tailscale

Commit Graph

Author	SHA1	Message	Date
Vince Prignano	1a691ec5b2	cmd/k8s-operator: update controller-runtime to v0.15 Fixes #8170 Signed-off-by: Vince Prignano <vince@prigna.com>	11 months ago
James Tucker	5def4f4a1c	go.mod: bump goreleaser deps Periodic update for start of cycle. goreleaser is not updated to v2 yet, but indirects updated. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
James Tucker	48605226dd	go.mod: bump gvisor Periodic update for start of cycle. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Maisem Ali	f46c1aede0	go.mod: bump k8s libs The key is to update sigs.k8s.io/controller-runtime and let it update others. Updates #8043 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	9e9ea6e974	go.mod: bump all deps possible that don't break the build This holds back gvisor, kubernetes, goreleaser, and esbuild, which all had breaking API changes. Updates #8043 Updates #7381 Updates #8042 (updates u-root which adds deps) Change-Id: I889759bea057cd3963037d41f608c99eb7466a5b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
dependabot[bot]	270942094f	build(deps): bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.24+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.24) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	1 year ago
Andrew Dunham	280255acae	various: add golangci-lint, fix issues (#7905 ) This adds an initial and intentionally minimal configuration for golang-ci, fixes the issues reported, and adds a GitHub Action to check new pull requests against this linter configuration. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I8f38fbc315836a19a094d0d3e986758b9313f163	1 year ago
Anton Tolchanov	11e6247d2a	tsweb: expose native Prometheus metrics in /debug/varz The handler will expose built-in process and Go metrics by default, which currently duplicate some of the expvar-proxied metrics (`goroutines` vs `go_goroutines`, `memstats` vs `go_memstats`), but as long as their names are different, Prometheus server will just scrape both. This will change /debug/varz behaviour for most tsweb binaries, but notably not for control, which configures a `tsweb.VarzHandler` [explicitly](`a5b5d5167f/cmd/tailcontrol/tailcontrol.go (L779)`) Updates https://github.com/tailscale/corp/issues/10205 Signed-off-by: Anton Tolchanov <anton@tailscale.com>	1 year ago
Jordan Whited	f571536598	go.mod: bump wireguard-go (#7836 ) This pulls in a synchronization optimization, see tailscale/wireguard-go@af17262. Updates tailscale/corp#8734 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Jordan Whited	765d3253f3	go.mod: bump wireguard-go (#7792 ) Pull in TUN checksum optimizations and crypto channel changes. Updates tailscale/corp#8734 Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
James Tucker	a31e43f760	go.mod: bump gvisor to 20230320 for dispatcher locking Upstream improved code around an issue showing up in CI, where sometimes shutdown will race on endpoint.dispatcher being nil'd, causing a panic down stack of injectInbound. The upstream patch makes some usage more safe, but it does not itself fix the local issue. See panic in https://github.com/tailscale/tailscale/actions/runs/4548299564/jobs/8019187385#step:7:843 See fix in google/gvisor@13d7bf69d8 Updates #7715 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Jordan Whited	27e37cf9b3	go.mod, net/tstun, wgengine/magicsock: update wireguard-go (#7712 ) This commit updates the wireguard-go dependency to pull in fixes for the tun package, specifically 052af4a and aad7fca. Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Brad Fitzpatrick	1410682fb6	cmd/sniproxy: add start of a tsnet-based SNI proxy $ curl https://canhazip.com/ 170.173.0.21 $ curl --resolve canhazip.com:443:100.85.165.81 https://canhazip.com/ 34.223.127.151 Updates #1748 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	d8286d0dc2	go.mod: bump golang.org/x/image to latest version This resolves a dependabot alert, though the alert does not affect us: https://github.com/tailscale/tailscale/security/dependabot/6 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I087de6f22fb4821d0035fc16b603f9692581b9bd	1 year ago
