archive
/
tailscale
mirror of https://github.com/tailscale/tailscale/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: archive:main
Branches Tags
archive:knyar/nofilch
archive:irbekrm/egresshafw
archive:main
archive:angott/captive-dialer-timeout
archive:adrian/vip
archive:flakes
archive:mpminardi/ssh-environment-variable-forwarding
archive:andrew/noise-conn-test
archive:bradfitz/alaska
archive:bradfitz/quic_dns
archive:kradalby/usermetrics-wgengine
archive:maisem/idp
archive:knyar/usermetrics-wgengine
archive:raggi/eperm-health
archive:angott/doh-keepalives-tweak
archive:fran/natc-consensus-prototype
archive:kradalby/conn-stats-packagecount
archive:bradfitz/dup_add
archive:bradfitz/derp_flow_track
archive:dependabot/npm_and_yarn/client/web/rollup-4.22.4
archive:kradalby/userfacing-metrics-moar
archive:kari/hostinfopkg
archive:angott/dns-cli-stream
archive:dependabot/npm_and_yarn/client/web/vite-5.1.8
archive:maisem/tsnet-forward
archive:bradfitz/rm_x_crypto_fork
archive:release-branch/1.74
archive:angott/captive-exit-node-disablement
archive:raggi/natlab-latency-loss
archive:bradfitz/bumptoolchain
archive:angott/tvos-23087
archive:raggi/trimpathtest
archive:nickkhyl/http2-for-win-safesocket
archive:nickkhyl/login-notifications
archive:irbekrm/egresshapm
archive:dependabot/npm_and_yarn/cmd/tsconnect/micromatch-4.0.8
archive:irbekrm/egressha
archive:nickkhyl/authurl-notify-backport
archive:jwhited/test-local-forwarder
archive:release-branch/1.72
archive:jonathan/missing_resolvers
archive:knyar/userfacing-metrics
archive:andrew/disco-af-packet-refactor
archive:jwhited/gvisor-revert-gro
archive:irbekrm/proxycidrs
archive:22332-macos-sequoia-hostname
archive:knyar/metrictype
archive:dependabot/go_modules/github.com/docker/docker-26.1.5incompatible
archive:bradfitz/vnet2
archive:jwhited/derp-https-tcp-connect
archive:raggi/callmebaby
archive:awly/cli-json-docs
archive:raggi/linux6644
archive:irbekrm/reload_config
archive:maisem/flake-3
archive:nickkhyl/syspolicy-new
archive:jonathan/vznet
archive:irbekrm/dnat
archive:raggi/dnsfallback
archive:irbekrm/websocket
archive:andrew/captive-use-atomic
archive:marwan/offunc
archive:jwhited/gVisor-gso-gro
archive:release-branch/1.70
archive:tomhjp/e2e-tests
archive:irbekrm/kubetestsetup
archive:irbekrm/eks
archive:dsnet/syncs-lock
archive:raggi/derp-route-optimization
archive:will-systray
archive:bradfitz/json2
archive:andrew/dns-more-logging
archive:andrew/net-dns-systemd-no-stub
archive:release-branch/1.68
archive:fran/fix-appc-write-new-domain
archive:adrian/fix-vet-failures
archive:angott/dns-warnables
archive:andrew/workgraph
archive:agottardo-patch-1
archive:bradfitz/resume
archive:irbekrm/operator_linux_only
archive:nickkhyl/posture-sn-override
archive:kradalby/chaos
archive:angott/ignore-some-warnings-startup
archive:dependabot/npm_and_yarn/cmd/tsconnect/braces-3.0.3
archive:irbekrm/fixsubnets
archive:irbekrm/dnstest
archive:irbekrm/fix
archive:irbekrm/accept_routes
archive:percy/issue8593
archive:percy/issue8593-prep
archive:jonathan/sugg_exit_node_fix
archive:release-branch/1.66
archive:icio/public-key-short
archive:clairew/handle-auto-exit-node-value
archive:knyar/install2
archive:will/tsnet-udp
archive:raggi/web-zst-precompress
archive:raggi/gocross-empty-goos-goarch
archive:andrew/dns-fallback
archive:andrew/prom-omit-metrics
archive:jwhited/android-packet-vectors
archive:knyar/renew
archive:bradfitz/debug_tstest
archive:clairew/revert-storing-last-suggested
archive:andrew/debug-integration-tests
archive:fran/appc-ensmallen-gh-preset
archive:ox/11854-3-sftp
archive:percy/cherry-pick-2648d475d751b47755958f47a366e300b6b6de0a
archive:ox/corp-19592
archive:ox/11954-3
archive:ox/11854
archive:kevin/Split_Remove_advertised_routes_from_pref
archive:dsnet/logtail-buffer2
archive:bradfitz/dataplane_logs_no_logs_no_support
archive:nickkhyl/ipn-user-identity
archive:irbekrm/extsvcnftableslb
archive:andrew/dns-wrap-errors
archive:release-branch/1.64
archive:noncombatant/safeweb-cleanup
archive:bradfitz/login_retry
archive:patrickod/installer-yml-fixup
archive:release-branch/1.64.0
archive:fran/appc-store-routes-by-source
archive:andrew/controlclient-use-last-addr
archive:enable-exit-node-dst-logs
archive:clairew/peer-node-capability-documentation
archive:revert-11590-catzkorn/penguin
archive:enable-exit-node-dst-logs-2
archive:licenses/corp
archive:dsnet/logpolicy-opts
archive:licenses/android
archive:jonathan/taildrop_path
archive:licenses/cli
archive:release-branch/1.62
archive:clairew/log-dst-exit-node
archive:fran/appc-domain-delte-prototype
archive:irbekrm/maybe_fix_v6
archive:oxtoacart/golden_memory
archive:irbekrm/cherry_fix_panic
archive:oxtoacart/no_indent_status
archive:angott/corp-18441
archive:soniaappasamy/serve-funnel-ui
archive:brafitz/remote-config
archive:andrew/control-key-store
archive:maisem/proxy-1
archive:release-branch/1.60
archive:andrew/netstack-forwarder-debug
archive:oxtoacart/immediately_access_shares
archive:knyar/install
archive:irbekrm/splitkeys
archive:oxtoacart/automount
archive:angott/sleep-debug-apis
archive:clairew/suggest-non-mullvad-exit-node
archive:tom/tka4
archive:clairew/add-latitude-longitude
archive:irbekrm/operatorversion
archive:oxtoacart/dsnet_codereview_fixes
archive:clairew/client-suggest-node-poc
archive:raggi/rand
archive:flyingsquirrel_bak
archive:will/containerboot-webui
archive:irbekrm/clustermagicdns
archive:noncombatant/add-hello-systemd
archive:catzkorn/jira
archive:release-branch/1.58
archive:kradalby/view-only-type
archive:clairew/add-disco-pong-padding
archive:clairew/receive-icmp-errors
archive:dgentry-b10911
archive:irbekrm/proxyclass2
archive:irbekrm/proxyclass
archive:irbekrm/byocerts
archive:knyar/worklifeposture
archive:dsnet/httpio
archive:will/webclient-mobile
archive:will/webclient-csrf
archive:irbekrm/static_crd
archive:irbekrm/manifests_crd
archive:maisem/exp-k8s
archive:release-branch/1.44
archive:irbekrm/containerbootdeclarativeconf
archive:kube_exp
archive:irbekrm/conf
archive:raggi/stun-subprocess
archive:andrew/nixos-vm-tests
archive:irbekrm/set_args
archive:andrew/peer-ipv6-addrs
archive:irbekrm/external_services
archive:irbekrm/os
archive:irbekrm/pull_in_certs
archive:irbekrm/kube_build_tags
archive:release-branch/1.56
archive:jwhited/derp-cmm-timestamp
archive:naman/web-client-update-fixes
archive:soniaappasamy/use-swr
archive:marwan/displayname
archive:release-branch/1.54
archive:danderson/debug-garden
archive:jwhited/unsafe-exp
archive:clairew/test-wrapper-file
archive:bradfitz/compontent_logs
archive:kradalby-keys-db-interface
archive:kradalby/keys-db-interface
archive:andrew/upnp-unfork
archive:bm/tsoidc
archive:irbekrm/le
archive:knyar/restartmap
archive:kristoffer/editable-tailnet-displayname
archive:raggi/document-deprecated-approach
archive:dsnet/statestore
archive:awly/version-override
archive:bradfitz/silentdisco_knob
archive:richard/15372
archive:raggi/icmplistener
archive:awly/linux-sudoers-local-admin-poc
archive:release-branch/1.52
archive:soniaappasamy/web-auth-restructure
archive:bradfitz/ipx_set_contains
archive:knyar/derpmesh
archive:irbekrm/chartandcli
archive:richard/15037-2
archive:bradfitz/linuxfw_nil_table
archive:richard/15037
archive:bradfitz/tbug
archive:bradfitz/derp_mesh
archive:will/sonia/web-tailscaled
archive:tyler/serve-status
archive:maisem/ni
archive:maisem/hi
archive:rhea/apple-test
archive:dgentry-nix-flake
archive:dgentry-coverage
archive:c761d10
archive:bradfitz/gocross_wantver
archive:awly/ipnlocal-watchnotifications-clientversion
archive:bradfitz/integration_more_tun
archive:bradfitz/recursive_controlknob
archive:dgentry-authkey
archive:dependabot/npm_and_yarn/cmd/tsconnect/postcss-8.4.31
archive:bm/4via6
archive:bradfitz/sessionactivetimeout
archive:release-branch/1.50
archive:rhea/taildrop-resume
archive:andrew/peercap-ipv6-aaaa
archive:irbekrm/k8sipnftheuristics
archive:irbekrm/kubeipnft
archive:irbekrm/k8sipnft
archive:dgentry-istoreos
archive:knyar/posturemac
archive:irbekrm/egress
archive:raggi/restore-extra-records-dns
archive:aaron/win_process_mitigations
archive:danderson/lru-rollback
archive:clairew/mdm-interface
archive:angott/userdefaults-reader
archive:andrew/bump-esbuild
archive:andrew/netns-more-logging
archive:release-branch/1.48
archive:irbekrm/k8s-autopilot
archive:dsnet/viewer-jsonv2
archive:marwan/altmem_stash
archive:irbekrm/k8s-nftables
archive:marwan/postmem
archive:maisem/fix-deadlock
archive:bradfitz/matrix
archive:irbekrm/egress-dns
archive:bradfitz/wait_unpause
archive:bradfitz/calc_state
archive:irbekrm/svc_conditions
archive:soniaappasamy/fix-test-flake
archive:marwan/servedev
archive:soniaappasamy/fix-web-client-lock
archive:raggi/netfilter-runtime
archive:raggi/netfilter-add-modes
archive:marwan/scmem
archive:bradfitz/ignore_ula
archive:clairew/tstime-net
archive:clairew/tstime-wgengine
archive:bradfitz/tkasig_type
archive:shayne/k8s-serve
archive:bradfitz/gui_netmap
archive:macsys-update
archive:catzkorn/netcheckuout
archive:andrew/doctor-conntrack
archive:tsweb/client-ui
archive:valscale/ptb
