tailscale

Commit Graph

Author	SHA1	Message	Date
License Updater	d17312265e	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Denton Gentry	4321d1d6e9	scripts/installer.sh: add sle-micro-rancher. Fixes https://github.com/tailscale/tailscale/issues/5633 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
DJRHails	2492ca2900	words: remove misspelling of trex Signed-off-by: DJRHails <hello@hails.info>	1 year ago
Dominic Black	570cb018da	ipn/localapi: require only read permission for WatchIPNBus (#7798 ) Allow calls to `WatchIPNBus` to be permformed by clients with Readonly permissions. This brings it in line with the permissions required for `Status`, which also exposes the similar information. This allows clients to get realtime updates about the tailnet in their own applications, without needing to actively poll the `Status` endpoint. Fixes https://github.com/tailscale/tailscale/issues/7797 Signed-off-by: Dominic Black <dom@encore.dev>	1 year ago
Heiko Rothe	dc1d8826a2	ipn/ipnlocal: [serve/funnel] add forwarded host and proto header (#8224 ) This replicates the headers also sent by the golang reverse proxy by default. Fixes https://github.com/tailscale/tailscale/issues/7061 Signed-off-by: Heiko Rothe <me@heikorothe.com>	1 year ago
Denton Gentry	67882ad35d	scripts/installer.sh: add BlendOS support. Fixes https://github.com/tailscale/tailscale/issues/8100 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Andrew Dunham	07eacdfe92	ipn/ipnlocal: renew certificates based on lifetime Instead of renewing certificates based on whether or not they're expired at a fixed 14-day period in the future, renew based on whether or not we're more than 2/3 of the way through the certificate's lifetime. This properly handles shorter-lived certificates without issue. Updates #8204 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I5e82a9cadc427c010d04ce58c7f932e80dd571ea	1 year ago
License Updater	d06fac0ede	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Andrew Dunham	9d09c821f7	ipn/ipnlocal: add more logging during profile migration Updates tailscale/corp#11883 Change-Id: I3a3ca8f25bfefca139115b25ec4161c069da7e4a Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	1 year ago
Aaron Klotz	2aa8299c37	cmd/tailscaled, util/winutil: log our registry keys during tailscaled startup In order to improve our ability to understand the state of policies and registry settings when troubleshooting, we enumerate all values in all subkeys. x/sys/windows does not already offer this, so we need to call RegEnumValue directly. For now we're just logging this during startup, however in a future PR I plan to also trigger this code during a bugreport. I also want to log more than just registry. Fixes #8141 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Flakes Updater	88ee857bc8	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	1 year ago
Vince Prignano	1a691ec5b2	cmd/k8s-operator: update controller-runtime to v0.15 Fixes #8170 Signed-off-by: Vince Prignano <vince@prigna.com>	1 year ago
Anton Tolchanov	6a156f6243	client/tailscale: support deauthorizing a device This adds a new `SetAuthorized` method that allows setting device authorization to true or false. I chose the method name to be consistent with SetTags. Updates https://github.com/tailscale/corp/issues/10160 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
dependabot[bot]	525b9c806f	.github: bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](`5b4a9f6a9e...284f54f989`) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
David Anderson	fc5b137d25	release/dist/synology: build hi3535 as armv5, not armv7 This platform is technically an armv7, but has no hardware floating point unit. armv5 is the only target Go understands to lack floating point, so use that. Updates #6860 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
David Anderson	32e0ba5e68	release/dist/synology: build synology packages with cmd/dist Updates #8217 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Denton Gentry	399a80785e	wgengine/netstack: use ping6 on BSD platforms Various BSD-derived operating systems including macOS and FreeBSD require that ping6 be used for IPv6 destinations. The "ping" command does not understand an IPv6 destination. FreeBSD 13.x and later do handle IPv6 in the regular ping command, but also retain a ping6 command. We use ping6 on all versions of FreeBSD. Fixes https://github.com/tailscale/tailscale/issues/8225 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
David Anderson	c0b4a54146	release/dist/cli: correctly handle absolute build outputs in manifest Some builders return absolute paths to build products already. When that happens, the manifest writing logic shouldn't tack on another absolute prefix. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	c4fe9c536d	go.toolchain.rev: bump, again For https://go-review.googlesource.com/c/go/+/498398 Updates tailscale/go#63 Updates tailscale/go#64 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
