Releases: nshalman/tailscale
Releases · nshalman/tailscale
v1.76.6-sunos
Commits
- fix spurious warning about DERP home region '0' (Brad Fitzpatrick)
- b73831b: net/sockstats: prevent crash in setNetMon (tailscale#13985) (Andrea Gottardo)
- 5280738: net/netcheck: ensure prior preferred DERP is always in netchecks (James Tucker) #13996
- 0472936: wgengine/magicsock: log home DERP changes with latency (Tim Walters)
- 666c961: VERSION.txt: this is v1.76.4 (Andrea Gottardo)
- dda4603: VERSION.txt: this is v1.76.5 (Andrea Gottardo)
- 1edcf9d: VERSION.txt: this is v1.76.6 (Jonathan Nobels)
- 0047fcf: Merge tag 'v1.76.6' into sunos-1.76 (Nahum Shalman)
v1.76.3-sunos
Commits
- 3bee38d: VERSION.txt: this is v1.75.0 (tailscale#13454) (kari-ts) #13454
- add new concurrent server benchmark #13449 (Brad Fitzpatrick)
- add node attr for SSH environment variables (tailscale#13450) #13450 (Mario Minardi)
- afec2d4: wgengine/magicsock: remove redundant deadline from netcheck report call (tailscale#13395) (Jordan Whited) #13395
- 124ff3b: {api.md,publicapi}: remove old API docs (tailscale#13468) (Mario Minardi) #13468
- 40833a7: wgengine/magicsock: disable raw disco by default; add envknob to enable (Andrew Dunham) #13483
- f572286: gokrazy, various: use point versions of Go and update Nix deps (Andrew Dunham) #13485
- update license notices #13180 (License Updater)
- refactor DERP server's peer-gone watch mechanism #13477 (Brad Fitzpatrick)
- 4084c61: wgengine/magicsock: add side-effect-free function for netcheck UDP sends (tailscale#13487) (Jordan Whited) #13487
- 5f4a4c6: wgengine/magicsock: fix sendUDPStd docs (tailscale#13490) (Jordan Whited) #13490
- 8b962f2: cmd/natc: fix nil pointer (Fran Bull) #13496
- 951884b: net/netcheck,wgengine/magicsock: plumb OnlyTCP443 controlknob through netcheck (tailscale#13491) (Jordan Whited) #13491
- add a ListenAndServe method to the Server type (tailscale#13498) #13498 (M. J. Fromberger)
- 3a467b6: go/toolchain: use ed9dc37b2b000f376a3e819cbb159e2c17a2dac6 (tailscale#13507) (Andrea Gottardo) #13507
- af5a845: net/dns/resolver: fix dns-sd NXDOMAIN responses from quad-100 (James Tucker) #13512
- d0a56a8: cmd/containerboot: split main.go (tailscale#13517) (Tom Proctor) #13517
- 3e9ca6c: go.toolchain.rev: bump oss, test toolchain matches go.toolchain.rev (Brad Fitzpatrick) #13528
- dc86d35: types/views: add SliceView.All iterator (tailscale#13536) (Joe Tsai) #13536
- add AcceptEnv field to SSHRule (tailscale#13523) #13523 (Mario Minardi)
- 07991de: .github: pin actions/checkout to latest v3 or v4 as appropriate (tailscale#13551) (Mario Minardi) #13551
- 2c1bbfb: .github: pin actions/setup-go usage to latest 5.x (tailscale#13553) (Mario Minardi) #13553
- 22e98cf: .github: pin codeql actions to latest 3.x (tailscale#13552) (Mario Minardi) #13552
- a3f7e72: .github: use and pin slackapi/slack-github-action to latest 1.x (tailscale#13554) (Mario Minardi) #13554
- a8bd0cb: .github: update and pin actions/cache to latest 4.x (tailscale#13555) (Mario Minardi) #13555
- 04bbef0: .github: update and pin actions/upload-artifact to latest 4.x (tailscale#13556) (Mario Minardi) #13556
- 05d82fb: .github: pin re-actors/alls-green to latest 1.x (tailscale#13558) (Mario Minardi) #13558
