tailscale

Commit Graph

Author	SHA1	Message	Date
Rhea Ghosh	d2684863c2	VERSION.txt: this is v1.40.1 Signed-off-by: Rhea Ghosh <rhea@tailscale.com>	1 year ago
Will Norris	ba3ff98da1	net/sockstats: wait before reporting battery usage Wait 2 minutes before we start reporting battery usage. There is always radio activity on initial startup, which gets reported as 100% high power usage. Let that settle before we report usage data. Updates tailscale/corp#9230 Signed-off-by: Will Norris <will@tailscale.com> (cherry picked from commit `ea84fc9ad2`)	1 year ago
Brad Fitzpatrick	2e44616dd8	ssh/tailssh: support LDAP users for Tailscale SSH Fixes #4945 Change-Id: Ie013cb47684cb87928a44f92c66352310bfe53f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `58ab66ec51`)	1 year ago
Brad Fitzpatrick	176939fa53	ipn/ipnlocal: bound how long cert fetchher checks for existing DNS records It was supposed to be best effort but in some cases (macsys at least, per @marwan-at-work) it hangs and exhausts the whole context.Context deadline so we fail to make the SetDNS call to the server. Updates #8067 Updates #3273 etc Change-Id: Ie1f04abe9689951484748aecdeae312afbafdb0f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com> (cherry picked from commit `8864112a0c`)	1 year ago
Maisem Ali	c6ebbddfed	ssh/tailssh: restore support for recording locally We removed it earlier in `916aa782af`, but we still want to support it for some time longer. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `be190e990f`)	1 year ago
salman	42e993e863	release/dist: add deb/rpm arch mappings for mipses According to https://wiki.debian.org/SupportedArchitectures Debian does not support big-endian mips64, so that one remains disabled. According to https://fedoraproject.org/wiki/Architectures Fedora only supports little-endian mips, so leaving both big-endian ones out too. Updates #8005. Signed-off-by: salman <salman@tailscale.com> (cherry picked from commit `1ce08256c0`)	1 year ago
Craig Rodrigues	05493383ef	cmd/k8s-operator: print version in startup logs Fixes: #7813 Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org> (cherry picked from commit `827abbeeaa`)	1 year ago
Maisem Ali	de26c1c3fa	net/tstun: handle exit nodes in NAT configs In the case where the exit node requires SNAT, we would SNAT all traffic not just the traffic meant to go through the exit node. This was a result of the default route being added to the routing table which would match basically everything. In this case, we need to account for all peers in the routing table not just the ones that require NAT. Fix and add a test. Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com> (cherry picked from commit `3ae7140690`)	1 year ago
Denton Gentry	9bdaece3d7	VERSION.txt: this is v1.40.0 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Brad Fitzpatrick	1e876a3c1d	ipn/ipnlocal: fix fmt format arg type mismatch in log line It was printing like "v0xxxxxxxx" after version.Long became a func in `8b2ae47c31`. Fixes #7976 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	a8f10c23b2	cmd/tailscale/cli: [up] reuse --advertise-tags for OAuth key generation We need to always specify tags when creating an AuthKey from an OAuth key. Check for that, and reuse the `--advertise-tags` param. Updates #7982 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	b2b5379348	cmd/tailscale/cli: [up] change oauth authkey format Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	13de36303d	cmd/tailscale/cli: [up] add experimental oauth2 authkey support Updates #7982 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
James Tucker	095d3edd33	ipn/ipnlocal: reenable profile tests on Windows This fix does not seem ideal, but the test infrastructure using a local goos doesn't seem to avoid all of the associated challenges, but is somewhat deeply tied to the setup. The core issue this addresses for now is that when run on Windows there can be no code paths that attempt to use an invalid UID string, which on Windows is described in [1]. For the goos="linux" tests, we now explicitly skip the affected migration code if runtime.GOOS=="windows", and for the Windows test we explicitly use the running users uid, rather than just the string "user1". We also now make the case where a profile exists and has already been migrated a non-error condition toward the outer API. Updates #7876 [1] https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
James Tucker	43819309e1	.github/workflows: split tests and benchmarks for caching Benchmark flags prevent test caching, so benchmarks are now executed independently of tests. Fixes #7975 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Maisem Ali	1b8a0dfe5e	ssh/tailssh: also handle recording upload failure during writes Previously we would error out when the recording server disappeared after the in memory buffer filled up for the io.Copy. This makes it so that we handle failing open correctly in that path. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
shayne	018a382729	cmd/tailscale/cli: [serve] fix MinGW path conversion (#7964 ) Fixes #7963 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	1 year ago
License Updater	2e07245384	licenses: update android licenses Signed-off-by: License Updater <noreply@tailscale.com>	1 year ago