valscale	370b2c37e0	tka: fix go vet complaint on copy of lock value in tailchonk_test.go (#8208 ) go vet complains when we copy a lock value. Create clone function that copies everything but the lock value. Fixes #8207 Signed-off-by: Val <valerie@tailscale.com>	1 year ago
Brad Fitzpatrick	cb94ddb7b8	go.toolchain.rev: bump Updates tailscale/go#63 Updates tailscale/go#64 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrea Gottardo	66f97f4bea	tka: provide authority StateID in NetworkLockStatus response (#8200 ) Fixes #8201. Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Co-authored-by: Andrea Gottardo <andrea@tailscale.com>	1 year ago
Marwan Sulaiman	e32e5c0d0c	portlist: add Poller.IncludeLocalhost option This PR parameterizes receiving loopback updates from the portlist package. Callers can now include services bound to localhost if they want. Note that this option is off by default still. Fixes #8171 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	1 year ago
Will Norris	3d180a16c3	VERSION.txt: this is v1.43.0 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Charlotte Brandhorst-Satzkorn	4e86857313	ssh/tailssh: add ssh session recording failed event type This change introduces a SSHSessionRecordingFailed event type that is used when a session recording fails to start or fails during a session, and the on failure indicates that it should fail open. Updates tailscale/corp#9967 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	1 year ago
salman aljammaz	745ee97973	api.md: update device authorized API docs to allow for deauth (#8162 ) The authorize device API (/api/v2/device/{deviceID}/authorized) will soon allow device deauthorisation. Fixes corp#10160. Signed-off-by: salman <salman@tailscale.com>	1 year ago
Brad Fitzpatrick	a4fd4fd845	ssh/tailssh: fix regression after LDAP support `58ab66ec51` added LDAP support for #4945 by shelling out to getdent. It was supposed to fall back to the old method when getdent wasn't found, but some variable name confusion (uid vs username) meant the old path wasn't calling the right lookup function (user.LookupId instead of user.Lookup). Which meant that changed probably also broke FreeBSD and macOS SSH support in addition to the reported OpenWRT regression. The gokrazy support didn't look right either. Fixes #8180 Change-Id: I273bbe96fe98b2517fbf0335fd476b483c051554 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
James Tucker	e3cb982139	words: shell-ebrating crustacean chaos Hey team! I've been diving deep into the code ocean for the past few hours, tackling those sneaky race conditions that were threatening our database. It was quite the crabby situation, but fear not! It's friday and I've emerged and I'm ready to shell-ebrate with some punny word additions. 🎉 This commit introduces a shell-shocking array of crustaceans to our word list. From the lively lobsters to the clever prawns. Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
valscale	5ae786988c	derp: remove default logging of disconnecting clients (#8163 ) ~97% of the log messages derper outputs are related to the normal non-error state of a client disconnecting in some manner. Add a verbose logging feature that only logs these messages when enabled. Fixes #8024 Signed-off-by: Val <valerie@tailscale.com>	1 year ago
Maisem Ali	0ca8bf1e26	ssh/tailssh: close tty on session close We were only closing on side of the pty/tty pair. Close the other side too. Thanks to @fritterhoff for reporting and debugging the issue! Fixes #8119 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Gabriel Martinez	03e848e3b5	cmd/k8s-operator: add support for priorityClassName Updates #8155 Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt>	1 year ago
Derek Kaser	7c88eeba86	cmd/tailscale: allow Tailscale to work with Unraid web interface (#8062 ) Updates tailscale/tailscale#8026 Signed-off-by: Derek Kaser <derek.kaser@gmail.com>	1 year ago
Sonia Appasamy	f0ee03dfaf	cmd/tailscale/cli: [serve] add reset flag Usage: `tailscale serve reset` Fixes #8139 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	1 year ago
Brad Fitzpatrick	4664318be2	client/tailscale: revert CreateKey API change, add Client.CreateKeyWithExpiry The client/tailscale is a stable-ish API we try not to break. Revert the Client.CreateKey method as it was and add a new CreateKeyWithExpiry method to do the new thing. And document the expiry field and enforce that the time.Duration can't be between in range greater than 0 and less than a second. Updates #7143 Updates #8124 (reverts it, effectively) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
shayne	678bb92bb8	cmd/tailscale/cli: [up] fix CreateKey missing argument (#8124 ) Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