- a98f75b: .github: Bump tibdex/github-app-token from 1.8.0 to 2.1.0 (tailscale#9529) (dependabot[bot]) #9529
- add
tailscale dns query(tailscale#13368) #13368 (Andrea Gottardo) - 43f4131: {release,version}: add DSM7.2 specific synology builds (tailscale#13405) (Mario Minardi) #13405
- 6f7e7a3: tool/gocross: make gocross-wrapper.sh keep multiple Go toolchains around (Brad Fitzpatrick) #13500
- document the RunWatchConnectionLoop callback gotchas #13567 (Brad Fitzpatrick)
- 0e0e53d: util/usermetrics: make usermetrics non-global (Kristoffer Dalby) #13550
- clean up updateBuiltinWarnablesLocked a bit, fix DERP warnings #13577 (Brad Fitzpatrick)
- 2fdbcbd: wgengine/magicsock: only used cached results for GetLastNetcheckReport (Adrian Dewhurst) #13584
- 65c2635: cmd/k8s-operator, k8s-operator: fix outdated kb links (tailscale#13585) (Cameron Stokes) #13585
- revert changes to MultiLabelMap's String method #13588 (Andrew Dunham)
- 9eb59c7: wgengine/magicsock: fix check for EPERM on macOS (James Tucker) #13587
- c90c993: ssh/tailssh: add logic for matching against AcceptEnv patterns (tailscale#13466) (Mario Minardi) #13466
- 3dc33a0: net/tsaddr: add WithoutExitRoutes and IsExitRoute (Kristoffer Dalby) #13569
- 0909431: cmd/tailscale: use tsaddr helpers (Kristoffer Dalby) #13569
- f03e82a: client/web: use tsaddr helpers (Kristoffer Dalby) #13569
- 7d1160d: {ipn,net,tsnet}: use tsaddr helpers (Kristoffer Dalby) #13569
- make opts.Metrics mandatory #13590 (Kristoffer Dalby)
- 69be54c: net/captivedetection: exclude ipsec interfaces from captive portal detection (tailscale#13598) (Andrea Gottardo) #13598
- 7ec8bdf: go.mod: upgrade golangci-lint (Andrew Dunham) #13603
- cab2e6e: cmd/k8s-operator,k8s-operator: add ProxyGroup CRD (tailscale#13591) (Tom Proctor) #13591
- 7783255: ipn/ipnlocal: add advertised and primary route metrics (Kristoffer Dalby) #13574
- c62b073: cmd/k8s-operator: remove auth key once proxy has logged in (tailscale#13612) (Irbe Krumina) #13612
- 096b090: cmd/containerboot,kube,util/linuxfw: configure kube egress proxies to route to 1+ tailnet targets (tailscale#13531) (Irbe Krumina) #13531
- fb0f8fc: cmd/tsidp: add --dir flag (Maisem Ali) #13592
- don't create a filch buffer if logging is disabled #13617 (Anton Tolchanov)
- dd6b808: .github: Bump peter-evans/create-pull-request from 7.0.1 to 7.0.5 (tailscale#13626) (dependabot[bot]) #13626
- Add logic to set accepted environment variables in SSH session (tailscale#13559) #13559 (Mario Minardi)
- d3f302d: cmd/tailscale/cli: make 'tailscale debug ts2021' try twice (Brad Fitzpatrick) #13638
- fd32f0d: control/controlhttp: factor out some code in prep for future change (Brad Fitzpatrick) #13638
- 1eaad7d: control/controlhttp: fix connectivity on Alaska Air wifi (Brad Fitzpatrick) #13599
- 16ef887: net/portmapper: don't return unspecified/local external IPs (Andrew Dunham) #13639
- 262c526: net/portmapper: don't treat 0.0.0.0 as a valid IP (Brad Fitzpatrick) #13641
- 992ee6d: .github: Bump github/codeql-action from 3.26.8 to 3.26.9 (tailscale#13625) (dependabot[bot]) #13625
- e66fe1f: docs/windows/policy: add ADMX policy setting to configure the AuthKey (Nick Khyl) #13642
- ed1ac79: net/captivedetection: set Timeout on net.Dialer (tailscale#13613) (Andrea Gottardo) [tailscale#13613](https://github.com/tail...
