summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)AuthorFilesLines
2024-11-20net/netcheck: respect DERPRegion.Avoid on initial probe plan toobradfitz/avoid_initialBrad Fitzpatrick2-2/+3
As found by @jwhited/@raggi. Updates #8603 Updates #13969 Updates tailscale/corp#24697 Change-Id: I32bb412a06e46a5fc154d87147e75363cf0d5407 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-19wgengine/filter: actually use the passed CapTestFunc [capver 109]Anton Tolchanov2-12/+14
Initial support for SrcCaps was added in 5ec01bf but it was not actually working without this. Updates #12542 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-11-19util/winutil/s4u: fix token handle leakAaron Klotz1-1/+4
Fixes #14156 Signed-off-by: Aaron Klotz <aaron@tailscale.com>
2024-11-19version: fix earlier test/wording mistakesBrad Fitzpatrick2-2/+1
Updates #14069 Change-Id: I1d2fd8a8ab6591af11bfb83748b94342a8ac718f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-19version: validate Long format on Android buildsBrad Fitzpatrick3-0/+85
Updates #14069 Change-Id: I134a90db561dacc4b1c1c66ccadac135b5d64cf3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-19licenses: update license noticesLicense Updater3-37/+36
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
2024-11-19kube/{kubeapi,kubeclient},ipn/store/kubestore,cmd/{containerboot,k8s-operato ↵Irbe Krumina13-102/+506
r}: emit kube store Events (#14112) Adds functionality to kube client to emit Events. Updates kube store to emit Events when tailscaled state has been loaded, updated or if any errors where encountered during those operations. This should help in cases where an error related to state loading/updating caused the Pod to crash in a loop- unlike logs of the originally failed container instance, Events associated with the Pod will still be accessible even after N restarts. Updates tailscale/tailscale#14080 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2024-11-18ipn/ipnlocal: fix build, remove another Notify.BackendLogID reference that ↵Brad Fitzpatrick1-1/+0
crept in I merged 5cae7c51bfa (removing Notify.BackendLogID) and 93db50356536e (adding another reference to Notify.BackendLogID) that didn't have merge conflicts, but didn't compile together. This removes the new reference, fixing the build. Updates #14129 Change-Id: I9bb68efd977342ea8822e525d656817235039a66 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-18ipn/ipnlocal: add IPN Bus NotifyRateLimit watch bit NotifyRateLimitBrad Fitzpatrick5-10/+395
Limit spamming GUIs with boring updates to once in 3 seconds, unless the notification is relatively interesting and the GUI should update immediately. This is basically @barnstar's #14119 but with the logic moved to be per-watch-session (since the bit is per session), rather than globally. And this distinguishes notable Notify messages (such as state changes) and makes them send immediately. Updates tailscale/corp#24553 Change-Id: I79cac52cce85280ce351e65e76ea11e107b00b49 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-18sessionrecording: implement v2 recording endpoint support (#14105)Andrew Lytvynov6-89/+500
The v2 endpoint supports HTTP/2 bidirectional streaming and acks for received bytes. This is used to detect when a recorder disappears to more quickly terminate the session. Updates https://github.com/tailscale/corp/issues/24023 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
2024-11-18ipn: remove unused Notify.BackendLogIDBrad Fitzpatrick2-8/+1
Updates #14129 Change-Id: I13b5df8765e786a4a919d6b2e72afe987000b2d1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-16go.mod: bump tailscale/wireguard-goBrad Fitzpatrick2-3/+3
Updates #11899 Change-Id: Ibd75134a20798c84c7174ba3af639cf22836c7d7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-15net/captivedetection: replace 10k log lines with ... lessBrad Fitzpatrick2-14/+42
We see tons of logs of the form: 2024/11/15 19:57:29 netcheck: [v2] 76 available captive portal detection endpoints: [Endpoint{URL="http://192.73.240.161/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.240.121/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.240.132/generate_204", StatusCode=204, ExpectedContent="", 11:58SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://209.177.158.246/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://209.177.158.15/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://199.38.182.118/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.243.135/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.243.229/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.243.141/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://45.159.97.144/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://45.159.97.61/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://45.159.97.233/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://45.159.98.196/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://45.159.98.253/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://45.159.98.145/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://68.183.90.120/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://209.177.156.94/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.248.83/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://209.177.156.197/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://199.38.181.104/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://209.177.145.120/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://199.38.181.93/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://199.38.181.103/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://102.67.165.90/