun.Wrapper; the filter for a jailed node is equivalent to a "shields up" filter. Currently a no-op as there is no way for control to tell the client whether a peer is jailed. Updates tailscale/corp#19623 Co-authored-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Maisem Ali <maisem@tailscale.com> Change-Id: I5ccc5f00e197fde15dd567485b2a99d8254391ad	2 years ago
Andrew Lytvynov	c28f5767bf	various: implement stateful firewalling on Linux (#12025 ) Updates https://github.com/tailscale/corp/issues/19623 Change-Id: I7980e1fb736e234e66fa000d488066466c96ec85 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Co-authored-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Brad Fitzpatrick	aadb8d9d21	ipn/ipnlocal: don't send an empty BrowseToURL w/ WatchIPNBus NotifyInitialState I noticed this while working on the following fix to #11962. Updates #11962 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> Change-Id: I4c5894d8899d1ae8c42f54ecfd4d05a4a7ac598c	2 years ago
Nick Khyl	caa3d7594f	ipn/ipnlocal, net/tsdial: plumb routes into tsdial and use them in UserDial We'd like to use tsdial.Dialer.UserDial instead of SystemDial for DNS over TCP. This is primarily necessary to properly dial internal DNS servers accessible over Tailscale and subnet routes. However, to avoid issues when switching between Wi-Fi and cellular, we need to ensure that we don't retain connections to any external addresses on the old interface. Therefore, we need to determine which dialer to use internally based on the configured routes. This plumbs routes and localRoutes from router.Config to tsdial.Dialer, and updates UserDial to use either the peer dialer or the system dialer, depending on the network address and the configured routes. Updates tailscale/corp#18725 Fixes #4529 Signed-off-by: Nick Khyl <nickk@tailscale.com>	2 years ago
Brad Fitzpatrick	7e0dd61e61	ipn/ipnlocal, tstest/integration: add panic to catch flaky test in the act Updates #11962 Change-Id: Ifa24b82f9c76639bfd83278a7c2fe9cf42897bbb Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	c3c18027c6	all: make more tests pass/skip in airplane mode Updates tailscale/corp#19786 Change-Id: Iedc6730fe91c627b556bff5325bdbaf7bf79d8e6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	fd6ba43b97	types/views: remove duplicate SliceContainsFunc We already have `(Slice[T]).ContainsFunc`. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Percy Wegmann	817badf9ca	ipn/ipnlocal: reuse transport across Taildrive remotes This prevents us from opening a new connection on each HTTP request. Updates #11967 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Claire Wang	35872e86d2	ipnlocal, magicsock: store last suggested exit node id in local backend (#11959 ) Updates tailscale/corp#19681 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Andrew Dunham	e9505e5432	ipn/ipnlocal: plumb health.Tracker into profileManager constructor Setting the field after-the-fact wasn't working because we could migrate prefs on creation, which would set health status for auto updates. Updates #11986 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I41d79ebd61d64829a3a9e70586ce56f62d24ccfd	2 years ago
Maisem Ali	a49ed2e145	derp,ipn/ipnlocal: stop calling rand.Seed It's deprecated and using it gets us the old slow behavior according to https://go.dev/blog/randv2. > Having eliminated repeatability of the global output stream, Go 1.20 > was also able to make the global generator scale better in programs > that don’t call rand.Seed, replacing the Go 1 generator with a very > cheap per-thread wyrand generator already used inside the Go > runtime. This removed the global mutex and made the top-level > functions scale much better. Programs that do call rand.Seed fall > back to the mutex-protected Go 1 generator. Updates #7123 Change-Id: Ia5452e66bd16b5457d4b1c290a59294545e13291 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	96712e10a7	health, ipn/ipnlocal: move more health warning code into health.Tracker In prep for making health warnings rich objects with metadata rather than a bunch of strings, start moving it all into the same place. We'll still ultimately need the stringified form for the CLI and LocalAPI for compatibility but we'll next convert all these warnings into Warnables that have severity levels and such, and legacy stringification will just be something each Warnable thing can do. Updates #4136 Change-Id: I83e189435daae3664135ed53c98627c66e9e53da Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Dunham	fe009c134e	ipn/ipnlocal: reset the dialPlan only when the URL is unchanged Also, reset it in a few more places (e.g. logout, new blank profiles, etc.) to avoid a few more cases where a pre-existing dialPlan can cause a new Headscale server take 10+ seconds to connect. Updates #11938 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I3095173a5a3d9720507afe4452548491e9e45a3e	2 years ago