v1.74.0-sunos
Builds
- deps: bump ws from 8.14.2 to 8.17.1 in /client/web (tailscale#12524) #12524 (dependabot[bot])
Commits
- 1e8f8ee: VERSION.txt: this is v1.73.0 (tailscale#13181) (Andrea Gottardo) #13181
- 8fad8c4: tstest/tailmac: add customized macOS virtualization tooling (tailscale#13146) (Jonathan Nobels) #13146
- f95785f: util/winutil: add constants from Win32 SDK for dll blocking mitigation policies (Aaron Klotz) #13183
- 16bb541: wgengine/magicsock: replace deprecated poly1305 (tailscale#13184) (tomholford) #13175
- support setting authkey at login using syspolicy (tailscale#13061) #13061 (Andrea Gottardo)
- 01aa01f: ipn/ipnlocal: network-lock, error if no pubkey instead of panic (Kristoffer Dalby) #12505
- 2105773: cmd/k8s-operator/deploy: replace wildcards in Kubernetes Operator RBAC role definitions with verbs (pierig-n3xtio) #13169
- 8f6a235: util/winutil: add GetRegUserString/SetRegUserString accessors for storage and retrieval of string values in HKEY_CURRENT_USER (Aaron Klotz) #13188
- 93dc2de: cmd/k8s-operator: support default proxy class in k8s-operator (tailscale#12711) (ChandonPierre) #12711
- df6014f: net/tstun,wgengine{/netstack/gro}: refactor and re-enable gVisor GRO for Linux (tailscale#13172) (Jordan Whited) #13172
- 7675c3e: wgengine/netstack/gro: exclude importation of gVisor GRO pkg on iOS (tailscale#13202) (Jordan Whited) #13202
- 7d83056: ssh/tailssh: fix SSH on busybox systems (Percy Wegmann) #13040
- 151b77f: cmd/tl-longchain: tool to re-sign nodes with long rotation signatures (Anton Tolchanov) #13201
- af3d3c4: types/prefs: add a package containing generic preference types (Nick Khyl) #12830
- 4b525fd: ssh/tailssh: only chdir incubator process to user's homedir when necessary and possible (Percy Wegmann) #13171
- 8e42510: wgengine/netstack: disable gVisor GSO on Linux (tailscale#13215) (Jordan Whited) #13215
- 690d3bf: cmd/tailscale/cli: add debug command to do DNS lookups portably (Brad Fitzpatrick) #13219
- 4637ac7: ipn/ipnlocal: remember last notified taildrive shares and only notify if they've changed (Percy Wegmann) #13210
- fix new lint warnings from bumping staticcheck #13220 (Brad Fitzpatrick)
- switch to and require Go 1.23 #13220 (Brad Fitzpatrick)
- 0cb7eb9: net/dns: updated gonotify dependency to v2 that supports closable context (Ilarion Kovalchuk) #13221
- aedfb82: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13227
- e54c81d: types/views: add Slice.All iterator (Brad Fitzpatrick) #12913
- d00d6d6: go.mod: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink (Percy Wegmann) #13228
- 743d296: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink (Percy Wegmann) #13228
- 1191eb0: tstest/natlab: add unix address to writer for dgram mode (Jonathan Nobels) #13229
- 6280c44: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13234
- 3c66ee3: cmd/systray: add a basic linux systray app (Will Norris) #13237
- b091264: cmd/systray: set ipn.NotifyNoPrivateKeys, permit non-operator use (Brad Fitzpatrick) #13244
- d862898: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13238
- 3904e4d: cmd/tta, tstest/natlab/vnet: remove unneeded port 124 log hack, add log buffer (Brad Fitzpatrick) #13247
- 3b70968: cmd/vnet: add --blend and --pcap flags (Brad Fitzpatrick) #13247
- 5a99940: tstest/natlab/vnet: explicitly ignore PCP and SSDP UDP queries (Brad Fitzpatrick) #13247
- aa42ae9: tstest/natlab: make a new virtualIP type in prep for IPv6 support (Brad Fitzpatrick) #13248
- a9dc6e0: util/codegen, cmd/cloner, cmd/viewer: update codegen.LookupMethod to support alias type nodes (Nick Khyl) #13232
- 03acab2: cmd/cloner, cmd/viewer, util/codegen: add support for aliases of cloneable types (Nick Khyl) #13236
- e5fd36a: tstest/natlab: respect NATTable interface's invalid-means-drop everywhere (Brad Fitzpatrick) #13250
- 475ab1f: cmd/vnet: omit log spam when backend status hasn't changed (Brad Fitzpatrick) #13251
- 641693d: ipn/ipnlocal: install IPv6 service addr route (tailscale#13252) (Jordan Whited) #13252
