tailscale

Commit Graph

Author	SHA1	Message	Date
License Updater	d8bfb7543e	licenses: update win/apple licenses Signed-off-by: GitHub <noreply@github.com>	2 years ago
James Tucker	265b008e49	wgengine: fix race on endpoints in getStatus Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Bertrand Lorentz	a5ad57472a	cli/cert: Fix help message for --key-file Signed-off-by: Bertrand Lorentz <bertrand.lorentz@gmail.com>	2 years ago
Xe Iaso	3564fd61b5	cmd/gitops-pusher: standardize hujson before posting to validate (#5525 ) Apparently the validate route doesn't check content-types or handle hujson with comments correctly. This patch makes gitops-pusher convert the hujson to normal json. Signed-off-by: Xe <xe@tailscale.com> Signed-off-by: Xe <xe@tailscale.com>	2 years ago
nyghtowl	cfbbcf6d07	cmd/nginx-auth/nginx-auth: update auth to allow for new domains With MagicDNS GA, we are giving every tailnet a tailnet-<hex>.ts.net name. We will only parse out if legacy domains include beta.tailscale.net; otherwise, set tailnet to the full domain format going forward. Signed-off-by: nyghtowl <warrick@tailscale.com>	2 years ago
License Updater	9c66dce8e0	licenses: update win/apple licenses Signed-off-by: GitHub <noreply@github.com>	2 years ago
Brad Fitzpatrick	e470893ba0	wgengine/magicsock: use mak in another spot Change-Id: I0a46d6243371ae6d126005a2bd63820cb2d1db6b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Dunham	c72caa6672	wgengine/magicsock: use AF_PACKET socket + BPF to read disco messages This is entirely optional (i.e. failing in this code is non-fatal) and only enabled on Linux for now. Additionally, this new behaviour can be disabled by setting the TS_DEBUG_DISABLE_AF_PACKET environment variable. Updates #3824 Replaces #5474 Co-authored-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Mihai Parparita	58f35261d0	cmd/tsconnect: remove debugging code Remove test prefix added to validate the error code from `27f36f77c3`. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Tom DNetto	be95aebabd	tka: implement credential signatures (key material delegation) This will be needed to support preauth-keys with network lock in the future, so getting the core mechanics out of the way now. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
License Updater	490acdefb6	licenses: update android licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
License Updater	84b74825f0	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply@tailscale.com>	2 years ago
Brad Fitzpatrick	9bd9f37d29	go.mod: bump wireguard/windows, which moves to using net/netip Updates #5162 Change-Id: If99a3f0000bce0c01bdf44da1d513f236fd7cdf8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Charlotte Brandhorst-Satzkorn	185f2e4768	words: this title should have been a pun, but I chickened out (#5506 ) Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com> Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	2 years ago
Denton Gentry	53e08bd7ea	VERSION.txt: this is 1.31 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	2 years ago
Andrew Dunham	70ed22ccf9	util/uniq: add ModifySliceFunc (#5504 ) Follow-up to #5491. This was used in control... oops! Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Tom DNetto	7ca17b6bdb	tka: validate key after UpdateKey before applying state Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Andrew Dunham	e945d87d76	util/uniq: use generics instead of reflect (#5491 ) This takes 75% less time per operation per some benchmarks on my mac. Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Andrew Dunham	1ac4a26fee	ipn/localapi: send Tailscale version in ACME User-Agent (#5499 ) Requested by a friend at Let's Encrypt. Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Brad Fitzpatrick	761163815c	tailcfg: add Hostinfo.Userspace{,Router} bits Change-Id: Iad47f904872f2df146c1f63945f79cfddeac7fe8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	9f6c8517e0	net/dns: set OS DNS to 100.100.100.100 for route-less ExtraRecords [cap 41] If ExtraRecords (Hosts) are specified without a corresponding split DNS route and global DNS is specified, then program the host OS DNS to use 100.100.100.100 so it can blend in those ExtraRecords. Updates #1543 Change-Id: If49014a5ecc8e38978ff26e54d1f74fe8dbbb9bc Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Mihai Parparita	27f36f77c3	cmd/tsconnect: output errors to the JS console too We were just outputting them to the terminal, but that's hard to debug because we immediately tear down the terminal when getting an error. Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Xe Iaso	122bd667dc	cmd/gitops-pusher: be less paranoid about external modifications (#5488 ) This makes a "modified externally" error turn into a "modified externally" warning. It means CI won't fail if someone does something manually in the admin console. Signed-off-by: Xe <xe@tailscale.com>	2 years ago
