Mirror of tailscale/tailscale@github.com
Go to file
Tom DNetto f1ab11e961 ipn/ipnlocal,tailcfg: introduce capability to gate TKA init paths
Previously, `TAILSCALE_USE_WIP_CODE` was needed to hit a bunch of the TKA paths. With
this change:

 - Enablement codepaths (NetworkLockInit) and initialization codepaths (tkaBootstrapFromGenesisLocked via tkaSyncIfNeeded)
   require either the WIP envknob or CapabilityTailnetLockAlpha.
 - Normal operation codepaths (tkaSyncIfNeeded, tkaFilterNetmapLocked) require TKA to be initialized, or either-or the
   envknob / capability.
 - Auxillary commands (ie: changing tka keys) require TKA to be initialized.

The end result is that it shouldn't be possible to initialize TKA (or subsequently use any of its features) without being
sent the capability or setting the envknob on tailscaled yourself.

I've also pulled out a bunch of unnecessary checks for CanSupportNetworkLock().

Signed-off-by: Tom DNetto <tom@tailscale.com>
2022-11-30 13:50:22 -08:00
.bencher bencher: add config to suppress failures on benchmark regressions. 2021-10-01 16:16:02 -07:00
.github .github/workflows: use ubuntu-22.04 for qemu tests 2022-11-25 18:43:24 +05:00
atomicfile refactor: move from io/ioutil to io and os packages 2022-09-15 21:45:53 -07:00
chirp all: fix spelling mistakes 2022-09-29 13:36:13 -07:00
client/tailscale cmd/tailscale,ipn: store disallowed TKA's in prefs, lock local-disable 2022-11-29 13:43:38 -08:00
cmd cmd/tailscale,ipn: surface TKA-filtered peers in lock status command 2022-11-30 13:25:31 -08:00
control tailcfg, ipn, controlclient: add MapResponse.ClientVersion, plumb to IPN bus 2022-11-23 20:24:12 -08:00
derp derp: prevent concurrent access to multiForwarder map 2022-11-28 22:49:06 +00:00
disco all: use strs.CutPrefix and strs.CutSuffix more 2022-11-21 14:32:16 -08:00
docs docs/webhooks: use subtle.ConstantTimeCompare for comparing signatures 2022-11-30 11:58:25 -05:00
doctor doctor: add package for running in-depth healthchecks; use in bugreport (#5413) 2022-09-26 13:07:28 -04:00
envknob safesocket: remove the IPN protocol support 2022-11-28 20:44:59 -08:00
health health, ipn/ipnlocal: when -no-logs-no-support is enabled, deny access to tailnets that have network logging enabled 2022-11-29 11:42:20 -06:00
hostinfo all: remove old +build tags 2022-11-04 07:25:42 -07:00
internal/tooldeps all: remove old +build tags 2022-11-04 07:25:42 -07:00
ipn ipn/ipnlocal,tailcfg: introduce capability to gate TKA init paths 2022-11-30 13:50:22 -08:00
jsondb jsondb: small package to load/save JSON DBs. 2022-07-12 11:56:38 -07:00
kube kube: handle 201 as a valid status code. 2022-10-16 14:47:27 -07:00
licenses licenses: update win/apple licenses 2022-11-29 16:24:40 -08:00
log all: remove old +build tags 2022-11-04 07:25:42 -07:00
logpolicy all: fix spelling mistakes 2022-09-29 13:36:13 -07:00
logtail types/logid: move logtail ID types here (#6336) 2022-11-28 15:25:47 -08:00
metrics util/dirwalk, metrics, portlist: add new package for fast directory walking 2022-11-05 16:26:51 -07:00
net net/connstats: invert network logging data flow (#6272) 2022-11-28 15:59:33 -08:00
packages/deb refactor: move from io/ioutil to io and os packages 2022-09-15 21:45:53 -07:00
paths all: use named pipes on windows 2022-11-30 04:05:26 +05:00
portlist portlist: wait for lsof cmd to exit 2022-11-18 03:42:35 +05:00
prober prober: fix test flake 2022-11-02 09:58:40 -04:00
safesocket all: use named pipes on windows 2022-11-30 04:05:26 +05:00
scripts scripts/installer.sh: add Nobara Linux. 2022-11-10 14:25:26 -08:00
smallzstd refactor: move from io/ioutil to io and os packages 2022-09-15 21:45:53 -07:00
ssh/tailssh ssh/tailssh: only call CloseWrite when both stdout and stderr are done 2022-11-16 16:22:47 +05:00
syncs syncs: add Map (#6260) 2022-11-10 10:55:26 -08:00
tailcfg ipn/ipnlocal,tailcfg: introduce capability to gate TKA init paths 2022-11-30 13:50:22 -08:00
tempfork all: remove old +build tags 2022-11-04 07:25:42 -07:00
tka cmd/tailscale,ipn: store disallowed TKA's in prefs, lock local-disable 2022-11-29 13:43:38 -08:00
tool cmd/tsconnect: run wasm-opt on the generated wasm file 2022-10-25 13:16:37 -07:00