License Updater	aa87e999dc	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Maisem Ali	f58751eb2b	net/packet: add NAT support for DCCP and GRE Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Marwan Sulaiman	ce11c82d51	ipn/store/awsstore: persist state with intelligent tiering Fixes #6784 This PR makes it so that we can persist the tailscaled state with intelligent tiering which increases the capacity from 4kb to 8kb Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	1 year ago
Brad Fitzpatrick	90ba26cea1	net/netcheck: fix crash when IPv6 kinda but not really works Looks like on some systems there's an IPv6 address, but then opening a IPv6 UDP socket fails later. Probably some firewall. Tolerate it better and don't crash. To repro: check the "udp6" to something like "udp7" (something that'll fail) and run "go run ./cmd/tailscale netcheck" on a machine with active IPv6. It used to crash and now it doesn't. Fixes #7949 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	7778d708a6	ssh/tailssh: handle dialing multiple recorders and failing open This adds support to try dialing out to multiple recorders each with a 5s timeout and an overall 30s timeout. It also starts respecting the actions `OnRecordingFailure` field if set, if it is not set it fails open. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	f66ddb544c	tailcfg: add SSHRecorderFailureAction and SSHRecordingFailureNotifyRequest This allows control to specify how to handle situations where the recorder isn't available. Updates tailscale/corp#9967 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Flakes Updater	e3b2250e26	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply@tailscale.com>	1 year ago
Andrew Dunham	6f521c138d	tailcfg: add CanPort80 field to DERPNode A follow-up PR will start using this field after we set it in our production DERPMap. Updates #7925 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Idb41b79e6055dddb8944f79d91ad4a186ace98c7	1 year ago
Andrew Dunham	04a3118d45	net/tstun: add tests for captureHook Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I630f852d9f16c951c721b34f2bc4128e68fe9475	1 year ago
Denton Gentry	c791e64881	scripts/installer: add Deepin, RisiOS. Fixes https://github.com/tailscale/tailscale/issues/7862 Fixes https://github.com/tailscale/tailscale/issues/7899 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago
Mihai Parparita	7330aa593e	all: avoid repeated default interface lookups On some platforms (notably macOS and iOS) we look up the default interface to bind outgoing connections to. This is both duplicated work and results in logspam when the default interface is not available (i.e. when a phone has no connectivity, we log an error and thus cause more things that we will try to upload and fail). Fixed by passing around a netmon.Monitor to more places, so that we can use its cached interface state. Fixes #7850 Updates #7621 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Will Norris	7f17e04a5a	log/sockstatlog: bump logInterval to 10 seconds We are seeing indications that some devices are still getting into an upload loop. Bump logInterval in case these devices are on slow connections that are taking more than 3 seconds to uploads sockstats. Updates #7719 Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Mihai Parparita	4722f7e322	all: move network monitoring from wgengine/monitor to net/netmon We're using it in more and more places, and it's not really specific to our use of Wireguard (and does more just link/interface monitoring). Also removes the separate interface we had for it in sockstats -- it's a small enough package (we already pull in all of its dependencies via other paths) that it's not worth the extra complexity. Updates #7621 Updates #7850 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Andrew Dunham	3ede3aafe4	ipn/localapi: also verify STUN queries work in 'debug derp' Updates #6526 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I274b7ed53ee0be3fb94fdb00cafe06a1d676e1cf	1 year ago
James Tucker	f844791e15	safesocket: enable test to run on Windows unpriviliged I manually tested that the code path that relaxes pipe permissions is not executed when run with elevated priviliges, and the test also passes in that case. Updates #7876 Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
James Tucker	cd35a79136	syncs: relax TestWatchMultipleValues timing on Windows The test is re-enabled for Windows with a relaxed time assertion. On Windows the runtime poller currently does not have sufficient resolution to meet the normal requirements for this test. See https://github.com/golang/go/issues/44343 for background. Updates #7876 Signed-off-by: James Tucker <jftucker@gmail.com>	1 year ago
Andrew Dunham	f85dc6f97c	ci: add more lints (#7909 ) This is a follow-up to #7905 that adds two more linters and fixes the corresponding findings. As per the previous PR, this only flags things that are "obviously" wrong, and fixes the issues found. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8739bdb7bc4f75666a7385a7a26d56ec13741b7c	1 year ago
dependabot[bot]	5acc7c4b1e	.github: Bump ruby/action-slack from 3.0.0 to 3.2.1 Bumps [ruby/action-slack](https://github.com/ruby/action-slack) from 3.0.0 to 3.2.1. - [Release notes](https://github.com/ruby/action-slack/releases) - [Commits](https://github.com/ruby/action-slack/compare/v3.0.0...v3.2.1) --- updated-dependencies: - dependency-name: ruby/action-slack dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
