tailscale

Commit Graph

Author	SHA1	Message	Date
Brad Fitzpatrick	6bed781259	all: gofmt all Well, goimports actually (which adds the normal import grouping order we do) Change-Id: I0ce1b1c03185f3741aad67c14a7ec91a838de389 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	50eb8c5add	cmd/tailscale: mostly fix 'tailscale ssh' on macOS (sandbox) Still a little wonky, though. See the tcsetattr error and inability to hit Ctrl-D, for instance: bradfitz@laptop ~ % tailscale.app ssh foo@bar tcsetattr: Operation not permitted # Authentication checked with Tailscale SSH. # Time since last authentication: 1h13m22s foo@bar:~$ ^D ^D ^D Updates #4518 Updates #4529 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	48e5f4ff88	cmd/tailscale/cli: add 'debug stat' subcommand For debugging what's visible inside the macOS sandbox. But could also be useful for giving users portable commands during debugging without worrying about which OS they're on. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
James Tucker	928d1fddd2	cmd/tailscale: s/-authkey/-auth-key/ in help text Signed-off-by: James Tucker <james@tailscale.com>	4 years ago
Maisem Ali	90b5f6286c	cmd/tailscale: use double quotes in the ssh subcommands Single-quote escaping is insufficient apparently. Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Maisem Ali	db70774685	cmd/tailscale/cli: do not use syscall.Exec from macOS sandbox Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	d413850bd7	cmd/tailscale: add "debug via" subcommand to do CIDR math for via ranges $ tailscale debug via 0xb 10.2.0.0/16 fd7a:115c:a1e0:b1a:0🅱️a02:0/112 $ tailscale debug via fd7a:115c:a1e0:b1a:0🅱️a02:0/112 site 11 (0xb), 10.2.0.0/16 Previously: `3ae701f0eb` This adds a little debug tool to do CIDR math to make converting between those ranges easier for now. Updates #3616 Change-Id: I98302e95d17765bfaced3ecbb71cbd43e84bff46 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Maisem Ali	945879fa38	cmd/tailscale: [ssh] enable StrictHostKeyChecking mode Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	8f5e5bff1e	cmd/tailscale, etc: make "tailscale up --ssh" fail fast when unavailable Fail on unsupported platforms (must be Linux or macOS tailscaled with WIP env) or when disabled by admin (with TS_DISABLE_SSH_SERVER=1) Updates #3802 Change-Id: I5ba191ed0d8ba4ddabe9b8fc1c6a0ead8754b286 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	f0e2272e04	cmd/tailscale: unhide 'up --ssh' behind WIP env var Updates #3802 Change-Id: I99c550c2e4450640b0ee6ab060f178dde1360553 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Maisem Ali	c87ed52ad4	cmd/tailscale: add id-token subcommand RELNOTE=Initial support for getting OIDC ID Tokens Updates tailscale/corp#4347 Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	3ae701f0eb	net/tsaddr, wgengine/netstack: add IPv6 range that forwards to site-relative IPv4 This defines a new magic IPv6 prefix, fd7a:115c:a1e0:b1a::/64, a subset of our existing /48, where the final 32 bits are an IPv4 address, and the middle 32 bits are a user-chosen "site ID". (which must currently be 0000:00xx; the top 3 bytes must be zero for now) e.g., I can say my home LAN's "site ID" is "0000:00bb" and then advertise its 10.2.0.0/16 IPv4 range via IPv6, like: tailscale up --advertise-routes=fd7a:115c:a1e0:b1a::bb:10.2.0.0/112 (112 being /128 minuse the /96 v6 prefix length) Then people in my tailnet can: $ curl '[fd7a:115c:a1e0:b1a::bb:10.2.0.230]' <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" .... Updates #3616, etc RELNOTE=initial support for TS IPv6 addresses to route v4 "via" specific nodes Change-Id: I9b49b6ad10410a24b5866b9fbc69d3cae1f600ef Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
David Eger	f992749b98	cmd/tailscale: Add file get --loop flag. To "automatically receive taildrop files to my Downloads directory," user currently has to run 'tailscale file get' in a loop. Make it easy to do this without shell. Updates: #2312 Signed-off-by: David Eger <david.eger@gmail.com>	4 years ago
Xiaochao Dong (@damnever)	7d97800d52	cmd/tailscale: make web mode preserve URL scheme in Synology redirect Signed-off-by: Xiaochao Dong (@damnever) <the.xcdong@gmail.com>	4 years ago
oliverpool	0b273e1857	cmd/tailscale: drop special exit code 125 for gokrazy No needed since gokrazy doesn't restart successful processes anymore: https://github.com/gokrazy/gokrazy/pull/127 Signed-off-by: Olivier Charvin <git@olivier.pfad.fr>	4 years ago