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://102.67.165.185/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://102.67.165.36/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://176.58.90.147/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://176.58.90.207/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://176.58.90.104/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://162.248.221.199/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://162.248.221.215/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://162.248.221.248/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://185.34.3.232/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://185.34.3.207/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://185.34.3.75/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://208.83.234.151/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://208.83.233.233/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://208.72.155.133/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://185.40.234.219/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://185.40.234.113/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://185.40.234.77/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://43.245.48.220/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://43.245.48.50/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://43.245.48.250/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.252.65/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.252.134/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://208.111.34.178/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://43.245.49.105/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://43.245.49.83/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://43.245.49.144/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://176.58.92.144/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://176.58.88.183/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://176.58.92.254/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://148.163.220.129/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://148.163.220.134/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://148.163.220.210/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.242.187/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.242.28/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.242.204/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://176.58.93.248/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://176.58.93.147/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://176.58.93.154/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://192.73.244.245/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://208.111.40.12/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://208.111.40.216/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://103.6.84.152/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://205.147.105.30/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://205.147.105.78/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://102.67.167.245/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://102.67.167.37/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://102.67.167.188/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://103.84.155.178/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://103.84.155.188/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://103.84.155.46/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=true, Provider=DERPMapOther} Endpoint{URL="http://controlplane.tailscale.com/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=false, Provider=Tailscale} Endpoint{URL="http://login.tailscale.com/generate_204", StatusCode=204, ExpectedContent="", SupportsTailscaleChallenge=false, Provider=Tailscale}] That can be much shorter. Also add a fast exit path to the concurrency on match. Doing 5 all at once is still pretty gratuitous, though. Updates #1634 Fixes #13019 Change-Id: Icdbb16572fca4477b0ee9882683a3ac6eb08e2f2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-15ipn,tailcfg: add VIPService struct and c2n to fetch them from client (#14046)Naman Sood7-1/+187
* ipn,tailcfg: add VIPService struct and c2n to fetch them from client Updates tailscale/corp#22743, tailscale/corp#22955 Signed-off-by: Naman Sood <mail@nsood.in> * more review fixes Signed-off-by: Naman Sood <mail@nsood.in> * don't mention PeerCapabilityServicesDestination since it's currently unused Signed-off-by: Naman Sood <mail@nsood.in> --------- Signed-off-by: Naman Sood <mail@nsood.in>
2024-11-15cmd/derpprobe,prober: add ability to restrict derpprobe to a single regionPercy Wegmann3-2/+56
Updates #24522 Co-authored-by: Mario Minardi <mario@tailscale.com> Signed-off-by: Percy Wegmann <percy@tailscale.com>
2024-11-15tstest/integration/testcontrol: remove a vestigial unused parameterBrad Fitzpatrick1-4/+4
Back in the day this testcontrol package only spoke the nacl-boxed-based control protocol, which used this. Then we added ts2021, which didn't, but still sometimes used it. Then we removed the old mode and didn't remove this parameter in 2409661a0da956. Updates #11585 Change-Id: Ifd290bd7dbbb52b681b3599786437a15bc98b6a5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-14control/controlclient: disable https on for http://localhost:$port URLsBrad Fitzpatrick1-8/+1
