| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
1. Use buildjet for the longer Linux CI workflows.
2. Continue with `ubuntu-latest` for shorter Linux CI workflows.
3. Use a large GitHub-hosted Windows runner.
https://docs.github.com/en/actions/using-github-hosted-runners/using-larger-runners
4. Make CIFuzz run on merge to main or release branch, not
in the pull request
Two runs each of the original workflow files and the updated
workflows in this PR. One run of the GitHub Large Ubuntu runners
is included; these are clearly between the regular GitHub and BuildJet
runners in performance.
GitHub GitHub BuildJet BuildJet GHLarge
codeql-analysis.yml 4m 30s cached 2m 56s 2m 59s 4m 0s
cross-darwin.yml 3m 10s 3m 19s 1m 33s 1m 30s 2m 43s
cross-freebsd.yml 3m 33s 3m 10s 1m 28s 1m 22s 2m 15s
cross-openbsd.yml 3m 4s 2m 36s 1m 29s 1m 22s 2m 3s
cross-wasm.yml 1m 59s 2m 2s 1m 12s 1m 16s 1m 46s
cross-windows.yml 2m 45s 3m 0s 1m 44s 1m 25s 2m 6s
linux32.yml 4m 27s 4m 0s 1m 55s 2m 8s 2m 51s
linux-race.yml 3m 54s 4m 7s 2m 22s 2m 12s 3m 14s
linux.yml 4m 23s 4m 39s 2m 37s 2m 15s 3m 38s
static-analysis.yml
/vet 1m 41s 2m 22s 52s 56s 1m 12s
/staticcheck(linux, amd64) 2m 47s 2m 38s 1m 7s 1m 10s 1m 52s
/staticcheck(windows, amd64) 2m 5s 2m 4s 1m 6s 1m 8s 1m 33s
/staticcheck(darwin, amd64) 2m 14s 2m 20s 1m 10s 1m 10s 1m 50s
/staticcheck(windows, 386) 2m 36s 1m 58s 1m 23s 1m 8s 1m 39s
vm.yml 1m 30s 1m 32s 2m 31s 2m 23s N/A
A few very short workflows are being left on GitHub-hosted runners, like
licenses and gofmt. These benefit from the quicker dispatch to GitHub
hosted runners.
--------
For Windows and the windows.yml test run:
- the regular `windows-latest` runner takes about 6 minutes 20 seconds
- there is enough variability run to run that we get the same ~4 minute
run with:
- a GitHub-hosted large runner
- a self-hosted Windows Server 2022 in an AWS t3.xlarge
- a self-hosted Windows Server 2022 in an AWS c6i.xlarge
Since there is not a gain from operating our own runner, we'll pay
GitHub to operate a Windows large runner.
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
At some point we started restarting map polls on health change, but we
don't remember why. Maybe it was a desperate workaround for something.
I'm not sure it ever worked.
Rather than have a haunted graveyard, remove it.
In its place, though, and somewhat as a safety backup, send those
updates over the HTTP/2 noise channel if we have one open. Then if
there was a reason that a map poll restart would help we could do it
server-side. But mostly we can gather error stats and show
machine-level health info for debugging.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
In prep for a future change that would've been very copy/paste-y.
And because the set-dns call doesn't currently use a context,
so timeouts/cancelations are plumbed.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This was renamed to windows.md
|
|
- removed some in-flow time calls
- increase buffer size to 2MB to overcome syscall cost
- move relative time computation from record to report time
Signed-off-by: James Tucker <james@tailscale.com>
|
|
The fragment offset is an 8 byte offset rather than a byte offset, so
the short packet limit is now in fragment block size in order to compare
with the offset value.
The packet flags are in the first 3 bits of the flags/frags byte, and
so after conversion to a uint16 little endian value they are at the
start, not the end of the value - the mask for extracting "more
fragments" is adjusted to match this byte.
Extremely short fragments less than 80 bytes are dropped, but fragments
over 80 bytes are now accepted.
