| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Fixes #3248
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #3248
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #1713
Change-Id: I4c073fec0992d9e01a9a4ce97087d5af0efdc68d
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This isn't the ideal solution, but it's good enough for now.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Replaces #3464, #3365, #3366 with a PR that includes the depaware fix.
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
|
|
Fixes #3176
Change-Id: I844883e741dccfa5e7771c853180e9f65fb7f7a4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Don't be a DoH DNS server to peers unless the Tailnet admin has permitted
that peer autogroup:internet access.
Updates #1713
Change-Id: Iec69360d8e4d24d5187c26904b6a75c1dabc8979
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
I probably broke it when SCTP support was added but nothing apparently
ever used NewAllowAllForTest so it wasn't noticed when it broke.
Change-Id: Ib5a405be233d53cb7fcc61d493ae7aa2d1d590a2
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #3431
Signed-off-by: Thomas Weiß <panos@unbunt.org>
|
|
Signed-off-by: Thomas Weiß <panos@unbunt.org>
|
|
Fixes tailscale/corp#1811
Change-Id: I864d11e0332a177e8c5ff403591bff6fec548f5a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
If IP forwarding is disabled globally, but enabled per-interface on all interfaces,
don't complain. If only some interfaces have forwarding enabled, warn that some
subnet routing/exit node traffic may not work.
Fixes #1586
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
It's a basic "deny everything" policy, since DERP's HTTP
server is very uninteresting from a browser POV. But it
stops every security scanner under the sun from reporting
"dangerously configured" HTTP servers.
Updates tailscale/corp#3119
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Fixes #1933
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Android doesn't use logpolicy and currently has enough
unique stuff about its logging that makes it difficult to
do so. For example, its logsDir comes from Gio.
Export NewLogtailTransport to let Android use it.
Updates https://github.com/tailscale/tailscale/issues/3046
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Updates #1713
Change-Id: Ia4ed9d8c9cef0e70aa6d30f2852eaab80f5f695a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
.github: feature request template change
|
|
Signed-off-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com>
|
|
Updates https://github.com/tailscale/tailscale/issues/2915
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Currently, comments in resolv.conf cause our parser to fail,
with error messages like:
ParseIP("192.168.0.100 # comment"): unexpected character (at " # comment")
Fix that.
Noticed while looking through logs.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
We were missing an argument here.
Also, switch to %q, in case anything weird
is happening with these strings.
Updates tailscale/corp#461
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
When this happens, it is incredibly noisy in the logs.
It accounts for about a third of all remaining
"unexpected" log lines from a recent investigation.
It's not clear that we know how to fix this,
we have a functioning workaround,
and we now have a (cheap and efficient) metric for this
that we can use for measurements.
So reduce the logging to approximately once per minute.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
This limits the output to a single IP address.
RELNOTE=tailscale ip now has a -1 flag (TODO: update docs to use it)
Fixes #1921
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Streamline the prose.
Clarify what peer may be.
Improve an error message.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: Joonas Loppi <joonas@joonas.fi>
|
|
Updates #1713
Change-Id: I8d9c488f779e7acc811a9bc18166a2726198a429
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Bumps [honnef.co/go/tools](https://github.com/dominikh/go-tools) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/dominikh/go-tools/releases)
- [Commits](https://github.com/dominikh/go-tools/compare/v0.2.1...v0.2.2)
---
updated-dependencies:
- dependency-name: honnef.co/go/tools
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
And document the other fields, as long as we're here.
Updates #1182
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
These were supposed to be part of
3b541c833edb7c45eea1b7b2e5b716d33baf13c3 but I guess I forgot to "git
add" them. Whoops.
Updates #3307
Change-Id: I8c768a61ec7102a01799e81dc502a22399b9e9f0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
One of the most common "unexpected" log lines is:
"network state changed, but stringification didn't"
One way that this can occur is if an interesting interface
(non-Tailscale, has interesting IP address)
gains or loses an uninteresting IP address (link local or loopback).
The fact that the interface is interesting is enough for EqualFiltered
to inspect it. The fact that an IP address changed is enough for
EqualFiltered to declare that the interfaces are not equal.
But the State.String method reasonably declines to print any
uninteresting IP addresses. As a result, the network state appears
to have changed, but the stringification did not.
The String method is correct; nothing interesting happened.
This change fixes this by adding an IP address filter to EqualFiltered
in addition to the interface filter. This lets the network monitor
ignore the addition/removal of uninteresting IP addresses.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Linux-only for now, to avoid having to figure out why
powershell doesn't like my shell scripting. (Not that I blame it.)
That'll be enough to catch most regressions.
Fixes #1083
Co-authored-by: Aaron Klotz <aaron@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
The Windows BOOL type is an int32. We were using a bool,
which is a one byte wide. This could be responsible for the
ERROR_INVALID_PARAMETER errors we were seeing for calls to
WinHttpGetProxyForUrl.
We manually checked all other existing Windows syscalls
for similar mistakes and did not find any.
Updates #879
Co-authored-by: Aaron Klotz <aaron@tailscale.com>
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Fixes #3373.
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
information using API and registry
We replace the cmd.exe invocation with RtlGetNtVersionNumbers for the first
three fields. On Windows 10+, we query for the fourth field which is available
via the registry.
The fourth field is not really documented anywhere; Firefox has been querying
it successfully since Windows 10 was released, so we can be pretty confident in
its longevity at this point.
Fixes https://github.com/tailscale/tailscale/issues/1478
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
|
|
There are lots of lines in the logs of the form:
portmapper: unexpected PMP probe response: {OpCode:128 ResultCode:3
SecondsSinceEpoch:NNN MappingValidSeconds:0 InternalPort:0
ExternalPort:0 PublicAddr:0.0.0.0}
ResultCode 3 here means a network failure, e.g. the NAT box itself has
not obtained a DHCP lease. This is not an indication that something
is wrong in the Tailscale client, so use different wording here
to reflect that. Keep logging, so that we can analyze and debug
the reasons that PMP probes fail.
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
|
|
Updates #3360
Change-Id: Ic5c98ea03f3171c13ab9293a0ae74d17fd04d149
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Starting with a short lifetime, to verify nothing breaks.
Updates #3373
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Bumps [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) from 5.0.5 to 5.0.6.
- [Release notes](https://github.com/godbus/dbus/releases)
- [Commits](https://github.com/godbus/dbus/compare/v5.0.5...v5.0.6)
---
updated-dependencies:
- dependency-name: github.com/godbus/dbus/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Updates #2642 (I'd hoped, but doesn't seem to fix it)
Change-Id: Id54af7c90a1206bc7018215957e20e954782b911
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: AdamKorcz <adam@adalogics.com>
|
|
Updates #3358 (should fix it)
Updates #391
Change-Id: Ia62437dfa81247b0b5994d554cf279c3d540e4e7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #3351
Updates #391
Change-Id: I7e66b686e05f3c970846513679cc62556ebe322a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Lets the systemd-resolved OSConfigurator report health changes
for out of band config resyncs.
Updates #3327
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Fixes #3327
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: David Anderson <danderson@tailscale.com>
|
