You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Brad Fitzpatrick 73280595a8 derp: accept dup clients without closing prior's connection
A public key should only have max one connection to a given
DERP node (or really: one connection to a node in a region).

But if people clone their machine keys (e.g. clone their VM, Raspbery
Pi SD card, etc), then we can get into a situation where a public key
is connected multiple times.

Originally, the DERP server handled this by just kicking out a prior
connections whenever a new one came. But this led to reconnect fights
where 2+ nodes were in hard loops trying to reconnect and kicking out
their peer.

Then a909d37a59 tried to add rate
limiting to how often that dup-kicking can happen, but empirically it
just doesn't work and ~leaks a bunch of goroutines and TCP
connections, tying them up for hour+ while more and more accumulate
and waste memory. Mostly because we were doing a time.Sleep forever
while not reading from their TCP connections.

Instead, just accept multiple connections per public key but track
which is the most recent. And if two both are writing back & forth,
then optionally disable them both. That last part is only enabled in
tests for now. The current default policy is just last-sender-wins
while we gather the next round of stats.

Updates #2751

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
3 years ago
.github github: set GOOS/GOARCH for `go list` 3 years ago
atomicfile
chirp wgengine/userspace: add support to automatically enable/disable the tailscale 3 years ago
client/tailscale client/tailscale,ipn/localapi: warn on tailscale/tailscaled version skew 3 years ago
cmd wgengine/magicsock: delete legacy AddrSet endpoints. 3 years ago
control fix: typo spelling grammar 3 years ago
derp derp: accept dup clients without closing prior's connection 3 years ago
disco
docs/bird wgengine/userspace: add support to automatically enable/disable the tailscale 3 years ago
health
hostinfo hostinfo: set DeviceModel from Linux devicetree model 3 years ago
internal/tooldeps
ipn tailcfg,ipn/ipnlocal: support DNSConfig.Routes with empty values [mapver 23] 3 years ago
log
logpolicy
logtail logtail: add a re-usable buffer for uploads 3 years ago
metrics
net all: add (*testing.B).ReportAllocs() to every benchmark 3 years ago
packages/deb
paths
portlist portlist: fix build tag to build only on macOS, not macOS+iOS. 3 years ago
safesocket fix: typo spelling grammar 3 years ago
scripts
smallzstd
syncs
tailcfg tailcfg,ipn/ipnlocal: support DNSConfig.Routes with empty values [mapver 23] 3 years ago
tempfork/pprof tempfork/wireguard-windows: remove the old windows firewall code now that we are no 3 years ago
tsconst
tsnet
tstest tstest/integration/vms: turn on logcatcher logging by default 3 years ago
tstime all: add (*testing.B).ReportAllocs() to every benchmark 3 years ago
tsweb fix: typo spelling grammar 3 years ago
types types/wgkey: add TODO for a future API change. 3 years ago
util util/deephash: remove soon to be deleted field from wgcfg. 3 years ago
version version: bump date 3 years ago
wf
wgengine all: add (*testing.B).ReportAllocs() to every benchmark 3 years ago
words words: add more tails and scales 3 years ago
.gitattributes
.gitignore
AUTHORS
CODE_OF_CONDUCT.md
Dockerfile
LICENSE
Makefile Makefile: add a linux/arm check 3 years ago
PATENTS
README.md
SECURITY.md
VERSION.txt VERSION.txt: new unstable v1.15.0 3 years ago
api.md Minor corrections to the API documentation 3 years ago
build_dist.sh
build_docker.sh
go.mod net/tstun: use unix.Ifreq type for Linux TAP interface configuration 3 years ago
go.sum net/tstun: use unix.Ifreq type for Linux TAP interface configuration 3 years ago
shell.nix
staticcheck.conf

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains all the open source Tailscale client code and the tailscaled daemon and tailscale CLI tool. The tailscaled daemon runs primarily on Linux; it also works to varying degrees on FreeBSD, OpenBSD, Darwin, and Windows.

The Android app is at https://github.com/tailscale/tailscale-android

Using

We serve packages for a variety of distros at https://pkgs.tailscale.com .

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers that are not open source.

Building

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

We only guarantee to support the latest Go release and any Go beta or release candidate builds (currently Go 1.16) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

WireGuard is a registered trademark of Jason A. Donenfeld.