| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Updates #cleanup
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Every time I use WhoIsResponse I end up writing mildly irritating nil-checking
for both Node and UserProfile, but it turns out our code guarantees that both
are non-nil in successful whois responses.
Updates #cleanup
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Like net/http.Server.BaseContext, this lets callers specify a base
context for dials.
Updates tailscale/corp#12702
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #4217
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
The nonce value is not read by anything, and di.sharedKey.Seal()
a few lines below generates its own. #cleanup
Signed-off-by: salman <salman@tailscale.com>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
Updates #cleanup
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
slices.SortFunc suffered a late-in-cycle API breakage.
Updates #cleanup
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #8587
Signed-off-by: Claire Wang <claire@tailscale.com>
|
|
Updates #8587
Signed-off-by: Claire Wang <claire@tailscale.com>
|
|
While our `shouldStartDomainRenewal` check is correct, `getCertPEM`
would always bail if the existing cert is not expired. Add the same
`shouldStartDomainRenewal` check to `getCertPEM` to make it proceed with
renewal when existing certs are still valid but should be renewed.
The extra check is expensive (ARI request towards LetsEncrypt), so cache
the last check result for 1hr to not degrade `tailscale serve`
performance.
Also, asynchronous renewal is great for `tailscale serve` but confusing
for `tailscale cert`. Add an explicit flag to `GetCertPEM` to force a
synchronous renewal for `tailscale cert`.
Fixes #8725
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Signed-off-by: tinku-tailscale <139132124+tinku-tailscale@users.noreply.github.com>
|
|
This change introduces a new subcommand, `exit-node`, along with a
subsubcommand of `list` and a `--filter` flag.
Exit nodes without location data will continue to be displayed when
`status` is used. Exit nodes with location data will only be displayed
behind `exit-node list`, and in status if they are the active exit node.
The `filter` flag can be used to filter exit nodes with location data by
country.
Exit nodes with Location.Priority data will have only the highest
priority option for each country and city listed. For countries with
multiple cities, a <Country> <Any> option will be displayed, indicating
the highest priority node within that country.
Updates tailscale/corp#13025
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
Updates #cleanup
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #8720
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates tailscale/corp#13464
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates tailscale/corp#13464
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates tailscale/corp#13464
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates tailscale/corp#13464
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Implement `tailscale update` on FreeBSD. This is much simpler than other
platforms because `pkg rquery` lets us get the version in their repos
without any extra parsing.
Updates #6995
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Define PeerCapabilty and PeerCapMap as the new way of sending down
inter-peer capability information.
Previously, this was unstructured and you could only send down strings
which got too limiting for certain usecases. Instead add the ability
to send down raw JSON messages that are opaque to Tailscale but provide
the applications to define them however they wish.
Also update accessors to use the new values.
Updates #4217
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Similar to Arch support, use the latest version info from the official
`apk` repo and don't offer explicit track or version switching.
Add detection for Alpine Linux in version/distro along the way.
Updates #6995
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
One is a straight "I forgot how to Go" bug, the others are semantic
mismatches with the main implementation around masking the prefixes
passed to insert/delete.
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
This is a prerequisite for path compression, so that insert/delete
can determine when compression occurred.
Updates #7781
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #7866
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
This is the Fedora family of distros, including CentOS, RHEL and others.
Tested in `fedora:latest` and `centos:7` containers.
Updates #6995
Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
|
|
Updates tailscale/corp#13375
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Appliances built using https://gokrazy.org/ have a read-only root file system,
including /etc/resolv.conf, which is a symlink to /tmp/resolv.conf.
The system’s dhcp client overwrites /tmp/resolv.conf instead,
so we need to use this path in Tailscale, too.
related to https://github.com/gokrazy/gokrazy/issues/209
fixes https://github.com/tailscale/tailscale/issues/8689
Signed-off-by: Michael Stapelberg <michael@stapelberg.de>
|
|
For https://github.com/tailscale/go/commit/a96a9eddc031c85f22378ef1e37e3fd7e9c482ef
Updates tailscale/corp#12702
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #docs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #8645
Signed-off-by: Jenny Zhang <jz@tailscale.com>
|
|
Updates #8587
Signed-off-by: Claire Wang <claire@tailscale.com>
|
|
If the connection provided to sftp.NewServer is closed,
Serve returns the io.EOF error verbatim from io.Reader.Read.
This is an odd error since this is an expected situation,
so we manually ignore io.EOF.
This is somewhat buggy since the sftp package itself
incorrectly reports io.EOF in cases where it should actually
be reporting io.ErrUnexpectedEOF.
See https://github.com/pkg/sftp/pull/554 which patches Serve to
return nil on clean closes and fixes buggy uses of io.ReadFull.
Fixes #8592
Signed-off-by: Joe Tsai <joetsai@digital-static.net>
|
|
The util/linuxfw/iptables.go had a bunch of code that wasn't yet used
(in prep for future work) but because of its imports, ended up
initializing code deep within gvisor that panicked on init on arm64
systems not using 4KB pages.
This deletes the unused code to delete the imports and remove the
panic. We can then cherry-pick this back to the branch and restore it
later in a different way.
A new test makes sure we don't regress in the future by depending on
the panicking package in question.
Fixes #8658
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