Brad Fitzpatrick	753f1bfad4	cmd/tailscale: write fewer known_hosts, resolve ssh host to FQDN early Updates #3802 Change-Id: Ic44fa2e6661a9c046e725c04fa6b8213d3d4d2b2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	df93158aac	cmd/tailscale: generate known_hosts file for 'tailscale ssh' Updates #3802 Change-Id: I7a0052392f000ee44fc8e719f6666756aab91f3d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	8294915780	cmd/tailscale/cli: add start of 'ssh' subcommand Updates #3802 Change-Id: Iabc07c00c7e4f43944cfe7daec8d2b66ac002289 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	06fcf3b225	cmd/tailscale: make status --peers=false work earlier + in JSON mode And return an error if you use non-flag arguments. Change-Id: I0dd6c357eb5cabd0f17020f21ba86406aea21681 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	5df12b9059	client/tailscale, cmd/tailscale, localapi: add 'tailscale nc' (actually) Adds missing file from `fc12cbfcd3`. GitHub was having issues earlier and it was all green because the checks never actually ran, but the DCO non-Actions check at least did, so "green" and I merged, not realizing it hadn't really run anything. Updates #3802 Change-Id: I29f605eebe5336f1f3ca28ebb78b092dd99d9fd8 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	fc12cbfcd3	client/tailscale, cmd/tailscale, localapi: add 'tailscale nc' This adds a "tailscale nc" command that acts a bit like "nc", but dials out via tailscaled via localapi. This is a step towards a "tailscale ssh", as we'll use "tailscale nc" as a ProxyCommand for in some cases (notably in userspace mode). But this is also just useful for debugging & scripting. Updates #3802 RELNOTE=tailscale nc Change-Id: Ia5c37af2d51dd0259d5833d80264d3ad5f68446a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Aaron Klotz	6e91f872af	net/tshttpproxy: ensure we pass the correct flags to WinHttpOpen on Win7 and Win8.0 The best flag to use on Win7 and Win8.0 is deprecated in Win8.1, so we resolve the flag depending on OS version info. Fixes https://github.com/tailscale/tailscale/issues/4201 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Josh Bleecher Snyder	0868329936	all: use any instead of interface{} My favorite part of generics. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Josh Bleecher Snyder	997b19545b	syncs: use TryLock and TryRLock instead of unsafe The docs say: Note that while correct uses of TryLock do exist, they are rare, and use of TryLock is often a sign of a deeper problem in a particular use of mutexes. Rare code! Or bad code! Who can tell! Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	1f22507c06	version: use Go 1.18's git stamping as default implementation No more manual version bumps! Fixes #81 Change-Id: I3a9e544a7248f0b83bcbacbaabbc4dabc435e62d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	71b535fc94	go.mod: require Go 1.18 Also, update depaware for Go 1.18's dependency tree. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
David Eger	5be42c0af1	cmd/tailscale: add file get options for dealing with existing files A new flag --conflict=(skip\|overwrite\|rename) lets users specify what to do when receiving files that match a same-named file in the target directory. Updates #3548 Signed-off-by: David Eger <david.eger@gmail.com>	4 years ago
Aaron Klotz	f8a4df66de	cmd/tailscale/cli, ipn: move exit node IP parsing and validation from cli into prefs. We need to be able to provide the ability for the GUI clients to resolve and set the exit node IP from an untrusted string, thus enabling the ability to specify that information via enterprise policy. This patch moves the relevant code out of the handler for `tailscale up`, into a method on `Prefs` that may then be called by GUI clients. We also update tests accordingly. Updates https://github.com/tailscale/corp/issues/4239 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Joonas Kuorilehto	c1b3500a05	cmd/tailscale: allow use of flags in gokrazy Enable use of command line arguments with tailscale cli on gokrazy. Before this change using arguments like "up" would cause tailscale cli to be repeatedly restarted by gokrazy process supervisor. We never want to have gokrazy restart tailscale cli, even if user would manually start the process. Expected usage is that user creates files: flags/tailscale.com/cmd/tailscale/flags.txt: up flags/tailscale.com/cmd/tailscaled/flags.txt: --statedir=/perm/tailscaled/ --tun=userspace-networking Then tailscale prints URL for user to log in with browser. Alternatively it should be possible to use up with auth key to allow unattended gokrazy installs. Signed-off-by: Joonas Kuorilehto <joneskoo@derbian.fi>	4 years ago