Previously we required the program to be running in a test or have TS_CONTROL_IS_PLAINTEXT_HTTP before we disabled its https fallback on "http" schema control URLs to localhost with ports. But nobody accidentally does all three of "http", explicit port number, localhost and doesn't mean it. And when they mean it, they're testing a localhost dev control server (like I was) and don't want 443 getting involved. As of the changes for #13597, this became more annoying in that we were trying to use a port which wasn't even available. Updates #13597 Change-Id: Icd00bca56043d2da58ab31de7aa05a3b269c490f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-14go.toolchain.rev: bump from Go 1.23.1 to Go 1.23.3Brad Fitzpatrick1-1/+1
Updates #14100 Change-Id: I57f9d4260be15ce1daebe4a9782910aba3fb9dc9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-13cmd/tailscale/cli: add "help" alias for --helpBrad Fitzpatrick2-2/+38
Fixes #14053 Change-Id: I0a13e11af089f02b0656fea0d316543c67591fb5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-13.github: Bump actions/setup-go from 5.0.2 to 5.1.0 (#13934)dependabot[bot]3-3/+3
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.2 to 5.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32...41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-13words: Add scoville to scales.txt (#14084)Walter Poupore1-0/+1
https://en.wikipedia.org/wiki/Scoville_scale Updates #words Signed-off-by: Walter Poupore <walterp@tailscale.com>
2024-11-13.github: Bump actions/cache from 4.1.0 to 4.1.2 (#13933)dependabot[bot]1-5/+5
Bumps [actions/cache](https://github.com/actions/cache) from 4.1.0 to 4.1.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2...6849a6489940f00c2f30c0fb92c6274307ccb58a) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-13.github: Bump actions/upload-artifact from 4.4.0 to 4.4.3 (#13811)dependabot[bot]1-1/+1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.0 to 4.4.3. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/50769540e7f4bd5e21e526ee35c689e35e0d6874...b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-13.github: Bump github/codeql-action from 3.26.11 to 3.27.1 (#14062)dependabot[bot]1-3/+3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.11 to 3.27.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea...4f3212b61783c3c68e8309a0f18a699764811cda) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-13words: scale up our word count (#14082)Naman Sood1-0/+6
Updates tailscale/corp#14698 Signed-off-by: Naman Sood <mail@nsood.in>
2024-11-13words: add a scaleBrad Fitzpatrick1-0/+1
https://portsmouthbrewery.com/shilling-scale/ Any scale that includes "wee heavy" is a scale worth including. Updates #words Change-Id: I85fd7a64cf22e14f686f1093a220cb59c43e46ba Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-12cmd/{k8s-operator,containerboot},k8s-operator: remove support for proxies ↵Irbe Krumina5-48/+9
below capver 95. (#13986) Updates tailscale/tailscale#13984 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2024-11-12go.{mod,sum},build_docker.sh: bump mkctr, add ability to set OCI annotations ↵Irbe Krumina3-52/+63
for images (#14065) Updates tailscale/tailscale#12914 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2024-11-12cmd/k8s-operator: restart ProxyGroup pods less (#14045)Tom Proctor3-26/+66
We currently annotate pods with a hash of the tailscaled config so that we can trigger pod restarts whenever it changes. However, the hash updates more frequently than is necessary causing more restarts than is necessary. This commit removes two causes; scaling up/down and removing the auth key after pods have initially authed to control. However, note that pods will still restart on scale-up/down because of the updated set of volumes mounted into each pod. Hopefully we can fix that in a planned follow-up PR. Updates #13406 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2024-11-11all: use iterators over slice views moreBrad Fitzpatrick20-86/+62
This gets close to all of the remaining ones. Updates #12912 Change-Id: I9c672bbed2654a6c5cab31e0cbece6c107d8c6fa Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-11util/codegen: treat unique.Handle as an opaque value typeBrad Fitzpatrick2-3/+32
It doesn't need a Clone method, like a time.Time, etc. And then, because Go 1.23+ uses unique.Handle internally for the netip package types, we can remove those special cases. Updates #14058 (pulled out from that PR) Updates tailscale/corp#24485 Change-Id: Iac3548a9417ccda5987f98e0305745a6e178b375 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-11cmd/k8s-operator,k8s-operator,kube/kubetypes: add an option to configure app ↵Irbe Krumina11-46/+381
connector via Connector spec (#13950) * cmd/k8s-operator,k8s-operator,kube/kubetypes: add an option to configure app connector via Connector spec Updates tailscale/tailscale#11113 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2024-11-08safeweb: add a Shutdown method to the Server type (#14048)M. J. Fromberger1-0/+5
Updates #14047 Change-Id: I2d20454c715b11ad9c6aad1d81445e05a170c3a2 Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>
2024-11-08ipn/ipnlocal: log a summary of posture identity responseAnton Tolchanov1-0/+2
Perhaps I was too opimistic in #13323 thinking we won't need logs for this. Let's log a summary of the response without logging specific identifiers. Updates tailscale/corp#24437 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2024-11-07derp/derphttp: don't link websockets other than on GOOS=jsBrad Fitzpatrick11-26/+56
Or unless the new "ts_debug_websockets" build tag is set. Updates #1278 Change-Id: Ic4c4f81c1924250efd025b055585faec37a5491d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-07control/controlhttp/controlhttpserver: split out Accept to its own packageBrad Fitzpatrick10-42/+68