- 367bfa6: tstest/integration: exercise TCP DNS queries against quad-100 (tailscale#13231) (Jordan Whited) #13231
- 9783065: tstest/integration: change log.Fatal() to t.Fatal() (tailscale#13253) (Jordan Whited) #13253
- 31b5239: tstest/natlab/vnet: flush and sync pcap file after every packet (Maisem Ali) #13255
- b78df4d: tstest/natlab/vnet: add start of IPv6 support (Brad Fitzpatrick) #13167
- 8af50fa: ipn/ipnlocal: update routes on link change with ExitNodeAllowLANAccess (James Tucker) #13246
- cccacff: types/opt: add BoolFlag for setting Bool value as a flag (Will Norris) #13264
- e0bdd5d: tstest/natlab: simplify a defer (Brad Fitzpatrick) #13259
- 3a8cfbc: tstest/natlab: be more paranoid about IP versions from gvisor (Brad Fitzpatrick) #13259
- 6dd1af0: tstest/natlab: refactor HandleEthernetPacketForRouter a bit (Brad Fitzpatrick) #13259
- 2636a83: cmd/tta: pull out test driver dialing into a type, fix bugs (Brad Fitzpatrick) #13259
- extend the gokrazy/natlab wait-for-network delay for IPv6 #13259 (Brad Fitzpatrick)
- 0157000: tstest/natlab: fix IPv6 tests, remove TODOs (Brad Fitzpatrick) #13259
- f99f970: tstest/natlab/vnet: rename some things for clarity (Brad Fitzpatrick) #13259
- 6d4973e: wgengine/netstack: use types/logger.Logf instead of stdlib log.Printf (tailscale#13267) (Jordan Whited) #13267
- d097096: net/tstun,wgengine/netstack: make inbound synthetic packet injection GSO-aware (tailscale#13266) (Jordan Whited) #13266
- bfcb356: wgengine/netstack: re-enable gVisor GSO on Linux (tailscale#13269) (Jordan Whited) #13269
- 06c31f4: tsweb/varz: remove pprof (Kristoffer Dalby) #12990
- add initial user-facing metrics #12990 (Kristoffer Dalby)
- 31cdbd6: net/tstun: fix gvisor inbound GSO packet injection (tailscale#13283) (Jordan Whited) #13283
- ff1d0aa: tstest/natlab/vnet: start adding tests (Brad Fitzpatrick) #13282
- 8b23ba7: tstest/natlab/vnet: add qemu + Virtualization.framework protocol tests (Brad Fitzpatrick) #13290
- 961ee32: ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend (Nick Khyl) #13281
- 73b3c8f: tstest/natlab/vnet: add IPv6 all-nodes support (Brad Fitzpa...
v1.72.1-sunos
Commits
- eb07c60: wgengine/netstack: disable gVisor GSO on Linux (tailscale#13213) (Jordan Whited) #13213
- f4a9566: VERSION.txt: this is v1.72.1 (Andrea Gottardo)
- 9a90bca: Merge tag 'v1.72.1' into sunos-1.72 (Nahum Shalman)
v1.72.0-sunos
Builds
- deps: bump github.com/docker/docker (tailscale#12966) #12966 (dependabot[bot])
Commits
- 4ff276c: VERSION.txt: this is v1.71.0 (Aaron Klotz) #12844
- remove warning (tailscale#12841) #12841 (Cameron Stokes)
- set Hostinfo.PackageType for mkctr container builds #12843 (Brad Fitzpatrick)
- f77821f: derp/derphttp: determine whether a region connect was to non-ideal node (Brad Fitzpatrick) #12725
- swallow panics #12836 (Paul Scott)
- d3af544: client/tailscale: document ACLTestFailureSummary.User field (Brad Fitzpatrick) #12852
- 1608831: wgengine/router: use quad-100 as the nexthop on Windows (Nick Khyl) #12847
- 4850186: {tool,client}: bump node version (tailscale#12840) (Mario Minardi) #12840
- 54f58d1: ipn/ipnlocal: add comment explaining auto exit node migration (Adrian Dewhurst) #12821
- log cancelled requests as 499 #12861 (Paul Scott)
- 0f57b93: cmd/k8s-operator,tstest,go.{mod,sum}: remove fybrik.io/crdoc dependency (tailscale#12862) (Irbe Krumina) #12862
- 32ce187: Add extra environment variables in deployment template (tailscale#12858) (Lee Briggs) #12858
- e7bf6e7: cmd/tailscale: add --min-validity flag to the cert command (tailscale#12822) (Andrew Lytvynov) #12822
- 20562a4: cmd/viewer, types/views, util/codegen: add viewer support for custom container types (Nick Khyl) #12809
- bd54b61: types/opt: add (Value[T]).GetOr(def T) T method (Nick Khyl) #12865
- 1f94047: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12880
- d500a92: util/slicesx: add HasPrefix, HasSuffix, CutPrefix, and CutSuffix functions (Nick Khyl) #12887
- 5d09649: types/lazy: add (*SyncValue[T]).SetForTest method (Nick Khyl) #12866
- update license notices #12886 (License Updater)
