| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This PR parameterizes receiving loopback updates from the portlist package.
Callers can now include services bound to localhost if they want.
Note that this option is off by default still.
Fixes #8171
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
|
|
Signed-off-by: Will Norris <will@tailscale.com>
|
|
This change introduces a SSHSessionRecordingFailed event type
that is used when a session recording fails to start or fails during a
session, and the on failure indicates that it should fail open.
Updates tailscale/corp#9967
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
The authorize device API (/api/v2/device/{deviceID}/authorized)
will soon allow device deauthorisation.
Fixes corp#10160.
Signed-off-by: salman <salman@tailscale.com>
|
|
58ab66ec51f1963fbee302c75ad0017d81d37884 added LDAP support
for #4945 by shelling out to getdent.
It was supposed to fall back to the old method when getdent wasn't
found, but some variable name confusion (uid vs username) meant the
old path wasn't calling the right lookup function (user.LookupId
instead of user.Lookup).
Which meant that changed probably also broke FreeBSD and macOS SSH
support in addition to the reported OpenWRT regression.
The gokrazy support didn't look right either.
Fixes #8180
Change-Id: I273bbe96fe98b2517fbf0335fd476b483c051554
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Hey team! I've been diving deep into the code ocean for the past few
hours, tackling those sneaky race conditions that were threatening our
database. It was quite the crabby situation, but fear not! It's friday
and I've emerged and I'm ready to shell-ebrate with some punny word
additions. 🎉
This commit introduces a shell-shocking array of crustaceans to our word
list. From the lively lobsters to the clever prawns.
Signed-off-by: James Tucker <james@tailscale.com>
|
|
~97% of the log messages derper outputs are related to the normal
non-error state of a client disconnecting in some manner. Add a
verbose logging feature that only logs these messages when enabled.
Fixes #8024
Signed-off-by: Val <valerie@tailscale.com>
|
|
We were only closing on side of the pty/tty pair.
Close the other side too.
Thanks to @fritterhoff for reporting and debugging the issue!
Fixes #8119
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Updates #8155
Signed-off-by: Gabriel Martinez <gabrielmartinez@sisti.pt>
|
|
Updates tailscale/tailscale#8026
Signed-off-by: Derek Kaser <derek.kaser@gmail.com>
|
|
Usage: `tailscale serve reset`
Fixes #8139
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
|
|
The client/tailscale is a stable-ish API we try not to break. Revert
the Client.CreateKey method as it was and add a new
CreateKeyWithExpiry method to do the new thing. And document the
expiry field and enforce that the time.Duration can't be between in
range greater than 0 and less than a second.
Updates #7143
Updates #8124 (reverts it, effectively)
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
|
|
Adds a parameter for create key that allows a number of seconds
(less than 90) to be specified for new keys.
Fixes https://github.com/tailscale/tailscale/issues/7965
Signed-off-by: Matthew Brown <matthew@bargrove.com>
|
|
getSingleObject can return `nil, nil`, getDeviceInfo was not handling
that case which resulted in panics.
Fixes #7303
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
We have two other types of Sets here. Add the basic obvious one too.
Needed for a change elsewhere.
Updates #cleanup
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
The retry logic was pathological in the following ways:
* If we restarted the logging service, any pending uploads
would be placed in a retry-loop where it depended on backoff.Backoff,
which was too aggresive. It would retry failures within milliseconds,
taking at least 10 retries to hit a delay of 1 second.
* In the event where a logstream was rate limited,
the aggressive retry logic would severely exacerbate the problem
since each retry would also log an error message.
It is by chance that the rate of log error spam
does not happen to exceed the rate limit itself.
We modify the retry logic in the following ways:
* We now respect the "Retry-After" header sent by the logging service.
* Lacking a "Retry-After" header, we retry after a hard-coded period of
30 to 60 seconds. This avoids the thundering-herd effect when all nodes
try reconnecting to the logging service at the same time after a restart.
* We do not treat a status 400 as having been uploaded.
This is simply not the behavior of the logging service.
Updates #tailscale/corp#11213
Signed-off-by: Joe Tsai <joetsai@digital-static.net>
|
|
This test was either fixed by intermediate changes or was mis-flagged as
failing during #7876 triage.
