You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Tom DNetto c8f4dfc8c0 derp/derphttp,net/netcheck: improve netcheck behavior under MITM proxies
In cases where tailscale is operating behind a MITM proxy, we need to consider
that a lot more of the internals of our HTTP requests are visible and may be
used as part of authorization checks. As such, we need to 'behave' as closely
as possible to ideal.

 - Some proxies do authorization or consistency checks based the on Host header
   or HTTP URI, instead of just the IP/hostname/SNI. As such, we need to
   construct a `*http.Request` with a valid URI everytime HTTP is going to be
   used on the wire, even if its over TLS.
   Aside from the singular instance in net/netcheck, I couldn't find anywhere
   else a http.Request was constructed incorrectly.

 - Some proxies may deny requests, typically by returning a 403 status code. We
   should not consider these requests as a valid latency check, so netcheck
   semantics have been updated to consider >299 status codes as a failed probe.

Signed-off-by: Tom DNetto <tom@tailscale.com>
3 years ago
.bencher bencher: add config to suppress failures on benchmark regressions. 3 years ago
.github Revert ".github/workflows: work around golang/go#51629" 3 years ago
atomicfile atomicfile: don't Chmod on windows 4 years ago
chirp all: use any instead of interface{} 3 years ago
client/tailscale cmd/tailscale, etc: make "tailscale up --ssh" fail fast when unavailable 3 years ago
cmd cmd/tailscale: [ssh] enable StrictHostKeyChecking mode 3 years ago
control tailcfg, logtail: provide Debug bit to disable logtail 3 years ago
derp derp/derphttp,net/netcheck: improve netcheck behavior under MITM proxies 3 years ago
disco types/key: export constants for key size, not a method. 3 years ago
docs fix minor typo 3 years ago
envknob envknob: use the correct key when logging (#4319) 3 years ago
health net/dns: add health check for particular broken-ish Linux DNS config 3 years ago
hostinfo hostinfo, tailcfg: add desktop detection on Linux to hostinfo 3 years ago
internal/tooldeps util/deephash: move internal/deephash to util/deephash 3 years ago
ipn net/dns: schedule DoH upgrade explicitly, fix Resolver.Addr confusion 3 years ago
kube all: use any instead of interface{} 3 years ago
log all: use any instead of interface{} 3 years ago
logpolicy all: use any instead of interface{} 3 years ago
logtail tailcfg, logtail: provide Debug bit to disable logtail 3 years ago
metrics all: use testingutil.MinAllocsPerRun 3 years ago
net derp/derphttp,net/netcheck: improve netcheck behavior under MITM proxies 3 years ago
packages/deb all: use any instead of interface{} 3 years ago
paths cmd/tailscaled: default to userspace-networking mode on gokrazy, set paths 3 years ago
portlist envknob: add new package for all the strconv.ParseBool(os.Getenv(..)) 3 years ago
prober prober: used keyed initializer for LimitedReader. 3 years ago
safesocket safesocket: add ConnectionStrategy, provide control over fallbacks 3 years ago
scripts scripts: install gnupg only when apt-key is needed 3 years ago
smallzstd smallzstd: new package that constructs zstd small encoders/decoders. 4 years ago
ssh/tailssh ssh/tailssh: make checkStillValid also consider username changes 3 years ago
syncs syncs: use TryLock and TryRLock instead of unsafe 3 years ago
tailcfg tailcfg: clarify how SSHPolicy.Rules are evaluated between auth phases 3 years ago
tempfork go.mod, ssh/tailssh, tempfork/gliderlabs: bump x/crypto/ssh fork for NoClientAuthCallback 3 years ago
tool tool/go: add wrapper to download and use go.toolchain.rev go version. 3 years ago
tsconst net/interfaces/windows: update Tailscale interface detection logic to 3 years ago
tsnet tsnet: set Hostinfo.Package to "tsnet" on use 3 years ago
tstest ssh/tailssh: make the SSH server a singleton, register with LocalBackend 3 years ago
tstime tstime/mono: fix Before function comment 3 years ago
tsweb tsweb: add PrometheusVar, for vars that want to output varz themselves. 3 years ago
types net/dns: schedule DoH upgrade explicitly, fix Resolver.Addr confusion 3 years ago
util util/groupmember: remove redundant code (#4298) 3 years ago
version version: use Go 1.18's git stamping as default implementation 3 years ago
wf all: use any instead of interface{} 3 years ago
wgengine wgengine/monitor: do not set timeJumped on iOS/Android 3 years ago
words words: more hamsters, less hampsters (#3938) 3 years ago
.gitattributes .: add .gitattributes entry to use Go hunk-header driver 3 years ago
.gitignore Makefile: update make spk target to use the new go spk builder 3 years ago
AUTHORS Move Linux client & common packages into a public repo. 5 years ago
CODE_OF_CONDUCT.md Add a code of conduct. 5 years ago
Dockerfile Dockerfile: require Go 1.18 3 years ago
Dockerfile.base Dockerfile.base: update to alpine:3.15 3 years ago
LICENSE LICENSE: Reformat for Github 4 years ago
Makefile Makefile: add tidy target 3 years ago
PATENTS Move Linux client & common packages into a public repo. 5 years ago
README.md README.md: update current Go release 3 years ago
SECURITY.md Add a SECURITY.md for vulnerability reports. 5 years ago
VERSION.txt VERSION.txt: This is 1.23. 3 years ago
api.md api: update acl/validate data format (#4366) 3 years ago
build_dist.sh tool/go: add wrapper to download and use go.toolchain.rev go version. 3 years ago
build_docker.sh tool/go: add wrapper to download and use go.toolchain.rev go version. 3 years ago
go.mod go.mod: bump u-root 3 years ago
go.sum go.mod: bump u-root 3 years ago
go.toolchain.branch go.toolchain.branch: upgrade to Go 1.18 3 years ago
go.toolchain.rev go.toolchain.rev: update to go1.18.1 (#4438) 3 years ago
pull-toolchain.sh go.toolchain.rev: add update script 3 years ago
shell.nix shell.nix: use tailscale-go for compilation 3 years ago
staticcheck.conf staticcheck.conf: remove unnecessary warning 3 years ago
version-embed.go go.toolchain.rev: add Go toolchain rev, tool to print it out 3 years ago

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains all the open source Tailscale client code and the tailscaled daemon and tailscale CLI tool. The tailscaled daemon runs on Linux, Windows and macOS, and to varying degrees on FreeBSD, OpenBSD, and Darwin. (The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.)

The Android app is at https://github.com/tailscale/tailscale-android

The Synology package is at https://github.com/tailscale/tailscale-synology

Using

We serve packages for a variety of distros at https://pkgs.tailscale.com .

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers that are not open source.

Building

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

We only guarantee to support the latest Go release and any Go beta or release candidate builds (currently Go 1.18) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

WireGuard is a registered trademark of Jason A. Donenfeld.