Shaw Drastin	1fe073098c	Reset dial plan when switching profile (#11933 ) When switching profile, the server URL can change (e.g. because of switching to a self-hosted headscale instance). If it is not reset here, dial plans returned by old server (e.g. tailscale control server) will be used to connect to new server (e.g. self-hosted headscale server), and the register request will be blocked by it until timeout, leading to very slow profile switches. Updates #11938 11938 Signed-off-by: Shaw Drastin <showier.drastic0a@icloud.com>	2 years ago
Andrew Lytvynov	7ba8f03936	ipn/ipnlocal: fix TestOnTailnetDefaultAutoUpdate on unsupported platforms (#11921 ) Fixes #11894 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Fran Bull	6a0fbacc28	appc: setting AdvertiseRoutes explicitly discards app connector routes This fixes bugs where after using the cli to set AdvertiseRoutes users were finding that they had to restart tailscaled before the app connector would advertise previously learned routes again. And seems more in line with user expectations. Fixes #11006 Signed-off-by: Fran Bull <fran@tailscale.com>	2 years ago
Fran Bull	1bd1b387b2	appc: add flag shouldStoreRoutes and controlknob for it When an app connector is reconfigured and domains to route are removed, we would like to no longer advertise routes that were discovered for those domains. In order to do this we plan to store which routes were discovered for which domains. Add a controlknob so that we can enable/disable the new behavior. Updates #11008 Signed-off-by: Fran Bull <fran@tailscale.com>	2 years ago
Fran Bull	79836e7bfd	appc: add RouteInfo struct and persist it to StateStore Lays the groundwork for the ability to persist app connectors discovered routes, which will allow us to stop advertising routes for a domain if the app connector no longer monitors that domain. Updates #11008 Signed-off-by: Fran Bull <fran@tailscale.com>	2 years ago
Irbe Krumina	1452faf510	cmd/containerboot,kube,ipn/store/kubestore: allow interactive login on kube, check Secret create perms, allow empty state Secret (#11326 ) cmd/containerboot,kube,ipn/store/kubestore: allow interactive login and empty state Secrets, check perms * Allow users to pre-create empty state Secrets * Add a fake internal kube client, test functionality that has dependencies on kube client operations. * Fix an issue where interactive login was not allowed in an edge case where state Secret does not exist * Make the CheckSecretPermissions method report whether we have permissions to create/patch a Secret if it's determined that these operations will be needed Updates tailscale/tailscale#11170 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Brad Fitzpatrick	b9adbe2002	net/{interfaces,netmon}, all: merge net/interfaces package into net/netmon In prep for most of the package funcs in net/interfaces to become methods in a long-lived netmon.Monitor that can cache things. (Many of the funcs are very heavy to call regularly, whereas the long-lived netmon.Monitor can subscribe to things from the OS and remember answers to questions it's asked regularly later) Updates tailscale/corp#10910 Updates tailscale/corp#18960 Updates #7967 Updates #3299 Change-Id: Ie4e8dedb70136af2d611b990b865a822cd1797e5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6b95219e3a	net/netmon, add: add netmon.State type alias of interfaces.State ... in prep for merging the net/interfaces package into net/netmon. This is a no-op change that updates a bunch of the API signatures ahead of a future change to actually move things (and remove the type alias) Updates tailscale/corp#10910 Updates tailscale/corp#18960 Updates #7967 Updates #3299 Change-Id: I477613388f09389214db0d77ccf24a65bff2199c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	3672f29a4e	net/netns, net/dns/resolver, etc: make netmon required in most places The goal is to move more network state accessors to netmon.Monitor where they can be cheaper/cached. But first (this change and others) we need to make sure the one netmon.Monitor is plumbed everywhere. Some notable bits: * tsdial.NewDialer is added, taking a now-required netmon * because a tsdial.Dialer always has a netmon, anything taking both a Dialer and a NetMon is now redundant; take only the Dialer and get the NetMon from that if/when needed. * netmon.NewStatic is added, primarily for tests Updates tailscale/corp#10910 Updates tailscale/corp#18960 Updates #7967 Updates #3299 Change-Id: I877f9cb87618c4eb037cee098241d18da9c01691 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	4f73a26ea5	ipn/ipnlocal: skip TestOnTailnetDefaultAutoUpdate on macOS for now While it's broken. Updates #11894 Change-Id: I24698707ffe405471a14ab2683aea7e836531da8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Jonathan Nobels	71e9258ad9	ipn/ipnlocal: fix null dereference for early suggested exit node queries (#11885 ) Fixes tailscale/corp#19558 A request for the suggested exit nodes that occurs too early in the VPN lifecycle would result in a null deref of the netmap and/or the netcheck report. This checks both and errors out. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	2 years ago
Brad Fitzpatrick	745931415c	health, all: remove health.Global, finish plumbing health.Tracker Updates #11874 Updates #4136 Change-Id: I414470f71d90be9889d44c3afd53956d9f26cd61 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	a4a282cd49	control/controlclient: plumb health.Tracker Updates #11874 Updates #4136 Change-Id: Ia941153bd83523f0c8b56852010f5231d774d91a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	6d69fc137f	ipn/{ipnlocal,localapi},wgengine{,/magicsock}: plumb health.Tracker Down to 25 health.Global users. After this remains controlclient & net/dns & wgengine/router. Updates #11874 Updates #4136 Change-Id: I6dd1856e3d9bf523bdd44b60fb3b8f7501d5dc0d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	723c775dbb	tsd, ipnlocal, etc: add tsd.System.HealthTracker, start some plumbing This adds a health.Tracker to tsd.System, accessible via a new tsd.System.HealthTracker method. In the future, that new method will return a tsd.System-specific HealthTracker, so multiple tsnet.Servers in the same process are isolated. For now, though, it just always returns the temporary health.Global value. That permits incremental plumbing over a number of changes. When the second to last health.Global reference is gone, then the tsd.System.HealthTracker implementation can return a private Tracker. The primary plumbing this does is adding it to LocalBackend and its dozen and change health calls. A few misc other callers are also plumbed. Subsequent changes will flesh out other parts of the tree (magicsock, controlclient, etc). Updates #11874 Updates #4136 Change-Id: Id51e73cfc8a39110425b6dc19d18b3975eac75ce Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	5b32264033	health: break Warnable into a global and per-Tracker value halves Previously it was both metadata about the class of warnable item as well as the value. Now it's only metadata and the value is per-Tracker. Updates #11874 Updates #4136 Change-Id: Ia1ed1b6c95d34bc5aae36cffdb04279e6ba77015 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	ebc552d2e0	health: add Tracker type, in prep for removing global variables This moves most of the health package global variables to a new `health.Tracker` type. But then rather than plumbing the Tracker in tsd.System everywhere, this only goes halfway and makes one new global Tracker (`health.Global`) that all the existing callers now use. A future change will eliminate that global. Updates #11874 Updates #4136 Change-Id: I6ee27e0b2e35f68cb38fecdb3b2dc4c3f2e09d68 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Percy Wegmann	955ad12489	ipn/ipnlocal: only show Taildrive peers to which ACLs grant us access This improves convenience and security. * Convenience - no need to see nodes that can't share anything with you. * Security - malicious nodes can't expose shares to peers that aren't allowed to access their shares. Updates tailscale/corp#19432 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Anton Tolchanov	31e6bdbc82	ipn/ipnlocal: always stop the engine on auth when key has expired If seamless key renewal is enabled, we typically do not stop the engine (deconfigure networking). However, if the node key has expired there is no point in keeping the connection up, and it might actually prevent key renewal if auth relies on endpoints routed via app connectors. Fixes tailscale/corp#5800 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 years ago
Andrea Gottardo	1d3e77f373	util/syspolicy: add ReadStringArray interface (#11857 ) Fixes tailscale/corp#19459 This PR adds the ability for users of the syspolicy handler to read string arrays from the MDM solution configured on the system. Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	2 years ago
