tailscale

Commit Graph

Author	SHA1	Message	Date
salman	dcac3ed784	VERSION.txt: this is v1.44.2 Signed-off-by: salman <salman@tailscale.com>	11 months ago
Will Norris	ab63700344	serve: fix hostname for custom http ports When using a custom http port like 8080, this was resulting in a constructed hostname of `host.tailnet.ts.net:8080.tailnet.ts.net` when looking up the serve handler. Instead, strip off the port before adding the MagicDNS suffix. Also use the actual hostname in `serve status` rather than the literal string "host". Fixes #8635 Signed-off-by: Will Norris <will@tailscale.com>	11 months ago
Charlotte Brandhorst-Satzkorn	a377e1363b	wgengine/magicsock: remove noV4/noV6 check in addrForSendWireGuardLocked This change removes the noV4/noV6 check from addrForSendWireGuardLocked. On Android, the client panics when reaching `rand.Intn()`, likely due to the candidates list being containing no candidates. The suspicion is that the `noV4` and the `noV6` are both being triggered causing the loop to continue. Updates tailscale/corp#12938 Updates #7826 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com> (cherry picked from commit `339397ab74`)	11 months ago
Charlotte Brandhorst-Satzkorn	b3138a71ad	VERSION.txt: this is v1.44.0 Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	12 months ago
Brad Fitzpatrick	32b8f25ed1	Revert "ssh/tailssh: change to user directory when running login/command" This reverts commit `dc5bc32d8f`. It broke tests. (sadly, ones which we have disabled on CI, but go test ./ssh/tailssh broke)	12 months ago
Aaron Bieber	6829caf6de	tsnet: remove extra wording from Store comment	12 months ago
Brad Fitzpatrick	e48c0bf0e7	ipn/ipnlocal: quiet some spammy network lock logging Updates #cleanup Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	12 months ago
valscale	f314fa4a4a	prober: fix data race when altering derpmap (#8397 ) Move the clearing of STUNOnly flag to the updateMap() function. Fixes #8395 Signed-off-by: Val <valerie@tailscale.com>	12 months ago
Derek Burdick	dc5bc32d8f	ssh/tailssh: change to user directory when running login/command On redhat 9 and similarly locked down systems, root user does not have access to a users directory. This fix does not set a directory for the incubator process and instead sets the directory when the actual process requested by remote user is executed. Fixes #8118 Signed-off-by: Derek Burdick <derek-burdick@users.noreply.github.com>	12 months ago
shayne	6697690b55	{cmd/tailscale/cli,ipn}: add http support to tailscale serve (#8358 ) Updates #8357 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>	12 months ago
Brad Fitzpatrick	a2153afeeb	types/views: add Slice methods on Slice views Updates #cleanup for change elsewhere. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	12 months ago
Sonia Appasamy	0f5090c526	ipn/ipnlocal: add docs header to serve HTTP proxy Adds a `Tailscale-Headers-Info` header whenever the `Tailscale-User-` headers are filled from the HTTP proxy handler. Planning on hooking this shorturl up to KB docs about the header values (i.e. what's a login name vs. display name) and security considerations to keep in mind while using these headers - notibly that they can also be filled from external requests that do not hit tailscaled. Updates https://github.com/tailscale/tailscale/issues/6954 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	12 months ago
valscale	88097b836a	prober: allow monitoring of nodes marked as STUN only in default derpmap (#8391 ) prober uses NewRegionClient() to connect to a derper using a faked up single-node region, but NewRegionClient() fails to connect if there is no non-STUN only client in the region. Set the STUN only flag to false before we call NewRegionClient() so we can monitor nodes marked as STUN only in the default derpmap. Updates #11492 Signed-off-by: Val <valerie@tailscale.com>	12 months ago
Maisem Ali	2ae670eb71	ssh/tailssh: work around lack of scontext in SELinux Trying to SSH when SELinux is enforced results in errors like: ``` ➜ ~ ssh ec2-user@<ip> Last login: Thu Jun 1 22:51:44 from <ip2> ec2-user: no shell: Permission denied Connection to <ip> closed. ``` while the `/var/log/audit/audit.log` has ``` type=AVC msg=audit(1685661291.067:465): avc: denied { transition } for pid=5296 comm="login" path="/usr/bin/bash" dev="nvme0n1p1" ino=2564 scontext=system_u:system_r:unconfined_service_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process permissive=0 ``` The right fix here would be to somehow install the appropriate context when tailscale is installed on host, but until we figure out a way to do that stop using the `login` cmd in these situations. Updates #4908 Signed-off-by: Maisem Ali <maisem@tailscale.com>	12 months ago