- 57856fc: ipn,wgengine/magicsock: allow setting static node endpoints via tailscaled configfile (tailscale#12882) (Irbe Krumina) #12882
- log all cancellations as 499s (tailscale#12894) #12894 (Paul Scott)
- 43375c6: types/lazy: re-init SyncValue during test cleanup if it wasn't set before SetForTest (Nick Khyl) #12905
- Add MiddlewareStack func to apply lists of Middleware (tailscale#12907) #12907 (Paul Scott)
- cf97cff: wgengine/netstack: simplify netaddrIPFromNetstackIP (Brad Fitzpatrick) #12922
- introduce captive-portal-detected Warnable (tailscale#12707) #12707 (Andrea Gottardo)
- 6840f47: net/dnsfallback: set CanPort80 in static DERPMap (tailscale#12929) (Andrea Gottardo) #12929
- 1bf82dd: util/osuser: run getent on non-Linux Unixes (Ross Williams) #12732
- c5623e0: go.{mod,sum},tstest/tools,k8s-operator,cmd/k8s-operator: autogenerate CRD API docs (tailscale#12884) (Irbe Krumina) #12884
- add QuietLogging option (tailscale#12838) #12838 (Paul Scott)
- a21bf10: cmd/k8s-operator,k8s-operator/sessionrecording,sessionrecording,ssh/tailssh: refactor session recording functionality (tailscale#12945) (Irbe Krumina) #12945
- 3088c61: go.mod: pull in latest github.com/tailscale/xnet (Percy Wegmann) #12951
- 19b0c8a: net/dns, health: raise health warning for failing forwarded DNS queries (tailscale#12888) (Jonathan Nobels) #12888
- 35a8fca: cmd/tailscale/cli: release portmap after netcheck (Andrew Dunham) #12956
- add some associated with scales #12953 (Brad Fitzpatrick)
- 2ab1d53: gokrazy/tsapp: add go.mod replacing two tailscale.com binaries with parent module (Brad Fitzpatrick) #12962
- 575feb4: util/osuser: turn wasm check into a const expression (Brad Fitzpatrick) #12930
- 34de96d: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12949
- add a warning that this is not used to build our published images (tailscale#12955) #12955 (Irbe Krumina)
- eead255: build_docker.sh: update script comment (tailscale#12970) (Irbe Krumina) #12970
- 8a8ecac: net/dns, cmd/tailscaled: plumb system health tracker into dns cleanup (tailscale#12969) (Jonathan Nobels) #12969
- 949b15d: net/captivedetection: call SetHealthy once connectivity restored (tailscale#12974) (Andrea Gottardo) #12974
- 7bc2dda: go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GSO for Linux (tailscale#12869) (Jordan Whited) #12869
- 0def4f8: net/netns: on Windows, fall back to default interface index when unspecified address is passed to ControlC and bindToInterfaceByRoute is enabled (Aaron Klotz) #12981
- 004dded: net/tlsdial: relax self-signed cert health warning (Brad Fitzpatrick) #12980
- 655b4f8: net/netns: remove some logspam by avoiding logging parse errors due to unspecified addresses (Aaron Klotz) #12983
- don't show login error details with context cancelations #12992 (Brad Fitzpatrick)
- f0230ce: go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GRO for Linux (tailscale#12921) (Jordan Whited) #12921
- 4055b63: net/captivedetection: exclude cellular data interfaces (tailscale#13002) (Andrea Gottardo) #13002
- 9939374: wgengine/magicsock: use cloud metadata to get public IPs (Andrew Dunham) #12997
- d9d9d52: wgengine/netstack: increase gVisor's TCP send and receive buffer sizes (tailscale#12994) (Jordan Whited) #12994
- 4099a36: util/winutil/gp: fix a busy loop bug (Nick Khyl) #13006
- a917718: util/linuxfw: return nil interface not concrete type (Maisem Ali) #13013
- f205efc: net/packet/checksum: fix v6 NAT (Maisem Ali) #13014
- 0a6eb12: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12967
- mark TestStdHandler_ConnectionClosedDuringBody flaky #13018 (Maisem Ali)
- 07e2487: wgengine/capture: fix v6 field typo in wireshark dissector (Maisem Ali) #13016
- a7a394e: tstest/integration: mark TestNATPing flaky (Maisem Ali) #13020
- 25f0a3f: wgengine/netstack: use build tags to exclude gVisor GRO importation on iOS (tailscale#13015) (Jordan Whited) #13015
- 17c88a1: net/captivedetection: mark TestAllEndpointsAreUpAndReturnExpectedResponse flaky (tailscale#13021) (Jordan Whited) #13021
- 0fd7374: ...
