tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	efb84ca60d	ipn/localapi, cmd/tailscale: add CPU & memory profile support, debug command This was already possible on Linux if you ran tailscaled with --debug (which runs net/http/pprof), but it requires the user have the Go toolchain around. Also, it wasn't possible on macOS, as there's no way to run the IPNExtension with a debug server (it doesn't run tailscaled). And on Windows it's super tedious: beyond what users want to do or what we want to explain. Instead, put it in "tailscale debug" so it works and works the same on all platforms. Then we can ask users to run it when we're debugging something and they can email us the output files. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Denton Gentry	27bc4e744c	cmd/tailscale/web: support TLS from env vars. pfSense stores its SSL certificate and key in the PHP config. We wrote PHP code to pull the two out of the PHP config and into environment variables before running "tailscale web". The pfSense web UI is served over https, we need "tailscale web" to also support https in order to put it in an <iframe>. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	4 years ago
Aaron Klotz	9ebb5d4205	ipn, paths: ensure that the state directory for Windows has the correct perms ProgramData has a permissive ACL. For us to safely store machine-wide state information, we must set a more restrictive ACL on our state directory. We set the ACL so that only talescaled's user (ie, LocalSystem) and the Administrators group may access our directory. We must include Administrators to ensure that logs continue to be easily accessible; omitting that group would force users to use special tools to log in interactively as LocalSystem, which is not ideal. (Note that the ACL we apply matches the ACL that was used for LocalSystem's AppData\Local). There are two cases where we need to reset perms: One is during migration from the old location to the new. The second case is for clean installations where we are creating the file store for the first time. Updates #2856 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Brad Fitzpatrick	4549d3151c	cmd/tailscale: make status show health check problems Fixes #2775 RELNOTE=tailscale status now shows health check problems Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	865d8c0d23	cmd: upgrade to ffcli v3 None of the breaking changes from v2 to v3 are relevant to us. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	640134421e	all: update tests to use tstest.MemLogger And give MemLogger a mutex, as one caller had, which does match the logf contract better. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	7bfd4f521d	cmd/tailscale: fix "tailscale ip $self-host-hostname" And in the process, fix the related confusing error messages from pinging your own IP or hostname. Fixes #2803 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	4917a96aec	cmd/tailscale: fix typo/pasteo in error message text Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Dave Anderson	980acc38ba	types/key: add a special key with custom serialization for control private keys (#2792 ) * Revert "Revert "types/key: add MachinePrivate and MachinePublic."" This reverts commit `61c3b98a24`. Signed-off-by: David Anderson <danderson@tailscale.com> * types/key: add ControlPrivate, with custom serialization. ControlPrivate is just a MachinePrivate that serializes differently in JSON, to be compatible with how the Tailscale control plane historically serialized its private key. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	61c3b98a24	Revert "types/key: add MachinePrivate and MachinePublic." Broke the tailscale control plane due to surprise different serialization. This reverts commit `4fdb88efe1`.	4 years ago
David Anderson	4fdb88efe1	types/key: add MachinePrivate and MachinePublic. Plumb throughout the codebase as a replacement for the mixed use of tailcfg.MachineKey and wgkey.Private/Public. Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Brad Fitzpatrick	99a1c74a6a	metrics: optimize CurrentFDs to not allocate on Linux It was 50% of our allocs on one of our servers. (!!) Updates #2784 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Maisem Ali	0842e2f45b	ipn/store: add ability to store data as k8s secrets. Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	7f29dcaac1	cmd/tailscale/cli: make up block until state Running, not just Starting At "Starting", the DERP connection isn't yet up. After the first netmap and DERP connect, then it transitions into "Running". Fixes #2708 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	3c8ca4b357	client/tailscale, cmd/tailscale/cli: move version mismatch check to CLI So people can use the package for whois checks etc without version skew errors. The earlier change `faa891c1f2` for #1905 was a bit too aggressive. Fixes #2757 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	21cb0b361f	safesocket: add connect retry loop to wait for tailscaled Updates #2708 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Will Lachance	a35c3ba221	cmd/tailscale: fix truncated characters in web controller (#2722 ) Fixes #2204 Signed-off-by: William Lachance <wlach@protonmail.com> Co-authored-by: William Lachance <wlach@protonmail.com> Co-authored-by: Ross Zurowski <ross@rosszurowski.com>	4 years ago
Brad Fitzpatrick	edb338f542	cmd/tailscale: fix sporadic 'context canceled' error on 'up' Fixes #2333 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	b7ae529ecc	client/tailscale: make GetCertificate guess cert if SNI lacks dots Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	d5e1abd0c4	cmd/tailscale/cli: only write cert file if it changed Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	57b794c338	ipn/localapi: move cert fetching code to localapi, cache, add cert subcommand Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	d2aa144dcc	syncs: bump known good version to include Go 1.17 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	25e060a841	cmd/tailscale/cli: fix cert fetch WaitOrder retry loop, misc cleanups Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	b2eea1ee00	cmd/tailscale/cli: make cert fetch registration automatic, show valid domains Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	ec9f3f4cc0	cmd/tailscale: update depaware Missing from prior commit. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	c68a12afe9	cmd/tailscale: add temporary debug command for getting DNS-01 LetsEncrypt cert Not even close to usable or well integrated yet, but submitting this before it bitrots or I lose it. Updates #1235 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	a4e19f2233	version: remove rsc.io/goversion dependency rsc.io/goversion is really expensive. Running version.ReadExe on tailscaled on darwin allocates 47k objects, almost 11mb. All we want is the module info. For that, all we need to do is scan through the binary looking for the magic start/end strings and then grab the bytes in between them. We can do that easily and quickly with nothing but a 64k buffer. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