Ross Zurowski	0ed088b47b	tka: add function for generating signing deeplinks (#8385 ) This commit continues the work from #8303, providing a method for a tka.Authority to generate valid deeplinks for signing devices. We'll use this to provide the necessary deeplinks for users to sign from their mobile devices. Updates #8302 Signed-off-by: Ross Zurowski <ross@rosszurowski.com>	12 months ago
Flakes Updater	909e9eabe4	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	12 months ago
Andrew Dunham	b6d20e6f8f	go.mod, net/dns/recursive: update github.com/miekg/dns Updates #cleanup Change-Id: If4de6a84448a17dd81cc2a8af788bd18c3d0bbe3 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	12 months ago
Maisem Ali	1302295299	Dockerfile.base: install iputils Fixes #8361 Signed-off-by: Maisem Ali <maisem@tailscale.com>	12 months ago
License Updater	c6794dec11	licenses: update android licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	12 months ago
Nick O'Neill	c783f28228	tool/gocross: properly set simulator deployment target (#8355 ) Fixes tailscale/corp#11876 Signed-off-by: Nick O'Neill <nick@tailscale.com>	12 months ago
License Updater	c1cbd41fdc	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	12 months ago
Sonia Appasamy	e1cdcf7708	ipn/ipnlocal: add identity headers to HTTP serve proxy Adds two new headers to HTTP serve proxy: - `Tailscale-User-Login`: Filled with requester's login name. - `Tailscale-User-Name`: Filled with requester's display name. These headers only get filled when the SrcAddr is associated with a non-tagged (i.e. user-owned) node within the client's Tailnet. The headers are passed through empty when the request originated from another tailnet, or the public internet (via funnel). Updates https://github.com/tailscale/tailscale/issues/6954 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	12 months ago
Claire Wang	80692edcb8	.github/workflows: Add docker build check (#8345 ) Fixes #8344 Signed-off-by: Claire Wang <claire@tailscale.com>	12 months ago
Claire Wang	27a0f0a55b	Remove unused dependency from dockerfile (#8343 ) Closes #8342 Signed-off-by: Claire Wang <claire@tailscale.com>	12 months ago
Andrea Gottardo	99f17a7135	tka: provide verify-deeplink local API endpoint (#8303 ) * tka: provide verify-deeplink local API endpoint Fixes https://github.com/tailscale/tailscale/issues/8302 Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Address code review comments Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Address code review comments by Ross Signed-off-by: Andrea Gottardo <andrea@tailscale.com> * Improve error encoding, fix logic error Signed-off-by: Andrea Gottardo <andrea@tailscale.com> --------- Signed-off-by: Andrea Gottardo <andrea@tailscale.com>	12 months ago
Graham Christensen	4dda949760	tailscale ping: note that `-c` can take 0 for infinity Signed-off-by: Graham Christensen <graham@grahamc.com>	12 months ago
Brad Fitzpatrick	a076213f58	net/memnet: add optional Listener.NewConn config knob Updates tailscale/corp#11620 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	12 months ago
License Updater	4451a7c364	licenses: update win/apple licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	12 months ago
Maisem Ali	fe95d81b43	ipn/ipnlocal,wgengine/netstack: move LocalBackend specifc serving logic to LocalBackend The netstack code had a bunch of logic to figure out if the LocalBackend should handle an incoming connection and then would call the function directly on LocalBackend. Move that logic to LocalBackend and refactor the methods to return conn handlers. Updates #cleanup Signed-off-by: Maisem Ali <maisem@tailscale.com>	12 months ago
Denton Gentry	5b110685fb	wgengine/netstack: increase maxInFlightConnectionAttempts Address reports of subnet router instability when running in `--tun=userspace-networking` mode. Fixes https://github.com/tailscale/corp/issues/12184 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	12 months ago
License Updater	0b3b81b37a	licenses: update tailscale{,d} licenses Signed-off-by: License Updater <noreply+license-updater@tailscale.com>	12 months ago
dependabot[bot]	6172f9590b	.github: Bump golangci/golangci-lint-action from 3.4.0 to 3.6.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.4.0 to 3.6.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](`08e2f20817...639cd343e1`) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	12 months ago
Brad Fitzpatrick	1543e233e6	net/tstun, tsnet: make happier on WASI Also fix a js/wasm issue with tsnet in the process. (same issue as WASI) Updates #8320 Fixes #8315 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	12 months ago
Flakes Updater	167e154bcc	go.mod.sri: update SRI hash for go.mod changes Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>	12 months ago
Brad Fitzpatrick	67e912824a	all: adjust some build tags for wasi A start. Updates #8320 Change-Id: I64057f977be51ba63ce635c56d67de7ecec415d1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	12 months ago
