You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Go to file
Denton Gentry d2480fd508 net/netns: support !CAP_NET_ADMIN
netns_linux checked whether "ip rule" could run to determine
whether to use SO_MARK for network namespacing. However in
Linux environments which lack CAP_NET_ADMIN, such as various
container runtimes, the "ip rule" command succeeds but SO_MARK
fails due to lack of permission. SO_BINDTODEVICE would work in
these environments, but isn't tried.

In addition to running "ip rule" check directly whether SO_MARK
works or not. Among others, this allows Microsoft Azure App
Service and AWS App Runner to work.

Signed-off-by: Denton Gentry <dgentry@tailscale.com>
3 years ago
.github Run tests on integration test changes (#2373) 3 years ago
atomicfile atomicfile: don't Chmod on windows 4 years ago
client/tailscale cmd/tailscale: make netcheck use active DERP map, delete static copy 3 years ago
cmd net/netns: support !CAP_NET_ADMIN 3 years ago
control/controlclient control/controlclient: add debug knob to force node to only IPv6 self addr 3 years ago
derp derp: allow self node when verifying clients 3 years ago
disco all: adapt to opaque netaddr types 4 years ago
health wgengine/magicsock: always run ReceiveIPv6 4 years ago
hostinfo hostinfo: add AWS Fargate. 3 years ago
internal/tooldeps util/deephash: move internal/deephash to util/deephash 3 years ago
ipn ipn/localapi: fix inability to receive taildrop files w/ escaped names 3 years ago
log log/filelogger: move our Windows disk file writing+rotation package here 4 years ago
logpolicy logpolicy: set log target on windows based on a registry key (#1542) 4 years ago
logtail staticcheck.conf: turn off noisy lint errors 3 years ago
metrics metrics: add LabelMap.GetFloat 4 years ago
net net/netns: support !CAP_NET_ADMIN 3 years ago
packages/deb packages/deb: add package to extract metadata from .deb files. 4 years ago
paths cmd/tailscale/web: restrict web access to synology admins. 4 years ago
portlist staticcheck.conf: turn off noisy lint errors 3 years ago
safesocket safesocket: create the test socket in a temp dir 3 years ago
scripts derp: add counters to track the type of dropped packets. 3 years ago
smallzstd smallzstd: new package that constructs zstd small encoders/decoders. 4 years ago
syncs syncs: add AtomicUint32 3 years ago
tailcfg tailcfg: break DERPNode.DERPTestPort into DERPPort & InsecureForTests 3 years ago
tempfork tempfork/wireguard-windows/firewall: add. 4 years ago
tsconst net/netns: add windows support. 4 years ago
tsnet all: adapt to opaque netaddr types 4 years ago
tstest ipn/ipnlocal: save prefs to disk on UpdatePrefs 3 years ago
tstime tstime: add RandomDurationBetween helper 4 years ago
tsweb tsweb: replace NewMux with a more flexible DebugHandler. 4 years ago
types types/logger: fix deadlock RateLimitedFn reentrancy 3 years ago
util util/deephash: don't reflect.Copy if element type is a defined uint8 3 years ago
version version: don't allocate parsing unsupported versions, empty strings 3 years ago
wf wf: loopback condition should use MatchTypeFlagsAllSet. 4 years ago
wgengine wgengine/magicsock: fix latent data race in test 3 years ago
.gitattributes .gitattributes: add a smudge filter for go.mod. 5 years ago
.gitignore Revert "cmd/tailscaled: split package main into main shim + package" 4 years ago
AUTHORS Move Linux client & common packages into a public repo. 5 years ago
CODE_OF_CONDUCT.md Add a code of conduct. 5 years ago
Dockerfile build_docker.sh, Dockerfile: fix bug with shell quoting 4 years ago
LICENSE LICENSE: Reformat for Github 4 years ago
Makefile wgengine/netstack: fix 32-bit build broken from prior commit 4 years ago
PATENTS Move Linux client & common packages into a public repo. 5 years ago
README.md Switch to Go 1.16. 4 years ago
SECURITY.md Add a SECURITY.md for vulnerability reports. 5 years ago
VERSION.txt VERSION.txt: this is v1.11.0. 3 years ago
api.md api.md: update preview example 3 years ago
build_dist.sh build_dist.sh: add a command to output the shell vars. 4 years ago
build_docker.sh build_docker.sh: use build_dist.sh to inject version information 3 years ago
go.mod cmd/tailscale/cli: diagnose missing tailscaled on 'up' 3 years ago
go.sum cmd/tailscale/cli: diagnose missing tailscaled on 'up' 3 years ago
shell.nix add nix-shell boilerplate (#1028) 4 years ago
staticcheck.conf staticcheck.conf: remove unnecessary warning 3 years ago

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains all the open source Tailscale client code and the tailscaled daemon and tailscale CLI tool. The tailscaled daemon runs primarily on Linux; it also works to varying degrees on FreeBSD, OpenBSD, Darwin, and Windows.

The Android app is at https://github.com/tailscale/tailscale-android

Using

We serve packages for a variety of distros at https://pkgs.tailscale.com .

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers that are not open source.

Building

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

We only guarantee to support the latest Go release and any Go beta or release candidate builds (currently Go 1.16) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

WireGuard is a registered trademark of Jason A. Donenfeld.