v1.70.0-sunos
sunos: update go modules
v1.70.0-beta-sunos
Bug Fixes
- broken tests for localhost #12200 (Josh McKinney)
Builds
- deps: bump golang.org/x/image from 0.15.0 to 0.18.0 #12629 (dependabot[bot])
Continuous Integration
- enable checklocks workflow for specific packages #12626 (Andrew Dunham)
Commits
- 5f12139: VERSION.txt: this is v1.69.0 (tailscale#12441) (Mario Minardi) #12441
- d0f1a83: net/dnscache: use parent context to perform lookup (Andrew Dunham) #12418
- 02e3c04: net/dns: re-query system resolvers on no-upstream resolver failure on apple platforms (tailscale#12398) (Jonathan Nobels) #12398
- d7fdc01: ssh/tailssh: check IsSELinuxEnforcing in tailscaled process (Percy Wegmann) #12445
- ccdd2e6: cmd/derper: add a README (Brad Fitzpatrick) #12446
- 88f2d23: wgengine/netstack: fix 4via6 subnet routes (tailscale#12454) (Irbe Krumina) #12454
- 72c8f77: wgengine/netstack: add test for tailscale#12448 (Andrew Dunham) #12458
- 6908fb0: ipn/localapi,client/tailscale,cmd/derper: add WhoIs lookup by nodekey, use in derper (Brad Fitzpatrick) #12466
- 65888d9: derp/xdp,cmd/xdpderper: initial skeleton (tailscale#12390) (Jordan Whited) #12390
- update PeerAPIDNS Port value documentation #12271 (James Tucker)
- 9189fe0: cmd/stunc: support user-specified port (tailscale#12469) (Jordan Whited) #12469
- bd2a6d5: util/winutil: add UserProfile type for (un)loading user profiles (Aaron Klotz) #12428
- e8ca30a: xcode/iOS: support serial number collection via MDM on iOS (tailscale#11429) (Andrea Gottardo) #11429
- begin work to use structured health warnings instead of strings, pipe changes into ipn.Notify (tailscale#12406) #12406 (Andrea Gottardo)
- 7354547: util/winutil: update UserProfile to ensure any environment variables in the roaming profile path are expanded (Aaron Klotz) #12471
- create a catch-all NRPT rule when "Override local DNS" is enabled on Windows #12426 (Nick Khyl)
- fix data race in new warnable code #12481 (Brad Fitzpatrick)
- e2c0d69: wgengine/filter: add filter benchmark (Brad Fitzpatrick) #12490
- 21ed31e: wgengine/filter: use NewContainsIPFunc for Srcs matches (Brad Fitzpatrick) #12488
- 7574f58: wgengine/filter: add more benchmarks, make names more explicit (Brad Fitzpatrick) #12493
- 491483d: cmd/viewer,type/views: add MapSlice for maps of slices (Maisem Ali) #12492
- 64ac64f: net/tsaddr: use bart in NewContainsIPFunc, add tests, benchmarks (Brad Fitzpatrick) #12487
- 10e8a2a: wgengine/filter: fix copy/pasteo in new benchmark's v6 CIDR (Brad Fitzpatrick) #12496
- d4220a7: wgengine/filter: add TCP non-SYN benchmarks (Brad Fitzpatrick) #12497
- 36b1b4a: wgengine/filter: split local+logging lookups by IPv4-vs-IPv6 (Brad Fitzpatrick) #12491
- 86e0f9b: net/ipset, wgengine/filter/filtertype: add split-out packages (Brad Fitzpatrick) #12499
- bf2d13c: net/ipset: return all closures from named wrappers (Brad Fitzpatrick) #12500
- 20a5f93: wgengine/filter: add UDP flow benchmark (Brad Fitzpatrick) #12502
- 1f6645b: net/ipset: skip the loop over Prefixes when there's only one (Brad Fitzpatrick) #12503
- a1ab7f7: client/tailscale: add NodeID to device (Kristoffer Dalby) #12506
- allow switching from unstable to stable tracks (tailscale#12477) #12477 (Andrew Lytvynov)
- 674c998: cmd/tailscale/cli: do not allow update --version on macOS (tailscale#12508) (Andrew Lytvynov) #12508
- 8cc2738: cmd/{containerboot,k8s-operator}: store proxy device ID early to help with cleanup for broken proxies (tailscale#12425) (Irbe Krumina) #12425
- 315f3d5: derp/xdp: fix handling of zero value UDP checksums (tailscale#12510) (Jordan Whited) #12510
- 2db2d04: types/logid: add Add method (tailscale#12478) (Joe Tsai) #12478
- add a verifyClients check to the consistency check #12515 (James Tucker)
- update Windows hostinfo to include MSIDist registry value #12523 (Aaron Klotz)
- 45d2f43: proxymap, various: distinguish between different protocols (Andrew Dunham) #12385
- 3099323: cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (tailscale#12463) (Tom Proctor) #12463