tsconst net/interfaces/windows: update Tailscale interface detection logic to 2021-11-08 07:44:33 -08:00
tsnet tsnet/example/tshello: use the correct LocalClient for certs 2022-11-25 16:05:50 +05:00
tstest safesocket: remove the IPN protocol support 2022-11-28 20:44:59 -08:00
tstime tstime: fix ParseDuration for '6' digit (#6363) 2022-11-16 21:01:09 -08:00
tsweb tsweb: export version metrics to Prometheus 2022-11-22 15:50:10 +00:00
types ipn,types/persist: add DisallowedTKAStateIDs, refactor as view type 2022-11-29 12:29:42 -08:00
util ipn/ipnauth, util/winutil: add temporary LookupPseudoUser workaround to address os/user.LookupId errors on Windows 2022-11-28 15:53:34 -06:00
version safesocket: remove the IPN protocol support 2022-11-28 20:44:59 -08:00
wf all: remove old +build tags 2022-11-04 07:25:42 -07:00
wgengine net/connstats: invert network logging data flow (#6272) 2022-11-28 15:59:33 -08:00
words words: hybrid theory (#6404) 2022-11-24 10:28:11 -08:00
.gitattributes .: add .gitattributes entry to use Go hunk-header driver 2021-12-03 17:56:02 -08:00
.gitignore gitignore: ignore direnv nix-shell environment cache (#6520) 2022-11-26 09:30:00 -05:00
ALPINE.txt Docker: add ALPINE.txt to manage alpine versions 2022-06-29 11:47:09 -07:00
AUTHORS Move Linux client & common packages into a public repo. 2020-02-09 09:32:57 -08:00
CODE_OF_CONDUCT.md Add a code of conduct. 2020-02-10 22:16:30 -08:00
Dockerfile cmd/containerboot: PID1 for running tailscaled in a container. 2022-11-03 15:30:32 -07:00
Dockerfile.base Dockerfile: bump alpine to 3.16 2022-06-29 10:29:37 -07:00
LICENSE LICENSE: Reformat for Github 2021-01-24 16:20:22 -08:00
Makefile Makefile: add publishdevimage target 2022-10-21 10:19:06 -07:00
PATENTS Move Linux client & common packages into a public repo. 2020-02-09 09:32:57 -08:00
README.md README.md: add commit message style bit 2022-11-28 20:45:18 -08:00
SECURITY.md Add a SECURITY.md for vulnerability reports. 2020-02-11 10:26:41 -08:00
VERSION.txt VERSION.txt: this is 1.33. 2022-10-12 09:53:06 -07:00
api.md api.md: make it clearer where to get the tailnet name in API calls 2022-11-07 16:33:19 -08:00
build_dist.sh cmd/tailscaled, net/tstun: add build tags to omit BIRD and TAP 2022-11-07 11:13:14 -05:00
build_docker.sh cmd/containerboot: PID1 for running tailscaled in a container. 2022-11-03 15:30:32 -07:00
go.mod all: use named pipes on windows 2022-11-30 04:05:26 +05:00
go.sum all: use named pipes on windows 2022-11-30 04:05:26 +05:00
go.toolchain.branch go.toolchain.rev: switch to Go 1.19rc2+ 2022-07-28 11:28:21 -07:00
go.toolchain.rev go.toolchain.rev: update to Go 1.19.2 2022-10-05 11:22:00 -07:00
pull-toolchain.sh go.toolchain.rev: add update script 2022-01-10 14:55:04 -08:00
shell.nix shell.nix: add graphviz 2022-10-25 13:03:31 -04:00
staticcheck.conf staticcheck.conf: remove unnecessary warning 2021-06-22 12:26:13 -07:00
version-embed.go Docker: add ALPINE.txt to manage alpine versions 2022-06-29 11:47:09 -07:00
version_test.go Dockerfile: add test that build-env Alpine version matches go.mod 2022-09-16 12:19:09 -07:00

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains all the open source Tailscale client code and the tailscaled daemon and tailscale CLI tool. The tailscaled daemon runs on Linux, Windows and macOS, and to varying degrees on FreeBSD, OpenBSD, and Darwin. (The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.)

The Android app is at https://github.com/tailscale/tailscale-android

The Synology package is at https://github.com/tailscale/tailscale-synology

Using

We serve packages for a variety of distros at https://pkgs.tailscale.com .

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers that are not open source.

Building

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

We require the latest Go release, currently Go 1.19.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See git log for our commit message style. It's basically the same as Go's style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

WireGuard is a registered trademark of Jason A. Donenfeld.