archive:raggi/gotoolchain
archive:irbekrm/improve_logout
archive:maisem/doc
archive:rhea/egress
archive:noncombatant/large-int-string
archive:release-branch/1.46
archive:andrew/captive-portal-package
archive:s/pmtud
archive:andrew/derp-bound-latency
archive:andrew/health-state
archive:bradfitz/gokrazy_dns
archive:clairew/use-tstime-etc
archive:bradfitz/negdep
archive:raggi/stunc
archive:raggi/gvisor-hostarch-deptest
archive:crawshaw/art-table
archive:irbekrm/fix_logout_loop
archive:clairew/refactor-new-timer
archive:clairew/test-wrapper-write-file
archive:s/tsnetd
archive:bradfitz/countrycode
archive:crawshaw/stunchild
archive:tom/disco
archive:raggi/v6masq
archive:release-branch/1.42
archive:raggi/heartbeat-timebomb
archive:raggi/derp-probe-stun-loss
archive:raggi/tsdebugger
archive:tom/derp
archive:andrew/ipn-debug-1.42.0
archive:marwan/portlistrefactor
archive:marwan/noconstructor
archive:angott/allow-thunderbolt-bridge
archive:marwan/polleropts
archive:marwan/noconstructor2
archive:andrew/slicesx-deduplicate
archive:unraid-web
archive:release-branch/1.40
archive:kristoffer/enable-mips-pkgs
archive:s/eq
archive:raggi/atomiccloseonce
archive:raggi/bump-goreleaserv2
archive:marwan/tmp
archive:catzkorn/addrsend
archive:raggi/gofuzz
archive:shayne/funnel_cmd
archive:release-branch/1.38
archive:dgentry/atomicfile
archive:andrew/derp-region-location
archive:tom/tka6
archive:maisem/k8s-cache
archive:azure
archive:andrew/fastjson
archive:crawshaw/lnclose
archive:crawshaw/tsnet1
archive:crawshaw/httpconnect
archive:Xe/tsnet-funnel
archive:dgentry/sniproxy-dns
archive:andrew/util-dnsconfig
archive:andrew/cloudenv-location
archive:release-branch/1.36
archive:aaron/migrate_windows
archive:crawshaw/pidlisten
archive:andrew/router-drop-ula
archive:will/vizerr
archive:danderson/mkversion
archive:crawshaw/activesum
archive:andrew/doctor-scutil
archive:danderson/version-private3
archive:bradfitz/sassy
archive:bradfitz/win_unattended_warning
archive:andrew/hostinfo-HavePortMap
archive:skriptble/ssh-recording-persist
archive:crawshaw/ondemanddomains
archive:danderson/helm
archive:andrew/peer-status-KeyExpiry
archive:bradfitz/noise_debug_more
archive:release-branch/1.34
archive:cloner
archive:danderson/backport
archive:clairew/tsnet_get_own_ip
archive:bradfitz/tidy
archive:raggi/tsweb-compression
archive:bradfitz/fix_ipn_cloner
archive:danderson/bootstrap
archive:will/enforce-hostname
archive:mihaip/delete-all-profiles
archive:release-branch/1.32
archive:shayne/serve_empty_text_handler
archive:bradfitz/hostinfo_ingress_bit
archive:mihaip/logout-async-start
archive:net-audit-log/1.32
archive:bradfitz/set_prefs_locked
archive:mihaip/fas
archive:bradfitz/port_intercept
archive:andrew/net-tsaddr-mapviaaddr
archive:danderson/tsburrito
archive:andrew/tstest-goroutine-ignore
archive:andrew/monitor-link-change
archive:danderson/k8s
archive:andrew/debug-subnet-router
archive:andrew/metrics-distribution
archive:crawshaw/accumulatorcfg
archive:bradfitz/keyboard-interactive
archive:bradfitz/tailpipe
archive:vm
archive:raggi/accept-routes-filter
archive:nyghtowl/tailnet-name2
archive:dsnet/tunstats-v2
archive:buildjet
archive:buildjet-vs-github
archive:andrew/netns-macos-route
archive:walterp-api
archive:andrew/linux-router-v4-disabled
archive:bradfitz/distro_ubuntu
archive:tom/iptables
archive:release-branch/1.30
archive:tom/tka2
archive:andrew/dnscache-debugging-1.22.2
archive:andrew/controlclient-dial
archive:raggi/experiment-queues
archive:bradfitz/u32
archive:ip6tables
archive:catzkorn/derp-benchmark
archive:jwhited/wireguard-go-vectorized-bind
archive:catzkorn/otel-init
archive:bradfitz/appendf
archive:mihaip/js-cli
archive:dsnet/tsweb-499s
archive:bradfitz/deephash_early_exit
archive:crawshaw/xdp
archive:dsnet/logtail-zstd-single-segment
archive:Xe/gitops-pusher-three-version-problem
archive:Xe/gitops-pusher-acl-test-error-output
archive:Xe/gitops-pusher-ffcli
archive:bradfitz/ssh_auth_none_demo
archive:release-branch/1.28
archive:catzkorn/otel-derp
archive:bradfitz/shared_split_dns
archive:nyghtowl/fix-resolved
archive:release-branch/1.26
archive:bradfitz/explicit_empty_test_3808
archive:crawshaw/preservenetinfo
archive:miriah-3808-reset-operator
archive:dsnet/tsnet-logging
archive:mihaip/wasm-taildrop
archive:crawshaw/stunname
archive:bradfitz/wasm_play
archive:bradfitz/dot
archive:bradfitz/tcp_flows
archive:release-branch/1.24
archive:raggi/netstack_fwd_close
archive:bradfitz/netstack_fwd_close
archive:merge-tag
archive:cross-android
archive:bradfitz/kmod
archive:bradfitz/ssh_banner
archive:bradfitz/ping
archive:tom/integration
archive:bradfitz/ssh_policy_earlier
archive:bradfitz/derpy_cast
archive:bradfitz/cli_admin
archive:release-branch/1.22
archive:aaron/go-ole-ref
archive:bradfitz/key_rotation_prep
archive:josh/tswebflags
archive:release-branch/1.20
archive:crawshaw/envtype
archive:danderson/tsweb-server
archive:bradfitz/autocert_force
archive:bradfitz/use_netstack_upstream
archive:Xe/winui-bugreport-without-tailscaled
archive:bradfitz/hostinfo_basically_equal
archive:release-branch/1.18
archive:aaron/loglog
archive:aaron/dnsapc
archive:bradfitz/demo_client_hijack
archive:bradfitz/windns
archive:bradfitz/exit_node_forward_dns
archive:bradfitz/1.18.1
archive:Xe/tailtlsproxy
archive:bradfitz/allsrc
archive:josh/peermap
archive:danderson/ebpf
archive:bradfitz/1_16_stress_netmap
archive:danderson/nodekey-move
archive:danderson/nodekey-delete-old
archive:danderson/nodekey-cleanup
archive:danderson/magicsock-discokey
archive:release-branch/1.16
archive:danderson/magicsock-node-key
archive:crawshaw/updatefallback
archive:release-branch/1.14
archive:bradfitz/1.14
archive:bradfitz/updates
archive:josh/immutable-views
archive:bradfitz/portmap_gh_actions
archive:danderson/kernel-tailscale
archive:bradfitz/win_default_route
archive:release-branch/1.12
archive:jknodt/logging
archive:simenghe/add-tsmpping-call
archive:josh/opt-getstatus
archive:Aadi/speedtest-tailscaled
archive:dsnet/admin-cli
archive:bradfitz/portmap_test
archive:jknodt/portmap_test
archive:upnpdebug
archive:jknodt/upnp_reuse
archive:crawshaw/peerdoh
archive:josh/debug-flake
archive:simenghe/pingresult-work
archive:jknodt/derp_flow
archive:tps/tailscaled
archive:jknodt/vms_ref
archive:jknodt/integ_test
archive:josh/fast-time
archive:josh/coarsetime
archive:bradfitz/derp_flow
archive:release-branch/1.10
archive:josh/io_uring
archive:josh/deflake-pipe-again
archive:Xe/testcontrol-v6
archive:jknodt/io-uring
archive:simenghe/admin-ping-test
archive:jknodt/periodic_probe
archive:simenghe/isoping
archive:Xe/private-logcatcher-in-process
archive:simenghe/tcpnodeping
archive:bradfitz/deephash_methods
archive:crawshaw/deephash
archive:josh/de-select-tstun-wrapper
archive:Xe/debug-nixos-build
archive:simenghe/isoping-experiment
archive:crawshaw/dnswslhackery
archive:jknodt/userderp
archive:jknodt/bw_rep2
archive:crawshaw/wslresolvconf
archive:jknodt/upnp
archive:crawshaw/magicdnsalways
archive:simenghe/flakeresolve
archive:rec_in_use_after_5_sec
archive:bradfitz/acme
archive:release-branch/1.8
archive:simenghe/add-httphandlers-ping
archive:simenghe/add-ping-route-testcontrol-mux
archive:simeng-pingtest
archive:Xe/test-install-script-libvirtd
archive:apenwarr/check184
archive:crawshaw/newbackendserver
archive:adding-address-ips-totestcontrolnode
archive:onebinary
archive:Xe/synology-does-actually-work-with-subnet-routes-til
archive:bradfitz/netstack_port_map
archive:bradfitz/demo_pinger
archive:apenwarr/fixes
archive:apenwarr/relogin
archive:josh/NewIPPort
archive:josh/IPWithPort
archive:bradfitz/integration_tests
archive:josh/opt-dp-wip
archive:bradfitz/ping_notes
archive:bradfitz/dropped_by_filter_logspam
archive:bradfitz/netstack_drop_silent
archive:bradfitz/log_rate_test
archive:bradfitz/issue_1840_rebased_tree
archive:bradfitz/issue_1849_rebased_tree
archive:crawshaw/syno
archive:apenwarr/statefix
archive:apenwarr/statetest
archive:josh/wip/endpoint-serialize
archive:apenwarr/ioslogin
archive:rosszurowski/cli-fix-typo
archive:bradfitz/cli_pretty
archive:bradfitz/win_delete_retry
archive:bradfitz/sleep
archive:naman/netstack-request-logging
archive:naman/ephem-expand-range
archive:bradfitz/macos_progress
archive:bradfitz/ip_of
archive:crawshaw/localapi404
archive:crawshaw/movefiles
archive:crawshaw/socket
archive:crawshaw/cgi
archive:naman/netstack-subnet-routing
archive:josh/wip/create-endpoint-no-public-key
archive:Xe/log-target-registry-key
archive:release-branch/1.6
archive:bradfitz/ipv6_link_local_strip
archive:bradfitz/darwin_gw
archive:Xe/disallow-local-ip-for-exit-node
archive:release-branch/1.4
archive:crawshaw/upjson
archive:bradfitz/proposed_1.4.6
archive:bradfitz/derp_steer
archive:crawshaw/tailscalestatus
archive:Xe/reset-logid-on-logout-login
archive:naman/netstack-incoming
archive:mkramlich/macos-brew2
archive:naman/netstack-outgoing-udp-test
archive:mkramlich/macos-brew
archive:bradfitz/proposed-1.4.5
archive:peske/ifacewatcher
archive:Xe/hello-vr
archive:crawshaw/filchsync
archive:Xe/derphttp-panic-fix
archive:peske/elnotfound
