TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-02-28 11:17:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,155 Commits 773 Branches 166 Tags
Commit Graph

684 Commits

Author SHA1 Message Date
Brad Fitzpatrick
36b1df1241 cmd/tailscale/cli: add --watch flag to "debug metrics" subcommand 
This adds a new --watch flag that prints out a block of metric changes
every second, if anything changed.

Example output:

magicsock_disco_recv_ping    +1 => 254
magicsock_disco_recv_pong    +1 => 218
magicsock_disco_recv_udp     +2 => 472
magicsock_disco_send_udp     +2 => 536
magicsock_disco_sent_udp     +2 => 536
magicsock_recv_data_ipv6     +1 => 82
magicsock_send_data          +1 => 86
magicsock_send_udp           +3 => 620

magicsock_recv_data_ipv6    +1 => 83
magicsock_send_data         +1 => 87
magicsock_send_udp          +1 => 621

magicsock_disco_recv_ping    +1 => 255
magicsock_disco_recv_pong    +1 => 219
magicsock_disco_recv_udp     +2 => 474
magicsock_disco_send_udp     +2 => 538
magicsock_disco_sent_udp     +2 => 538
magicsock_recv_data_ipv6     +1 => 84
magicsock_send_data          +1 => 88
magicsock_send_udp           +3 => 624

magicsock_recv_data_ipv6    +1 => 85
magicsock_send_data         +1 => 89
magicsock_send_udp          +1 => 625

controlclient_map_response_map          +1 => 207
controlclient_map_response_map_delta    +1 => 204
controlclient_map_response_message      +1 => 275
magicsock_disco_recv_ping               +3 => 258
magicsock_disco_recv_pong               +2 => 221
magicsock_disco_recv_udp                +5 => 479
magicsock_disco_send_derp               +1 => 6
magicsock_disco_send_udp                +7 => 545
magicsock_disco_sent_derp               +1 => 6
magicsock_disco_sent_udp                +7 => 545
magicsock_recv_data_ipv6                +1 => 86
magicsock_send_data                     +1 => 90
magicsock_send_derp                     +1 => 12
magicsock_send_derp_queued              +1 => 12
magicsock_send_udp                      +8 => 633

Updates #3307

Change-Id: I5ac2511e3ad24fa1e6ea958c3946fecebe4f79a7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-11-16 13:48:21 -08:00
Brad Fitzpatrick
24ea365d48 netcheck, controlclient, magicsock: add more metrics 
Updates #3307

Change-Id: Ibb33425764a75bde49230632f1b472f923551126
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-11-16 10:48:19 -08:00
Brad Fitzpatrick
68917fdb5d cmd/tailscale/cli: add "debug metrics" subcommand 
To let users inspect the tailscaled metrics easily.

Updates #3307

Change-Id: I922126ca0626659948c57de74c6ef62f40ef5f5f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-11-15 15:13:25 -08:00
Brad Fitzpatrick
945290cc3f cmd/tailscale/cli: migrate hidden debug subcommand to use subcomands 
It was a mess of flags. Use subcommands under "debug" instead.

And document loudly that it's not a stable interface.

Change-Id: Idcc58f6a6cff51f72cb5565aa977ac0cc30c3a03
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-11-15 15:03:58 -08:00
Brad Fitzpatrick
2b082959db safesocket: add WindowsLocalPort const 
Remove all the 41112 references.

Change-Id: I2d7ed330d457e3bb91b7e6416cfb2667611e50c4
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-11-05 14:05:13 -07:00
David Anderson
37c150aee1 derp: use new node key type. 
Update #3206

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-10-28 16:02:11 -07:00
David Anderson
15376f975b types/wgkey: delete, no longer used. 
Updates #3206

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-10-28 14:53:38 -07:00
Josh Bleecher Snyder
640de1921f depaware: update 
To fix build broken by c9bf77331230c61bf2070bc298592beb360993fd.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2021-10-28 12:35:14 -07:00
Brad Fitzpatrick
31e4f60047 version: embed VERSION.txt in unstamped version 
Temporary measure until we switch to Go 1.18.