Otherwise all the clients only using control/controlhttp for the ts2021 HTTP client were also pulling in WebSocket libraries, as the server side always needs to speak websockets, but only GOOS=js clients speak it. This doesn't yet totally remove the websocket dependency on Linux because Linux has a envknob opt-in to act like GOOS=js for manual testing and force the use of WebSockets for DERP only (not control). We can put that behind a build tag in a future change to eliminate the dep on all GOOSes. Updates #1278 Change-Id: I4f60508f4cad52bf8c8943c8851ecee506b7ebc9 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-07cmd/tailscaled: support "ts_omit_ssh" build tag to remove SSHBrad Fitzpatrick3-2/+33
Some environments would like to remove Tailscale SSH support for the binary for various reasons when not needed (either for peace of mind, or the ~1MB of binary space savings). Updates tailscale/corp#24454 Updates #1278 Updates #12614 Change-Id: Iadd6c5a393992c254b5dc9aa9a526916f96fd07a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-07client/tailscale,ipn/{ipnlocal,localapi}: add a pre-shutdown localAPI ↵Irbe Krumina3-0/+41
endpoint that terminates control connections. (#14028) Adds a /disconnect-control local API endpoint that just shuts down control client. This can be run before shutting down an HA subnet router/app connector replica - it will ensure that all connection to control are dropped and control thus considers this node inactive and tells peers to switch over to another replica. Meanwhile the existing connections keep working (assuming that the replica is given some graceful shutdown period). Updates tailscale/tailscale#14020 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2024-11-07tsweb/varz: optimize some allocs, add helper func for othersBrad Fitzpatrick1-2/+8
Updates #cleanup Updates tailscale/corp#23546 (noticed when doing this) Change-Id: Ia9f627fe32bb4955739b2787210ba18f5de27f4d Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-07envknob,kube/kubetypes,cmd/k8s-operator: add app type for ProxyGroup (#14029)Irbe Krumina4-9/+17
Sets a custom hostinfo app type for ProxyGroup replicas, similarly to how we do it for all other Kubernetes Operator managed components. Updates tailscale/tailscale#13406,tailscale/corp#22920 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2024-11-06cmd/derper: show more information on home pagePercy Wegmann3-19/+92
- Basic description of DERP If configured to do so, also show - Mailto link to security@tailscale.com - Link to Tailscale Security Policies - Link to Tailscale Acceptable Use Policy Updates tailscale/corp#24092 Signed-off-by: Percy Wegmann <percy@tailscale.com>
2024-11-05licenses: update license noticesLicense Updater1-2/+2
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
2024-11-05types/result, util/lineiter: add package for a result type, use itBrad Fitzpatrick20-138/+289
This adds a new generic result type (motivated by golang/go#70084) to try it out, and uses it in the new lineutil package (replacing the old lineread package), changing that package to return iterators: sometimes over []byte (when the input is all in memory), but sometimes iterators over results of []byte, if errors might happen at runtime. Updates #12912 Updates golang/go#70084 Change-Id: Iacdc1070e661b5fb163907b1e8b07ac7d51d3f83 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-04cmd/k8s-operator: allow to optionally configure tailscaled port (#14005)Irbe Krumina1-0/+8
Updates tailscale/tailscale#13981 Signed-off-by: Irbe Krumina <irbe@tailscale.com>
2024-11-03tsnet: add accessor to get tsd.SystemBrad Fitzpatrick1-0/+9
Pulled of otherwise unrelated PR #13884. Updates tailscale/corp#22075 Change-Id: I5b539fcb4aca1b93406cf139c719a5e3c64ff7f7 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-03cmd/tsconnect: block after starting esbuild dev serverBrad Fitzpatrick1-0/+1
Thanks to @davidbuzz for raising the issue in #13973. Fixes #8272 Fixes #13973 Change-Id: Ic413e14d34c82df3c70a97e591b90316b0b4946b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-01net/socks5: optimize UDP relayVimT2-99/+119
Key changes: - No mutex for every udp package: replace syncs.Map with regular map for udpTargetConns - Use socksAddr as map key for better type safety - Add test for multi udp target Updates #7581 Change-Id: Ic3d384a9eab62dcbf267d7d6d268bf242cc8ed3c Signed-off-by: VimT <me@vimt.me>
2024-11-01net/socks5: fix UDP relay in userspace-networking modeVimT1-38/+63
This commit addresses an issue with the SOCKS5 UDP relay functionality when using the --tun=userspace-networking option. Previously, UDP packets were not being correctly routed into the Tailscale network in this mode. Key changes: - Replace single UDP connection with a map of connections per target - Use c.srv.dial for creating connections to ensure proper routing Updates #7581 Change-Id: Iaaa66f9de6a3713218014cf3f498003a7cac9832 Signed-off-by: VimT <me@vimt.me>
2024-11-01wgengine/netstack: remove unused taildrive depsBrad Fitzpatrick5-22/+17
A filesystem was plumbed into netstack in 993acf4475b22d693 but hasn't been used since 2d5d6f5403f3. Remove it. Noticed while rebasing a Tailscale fork elsewhere. Updates tailscale/corp#16827 Change-Id: Ib76deeda205ffe912b77a59b9d22853ebff42813 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2024-11-01ipn/ipnlocal: reload prefs correctly on ReloadConfigMaisem Ali2-22/+85
We were only updating the ProfileManager and not going down the EditPrefs path which meant the prefs weren't applied till either the process restarted or some other pref changed. This makes it so that we reconfigure everything correctly when ReloadConfig is called. Updates #13032 Signed-off-by: Maisem Ali <maisem@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.