Brad Fitzpatrick	e8a028cf82	go.mod: bump x/crypto No particular reason. Just good point of our release cycle for some #cleanup. It also makes dependabot happy about something we're not using? Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	607c3eb813	go.toolchain.rev: update to Go 1.20.1 And bump x/net for the HTTP/2 fixes. Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Andrew Dunham	ba48ec5e39	util/linuxfw: initial implementation of package This package is an initial implementation of something that can read netfilter and iptables rules from the Linux kernel without needing to shell out to an external utility; it speaks directly to the kernel using syscalls and parses the data returned. Currently this is read-only since it only knows how to parse a subset of the available data. Signed-off-by: Andrew Dunham <andrew@tailscale.com> Change-Id: Iccadf5dcc081b73268d8ccf8884c24eb6a6f1ff5	1 year ago
Brad Fitzpatrick	03645f0c27	net/{netns,netstat}: use new x/sys/cpu.IsBigEndian See golang/go#57237 Change-Id: If47ab6de7c1610998a5808e945c4177c561eab45 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	b1248442c3	all: update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork Updates #7123 Updates #5309 Change-Id: I90bcd87a2fb85a91834a0dd4be6e03db08438672 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	0d794a10ff	go.mod: bump wintun-go For https://git.zx2c4.com/wintun-go/commit/?id=0fa3db229ce2036ae779de8ba03d336b7aa826bd Updates #6647 Change-Id: I1686b2c77df331fcb9fa4fae88e08232bb95f10b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	6793685bba	go.mod: bump AWS SDK past a breaking API change of theirs They changed a type in their SDK which meant others using the AWS APIs in their Go programs (with newer AWS modules in their caller go.mod) and then depending on Tailscale (for e.g. tsnet) then couldn't compile ipn/store/awsstore. Thanks to @thisisaaronland for bringing this up. Fixes #7019 Change-Id: I8d2919183dabd6045a96120bb52940a9bb27193b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Will Norris	fff617c988	go.mod: bump golang.org/x/net and dependencies I don't think CVE-2022-41717 necessarily impacts us (maybe as part of funnel?), but it came up in a recent security scan so worth updating anyway. Signed-off-by: Will Norris <will@tailscale.com>	1 year ago
Brad Fitzpatrick	1116602d4c	ssh/tailssh: add OpenBSD support for Tailscale SSH And bump go.mod for https://github.com/u-root/u-root/pull/2593 Change-Id: I36ec94c5b2b76d671cb739f1e9a1a43ca1d9d1b1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
andig	14e8afe444	go.mod, etc: bump gvisor Fixes #6554 Change-Id: Ia04ae37a47b67fa57091c9bfe1d45a1842589aa8 Signed-off-by: andig <cpuidle@gmx.de>	1 year ago
Brad Fitzpatrick	243490f932	go.mod: bump x/sys for linux/arm64 cpu SIGILL fix Bump to get `2204b6615f` Updates #5793 Change-Id: I6ab78824047cb2c8d042f3f3bf47368ec6da5a34 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Jordan Whited	914d115f65	go.mod: bump tailscale/wireguard-go for big-endian fix (#6785 ) Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Brad Fitzpatrick	c02ccf6424	go.mod: bump dhcp dep to remove another endian package from our tree To pull in insomniacslk/dhcp#484 to pull in u-root/uio#8 Updates golang/go#57237 Change-Id: I1e56656e0dc9ec0b870f799fe3bc18b3caac1ee4 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	bc8f5a7734	cmd/k8s-operator: add a basic unit test. The test verifies one of the successful reconcile paths, where a client requests an exposed service via a LoadBalancer class. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	ca08e316af	util/endian: delete package; use updated josharian/native instead See josharian/native#3 Updates golang/go#57237 Change-Id: I238c04c6654e5b9e7d9cfb81a7bbc5e1043a84a2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