Updates #7876
Signed-off-by: James Tucker <jftucker@gmail.com>
|
|
This test was either fixed in the intermediate time or mis-flagged
during the #7876 triage, but is now passing.
Updates #7876
Signed-off-by: James Tucker <jftucker@gmail.com>
|
|
Fix regression from 6e967446e41
Updates #8036
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
The subshell in which gocross gets built cd's to the corp checkout dir
near the top, so all future references to corp repository files should
be simple relative paths, and not reference $repo_root. When $repo_root
is an absolute path, it doesn't matter and everything works out, but on
some OSes and shells and invocations, $repo_root is a completely relative
path that is invalidated by the "cd".
Fixes tailscale/corp#11183
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
I noticed cmd/{cloner,viewer} didn't support structs with embedded
fields while working on a change in another repo. This adds support.
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Wait 2 minutes before we start reporting battery usage. There is always
radio activity on initial startup, which gets reported as 100% high
power usage. Let that settle before we report usage data.
Updates tailscale/corp#9230
Signed-off-by: Will Norris <will@tailscale.com>
|
|
According to https://wiki.debian.org/SupportedArchitectures Debian does
not support big-endian mips64, so that one remains disabled.
According to https://fedoraproject.org/wiki/Architectures Fedora only
supports little-endian mips, so leaving both big-endian ones out too.
Updates #8005.
Signed-off-by: salman <salman@tailscale.com>
|
|
Fixes: #7813
Signed-off-by: Craig Rodrigues <rodrigc@crodrigues.org>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
The previous commit 58ab66e added ssh/tailssh/user.go as part of
working on #4945. So move some more user-related code over to it.
Updates #cleanup
Change-Id: I24de66df25ffb8f867e1a0a540d410f9ef16d7b0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Fixes #4945
Change-Id: Ie013cb47684cb87928a44f92c66352310bfe53f1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Current code will set the "dirty" field of VersionInfo always "true"
if vcs.modified flag is there. No matter whether the flag is "true" or
"false". It will make sense to set this field due to vcs.modified
value, not only the existence of the key.
Signed-off-by: Chenyang Gao <gps949@outlook.com>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
Signed-off-by: License Updater <noreply@tailscale.com>
|
|
Signed-off-by: Chenyang Gao <gps949@outlook.com>
in commit 6e96744, the tsd system type has been added.
Which will cause the daemon will crash on some OSs (Windows, darwin and so on).
The root cause is that on those OSs, handleSubnetsInNetstack() will return true and set the conf.Router with a wrapper.
Later in NewUserspaceEngine() it will do subsystem set and found that early set router mismatch to current value, then panic.
|
|
expvar can only be defined once, so running tests with a repeat counter
will fail if the variables are defined inside of the test function.
Observed failure:
```
--- FAIL: TestHandler (0.00s)
panic: Reuse of exported var name: gauge_promvarz_test_expvar
[recovered]
panic: Reuse of exported var name: gauge_promvarz_test_expvar
goroutine 9 [running]:
testing.tRunner.func1.2({0x100f267e0, 0x1400026e770})
/usr/local/go/src/testing/testing.go:1526 +0x1c8
testing.tRunner.func1()
/usr/local/go/src/testing/testing.go:1529 +0x364
panic({0x100f267e0, 0x1400026e770})
/usr/local/go/src/runtime/panic.go:884 +0x1f4
log.Panicln({0x140000b8e20?, 0x1a?, 0x1400026e750?})
/usr/local/go/src/log/log.go:398 +0x60
expvar.Publish({0x100e2b21d, 0x1a}, {0x100fd7a08?, 0x140000232c0})
/usr/local/go/src/expvar/expvar.go:284 +0xc0
expvar.NewInt(...)
/usr/local/go/src/expvar/expvar.go:304
tailscale.com/tsweb/promvarz.TestHandler(0x14000082b60)
/Users/charlotte/ts-src/tailscale/tsweb/promvarz/promvarz_test.go:18 +0x5c
testing.tRunner(0x14000082b60, 0x100fd5858)
/usr/local/go/src/testing/testing.go:1576 +0x104
created by testing.(*T).Run
/usr/local/go/src/testing/testing.go:1629 +0x370
FAIL tailscale.com/tsweb/promvarz 0.149s
```
Fixes #8065
Signed-off-by: James Tucker <james@tailscale.com>
|
|
This change bumps the capability version to 62, after support for
sending SSHEventNotificationRequests to control via noise for failure
events was introduced.