archive:Xe/rel-144-fix-ipv6-broken-in-tests
archive:bradfitz/darwin_creds
archive:josh/longblock
archive:josh/udp-alloc-less
archive:josh/simplify-filch
archive:josh/remove-ipcgetfilter
archive:Xe/envvar-name-TS
archive:Xe/TS-envvar-name
archive:Xe/do-windows-logserver-better
archive:Xe/log-target-flag
archive:crawshaw/ipuint
archive:bradfitz/hello
archive:bradfitz/linux_v6_off
archive:bradfitz/call_me_maybe_eps
archive:bradfitz/api_docs
archive:alexbrainman/use_wg_dns_code
archive:naman/netstack-use-tailscale-ip
archive:josh/debug-TestLikelyHomeRouterIPSyscallExec
archive:noerror-not-notimp
archive:bradfitz/umaskless_permissions
archive:naman/netstack-bump-version
archive:bradfitz/lite_endpoint_update
archive:c22wen/api-docs
archive:bradfitz/grafana_auth_proxy
archive:crawshaw/dnsguid
archive:nix-shell
archive:release-branch/1.2
archive:bradfitz/acl_tags_in_tailscale_status
archive:bradfitz/expiry_spin
archive:josh/no-goroutine-per-udp-read-2
archive:crawshaw/tailcfg
archive:bradfitz/wgengine_monitor_windows_take2
archive:netstat-unsafe
archive:bradfitz/ipn_empty
archive:bradfitz/win_firewall_async
archive:bradfitz/machine_key
archive:apenwarr/faketun
archive:crawshaw/cloner
archive:crawshaw/jsonhandler
archive:c22wen/route-addr
archive:c22wen/magicsock.go
archive:bradfitz/gvisor_netstack
archive:crawshaw/loadtest
archive:dshynkev/dns-autoset
archive:crawshaw/e2etest
archive:bradfitz/win_wpad_pac
archive:release-branch/1.0
archive:bradfitz/linux_default_route_interface
archive:bradfitz/release-branch-1.0
archive:crawshaw/restartlimit
archive:clone
archive:dshynkev/dns-name
archive:dshynkev/dns-refactor
archive:bradfitz/go_vet
archive:crawshaw/tswebextra
archive:crawshaw/pinger2
archive:lzjluzijie/all_proxy
archive:rate-limiting
archive:lzjluzijie/227_http_proxy
archive:crawshaw/rebind
archive:crawshaw/hostinfo
archive:crawshaw/derp-nokeepalives
archive:crawshaw/derptimeout
archive:crawshaw/derpdial2
archive:crawshaw/derpdial
archive:crawshaw/ipn
archive:crawshaw/e2e_test
archive:crawshaw/ipn2
archive:crawshaw/magicsock
archive:crawshaw/magicsock-infping
archive:crawshaw/spray
archive:crawshaw/br1
archive:v1.74.1
archive:v1.74.0
archive:v1.72.1
archive:v1.72.0
archive:v1.70.0
archive:v1.68.2
archive:v1.68.1
archive:v1.68.0
archive:v1.66.4
archive:v1.66.3
archive:v1.66.2
archive:v1.66.1
archive:v1.66.0
archive:v1.64.2
archive:v1.64.1
archive:v1.64.0
archive:v1.62.1
archive:v1.62.0
archive:v1.60.1
archive:v1.60.0
archive:v1.58.2
archive:v1.58.1
archive:v1.58.0
archive:v1.44.3
archive:v1.56.1
archive:v1.56.0
archive:v1.54.1
archive:v1.54.0
archive:v1.52.1
archive:v1.52.0
archive:v1.50.1
archive:v1.50.0
archive:v1.48.2
archive:v1.48.1
archive:v1.48.0
archive:v1.46.1
archive:v1.46.0
archive:v1.44.2
archive:v1.44.0
archive:v1.42.1
archive:v1.42.0
archive:v1.40.1
archive:v1.40.0
archive:v1.38.4
archive:v1.38.3
archive:v1.38.2
archive:v1.38.1
archive:v1.38.0
archive:v1.36.2
archive:v1.36.1
archive:v1.36.0
archive:v1.34.2
archive:v1.34.1
archive:v1.34.0
archive:v1.32.3
archive:v1.32.2
archive:v1.32.1
archive:v1.32.0
archive:v1.30.2
archive:v1.30.1
archive:v1.30.0
archive:v1.28.0
archive:v1.26.2
archive:v1.26.1
archive:v1.26.0
archive:v1.24.2
archive:v1.24.1
archive:v1.24.0
archive:v1.22.2
archive:v1.22.1
archive:v1.22.0
archive:v1.20.4
archive:v1.20.3
archive:v1.20.2
archive:v1.20.1
archive:v1.20.0
archive:v1.18.2
archive:v1.18.1
archive:v1.18.0
archive:v1.16.2
archive:v1.16.1
archive:v1.16.0
archive:v1.14.6
archive:v1.14.5
archive:v1.14.4
archive:v1.14.3
archive:v1.14.0
archive:v1.12.4
archive:v1.12.3
archive:v1.12.2
archive:v1.12.1
archive:v1.12.0
archive:v1.10.2
archive:v1.10.1
archive:v1.10.0
archive:v1.8.8
archive:v1.8.7
archive:v1.8.6
archive:v1.8.5
archive:v1.8.4
archive:v1.8.3
archive:v1.8.2
archive:v1.8.1
archive:v1.8.0
archive:v1.6.0
archive:v1.4.6
archive:v1.4.5
archive:v1.4.4
archive:v1.4.3
archive:v1.4.2
archive:v1.4.1
archive:v1.4.0
archive:v1.2.10
archive:v1.2.9
archive:v1.2.8
archive:v1.2.7
archive:v1.2.6
archive:v1.2.5
archive:v1.2.3
archive:v1.2.2
archive:v1.2.1
archive:v1.2.0
archive:v1.0.5
archive:v1.0.4
archive:v1.0.3
archive:v1.0.2
archive:v1.0.1
archive:v1.1.0
archive:v1.0.0
archive:v0.100.0
archive:v0.99.1
archive:v0.99.0
archive:v0.98.1
archive:v0.98
archive:v0.98.0
archive:v0.97
archive:v0.96.1
archive:v0.96
archive:coral-gitops
archive:gitops-1.30.0
archive:gitops-1.58.2
archive:nginx-auth-0.1.2
archive:v0.100.0-107
archive:v0.100.0-153
archive:v1.61.0-pre
archive:v1.63.0-pre
archive:v1.65.0-pre
archive:v1.67.0-pre
archive:v1.69.0-pre
archive:v1.71.0-pre
archive:v1.73.0-pre
archive:v1.75.0-pre
...
compare: archive:v1.26.1
Branches Tags
archive:knyar/nofilch
archive:irbekrm/egresshafw
archive:main
archive:angott/captive-dialer-timeout
archive:adrian/vip
archive:flakes
archive:mpminardi/ssh-environment-variable-forwarding
archive:andrew/noise-conn-test
archive:bradfitz/alaska
archive:bradfitz/quic_dns
archive:kradalby/usermetrics-wgengine
archive:maisem/idp
archive:knyar/usermetrics-wgengine
archive:raggi/eperm-health
archive:angott/doh-keepalives-tweak
archive:fran/natc-consensus-prototype
archive:kradalby/conn-stats-packagecount
archive:bradfitz/dup_add
archive:bradfitz/derp_flow_track
archive:dependabot/npm_and_yarn/client/web/rollup-4.22.4
archive:kradalby/userfacing-metrics-moar
archive:kari/hostinfopkg
archive:angott/dns-cli-stream
archive:dependabot/npm_and_yarn/client/web/vite-5.1.8
archive:maisem/tsnet-forward
archive:bradfitz/rm_x_crypto_fork
archive:release-branch/1.74
archive:angott/captive-exit-node-disablement
archive:raggi/natlab-latency-loss
archive:bradfitz/bumptoolchain
archive:angott/tvos-23087
archive:raggi/trimpathtest
archive:nickkhyl/http2-for-win-safesocket
archive:nickkhyl/login-notifications
archive:irbekrm/egresshapm
archive:dependabot/npm_and_yarn/cmd/tsconnect/micromatch-4.0.8
archive:irbekrm/egressha
archive:nickkhyl/authurl-notify-backport
archive:jwhited/test-local-forwarder
archive:release-branch/1.72
archive:jonathan/missing_resolvers
archive:knyar/userfacing-metrics
archive:andrew/disco-af-packet-refactor
archive:jwhited/gvisor-revert-gro
archive:irbekrm/proxycidrs
archive:22332-macos-sequoia-hostname
archive:knyar/metrictype
archive:dependabot/go_modules/github.com/docker/docker-26.1.5incompatible
archive:bradfitz/vnet2
archive:jwhited/derp-https-tcp-connect
archive:raggi/callmebaby
archive:awly/cli-json-docs
archive:raggi/linux6644
archive:irbekrm/reload_config
archive:maisem/flake-3
archive:nickkhyl/syspolicy-new
archive:jonathan/vznet
archive:irbekrm/dnat
archive:raggi/dnsfallback
archive:irbekrm/websocket
archive:andrew/captive-use-atomic
archive:marwan/offunc
archive:jwhited/gVisor-gso-gro
archive:release-branch/1.70
archive:tomhjp/e2e-tests
archive:irbekrm/kubetestsetup
archive:irbekrm/eks
archive:dsnet/syncs-lock
archive:raggi/derp-route-optimization
archive:will-systray
archive:bradfitz/json2
archive:andrew/dns-more-logging
archive:andrew/net-dns-systemd-no-stub
archive:release-branch/1.68
archive:fran/fix-appc-write-new-domain
archive:adrian/fix-vet-failures
archive:angott/dns-warnables
archive:andrew/workgraph
archive:agottardo-patch-1
archive:bradfitz/resume
archive:irbekrm/operator_linux_only
archive:nickkhyl/posture-sn-override
archive:kradalby/chaos
archive:angott/ignore-some-warnings-startup
archive:dependabot/npm_and_yarn/cmd/tsconnect/braces-3.0.3
archive:irbekrm/fixsubnets
archive:irbekrm/dnstest
archive:irbekrm/fix
archive:irbekrm/accept_routes
archive:percy/issue8593
archive:percy/issue8593-prep
archive:jonathan/sugg_exit_node_fix
archive:release-branch/1.66
archive:icio/public-key-short
archive:clairew/handle-auto-exit-node-value
archive:knyar/install2
archive:will/tsnet-udp
archive:raggi/web-zst-precompress
archive:raggi/gocross-empty-goos-goarch
archive:andrew/dns-fallback
archive:andrew/prom-omit-metrics
archive:jwhited/android-packet-vectors
archive:knyar/renew
archive:bradfitz/debug_tstest
archive:clairew/revert-storing-last-suggested
archive:andrew/debug-integration-tests
archive:fran/appc-ensmallen-gh-preset
archive:ox/11854-3-sftp
archive:percy/cherry-pick-2648d475d751b47755958f47a366e300b6b6de0a
archive:ox/corp-19592
archive:ox/11954-3
archive:ox/11854
archive:kevin/Split_Remove_advertised_routes_from_pref
archive:dsnet/logtail-buffer2
archive:bradfitz/dataplane_logs_no_logs_no_support
archive:nickkhyl/ipn-user-identity
archive:irbekrm/extsvcnftableslb
archive:andrew/dns-wrap-errors
archive:release-branch/1.64
archive:noncombatant/safeweb-cleanup
archive:bradfitz/login_retry
archive:patrickod/installer-yml-fixup
archive:release-branch/1.64.0
archive:fran/appc-store-routes-by-source
archive:andrew/controlclient-use-last-addr
archive:enable-exit-node-dst-logs
archive:clairew/peer-node-capability-documentation
archive:revert-11590-catzkorn/penguin
archive:enable-exit-node-dst-logs-2
archive:licenses/corp
archive:dsnet/logpolicy-opts
archive:licenses/android
archive:jonathan/taildrop_path
archive:licenses/cli
archive:release-branch/1.62
archive:clairew/log-dst-exit-node
archive:fran/appc-domain-delte-prototype