dependabot[bot]	c328770184	.github: Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.4 to 5.0.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](`38e0b6e68b...5b4a9f6a9e`) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
License Updater	588a234fdc	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	1 year ago
Maisem Ali	c3ef6fb4ee	ipn/ipnlocal: handle masquerade addresses in PeerAPI Without this, the peer fails to do anything over the PeerAPI if it has a masquerade address. ``` Apr 19 13:58:15 hydrogen tailscaled[6696]: peerapi: invalid request from <ip>:58334: 100.64.0.1/32 not found in self addresses ``` Updates #8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Maisem Ali	85de580455	net/tsdial: do not use proxies when dialing out to PeerAPI Found this when adding a test that does a ping over PeerAPI. Our integration tests set up a trafficTrap to ensure that tailscaled does not call out to the internet, and it does so via a HTTP_PROXY. When adding a test for pings over PeerAPI, it triggered the trap and investigation lead to the realization that we were not removing the Proxy when trying to dial out to the PeerAPI. Updates tailscale/corp#8020 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Mihai Parparita	d0906cda97	net/sockstats: expose debug info Exposes some internal state of the sockstats package via the C2N and PeerAPI endpoints, so that it can be used for debugging. For now this includes the estimated radio on percentage and a second-by-second view of the times the radio was active. Also fixes another off-by-one error in the radio on percentage that was leading to >100% values (if n seconds have passed since we started to monitor, there may be n + 1 possible seconds where the radio could have been on). Updates tailscale/corp#9230 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Will Norris	7c386ca6d2	net/sockstats: fix calculation of radio power usage When splitting the radio monitor usage array, we were splitting at now % 3600 to get values into chronological order. This caused the value for the final second to be included at the beginning of the ordered slice rather than the end. If there was activity during that final second, an extra five seconds of high power usage would get recorded in some cases. This could result in a final calculation of greater than 100% usage. This corrects that by splitting values at (now+1 % 3600). This also simplifies the percentage calculation by always rounding values down, which is sufficient for our usage. Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
License Updater	7f057d7489	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	1 year ago
Mihai Parparita	c7cea825ae	net/netns: don't log errors when we can't get the default route on Darwin It's somewhat common (e.g. when a phone has no reception), and leads to lots of logspam. Updates #7850 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
Andrew Dunham	280255acae	various: add golangci-lint, fix issues (#7905 ) This adds an initial and intentionally minimal configuration for golang-ci, fixes the issues reported, and adds a GitHub Action to check new pull requests against this linter configuration. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8f38fbc315836a19a094d0d3e986758b9313f163	1 year ago
Joe Tsai	ff1b35ec6c	net/connstats: exclude traffic with internal Tailscale service (#7904 ) Exclude traffic with 100.100.100.100 (for IPv4) and with fd7a:115c:a1e0::53 (for IPv6) since this traffic with the Tailscale service running locally on the node. This traffic never left the node. It also happens to be a high volume amount of traffic since DNS requests occur over UDP with each request coming from a unique port, thus resulting in many discrete traffic flows. Fixes tailscale/corp#10554 Signed-off-by: Joe Tsai <joetsai@digital-static.net>	1 year ago
Mihai Parparita	9a655a1d58	net/dnsfallback: more explicitly pass through logf function Redoes the approach from #5550 and #7539 to explicitly pass in the logf function, instead of having global state that can be overridden. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	1 year ago
dependabot[bot]	28cb1221ba	.github: Bump actions/setup-go from 3 to 4 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
Brad Fitzpatrick	d5a870b4dc	wgengine/monitor: add --monitor-duration flag to opt-in TestMonitorMode TestMonitorMode skips by default, without the --monitor flag, and then it previously ran forever. This adds an option --monitor-duration flag that defaults to zero (run forever) but if non-zero bounds how long the tests runs. This means you can then also use e.g. `go test --cpuprofile` and capture a CPU/mem profile for a minute or two. Updates #7621 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	162488a775	net/interfaces: cache "home" router lookup on big Linux routers This is a continuation of the earlier `2a67beaacf` but more aggressive; this now remembers that we failed to find the "home" router IP so we don't try again later on the next call. Updates #7621 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago

1 2 3 4 5 ...

5682 Commits (d2684863c20404422fe0b35d9dba965359e02705) All Branches Search

5682 Commits (d2684863c20404422fe0b35d9dba965359e02705)

All Branches