| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The generator is still crude and do not cover most types, but it
covers all the ones needed by the tailcfg package. It's a start.
Fixes #8077.
Signed-off-by: salman <salman@tailscale.com>
|
|
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
This holds back gvisor, kubernetes, goreleaser, and esbuild, which all
had breaking API changes.
Updates #8043
Updates #7381
Updates #8042 (updates u-root which adds deps)
Change-Id: I889759bea057cd3963037d41f608c99eb7466a5b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
#cleanup
Change-Id: I13757ee20240166af72606d166e840ae3ee797d7
Signed-off-by: M. J. Fromberger <fromberger@tailscale.com>
|
|
Signed-off-by: License Updater <noreply@tailscale.com>
|
|
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.24+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.24)
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
We removed it earlier in 916aa782af5d43ccfa92f6245201796df212fb8a, but we still want to support it for some time longer.
Updates tailscale/corp#9967
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Updates #8037
Updates #7826
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This change introduces address selection for wireguard only endpoints.
If a endpoint has not been used before, an address is randomly selected
to be used based on information we know about, such as if they are able
to use IPv4 or IPv6. When an address is initially selected, we also
initiate a new ICMP ping to the endpoints addresses to determine which
endpoint offers the best latency. This information is then used to
update which endpoint we should be using based on the best possible
route. If the latency is the same for a IPv4 and an IPv6 address, IPv6
will be used.
Updates #7826
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
Updates #docs
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
In the case where the exit node requires SNAT, we would SNAT all traffic not just the
traffic meant to go through the exit node. This was a result of the default route being
added to the routing table which would match basically everything.
In this case, we need to account for all peers in the routing table not just the ones
that require NAT.
Fix and add a test.
Updates tailscale/corp#8020
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Avoid selecting an endpoint as "better" than the current endpoint if the
total latency improvement is less than 1%. This adds some hysteresis to
avoid flapping between endpoints for a minimal improvement in latency.
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: If8312e1768ea65c4b4d4e13d8de284b3825d7a73
|
|
Updates https://github.com/tailscale/corp/issues/10943
Signed-off-by: Tom DNetto <tom@tailscale.com>
|
|
This passes the *dnscache.Resolver down from the Direct client into the
Noise client and from there into the controlhttp client. This retains
the Resolver so that it can share state across calls instead of creating
a new resolver.
Updates #4845
Updates #6110
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: Ia5d6af1870f3b5b5d7dd5685d775dcf300aec7af
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
Every time we change `installer.sh`, run it in a few docker
containers based on different Linux distros, just as a simple test.
Also includes a few changes to the installer script itself to make
installation work in docker:
- install dnf config-manager command before running it
- run zypper in non-interactive mode
- update pacman indexes before installing packages
Updates https://github.com/tailscale/corp/issues/8952
Signed-off-by: Anton Tolchanov <anton@tailscale.com>
|
|
Updates #1748
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
I need this for a corp change where I have a set as a queue, and make a
different decisison if the set is empty.
Updates tailscale/corp#10344
Signed-off-by: James Tucker <james@tailscale.com>
|
|
Signed-off-by: ayanamist <ayanamist@gmail.com>
|
|
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Updates #cleanup
Signed-off-by: James Tucker <james@tailscale.com>
|
|
Can't have a dupe when the dupe is wrong. Clearly we need to up
our spell checking game. Did anyone say AI?
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
The action cache restore process either matches the restore key pattern
exactly, or uses a matching prefix with the most recent date.
If the restore key is an exact match, then no updates are uploaded, but
if we've just computed tests executions for more recent code then we
will likely want to use those results in future runs.
Appending run_id to the cache key will give us an always new key, and
then we will be restore a recently uploaded cache that is more likely
has a higher overlap with the code being tested.
Updates #7975
Signed-off-by: James Tucker <james@tailscale.com>
|
|
DERP doesn't support HTTP/2. If an HTTP/2 proxy was placed in front of
a DERP server requests would fail because the connection would
be initialized with HTTP/2, which the DERP client doesn't support.
