v1.68.1-sunos
·
564 commits
to sunos-1.76
since this release
Commits
- 7901925: VERSION.txt: this is v1.67.0 (tailscale#12063) (Nick O'Neill) #12063
- 8f7f9ac: wgengine/netstack: handle 4via6 routes that are advertised by the same node (Andrew Dunham) #12016
- b5dbf15: cmd/k8s-operator: default nameserver image to tailscale/k8s-nameserver:unstable (tailscale#11991) (Irbe Krumina) #11991
- ac638f3: util/linuxfw: fix stateful packet filtering in nftables mode (Anton Tolchanov) #12068
- 21abb7f: cmd/tailscale: add missing set flags for linux (Maisem Ali) #12072
- 25e32cc: util/linuxfw: fix table name in DelStatefulRule (Andrew Dunham) #12077
- 5708fc0: wgengine/router: print Docker warning when stateful filtering is enabled (Andrew Dunham) #12076
- e070af7: ipnlocal, magicsock: add more description to storing last suggested exit (tailscale#11998) (Claire Wang) #11998
- d86d1e7: cmd/k8s-operator,cmd/containerboot,ipn,k8s-operator: turn off stateful filter for egress proxies. (tailscale#12075) (Irbe Krumina) #12075
- parse depth 1 PROPFIND results to include children in cache #12000 (Percy Wegmann)
- split user facing and backend logging #12095 (Maisem Ali)
- I had a feline we were missing some words (tailscale#12098) #12098 (Charlotte Brandhorst-Satzkorn)
- 79b2d42: types/views: move AsMap to Map from *Map (Maisem Ali) #12103
- add some fruit with scales (tailscale#8460) #8460 (Parker Higgins)
- 8aa5c35: ipn/ipnlocal: simplify authURL vs authURLSticky, remove interact field (Brad Fitzpatrick) #12096
- 7ef2f72: util/linuxfw: fix IPv6 availability check for nftables (tailscale#12009) (Irbe Krumina) #12009
- remove stats goroutine, use a timer #12130 (Andrew Dunham)
- fix macOS uploads by increasing build number prefix (tailscale#12134) #12134 (Andrea Gottardo)
- 1f51bb6: net/tstun: do SNAT after filterPacketOutboundToWireGuard (Maisem Ali) #12133
- plumb a now-required netmon to derphttp #12142 (Brad Fitzpatrick)
- 7f83f9f: Net/DNS/Publicdns: update the IPv6 range that we use to recreate route endpoint for control D (Kevin Liang) #12145
- add Info func to expose EmbeddedInfo #12147 (Maisem Ali)
- b094e8c: api.md: document user invite apis (Sonia Appasamy) #12074
- 8994760: api.md: document device invite apis (Sonia Appasamy) #12064
- 359ef61: Revert "version: add Info func to expose EmbeddedInfo" (Maisem Ali) #12155
- add GitCommitTime to Meta #12155 (Maisem Ali)
- 76c30e0: cmd/containerboot: warn when an ingress proxy with an IPv4 tailnet address is being created for an IPv6 backend(s) (tailscale#12159) (Irbe Krumina) #12159
- 87f00d7: tool/gocross: treat empty GOOS/GOARCH as native GOOS/GOARCH (James Tucker) #12160
- rewrite LOCK paths #12137 (Percy Wegmann)
- allow ICMP ping relay on macOS + iOS platforms (tailscale#12048) #12048 (Andrea Gottardo)
- create new home for API docs and split into catagory files (tailscale#12116) #12116 (Charlotte Brandhorst-Satzkorn)
- 8d12495: net/netcheck,wgengine/magicsock: add potential workaround for Palo Alto DIPP misbehavior (James Tucker) #12161
- adb7a86: cmd/stunc: support ipv6 address targets (tailscale#12166) (Jordan Whited) #12166
- include device and user invites API documentation (tailscale#12168) #12168 (Charlotte Brandhorst-Satzkorn)
- 47b3476: util/lru: add Clear method (Andrew Dunham) #12176
- 1384c24: control/controlclient: delete unused Client.Login Oauth2Token field (Brad Fitzpatrick) #12173
- 964282d: ipn,wgengine: remove vestigial Prefs.AllowSingleHosts (Brad Fitzpatrick) #12171
- 4f4f317: api.md: direct TOC links to new publicapi docs location (Charlotte Brandhorst-Satzkorn) #12175
- update license notices #12196 (License Updater)
- disable stateful filtering by default (tailscale#12197) #12197 (Andrew Lytvynov)
- 9351eec: net/netcheck: remove hairpin probes (James Tucker) #12205
- 72f0f53: cmd/k8s-operator: fix typo (tailscale#12217) (Irbe Krumina) #12217
- 3c9be07: cmd/derper: support TXT-mediated unpublished bootstrap DNS rollouts (Brad Fitzpatrick) #12219
