| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Updates #4522
Change-Id: I31a430da422b1e5fab834a2a670cddf448889ee6
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Still a little wonky, though. See the tcsetattr error and inability to
hit Ctrl-D, for instance:
bradfitz@laptop ~ % tailscale.app ssh foo@bar
tcsetattr: Operation not permitted
# Authentication checked with Tailscale SSH.
# Time since last authentication: 1h13m22s
foo@bar:~$ ^D
^D
^D
Updates #4518
Updates #4529
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
For debugging what's visible inside the macOS sandbox.
But could also be useful for giving users portable commands
during debugging without worrying about which OS they're on.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Tested three macOS Tailscale daemons:
- App Store (Network Extension)
- Standalone (macsys)
- tailscaled
And two types of local IPC each:
- IPN
- HTTP
And two CLI modes:
- sandboxed (running the GUI binary as the CLI; normal way)
- open source CLI hitting GUI (with #4525)
Bonus: simplifies the code.
Fixes tailscale/corp#4559
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
I've done this a handful of times in the past and again today.
Time to make it a supported thing for the future.
Used while debugging tailscale/corp#4559 (macsys CLI issues)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: James Tucker <james@tailscale.com>
|
|
Updates #2067
This should help us determine if more robust control of edns parameters
+ implementing answer truncation is warranted, given its likely complexity.
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
One current theory (among other things) on battery consumption is that
magicsock is resorting to using the IPv6 over LTE even on WiFi.
One thing that could explain this is that we do not get link change updates
for the LTE modem as we ignore them in this list.
This commit makes us not ignore changes to `pdp_ip` as a test.
Updates #3363
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Updates tailscale/corp#4824
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
This populates DNS suffixes ("ts.net", etc) in /etc/resolver/* files
to point to 100.100.100.100 so MagicDNS works.
It also sets search domains.
Updates #4276
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
There was a typo in the check it was doing `!ok` instead of `ok`, this
restructures it a bit to read better.
Fixes #4506
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Updates #3616
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Change-Id: Idfe95db82275fd2be6ca88f245830731a0d5aecf
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: James Tucker <james@tailscale.com>
|
|
Fixes #4395
Fixes #2605
Signed-off-by: James Tucker <james@tailscale.com>
|
|
Single-quote escaping is insufficient apparently.
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #3802
Change-Id: I59fe111eef5ac8abbcbcec922e293712a65a4830
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Noted by @danderson
Updates #3802
Change-Id: Iac70717ed57f11726209ac1ea93ddc6696605f94
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Noted by @danderson.
Updates #3802
Change-Id: Ide15f3f28e30f6abb5c94d7dcd218bd9482752a0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
This reverts commit 8d6793fd7047d1c9b59e939e7644edbb75b4790f.
Reason: breaks Android build (cgo/pthreads addition)
We can try again next cycle.
Change-Id: I5e7e1730a8bf399a8acfce546a6d22e11fb835d5
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #4439
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Attempt to load the xt_mark kernel module when it is not present. If the
load fails, log error information.
It may be tempting to promote this failure to an error once it has been
in use for some time, so as to avoid reaching an error with the iptables
invocation, however, there are conditions under which the two stages may
disagree - this change adds more useful breadcrumbs.
Example new output from tailscaled running under my WSL2:
```
router: ensure module xt_mark: "/usr/sbin/modprobe xt_mark" failed: exit status 1; modprobe: FATAL: Module xt_mark not found in directory /lib/modules/5.10.43.3-microsoft-standard-WSL2
```
Background:
There are two places to lookup modules, one is `/proc/modules` "old",
the other is `/sys/module/` "new".
There was query_modules(2) in linux <2.6, alas, it is gone.
In a docker container in the default configuration, you would get
/proc/modules and /sys/module/ both populated. lsmod may work file,
modprobe will fail with EPERM at `finit_module()` for an unpriviliged
container.
In a priviliged container the load may *succeed*, if some conditions are
met. This condition should be avoided, but the code landing in this
change does not attempt to avoid this scenario as it is both difficult
to detect, and has a very uncertain impact.
In an nspawn container `/proc/modules` is populated, but `/sys/module`
does not exist. Modern `lsmod` versions will fail to gather most module
information, without sysfs being populated with module information.
In WSL2 modules are likely missing, as the in-use kernel typically is
not provided by the distribution filesystem, and WSL does not mount in a
module filesystem of its own. Notably the WSL2 kernel supports iptables
marks without listing the xt_mark module in /sys/module, and
/proc/modules is empty.