Signed-off-by: Kyle Carberry <kyle@carberry.com>
|
|
This change adds a v6conn to the pinger to enable sending pings to v6
addrs.
Updates #7826
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
It was printing like "v0xxxxxxxx" after version.Long became a func
in 8b2ae47c31c9574d.
Fixes #7976
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
We need to always specify tags when creating an AuthKey from an OAuth key.
Check for that, and reuse the `--advertise-tags` param.
Updates #7982
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Updates #7982
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Updates #7982
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This fix does not seem ideal, but the test infrastructure using a local
goos doesn't seem to avoid all of the associated challenges, but is
somewhat deeply tied to the setup.
The core issue this addresses for now is that when run on Windows there
can be no code paths that attempt to use an invalid UID string, which on
Windows is described in [1].
For the goos="linux" tests, we now explicitly skip the affected
migration code if runtime.GOOS=="windows", and for the Windows test we
explicitly use the running users uid, rather than just the string
"user1". We also now make the case where a profile exists and has
already been migrated a non-error condition toward the outer API.
Updates #7876
[1] https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-identifiers
Signed-off-by: James Tucker <jftucker@gmail.com>
|
|
Benchmark flags prevent test caching, so benchmarks are now executed
independently of tests.
Fixes #7975
Signed-off-by: James Tucker <james@tailscale.com>
|
|
Previously we would error out when the recording server disappeared after the in memory
buffer filled up for the io.Copy. This makes it so that we handle failing open correctly
in that path.
Updates tailscale/corp#9967
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Fixes #7963
Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
|
|
Signed-off-by: License Updater <noreply@tailscale.com>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
Updates tailscale/corp#8020
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Fixes #6784
This PR makes it so that we can persist the tailscaled state with
intelligent tiering which increases the capacity from 4kb to 8kb
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
|
|
Looks like on some systems there's an IPv6 address, but then opening
a IPv6 UDP socket fails later. Probably some firewall. Tolerate it
better and don't crash.
To repro: check the "udp6" to something like "udp7" (something that'll
fail) and run "go run ./cmd/tailscale netcheck" on a machine with
active IPv6. It used to crash and now it doesn't.
Fixes #7949
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
This adds support to try dialing out to multiple recorders each
with a 5s timeout and an overall 30s timeout. It also starts respecting
the actions `OnRecordingFailure` field if set, if it is not set
it fails open.
Updates tailscale/corp#9967
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
This allows control to specify how to handle situations where the recorder
isn't available.
Updates tailscale/corp#9967
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Signed-off-by: Flakes Updater <noreply@tailscale.com>
|
|
A follow-up PR will start using this field after we set it in our
production DERPMap.
Updates #7925
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: Idb41b79e6055dddb8944f79d91ad4a186ace98c7
|
|
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I630f852d9f16c951c721b34f2bc4128e68fe9475
|
|
Fixes https://github.com/tailscale/tailscale/issues/7862
Fixes https://github.com/tailscale/tailscale/issues/7899
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
On some platforms (notably macOS and iOS) we look up the default
interface to bind outgoing connections to. This is both duplicated
work and results in logspam when the default interface is not available
(i.e. when a phone has no connectivity, we log an error and thus cause
more things that we will try to upload and fail).
Fixed by passing around a netmon.Monitor to more places, so that we can
use its cached interface state.
Fixes #7850
Updates #7621
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
|
|
We are seeing indications that some devices are still getting into an
upload loop. Bump logInterval in case these devices are on slow
connections that are taking more than 3 seconds to uploads sockstats.
Updates #7719
Signed-off-by: Will Norris <will@tailscale.com>
|
|
We're using it in more and more places, and it's not really specific to
our use of Wireguard (and does more just link/interface monitoring).
Also removes the separate interface we had for it in sockstats -- it's
a small enough package (we already pull in all of its dependencies
via other paths) that it's not worth the extra complexity.
Updates #7621
Updates #7850
Signed-off-by: Mihai Parparita <mihai@tailscale.com>
|
|
Updates #6526
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I274b7ed53ee0be3fb94fdb00cafe06a1d676e1cf
|