- bfb775c: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #11777
- bd93c30: wgengine/filter/filtertype: make Match.IPProto a view (Brad Fitzpatrick) #12526
- expose DependsOn to local API via UnhealthyState (tailscale#12513) #12513 (Andrea Gottardo)
- a93173b: cmd/xdpderper,derp/xdp: implement mode that drops STUN packets (tailscale#12527) (Jordan Whited) #12527
- 8eb15d3: cli/netcheck: fail with output if we time out fetching a derpmap (tailscale#12528) (Andrea Gottardo) #12528
- include DERP region name in bad derp notifications (tailscale#12530) #12530 (Andrea Gottardo)
- 9e0a5cc: net/flowtrack: optimize Tuple type for use as map key (Brad Fitzpatrick) #12507
- 162d593: net/flowtrack: fix, test String method (Brad Fitzpatrick) #12533
- 21460a5: tailcfg, wgengine/filter: remove most FilterRule.SrcBits code (Brad Fitzpatrick) #12529
- fix fmt verb for nodekeys #12539 (Brad Fitzpatrick)
- don't verify mesh peers when --verify-clients is set #12540 (Brad Fitzpatrick)
- fix nil DERPMap dereference panic #12535 (Andrea Gottardo)
- 1023b2a: util/deephash: fix test regression on 32-bit (Brad Fitzpatrick) #12544
- 0004827: control/controlhttp: add health warning for macOS filtering blocking Tailscale (tailscale#12546) (Brad Fitzpatrick) #12546
- 732605f: control/controlclient: move noiseConn to internal package (Andrew Dunham) #12550
- 24976b5: cmd/tailscale/cli: actually perform Noise request in 'debug ts2021' (Andrew Dunham) #12550
- 730f036: ssh/tailssh: replace incubator process with su instead of running su as child (Percy Wegmann) #12470
- bd50a34: wgengine/filter: add "Accept" TCP log lines to verbose logging (tailscale#12525) (Keli...
v1.68.2-sunos
Commits
- test SigCredential signatures and netmap filtering #12684 (Anton Tolchanov)
- 1b92ce1: ipn/ipnlocal: allow multiple signature chains from the same SigCredential (Anton Tolchanov) #12684
- 0629929: net/dns: recheck DNS config on SERVFAIL errors (tailscale#12547) (Jonathan Nobels) #12685
- c79c500: VERSION.txt: this is v1.68.2 (Anton Tolchanov)
- c061a7c: Merge tag 'v1.68.2' into sunos-1.68 (Nahum Shalman)
v1.68.1-sunos
Commits
- 7901925: VERSION.txt: this is v1.67.0 (tailscale#12063) (Nick O'Neill) #12063
- 8f7f9ac: wgengine/netstack: handle 4via6 routes that are advertised by the same node (Andrew Dunham) #12016
- b5dbf15: cmd/k8s-operator: default nameserver image to tailscale/k8s-nameserver:unstable (tailscale#11991) (Irbe Krumina) #11991
- ac638f3: util/linuxfw: fix stateful packet filtering in nftables mode (Anton Tolchanov) #12068
- 21abb7f: cmd/tailscale: add missing set flags for linux (Maisem Ali) #12072
- 25e32cc: util/linuxfw: fix table name in DelStatefulRule (Andrew Dunham) #12077
- 5708fc0: wgengine/router: print Docker warning when stateful filtering is enabled (Andrew Dunham) #12076
- e070af7: ipnlocal, magicsock: add more description to storing last suggested exit (tailscale#11998) (Claire Wang) #11998
- d86d1e7: cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: turn off stateful filter for egress proxies. (tailscale#12075) (Irbe Krumina) #12075
- parse depth 1 PROPFIND results to include children in cache #12000 (Percy Wegmann)
- split user facing and backend logging #12095 (Maisem Ali)
- I had a feline we were missing some words (tailscale#12098) #12098 (Charlotte Brandhorst-Satzkorn)
- 79b2d42: types/views: move AsMap to Map from *Map (Maisem Ali) #12103
- add some fruit with scales (tailscale#8460) #8460 (Parker Higgins)
- 8aa5c35: ipn/ipnlocal: simplify authURL vs authURLSticky, remove interact field (Brad Fitzpatrick) #12096
- 7ef2f72: util/linuxfw: fix IPv6 availability check for nftables (tailscale#12009) (Irbe Krumina) #12009
- remove stats goroutine, use a timer #12130 (Andrew Dunham)
- fix macOS uploads by increasing build number prefix (tailscale#12134) #12134 (Andrea Gottardo)
- 1f51bb6: net/tstun: do SNAT after filterPacketOutboundToWireGuard (Maisem Ali) #12133
- plumb a now-required netmon to derphttp #12142 (Brad Fitzpatrick)