    $ go run ./cmd/tailscale version
    1.17.0-date.20211022
      go version: go1.17

Updates #81

Change-Id: Ic82ebffa5f46789089e5fb9810b3f29e36a47f1a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-28 09:48:24 -07:00
Brad Fitzpatrick
675f9cd199 cmd/tailscale/cli: add, use log.Fatalf indirection for js/wasm 
Updates #3157

Change-Id: I97a4962a44bd36313ff68388e3de0d852a8fa869
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-27 15:19:52 -07:00
Brad Fitzpatrick
5df7ac70d6 cmd/tailscale/cli: add Stdout, Stderr and output through them 
So js/wasm can override where those go, without implementing
an *os.File pipe pair, etc.

Updates #3157

Change-Id: I14ba954d9f2349ff15b58796d95ecb1367e8ba3a
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-27 14:53:46 -07:00
Brad Fitzpatrick
3b5ada1fd8 cmd/tailscale/cli: use errors.Is to check ff's wrapped flag errors 
And also check from its Parse method.

Change-Id: I18754920575254cb6858a16b7954e74aa16483a1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-27 14:06:22 -07:00
Brad Fitzpatrick
75de4e9cc2 cmd/tailscale/cli: don't ExitOnError on js/wasm 
An os.Exit brings down the whole wasm module.

Updates #3157

Change-Id: I3daa97fd854715b901f3dbb04b57d841576b60b1
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-27 13:59:12 -07:00
Brad Fitzpatrick
505f844a43 cmd/derper, derp/derphttp: add websocket support 
Updates #3157

Change-Id: I337a919a3b350bc7bd9af567b49c4d5d6616abdd
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-22 12:51:30 -07:00
Maisem Ali
0bf515e780 cmd/tailscale: changes to --advertise-tags should wait for possible 
reauth.

Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2021-10-20 10:31:40 -04:00
Aaron Klotz
1991a1ac6a net/tstun: update tun_windows for wintun 0.14 API revisions, update wireguard-go dependency to 82d2aa87aa623cb5143a41c3345da4fb875ad85d 
Signed-off-by: Aaron Klotz <aaron@tailscale.com>
 2021-10-12 16:07:46 -06:00
Brad Fitzpatrick
2d11503cff cmd/tailscale: add up --qr to show QR code 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-06 11:13:31 -07:00
David Crawshaw
cc9cf97cbe cli: web advertise exit node button 
A couple of gnarly assumptions in this code, as always with the async
message thing.

UI button is based on the DNS settings in the admin panel.

Co-authored-by: Maisem Ali <maisem@tailscale.com>
Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
 2021-10-06 07:35:43 -07:00
Brad Fitzpatrick
98b3fa78aa cmd/tailscale: let certs/keys be written to stdout, warn about macOS sandbox 
Fixes https://twitter.com/SeanHood/status/1443668378468720647

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-04 12:12:09 -07:00
Brad Fitzpatrick
2d464cecd1 cmd/tailscale: make netcheck work when logged out 
Fixes #2993

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-04 11:42:51 -07:00
Brad Fitzpatrick
f62e6d83a9 cmd/tailscale: make cert subcommand give hints on access denied 
Lot of people have been hitting this.