Charlotte Brandhorst-Satzkorn	63b1a4e35d	words: here comes trouble If you start hearing everything in auto-tune for the rest of the day, I take no responsibility for it. Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>	12 months ago
Andrew Dunham	f077b672e4	net/dns/recursive: add initial implementation of recursive DNS resolver We've talked in the past about reworking how bootstrap DNS works to instead do recursive DNS resolution from the root; this would better support on-prem customers and Headscale users where the DERP servers don't currently resolve their DNS server. This package is an initial implementation of recursive resolution for A and AAAA records. Updates #5853 Change-Id: Ibe974d78709b4b03674b47c4ef61f9a00addf8b4 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	12 months ago
Maisem Ali	2e0aa151c9	ssh/tailssh: add support for remote/reverse port forwarding This basically allows running services on the SSH client and reaching them from the SSH server during the session. Updates #6575 Signed-off-by: Maisem Ali <maisem@tailscale.com>	12 months ago
Andrew Dunham	62130e6b68	util/slicesx: add Partition function Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: If97995ca9ee9fad40f327420dcb1857dd7ea2315	12 months ago
Andrew Dunham	2a9d46c38f	wgengine/magicsock: prefer private endpoints to public ones Switch our best address selection to use a scoring-based approach, where we boost each address based on whether it's a private IP or IPv6. For users in cloud environments, this biases endpoint selection towards using an endpoint that is less likely to cost the user money, and should be less surprising to users. This also involves updating the tests to not use private IPv4 addresses; other than that change, the behaviour should be identical for existing endpoints. Updates #8097 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I069e3b399daea28be66b81f7e44fc27b2943d8af	12 months ago
Brad Fitzpatrick	eefee6f149	all: use cmpx.Or where it made sense I left a few out where writing it explicitly was better for various reasons. Updates #8296 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	12 months ago
phirework	699996ad6c	go.toolchain.rev: upgrade to Go 1.20.5 (#8304 ) Change-Id: I317b6e61d62212efca0e905ea9c626cc24a6912b Signed-off-by: Jenny Zhang <jz@tailscale.com>	12 months ago
Brad Fitzpatrick	12f8c98823	util/cmpx: add package with cmp-like things from future Go releases Updates #8296 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	12 months ago
Andrea Gottardo	1c4a047ad0	version: detect tvOS by checking XPC_SERVICE_NAME (#8295 ) Another change needed working towards #8282. Updates https://github.com/tailscale/tailscale/issues/8282 Signed-off-by: Andrea Gottardo <andrea@tailscale.com>	12 months ago
Marwan Sulaiman	f8f0b981ac	portlist: remove async functionality This PR removes all async functionality from the portlist package which may be a breaking change for non-tailscale importers. The only importer within this codebase (LocalBackend) is already using the synchronous API so no further action needed. Fixes #8171 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	12 months ago
Andrea Gottardo	a353ae079b	tool/gocross: handle TVOS_DEPLOYMENT_TARGET (#8292 ) This is needed in order to build our network extension on tvOS. First step for #8282 Signed-off-by: Andrea Gottardo <andrea@tailscale.com> Co-authored-by: Andrea Gottardo <andrea@tailscale.com>	1 year ago
Xe Iaso	43e230d4cd	tsnet: document how to use Dir with multiple servers per process (#8286 ) Followup from a conversation on the Gophers slack, also matches the examples in the tsnet kb. Closes #8287 Signed-off-by: Xe Iaso <xe@tailscale.com>	1 year ago
Marwan Sulaiman	5dd0b02133	portlist: add a synchronous Poll method This is a follow up on PR #8172 that adds a synchronous Poll method which allows for the Poller to be used as a zero value without needing the constructor. The local backend is also changed to use the new API. A follow up PR will remove the async functionality from the portlist package. Updates #8171 Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>	1 year ago
Derek Burdick	d3c8c3dd00	ssh/tailssh: Max Username Length 256 for linux Max username length is increased to 256 on linux to match /usr/include/bits/local_lim.h Fixes #8277 Signed-off-by: Derek Burdick <derek-burdick@users.noreply.github.com>	1 year ago
Denton Gentry	64f16f7f38	net/dnscache: use PreferGo on Windows. Updates https://github.com/tailscale/tailscale/issues/5161 Signed-off-by: Denton Gentry <dgentry@tailscale.com>	1 year ago

1 2 3 4 5 ...

5821 Commits (dcac3ed784930d201ad184779442281bc524a47e) All Branches Search

5821 Commits (dcac3ed784930d201ad184779442281bc524a47e)

All Branches