- 7f83f9f: Net/DNS/Publicdns: update the IPv6 range that we use to recreate route endpoint for control D (Kevin Liang) #12145
- add Info func to expose EmbeddedInfo #12147 (Maisem Ali)
- b094e8c: api.md: document user invite apis (Sonia Appasamy) #12074
- 8994760: api.md: document device invite apis (Sonia Appasamy) #12064
- 359ef61: Revert "version: add Info func to expose EmbeddedInfo" (Maisem Ali) #12155
- add GitCommitTime to Meta #12155 (Maisem Ali)
- 76c30e0: cmd/containerboot: warn when an ingress proxy with an IPv4 tailnet address is being created for an IPv6 backend(s) (tailscale#12159) (Irbe Krumina) #12159
- 87f00d7: tool/gocross: treat empty GOOS/GOARCH as native GOOS/GOARCH (James Tucker) #12160
- rewrite LOCK paths #12137 (Percy Wegmann)
- allow ICMP ping relay on macOS + iOS platforms (tailscale#12048) #12048 (Andrea Gottardo)
- create new home for API docs and split into catagory files (tailscale#12116) #12116 (Charlotte Brandhorst-Satzkorn)
- 8d12495: net/netcheck,wgengine/magicsock: add potential workaround for Palo Alto DIPP misbehavior (James Tucker) #12161
- adb7a86: cmd/stunc: support ipv6 address targets (tailscale#12166) (Jordan Whited) #12166
- include device and user invites API documentation (tailscale#12168) #12168 (Charlotte Brandhorst-Satzkorn)
- 47b3476: util/lru: add Clear method (Andrew Dunham) #12176
- 1384c24: control/controlclient: delete unused Client.Login Oauth2Token field (Brad Fitzpatrick) #12173
- 964282d: ipn,wgengine: remove vestigial Prefs.AllowSingleHosts (Brad Fitzpatrick) #12171
- 4f4f317: api.md: direct TOC links to new publicapi docs location (Charlotte Brandhorst-Satzkorn) #12175
- update license notices #12196 (License Updater)
- disable stateful filtering by default (tailscale#12197) #12197 (Andrew Lytvynov)
- 9351eec: net/netcheck: remove hairpin probes (James Tucker) #12205
- 72f0f53: cmd/k8s-operator: fix typo (tailscale#12217) (Irbe Krumina) #12217
- 3c9be07: cmd/derper: support TXT-mediated unpublished bootstrap DNS rollouts (Brad Fitzpatrick) #12219
- 538c2e8: tool/gocross: add debug data to CGO builds (James Tucker) #12223
- 4214e5f: logtail/backoff: update Backoff.BackOff docs (tailscale#12229) (Jordan Whited) #12229
- do not depend on the testing package #12233 (Maisem Ali)
- 87ee559: net/netcheck: apply some polish suggested from tailscale#12161 (James Tucker) #12164
- 8e4a294: util/pool: add package for storing and using a pool of items (Andrew Dunham) #12091
- d0d33f2: cmd/k8s-operator: add a note pointing at ProxyClass (tailscale#12246) (Irbe Krumina) #12246
- 5ad0dad: go generate directives reorder for 'make kube-generate-all' (tailscale#12210) (signed-long) #12210
- f1d10c1: ipn/ipnlocal: allowed suggested exit nodes policy (tailscale#12240) (Claire Wang) #12240
- 08a9551: ssh/tailssh: fall back to using su when no TTY available on Linux (Percy Wegmann) #11910
- dd77111: xcode/iOS: set MatchDomains when no route requires a custom DNS resolver (tailscale#10576) (Andrea Gottardo) #10576
- 0acb61f: serve.go, tsnet.go: Fix "in in" typo (tailscale#12279) (Walter Poupore) #12279
- 909a292: util/linuxfw: don't try cleaning iptables on gokrazy (Brad Fitzpatrick) #12284
- 2d2b62c: wgengine/router: probe generally-unused "ip" command style lazily (Brad Fitzpatrick) #12284
- 1ea100e: cmd/tailscaled, ipn/conffile: support ec2 user-data config file (Brad Fitzpatrick) #12287
- 776a052: ipn/ipnlocal: support c2n updates with old systemd versions (tailscale#12296) (Andrew Lytvynov) #12296
- 3212093: cmd/tailscale/cli: print node signature in
tailscale lock status(Anton Tolchanov) #12275 - fix dropReason metrics labels (tailscale#12288) #12288 ([Spike Curtis](0...
v1.66.4-sunos
Commits
- c7a51ae: net/tstun: do SNAT after filterPacketOutboundToWireGuard (tailscale#12140) (Andrew Lytvynov) #12140
- disable stateful filtering by default (tailscale#12197) (Andrew Lytvynov)
- e64efe4: VERSION.txt: this is v1.66.4 (Andrew Lytvynov)
- be2fad1: Merge tag 'v1.66.4' into sunos-1.66 (Nahum Shalman)