summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)AuthorFilesLines
2023-01-26WIP helm chartdanderson/helmDavid Anderson11-0/+391
Signed-off-by: David Anderson <danderson@tailscale.com>
2023-01-25cmd/k8s-operator: support setting a custom hostname.David Anderson5-11/+183
Updates #502 Signed-off-by: David Anderson <danderson@tailscale.com>
2023-01-24licenses: update android licensesLicense Updater1-1/+1
Signed-off-by: License Updater <noreply@tailscale.com>
2023-01-24VERSION.txt: this is 1.37Denton Gentry1-1/+1
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
2023-01-24ipn/ipnlocal, net/dnscache: allow configuring dnscache logging via capabilityAndrew Dunham4-39/+89
This allows users to temporarily enable/disable dnscache logging via a new node capability, to aid in debugging strange connectivity issues. Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I46cf2596a8ae4c1913880a78d0033f8b668edc08
2023-01-24wgengine/magicsock: fix buggy fast path in Conn.SetNetworkMapBrad Fitzpatrick2-4/+32
Spotted by Maisem. Fixes #6680 Change-Id: I5fdc01de8b006a1c43a2a4848f69397f54b4453a Co-authored-By: Maisem Ali <maisem@tailscale.com> Co-authored-By: Andrew Dunham <andrew@tailscale.com> Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-24cmd/k8s-operator: remove use of InjectClient (deprecated)Vince Prignano1-13/+9
The dependency injection functionality has been deprecated a while back and it'll be removed in the 0.15 release of Controller Runtime. This changeset sets the Client after creating the Manager, instead of using InjectClient. Signed-off-by: Vince Prignano <vince@prigna.com>
2023-01-24scripts: explicitly install tailscale-archive-keyringAnton Tolchanov1-1/+1
This will ensure that the `tailscale-archive-keyring` Debian package gets installed by the installer script. Updates #3151 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2023-01-24hostinfo: add an environment type for ReplitAnton Tolchanov1-0/+12
Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2023-01-24cmd/mkpkg: allow specifying recommended dependenciesAnton Tolchanov1-0/+4
Updates #3151 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2023-01-24client/tailscale/keys: fix client.Keys unmarshallingHarry Bowron1-4/+4
Signed-off-by: Author Name hbowron@gmail.com Signed-off-by: Harry Bowron <harry@bolt.com> Fixes #7020
2023-01-23ipn/ipnlocal: add health warning for Tailscale SSH + SELinuxBrad Fitzpatrick1-0/+18
Updates #4908 Change-Id: If46be5045b13dd5c3068c334642f89b5917ec861 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-23cmd/tailscale/cli: add debug set-expire command for testingBrad Fitzpatrick3-0/+34
Updates tailscale/corp#8811 Updates tailscale/corp#8613 Change-Id: I1c87806ca3ccc5c43e7ddbd6b4d521f73f7d29f1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-23ipn/ipnlocal: fire expiry timer when the current node expiresAndrew Dunham1-0/+7
The current node isn't in NetMap.Peers, so without this we would not have fired this timer on self expiry. Updates #6932 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Id57f96985397e372f9226802d63b42ff92c95093
2023-01-23wgengine/wglog: add a prefix for all wireguard logsJames Tucker2-4/+5
Fixes #7041 Signed-off-by: James Tucker <james@tailscale.com>
2023-01-23ipn/ipnstate: add PeerStatus.KeyExpiry for tailscale status --jsonBrad Fitzpatrick4-2/+14
Fixes #6712 Change-Id: I817cd5342fac8a956fcefda2d63158fa488f3395 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-23envknob, hostinfo, ipn/ipnlocal: add start of opt-in remote update supportBrad Fitzpatrick7-1/+131
Updates #6907 Change-Id: I85db4f6f831dd5ff7a9ef4bfa25902607e0c1558 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-23tstest/integration: mark all integration tests as flakyAndrew Dunham2-1/+2
Updates #7036 Change-Id: I3aec5ad680078199ba984bf8afc20b2f2eb37257 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
2023-01-23licenses: update tailscale{,d} licensesLicense Updater1-6/+7
Signed-off-by: License Updater <noreply@tailscale.com>
2023-01-22tailcfg,hostinfo: add Hostinfo.Machine and Hostinfo.GoArchVarBrad Fitzpatrick6-1/+76
For detecting a non-ideal binary running on the current CPU. And for helping detect the best Synology package to update to. Updates #6995 Change-Id: I722f806675b60ce95364471b11c388150c0d4aea Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-21cmd/tailscale/cli: only give systemctl hint on systemd systemsBrad Fitzpatrick1-1/+21
Per recent user confusion on a QNAP issue. Change-Id: Ibda00013df793fb831f4088b40be8a04dfad17c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-21net/connstats: mark TestConcurrent as flakyBrad Fitzpatrick1-0/+2