Joe Tsai	63b3c82587	ipn/local: log OS-specific diagnostic information as JSON (#11700 ) There is an undocumented 16KiB limit for text log messages. However, the limit for JSON messages is 256KiB. Even worse, logging JSON as text results in significant overhead since each double quote needs to be escaped. Instead, use logger.Logf.JSON to explicitly log the info as JSON. We also modify osdiag to return the information as structured data rather than implicitly have the package log on our behalf. This gives more control to the caller on how to log. Updates #7802 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Andrew Lytvynov	06502b9048	ipn/ipnlocal: reset auto-updates if unsupported on profile load (#11838 ) Prior to `1613b18f82 (diff-314ba0d799f70c8998940903efb541e511f352b39a9eeeae8d475c921d66c2ac)`, nodes could set AutoUpdate.Apply=true on unsupported platforms via `EditPrefs`. Specifically, this affects tailnets where default auto-updates are on. Fix up those invalid prefs on profile reload, as a migration. Updates #11544 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Lytvynov	b743b85dad	ipn/ipnlocal,ssh/tailssh: reject c2n /update if SSH conns are active (#11820 ) Since we already track active SSH connections, it's not hard to proactively reject updates until those finish. We attempt to do the same on the control side, but the detection latency for new connections is in the minutes, which is not fast enough for common short sessions. Handle a `force=true` query parameter to override this behavior, so that control can still trigger an update on a server where some long-running abandoned SSH session is open. Updates https://github.com/tailscale/corp/issues/18556 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Andrew Lytvynov	bff527622d	ipn/ipnlocal,clientupdate: disallow auto-updates in containers (#11814 ) Containers are typically immutable and should be updated as a whole (and not individual packages within). Deny enablement of auto-updates in containers. Also, add the missing check in EditPrefs in LocalAPI, to catch cases like tailnet default auto-updates getting enabled for nodes that don't support it. Updates #11544 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Percy Wegmann	d16c1293e9	ipn/ipnlocal: remove origin and referer headers from Taildrive requests peerapi does not want these, but rclone includes them. Removing them allows rclone to work with Taildrive configured as a WebDAV remote. Updates #cleanup Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	94c0403104	ipn/ipnlocal: strip origin and referer headers from Taildrive requests peerapi does not want these, but rclone includes them. Stripping them out allows rclone to work with Taildrive configured as a WebDAV remote. Updates #cleanup Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Andrew Lytvynov	22bd506129	ipn/ipnlocal: hold the mutex when in onTailnetDefaultAutoUpdate (#11786 ) Turns out, profileManager is not safe for concurrent use and I missed all the locking infrastructure in LocalBackend, oops. I was not able to reproduce the race even with `go test -count 100`, but this seems like an obvious fix. Fixes #11773 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Brad Fitzpatrick	21a0fe1b9b	ipn/store: omit AWS & Kubernetes support on 'small' Linux GOARCHes This removes AWS and Kubernetes support from Linux binaries by default on GOARCH values where people don't typically run on AWS or use Kubernetes, such as 32-bit mips CPUs. It primarily focuses on optimizing for the static binaries we distribute. But for people building it themselves, they can set ts_kube or ts_aws (the opposite of ts_omit_kube or ts_omit_aws) to force it back on. Makes tailscaled binary ~2.3MB (~7%) smaller. Updates #7272, #10627 etc Change-Id: I42a8775119ce006fa321462cb2d28bc985d1c146 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	7c1d6e35a5	all: use Go 1.22 range-over-int Updates #11058 Change-Id: I35e7ef9b90e83cac04ca93fd964ad00ed5b48430 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Jonathan Nobels	7e2b4268d6	ipn/{localapi, ipnlocal}: forget the prior exit node when localAPI is used to zero the ExitNodeID (#11681 ) Updates tailscale/corp#18724 When localAPI clients directly set ExitNodeID to "", the expected behaviour is that the prior exit node also gets zero'd - effectively setting the UI state back to 'no exit node was ever selected' The IntenalExitNodePrior has been changed to be a non-opaque type, as it is read by the UI to render the users last selected exit node, and must be concrete. Future-us can either break this, or deprecate it and replace it with something more interesting. Signed-off-by: Jonathan Nobels <jonathan@tailscale.com>	2 years ago