Fixes #5727
Signed-off-by: James Tucker <james@tailscale.com>
|
|
Static resource handlers will generate lots of 304s, which are
effectively successful responses.
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
|
|
field (#5648)
* tailcfg, control/controlhttp, control/controlclient: add ControlDialPlan field
This field allows the control server to provide explicit information
about how to connect to it; useful if the client's link status can
change after the initial connection, or if the DNS settings pushed by
the control server break future connections.
Change-Id: I720afe6289ec27d40a41b3dcb310ec45bd7e5f3e
Signed-off-by: Andrew Dunham <andrew@tailscale.com>
|
|
DomainDataPlaneAuditLogID to MapResponse
We're adding two log IDs to facilitate data-plane audit logging: a node-specific
log ID, and a domain-specific log ID.
Updated util/deephash/deephash_test.go with revised expectations for tailcfg.Node.
Updates https://github.com/tailscale/corp/issues/6991
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
|
|
This fixes a race condition which caused `c.muCond.Broadcast()` to
never fire in the `firstDerp` if block. It resulted in `Close()`
hanging forever.
Signed-off-by: Kyle Carberry <kyle@carberry.com>
|
|
Personal preference (so it's obvious it's not a bool flag), but it
also matches the --state= before it.
Bonus: stop allowing PORT to sneak in extra flags to be passed as
their own arguments, as $FOO and ${FOO} expand differently. (${FOO} is
required to concat to strings)
Change-Id: I994626a5663fe0948116b46a971e5eb2c4023216
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Anton Schubert <anton.schubert@riedel.net>
|
|
Signed-off-by: hlts2 <hiroto.funakoshi.hiroto@gmail.com>
|
|
As the comment in the code says, netstack should always respond to ICMP
echo requests to a 4via6 address, even if the netstack instance isn't
normally processing subnet traffic.
Follow-up to #5709
Change-Id: I504d0776c5824071b2a2e0e687bc33e24f6c4746
Signed-off-by: Andrew Dunham <andrew@tailscale.com>
|
|
This reverts commit aadf63da1d1223acf07a645ee26f2141f928a8b2.
|
|
Signed-off-by: License Updater <noreply@tailscale.com>
|
|
It was checking if the sshServer was initialized as a proxy, but that
could either not have been initialized yet or Tailscale SSH could have
been disabled after intialized.
Also bump tailcfg.CurrentCapabilityVersion
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
We were just logging them to the console, which is useful for debugging,
but we may want to show them in the UI too.
Updates tailscale/corp#6939
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
|
|
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
Change-Id: Ib6ebbaa11219fb91b550ed7fc6ede61f83262e89
Signed-off-by: Andrew Dunham <andrew@tailscale.com>
|
|
This doesn't change any behaviour for now, other than maybe running a
full netcheck more often. The intent is to start gathering data on
captive portals, and additionally, seeing this in the 'tailscale
netcheck' command should provide a bit of additional information to
users.
Updates #1634
Change-Id: I6ba08f9c584dc0200619fa97f9fde1a319f25c76
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
|
|
For monitoring.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
d5e7e309 changed the `hostinfo.GetVersion` from distro and distro version
to UTS Name Release and moved distribution information under
`hostinfo.Distro*`.
`tailscale configure-host` command implementation for Synology DSM
environments relies on the old semantics of this string for matching DSM
Major version so it's been broken for a few days.
Pull in `hostinfo` and prefix match `hostinfo.DistroVersion` to match
DSM major version.
Signed-off-by: Berk D. Demir <bdd@mindcast.org>
|
|
From 6632504f452
Change-Id: If21789232b3ecc14c1639cf87814af6fa73f535f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
5 seconds may not be enough if we're still loading the derp map and
connecting to a slow machine.
Updates #5693
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
|
|
The check was happening too early and in the case of error would wait 5
s and then error out. This makes it so that it does validations before
the SSH check.
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
For control to fetch a list of Tailscale SSH username candidates to
filter against the Tailnet's SSH policy to present some valid
candidates to a user.