archive:irbekrm/maybe_fix_v6
archive:oxtoacart/golden_memory
archive:irbekrm/cherry_fix_panic
archive:oxtoacart/no_indent_status
archive:angott/corp-18441
archive:soniaappasamy/serve-funnel-ui
archive:brafitz/remote-config
archive:andrew/control-key-store
archive:maisem/proxy-1
archive:release-branch/1.60
archive:andrew/netstack-forwarder-debug
archive:oxtoacart/immediately_access_shares
archive:knyar/install
archive:irbekrm/splitkeys
archive:oxtoacart/automount
archive:angott/sleep-debug-apis
archive:clairew/suggest-non-mullvad-exit-node
archive:tom/tka4
archive:clairew/add-latitude-longitude
archive:irbekrm/operatorversion
archive:oxtoacart/dsnet_codereview_fixes
archive:clairew/client-suggest-node-poc
archive:raggi/rand
archive:flyingsquirrel_bak
archive:will/containerboot-webui
archive:irbekrm/clustermagicdns
archive:noncombatant/add-hello-systemd
archive:catzkorn/jira
archive:release-branch/1.58
archive:kradalby/view-only-type
archive:clairew/add-disco-pong-padding
archive:clairew/receive-icmp-errors
archive:dgentry-b10911
archive:irbekrm/proxyclass2
archive:irbekrm/proxyclass
archive:irbekrm/byocerts
archive:knyar/worklifeposture
archive:dsnet/httpio
archive:will/webclient-mobile
archive:will/webclient-csrf
archive:irbekrm/static_crd
archive:irbekrm/manifests_crd
archive:maisem/exp-k8s
archive:release-branch/1.44
archive:irbekrm/containerbootdeclarativeconf
archive:kube_exp
archive:irbekrm/conf
archive:raggi/stun-subprocess
archive:andrew/nixos-vm-tests
archive:irbekrm/set_args
archive:andrew/peer-ipv6-addrs
archive:irbekrm/external_services
archive:irbekrm/os
archive:irbekrm/pull_in_certs
archive:irbekrm/kube_build_tags
archive:release-branch/1.56
archive:jwhited/derp-cmm-timestamp
archive:naman/web-client-update-fixes
archive:soniaappasamy/use-swr
archive:marwan/displayname
archive:release-branch/1.54
archive:danderson/debug-garden
archive:jwhited/unsafe-exp
archive:clairew/test-wrapper-file
archive:bradfitz/compontent_logs
archive:kradalby-keys-db-interface
archive:kradalby/keys-db-interface
archive:andrew/upnp-unfork
archive:bm/tsoidc
archive:irbekrm/le
archive:knyar/restartmap
archive:kristoffer/editable-tailnet-displayname
archive:raggi/document-deprecated-approach
archive:dsnet/statestore
archive:awly/version-override
archive:bradfitz/silentdisco_knob
archive:richard/15372
archive:raggi/icmplistener
archive:awly/linux-sudoers-local-admin-poc
archive:release-branch/1.52
archive:soniaappasamy/web-auth-restructure
archive:bradfitz/ipx_set_contains
archive:knyar/derpmesh
archive:irbekrm/chartandcli
archive:richard/15037-2
archive:bradfitz/linuxfw_nil_table
archive:richard/15037
archive:bradfitz/tbug
archive:bradfitz/derp_mesh
archive:will/sonia/web-tailscaled
archive:tyler/serve-status
archive:maisem/ni
archive:maisem/hi
archive:rhea/apple-test
archive:dgentry-nix-flake
archive:dgentry-coverage
archive:c761d10
archive:bradfitz/gocross_wantver
archive:awly/ipnlocal-watchnotifications-clientversion
archive:bradfitz/integration_more_tun
archive:bradfitz/recursive_controlknob
archive:dgentry-authkey
archive:dependabot/npm_and_yarn/cmd/tsconnect/postcss-8.4.31
archive:bm/4via6
archive:bradfitz/sessionactivetimeout
archive:release-branch/1.50
archive:rhea/taildrop-resume
archive:andrew/peercap-ipv6-aaaa
archive:irbekrm/k8sipnftheuristics
archive:irbekrm/kubeipnft
archive:irbekrm/k8sipnft
archive:dgentry-istoreos
archive:knyar/posturemac
archive:irbekrm/egress
archive:raggi/restore-extra-records-dns
archive:aaron/win_process_mitigations
archive:danderson/lru-rollback
archive:clairew/mdm-interface
archive:angott/userdefaults-reader
archive:andrew/bump-esbuild
archive:andrew/netns-more-logging
archive:release-branch/1.48
archive:irbekrm/k8s-autopilot
archive:dsnet/viewer-jsonv2
archive:marwan/altmem_stash
archive:irbekrm/k8s-nftables
archive:marwan/postmem
archive:maisem/fix-deadlock
archive:bradfitz/matrix
archive:irbekrm/egress-dns
archive:bradfitz/wait_unpause
archive:bradfitz/calc_state
archive:irbekrm/svc_conditions
archive:soniaappasamy/fix-test-flake
archive:marwan/servedev
archive:soniaappasamy/fix-web-client-lock
archive:raggi/netfilter-runtime
archive:raggi/netfilter-add-modes
archive:marwan/scmem
archive:bradfitz/ignore_ula
archive:clairew/tstime-net
archive:clairew/tstime-wgengine
archive:bradfitz/tkasig_type
archive:shayne/k8s-serve
archive:bradfitz/gui_netmap
archive:macsys-update
archive:catzkorn/netcheckuout
archive:andrew/doctor-conntrack
archive:tsweb/client-ui
archive:valscale/ptb
archive:raggi/gotoolchain
archive:irbekrm/improve_logout
archive:maisem/doc
archive:rhea/egress
archive:noncombatant/large-int-string
archive:release-branch/1.46
archive:andrew/captive-portal-package
archive:s/pmtud
archive:andrew/derp-bound-latency
archive:andrew/health-state
archive:bradfitz/gokrazy_dns
archive:clairew/use-tstime-etc
archive:bradfitz/negdep
archive:raggi/stunc
archive:raggi/gvisor-hostarch-deptest
archive:crawshaw/art-table
archive:irbekrm/fix_logout_loop
archive:clairew/refactor-new-timer
archive:clairew/test-wrapper-write-file
archive:s/tsnetd
archive:bradfitz/countrycode
archive:crawshaw/stunchild
archive:tom/disco
archive:raggi/v6masq
archive:release-branch/1.42
archive:raggi/heartbeat-timebomb
archive:raggi/derp-probe-stun-loss
archive:raggi/tsdebugger
archive:tom/derp
archive:andrew/ipn-debug-1.42.0
archive:marwan/portlistrefactor
archive:marwan/noconstructor
archive:angott/allow-thunderbolt-bridge
archive:marwan/polleropts
archive:marwan/noconstructor2
archive:andrew/slicesx-deduplicate
archive:unraid-web
archive:release-branch/1.40
archive:kristoffer/enable-mips-pkgs
archive:s/eq
archive:raggi/atomiccloseonce
archive:raggi/bump-goreleaserv2
archive:marwan/tmp
archive:catzkorn/addrsend
archive:raggi/gofuzz
archive:shayne/funnel_cmd
archive:release-branch/1.38
archive:dgentry/atomicfile
archive:andrew/derp-region-location
archive:tom/tka6
archive:maisem/k8s-cache
archive:azure
archive:andrew/fastjson
archive:crawshaw/lnclose
archive:crawshaw/tsnet1
archive:crawshaw/httpconnect
archive:Xe/tsnet-funnel
archive:dgentry/sniproxy-dns
archive:andrew/util-dnsconfig
archive:andrew/cloudenv-location
archive:release-branch/1.36
archive:aaron/migrate_windows
archive:crawshaw/pidlisten
archive:andrew/router-drop-ula
archive:will/vizerr
archive:danderson/mkversion
archive:crawshaw/activesum
archive:andrew/doctor-scutil
archive:danderson/version-private3
archive:bradfitz/sassy
archive:bradfitz/win_unattended_warning
archive:andrew/hostinfo-HavePortMap
archive:skriptble/ssh-recording-persist
archive:crawshaw/ondemanddomains
archive:danderson/helm
archive:andrew/peer-status-KeyExpiry
archive:bradfitz/noise_debug_more
archive:release-branch/1.34
archive:cloner
archive:danderson/backport
archive:clairew/tsnet_get_own_ip
archive:bradfitz/tidy
archive:raggi/tsweb-compression
archive:bradfitz/fix_ipn_cloner
archive:danderson/bootstrap
archive:will/enforce-hostname
archive:mihaip/delete-all-profiles
archive:release-branch/1.32
archive:shayne/serve_empty_text_handler
archive:bradfitz/hostinfo_ingress_bit
archive:mihaip/logout-async-start
archive:net-audit-log/1.32
archive:bradfitz/set_prefs_locked
archive:mihaip/fas
archive:bradfitz/port_intercept
archive:andrew/net-tsaddr-mapviaaddr
archive:danderson/tsburrito
archive:andrew/tstest-goroutine-ignore
archive:andrew/monitor-link-change
archive:danderson/k8s
archive:andrew/debug-subnet-router
archive:andrew/metrics-distribution
archive:crawshaw/accumulatorcfg
archive:bradfitz/keyboard-interactive
archive:bradfitz/tailpipe
archive:vm
archive:raggi/accept-routes-filter
archive:nyghtowl/tailnet-name2
archive:dsnet/tunstats-v2
archive:buildjet
archive:buildjet-vs-github
archive:andrew/netns-macos-route
archive:walterp-api
archive:andrew/linux-router-v4-disabled
archive:bradfitz/distro_ubuntu
archive:tom/iptables
archive:release-branch/1.30
archive:tom/tka2
archive:andrew/dnscache-debugging-1.22.2
archive:andrew/controlclient-dial
archive:raggi/experiment-queues
archive:bradfitz/u32
archive:ip6tables
archive:catzkorn/derp-benchmark
archive:jwhited/wireguard-go-vectorized-bind
archive:catzkorn/otel-init
archive:bradfitz/appendf
archive:mihaip/js-cli
archive:dsnet/tsweb-499s
archive:bradfitz/deephash_early_exit
archive:crawshaw/xdp
archive:dsnet/logtail-zstd-single-segment
archive:Xe/gitops-pusher-three-version-problem
archive:Xe/gitops-pusher-acl-test-error-output
archive:Xe/gitops-pusher-ffcli
archive:bradfitz/ssh_auth_none_demo
archive:release-branch/1.28
archive:catzkorn/otel-derp
archive:bradfitz/shared_split_dns
archive:nyghtowl/fix-resolved
archive:release-branch/1.26
archive:bradfitz/explicit_empty_test_3808
archive:crawshaw/preservenetinfo
archive:miriah-3808-reset-operator
archive:dsnet/tsnet-logging
archive:mihaip/wasm-taildrop
archive:crawshaw/stunname
archive:bradfitz/wasm_play
archive:bradfitz/dot
archive:bradfitz/tcp_flows
archive:release-branch/1.24
archive:raggi/netstack_fwd_close
archive:bradfitz/netstack_fwd_close
archive:merge-tag
archive:cross-android
archive:bradfitz/kmod
archive:bradfitz/ssh_banner
archive:bradfitz/ping
archive:tom/integration