Updates #7030 Change-Id: Ic46da5e5690b90b95028a68a3cf967ad86881e28 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-20version, cmd/tailscale: add version.Meta, tailscale version --jsonBrad Fitzpatrick5-11/+113
Add `tailscale version --json` JSON output mode. This will be used later for a double-opt-in (per node consent like Tailscale SSH + control config) to let admins do remote upgrades via `tailscale update` via a c2n call, which would then need to verify the cmd/tailscale found on disk for running tailscale update corresponds to the running tailscaled, refusing if anything looks amiss. Plus JSON output modes are just nice to have, rather than parsing unstable/fragile/obscure text formats. Updates #6995 Updates #6907 Change-Id: I7821ab7fbea4612f4b9b7bdc1be1ad1095aca71b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-20cmd/tailscale/cli: make 'tailscale update' support Debian/Ubuntu aptBrad Fitzpatrick2-6/+176
Updates #6995 Change-Id: I3355435db583755e0fc73d76347f6423b8939dfb Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-20ipn/ipnlocal: [serve] listen on all-interfaces for macOS sandboxed (#6771)shayne1-1/+33
On macOS (AppStore and macsys), we need to bind to ""/all-interfaces due to the network sandbox. Ideally we would only bind to the Tailscale interface, but macOS errors out if we try to to listen on privileged ports binding only to a specific interface. We also implement the lc.Control hook, same as we do for peerapi. It doesn't solve our problem but it's better that we do and would likely be required when Apple gets around to fixing per-interface priviliged port binding. Fixes: #6364 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2023-01-20go.mod: bump AWS SDK past a breaking API change of theirsBrad Fitzpatrick4-13/+21
They changed a type in their SDK which meant others using the AWS APIs in their Go programs (with newer AWS modules in their caller go.mod) and then depending on Tailscale (for e.g. tsnet) then couldn't compile ipn/store/awsstore. Thanks to @thisisaaronland for bringing this up. Fixes #7019 Change-Id: I8d2919183dabd6045a96120bb52940a9bb27193b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-20cmd/tailscale/cli: use mock impl of LocalClient for serve cmd (#6422)shayne2-65/+84
Create an interface and mock implementation of tailscale.LocalClient for serve command tests. Updates #6304 Closes #6372 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2023-01-20wgengine/magicsock: retry failed single packet ops across rebinds (#6990)Jordan Whited1-8/+16
The single packet WriteTo() through RebindingUDPConn.WriteBatch() was not checking for a rebind between loading the PacketConn and writing to it. Same with ReadFrom()/ReadBatch(). Fixes #6989 Signed-off-by: Jordan Whited <jordan@tailscale.com>
2023-01-19all: start groundwork for using capver for localapi & peerapiBrad Fitzpatrick9-15/+43
Updates #7015 Change-Id: I3d4c11b42a727a62eaac3262a879f29bb4ce82dd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-19cmd/tailscale/cli: un-alpha login+switch in ShortUsage docsBrad Fitzpatrick2-3/+3
Change-Id: I580d4417cf03833dfa8f6a295fb416faa667c477 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-19cmd/tailscale/cli: make "update" work on WindowsBrad Fitzpatrick5-6/+357
Updates #6995 Co-authored-by: Aaron Klotz <aaron@tailscale.com> Change-Id: I16622f43156a70b6fbc8205239fd489d7378d57b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-19various: mark more tests as flakyAndrew Dunham2-0/+5
Updates #2855 Updates #3598 Updates #7008 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I2b849e04646456b9f0c8a01563f2add752f4b2a4
2023-01-19wgengine/netstack: fix data race in testsAndrew Dunham1-6/+2
This uses the helper function added in #6173 to avoid flakes like: https://github.com/tailscale/tailscale/actions/runs/3826912237/jobs/6511078024 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: If3f1d3b9c0f64ffcb4ba9a30d3522ec49484f993
2023-01-18tailcfg: bump capver for Node.ExpiredAndrew Dunham1-1/+2
Updates #6932 Change-Id: I96c2467fa49201eb3d8df5cb36486370f598928c Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
2023-01-18cmd/testwrapper: move from corp; mark magicsock test as flakyAndrew Dunham6-2/+146
Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: Ibab5860f5797b3db151d3c27855333e43a9088a4
2023-01-17wgengine/magicsock: quiet log flood at tailscaled shutdownBrad Fitzpatrick1-2/+6