Brad Fitzpatrick	3c1e2bba5b	ipn/ipnlocal: remove outdated iOS hacky workaround in Start We haven't needed this hack for quite some time Andrea says. Updates #11649 Change-Id: Ie854b7edd0a01e92495669daa466c7c0d57e7438 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	dd6c76ea24	ipn: remove unused Options.LegacyMigrationPrefs I'm on a mission to simplify LocalBackend.Start and its locking and deflake some tests. I noticed this hasn't been used since March 2023 when it was removed from the Windows client in corp 66be796d33c. So, delete. Updates #11649 Change-Id: I40f2cb75fb3f43baf23558007655f65a8ec5e1b2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	7ec0dc3834	ipn/ipnlocal: make StartLoginInteractive take (yet unused) context In prep for future fix to undermentioned issue. Updates tailscale/tailscale#7036 Change-Id: Ide114db917dcba43719482ffded6a9a54630d99e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Claire Wang	9171b217ba	cmd/tailscale, ipn/ipnlocal: add suggest exit node CLI option (#11407 ) Updates tailscale/corp#17516 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Brad Fitzpatrick	b9aa7421d6	ipn/ipnlocal: remove some dead code (legacyBackend methods) from LocalBackend Nothing used it. Updates #11649 Change-Id: Ic1c331d947974cd7d4738ff3aafe9c498853689e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	bad3159b62	ipn/ipnlocal: delete useless SetControlClientGetterForTesting use Updates #11649 Change-Id: I56c069b9c97bd3e30ff87ec6655ec57e1698427c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	8186cd0349	ipn/ipnlocal: delete redundant TestStatusWithoutPeers We have tstest/integration nowadays. And this test was one of the lone holdouts using the to-be-nuked SetControlClientGetterForTesting. Updates #11649 Change-Id: Icf8a6a2e9b8ae1ac534754afa898c00dc0b7623b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	68043a17c2	ipn/ipnlocal: centralize assignments to cc + ccAuto in new method cc vs ccAuto is a mess. It needs to go. But this is a baby step towards getting there. Updates #11649 Change-Id: I34f33934844e580bd823a7d8f2b945cf26c87b3b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	970b1e21d0	ipn/ipnlocal: inline assertClientLocked into its now sole caller Updates #11649 Change-Id: I8e2a5e59125a0cad5c0a8c9ed8930585f1735d03 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	170c618483	ipn/ipnlocal: remove dead code now that Android uses LocalAPI instead The new Android app and its libtailscale don't use this anymore; it uses LocalAPI like other clients now. Updates #11649 Change-Id: Ic9f42b41e0e0280b82294329093dc6c275f41d50 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
kari-ts	1cd51f95c7	ipnlocal: enable allow LAN for android (#11709 ) Updates tailscale/corp#18984 Updates tailscale/corp#18202	2 years ago
Brad Fitzpatrick	a5e1f7d703	ipn/{ipnlocal,localapi}: add API to toggle use of exit node This is primarily for GUIs, so they don't need to remember the most recently used exit node themselves. This adds some CLI commands, but they're disabled and behind the WIP envknob, as we need to consider naming (on/off is ambiguous with running an exit node, etc) as well as automatic exit node selection in the future. For now the CLI commands are effectively developer debug things to test the LocalAPI. Updates tailscale/corp#18724 Change-Id: I9a32b00e3ffbf5b29bfdcad996a4296b5e37be7e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	aa084a29c6	ipn/ipnlocal: name the unlockOnce type, plumb more, add Unlock method This names the func() that Once-unlocked LocalBackend.mu. It does so both for docs and because it can then have a method: Unlock, for the few points that need to explicitly unlock early (the cause of all this mess). This makes those ugly points easy to find, and also can then make them stricter, panicking if the mutex is already unlocked. So a normal call to the func just once-releases the mutex, returning false if it's already done, but the Unlock method is the strict one. Then this uses it more, so most the b.mu.Unlock calls remaining are simple cases and usually defers. Updates #11649 Change-Id: Ia070db66c54a55e59d2f76fdc26316abf0dd4627 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	5e7c0b025c	ipn/ipnlocal: add some "lockedOnEntry" helpers + guardrails, fix bug A number of methods in LocalBackend (with suffixed "LockedOnEntry") require b.mu be held but unlock it on the way out. That's asymmetric and atypical and error prone. This adds a helper method to LocalBackend that locks the mutex and returns a sync.OnceFunc that unlocks the mutex. Then we pass around that unlocker func down the chain to make it explicit (and somewhat type check the passing of ownership) but also let the caller defer unlock it, in the case of errors/panics that happen before the callee gets around to calling the unlock. This revealed a latent bug in LocalBackend.DeleteProfile which double