archive:bradfitz/ssh_policy_earlier
archive:bradfitz/derpy_cast
archive:bradfitz/cli_admin
archive:release-branch/1.22
archive:aaron/go-ole-ref
archive:bradfitz/key_rotation_prep
archive:josh/tswebflags
archive:release-branch/1.20
archive:crawshaw/envtype
archive:danderson/tsweb-server
archive:bradfitz/autocert_force
archive:bradfitz/use_netstack_upstream
archive:Xe/winui-bugreport-without-tailscaled
archive:bradfitz/hostinfo_basically_equal
archive:release-branch/1.18
archive:aaron/loglog
archive:aaron/dnsapc
archive:bradfitz/demo_client_hijack
archive:bradfitz/windns
archive:bradfitz/exit_node_forward_dns
archive:bradfitz/1.18.1
archive:Xe/tailtlsproxy
archive:bradfitz/allsrc
archive:josh/peermap
archive:danderson/ebpf
archive:bradfitz/1_16_stress_netmap
archive:danderson/nodekey-move
archive:danderson/nodekey-delete-old
archive:danderson/nodekey-cleanup
archive:danderson/magicsock-discokey
archive:release-branch/1.16
archive:danderson/magicsock-node-key
archive:crawshaw/updatefallback
archive:release-branch/1.14
archive:bradfitz/1.14
archive:bradfitz/updates
archive:josh/immutable-views
archive:bradfitz/portmap_gh_actions
archive:danderson/kernel-tailscale
archive:bradfitz/win_default_route
archive:release-branch/1.12
archive:jknodt/logging
archive:simenghe/add-tsmpping-call
archive:josh/opt-getstatus
archive:Aadi/speedtest-tailscaled
archive:dsnet/admin-cli
archive:bradfitz/portmap_test
archive:jknodt/portmap_test
archive:upnpdebug
archive:jknodt/upnp_reuse
archive:crawshaw/peerdoh
archive:josh/debug-flake
archive:simenghe/pingresult-work
archive:jknodt/derp_flow
archive:tps/tailscaled
archive:jknodt/vms_ref
archive:jknodt/integ_test
archive:josh/fast-time
archive:josh/coarsetime
archive:bradfitz/derp_flow
archive:release-branch/1.10
archive:josh/io_uring
archive:josh/deflake-pipe-again
archive:Xe/testcontrol-v6
archive:jknodt/io-uring
archive:simenghe/admin-ping-test
archive:jknodt/periodic_probe
archive:simenghe/isoping
archive:Xe/private-logcatcher-in-process
archive:simenghe/tcpnodeping
archive:bradfitz/deephash_methods
archive:crawshaw/deephash
archive:josh/de-select-tstun-wrapper
archive:Xe/debug-nixos-build
archive:simenghe/isoping-experiment
archive:crawshaw/dnswslhackery
archive:jknodt/userderp
archive:jknodt/bw_rep2
archive:crawshaw/wslresolvconf
archive:jknodt/upnp
archive:crawshaw/magicdnsalways
archive:simenghe/flakeresolve
archive:rec_in_use_after_5_sec
archive:bradfitz/acme
archive:release-branch/1.8
archive:simenghe/add-httphandlers-ping
archive:simenghe/add-ping-route-testcontrol-mux
archive:simeng-pingtest
archive:Xe/test-install-script-libvirtd
archive:apenwarr/check184
archive:crawshaw/newbackendserver
archive:adding-address-ips-totestcontrolnode
archive:onebinary
archive:Xe/synology-does-actually-work-with-subnet-routes-til
archive:bradfitz/netstack_port_map
archive:bradfitz/demo_pinger
archive:apenwarr/fixes
archive:apenwarr/relogin
archive:josh/NewIPPort
archive:josh/IPWithPort
archive:bradfitz/integration_tests
archive:josh/opt-dp-wip
archive:bradfitz/ping_notes
archive:bradfitz/dropped_by_filter_logspam
archive:bradfitz/netstack_drop_silent
archive:bradfitz/log_rate_test
archive:bradfitz/issue_1840_rebased_tree
archive:bradfitz/issue_1849_rebased_tree
archive:crawshaw/syno
archive:apenwarr/statefix
archive:apenwarr/statetest
archive:josh/wip/endpoint-serialize
archive:apenwarr/ioslogin
archive:rosszurowski/cli-fix-typo
archive:bradfitz/cli_pretty
archive:bradfitz/win_delete_retry
archive:bradfitz/sleep
archive:naman/netstack-request-logging
archive:naman/ephem-expand-range
archive:bradfitz/macos_progress
archive:bradfitz/ip_of
archive:crawshaw/localapi404
archive:crawshaw/movefiles
archive:crawshaw/socket
archive:crawshaw/cgi
archive:naman/netstack-subnet-routing
archive:josh/wip/create-endpoint-no-public-key
archive:Xe/log-target-registry-key
archive:release-branch/1.6
archive:bradfitz/ipv6_link_local_strip
archive:bradfitz/darwin_gw
archive:Xe/disallow-local-ip-for-exit-node
archive:release-branch/1.4
archive:crawshaw/upjson
archive:bradfitz/proposed_1.4.6
archive:bradfitz/derp_steer
archive:crawshaw/tailscalestatus
archive:Xe/reset-logid-on-logout-login
archive:naman/netstack-incoming
archive:mkramlich/macos-brew2
archive:naman/netstack-outgoing-udp-test
archive:mkramlich/macos-brew
archive:bradfitz/proposed-1.4.5
archive:peske/ifacewatcher
archive:Xe/hello-vr
archive:crawshaw/filchsync
archive:Xe/derphttp-panic-fix
archive:peske/elnotfound
archive:Xe/rel-144-fix-ipv6-broken-in-tests
archive:bradfitz/darwin_creds
archive:josh/longblock
archive:josh/udp-alloc-less
archive:josh/simplify-filch
archive:josh/remove-ipcgetfilter
archive:Xe/envvar-name-TS
archive:Xe/TS-envvar-name
archive:Xe/do-windows-logserver-better
archive:Xe/log-target-flag
archive:crawshaw/ipuint
archive:bradfitz/hello
archive:bradfitz/linux_v6_off
archive:bradfitz/call_me_maybe_eps
archive:bradfitz/api_docs
archive:alexbrainman/use_wg_dns_code
archive:naman/netstack-use-tailscale-ip
archive:josh/debug-TestLikelyHomeRouterIPSyscallExec
archive:noerror-not-notimp
archive:bradfitz/umaskless_permissions
archive:naman/netstack-bump-version
archive:bradfitz/lite_endpoint_update
archive:c22wen/api-docs
archive:bradfitz/grafana_auth_proxy
archive:crawshaw/dnsguid
archive:nix-shell
archive:release-branch/1.2
archive:bradfitz/acl_tags_in_tailscale_status
archive:bradfitz/expiry_spin
archive:josh/no-goroutine-per-udp-read-2
archive:crawshaw/tailcfg
archive:bradfitz/wgengine_monitor_windows_take2
archive:netstat-unsafe
archive:bradfitz/ipn_empty
archive:bradfitz/win_firewall_async
archive:bradfitz/machine_key
archive:apenwarr/faketun
archive:crawshaw/cloner
archive:crawshaw/jsonhandler
archive:c22wen/route-addr
archive:c22wen/magicsock.go
archive:bradfitz/gvisor_netstack
archive:crawshaw/loadtest
archive:dshynkev/dns-autoset
archive:crawshaw/e2etest
archive:bradfitz/win_wpad_pac
archive:release-branch/1.0
archive:bradfitz/linux_default_route_interface
archive:bradfitz/release-branch-1.0
archive:crawshaw/restartlimit
archive:clone
archive:dshynkev/dns-name
archive:dshynkev/dns-refactor
archive:bradfitz/go_vet
archive:crawshaw/tswebextra
archive:crawshaw/pinger2
archive:lzjluzijie/all_proxy
archive:rate-limiting
archive:lzjluzijie/227_http_proxy
archive:crawshaw/rebind
archive:crawshaw/hostinfo
archive:crawshaw/derp-nokeepalives
archive:crawshaw/derptimeout
archive:crawshaw/derpdial2
archive:crawshaw/derpdial
archive:crawshaw/ipn
archive:crawshaw/e2e_test
archive:crawshaw/ipn2
archive:crawshaw/magicsock
archive:crawshaw/magicsock-infping
archive:crawshaw/spray
archive:crawshaw/br1
archive:v1.74.1
archive:v1.74.0
archive:v1.72.1
archive:v1.72.0
archive:v1.70.0
archive:v1.68.2
archive:v1.68.1
archive:v1.68.0
archive:v1.66.4
archive:v1.66.3
archive:v1.66.2
archive:v1.66.1
archive:v1.66.0
archive:v1.64.2
archive:v1.64.1
archive:v1.64.0
archive:v1.62.1
archive:v1.62.0
archive:v1.60.1
archive:v1.60.0
archive:v1.58.2
archive:v1.58.1
archive:v1.58.0
archive:v1.44.3
archive:v1.56.1
archive:v1.56.0
archive:v1.54.1
archive:v1.54.0
archive:v1.52.1
archive:v1.52.0
archive:v1.50.1
archive:v1.50.0
archive:v1.48.2
archive:v1.48.1
archive:v1.48.0
archive:v1.46.1
archive:v1.46.0
archive:v1.44.2
archive:v1.44.0
archive:v1.42.1
archive:v1.42.0
archive:v1.40.1
archive:v1.40.0
archive:v1.38.4
archive:v1.38.3
archive:v1.38.2
archive:v1.38.1
archive:v1.38.0
archive:v1.36.2
archive:v1.36.1
archive:v1.36.0
archive:v1.34.2
archive:v1.34.1
archive:v1.34.0
archive:v1.32.3
archive:v1.32.2
archive:v1.32.1
archive:v1.32.0
archive:v1.30.2
archive:v1.30.1
archive:v1.30.0
archive:v1.28.0
archive:v1.26.2
archive:v1.26.1
archive:v1.26.0
archive:v1.24.2
archive:v1.24.1
archive:v1.24.0
archive:v1.22.2
archive:v1.22.1
archive:v1.22.0
archive:v1.20.4
archive:v1.20.3
archive:v1.20.2
archive:v1.20.1
archive:v1.20.0
archive:v1.18.2
archive:v1.18.1
archive:v1.18.0
archive:v1.16.2
archive:v1.16.1
archive:v1.16.0
archive:v1.14.6
archive:v1.14.5
archive:v1.14.4
archive:v1.14.3
archive:v1.14.0
archive:v1.12.4
archive:v1.12.3
archive:v1.12.2
archive:v1.12.1
archive:v1.12.0
archive:v1.10.2
archive:v1.10.1
archive:v1.10.0
archive:v1.8.8
archive:v1.8.7
archive:v1.8.6
archive:v1.8.5
archive:v1.8.4
archive:v1.8.3
archive:v1.8.2
archive:v1.8.1
archive:v1.8.0
archive:v1.6.0
archive:v1.4.6
archive:v1.4.5
archive:v1.4.4
archive:v1.4.3
archive:v1.4.2
archive:v1.4.1
archive:v1.4.0
archive:v1.2.10
archive:v1.2.9
archive:v1.2.8
archive:v1.2.7
archive:v1.2.6
archive:v1.2.5
archive:v1.2.3
archive:v1.2.2
archive:v1.2.1
archive:v1.2.0
archive:v1.0.5
archive:v1.0.4
archive:v1.0.3
archive:v1.0.2
archive:v1.0.1
archive:v1.1.0
archive:v1.0.0
archive:v0.100.0
archive:v0.99.1
archive:v0.99.0
archive:v0.98.1
archive:v0.98
archive:v0.98.0
archive:v0.97
archive:v0.96.1
archive:v0.96
archive:coral-gitops
archive:gitops-1.30.0
archive:gitops-1.58.2
archive:nginx-auth-0.1.2
archive:v0.100.0-107
archive:v0.100.0-153
archive:v1.61.0-pre
archive:v1.63.0-pre
archive:v1.65.0-pre
archive:v1.67.0-pre
archive:v1.69.0-pre
archive:v1.71.0-pre
archive:v1.73.0-pre
archive:v1.75.0-pre