When you hit control-C on a tailscaled (notably in dev mode, but also on any systemctl stop/restart), there is a flood of messages like: magicsock: doing cleanup for discovery key d:aa9c92321db0807f magicsock: doing cleanup for discovery key d:bb0f16aacadbfd46 magicsock: doing cleanup for discovery key d:b5b2d386296536f2 magicsock: doing cleanup for discovery key d:3b640649f6796c91 magicsock: doing cleanup for discovery key d:71d7b1afbcce52cd magicsock: doing cleanup for discovery key d:315b61d7e0111377 magicsock: doing cleanup for discovery key d:9301f63dce69bf45 magicsock: doing cleanup for discovery key d:376141884d6fe072 .... It can be hundreds or even tens of thousands. So don't do that. Not a useful log message during shutdown. Change-Id: I029a8510741023f740877df28adff778246c18e5 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-17net/dns: fix recently added URL scheme from http to httpsBrad Fitzpatrick2-2/+2
I typoed/brainoed in the earlier 358262869176bfddf369517994ac0337712f75e0 Change-Id: Ic198a6f9911f195d9da9fc5259b5784a4b15e5e3 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-17ipn/{ipnlocal,localapi}: ensure watcher is installed before /watch-ipn-bus/ ↵salman3-5/+48
responds with 200 This change delays the first flush in the /watch-ipn-bus/ handler until after the watcher has been successfully installed on the IPN bus. It does this by adding a new onWatchAdded callback to LocalBackend.WatchNotifications(). Without this, the endpoint returns a 200 almost immediatly, and only then installs a watcher for IPN events. This means there's a small window where events could be missed by clients after calling WatchIPNBus(). Fixes tailscale/corp#8594. Signed-off-by: salman <salman@tailscale.com>
2023-01-17control/controlhttp: add TS_FORCE_NOISE_443, TS_DEBUG_NOISE_DIAL envknobsBrad Fitzpatrick1-2/+25
Updates tailscale/docker-extension#49 Change-Id: I99a154c16c92228bfdf4d2cf6c58cda00e22d72f Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-17cmd/tailscale/cli: implement --json for lock status and lock log cmdsTom DNetto1-0/+24
Signed-off-by: Tom DNetto <tom@tailscale.com>
2023-01-17licenses: update android licensesLicense Updater1-4/+4
Signed-off-by: License Updater <noreply@tailscale.com>
2023-01-17licenses: update win/apple licensesLicense Updater1-1/+1
Signed-off-by: License Updater <noreply@tailscale.com>
2023-01-15cmd/tailscale, logtail: add 'tailscale debug daemon-logs' logtail mechanismBrad Fitzpatrick4-0/+149
Fixes #6836 Change-Id: Ia6eb39ff8972e1aa149aeeb63844a97497c2cf04 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-15Remove redundant type declarationandig1-1/+1
Signed-off-by: andig <cpuidle@gmx.de>
2023-01-14flake.nix: update vendor hash.David Anderson3-3/+3
Signed-off-by: David Anderson <danderson@tailscale.com>
2023-01-14net/dns/resolvconffile: link to FAQ about resolv.conf being overwrittenBrad Fitzpatrick2-0/+2
Add link to new http://tailscale.com/s/resolvconf-overwrite page, added in tailscale/tailscale-www#2243 Change-Id: I9718399487f2ed18bf1a112581fd168aea30f232 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-14ipn/ipnlocal: move handling of expired nodes to LocalBackendAndrew Dunham6-199/+348
In order to be able to synthesize a new NetMap when a node expires, have LocalBackend start a timer when receiving a new NetMap that fires slightly after the next node expires. Additionally, move the logic that updates expired nodes into LocalBackend so it runs on every netmap (whether received from controlclient or self-triggered). Updates #6932 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Change-Id: I833390e16ad188983eac29eb34cc7574f555f2f3
2023-01-14net/{packet,tstun}: fix typo in test helper docsBrad Fitzpatrick2-2/+2
Change-Id: Ifc1684fe77c7d2585e049e0dfd7340910c47a67a Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-14net/{packet,tstun},wgengine/filter: fix unknown IP protocol handlingBrad Fitzpatrick4-15/+73
01b90df2fa4f9101e4f0ae8334b00dd9c3ccc148 added SCTP support before (with explicit parsing for ports) and 69de3bf7bfddb37b4c0e076c93115f82a51ec407 tried to add support for arbitrary IP protocols (as long as the ACL permited a port of "*", since we might not know how to find ports from an arbitrary IP protocol, if it even has such a concept). But apparently that latter commit wasn't tested end-to-end enough. It had a lot of tests, but the tests made assumptions about layering that either weren't true, or regressed since 1.20. Notably, it didn't remove the (*Filter).pre bidirectional filter that dropped all "unknown" protocol packets both leaving and entering, even if there were explicit protocol matches allowing them in. Also, don't map all unknown protocols to 0. Keep their IP protocol number parsed so it's matchable by later layers. Only reject illegal things. Fixes #6423 Updates #2162 Updates #2163 Change-Id: I9659b3ece86f4db51d644f9b34df78821758842c Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2023-01-14wgengine/filter: include IP proto number in unknown protocol errorsBrad Fitzpatrick1-2/+13
Updates #6423 Change-Id: I9e363922e2c24fdc42687707c069af5bba68b93e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.