Joe Tsai	21cd402204	logtail: do not log when backing off (#5485 )	2 years ago
Denton Gentry	0ae0439668	docs/k8s: add IPv6 forwarding in proxy.yaml Fixes https://github.com/tailscale/tailscale/issues/4999 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	2 years ago
Denton Gentry	6dcc6313a6	CI: add `go mod tidy` workflow Fixes https://github.com/tailscale/tailscale/issues/4567 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	2 years ago
Denton Gentry	78dbb59a00	CI: make all workflows get Go version from go.mod The next time we update the toolchain, all of the CI Actions will automatically use it when go.mod is updated. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	2 years ago
Joe Tsai	7e40071571	util/deephash: handle slice edge-cases (#5471 ) It is unclear whether the lack of checking nil-ness of slices was an oversight or a deliberate feature. Lacking a comment, the assumption is that this was an oversight. Also, expand the logic to perform cycle detection for recursive slices. We do this on a per-element basis since a slice is semantically equivalent to a list of pointers. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
James Tucker	90dc0e1702	wgengine: remove unused singleflight group Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Mihai Parparita	2c18517121	cmd/tsconnect: add npm publish workflow Adds an on-demand GitHub Action that publishes the package to the npm registry (currently under tailscale-connect, will be moved to @tailscale/connect once we get control of the npm org). Makes the package.json for the NPM package be dynamically generated to have the current Tailscale client version. Updates #5415 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Andrew Dunham	d6c3588ed3	wgengine/wgcfg: only write peer headers if necessary (#5449 ) On sufficiently large tailnets, even writing the peer header (~95 bytes) can result in a large amount of data that needs to be serialized and deserialized. Only write headers for peers that need to have their configuration changed. Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
James Tucker	81dba3738e	wgengine: remove all peer status from open timeout diagnostics Avoid contention from fetching status for all peers, and instead fetch status for a single peer. Updates tailscale/coral#72 Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
James Tucker	ad1cc6cff9	wgengine: use Go API rather than UAPI for status Signed-off-by: James Tucker <james@tailscale.com>	2 years ago
Maisem Ali	68d9d161f4	net/dns: [win] fix regression in disableDynamicUpdate Somehow I accidentally set the wrong registry value here. It should be DisableDynamicUpdate=1 and not EnableDNSUpdate=0. This is a regression from `545639e`. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	c66f99fcdc	tailcfg, control/controlclient, ipn/ipnlocal: add c2n (control-to-node) system This lets the control plane can make HTTP requests to nodes. Then we can use this for future things rather than slapping more stuff into MapResponse, etc. Change-Id: Ic802078c50d33653ae1f79d1e5257e7ade4408fd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	08b3f5f070	wgengine/wgint: add shady temporary package to get at wireguard internals For #5451 Change-Id: I43482289e323ba9142a446d551ab7a94a467c43a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Nahum Shalman	66d7d2549f	logger: migrate rusage syscall use to x/sys/unix This will be helpful for illumos (#697) and should be safe everywhere else. Signed-off-by: Nahum Shalman <nahamu@gmail.com>	2 years ago
Nahum Shalman	d20392d413	cmd/tailscale: add emoji for illumos in status subcommand Signed-off-by: Nahum Shalman <nahamu@gmail.com>	2 years ago
Andrew Dunham	58cc049a9f	util/cstruct: add package for decoding padded C structures (#5429 ) I was working on my "dump iptables rules using only syscalls" branch and had a bunch of C structure decoding to do. Rather than manually calculating the padding or using unsafe trickery to actually cast variable-length structures to Go types, I'd rather use a helper package that deals with padding for me. Padding rules were taken from the following article: http://www.catb.org/esr/structure-packing/ Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Andrew Dunham	9b77ac128a	wgengine: print in-flight operations on watchdog trigger (#5447 ) In addition to printing goroutine stacks, explicitly track all in-flight operations and print them when the watchdog triggers (along with the time they were started at). This should make debugging watchdog failures easier, since we can look at the longest-running operation(s) first. Signed-off-by: Andrew Dunham <andrew@tailscale.com> Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Andrew