9 Commits
main ... v1.26.1

Author SHA1 Message Date
Denton Gentry 5b81baa7d3 VERSION.txt: this is v1.26.1 
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2 years ago
Brad Fitzpatrick 32f26a723b cmd/tailscale/cli, ipn/ipnlocal: give SSH tips when off/unconfigured 
Updates #3802

Change-Id: I6b9a3175f68a6daa670f912561f2c2ececc07770
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 467eb2eca0)
 2 years ago
Brad Fitzpatrick c1795c6af9 tailcfg: define some Node.Capabilities about SSH, its config 
Updates #3802

Change-Id: Icb4ccbc6bd1c6304013bfc553d04007844a5c0bf
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 99ed54926b)
 2 years ago
Brad Fitzpatrick 4ae7eff7c2 util/deephash: fix map hashing when key & element have the same type 
Regression from 09afb8e35b, in which the
same reflect.Value scratch value was being used as the map iterator
copy destination.

Also: make nil and empty maps hash differently, add test.

Fixes #4871

Co-authored-by: Josh Bleecher Snyder <josharian@gmail.com>
Change-Id: I67f42524bc81f694c1b7259d6682200125ea4a66
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 757ecf7e80)
 2 years ago
Brad Fitzpatrick d76cce4ee7 go.mod: bump go4.org/unsafe/assume-no-moving-gc for Go 1.19beta1 
Otherwise we crash at startup with Go 1.19beta1.

Updates #4872

Change-Id: I371df4146735f7e066efd2edd48c1a305906c13d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 22c544bca7)
 2 years ago
Brad Fitzpatrick 7968313a33 util/deephash: fix map hashing to actually hash elements 
Fixes #4868

Change-Id: I574fd139cb7f7033dd93527344e6aa0e625477c7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 36ea837736)
 2 years ago
Brad Fitzpatrick 4e6a465d8c tailcfg: clarify some of the MapRequest variants 
Change-Id: Ia09bd69856e372c3a6b64cda7ddb34029b32a11b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 4005134263)
 2 years ago
Brad Fitzpatrick 89ac48af9d cmd/tailscale: add 'debug ts2021' Noise connectivity subcommand 
Updates #3488

Change-Id: I9272e68f66c4cf36fb98dd1248a74d3817447690
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit d3643fa151)
 2 years ago
Denton Gentry 9fc6551b4e VERSION.txt: this is v1.26.0 
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2 years ago
10 changed files with 279 additions and 54 deletions
Show Stats

2
VERSION.txt
Unescape Escape View File

@ -1 +1 @@
1.25.0 1.26.1

80
cmd/tailscale/cli/debug.go
Unescape Escape View File

@ -15,6 +15,8 @@ import (
"fmt" "fmt"
"io" "io"
"log" "log"
"net"
"net/http"
"os" "os"
"runtime" "runtime"
"strconv" "strconv"
@ -23,11 +25,14 @@ import (
"github.com/peterbourgon/ff/v3/ffcli" "github.com/peterbourgon/ff/v3/ffcli"
"inet.af/netaddr" "inet.af/netaddr"
"tailscale.com/control/controlhttp"
"tailscale.com/hostinfo" "tailscale.com/hostinfo"
"tailscale.com/ipn" "tailscale.com/ipn"
"tailscale.com/net/tsaddr" "tailscale.com/net/tsaddr"
"tailscale.com/paths" "tailscale.com/paths"
"tailscale.com/safesocket" "tailscale.com/safesocket"
"tailscale.com/tailcfg"
"tailscale.com/types/key"
) )
var debugCmd = &ffcli.Command{ var debugCmd = &ffcli.Command{
@ -118,6 +123,17 @@ var debugCmd = &ffcli.Command{
Exec: runVia, Exec: runVia,
ShortHelp: "convert between site-specific IPv4 CIDRs and IPv6 'via' routes", ShortHelp: "convert between site-specific IPv4 CIDRs and IPv6 'via' routes",
}, },
{
Name: "ts2021",
Exec: runTS2021,
ShortHelp: "debug ts2021 protocol connectivity",
FlagSet: (func() *flag.FlagSet {
fs := newFlagSet("ts2021")
fs.StringVar(&ts2021Args.host, "host", "controlplane.tailscale.com", "hostname of control plane")
fs.IntVar(&ts2021Args.version, "version", int(tailcfg.CurrentCapabilityVersion), "protocol version")
return fs
})(),
},
}, },
} }
@ -425,3 +441,67 @@ func runVia(ctx context.Context, args []string) error {
} }
return nil return nil
} }
var ts2021Args struct {
host string // "controlplane.tailscale.com"
version int // 27 or whatever
}
func runTS2021(ctx context.Context, args []string) error {
log.SetOutput(os.Stdout)
log.SetFlags(log.Ltime | log.Lmicroseconds)
machinePrivate := key.NewMachine()
var dialer net.Dialer
var keys struct {
PublicKey key.MachinePublic
}
keysURL := "https://" + ts2021Args.host + "/key?v=" + strconv.Itoa(ts2021Args.version)
log.Printf("Fetching keys from %s ...", keysURL)
req, err := http.NewRequestWithContext(ctx, "GET", keysURL, nil)
if err != nil {
return err
}
res, err := http.DefaultClient.Do(req)
if err != nil {
log.Printf("Do: %v", err)
return err
}
if res.StatusCode != 200 {
log.Printf("Status: %v", res.Status)
return errors.New(res.Status)
}
if err := json.NewDecoder(res.Body).Decode(&keys); err != nil {
log.Printf("JSON: %v", err)
return fmt.Errorf("decoding /keys JSON: %w", err)
}
res.Body.Close()
dialFunc := func(ctx context.Context, network, address string) (net.Conn, error) {
log.Printf("Dial(%q, %q) ...", network, address)
c, err := dialer.DialContext(ctx, network, address)
if err != nil {
log.Printf("Dial(%q, %q) = %v", network, address, err)
} else {
log.Printf("Dial(%q, %q) = %v / %v", network, address, c.LocalAddr(), c.RemoteAddr())
}
return c, err
}
conn, err := controlhttp.Dial(ctx, net.JoinHostPort(ts2021Args.host, "80"), machinePrivate, keys.PublicKey, uint16(ts2021Args.version), dialFunc)
log.Printf("controlhttp.Dial = %p, %v", conn, err)
if err != nil {
return err
}
log.Printf("did noise handshake")
gotPeer := conn.Peer()
if gotPeer != keys.PublicKey {
log.Printf("peer = %v, want %v", gotPeer, keys.PublicKey)
return errors.New("key mismatch")
}
log.Printf("final underlying conn: %v / %v", conn.LocalAddr(), conn.RemoteAddr())
return nil
}

30
cmd/tailscale/cli/up.go
Unescape Escape View File

@ -404,7 +404,7 @@ func updatePrefs(prefs, curPrefs *ipn.Prefs, env upCheckEnv) (simpleUp bool, jus
return simpleUp, justEditMP, nil return simpleUp, justEditMP, nil
} }
func runUp(ctx context.Context, args []string) error { func runUp(ctx context.Context, args []string) (retErr error) {
if len(args) > 0 { if len(args) > 0 {
fatalf("too many non-flag arguments: %q", args) fatalf("too many non-flag arguments: %q", args)
} }
@ -481,6 +481,12 @@ func runUp(ctx context.Context, args []string) error {
} }
} }
defer func() {
if retErr == nil {
checkSSHUpWarnings(ctx)
}
}()
simpleUp, justEditMP, err := updatePrefs(prefs, curPrefs, env) simpleUp, justEditMP, err := updatePrefs(prefs, curPrefs, env)
if err != nil { if err != nil {
fatalf("%s", err) fatalf("%s", err)
@ -676,6 +682,28 @@ func runUp(ctx context.Context, args []string) error {
} }
} }
func checkSSHUpWarnings(ctx context.Context) {
if !upArgs.runSSH {
return
}
st, err := localClient.Status(ctx)
if err != nil {
// Ignore. Don't spam more.
return
}
if len(st.Health) == 0 {
return
}
if len(st.Health) == 1 && strings.Contains(st.Health[0], "SSH") {
printf("%s\n", st.Health[0])
return
}
printf("# Health check:\n")
for _, m := range st.Health {
printf(" - %s\n", m)
}
}
func printUpDoneJSON(state ipn.State, errorString string) { func printUpDoneJSON(state ipn.State, errorString string) {
js := &upOutputJSON{BackendState: state.String(), Error: errorString} js := &upOutputJSON{BackendState: state.String(), Error: errorString}
data, err := json.MarshalIndent(js, "", " ") data, err := json.MarshalIndent(js, "", " ")