David Anderson	b2d4abf25a	cmd/k8s-operator: add a kubernetes operator. This was initially developed in a separate repo, but for build/release reasons and because go module management limits the damage of importing k8s things now, moving it into this repo. At time of commit, the operator enables exposing services over tailscale, with the 'tailscale' loadBalancerClass. It also currently requires an unreleased feature to access the Tailscale API, so is not usable yet. Updates #502. Signed-off-by: David Anderson <danderson@tailscale.com>	1 year ago
Brad Fitzpatrick	7b65b7f85c	go.mod: bump tailscale/wireguard-go for loong64 Updates tailscale/tailscale#6233 Change-Id: I5ba1826e79be51c03b19f2b31d73024410be4970 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	5a523fdc7f	go.mod: update deps to add support for GOARCH=loong64 Updates tailscale/tailscale#6233 Change-Id: Ibbc8e42607342e4ab4fc0b365ed628d82b56864d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Jordan Whited	ea5ee6f87c	all: update golang.zx2c4.com/wireguard to github.com/tailscale/wireguard-go (#6692 ) This is temporary while we work to upstream performance work in https://github.com/WireGuard/wireguard-go/pull/64. A replace directive is less ideal as it breaks dependent code without duplication of the directive. Signed-off-by: Jordan Whited <jordan@tailscale.com>	1 year ago
Jordan Whited	76389d8baf	net/tstun, wgengine/magicsock: enable vectorized I/O on Linux (#6663 ) This commit updates the wireguard-go dependency and implements the necessary changes to the tun.Device and conn.Bind implementations to support passing vectors of packets in tailscaled. This significantly improves throughput performance on Linux. Updates #414 Signed-off-by: Jordan Whited <jordan@tailscale.com> Signed-off-by: James Tucker <james@tailscale.com> Co-authored-by: James Tucker <james@tailscale.com>	1 year ago
Brad Fitzpatrick	1598cd0361	net/tsaddr: remove ContainsFunc helpers (they're now in x/exp/slices) x/exp/slices now has ContainsFunc (golang/go#53983) so we can delete our versions. Change-Id: I5157a403bfc1b30e243bf31c8b611da25e995078 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Maisem Ali	adc302f428	all: use named pipes on windows Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Aaron Klotz	033bd94d4c	cmd/tailscaled, wgengine/router: use wingoes/com for COM initialization instead of go-ole This patch removes the crappy, half-backed COM initialization used by `go-ole` and replaces that with the `StartRuntime` function from `wingoes`, a library I have started which, among other things, initializes COM properly. In particular, we should always be initializing COM to use the multithreaded apartment. Every single OS thread in the process becomes implicitly initialized as part of the MTA, so we do not need to concern ourselves as to whether or not any particular OS thread has initialized COM. Furthermore, we no longer need to lock the OS thread when calling methods on COM interfaces. Single-threaded apartments are designed solely for working with Win32 threads that have a message pump; any other use of the STA is invalid. Fixes https://github.com/tailscale/tailscale/issues/3137 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	1 year ago
Andrew Dunham	a0ef51f570	cmd/{tailscale,tailscaled}: embed manifest into Windows binaries This uses a go:generate statement to create a bunch of .syso files that contain a Windows resource file. We check these in since they're less than 1KiB each, and are only included on Windows. Fixes #6429 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I0512c3c0b2ab9d8d8509cf2037b88b81affcb81f	1 year ago
Brad Fitzpatrick	001f482aca	net/dns: make "direct" mode on Linux warn on resolv.conf fights Run an inotify goroutine and watch if another program takes over /etc/inotify.conf. Log if so. For now this only logs. In the future I want to wire it up into the health system to warn (visible in "tailscale status", etc) about the situation, with a short URL to more info about how you should really be using systemd-resolved if you want programs to not fight over your DNS files on Linux. Updates #4254 etc etc Change-Id: I86ad9125717d266d0e3822d4d847d88da6a0daaa Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago
Brad Fitzpatrick	6aab4fb696	cmd/tailscale/cli: start making cert output support pkcs12 (p12) output If the --key-file output filename ends in ".pfx" or ".p12", use pkcs12 format. This might not be working entirely correctly yet but might be enough for others to help out or experiment. Updates #2928 Updates #5011 Change-Id: I62eb0eeaa293b9fd5e27b97b9bc476c23dd27cf6 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Pat Maddox	9bf3ef4167	ssh/tailssh: add Tailscale SSH (server) support on FreeBSD Change-Id: I607194b6ef99205e777f3df93a74ffe1a2e0344c Signed-off-by: Pat Maddox <pat@ratiopbc.com>	2 years ago
David Anderson	76904b82e7	cmd/containerboot: PID1 for running tailscaled in a container. This implements the same functionality as the former run.sh, but in Go and with a little better awareness of tailscaled's lifecycle. Also adds TS_AUTH_ONCE, which fixes the unfortunate behavior run.sh had where it would unconditionally try to reauth every time if you gave it an authkey, rather than try to use it only if auth is actually needed. This makes it a bit nicer to deploy these containers in automation, since you don't have to run the container once, then go and edit its definition to remove authkeys. Signed-off-by: David Anderson <danderson@tailscale.com>	2 years ago
Brad Fitzpatrick	a0ed2c2eb5	go.mod: bump golang-x-crypto Fixes #5533 Change-Id: I403de0e9ed5a9a63055242a86720d6f4e0899af7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Joe Tsai	b2035a1dca	cmd/netlogfmt: handle any stream of network logs (#6108 ) Make netlogfmt useful regardless of the exact schema of the input. If a JSON object looks like a network log message, then unmarshal it as one and then print it. This allows netlogfmt to support both a stream of JSON objects directly serialized from netlogtype.Message, or the schema returned by the /api/v2/tailnet/{{tailnet}}/network-logs API endpoint. Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Joe Tsai	c21a3c4733	types/netlogtype: new package for network logging types (#6092 ) The netlog.Message type is useful to depend on from other packages, but doing so would transitively cause gvisor and other large packages to be linked in. Avoid this problem by moving all network logging types to a single package. We also update staticcheck to take in: `003d277bcf` Signed-off-by: Joe Tsai <joetsai@digital-static.net>	2 years ago
Brad Fitzpatrick	e24de8a617	ssh/tailssh: add password-forcing workaround for buggy SSH clients If the username includes a suffix of +password, then we accept password auth and just let them in like it were no auth. This exists purely for SSH clients that get confused by seeing success to their initial auth type "none". Co-authored-by: Maisem Ali <maisem@tailscale.com> Change-Id: I616d4c64d042449fb164f615012f3bae246e91ec Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Maisem Ali	4de1601ef4	ssh/tailssh: add support for sending multiple banners Signed-off-by: Maisem Ali <maisem@tailscale.com>	2 years ago
Brad Fitzpatrick	b1bd96f114	go.mod, ssh/tailssh: fix ImplictAuthMethod typo Fixes #5745 Change-Id: Ie8bc88bd465a9cb35b0ae7782d61ce96480473ee Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	2 years ago
Florian Lehner	7e0ffc17fd	Address GO-2022-0969 HTTP/2 server connections can hang forever waiting for a clean shutdown that was preempted by a fatal error. This condition can be exploited by a malicious client to cause a denial of service. Signed-off-by: Florian Lehner <dev@der-flo.net>	2 years ago
Florian Lehner	17348915fa	Address GO-2020-0042 Due to improper path santization, RPMs containing relative file paths can cause files to be written (or overwritten) outside of the target directory. Signed-off-by: Florian Lehner <dev@der-flo.net>	2 years ago

1 2 3 4 5 ...

332 Commits (f077b672e4a399f4dcafdfe4f15c75d5a580c7cb)