Brad Fitzpatrick	f18bb6397b	cmd/tailscale: tell gokrazy to not manage the CLI as a daemon In the future we'll probably want to run the "tailscale web" server instead, but for now stop the infinite restart loop. See https://gokrazy.org/userguide/process-interface/ for details. Updates #1866 Change-Id: I4133a5fdb859b848813972620495865727fe397a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	55095df644	net/interfaces: get Linux default route from netlink as fallback If it's in a non-standard table, as it is on Unifi UDM Pro, apparently. Updates #4038 (probably fixes, but don't have hardware to verify) Change-Id: I2cb9a098d8bb07d1a97a6045b686aca31763a937 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Maisem Ali	497324ddf6	ipn/store: add common package for instantiating ipn.StateStores Also move KubeStore and MemStore into their own package. RELNOTE: tsnet now supports providing a custom ipn.StateStore. Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	29279b34fa	cmd/tailscale: make configure-host on Synology also add CAP_NET_RAW Updates #4012 Change-Id: Ic45b5709a73b4f1cd466823e177b52d1d20ba84e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Aaron Klotz	e31d68d64e	hostinfo: use the sentinel value set by the MSI installer to detect MSI package type The MSI installer sets a special sentinel value that we can use to detect it. I also removed the code that bails out when the installation path is not `Program Files`, as both the NSIS and MSI installers permit the user to install to a different path. Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Maisem Ali	c7a8f0992d	ipn/ipnlocal: use views for Peer.PrimaryRoutes and Peer.Tags RELNOTE=`tailscale status --json` now shows Tags and PrimaryRoutes Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	e921e1b02d	cmd/tailscale: add "tailscale debug hostinfo" subcommand Change-Id: Ifa09364d42e0516fdf80feddaf33c95880228049 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	94409db7e2	cmd/tailscale: rewrite --authkey to --auth-key That way humans don't have to remember which is correct. RELNOTE=--auth-key is the new --authkey, but --authkey still works Updates tailscale/corp#3486 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Maisem Ali	72d8672ef7	tailcfg: make Node.Hostinfo a HostinfoView Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	3c481d6b18	cmd/tailscale: add "tailscale configure-host" to prep a Synology machine at boot Updates #3761 Change-Id: Ib5ab9a4808ade074f48d3abee22c57d7670f9e21 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	02bdc654d5	cmd/tailscale: fix up --reset, again Also fix a somewhat related printing bug in the process where some paths would print "Success." inconsistently even when there otherwise was no output (in the EditPrefs path) Fixes #3830 Updates #3702 (which broke it once while trying to fix it) Change-Id: Ic51e14526ad75be61ba00084670aa6a98221daa5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
davideger	f31546809f	cmd/tailscale: propagate tailscaled 403s as AccessDeniedErrors So Linux/etc CLI users get helpful advice to run tailscale with --operator=$USER when they try to 'tailscale file {cp,get}' but are mysteriously forbidden. Signed-off-by: David Eger <eger@google.com> Signed-off-by: David Eger <david.eger@gmail.com>	4 years ago
Brad Fitzpatrick	f3c0023add	wgengine/netstack: add an SSH server experiment Disabled by default. To use, run tailscaled with: TS_SSH_ALLOW_LOGIN=you@bar.com And enable with: $ TAILSCALE_USE_WIP_CODE=true tailscale up --ssh=true Then ssh [any-user]@[your-tailscale-ip] for a root bash shell. (both the "root" and "bash" part are temporary) Updates #3802 Change-Id: I268f8c3c95c8eed5f3231d712a5dc89615a406f0 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	41fd4eab5c	envknob: add new package for all the strconv.ParseBool(os.Getenv(..)) A new package can also later record/report which knobs are checked and set. It also makes the code cleaner & easier to grep for env knobs. Change-Id: Id8a123ab7539f1fadbd27e0cbeac79c2e4f09751 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	a076aaecc6	cmd/tailscale: use html/template for synoTokenRedirect The GitHub code scanner flagged this as a security vulnerability. I don't believe it was, but I couldn't convince myself of it 100%. Err on the safe side and use html/template to generate the HTML, with all necessary escaping. Fixes tailscale/corp#2698 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Maisem Ali	9e8a432146	cmd/tailscale/cli/web: fix typo where the html template data was being replaced instead of being appended to. Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Brad Fitzpatrick	e6626366a2	cmd/tailscale: let 'tailscale up --reset' do a pref edit The --reset shouldn't imply that a Backend.Start is necessary. With this, it can do a Backend.EditPrefs instead, which then doesn't do all the heavy work that Start does. Also, Start on Windows behaves slightly differently than Linux etc in some cases because of tailscaled running in client mode on Windows (where the GUI supplies the prefs). Fixes #3702 Change-Id: I75c9f08d5e0052bf623074030a3a7fcaa677abf6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	3690bfecb0	ipn/ipnlocal: fix cert fetching on macOS GUI platforms And clarify the directory they get written to when under the sandbox. Fixes #3667 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	7d9b1de3aa	netcheck,portmapper,magicsock: ignore some UDP write errors on Linux Treat UDP send EPERM errors as a lost UDP packet, not something super fatal. That's just the Linux firewall preventing it from going out. And add a leaf package net/neterror for that (and future) policy that all three packages can share, with tests. Updates #3619 Change-Id: Ibdb838c43ee9efe70f4f25f7fc7fdf4607ba9c1d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	96cab21383	cmd/tailscale: add debug restun, rebind subcommands In the hidden debug menu. Change-Id: I20213f1f4e2290d36f9ff561bac0cc767400d5fd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	4512e213d5	cmd/tailscale: improve ping error message when logged out Refactor out the pretty status printing code from status, use it in ping. Fixes #3549 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	adc97e9c4d	cmd/tailscale: make --accept-routes default true on Windows, macOS GUI One of the most annoying parts of using the Tailscale CLI on Windows and the macOS GUI is that Tailscale's GUIs default to running with "Route All" (accept all non-exitnode subnet routes) but the CLI--being originally for Linux--uses the Linux default, which is to not accept subnets. Which means if a Windows user does, e.g.: tailscale up --advertise-exit-node Or: tailscale up --shields-up ... then it'd warn about reverting the --accept-routes option, which the user never explicitly used. Instead, make the CLI's default match the platform/GUI's default. Change-Id: I15c804b3d9b0266e9ca8651e0c09da0f96c9ef8d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	63cd581c3f	safesocket: add ConnectionStrategy, provide control over fallbacks `fee2d9fad` added support for cmd/tailscale to connect to IPNExtension. It came in two parts: If no socket was provided, dial IPNExtension first, and also, if dialing the socket failed, fall back to IPNExtension. The second half of that support caused the integration tests to fail when run on a machine that was also running IPNExtension. The integration tests want to wait until the tailscaled instances that they spun up are listening. They do that by dialing the new instance. But when that dial failed, it was falling back to IPNExtension, so it appeared (incorrectly) that tailscaled was running. Hilarity predictably ensued. If a user (or a test) explicitly provides a socket to dial, it is a reasonable assumption that they have a specific tailscaled in mind and don't want to fall back to IPNExtension. It is certainly true of the integration tests. Instead of adding a bool to Connect, split out the notion of a connection strategy. For now, the implementation remains the same, but with the details hidden a bit. Later, we can improve that. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	39ffa16853	net/dnscache, net/tsdial: add DNS caching to tsdial UserDial This is enough to handle the DNS queries as generated by Go's net package (which our HTTP/SOCKS client uses), and the responses generated by the ExitDNS DoH server. This isn't yet suitable for putting on 100.100.100.100 where a number of different DNS clients would hit it, as this doesn't yet do EDNS0. It might work, but it's untested and likely incomplete. Likewise, this doesn't handle anything about truncation, as the exchanges are entirely in memory between Go or DoH. That would also need to be handled later, if/when it's hooked up to 100.100.100.100. Updates #3507 Change-Id: I1736b0ad31eea85ea853b310c52c5e6bf65c6e2a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	c0701b130d	ipn/ipnstate, cmd/tailscale: add Online bool to tailscale status & --json Fixes #3533 Change-Id: I2f6f0d712cf3f987fba1c15be74cdb5c8d565f04 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Denton Gentry	ffb16cdffb	cmd/tailscale: add --json for up Print JSON to stdout containing everything needed for authentication. { "AuthURL": "https://login.tailscale.com/a/0123456789", "QR": "data:image/png;base64,iV...QmCC", "BackendState": "NeedsLogin" } { "BackendState": "Running" } Signed-off-by: Denton Gentry <dgentry@tailscale.com>	4 years ago
