| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
EXTREME WIP, DO NOT SUBMIT
Updates #1227
|
|
Fixes tailscale/corp#11876
Signed-off-by: Nick O'Neill <nick@tailscale.com>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
Adds two new headers to HTTP serve proxy:
- `Tailscale-User-Login`: Filled with requester's login name.
- `Tailscale-User-Name`: Filled with requester's display name.
These headers only get filled when the SrcAddr is associated with
a non-tagged (i.e. user-owned) node within the client's Tailnet.
The headers are passed through empty when the request originated
from another tailnet, or the public internet (via funnel).
Updates https://github.com/tailscale/tailscale/issues/6954
Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
|
|
Fixes #8344
Signed-off-by: Claire Wang <claire@tailscale.com>
|
|
Closes #8342
Signed-off-by: Claire Wang <claire@tailscale.com>
|
|
* tka: provide verify-deeplink local API endpoint
Fixes https://github.com/tailscale/tailscale/issues/8302
Signed-off-by: Andrea Gottardo <andrea@tailscale.com>
Address code review comments
Signed-off-by: Andrea Gottardo <andrea@tailscale.com>
Address code review comments by Ross
Signed-off-by: Andrea Gottardo <andrea@tailscale.com>
* Improve error encoding, fix logic error
Signed-off-by: Andrea Gottardo <andrea@tailscale.com>
---------
Signed-off-by: Andrea Gottardo <andrea@tailscale.com>
|
|
Signed-off-by: Graham Christensen <graham@grahamc.com>
|
|
Updates tailscale/corp#11620
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
LocalBackend
The netstack code had a bunch of logic to figure out if the LocalBackend should handle an
incoming connection and then would call the function directly on LocalBackend. Move that
logic to LocalBackend and refactor the methods to return conn handlers.
Updates #cleanup
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Address reports of subnet router instability when running in
`--tun=userspace-networking` mode.
Fixes https://github.com/tailscale/corp/issues/12184
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.4.0 to 3.6.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/08e2f20817b15149a52b5b3ebe7de50aff2ba8c5...639cd343e1d3b897ff35927a75193d57cfcba299)
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
Also fix a js/wasm issue with tsnet in the process. (same issue as WASI)
Updates #8320
Fixes #8315
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
|
|
A start.
Updates #8320
Change-Id: I64057f977be51ba63ce635c56d67de7ecec415d1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
If you start hearing everything in auto-tune for the rest of the day,
I take no responsibility for it.
Signed-off-by: Charlotte Brandhorst-Satzkorn <charlotte@tailscale.com>
|
|
We've talked in the past about reworking how bootstrap DNS works to
instead do recursive DNS resolution from the root; this would better
support on-prem customers and Headscale users where the DERP servers
don't currently resolve their DNS server. This package is an initial
implementation of recursive resolution for A and AAAA records.
Updates #5853
Change-Id: Ibe974d78709b4b03674b47c4ef61f9a00addf8b4
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
|
|
This basically allows running services on the SSH client and reaching
them from the SSH server during the session.
Updates #6575
Signed-off-by: Maisem Ali <maisem@tailscale.com>
|
|
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: If97995ca9ee9fad40f327420dcb1857dd7ea2315
|
|
Switch our best address selection to use a scoring-based approach, where
we boost each address based on whether it's a private IP or IPv6.
For users in cloud environments, this biases endpoint selection towards
using an endpoint that is less likely to cost the user money, and should
be less surprising to users.
This also involves updating the tests to not use private IPv4 addresses;
other than that change, the behaviour should be identical for existing
endpoints.
Updates #8097
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I069e3b399daea28be66b81f7e44fc27b2943d8af
|
|
I left a few out where writing it explicitly was better
for various reasons.
Updates #8296
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Change-Id: I317b6e61d62212efca0e905ea9c626cc24a6912b
Signed-off-by: Jenny Zhang <jz@tailscale.com>
|
|
Updates #8296
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
|
|
Another change needed working towards #8282.
Updates https://github.com/tailscale/tailscale/issues/8282
Signed-off-by: Andrea Gottardo <andrea@tailscale.com>
|
|
This PR removes all async functionality from the portlist package
which may be a breaking change for non-tailscale importers. The only
importer within this codebase (LocalBackend) is already using the synchronous
API so no further action needed.