Now it says:

    $ tailscale cert tsdev.corp.ts.net
    Access denied: cert access denied

    Use 'sudo tailscale cert' or 'tailscale up --operator=$USER' to not require root.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-10-01 10:27:48 -07:00
Brad Fitzpatrick
b10a55e4ed cmd/tailscale/cli: fix typo in cert usage 2021-09-30 21:23:18 -07:00
Brad Fitzpatrick
891e7986cc cmd/tailscale: make cert give hints on usage failure 
Like mentioning which cert domain(s) are valid.
 2021-09-29 14:35:00 -07:00
Brad Fitzpatrick
b822b5c798 cmd/tailscale: let up --authkey be of form file:/path/to/secret 
Fixes #2958

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-29 09:27:17 -07:00
Brad Fitzpatrick
173bbaa1a1 all: disable TCP keep-alives on iOS/Android 
Updates #2442
Updates tailscale/corp#2750

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-28 12:03:18 -07:00
Brad Fitzpatrick
ec2249b6f2 cmd/tailscale: add debug -env 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-24 13:57:45 -07:00
Brad Fitzpatrick
ace2faf7ec cmd/tailscale: make debug profiling output - mean stdout 
Because the macOS CLI runs in the sandbox, including the filesystem,
so users would be confused that -cpu-profile=prof.cpu succeeds but doesn't
write to their current directory, but rather in some random Library/Containers
directory somewhere on the machine (which varies depending on the Mac build
type: App Store vs System Extension)

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-23 15:06:53 -07:00
Brad Fitzpatrick
efb84ca60d ipn/localapi, cmd/tailscale: add CPU & memory profile support, debug command 
This was already possible on Linux if you ran tailscaled with --debug
(which runs net/http/pprof), but it requires the user have the Go
toolchain around.

Also, it wasn't possible on macOS, as there's no way to run the IPNExtension
with a debug server (it doesn't run tailscaled).

And on Windows it's super tedious: beyond what users want to do or
what we want to explain.

Instead, put it in "tailscale debug" so it works and works the same on
all platforms. Then we can ask users to run it when we're debugging something
and they can email us the output files.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-23 10:01:14 -07:00
Denton Gentry
27bc4e744c cmd/tailscale/web: support TLS from env vars. 
pfSense stores its SSL certificate and key in the PHP config.
We wrote PHP code to pull the two out of the PHP config and
into environment variables before running "tailscale web".

The pfSense web UI is served over https, we need "tailscale web"
to also support https in order to put it in an <iframe>.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
 2021-09-23 08:15:33 -07:00
Aaron Klotz
9ebb5d4205 ipn, paths: ensure that the state directory for Windows has the correct perms 
ProgramData has a permissive ACL. For us to safely store machine-wide
state information, we must set a more restrictive ACL on our state directory.
We set the ACL so that only talescaled's user (ie, LocalSystem) and the
Administrators group may access our directory.

We must include Administrators to ensure that logs continue to be easily
accessible; omitting that group would force users to use special tools to
log in interactively as LocalSystem, which is not ideal.

(Note that the ACL we apply matches the ACL that was used for LocalSystem's
AppData\Local).

There are two cases where we need to reset perms: One is during migration
from the old location to the new. The second case is for clean installations
where we are creating the file store for the first time.

Updates #2856

Signed-off-by: Aaron Klotz <aaron@tailscale.com>
 2021-09-22 14:50:00 -06:00
Brad Fitzpatrick
4549d3151c cmd/tailscale: make status show health check problems 
Fixes #2775

RELNOTE=tailscale status now shows health check problems

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-16 11:24:59 -07:00
Josh Bleecher Snyder
865d8c0d23 cmd: upgrade to ffcli v3 
None of the breaking changes from v2 to v3 are relevant to us.

Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2021-09-14 13:21:55 -07:00
Brad Fitzpatrick
640134421e all: update tests to use tstest.MemLogger 
And give MemLogger a mutex, as one caller had, which does match the logf
contract better.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-07 20:06:15 -07:00
Brad Fitzpatrick
7bfd4f521d cmd/tailscale: fix "tailscale ip $self-host-hostname" 
And in the process, fix the related confusing error messages from
pinging your own IP or hostname.

Fixes #2803

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-07 11:57:23 -07:00
Brad Fitzpatrick
4917a96aec cmd/tailscale: fix typo/pasteo in error message text 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-07 11:28:24 -07:00
Dave Anderson
980acc38ba
types/key: add a special key with custom serialization for control private keys (#2792) 
* Revert "Revert "types/key: add MachinePrivate and MachinePublic.""