24
cmd/tailscale/depaware.txt
Unescape Escape View File

@ -8,7 +8,7 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces L 💣 github.com/jsimonetti/rtnetlink from tailscale.com/net/interfaces
L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink L github.com/jsimonetti/rtnetlink/internal/unix from github.com/jsimonetti/rtnetlink
github.com/kballard/go-shellquote from tailscale.com/cmd/tailscale/cli github.com/kballard/go-shellquote from tailscale.com/cmd/tailscale/cli
L github.com/klauspost/compress/flate from nhooyr.io/websocket github.com/klauspost/compress/flate from nhooyr.io/websocket
L 💣 github.com/mdlayher/netlink from github.com/jsimonetti/rtnetlink+ L 💣 github.com/mdlayher/netlink from github.com/jsimonetti/rtnetlink+
L 💣 github.com/mdlayher/netlink/nlenc from github.com/jsimonetti/rtnetlink+ L 💣 github.com/mdlayher/netlink/nlenc from github.com/jsimonetti/rtnetlink+
L 💣 github.com/mdlayher/socket from github.com/mdlayher/netlink L 💣 github.com/mdlayher/socket from github.com/mdlayher/netlink
@ -31,14 +31,16 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
go4.org/unsafe/assume-no-moving-gc from go4.org/intern go4.org/unsafe/assume-no-moving-gc from go4.org/intern
W 💣 golang.zx2c4.com/wireguard/windows/tunnel/winipcfg from tailscale.com/net/interfaces+ W 💣 golang.zx2c4.com/wireguard/windows/tunnel/winipcfg from tailscale.com/net/interfaces+
inet.af/netaddr from tailscale.com/cmd/tailscale/cli+ inet.af/netaddr from tailscale.com/cmd/tailscale/cli+
L nhooyr.io/websocket from tailscale.com/derp/derphttp+ nhooyr.io/websocket from tailscale.com/derp/derphttp+
L nhooyr.io/websocket/internal/errd from nhooyr.io/websocket nhooyr.io/websocket/internal/errd from nhooyr.io/websocket
L nhooyr.io/websocket/internal/xsync from nhooyr.io/websocket nhooyr.io/websocket/internal/xsync from nhooyr.io/websocket
tailscale.com from tailscale.com/version tailscale.com from tailscale.com/version
tailscale.com/atomicfile from tailscale.com/ipn+ tailscale.com/atomicfile from tailscale.com/ipn+
tailscale.com/client/tailscale from tailscale.com/cmd/tailscale/cli+ tailscale.com/client/tailscale from tailscale.com/cmd/tailscale/cli+
tailscale.com/client/tailscale/apitype from tailscale.com/cmd/tailscale/cli+ tailscale.com/client/tailscale/apitype from tailscale.com/cmd/tailscale/cli+
tailscale.com/cmd/tailscale/cli from tailscale.com/cmd/tailscale tailscale.com/cmd/tailscale/cli from tailscale.com/cmd/tailscale
tailscale.com/control/controlbase from tailscale.com/control/controlhttp
tailscale.com/control/controlhttp from tailscale.com/cmd/tailscale/cli
tailscale.com/control/controlknobs from tailscale.com/net/portmapper tailscale.com/control/controlknobs from tailscale.com/net/portmapper
tailscale.com/derp from tailscale.com/derp/derphttp tailscale.com/derp from tailscale.com/derp/derphttp
tailscale.com/derp/derphttp from tailscale.com/net/netcheck tailscale.com/derp/derphttp from tailscale.com/net/netcheck
@ -48,21 +50,22 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
tailscale.com/ipn from tailscale.com/cmd/tailscale/cli+ tailscale.com/ipn from tailscale.com/cmd/tailscale/cli+
tailscale.com/ipn/ipnstate from tailscale.com/cmd/tailscale/cli+ tailscale.com/ipn/ipnstate from tailscale.com/cmd/tailscale/cli+
💣 tailscale.com/metrics from tailscale.com/derp 💣 tailscale.com/metrics from tailscale.com/derp
tailscale.com/net/dnscache from tailscale.com/derp/derphttp tailscale.com/net/dnscache from tailscale.com/derp/derphttp+
tailscale.com/net/dnsfallback from tailscale.com/control/controlhttp
tailscale.com/net/flowtrack from tailscale.com/wgengine/filter+ tailscale.com/net/flowtrack from tailscale.com/wgengine/filter+
💣 tailscale.com/net/interfaces from tailscale.com/cmd/tailscale/cli+ 💣 tailscale.com/net/interfaces from tailscale.com/cmd/tailscale/cli+
tailscale.com/net/netcheck from tailscale.com/cmd/tailscale/cli tailscale.com/net/netcheck from tailscale.com/cmd/tailscale/cli
tailscale.com/net/neterror from tailscale.com/net/netcheck+ tailscale.com/net/neterror from tailscale.com/net/netcheck+
tailscale.com/net/netknob from tailscale.com/net/netns tailscale.com/net/netknob from tailscale.com/net/netns
tailscale.com/net/netns from tailscale.com/derp/derphttp+ tailscale.com/net/netns from tailscale.com/derp/derphttp+
tailscale.com/net/netutil from tailscale.com/client/tailscale tailscale.com/net/netutil from tailscale.com/client/tailscale+
tailscale.com/net/packet from tailscale.com/wgengine/filter tailscale.com/net/packet from tailscale.com/wgengine/filter
tailscale.com/net/portmapper from tailscale.com/net/netcheck+ tailscale.com/net/portmapper from tailscale.com/net/netcheck+
tailscale.com/net/stun from tailscale.com/net/netcheck tailscale.com/net/stun from tailscale.com/net/netcheck
tailscale.com/net/tlsdial from tailscale.com/derp/derphttp tailscale.com/net/tlsdial from tailscale.com/derp/derphttp+
tailscale.com/net/tsaddr from tailscale.com/net/interfaces+ tailscale.com/net/tsaddr from tailscale.com/net/interfaces+
💣 tailscale.com/net/tshttpproxy from tailscale.com/derp/derphttp+ 💣 tailscale.com/net/tshttpproxy from tailscale.com/derp/derphttp+
L tailscale.com/net/wsconn from tailscale.com/derp/derphttp tailscale.com/net/wsconn from tailscale.com/derp/derphttp+
tailscale.com/paths from tailscale.com/cmd/tailscale/cli+ tailscale.com/paths from tailscale.com/cmd/tailscale/cli+
tailscale.com/safesocket from tailscale.com/cmd/tailscale/cli+ tailscale.com/safesocket from tailscale.com/cmd/tailscale/cli+
tailscale.com/syncs from tailscale.com/net/interfaces+ tailscale.com/syncs from tailscale.com/net/interfaces+
@ -93,12 +96,13 @@ tailscale.com/cmd/tailscale dependencies: (generated by github.com/tailscale/dep
tailscale.com/version/distro from tailscale.com/cmd/tailscale/cli+ tailscale.com/version/distro from tailscale.com/cmd/tailscale/cli+
tailscale.com/wgengine/filter from tailscale.com/types/netmap tailscale.com/wgengine/filter from tailscale.com/types/netmap
golang.org/x/crypto/blake2b from golang.org/x/crypto/nacl/box golang.org/x/crypto/blake2b from golang.org/x/crypto/nacl/box
golang.org/x/crypto/blake2s from tailscale.com/control/controlbase
golang.org/x/crypto/chacha20 from golang.org/x/crypto/chacha20poly1305 golang.org/x/crypto/chacha20 from golang.org/x/crypto/chacha20poly1305
golang.org/x/crypto/chacha20poly1305 from crypto/tls golang.org/x/crypto/chacha20poly1305 from crypto/tls+
golang.org/x/crypto/cryptobyte from crypto/ecdsa+ golang.org/x/crypto/cryptobyte from crypto/ecdsa+
golang.org/x/crypto/cryptobyte/asn1 from crypto/ecdsa+ golang.org/x/crypto/cryptobyte/asn1 from crypto/ecdsa+
golang.org/x/crypto/curve25519 from crypto/tls+ golang.org/x/crypto/curve25519 from crypto/tls+
golang.org/x/crypto/hkdf from crypto/tls golang.org/x/crypto/hkdf from crypto/tls+
golang.org/x/crypto/nacl/box from tailscale.com/types/key golang.org/x/crypto/nacl/box from tailscale.com/types/key
golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box golang.org/x/crypto/nacl/secretbox from golang.org/x/crypto/nacl/box
golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+ golang.org/x/crypto/salsa20/salsa from golang.org/x/crypto/nacl/box+

4
go.mod
Unescape Escape View File

@ -61,7 +61,7 @@ require (
golang.zx2c4.com/wireguard/windows v0.4.10 golang.zx2c4.com/wireguard/windows v0.4.10
gvisor.dev/gvisor v0.0.0-20220407223209-21871174d445 gvisor.dev/gvisor v0.0.0-20220407223209-21871174d445
honnef.co/go/tools v0.4.0-0.dev.0.20220404092545-59d7a2877f83 honnef.co/go/tools v0.4.0-0.dev.0.20220404092545-59d7a2877f83
inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6 inet.af/netaddr v0.0.0-20220617031823-097006376321
inet.af/peercred v0.0.0-20210906144145-0893ea02156a inet.af/peercred v0.0.0-20210906144145-0893ea02156a
inet.af/wf v0.0.0-20211204062712-86aaea0a7310 inet.af/wf v0.0.0-20211204062712-86aaea0a7310
nhooyr.io/websocket v1.8.7 nhooyr.io/websocket v1.8.7
@ -258,7 +258,7 @@ require (
github.com/xanzy/ssh-agent v0.3.1 // indirect github.com/xanzy/ssh-agent v0.3.1 // indirect
github.com/yeya24/promlinter v0.1.0 // indirect github.com/yeya24/promlinter v0.1.0 // indirect
go4.org/intern v0.0.0-20211027215823-ae77deb06f29 // indirect go4.org/intern v0.0.0-20211027215823-ae77deb06f29 // indirect
go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37 // indirect go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760 // indirect
golang.org/x/exp/typeparams v0.0.0-20220328175248-053ad81199eb // indirect golang.org/x/exp/typeparams v0.0.0-20220328175248-053ad81199eb // indirect
golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect
golang.org/x/text v0.3.7 // indirect golang.org/x/text v0.3.7 // indirect

7
go.sum
Unescape Escape View File

@ -1231,8 +1231,9 @@ go4.org/mem v0.0.0-20210711025021-927187094b94 h1:OAAkygi2Js191AJP1Ds42MhJRgeofe
go4.org/mem v0.0.0-20210711025021-927187094b94/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g= go4.org/mem v0.0.0-20210711025021-927187094b94/go.mod h1:reUoABIJ9ikfM5sgtSF3Wushcza7+WeD01VB9Lirh3g=
go4.org/unsafe/assume-no-moving-gc v0.0.0-20201222175341-b30ae309168e/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E= go4.org/unsafe/assume-no-moving-gc v0.0.0-20201222175341-b30ae309168e/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
go4.org/unsafe/assume-no-moving-gc v0.0.0-20201222180813-1025295fd063/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E= go4.org/unsafe/assume-no-moving-gc v0.0.0-20201222180813-1025295fd063/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37 h1:Tx9kY6yUkLge/pFG7IEMwDZy6CS2ajFc9TvQdPCW0uA=
go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E= go4.org/unsafe/assume-no-moving-gc v0.0.0-20211027215541-db492cf91b37/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760 h1:FyBZqvoA/jbNzuAWLQE2kG820zMAkcilx6BMjGbL/E4=
go4.org/unsafe/assume-no-moving-gc v0.0.0-20220617031537-928513b29760/go.mod h1:FftLjUGFEDu5k8lt0ddY+HcrH/qU/0qk+H8j9/nTl3E=
golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@ -1855,8 +1856,8 @@ howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCU
howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM= howett.net/plist v1.0.0 h1:7CrbWYbPPO/PyNy38b2EB/+gYbjCe2DXBxgtOOZbSQM=
howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g= howett.net/plist v1.0.0/go.mod h1:lqaXoTrLY4hg8tnEzNru53gicrbv7rrk+2xJA/7hw9g=
inet.af/netaddr v0.0.0-20210515010201-ad03edc7c841/go.mod h1:z0nx+Dh+7N7CC8V5ayHtHGpZpxLQZZxkIaaz6HN65Ls= inet.af/netaddr v0.0.0-20210515010201-ad03edc7c841/go.mod h1:z0nx+Dh+7N7CC8V5ayHtHGpZpxLQZZxkIaaz6HN65Ls=
inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6 h1:acCzuUSQ79tGsM/O50VRFySfMm19IoMKL+sZztZkCxw= inet.af/netaddr v0.0.0-20220617031823-097006376321 h1:B4dC8ySKTQXasnjDTMsoCMf1sQG4WsMej0WXaHxunmU=
inet.af/netaddr v0.0.0-20211027220019-c74959edd3b6/go.mod h1:y3MGhcFMlh0KZPMuXXow8mpjxxAk3yoDNsp4cQz54i8= inet.af/netaddr v0.0.0-20220617031823-097006376321/go.mod h1:OIezDfdzOgFhuw4HuWapWq2e9l0H9tK4F1j+ETRtF3k=
inet.af/peercred v0.0.0-20210906144145-0893ea02156a h1:qdkS8Q5/i10xU2ArJMKYhVa1DORzBfYS/qA2UK2jheg= inet.af/peercred v0.0.0-20210906144145-0893ea02156a h1:qdkS8Q5/i10xU2ArJMKYhVa1DORzBfYS/qA2UK2jheg=
inet.af/peercred v0.0.0-20210906144145-0893ea02156a/go.mod h1:FjawnflS/udxX+SvpsMgZfdqx2aykOlkISeAsADi5IU= inet.af/peercred v0.0.0-20210906144145-0893ea02156a/go.mod h1:FjawnflS/udxX+SvpsMgZfdqx2aykOlkISeAsADi5IU=
inet.af/wf v0.0.0-20211204062712-86aaea0a7310 h1:0jKHTf+W75kYRyg5bto1UT+r18QmAz2u/5pAs/fx4zo= inet.af/wf v0.0.0-20211204062712-86aaea0a7310 h1:0jKHTf+W75kYRyg5bto1UT+r18QmAz2u/5pAs/fx4zo=