Josh Bleecher Snyder	de635ac0a8	cmd/tailscale: print more detail in connection failure error message Before: failed to connect to local tailscaled (which appears to be running). Got error: Get "http://local-tailscaled.sock/localapi/v0/status": EOF After: failed to connect to local tailscaled (which appears to be running as IPNExtension, pid 2118). Got error: Get "http://local-tailscaled.sock/localapi/v0/status": EOF This was useful just now, as it made it clear that tailscaled I thought I was connecting to might not in fact be running; there was a second tailscaled running that made the error message slightly misleading. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	003089820d	cmd/tailscale: fix setting revert checker's finding an exit node It was using the wrong prefs (intended vs current) to map the current exit node ID to an IP. Fixes #3480 Change-Id: I9f117d99a84edddb4cd1cb0df44a2f486abde6c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	03a323de4e	cmd/tailscale: don't allow setting exit node to known invalid value Fixes #3081 Change-Id: I34c378dfd51ee013c21962dbe79c49b1ba06c0c5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	a8f60cf6e8	cmd/tailscale: clarify which prefless flags don't need revert protection Fixes #3482 Change-Id: Icb51476b0d78d3758cb04df3b565e372b8289a46 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	f91481075d	cmd/tailscale: let --exit-node= take a machine name in addition to IP If you're online, let tailscale up --exit-node=NAME map NAME to its IP. We don't store the exit node name server-side in prefs, avoiding the concern raised earlier. Fixes #3062 Change-Id: Ieea5ceec1a30befc67e9d6b8a530b3cb047b6b40 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	2a95ee4680	cmd/tailscale, ipn/ipnstate: note which nodes are exit nodes in status Fixes #3446 Change-Id: Ib41d588e7fa434c02d134fa449f85b0e15083683 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	38d90fa330	net/portmapper: add clientmetrics for PCP/PMP responses Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	3181bbb8e4	cmd/tailscale: make file cp send files via tailscaled localapi So Taildrop sends work even if the local tailscaled is running in netstack mode, as it often is on Synology, etc. Updates #2179 (which is primarily about receiving, but both important) Change-Id: I9bd1afdc8d25717e0ab6802c7cf2f5e0bd89a3b2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	105c545366	cmd/tailscale/cli: don't complain about --accept-routes true->false on Synology Fixes #3176 Change-Id: I844883e741dccfa5e7771c853180e9f65fb7f7a4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	b0d543f7a1	cmd/tailscale: add ip -1 flag This limits the output to a single IP address. RELNOTE=tailscale ip now has a -1 flag (TODO: update docs to use it) Fixes #1921 Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Josh Bleecher Snyder	73beaf59fb	cmd/tailscale: improve ip subcommand docs Streamline the prose. Clarify what peer may be. Improve an error message. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Aaron Klotz	7d8feb2784	hostinfo: change Windows implementation to directly query version information using API and registry We replace the cmd.exe invocation with RtlGetNtVersionNumbers for the first three fields. On Windows 10+, we query for the fourth field which is available via the registry. The fourth field is not really documented anywhere; Firefox has been querying it successfully since Windows 10 was released, so we can be pretty confident in its longevity at this point. Fixes https://github.com/tailscale/tailscale/issues/1478 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Brad Fitzpatrick	36b1df1241	cmd/tailscale/cli: add --watch flag to "debug metrics" subcommand This adds a new --watch flag that prints out a block of metric changes every second, if anything changed. Example output: magicsock_disco_recv_ping +1 => 254 magicsock_disco_recv_pong +1 => 218 magicsock_disco_recv_udp +2 => 472 magicsock_disco_send_udp +2 => 536 magicsock_disco_sent_udp +2 => 536 magicsock_recv_data_ipv6 +1 => 82 magicsock_send_data +1 => 86 magicsock_send_udp +3 => 620 magicsock_recv_data_ipv6 +1 => 83 magicsock_send_data +1 => 