unlocked the mutex. Updates #11649 Change-Id: I002f77567973bd77b8906bfa4ec9a2049b89836a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	38377c37b5	ipn/localapi: sort localapi handler map keys Updates #cleanup Change-Id: I750ed8d033954f1f8786fb35dd16895bb1c5af8e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	8c75da27fc	drive: move normalizeShareName into pkg drive and make func public (#11638 ) This change makes the normalizeShareName function public, so it can be used for validation in control. Updates tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	98cf71cd73	tailscale: switch tailfs to drive syntax for api and logs (#11625 ) This change switches the api to /drive, rather than the previous /tailfs as well as updates the log lines to reflect the new value. It also cleans up some existing tailfs references. Updates tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	93618a3518	tailscale: update tailfs functions and vars to use drive naming (#11597 ) This change updates all tailfs functions and the majority of the tailfs variables to use the new drive naming. Updates tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Brad Fitzpatrick	b9611461e5	ipn/ipnlocal: q-encode (RFC 2047) Tailscale serve header values Updates #11603 RELNOTE=Tailscale serve headers are now RFC 2047 Q-encoded Change-Id: I1314b65ecf5d39a5a601676346ec2c334fdef042 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Claire Wang	262fa8a01e	ipn/ipnlocal: populate peers' capabilities (#11365 ) Populates capabilties field of peers in ipn status. Updates tailscale/corp#17516 Signed-off-by: Claire Wang <claire@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	14683371ee	tailscale: update tailfs file and package names (#11590 ) This change updates the tailfs file and package names to their new naming convention. Updates #tailscale/corp#16827 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
James Tucker	7558a1d594	ipn/ipnlocal: disable sockstats on (unstable) mobile by default We're tracking down a new instance of memory usage, and excessive memory usage from sockstats is definitely not going to help with debugging, so disable it by default on mobile. Updates tailscale/corp#18514 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Percy Wegmann	66e4d843c1	ipn/localapi: add support for multipart POST to file-put This allows sending multiple files via Taildrop in one request. Progress is tracked via ipn.Notify. Updates tailscale/corp#18202 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	bed818a978	ipn/localapi: add support for multipart POST to file-put This allows sending multiple files via Taildrop in one request. Progress is tracked via ipn.Notify. Updates tailscale/corp#18202 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	eb42a16da9	ipn/ipnlocal: report Taildrive access message on failed responses For example, if we get a 404 when downloading a file, we'll report access. Also, to reduce verbosty of logs, this elides 0 length files. Updates tailscale/corp#17818 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	acb611f034	ipn/localipn: introduce logs for tailfs (#11496 ) This change introduces some basic logging into the access and share pathways for tailfs. Updates tailscale/corp#17818 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Brad Fitzpatrick	a36cfb4d3d	tailcfg, ipn/ipnlocal, wgengine/magicsock: add only-tcp-443 node attr Updates tailscale/corp#17879 Change-Id: I0dc305d147b76c409cf729b599a94fa723aef0e0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	7b34154df2	all: deprecate Node.Capabilities (more), remove PeerChange.Capabilities [capver 89] First we had Capabilities []string. Then https://tailscale.com/blog/acl-grants (#4217) brought CapMap, a superset of Capabilities. Except we never really finished the transition inside the codebase to go all-in on CapMap. This does so. Notably, this coverts Capabilities on the wire early to CapMap internally so the code can only deal in CapMap, even against an old control server. In the process, this removes PeerChange.Capabilities support, which no known control plane sent anyway. They can and should use PeerChange.CapMap instead. Updates #11508 Updates #4217 Change-Id: I872074e226b873f9a578d9603897b831d50b25d9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	b104688e04	ipn/ipnlocal, types/netmap: replace hasCapability with set lookup on NetworkMap When node attributes were super rare, the O(n) slice scans looking for node attributes was more acceptable. But now more code and more users are using increasingly more node attributes. Time to make it a map. Noticed while working on tailscale/corp#17879 Updates #cleanup Change-Id: Ic17c80341f418421002fbceb47490729048756d2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Percy Wegmann	8c88853db6	ipn/ipnlocal: add c2n /debug/pprof/allocs endpoint This behaves the same as typical debug/pprof/allocs. Updates tailscale/corp#18514 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
