tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	da8def8e13	all: remove old +build tags The //go:build syntax was introduced in Go 1.17: https://go.dev/doc/go1.17#build-lines gofmt has kept the +build and go:build lines in sync since then, but enough time has passed. Time to remove them. Done with: perl -i -npe 's,^// \+build.*\n,,' $(git grep -l -F '+build') Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	6afe26575c	ipn: make Notify.Prefs be a *ipn.PrefsView It is currently a `ipn.PrefsView` which means when we do a JSON roundtrip, we go from an invalid Prefs to a valid one. This makes it a pointer, which fixes the JSON roundtrip. This was introduced in `0957bc5af2`. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	e55ae53169	tailcfg: add Node.UnsignedPeerAPIOnly to let server mark node as peerapi-only capver 48 Change-Id: I20b2fa81d61ef8cc8a84e5f2afeefb68832bd904 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Dunham	e975cb6b05	ipn/ipnlocal: fix test flake when we log after a test completes This switches from using an atomic.Bool to a mutex for reasons that are described in the commit, and should address the flakes that we're still seeing. Fixes #3020 Change-Id: I4e39471c0eb95886db03020ea1ccf688c7564a11 Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Tom DNetto	0af57fce4c	cmd/tailscale,ipn: implement lock sign command Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	910db02652	client/tailscale, tsnet, ipn/ipnlocal: prove nodekey ownership over noise Fixes #5972 Change-Id: Ic33a93d3613ac5dbf172d6a8a459ca06a7f9e547 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	d98305c537	cmd,ipn/ipnlocal,tailcfg: implement TKA disablement * Plumb disablement values through some of the internals of TKA enablement. * Transmit the node's TKA hash at the end of sync so the control plane understands each node's head. * Implement /machine/tka/disable RPC to actuate disablement on the control plane. There is a partner PR for the control server I'll send shortly. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Anton Tolchanov	193afe19cb	ipn/ipnlocal: add tags and a few other details to self status This makes tags, creation time, exit node option and primary routes for the current node exposed via `tailscale status --json` Signed-off-by: Anton Tolchanov <anton@tailscale.com>	2 years ago
Mihai Parparita	4e6e3bd13d	ipn/ipnlocal: fix a log line having function pointers instead of values Followup to using ipn.PrefsView (#6031). Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Maisem Ali	2a9ba28def	ipn/ipnlocal: set prefs before calling tkaSyncIfNeeded Caught this in a test in a different repo. Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	9f39c3b10f	ipn/ipnlocal: make EditPrefs strip private keys before returning Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	a2d15924fb	types/persist: add PublicNodeKey helper Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Maisem Ali	0957bc5af2	ipn/ipnlocal: use ipn.PrefsView Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	def089f9c9	portlist: unexport all Poller fields, removing unused one, rework channels Poller.C and Poller.c were duplicated for one caller. Add an accessor returning the receive-only version instead. It'll inline. Poller.Err was unused. Remove. Then Poller is opaque. The channel usage and shutdown was a bit sketchy. Clean it up. And document some things. Change-Id: I5669e54f51a6a13492cf5485c83133bda7ea3ce9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	9475801ebe	ipn/ipnlocal: fix E.G.G. port number accounting Change-Id: Id35461fdde79448372271ba54f6e6af586f2304d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	630bcb5b67	tsnet,client/tailscale: add APIClient which runs API over Noise. Updates tailscale/corp#4383 Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Andrew Dunham	c32f9f5865	cmd/tailscale, ipn: enable debug logs when --report flag is passed to bugreport (#5830 ) Change-Id: Id22e9f4a2dcf35cecb9cd19dd844389e38c922ec Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Tom DNetto	a515fc517b	ipn/ipnlocal: make tkaSyncIfNeeded exclusive with a mutex Running corp/ipn#TestNetworkLockE2E has a 1/300 chance of failing, and deskchecking suggests thats whats happening are two netmaps are racing each other to be processed through tkaSyncIfNeededLocked. This happens in the first place because we release b.mu during network RPCs. To fix this, we make the tka sync logic an exclusive section, so two netmaps will need to wait for tka sync to complete serially (which is what we would want anyway, as the second run through probably wont need to sync). Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	227777154a	control/controlclient,ipn/ipnlocal,tailcfg: rotate node-key signature on register CAPVER 47 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	6d76764f37	ipn/ipnlocal: fix taildrop target list UI bug The macOS and iOS apps that used the /localapi/v0/file-targets handler were getting too many candidate targets. They wouldn't actually accept the file. This is effectively just a UI glitch in the wrong hosts being listed as valid targets from the source side. Change-Id: I6907a5a1c3c66920e5ec71601c044e722e7cb888 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	a37ee8483f	ipn/ipnlocal: fix data race from missing lock in NetworkLockStatus Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	8602061f32	ipn/ipnlocal,tka: Fix bugs found by integration testing * tka.State.staticValidateCheckpoint could call methods on a contained key prior to calling StaticValidate on that key * Remove broken backoff / RPC retry logic from tka methods in ipn/ipnlocal, to be fixed at a later time * Fix NetworkLockModify() which would attempt to take b.mu twice and deadlock, remove now-unused dependence on netmap * Add methods on ipnlocal.LocalBackend to be used in integration tests * Use TAILSCALE_USE_WIP_CODE as the feature flag so it can be manipulated in tests Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	73db56af52	ipn/ipnlocal: filter peers with bad signatures when tka is enabled Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	1841d0bf98	wgengine/magicsock: make debug-level stuff not logged by default And add a CLI/localapi and c2n mechanism to enable it for a fixed amount of time. Updates #1548 Change-Id: I71674aaf959a9c6761ff33bbf4a417ffd42195a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Mihai Parparita	8343b243e7	all: consistently initialize Logf when creating tsdial.Dialers Most visible when using tsnet.Server, but could have resulted in dropped messages in a few other places too. Fixes #5743 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Josh Soref	d4811f11a0	all: fix spelling mistakes Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2 years ago
Adrian Dewhurst	c581ce7b00	cmd/tailscale, client, ipn, tailcfg: add network lock modify command Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	2 years ago
Tom DNetto	58ffe928af	ipn/ipnlocal, tka: Implement TKA synchronization with the control plane Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	ebd1637e50	ipn/ipnlocal,tailcfg: Identify client using NodeKey in tka RPCs Updates https://github.com/tailscale/corp/pull/7024 Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	9bdf0cd8cd	ipn/ipnlocal: add c2n /debug/{goroutines,prefs,metrics} * and move goroutine scrubbing code to its own package for reuse * bump capver to 45 Change-Id: I9b4dfa5af44d2ecada6cc044cd1b5674ee427575 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Dunham	b1867457a6	doctor: add package for running in-depth healthchecks; use in bugreport (#5413 ) Change-Id: Iaa4e5b021a545447f319cfe8b3da2bd3e5e5782b Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Andrew Dunham	e1bdbfe710	tailcfg, control/controlhttp, control/controlclient: add ControlDialPlan field (#5648 ) * tailcfg, control/controlhttp, control/controlclient: add ControlDialPlan field This field allows the control server to provide explicit information about how to connect to it; useful if the client's link status can change after the initial connection, or if the DNS settings pushed by the control server break future connections. Change-Id: I720afe6289ec27d40a41b3dcb310ec45bd7e5f3e Signed-off-by: Andrew Dunham <andrew@tailscale.com>	2 years ago
Maisem Ali	d5781f61a9	ipn/ipnlocal: return usernames when Tailscale SSH is enabled It was checking if the sshServer was initialized as a proxy, but that could either not have been initialized yet or Tailscale SSH could have been disabled after intialized. Also bump tailcfg.CurrentCapabilityVersion Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Tom DNetto	e9b98dd2e1	control/controlclient,ipn/ipnlocal: wire tka enable/disable Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Maisem Ali	054ef4de56	tailcfg: mark CapabilityFileSharingTarget as inter-node Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	d045462dfb	ipn/ipnlocal: add c2n method to get SSH username candidates For control to fetch a list of Tailscale