David Crawshaw	360223fccb	types/dnstype: introduce new package for Resolver So the type can be used in net/dns without introducing a tailcfg dependency. For #2596 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
Josh Bleecher Snyder	a5da4ed981	all: gofmt with Go 1.17 This adds "//go:build" lines and tidies up existing "// +build" lines. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	fd7b738e5b	derp: use pad32 package for padding, reduce duplication Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	fdc081c291	net/portmapper: fix UPnP probing, work against all ports Prior to Tailscale 1.12 it detected UPnP on any port. Starting with Tailscale 1.11.x, it stopped detecting UPnP on all ports. Then start plumbing its discovered Location header port number to the code that was assuming port 5000. Fixes #2109 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	f3c96df162	ipn/ipnstate: move tailscale status "active" determination to tailscaled Fixes #2579 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	9da4181606	tstime/rate: new package This is a simplified rate limiter geared for exactly our needs: A fast, mono.Time-based rate limiter for use in tstun. It was generated by stripping down the x/time/rate rate limiter to just our needs and switching it to use mono.Time. It removes one time.Now call per packet. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Josh Bleecher Snyder	8a3d52e882	wgengine/magicsock: use mono.Time magicsock makes multiple calls to Now per packet. Move to mono.Now. Changing some of the calls to use package mono has a cascading effect, causing non-per-packet call sites to also switch. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	7b9f02fcb1	cmd/tailscale/cli: document that empty string disable exit nodes, routes Updates #2529 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	87244eda3f	cmd/tailscale/cli: allow effective GOOS to be changed for integration tests Adds TS_DEBUG_UP_FLAG_GOOS for integration tests to make "tailscale up" act like other OSes. For an upcoming change to test #2137. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
julianknodt	1bb6abc604	net/portmapper: add upnp port mapping Add in UPnP portmapping, using goupnp library in order to get the UPnP client and run the portmapping functions. This rips out anywhere where UPnP used to be in portmapping, and has a flow separate from PMP and PCP. RELNOTE=portmapper now supports UPnP mappings Fixes #682 Updates #2109 Signed-off-by: julianknodt <julianknodt@gmail.com>	4 years ago
Denton Gentry	e28bc49e5f	netns_linux: remove special handling for tests. With netns handling localhost now, existing tests no longer need special handling. The tests set up their connections to localhost, and the connections work without fuss. Remove the special handling for tests. Also remove the hostinfo.TestCase support, since this was the only use of it. It can be added back later if really needed, but it would be better to try to make tests work without special cases. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	4 years ago
Denton Gentry	d2480fd508	net/netns: support !CAP_NET_ADMIN netns_linux checked whether "ip rule" could run to determine whether to use SO_MARK for network namespacing. However in Linux environments which lack CAP_NET_ADMIN, such as various container runtimes, the "ip rule" command succeeds but SO_MARK fails due to lack of permission. SO_BINDTODEVICE would work in these environments, but isn't tried. In addition to running "ip rule" check directly whether SO_MARK works or not. Among others, this allows Microsoft Azure App Service and AWS App Runner to work. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	4 years ago
Dan Bond	ceb8c2b34e	cmd/tailscale: update web server test copyright Signed-off-by: Dan Bond <danbond@protonmail.com>	4 years ago
Dan Bond	52972679e6	cmd/tailscale: improve web server test structure Signed-off-by: Dan Bond <danbond@protonmail.com>	4 years ago
Dan Bond	4c684fcf8c	cmd/tailscale: test web server url func Signed-off-by: Dan Bond <danbond@protonmail.com>	4 years ago
Dan Bond	652bbc9aa0	cmd/tailscale: log web listen addr Signed-off-by: Dan Bond <danbond@protonmail.com>	4 years ago
Brad Fitzpatrick	1cedd944cf	cmd/tailscale/cli: diagnose missing tailscaled on 'up' Fixes #2029 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
David Crawshaw	87481282eb	ipn: another controlplane synonym This one doesn't bother me so much, as long term we want a synonym here. Fixes #2384 Fixes #2386 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
David Crawshaw	c84d7baf98	cmd/tailscale/cli: factor out more up code for testing In theory, some of the other table-driven tests could be moved into this form now but I didn't want to disturb too much good test code. Includes a commented-out test for #2384 that is currently failing. Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
Brad Fitzpatrick	92077ae78c	wgengine/magicsock: make portmapping async Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	a9fc583211	cmd/tailscale/cli: document the web subcommand a bit more Fixes #2326 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
David Crawshaw	c37713b927	cmd/tailscale/cli: accept login server synonym Fixes #2272 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	5 years ago
julianknodt	e68d4d5805	cmd/tailscale: add debug flag to dump derp map This adds a flag in tailscale debug for dumping the derp map to stdout. Fixes #2249. Signed-off-by: julianknodt <julianknodt@gmail.com>	5 years ago

1 2 3 4 5 ...

307 Commits (efb84ca60de3cd87df4b66acf7faf8fd08af3907)