James Tucker	e0f97738ee	localapi: reduce garbage production in bus watcher Updates #optimization Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Brad Fitzpatrick	6a860cfb35	ipn/ipnlocal: add c2n pprof option to force a GC Like net/http/pprof has. Updates tailscale/corp#18514 Change-Id: I264adb6dcf5732d19707783b29b7273b4ca69cf4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Percy Wegmann	067ed0bf6f	ipnlocal: ensure TailFS share notifications are non-nil This allows the UI to distinguish between 'no shares' versus 'not being notified about shares'. Updates ENG-2843 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Irbe Krumina	b0c3e6f6c5	cmd/k8s-operator,ipn/conf.go: fix --accept-routes for proxies (#11453 ) Fix a bug where all proxies got configured with --accept-routes set to true. The bug was introduced in https://github.com/tailscale/tailscale/pull/11238. Updates#cleanup Signed-off-by: Irbe Krumina <irbe@tailscale.com>	2 years ago
Mario Minardi	d2ccfa4edd	cmd/tailscale,ipn/ipnlocal: enable web client over quad 100 by default (#11419 ) Enable the web client over 100.100.100.100 by default. Accepting traffic from [tailnet IP]:5252 still requires setting the `webclient` user pref. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com>	2 years ago
Mario Minardi	e0886ad167	ipn/ipnlocal, tailcfg: add disable-web-client node attribute (#11418 ) Add a disable-web-client node attribute and add handling for disabling the web client when this node attribute is set. Updates https://github.com/tailscale/tailscale/issues/10261 Signed-off-by: Mario Minardi <mario@tailscale.com>	2 years ago
Andrew Lytvynov	decd9893e4	ipn/ipnlocal: validate domain of PopBrowserURL on default control URL (#11394 ) If the client uses the default Tailscale control URL, validate that all PopBrowserURLs are under tailscale.com or *.tailscale.com. This reduces the risk of a compromised control plane opening phishing pages for example. The client trusts control for many other things, but this is one easy way to reduce that trust a bit. Fixes #11393 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	2 years ago
Brad Fitzpatrick	ad33e47270	ipn/{ipnlocal,localapi}: add debug verb to force spam IPN bus NetMap To force the problem in its worst case scenario before fixing it. Updates tailscale/corp#17859 Change-Id: I2c8b8e5f15c7801e1ab093feeafac52ec175a763 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Percy Wegmann	e496451928	ipn,cmd/tailscale,client/tailscale: add support for renaming TailFS shares - Updates API to support renaming TailFS shares. - Adds a CLI rename subcommand for renaming a share. - Renames the CLI subcommand 'add' to 'set' to make it clear that this is an add or update. - Adds a unit test for TailFS in ipnlocal Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	6c160e6321	ipn,tailfs: tie TailFS share configuration to user profile Previously, the configuration of which folders to share persisted across profile changes. Now, it is tied to the user's profile. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	fd942b5384	ipn/ipnlocal: reduce allocations in TailFS share notifications This eliminates unnecessary map.Clone() calls and also eliminates repetitive notifications about the same set of shares. Updates tailscale/corp#16827 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Percy Wegmann	6f66f5a75a	ipn: add comment about thread-safety to StateStore Updates #cleanup Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago
Andrea Gottardo	0cb86468ca	ipn/localapi: add set-gui-visible endpoint Updates tailscale/corp#17859 Provides a local API endpoint to be called from the GUI to inform the backend when the client menu is opened or closed. cc @bradfitz Signed-off-by: Andrea Gottardo <andrea@gottardo.me> Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Signed-off-by: Andrea Gottardo <andrea@gottardo.me>	2 years ago
Percy Wegmann	00373f07ac	ipn/ipnlocal: exclude mullvad exit nodes from TailFS peers list This is a temporary solution to at least omit Mullvad exit nodes from the list of TailFS peers. Once we can identify peers that are actually sharing via TailFS, we can remove this, but for alpha it'll be sufficient to just omit Mullvad. Updates tailscale/corp#17766 Signed-off-by: Percy Wegmann <percy@tailscale.com>	2 years ago

... 3 4 5 6 7 ...

1776 Commits (d05e6dc09e7a36e2b6082ce259e33eb3eecd0c0c)