- 538c2e8: tool/gocross: add debug data to CGO builds (James Tucker) #12223
- 4214e5f: logtail/backoff: update Backoff.BackOff docs (tailscale#12229) (Jordan Whited) #12229
- do not depend on the testing package #12233 (Maisem Ali)
- 87ee559: net/netcheck: apply some polish suggested from tailscale#12161 (James Tucker) #12164
- 8e4a294: util/pool: add package for storing and using a pool of items (Andrew Dunham) #12091
- d0d33f2: cmd/k8s-operator: add a note pointing at ProxyClass (tailscale#12246) (Irbe Krumina) #12246
- 5ad0dad: go generate directives reorder for 'make kube-generate-all' (tailscale#12210) (signed-long) #12210
- f1d10c1: ipn/ipnlocal: allowed suggested exit nodes policy (tailscale#12240) (Claire Wang) #12240
- 08a9551: ssh/tailssh: fall back to using su when no TTY available on Linux (Percy Wegmann) #11910
- dd77111: xcode/iOS: set MatchDomains when no route requires a custom DNS resolver (tailscale#10576) (Andrea Gottardo) #10576
- 0acb61f: serve.go, tsnet.go: Fix "in in" typo (tailscale#12279) (Walter Poupore) #12279
- 909a292: util/linuxfw: don't try cleaning iptables on gokrazy (Brad Fitzpatrick) #12284
- 2d2b62c: wgengine/router: probe generally-unused "ip" command style lazily (Brad Fitzpatrick) #12284
- 1ea100e: cmd/tailscaled, ipn/conffile: support ec2 user-data config file (Brad Fitzpatrick) #12287
- 776a052: ipn/ipnlocal: support c2n updates with old systemd versions (tailscale#12296) (Andrew Lytvynov) #12296
- 3212093: cmd/tailscale/cli: print node signature in
tailscale lock status(Anton Tolchanov) #12275 - fix dropReason metrics labels (tailscale#12288) #12288 (Spike Curtis)
- rename AccessLogRecord's When to Time #12204 (Marwan Sulaiman)
- add some guardrails for derpReason metrics getting out of sync #12304 (Brad Fitzpatrick)
- 1ec0273: docs/k8s: fix subnet router manifests (tailscale#12305) (Irbe Krumina) #12305
- 0a5bd63: ipn/store/kubestore, cmd/containerboot: allow overriding client api server URL via ENV (tailscale#12115) (ChandonPierre) #12115
- use strings.CutPrefix for CheckTag; add test #12313 (Andrew Dunham)
- c2a4719: cmd/tailscale/cli: allow 'tailscale up' to succeed if --stateful-filtering is not explicitly set on linux (tailscale#12312) (Irbe Krumina) #12312
- mention when Alpine system upgrade is needed (tailscale#12306) #12306 (Andrew Lytvynov)
- 42cfbf4: tsnet,wgengine/netstack: add ListenPacket and tests (Maisem Ali) #12184
- 01847e0: ipn/ipnlocal: discard node keys that have been rotated out (Anton Tolchanov) #12276
- ced9a0d: net/dns: fix typo in OSConfig logging (tailscale#12330) (Andrew Dunham) #12330
- db6447c: ipn/ipnlocal: simplify suggest exit node tests (Adrian Dewhurst) #12316
- log how often routeInfo is stored #12238 (Fran Bull)
- update license notices #12253 (License Updater)
- d21c002: cmd/stunstamp: implement service to measure DERP STUN RTT (tailscale#12241) (Jordan Whited) #12241
- 3bf2bdd: ipn/ipnlocal: improve testability of random node selection (Adrian Dewhurst) #12333
- return net.Listener from s.listen #12337 (Maisem Ali)
- 0b1a858: cmd/natc: initial implementation of a NAT based connector (Maisem Ali) #12315
- add prototype Tailscale appliance, build tooling, docs #12323 (Brad Fitzpatrick)
- 2f2f588: cmd/natc: use ListenPacket (Maisem Ali) #12338
- bc4c8b6: ipn/ipnlocal: periodically run auto-updates when "offline" (tailscale#12118) (Andrew Lytvynov) #12118
- ba0dd49: cmd/stunstamp: validate STUN tx ID in responses (tailscale#12339) (Jordan Whited) #12339
- 379e2bf: ipn/ipnlocal: stop offline auto-updates on shutdown (tailscale#12342) (Andrew Lytvynov) #12342
- 1dc3136: cmd/k8s-operator: Support image 'repo' or 'repository' keys in helm values file (tailscale#12285) (signed-long) #12285
- cf9f507: ipn/ipnlocal: only build allowed suggested node list once (Adrian Dewhurst) #12335
- d636407: net/dns: don't set MatchDomains on Apple platforms when no upstream nameservers available (tailscale#12334) (Andrea Gottardo) #12334
- 8257619: tailcfg,cmd/k8s-operator: moves tailscale.com/cap/kubernetes peer cap to tailcfg (tailscale#12235) (Irbe Krumina) #12235