87 magicsock_send_udp +1 => 621 magicsock_disco_recv_ping +1 => 255 magicsock_disco_recv_pong +1 => 219 magicsock_disco_recv_udp +2 => 474 magicsock_disco_send_udp +2 => 538 magicsock_disco_sent_udp +2 => 538 magicsock_recv_data_ipv6 +1 => 84 magicsock_send_data +1 => 88 magicsock_send_udp +3 => 624 magicsock_recv_data_ipv6 +1 => 85 magicsock_send_data +1 => 89 magicsock_send_udp +1 => 625 controlclient_map_response_map +1 => 207 controlclient_map_response_map_delta +1 => 204 controlclient_map_response_message +1 => 275 magicsock_disco_recv_ping +3 => 258 magicsock_disco_recv_pong +2 => 221 magicsock_disco_recv_udp +5 => 479 magicsock_disco_send_derp +1 => 6 magicsock_disco_send_udp +7 => 545 magicsock_disco_sent_derp +1 => 6 magicsock_disco_sent_udp +7 => 545 magicsock_recv_data_ipv6 +1 => 86 magicsock_send_data +1 => 90 magicsock_send_derp +1 => 12 magicsock_send_derp_queued +1 => 12 magicsock_send_udp +8 => 633 Updates #3307 Change-Id: I5ac2511e3ad24fa1e6ea958c3946fecebe4f79a7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	24ea365d48	netcheck, controlclient, magicsock: add more metrics Updates #3307 Change-Id: Ibb33425764a75bde49230632f1b472f923551126 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	68917fdb5d	cmd/tailscale/cli: add "debug metrics" subcommand To let users inspect the tailscaled metrics easily. Updates #3307 Change-Id: I922126ca0626659948c57de74c6ef62f40ef5f5f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	945290cc3f	cmd/tailscale/cli: migrate hidden debug subcommand to use subcomands It was a mess of flags. Use subcommands under "debug" instead. And document loudly that it's not a stable interface. Change-Id: Idcc58f6a6cff51f72cb5565aa977ac0cc30c3a03 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	2b082959db	safesocket: add WindowsLocalPort const Remove all the 41112 references. Change-Id: I2d7ed330d457e3bb91b7e6416cfb2667611e50c4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
David Anderson	37c150aee1	derp: use new node key type. Update #3206 Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
David Anderson	15376f975b	types/wgkey: delete, no longer used. Updates #3206 Signed-off-by: David Anderson <danderson@tailscale.com>	4 years ago
Josh Bleecher Snyder	640de1921f	depaware: update To fix build broken by `c9bf773312`. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	31e4f60047	version: embed VERSION.txt in unstamped version Temporary measure until we switch to Go 1.18. $ go run ./cmd/tailscale version 1.17.0-date.20211022 go version: go1.17 Updates #81 Change-Id: Ic82ebffa5f46789089e5fb9810b3f29e36a47f1a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	675f9cd199	cmd/tailscale/cli: add, use log.Fatalf indirection for js/wasm Updates #3157 Change-Id: I97a4962a44bd36313ff68388e3de0d852a8fa869 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	5df7ac70d6	cmd/tailscale/cli: add Stdout, Stderr and output through them So js/wasm can override where those go, without implementing an *os.File pipe pair, etc. Updates #3157 Change-Id: I14ba954d9f2349ff15b58796d95ecb1367e8ba3a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	3b5ada1fd8	cmd/tailscale/cli: use errors.Is to check ff's wrapped flag errors And also check from its Parse method. Change-Id: I18754920575254cb6858a16b7954e74aa16483a1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	75de4e9cc2	cmd/tailscale/cli: don't ExitOnError on js/wasm An os.Exit brings down the whole wasm module. Updates #3157 Change-Id: I3daa97fd854715b901f3dbb04b57d841576b60b1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	505f844a43	cmd/derper, derp/derphttp: add websocket support Updates #3157 Change-Id: I337a919a3b350bc7bd9af567b49c4d5d6616abdd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Maisem Ali	0bf515e780	cmd/tailscale: changes to --advertise-tags should wait for possible reauth. Signed-off-by: Maisem Ali <maisem@tailscale.com>	4 years ago
Aaron Klotz	1991a1ac6a	net/tstun: update tun_windows for wintun 0.14 API revisions, update wireguard-go dependency to 82d2aa87aa623cb5143a41c3345da4fb875ad85d Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Brad Fitzpatrick	2d11503cff	cmd/tailscale: add up --qr to show QR code Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
David Crawshaw	cc9cf97cbe	cli: web advertise exit node button A couple of gnarly assumptions in this code, as always with the async message thing. UI button is based on the DNS settings in the admin panel. Co-authored-by: Maisem Ali <maisem@tailscale.com> Signed-off-by: David Crawshaw <crawshaw@tailscale.com>	4 years ago