Fixes #8171
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
|
|
This is needed in order to build our network extension on tvOS. First step for #8282
Signed-off-by: Andrea Gottardo <andrea@tailscale.com>
Co-authored-by: Andrea Gottardo <andrea@tailscale.com>
|
|
Followup from a conversation on the Gophers slack, also matches the
examples in the tsnet kb.
Closes #8287
Signed-off-by: Xe Iaso <xe@tailscale.com>
|
|
This is a follow up on PR #8172 that adds a synchronous Poll method
which allows for the Poller to be used as a zero value without needing
the constructor. The local backend is also changed to use the new API.
A follow up PR will remove the async functionality from the portlist package.
Updates #8171
Signed-off-by: Marwan Sulaiman <marwan@tailscale.com>
|
|
Max username length is increased to 256 on linux to match /usr/include/bits/local_lim.h
Fixes #8277
Signed-off-by: Derek Burdick <derek-burdick@users.noreply.github.com>
|
|
Updates https://github.com/tailscale/tailscale/issues/5161
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
The invocation at the end unconditionally used
./tool/go, but the structuring on lines 14-17
sets up to use a different toolchain if the
platform requires it.
Fixes https://github.com/tailscale/tailscale/issues/8156
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
Fixes https://github.com/tailscale/tailscale/issues/5633
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Signed-off-by: DJRHails <hello@hails.info>
|
|
Allow calls to `WatchIPNBus` to be permformed by clients with
Readonly permissions. This brings it in line with the permissions
required for `Status`, which also exposes the similar information.
This allows clients to get realtime updates about the tailnet
in their own applications, without needing to actively poll the
`Status` endpoint.
Fixes https://github.com/tailscale/tailscale/issues/7797
Signed-off-by: Dominic Black <dom@encore.dev>
|
|
This replicates the headers also sent by the golang reverse proxy by
default.
Fixes https://github.com/tailscale/tailscale/issues/7061
Signed-off-by: Heiko Rothe <me@heikorothe.com>
|
|
Fixes https://github.com/tailscale/tailscale/issues/8100
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
|
Instead of renewing certificates based on whether or not they're expired
at a fixed 14-day period in the future, renew based on whether or not
we're more than 2/3 of the way through the certificate's lifetime. This
properly handles shorter-lived certificates without issue.
Updates #8204
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I5e82a9cadc427c010d04ce58c7f932e80dd571ea
|
|
Signed-off-by: License Updater <noreply+license-updater@tailscale.com>
|
|
Updates tailscale/corp#11883
Change-Id: I3a3ca8f25bfefca139115b25ec4161c069da7e4a
Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
|
|
In order to improve our ability to understand the state of policies and
registry settings when troubleshooting, we enumerate all values in all subkeys.
x/sys/windows does not already offer this, so we need to call RegEnumValue
directly.
For now we're just logging this during startup, however in a future PR I plan to
also trigger this code during a bugreport. I also want to log more than just
registry.
Fixes #8141
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
|
|
Signed-off-by: Flakes Updater <noreply+flakes-updater@tailscale.com>
|
|
Fixes #8170
Signed-off-by: Vince Prignano <vince@prigna.com>
|
|
This adds a new `SetAuthorized` method that allows setting device
authorization to true or false. I chose the method name to be consistent
with SetTags.
Updates https://github.com/tailscale/corp/issues/10160
Signed-off-by: Anton Tolchanov <anton@tailscale.com>
|
|
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5...284f54f989303d2699d373481a0cfa13ad5a6666)
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
This platform is technically an armv7, but has no hardware floating
point unit. armv5 is the only target Go understands to lack floating
point, so use that.
Updates #6860
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Updates #8217
Signed-off-by: David Anderson <danderson@tailscale.com>
|
|
Various BSD-derived operating systems including macOS and FreeBSD
require that ping6 be used for IPv6 destinations. The "ping" command
does not understand an IPv6 destination.
FreeBSD 13.x and later do handle IPv6 in the regular ping command,
but also retain a ping6 command. We use ping6 on all versions of
FreeBSD.
Fixes https://github.com/tailscale/tailscale/issues/8225
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