- 347e3f3: go.mod,ipn/ipnlocal: update the ACME fork (tailscale#12343) (Andrew Lytvynov) #12343
- update breakglass with now-upstreamed ec2 change #12344 (Brad Fitzpatrick)
- cf1e6c6: cmd/stunstamp: fix remote write retry (tailscale#12348) (Jordan Whited) #12348
- add a new error when HTTPS enabled but MagicDNC Disabled (tailscale#12364) #12364 (Jun)
- d2d459d: cmd/natc: add --ignore-destinations flag (Fran Bull) #12341
- use math/rand/v2 more #12368 (Maisem Ali)
- 573c8bd: cmd/natc: add --wg-port flag (Fran Bull) #12366
- 36e8e8c: wgengine/magicsock: use math/rands/v2 (Maisem Ali) #12369
- b8cf852: go.toolchain.rev: update to go 1.22.4 (tailscale#12365) (Andrew Lytvynov) #12365
- add optional on completion callback func #11185 (Kristoffer Dalby)
- 8450a18: net/netcheck: flesh out some logging in error paths (Brad Fitzpatrick) #12377
- 1ca323a: net/netcheck: fix probeProto.String result for IPv6 probes (Brad Fitzpatrick) #12379
- 6e10671: cmd/stunstamp: support probing multiple ports (tailscale#12356) (Jordan Whited) #12356
- 8a11a43: cmd/derpprobe: support 'local' derpmap to get derp map via LocalAPI (Brad Fitzpatrick) #12386
- 34e8820: util/winutil: add conpty package and helper for building windows.StartupInfoEx (Aaron Klotz) #12384
- fix lint warnings #12389 (Andrew Dunham)
- b652219: tailcfg,net/dns: add controlknob to disable battery split DNS on iOS (tailscale#12346) (Andrea Gottardo) #12346
- 7a7e314: ipn/ipnlocal,clientupdate: allow auto-updates in contaienrs (tailscale#12391) (Andrew Lytvynov) #12391
- 0219317: ipn/ipnlocal: improve sticky last suggestion (Adrian Dewhurst) #12358
- 916c4db: net/dns: fix crash in tests (Brad Fitzpatrick) #12397
- 3a6d3f1: cmd/k8s-operator,k8s-operator,go.{mod,sum}: make individual proxy images/image pull policies configurable (tailscale#11928) (Irbe Krumina) #11928
- 23e26e5: cmd/k8s-operator,k8s-opeerator: include Connector's MagicDNS name and tailnet IPs in status (tailscale#12359) (Tom Proctor) #12359
- 53d9cac: k8s-operator/apis/v1alpha1,cmd/k8s-operator/deploy/examples: update DNSConfig description (tailscale#11971) (Irbe Krumina) #11971
- 807934f: cmd/k8s-operator,k8s-operator: allow proxies accept advertized routes. (tailscale#12388) (Irbe Krumina) #12388
- log how many routes are being written #12401 (Fran Bull)
- c3e2b73: tailcfg,cmd/k8s-operator,kube: move Kubernetes cap to a location that can be shared with control (tailscale#12236) (Irbe Krumina) #12236
- df86576: util/winutil: add AllocateContiguousBuffer and SetNTString helper funcs (Aaron Klotz) #12387
- 6f2bae0: cmd/k8s-nameserver: fix AAAA record query response (tailscale#12412) (Irbe Krumina) #12412
- bc53ebd: ipn/{ipnlocal,localapi},net/netkernelconf,client/tailscale,cmd/containerboot: optionally enable UDP GRO forwarding for containers (tailscale#12410) (Irbe Krumina) #12410
- 93cd2ab: util/singleflight: add DoChanContext (Andrew Dunham) #12003
- bump capver for NodeAttrDisableSplitDNSWhenNoCustomResolvers #12419 (Nick Khyl)
- add ConnectContext #12422 (Maisem Ali)
- 4cdc4ed: net/dns/resolver: return an empty successful response instead of NXDomain when resolving A records for 4via6 domains (Nick Khyl) #12420
- 3511d1f: cmd/tailscaled, net/dns, wgengine/router: start Windows child processes with DETACHED_PROCESS when I/O is being piped (Aaron Klotz) #12367
- a95ea31: kube,tailcfg: store parsed recorder tags in a separate field (tailscale#12429) (Irbe Krumina) #12429
- fix typo (tailscale#12437) #12437 (Irbe Krumina)
- fix error formatting bug #12440 (JunYanBJSS)
- 52ddf0d: VERSION.txt: this is v1.68.0 (Mario Minardi)
- 87a6138: wgengine/netstack: fix 4via6 subnet routes (tailscale#12454) (tailscale#12455) (Irbe Krumina) #12455
- a334efa: ssh/tailssh: check IsSELinuxEnforcing in tailscaled process (Percy Wegmann) #12451
- 92eacec: VERSION.txt: this is v1.68.1 (Percy Wegmann)
- 7d52801: illumos/solaris support rebased onto 1.68.1 (Nahum Shalman)
- e2fc774: build tailscale client (Kevin Meziere)