On a recent kernel, we can ask the capabilities system about SYS_MODULE,
that will help to disambiguate between the non-privileged container case
and just being root. On older kernels these calls may fail.
Update #4329
Signed-off-by: James Tucker <james@tailscale.com>
|
|
From f74ee80abe8819f3d3bfd9138056a46820f4fc54 which lacked docs.
Updates #3802
Change-Id: Ia7df05a486ae383cc6d9aca9dfe487b04e243ad5
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
gliderlabs/ssh was already adding the "SSH-2.0-" prefix.
Updates #3802
Change-Id: I19a1cd9308371a2898e7883cf26e94c9b54bab29
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
For tests.
Now that we can always listen (whereas we used to fail prior to
a2c330c4961aea883a674aa530cc40bf74047bac), some goroutine leak
checks were failing in tests in another repo after that change.
Change-Id: Id95a4b71167eca61962a48616d79741b9991e0bc
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
(VSCode Live Share between Brad & Maisem!)
Updates #3802
Change-Id: Id8edca4481b0811debfdf56d4ccb1a46f71dd6d3
Co-Authored-By: Brad Fitzpatrick <bradfitz@tailscale.com>
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Tested using an Alma Linux 8.5 VM.
Updates https://github.com/tailscale/tailscale/issues/2915
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
The primary distribution for LinuxMint is based on Ubuntu,
but there is an alternate Debian-based distribution called
LMDE. Both variations identify themselves as "linuxmint"
We added UBUNTU_VERSION to the Ubuntu handling for linuxmint,
the only distribution so far found to do this. Instead, split
linuxmint out into its own case and use either UBUNTU_VERSION
or DEBIAN_VERSION, whichever is present.
Tested on an LMDE 5 (elsie) VM.
Updates https://github.com/tailscale/tailscale/issues/2915
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Fixes https://github.com/tailscale/tailscale/issues/4354
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Support ParrotSec https://parrotsec.org/
Tested using a Parrot 5.0 VM.
Updates https://github.com/tailscale/tailscale/issues/2915
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
$ tailscale debug via 0xb 10.2.0.0/16
fd7a:115c:a1e0:b1a:0:b:a02:0/112
$ tailscale debug via fd7a:115c:a1e0:b1a:0:b:a02:0/112
site 11 (0xb), 10.2.0.0/16
Previously: 3ae701f0ebe053a1f7b6a3fa345a56b3132c818f
This adds a little debug tool to do CIDR math to make converting between
those ranges easier for now.
Updates #3616
Change-Id: I98302e95d17765bfaced3ecbb71cbd43e84bff46
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #3802
Change-Id: I5aa98bdab14fd1c1c00ba63b93f8d7e670f72437
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Also bump github.com/tailscale/golang-x-crypto/ssh
Updates #3802
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
The previous commit (1b89662eff) this for Android, but we can also use
this on any platform if we we would otherwise fail.
Change-Id: I4cd78b40e9e77fca5cc8e717dd48ac173101bed4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
It unfortuantely gets truncated because it's too long, split it into 3
different log lines to circumvent truncation.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Currently we ignore these interfaces in the darwin osMon but then would consider it
interesting when checking if anything had changed.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
We intercept the peerapi port in netstack anyway, so there's no reason
the linux kernel on Android needs to know about it. It's only getting
in the way and causing problems for reasons we don't fully understand.
But we don't even need to understand it because it's not relevant
anymore.
Instead, provide a dummy net.Listener that just sits and blocks to
pacify the rest of the code that assumes it can be stuck in a
Listener.Accept call and call Listener.Close and Listener.Addr.
We'll likely do this for all platforms in the future, if/when we also
link in netstack on iOS.
Updates #4449
Updates #4293
Updates #3986
Change-Id: Ic2d3fe2f3cee60fc527356a3368830f17aeb75ae
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #4463
Change-Id: I8305710e8a075263ae9a88a29624b19032d5beeb
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #3802
Change-Id: I3f1e839391fe9b28270f506f4bb8d8e3d36716f5
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #4459
Change-Id: Ic27621569d2739298e652769d10e38608c6012be
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
* cmd/nginx-auth: add maintainer scripts
Signed-off-by: Xe <xe@tailscale.com>
* cmd/nginx-auth: add Expected-Tailnet header and documentation
Signed-off-by: Xe <xe@tailscale.com>
|