Updates tailscale/corp#9967
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
This change adds a ConnectionID field to both SSHEventNotifyRequest and
CastHeader that identifies the ID of a connection to the SSH server.
Updates tailscale/corp#9967
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
This change sends an SSHEventNotificationRequest over noise when a
SSH session is set to fail closed and the session is unable to start
because a recorder is not available or a session is terminated because
connection to the recorder is ended. Each of these scenarios have their
own event type.
Updates tailscale/corp#9967
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
This change renames SSHFailureNotifyRequest to SSHEventNotifyRequest
to better reflect the additional events we could add in the future.
This change also adds an EventType used to catagories the events.
Updates tailscale/corp#9967
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
This change introduces a NodeKey func on localbackend that returns the
public node key.
Updates tailscale/corp#9967
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
It was supposed to be best effort but in some cases (macsys at least,
per @marwan-at-work) it hangs and exhausts the whole context.Context
deadline so we fail to make the SetDNS call to the server.
Updates #8067
Updates #3273 etc
Change-Id: Ie1f04abe9689951484748aecdeae312afbafdb0f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
`interfaces.Tailscale()` returns all zero values when it finds no
Tailscale interface and encounters no errors. The netns package was
treating no error as a signal that it would receive a non-zero pointer
value leading to nil pointer dereference.
Observed in:
```
--- FAIL: TestGetInterfaceIndex (0.00s)
--- FAIL: TestGetInterfaceIndex/IP_and_port (0.00s)
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x1029eb7d8]
goroutine 7 [running]:
testing.tRunner.func1.2({0x102a691e0, 0x102bc05c0})
/Users/raggi/.cache/tailscale-go/src/testing/testing.go:1526 +0x1c8
testing.tRunner.func1()
/Users/raggi/.cache/tailscale-go/src/testing/testing.go:1529 +0x384
panic({0x102a691e0, 0x102bc05c0})
/Users/raggi/.cache/tailscale-go/src/runtime/panic.go:884 +0x204
tailscale.com/net/netns.getInterfaceIndex(0x14000073f28, 0x1028d0284?, {0x1029ef3b7, 0xa})
/Users/raggi/src/github.com/tailscale/tailscale/net/netns/netns_darwin.go:114 +0x228
tailscale.com/net/netns.TestGetInterfaceIndex.func2(0x14000138000)
/Users/raggi/src/github.com/tailscale/tailscale/net/netns/netns_darwin_test.go:37 +0x54
testing.tRunner(0x14000138000, 0x140000551b0)
/Users/raggi/.cache/tailscale-go/src/testing/testing.go:1576 +0x10c
created by testing.(*T).Run
/Users/raggi/.cache/tailscale-go/src/testing/testing.go:1629 +0x368
FAIL tailscale.com/net/netns 0.824s
```
Fixes #8064
Signed-off-by: James Tucker <jftucker@gmail.com>
|
|
This is part of an effort to clean up tailscaled initialization between
tailscaled, tailscaled Windows service, tsnet, and the mac GUI.
Updates #8036
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates tailscale/tailscale#8025
Signed-off-by: Derek Kaser <derek.kaser@gmail.com>
|
|
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
|
|
Periodic update for start of cycle. goreleaser is not updated to v2 yet,
but indirects updated.
Updates #8043
Signed-off-by: James Tucker <james@tailscale.com>
|
|
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
|
|
Periodic update for start of cycle.
Updates #8043
Signed-off-by: James Tucker <james@tailscale.com>
|
|
The key is to update sigs.k8s.io/controller-runtime and let it update others.
Updates #8043
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Updates #3707
Co-authored-by: Marwan Sulaiman <marwan@tailscale.com>
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Installer script relies on pkgs.tailscale.com being reachable, both for
checking what Linux distros are supported, but also for actually
downloading repo configuration files, gpg keys and packages themselves.
This change adds a simple reachability check which will print an error
message when pkgs.tailscale.com is not reachable.
Fixes https://github.com/tailscale/corp/issues/8952
Signed-off-by: Anton Tolchanov <anton@tailscale.com>
|
