afranco
43f90d205e
fix: allow all traffic if acls field is omited from the policy
2025-08-18 16:13:14 +02:00
Florian Preinstorfer
30a1f7e68e
Log registrationID to simplify interactive node registration
...
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Check Generated Files / check-generated (push) Has been cancelled
Tests / test (push) Has been cancelled
update-flake-lock / lockfile (push) Has been cancelled
GitHub Actions Version Updater / build (push) Has been cancelled
Some clients such as Android make it hard to transfer the registrationID
to the server, its easier to get it from the server logs.
2025-08-15 17:11:38 +02:00
Fredrik Ekre
5d8a2c25ea
OIDC: Query userinfo endpoint before verifying user
...
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Check Generated Files / check-generated (push) Has been cancelled
Tests / test (push) Has been cancelled
Close inactive issues / close-issues (push) Has been cancelled
This patch includes some changes to the OIDC integration in particular:
- Make sure that userinfo claims are queried *before* comparing the
user with the configured allowed groups, email and email domain.
- Update user with group claim from the userinfo endpoint which is
required for allowed groups to work correctly. This is essentially a
continuation of #2545 .
- Let userinfo claims take precedence over id token claims.
With these changes I have verified that Headscale works as expected
together with Authelia without the documented escape hatch [0], i.e.
everything works even if the id token only contain the iss and sub
claims.
[0]: https://www.authelia.com/integration/openid-connect/headscale/#configuration-escape-hatch
2025-08-11 17:51:16 +02:00
eyjhb
d77874373d
feat: add robots.txt
2025-08-10 10:57:45 +02:00
Kristoffer Dalby
a058bf3cd3
mapper: produce map before poll ( #2628 )
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Check Generated Files / check-generated (push) Has been cancelled
Tests / test (push) Has been cancelled
update-flake-lock / lockfile (push) Has been cancelled
GitHub Actions Version Updater / build (push) Has been cancelled
2025-07-28 11:15:53 +02:00
Kian-Meng Ang
3123d5286b
Fix typos
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Deploy docs / deploy (push) Waiting to run
Tests / test (push) Waiting to run
Found via `codespell -L shs,hastable,userr`
2025-07-21 12:06:07 +02:00
Kristoffer Dalby
c6d7b512bd
integration: replace time.Sleep with assert.EventuallyWithT ( #2680 )
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=386 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Tests / test (push) Has been cancelled
update-flake-lock / lockfile (push) Has been cancelled
GitHub Actions Version Updater / build (push) Has been cancelled
2025-07-10 23:38:55 +02:00
Kristoffer Dalby
b904276f2b
poll: use nodeview everywhere
...
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=386 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Tests / test (push) Has been cancelled
There was a bug in HA subnet router handover where we used stale node data
from the longpoll session that we handed to Connect. This meant that we got
some odd behaviour where routes would not be deactivated correctly.
This commit changes to the nodeview is used through out, and we load the
current node to be updated in the write path and then handle it all there
to be consistent.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-07-08 21:05:15 +02:00
Kristoffer Dalby
73023c2ec3
all: use immutable node view in read path
...
This commit changes most of our (*)types.Node to
types.NodeView, which is a readonly version of the
underlying node ensuring that there is no mutations
happening in the read path.
Based on the migration, there didnt seem to be any, but the
idea here is to prevent it in the future and simplify other
new implementations.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-07-07 21:28:59 +01:00
Kristoffer Dalby
c6736dd6d6
db: add sqlite "source of truth" schema
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-07-07 15:48:38 +01:00
Stavros Kois
855c48aec2
remove unneeded check ( #2658 )
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=386 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Tests / test (push) Has been cancelled
update-flake-lock / lockfile (push) Has been cancelled
GitHub Actions Version Updater / build (push) Has been cancelled
2025-07-04 15:47:01 +00:00
Stavros Kois
ded049b905
don't crash if config file is missing ( #2656 )
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
Deploy docs / deploy (push) Has been cancelled
2025-07-04 12:58:17 +00:00
eyJhb
efc6974017
fix typo in parseCapabilityVersion, and removed unused error ( #2644 ) ( #2644 )
2025-07-04 09:40:29 +02:00
Fredrik Ekre
3f72ee9de8
Clarify SIGHUP log message ( #2661 )
2025-07-04 09:30:51 +02:00
nblock
e73b2a9fb9
Ensure that a username starts with a letter ( #2635 )
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=386 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Tests / test (push) Has been cancelled
Close inactive issues / close-issues (push) Has been cancelled
update-flake-lock / lockfile (push) Has been cancelled
GitHub Actions Version Updater / build (push) Has been cancelled
2025-06-24 14:45:44 +02:00
Kristoffer Dalby
1553f0ab53
state: introduce state
...
this commit moves all of the read and write logic, and all different parts
of headscale that manages some sort of persistent and in memory state into
a separate package.