Dunham	e1738ea78e	chirp: add a 10s timeout when communicating with BIRD (#5444 ) Prior to this change, if BIRD stops responding wgengine.watchdogEngine will crash tailscaled. This happens because in wgengine.userspaceEngine, we end up blocking forever trying to write a request to or read a response from BIRD with wgLock held, and then future watchdog'd calls will block on acquiring that mutex until the watchdog kills the process. With the timeout, we at least get the chance to print an error message and decide whether we want to crash or not. Updates tailscale/coral#72 Signed-off-by: Andrew Dunham <andrew@tailscale.com> Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Joe Tsai	9bf13fc3d1	util/deephash: remove getTypeInfo (#5469 ) Add a new lookupTypeHasher function that is just a cached front-end around the makeTypeHasher function. We do not need to worry about the recursive type cycle issue that made getTypeInfo more complicated since makeTypeHasher is not directly recursive. All calls to itself happen lazily through a sync.Once upon first use. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	ab7e6f3f11	util/deephash: require pointer in API (#5467 ) The entry logic of Hash has extra complexity to make sure we always have an addressable value on hand. If not, we heap allocate the input. For this reason we document that there are performance benefits to always providing a pointer. Rather than documenting this, just enforce it through generics. Also, delete the unused HasherForType function. It's an interesting use of generics, but not well tested. We can resurrect it from code history if there's a need for it. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	c5b1565337	util/deephash: move pointer and interface logic to separate function (#5465 ) This helps pprof better identify which Go kinds take the most time since the kind is always in the function name. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	d2e2d8438b	util/deephash: move map logic to separate function (#5464 ) This helps pprof better identify which Go kinds take the most time since the kind is always in the function name. There is a minor adjustment where we hash the length of the map to be more on the cautious side. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	23c3831ff9	util/deephash: coalesce struct logic (#5466 ) Rather than having two copies []fieldInfo, just maintain one and perform merging in the same pass. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	296b008b9f	util/deephash: move array and slice logic to separate function (#5463 ) This helps pprof better identify which Go kinds take the most time since the kind is always in the function name. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	31bf3874d6	util/deephash: use unsafe.Pointer instead of reflect.Value (#5459 ) Use of reflect.Value.SetXXX panics if the provided argument was obtained from an unexported struct field. Instead, pass an unsafe.Pointer around and convert to a reflect.Value when necessary (i.e., for maps and interfaces). Converting from unsafe.Pointer to reflect.Value guarantees that none of the read-only bits will be populated. When running in race mode, we attach type information to the pointer so that we can type check every pointer operation. This also type-checks that direct memory hashing is within the valid range of a struct value. We add test cases that previously caused deephash to panic, but now pass. Performance: name old time/op new time/op delta Hash 14.1µs ± 1% 14.1µs ± 1% ~ (p=0.590 n=10+9) HashPacketFilter 2.53µs ± 2% 2.44µs ± 1% -3.79% (p=0.000 n=9+10) TailcfgNode 1.45µs ± 1% 1.43µs ± 0% -1.36% (p=0.000 n=9+9) HashArray 318ns ± 2% 318ns ± 2% ~ (p=0.541 n=10+10) HashMapAcyclic 32.9µs ± 1% 31.6µs ± 1% -4.16% (p=0.000 n=10+9) There is a slight performance gain due to the use of unsafe.Pointer over reflect.Value methods. Also, passing an unsafe.Pointer (1 word) on the stack is cheaper than passing a reflect.Value (3 words). Performance gains are diminishing since SHA-256 hashing now dominates the runtime. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	e0c5ac1f02	util/deephash: add debug printer (#5460 ) When built with "deephash_debug", print the set of HashXXX methods. Example usage: $ go test -run=GetTypeHasher/string_slice -tags=deephash_debug U64(2)+U64(3)+S("foo")+U64(3)+S("bar")+FIN Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Andrew Dunham	e8f09d24c7	wgengine: use a singleflight.Group to reduce status contention (#5450 ) Updates tailscale/coral#72 Signed-off-by: Andrew Dunham <andrew@tailscale.com> Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago

1 2 3 4 5 ...

4424 Commits (d8bfb7543e46163a4963e33f967c81df9aed64d5) All Branches Search

4424 Commits (d8bfb7543e46163a4963e33f967c81df9aed64d5)

All Branches