You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Avery Pennarun 65fbb9c303 wgengine/filter: support subnet mask rules, not just /32 IPs.
This depends on improved support from the control server, to send the
new subnet width (Bits) fields. If these are missing, we fall back to
assuming their value is /32.

Conversely, if the server sends Bits fields to an older client, it will
interpret them as /32 addresses. Since the only rules we allow are
"accept" rules, this will be narrower or equal to the intended rule, so
older clients will simply reject hosts on the wider subnet (fail
closed).

With this change, the internal filter.Matches format has diverged
from the wire format used by controlclient, so move the wire format
into tailcfg and convert it to filter.Matches in controlclient.

Signed-off-by: Avery Pennarun <apenwarr@tailscale.com>
5 years ago
.github Disable staticcheck for tempfork packages. 5 years ago
atomicfile scripts: add a license header checker. 5 years ago
cmd Add prefs.ShieldsUp and --shields-up option. 5 years ago
control/controlclient wgengine/filter: support subnet mask rules, not just /32 IPs. 5 years ago
derp net/tlsdial: add package for TLS dials, and make DERP & controlclient use it 5 years ago
ipn ipn/local: differentiate Shields Up from Uninitialized in logs. 5 years ago
logpolicy logpolicy: also set up TLS dialing (for iOS) for log uploads 5 years ago
logtail backoff: add a LogLongerThan configuration. 5 years ago
metrics metrics: add a LabelMap type for variables with 1 label dimension. 5 years ago
net net/dnscache: don't use the Go resolver on Android 5 years ago
netcheck netcheck: aggregate spammy logging onto one concise line 5 years ago
paths paths: use /var/db for state on BSDs, and /var/run for sockets. 5 years ago
portlist portlist: don't depend on osexec package on ios, even if it's unused 5 years ago
ratelimit Move Linux client & common packages into a public repo. 5 years ago
safesocket safesocket: gofmt 5 years ago
scripts scripts: add a license header checker. 5 years ago
stun stun, stunner: clarify an error log message more 5 years ago
stunner stunner: fix data race. 5 years ago
syncs syncs: add new package for extra sync types 5 years ago
tailcfg wgengine/filter: support subnet mask rules, not just /32 IPs. 5 years ago
tempfork tempfork/x509: moved to tailscale/go's crypto/x509 instead 5 years ago
tstest tstest: rename from testy. 5 years ago
tstime tstime: hand-implement parseInt for specific needs of rfc3339 parsing. 5 years ago
tsweb tstest: rename from testy. 5 years ago
types all: remove unnecessary trailing newlines in format patterns for consistency 5 years ago
version version: bump date 5 years ago
wgengine wgengine/filter: support subnet mask rules, not just /32 IPs. 5 years ago
.gitattributes .gitattributes: add a smudge filter for go.mod. 5 years ago
.gitignore cmd/relaynode: drop local --acl-file in favour of central packet filter. 5 years ago
AUTHORS Move Linux client & common packages into a public repo. 5 years ago
CODE_OF_CONDUCT.md Add a code of conduct. 5 years ago
Dockerfile Dockerfile: add some usage docs, bump to Go 1.14 5 years ago
LICENSE Move Linux client & common packages into a public repo. 5 years ago
PATENTS Move Linux client & common packages into a public repo. 5 years ago
README.md Dockerfile: add some usage docs, bump to Go 1.14 5 years ago
SECURITY.md Add a SECURITY.md for vulnerability reports. 5 years ago
go.mod go.mod, go.sum: bump wireguard-go, tidy 5 years ago
go.sum go.mod, go.sum: bump wireguard-go, tidy 5 years ago

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains all the open source Tailscale code. It currently includes the Linux client.

The Linux client is currently cmd/relaynode, but will soon be replaced by cmd/tailscaled.

Using

We serve packages for a variety of distros at https://pkgs.tailscale.com .

Building

go install tailscale.com/cmd/tailscale{,d}

We only guarantee to support the latest Go release and any Go beta or release candidate builds (currently Go 1.14) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

under_construction.gif

PRs welcome, but we are still working out our contribution process and tooling.

We require Developer Certificate of Origin Signed-off-by lines in commits.

About Us

We are apenwarr, bradfitz, crawshaw, danderson, dfcarney, from Tailscale Inc. You can learn more about us from our website.

WireGuard is a registered trademark of Jason A. Donenfeld.