Brad Fitzpatrick	98b3fa78aa	cmd/tailscale: let certs/keys be written to stdout, warn about macOS sandbox Fixes https://twitter.com/SeanHood/status/1443668378468720647 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	2d464cecd1	cmd/tailscale: make netcheck work when logged out Fixes #2993 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	f62e6d83a9	cmd/tailscale: make cert subcommand give hints on access denied Lot of people have been hitting this. Now it says: $ tailscale cert tsdev.corp.ts.net Access denied: cert access denied Use 'sudo tailscale cert' or 'tailscale up --operator=$USER' to not require root. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	b10a55e4ed	cmd/tailscale/cli: fix typo in cert usage	4 years ago
Brad Fitzpatrick	891e7986cc	cmd/tailscale: make cert give hints on usage failure Like mentioning which cert domain(s) are valid.	4 years ago
Brad Fitzpatrick	b822b5c798	cmd/tailscale: let up --authkey be of form file:/path/to/secret Fixes #2958 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	173bbaa1a1	all: disable TCP keep-alives on iOS/Android Updates #2442 Updates tailscale/corp#2750 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	ec2249b6f2	cmd/tailscale: add debug -env Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	ace2faf7ec	cmd/tailscale: make debug profiling output - mean stdout Because the macOS CLI runs in the sandbox, including the filesystem, so users would be confused that -cpu-profile=prof.cpu succeeds but doesn't write to their current directory, but rather in some random Library/Containers directory somewhere on the machine (which varies depending on the Mac build type: App Store vs System Extension) Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Brad Fitzpatrick	efb84ca60d	ipn/localapi, cmd/tailscale: add CPU & memory profile support, debug command This was already possible on Linux if you ran tailscaled with --debug (which runs net/http/pprof), but it requires the user have the Go toolchain around. Also, it wasn't possible on macOS, as there's no way to run the IPNExtension with a debug server (it doesn't run tailscaled). And on Windows it's super tedious: beyond what users want to do or what we want to explain. Instead, put it in "tailscale debug" so it works and works the same on all platforms. Then we can ask users to run it when we're debugging something and they can email us the output files. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Denton Gentry	27bc4e744c	cmd/tailscale/web: support TLS from env vars. pfSense stores its SSL certificate and key in the PHP config. We wrote PHP code to pull the two out of the PHP config and into environment variables before running "tailscale web". The pfSense web UI is served over https, we need "tailscale web" to also support https in order to put it in an <iframe>. Signed-off-by: Denton Gentry <dgentry@tailscale.com>	4 years ago
Aaron Klotz	9ebb5d4205	ipn, paths: ensure that the state directory for Windows has the correct perms ProgramData has a permissive ACL. For us to safely store machine-wide state information, we must set a more restrictive ACL on our state directory. We set the ACL so that only talescaled's user (ie, LocalSystem) and the Administrators group may access our directory. We must include Administrators to ensure that logs continue to be easily accessible; omitting that group would force users to use special tools to log in interactively as LocalSystem, which is not ideal. (Note that the ACL we apply matches the ACL that was used for LocalSystem's AppData\Local). There are two cases where we need to reset perms: One is during migration from the old location to the new. The second case is for clean installations where we are creating the file store for the first time. Updates #2856 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	4 years ago
Brad Fitzpatrick	4549d3151c	cmd/tailscale: make status show health check problems Fixes #2775 RELNOTE=tailscale status now shows health check problems Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago
Josh Bleecher Snyder	865d8c0d23	cmd: upgrade to ffcli v3 None of the breaking changes from v2 to v3 are relevant to us. Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>	4 years ago
Brad Fitzpatrick	640134421e	all: update tests to use tstest.MemLogger And give MemLogger a mutex, as one caller had, which does match the logf contract better. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	4 years ago

1 2 3 4 5 ...

451 Commits (f0347e841f8edc8b3b08f1c00f1eef6625beec2d)