The goal of this is to clearly define the boundry between parts of the app
which accesses and modifies data, and where it happens. Previously, different
state (routes, policy, db and so on) was used directly, and sometime passed to
functions as pointers.
Now all access has to go through state. In the initial implementation,
most of the same functions exists and have just been moved. In the future
centralising this will allow us to optimise bottle necks with the database
(in memory state) and make the different parts talking to eachother do so
in the same way across headscale components.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-06-24 07:58:54 +02:00
Kristoffer Dalby
a975b6a8b1
hscontrol: remove go-grpc-middleware v1 dependency ( #2653 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
Co-authored-by: Claude <noreply@anthropic.com >
2025-06-23 16:57:20 +02:00
Kristoffer Dalby
afc11e1f0c
cmd/hi: fixes and qol ( #2649 )
2025-06-23 13:43:14 +02:00
seiuneko
d325211617
feat: add verify client config for embedded DERP ( #2260 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* feat: add verify client config for embedded DERP
* refactor: embedded DERP no longer verify clients via HTTP
- register the `headscale://` protocol in `http.DefaultTransport` to intercept network requests
- update configuration to use a single boolean option `verify_clients`
* refactor: use `http.HandlerFunc` for type definition
* refactor: some renaming and restructuring
* chore: some renaming and fix lint
* test: fix TestDERPVerifyEndpoint
- `tailscale debug derp` use random node private key
* test: add verify clients integration test for embedded DERP server
* fix: apply code review suggestions
* chore: merge upstream changes
* fix: apply code review suggestions
---------
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc >
2025-06-18 09:24:53 +02:00
Mustafa Enes Batur
bad783321e
Fix /machine/map endpoint vulnerability ( #2642 )
...
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=386 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Tests / test (push) Has been cancelled
update-flake-lock / lockfile (push) Has been cancelled
GitHub Actions Version Updater / build (push) Has been cancelled
* Improve map auth logic
* Bugfix
* Add comment, improve error message
* noise: make func, get by node
this commit splits the additional validation into a
separate function so it can be reused if we add more
endpoints in the future.
It swaps the check, so we still look up by NodeKey, but before
accepting the connection, we validate the known machinekey from
the db against the noise connection.
The reason for this is that when a node logs in or out, the node key
is replaced and it will no longer be possible to look it up, breaking
reauthentication.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* noise: add comment to remind future use of getAndVal
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* changelog: add entry
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
Co-authored-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-06-06 12:14:11 +02:00
Greg Dietsche
d2879b2b36
web: change node registration parameter order ( #2607 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
This change makes editing the generated command easier.
For example, after pasting into a terminal, the cursor position will be
near the username portion which requires editing.
2025-05-21 11:18:53 +02:00
Kristoffer Dalby
a52f1df180
policy: remove v1 code ( #2600 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* policy: remove v1 code
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* db: update test with v1 removal
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: start moving to v2 policy
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: add ssh unmarshal tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* changelog: add entry
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: remove v1 comment
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: remove comment out case
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* cleanup skipv1
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: remove v1 prefix workaround
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: add all node ips if prefix/host is ts ip
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-20 13:57:26 +02:00
azrikahar
1605e2a7a9
fix typo in TailSQL's log
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=386 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Tests / test (push) Has been cancelled
2025-05-18 07:15:41 +02:00
Vitalij Dovhanyc
6750414db1
feat: add autogroup:member, autogroup:tagged ( #2572 )
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
Deploy docs / deploy (push) Has been cancelled
update-flake-lock / lockfile (push) Has been cancelled
GitHub Actions Version Updater / build (push) Has been cancelled
2025-05-17 11:07:34 +02:00
Kristoffer Dalby
bd6ed80936
policy/v2: error on missing or zero port ( #2606 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* policy/v2: error on missing or zero port
Fixes #2605
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* changelog: add entry
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-16 17:30:47 +02:00
Kristoffer Dalby
2dc2f3b3f0
users: harden, test, and add cleaner of identifier ( #2593 )
...