This reverts commit 61c3b98a24317dcfd5cbe3db29e7d6b64b8c27a7.

Signed-off-by: David Anderson <danderson@tailscale.com>

* types/key: add ControlPrivate, with custom serialization.

ControlPrivate is just a MachinePrivate that serializes differently
in JSON, to be compatible with how the Tailscale control plane
historically serialized its private key.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-09-03 13:17:46 -07:00
David Anderson
61c3b98a24 Revert "types/key: add MachinePrivate and MachinePublic." 
Broke the tailscale control plane due to surprise different serialization.

This reverts commit 4fdb88efe1d9b4f8af0aad99bbacc814323ef92a.
 2021-09-03 11:34:34 -07:00
David Anderson
4fdb88efe1 types/key: add MachinePrivate and MachinePublic. 
Plumb throughout the codebase as a replacement for the mixed use of
tailcfg.MachineKey and wgkey.Private/Public.

Signed-off-by: David Anderson <danderson@tailscale.com>
 2021-09-03 10:07:15 -07:00
Brad Fitzpatrick
99a1c74a6a metrics: optimize CurrentFDs to not allocate on Linux 
It was 50% of our allocs on one of our servers. (!!)

Updates #2784

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-02 13:28:39 -07:00
Maisem Ali
0842e2f45b ipn/store: add ability to store data as k8s secrets. 
Signed-off-by: Maisem Ali <maisem@tailscale.com>
 2021-09-01 12:50:59 -07:00
Brad Fitzpatrick
7f29dcaac1 cmd/tailscale/cli: make up block until state Running, not just Starting 
At "Starting", the DERP connection isn't yet up. After the first netmap
and DERP connect, then it transitions into "Running".

Fixes #2708

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-09-01 08:25:42 -07:00
Brad Fitzpatrick
3c8ca4b357 client/tailscale, cmd/tailscale/cli: move version mismatch check to CLI 
So people can use the package for whois checks etc without version
skew errors.

The earlier change faa891c1f2ff759f4e5cbc158f310b3201d91b59 for #1905
was a bit too aggressive.

Fixes #2757

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-08-31 15:27:25 -07:00
Brad Fitzpatrick
21cb0b361f safesocket: add connect retry loop to wait for tailscaled 
Updates #2708

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-08-31 15:13:42 -07:00
Will Lachance
a35c3ba221
cmd/tailscale: fix truncated characters in web controller (#2722) 
Fixes #2204

Signed-off-by: William Lachance <wlach@protonmail.com>

Co-authored-by: William Lachance <wlach@protonmail.com>
Co-authored-by: Ross Zurowski <ross@rosszurowski.com>
 2021-08-27 17:10:17 -04:00
Brad Fitzpatrick
edb338f542 cmd/tailscale: fix sporadic 'context canceled' error on 'up' 
Fixes #2333

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-08-19 08:44:39 -07:00
Brad Fitzpatrick
b7ae529ecc client/tailscale: make GetCertificate guess cert if SNI lacks dots 
Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-08-18 10:08:44 -07:00
Brad Fitzpatrick
d5e1abd0c4 cmd/tailscale/cli: only write cert file if it changed 
Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-08-18 08:19:44 -07:00
Brad Fitzpatrick
57b794c338 ipn/localapi: move cert fetching code to localapi, cache, add cert subcommand 
Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-08-17 16:02:10 -07:00
Josh Bleecher Snyder
d2aa144dcc syncs: bump known good version to include Go 1.17 
Signed-off-by: Josh Bleecher Snyder <josh@tailscale.com>
 2021-08-17 11:13:03 -07:00
Brad Fitzpatrick
25e060a841 cmd/tailscale/cli: fix cert fetch WaitOrder retry loop, misc cleanups 
Updates #1235

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
 2021-08-16 14:54:41 -07:00