62
ipn/ipnlocal/local.go
Unescape Escape View File

@ -416,6 +416,9 @@ func (b *LocalBackend) updateStatus(sb *ipnstate.StatusBuilder, extraLocked func
s.Health = append(s.Health, err.Error()) s.Health = append(s.Health, err.Error())
} }
} }
if m := b.sshOnButUnusableHealthCheckMessageLocked(); m != "" {
s.Health = append(s.Health, m)
}
if b.netMap != nil { if b.netMap != nil {
s.CertDomains = append([]string(nil), b.netMap.DNS.CertDomains...) s.CertDomains = append([]string(nil), b.netMap.DNS.CertDomains...)
s.MagicDNSSuffix = b.netMap.MagicDNSSuffix() s.MagicDNSSuffix = b.netMap.MagicDNSSuffix()
@ -1826,11 +1829,21 @@ func (b *LocalBackend) CheckPrefs(p *ipn.Prefs) error {
} }
func (b *LocalBackend) checkPrefsLocked(p *ipn.Prefs) error { func (b *LocalBackend) checkPrefsLocked(p *ipn.Prefs) error {
var errs []error
if p.Hostname == "badhostname.tailscale." { if p.Hostname == "badhostname.tailscale." {
// Keep this one just for testing. // Keep this one just for testing.
return errors.New("bad hostname [test]") errs = append(errs, errors.New("bad hostname [test]"))
}
if err := b.checkSSHPrefsLocked(p); err != nil {
errs = append(errs, err)
}
return multierr.New(errs...)
}
func (b *LocalBackend) checkSSHPrefsLocked(p *ipn.Prefs) error {
if !p.RunSSH {
return nil
} }
if p.RunSSH {
switch runtime.GOOS { switch runtime.GOOS {
case "linux": case "linux":
if distro.Get() == distro.Synology && !envknob.UseWIPCode() { if distro.Get() == distro.Synology && !envknob.UseWIPCode() {
@ -1851,14 +1864,53 @@ func (b *LocalBackend) checkPrefsLocked(p *ipn.Prefs) error {
if !canSSH { if !canSSH {
return errors.New("The Tailscale SSH server has been administratively disabled.") return errors.New("The Tailscale SSH server has been administratively disabled.")
} }
if b.netMap != nil && b.netMap.SSHPolicy == nil && if envknob.SSHIgnoreTailnetPolicy() || envknob.SSHPolicyFile() != "" {
envknob.SSHPolicyFile() == "" && !envknob.SSHIgnoreTailnetPolicy() { return nil
return errors.New("Unable to enable local Tailscale SSH server; not enabled/configured on Tailnet.") }
if b.netMap != nil {
if !hasCapability(b.netMap, tailcfg.CapabilitySSH) {
if b.isDefaultServerLocked() {
return errors.New("Unable to enable local Tailscale SSH server; not enabled on Tailnet. See https://tailscale.com/s/ssh")
}
return errors.New("Unable to enable local Tailscale SSH server; not enabled on Tailnet.")
} }
} }
return nil return nil
} }
func (b *LocalBackend) sshOnButUnusableHealthCheckMessageLocked() (healthMessage string) {
if b.prefs == nil || !b.prefs.RunSSH {
return ""
}
if envknob.SSHIgnoreTailnetPolicy() || envknob.SSHPolicyFile() != "" {
return "development SSH policy in use"
}
nm := b.netMap
if nm == nil {
return ""
}
if nm.SSHPolicy != nil && len(nm.SSHPolicy.Rules) > 0 {
return ""
}
isDefault := b.isDefaultServerLocked()
isAdmin := hasCapability(nm, tailcfg.CapabilityAdmin)
if !isAdmin {
return "Tailscale SSH enabled, but access controls don't allow anyone to access this device. Ask your admin to update your tailnet's ACLs to allow access."
}
if !isDefault {
return "Tailscale SSH enabled, but access controls don't allow anyone to access this device. Update your tailnet's ACLs to allow access."
}
return "Tailscale SSH enabled, but access controls don't allow anyone to access this device. Update your tailnet's ACLs at https://tailscale.com/s/ssh-policy"
}
func (b *LocalBackend) isDefaultServerLocked() bool {
if b.prefs == nil {
return true // assume true until set otherwise
}
return b.prefs.ControlURLOrDefault() == ipn.DefaultControlURL
}
func (b *LocalBackend) EditPrefs(mp *ipn.MaskedPrefs) (*ipn.Prefs, error) { func (b *LocalBackend) EditPrefs(mp *ipn.MaskedPrefs) (*ipn.Prefs, error) {
b.mu.Lock() b.mu.Lock()
p0 := b.prefs.Clone() p0 := b.prefs.Clone()

15
tailcfg/tailcfg.go
Unescape Escape View File

@ -878,13 +878,20 @@ type MapRequest struct {
// start-up before their first real endpoint update. // start-up before their first real endpoint update.
ReadOnly bool `json:",omitempty"` ReadOnly bool `json:",omitempty"`
// OmitPeers is whether the client is okay with the Peers list // OmitPeers is whether the client is okay with the Peers list being omitted
// being omitted in the response. (For example, a client on // in the response.
// start up using ReadOnly to get the DERP map.) //
// The behavior of OmitPeers being true varies based on Stream and ReadOnly:
// //
// If OmitPeers is true, Stream is false, and ReadOnly is false, // If OmitPeers is true, Stream is false, and ReadOnly is false,
// then the server will let clients update their endpoints without // then the server will let clients update their endpoints without
// breaking existing long-polling (Stream == true) connections. // breaking existing long-polling (Stream == true) connections.
// In this case, the server can omit the entire response; the client
// only checks the HTTP response status code.
//
// If OmitPeers is true, Stream is false, but ReadOnly is true,
// then all the response fields are included. (This is what the client does
// when initially fetching the DERP map.)
OmitPeers bool `json:",omitempty"` OmitPeers bool `json:",omitempty"`
// DebugFlags is a list of strings specifying debugging and // DebugFlags is a list of strings specifying debugging and
@ -1467,6 +1474,8 @@ const (
CapabilityFileSharing = "https://tailscale.com/cap/file-sharing" CapabilityFileSharing = "https://tailscale.com/cap/file-sharing"
CapabilityAdmin = "https://tailscale.com/cap/is-admin" CapabilityAdmin = "https://tailscale.com/cap/is-admin"
CapabilitySSH = "https://tailscale.com/cap/ssh" // feature enabled/available
CapabilitySSHRuleIn = "https://tailscale.com/cap/ssh-rule-in" // some SSH rule reach this node
// Inter-node capabilities. // Inter-node capabilities.

22
util/deephash/deephash.go
Unescape Escape View File

@ -98,10 +98,14 @@ func (s Sum) String() string {
} }
var ( var (
once sync.Once seedOnce sync.Once
seed uint64 seed uint64
) )
func initSeed() {
seed = uint64(time.Now().UnixNano())
}
func (h *hasher) sum() (s Sum) { func (h *hasher) sum() (s Sum) {
h.bw.Flush() h.bw.Flush()
// Sum into scratch & copy out, as hash.Hash is an interface // Sum into scratch & copy out, as hash.Hash is an interface
@ -121,9 +125,7 @@ func Hash(v any) (s Sum) {
h := hasherPool.Get().(*hasher) h := hasherPool.Get().(*hasher)
defer hasherPool.Put(h) defer hasherPool.Put(h)
h.reset() h.reset()
once.Do(func() { seedOnce.Do(initSeed)
seed = uint64(time.Now().UnixNano())
})
h.hashUint64(seed) h.hashUint64(seed)
h.hashValue(reflect.ValueOf(v)) h.hashValue(reflect.ValueOf(v))
return h.sum() return h.sum()
@ -299,7 +301,7 @@ func (h *hasher) hashValue(v reflect.Value) {
type mapHasher struct { type mapHasher struct {
h hasher h hasher
val valueCache // re-usable values for map iteration valKey, valElem valueCache // re-usable values for map iteration
iter reflect.MapIter // re-usable map iterator iter reflect.MapIter // re-usable map iterator
} }
@ -334,15 +336,19 @@ func (h *hasher) hashMap(v reflect.Value) {
defer iter.Reset(reflect.Value{}) // avoid pinning v from mh.iter when we return defer iter.Reset(reflect.Value{}) // avoid pinning v from mh.iter when we return
var sum Sum var sum Sum
k := mh.val.get(v.Type().Key()) if v.IsNil() {
e := mh.val.get(v.Type().Elem()) sum.sum[0] = 1 // something non-zero
}
k := mh.valKey.get(v.Type().Key())
e := mh.valElem.get(v.Type().Elem())
mh.h.visitStack = h.visitStack // always use the parent's visit stack to avoid cycles mh.h.visitStack = h.visitStack // always use the parent's visit stack to avoid cycles
for iter.Next() { for iter.Next() {
k.SetIterKey(iter) k.SetIterKey(iter)
e.SetIterValue(iter) e.SetIterValue(iter)
mh.h.reset() mh.h.reset()
mh.h.hashValue(k) mh.h.hashValue(k)
mh.h.hashValue(v) mh.h.hashValue(e)
sum.xor(mh.h.sum()) sum.xor(mh.h.sum())
} }
h.bw.Write(append(h.scratch[:0], sum.sum[:]...)) // append into scratch to avoid heap allocation h.bw.Write(append(h.scratch[:0], sum.sum[:]...)) // append into scratch to avoid heap allocation

45
util/deephash/deephash_test.go
Unescape Escape View File

@ -11,9 +11,11 @@ import (
"crypto/sha256" "crypto/sha256"
"fmt" "fmt"
"math" "math"
"math/rand"
"reflect" "reflect"
"runtime" "runtime"
"testing" "testing"
"testing/quick"
"go4.org/mem" "go4.org/mem"
"inet.af/netaddr" "inet.af/netaddr"
@ -132,6 +134,49 @@ func TestDeepHash(t *testing.T) {
} }
} }
// Tests that we actually hash map elements. Whoops.
func TestIssue4868(t *testing.T) {
m1 := map[int]string{1: "foo"}
m2 := map[int]string{1: "bar"}
if Hash(m1) == Hash(m2) {
t.Error("bogus")
}
}
func TestIssue4871(t *testing.T) {
m1 := map[string]string{"": "", "x": "foo"}
m2 := map[string]string{}
if h1, h2 := Hash(m1), Hash(m2); h1 == h2 {
t.Errorf("bogus: h1=%x, h2=%x", h1, h2)
}
}
func TestNilVsEmptymap(t *testing.T) {
m1 := map[string]string(nil)
m2 := map[string]string{}
if h1, h2 := Hash(m1), Hash(m2); h1 == h2 {
t.Errorf("bogus: h1=%x, h2=%x", h1, h2)
}
}
func TestMapFraming(t *testing.T) {
m1 := map[string]string{"foo": "", "fo": "o"}
m2 := map[string]string{}
if h1, h2 := Hash(m1), Hash(m2); h1 == h2 {
t.Errorf("bogus: h1=%x, h2=%x", h1, h2)
}
}
func TestQuick(t *testing.T) {
initSeed()
err := quick.Check(func(v, w map[string]string) bool {
return (Hash(v) == Hash(w)) == reflect.DeepEqual(v, w)
}, &quick.Config{MaxCount: 1000, Rand: rand.New(rand.NewSource(int64(seed)))})
if err != nil {
t.Fatalf("seed=%v, err=%v", seed, err)
}
}
func getVal() []any { func getVal() []any {
return []any{ return []any{
&wgcfg.Config{ &wgcfg.Config{

Write Preview
Loading…
Cancel
Save