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=386 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Deploy docs / deploy (push) Has been cancelled
Tests / test (push) Has been cancelled
* users: harden, test, and add cleaner of identifier
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* db: migrate badly joined provider identifiers
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-14 16:45:14 +02:00
Kristoffer Dalby
43943aeee9
bring back last_seen in database ( #2579 )
...
Build / build-nix (push) Has been cancelled
Build / build-cross (GOARCH=386 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Has been cancelled
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Has been cancelled
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Has been cancelled
Tests / test (push) Has been cancelled
update-flake-lock / lockfile (push) Has been cancelled
GitHub Actions Version Updater / build (push) Has been cancelled
* db: add back last_seen to the database
Fixes #2574
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: ensure last_seen is set
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-10 09:49:08 +02:00
Kristoffer Dalby
37dc0dad35
policy/v2: separate exit node and 0.0.0.0/0 routes ( #2578 )
...
* policy: add tests for route auto approval
Reproduce #2568
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: separate exit node and 0.0.0.0/0 routes
Fixes #2568
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-09 23:20:04 +02:00
Kristoffer Dalby
56db4ed0f1
policy/v2: validate that no undefined group or tag is used ( #2576 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* policy/v2: allow Username as ssh source
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: validate that no undefined group or tag is used
Fixes #2570
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: fixup tests which violated tag constraing
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-09 11:51:30 +02:00
Kristoffer Dalby
1dddd3e93b
app: throw away not found body ( #2566 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Deploy docs / deploy (push) Waiting to run
Tests / test (push) Waiting to run
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-04 22:06:44 +02:00
Kristoffer Dalby
45e38cb080
policy: reduce routes sent to peers based on packetfilter ( #2561 )
...
* notifier: use convenience funcs
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: reduce routes based on policy
Fixes #2365
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* hsic: more helper methods
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: more test cases
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: add route with filter acl integration test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: correct route reduce test, now failing
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* mapper: compare peer routes against node
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* hs: more output to debug strings
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* types/node: slice.ContainsFunc
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: more reduce route test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* changelog: add entry for route filter
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-04 21:52:47 +02:00
Kristoffer Dalby
b9868f6516
Make more granular SSH tests for both Policies ( #2555 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* policy/v1: dont consider empty if ssh has rules
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: replace time.Duration with model.Duration
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: add autogroup and ssh validation
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: replace time.Duration with model.Duration
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: replace old ssh tests with more granular test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: skip v1 tests expected to fail (missing error handling)
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: skip v1 group tests, old bugs wont be fixed
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: user valid policy for ssh
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* Changelog, add ssh section
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* nix update
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-04 12:05:41 +00:00
nblock
18d21d3585
Add documentation for routes ( #2496 )
...
* Add documentation for routes
* Rename exit-node to routes and add redirects
* Add a new section on subnet routers
* Extend the existing exit-node documentation
* Describe auto approvers for subnet routers and exit nodes
* Provide ACL examples for subnet routers and exit nodes
* Describe HA and its current limitations
* Add a troubleshooting section with IP forwarding
* Update features page for 0.26
Add auto approvers and link to our documentation if available.
* Prefer the console lexer when commandline and output mixed
2025-05-03 10:16:45 +02:00
Kristoffer Dalby
e7d2d79134
update capmap and deps for release ( #2522 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* generate new capver map
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* replace old sort func
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* nix: flake update
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* capgen: update
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* capgen: update
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* go.mod: update tailscale
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* go.mod: update other deps
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-02 22:12:29 +02:00
Kristoffer Dalby
d810597414
policy/matcher: fix bug using contains instead of overlap ( #2556 )
...
* policy/matcher: slices.ContainsFunc
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/matcher: slices.ContainsFunc, correct contains vs overlap
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy: add tests to validate fix for 2181
Fixes #2181
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-02 22:08:56 +02:00
Kristoffer Dalby
e4d10ad964
policy/v2: validate autogroup:interet only in dst ( #2552 )
2025-05-02 13:58:12 +03:00
Kristoffer Dalby
c923f461ab
error on undefined host in policy ( #2490 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* add testcases
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: add validate to do post marshal validation
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-01 14:30:52 +02:00
aergus-tng
4651d06fa8
Make matchers part of the Policy interface ( #2514 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* Make matchers part of the Policy interface
* Prevent race condition between rules and matchers
* Test also matchers in tests for Policy.Filter
* Compute `filterChanged` in v2 policy correctly
* Fix nil vs. empty list issue in v2 policy test
* policy/v2: always clear ssh map
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
Co-authored-by: Aras Ergus <aras.ergus@tngtech.com >
Co-authored-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-01 07:06:30 +02:00
Kristoffer Dalby
eb1ecefd9e
auth: ensure that routes are autoapproved when the node is stored ( #2550 )
...