SSH username candidates to filter against the Tailnet's SSH policy to present some valid candidates to a user. Updates #3802 Updates tailscale/corp#7007 Change-Id: I3dce57b7a35e66891d5e5572e13ae6ef3c898498 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	4a82b317b7	ipn/{ipnlocal,localapi}: use strs.CutPrefix, add more domain validation The GitHub CodeQL scanner flagged the localapi's cert domain usage as a problem because user input in the URL made it to disk stat checks. The domain is validated against the ipnstate.Status later, and only authenticated root/configured users can hit this, but add some paranoia anyway. Change-Id: I373ef23832f1d8b3a27208bc811b6588ae5a1ddd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Eng Zer Jun	f0347e841f	refactor: move from io/ioutil to io and os packages The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Reference: https://golang.org/doc/go1.16#ioutil Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2 years ago
Brad Fitzpatrick	74674b110d	envknob: support changing envknobs post-init Updates #5114 Change-Id: Ia423fc7486e1b3f3180a26308278be0086fae49b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	d34dd43562	ipn/ipnlocal: remove unused envknob Change-Id: I6d18af2c469eb660e6ca81d1dcc2af33c9e628aa Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Andrew Dunham	b8596f2a2f	net/dnsfallback: cache most recent DERP map on disk (#5545 ) This is especially helpful as we launch newer DERPs over time, and older clients have progressively out-of-date static DERP maps baked in. After this, as long as the client has successfully connected once, it'll cache the most recent DERP map it knows about. Resolves an in-code comment from @bradfitz Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	2 years ago
Brad Fitzpatrick	ba3cc08b62	cmd/tailscale/cli: add backwards compatibility 'up' processing for legacy client Updates tailscale/corp#6781 Change-Id: I843fc810cbec0140d423d65db81e90179d6e0fa5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	be95aebabd	tka: implement credential signatures (key material delegation) This will be needed to support preauth-keys with network lock in the future, so getting the core mechanics out of the way now. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Brad Fitzpatrick	761163815c	tailcfg: add Hostinfo.Userspace{,Router} bits Change-Id: Iad47f904872f2df146c1f63945f79cfddeac7fe8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Brad Fitzpatrick	c66f99fcdc	tailcfg, control/controlclient, ipn/ipnlocal: add c2n (control-to-node) system This lets the control plane can make HTTP requests to nodes. Then we can use this for future things rather than slapping more stuff into MapResponse, etc. Change-Id: Ic802078c50d33653ae1f79d1e5257e7ade4408fd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Tom DNetto	79905a1162	tka: make storage a parameter rather than an Authority struct member Updates #5435 Based on the discussion in #5435, we can better support transactional data models by making the underlying storage layer a parameter (which can be specialized for the request) rather than a long-lived member of Authority. Now that Authority is just an instantaneous snapshot of state, we can do things like provide idempotent methods and make it cloneable, too. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Mihai Parparita	7a5cf39d0d	ipn/ipnlocal: fix Taildrop not returning any sharing targets The CapabilityFileSharingTarget capability added by `eb32847d85` is meant to control the ability to share with nodes not owned by the current user, not to restrict all sharing (the coordination server is not currently populating the capability at all) Fixes tailscale/corp#6669 Signed-off-by: Mihai Parparita <mihai@tailscale.com>	2 years ago
Tom DNetto	472529af38	tka: optimize common case of processing updates built from head Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	039def3b50	ipn,tailcfg: transmit NodeID in tka init RPCs Needed to identify the node. A serverside-check the machine key (used to authenticate the noise session) is that of the specified NodeID ensures the authenticity of the request. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago
Tom DNetto	facafd8819	client,cmd/tailscale,ipn,tka,types: implement tka initialization flow This PR implements the client-side of initializing network-lock with the Coordination server. Signed-off-by: Tom DNetto <tom@tailscale.com>	2 years ago

1 2 3 4 5 ...

412 Commits (da8def8e13d44df0c4183300c826523ba933cb37)