Updates #3802
Updates tailscale/corp#7007
Change-Id: I3dce57b7a35e66891d5e5572e13ae6ef3c898498
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This would've caught the regression from 7c49db02a before it was
submitted so 42f1d92ae020c wouldn't have been necessary to fix it.
Updates #4482
Change-Id: Ia4a9977e21853f68df96f043672c86a86c0181db
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
From 5c42990c2fc019, not yet released in a stable build.
Caught by existing tests.
Fixes #5685
Change-Id: Ia76bb328809d9644e8b96910767facf627830600
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Build fails on Android:
`../../../../go/pkg/mod/tailscale.com@v1.1.1-0.20220916223019-65c24b6334e9/wgengine/magicsock/magicsock_linux.go:133:12: undefined: netns.UseSocketMark`
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Updates #5114
Change-Id: I6c6e28c493d6a026a03088157d08f9fd182ef373
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #5114
Change-Id: I8ac7a22a511f5a7d0dcb8cac470d4a403aa8c817
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Baby steps towards turning off heartbeat pings entirely as per #540.
This doesn't change any current magicsock functionality and requires additional
changes to send/disco paths before the flag can be turned on.
Updates #540
Change-Id: Idc9a72748e74145b068d67e6dd4a4ffe3932efd0
Signed-off-by: Jenny Zhang <jz@tailscale.com>
Signed-off-by: Jenny Zhang <jz@tailscale.com>
|
|
ipnserver previously had support for a Windows-only environment
variable mechanism that further only worked when Windows was running
as a service, not from a console.
But we want it to work from tailscaed too, and we want it to work on
macOS and Synology. So move it to envknob, now that envknob can change
values at runtime post-init.
A future change will wire this up for more platforms, and do something
more for CLI flags like --port, which the bug was originally about.
Updates #5114
Change-Id: I9fd69a9a91bb0f308fc264d4a6c33e0cbe352d71
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
So things like #5660 don't happen in the future.
Change-Id: I01234f241e297d5b7bdd18da1bb3cc5420ad2225
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This turns 'dialParams' into something more like net.Dialer, where
configuration fields are public on the struct.
Split out of #5648
Change-Id: I0c56fd151dc5489c3c94fb40d18fd639e06473bc
Signed-off-by: Andrew Dunham <andrew@tailscale.com>
|
|
Tailscale @4a82b31 does not build in the container image due to using golang:1.18 image
Signed-off-by: Luis Peralta <luis.peralta@gmail.com>
|
|
Signed-off-by: Tyler Lee <tyler.lee@radius.ai>
|
|
Signed-off-by: Tyler Lee <tyler.lee@radius.ai>
|
|
The GitHub CodeQL scanner flagged the localapi's cert domain usage as a problem
because user input in the URL made it to disk stat checks.
The domain is validated against the ipnstate.Status later, and only
authenticated root/configured users can hit this, but add some
paranoia anyway.
Change-Id: I373ef23832f1d8b3a27208bc811b6588ae5a1ddd
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit
replaces the existing io/ioutil functions with their new definitions in
io and os packages.
Reference: https://golang.org/doc/go1.16#ioutil
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
|
Makes the package description consistent with other documentation.
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
|
|
The data that we send over WebSockets is encrypted and thus not
compressible. Additionally, Safari has a broken implementation of compression
(see nhooyr/websocket#218) that makes enabling it actively harmful.
Fixes tailscale/corp#6943
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
|
|
Updates #5114
Change-Id: Ia423fc7486e1b3f3180a26308278be0086fae49b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Change-Id: I464a0bce36e3a362c7d7ace0e8d2dd77fa825ee2
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Change-Id: I6d18af2c469eb660e6ca81d1dcc2af33c9e628aa
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Change-Id: I4cde3a72e06dac18df856a0cfeac10ab7e3a9108
Signed-off-by: Andrew Dunham <andrew@tailscale.com>
|
|
|
|
The SSH session may be rendered in a different window that the one that
is executing the script.
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
|