* integration: ensure route is set before node joins, reproduce
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* auth: ensure that routes are autoapproved when the node is stored
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-05-01 07:05:42 +02:00
Kristoffer Dalby
6b6509eeeb
notify nodes after owner change ( #2543 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* proto: user id as identifier for move node
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* gen: regenr
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* grpc: move, use userid, one tx, send update
Updates #2467
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: update move cli tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-04-30 18:33:38 +02:00
Kristoffer Dalby
cfe9bbf829
oidc: try to get username from userinfo ( #2545 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* oidc: try to get username from userinfo
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-04-30 11:54:13 +02:00
Kristoffer Dalby
8f9fbf16f1
types/authkey: include user object in response ( #2542 )
...
* types/authkey: include user object, not string
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* make preauthkeys use id
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: wire up user id for auth keys
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-04-30 11:45:08 +02:00
Kristoffer Dalby
f1206328dc
fix webauth + autoapprove routes ( #2528 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* types/node: add helper funcs for node tags
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* types/node: add DebugString method for node
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: add String func to AutoApprover interface
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: simplify, use slices.Contains
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: debug, use nodes.DebugString
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v1: fix potential nil pointer in NodeCanApproveRoute
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v1: slices.Contains
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration/tsic: fix diff in login commands
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: fix webauth running with wrong scenario
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: move common oidc opts to func
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: require node count, more verbose
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* auth: remove uneffective route approve
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* .github/workflows: fmt
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration/tsic: add id func
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: remove call that might be nil
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: test autoapprovers against web/authkey x group/tag/user
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: unique network id per scenario
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* Revert "integration: move common oidc opts to func"
This reverts commit 7e9d165d4a900c304f1083b665f1a24a26e06e55.
* remove cmd
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: clean docker images between runs in ci
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: run autoapprove test against differnt policy modes
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration/tsic: append, not overrwrite extra login args
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* .github/workflows: remove polv2
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-04-30 07:54:04 +02:00
Kristoffer Dalby
2b38f7bef7
policy/v2: make default ( #2546 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* policy/v2: make default
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* integration: do not run v1 tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* policy/v2: fix potential nil pointers
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* mapper: fix test failures in v2
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-04-29 16:27:41 +02:00
Kristoffer Dalby
30539b2e26
config: disallow same server url and base_domain ( #2544 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
* config: disallow same server url and base_domain
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-04-23 16:24:38 +02:00
Kristoffer Dalby
098ab0357c
add casbin user test ( #2474 )
...
Build / build-nix (push) Waiting to run
Build / build-cross (GOARCH=386 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=5) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=6) (push) Waiting to run
Build / build-cross (GOARCH=arm GOOS=linux GOARM=7) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Tests / test (push) Waiting to run
Deploy docs / deploy (push) Has been cancelled
* add casbin user test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
* Delete double slash
* types/users: use join url on iss that are ursl
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
---------
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
Co-authored-by: Juan Font <juanfontalonso@gmail.com >
2025-04-23 13:21:51 +02:00
Relihan Myburgh
56d085bd08
Fix panic on fast reconnection of node ( #2536 )
...
* Fix panic on fast reconnection of node
* Use parameter captured in closure as per review request
2025-04-23 11:52:24 +02:00
Relihan Myburgh
92e587a82c
Fix goroutine leak in EphemeralGC on node cancel ( #2538 )
...
* Fix goroutine leak in EphemeralGC on node cancel
* Deal with timer firing whilst the GC is shutting down. Fix typos.
2025-04-23 11:44:24 +02:00
Kristoffer Dalby
710d75367e
policy/v2: fix host validation, consistent pattern ( #2533 )
2025-04-18 11:35:04 +02:00
Kristoffer Dalby
8e7e52cf3a
some clarifications for tags ( #2531 )
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com >
2025-04-18 09:33:02 +02:00