Matt Brown	9b6e48658f	client: allow the expiry time to be specified for new keys Adds a parameter for create key that allows a number of seconds (less than 90) to be specified for new keys. Fixes https://github.com/tailscale/tailscale/issues/7965 Signed-off-by: Matthew Brown <matthew@bargrove.com>	1 year ago
Maisem Ali	85215ed58a	cmd/k8s-operator: handle NotFound secrets getSingleObject can return `nil, nil`, getDeviceInfo was not handling that case which resulted in panics. Fixes #7303 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	b69059334b	util/set: add a basic map-based Set type We have two other types of Sets here. Add the basic obvious one too. Needed for a change elsewhere. Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Joe Tsai	84c99fe0d9	logtail: be less aggressive about re-uploads (#8117 ) The retry logic was pathological in the following ways: * If we restarted the logging service, any pending uploads would be placed in a retry-loop where it depended on backoff.Backoff, which was too aggresive. It would retry failures within milliseconds, taking at least 10 retries to hit a delay of 1 second. * In the event where a logstream was rate limited, the aggressive retry logic would severely exacerbate the problem since each retry would also log an error message. It is by chance that the rate of log error spam does not happen to exceed the rate limit itself. We modify the retry logic in the following ways: * We now respect the "Retry-After" header sent by the logging service. * Lacking a "Retry-After" header, we retry after a hard-coded period of 30 to 60 seconds. This avoids the thundering-herd effect when all nodes try reconnecting to the logging service at the same time after a restart. * We do not treat a status 400 as having been uploaded. This is simply not the behavior of the logging service. Updates #tailscale/corp#11213 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
James Tucker	da90fab899	net/netcheck: reenable TestBasic on Windows This test was either fixed by intermediate changes or was mis-flagged as failing during #7876 triage. Updates #7876 Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
James Tucker	ca49b29582	tsnet: reenable TestLoopbackSOCKS5 on Windows This test was either fixed in the intermediate time or mis-flagged during the #7876 triage, but is now passing. Updates #7876 Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
Brad Fitzpatrick	cb2fd5be92	cmd/tsconnect: fix forgotten API change for wasm Fix regression from `6e967446e4` Updates #8036 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	d27a6e1c53	tool/gocross: fix incorrect relpath usage in bootstrap script The subshell in which gocross gets built cd's to the corp checkout dir near the top, so all future references to corp repository files should be simple relative paths, and not reference $repo_root. When $repo_root is an absolute path, it doesn't matter and everything works out, but on some OSes and shells and invocations, $repo_root is a completely relative path that is invalidated by the "cd". Fixes tailscale/corp#11183 Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	4f454f4122	util/codegen: support embedded fields I noticed cmd/{cloner,viewer} didn't support structs with embedded fields while working on a change in another repo. This adds support. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Will Norris	ea84fc9ad2	net/sockstats: wait before reporting battery usage Wait 2 minutes before we start reporting battery usage. There is always radio activity on initial startup, which gets reported as 100% high power usage. Let that settle before we report usage data. Updates tailscale/corp#9230 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
salman	1ce08256c0	release/dist: add deb/rpm arch mappings for mipses According to https://wiki.debian.org/SupportedArchitectures Debian does not support big-endian mips64, so that one remains disabled. According to https://fedoraproject.org/wiki/Architectures Fedora only supports little-endian mips, so leaving both big-endian ones out too. Updates #8005. Signed-off-by: salman <salman@tailscale.com>	1 year ago
Craig Rodrigues	827abbeeaa	cmd/k8s-operator: print version in startup logs Fixes: #7813 Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org>	1 year ago
License Updater	d1ecb1f43b	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Brad Fitzpatrick	a743b66f9d	ssh/tailssh: move some user-related code into new user.go The previous commit `58ab66e` added ssh/tailssh/user.go as part of working on #4945. So move some more user-related code over to it. Updates #cleanup Change-Id: I24de66df25ffb8f867e1a0a540d410f9ef16d7b0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	58ab66ec51	ssh/tailssh: support LDAP users for Tailscale SSH Fixes #4945 Change-Id: Ie013cb47684cb87928a44f92c66352310bfe53f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago

1 2 3 4 5 ...

5770 Commits (d17312265ed476e1e693e36a138bd82d98413e03) All Branches Search

5770 Commits (d17312265ed476e1e693e36a138bd82d98413e03)

All Branches