mirror of
https://github.com/tailscale/tailscale.git
synced 2026-06-03 21:01:54 +08:00
The easiest, most secure way to use WireGuard and 2FA.
e58bab77db
WARNING: this is an unreviewed prototype; please do not assume this
works or is correct
The daemon's startBackendLocked reimplemented tsnet/tsnet.go's start()
nearly line-for-line — same tsd.NewSystem, netmon.New, tsdial.Dialer,
wgengine.NewUserspaceEngine, netstack.Create, netstack dial-hooks,
store.New, ipnlocal.NewLocalBackend, prefs, NeedsLogin handling, and
localapi.NewHandler. Plus the daemon kept its own GetTCPHandlerForFlow
listener registry, its own LocalAPI handler, and a hand-rolled
tailscaleIPs() reading from NetMapNoPeers.
This is a pure refactor: the daemon now constructs a tsnet.Server and
delegates to it. No tsnet code is touched.
startBackendLocked -> &tsnet.Server{...}.Start()
awaitRunning (Up) -> ts.Up(ctx)
RegisterListener -> ts.Listen + per-listener acceptLoop goroutine
serveDatapath dial -> ts.Dial
serveLocalAPI -> byte-splice via ts.LocalClient().Dial into
tsnet's in-process memnet localapi listener;
Hijacker and Flusher semantics still work
because we're a dumb byte pipe.
whoIs -> ts.LocalClient().WhoIs
tailscaleIPs -> ts.TailscaleIPs
CertDomains -> ts.CertDomains
Deletes the daemon-side getTCPHandlerForFlow / getUDPHandlerForFlow,
the listenerByKey registry, lookupListener, listenAddrFor +
pickEphemeralPort (tsnet's Listen handles port allocation), cmpOr,
the single-conn http.Server listener used to host our own localapi
handler, and the direct wgengine/magicsock/netstack/ipnlocal/
controlclient/tsdial/netmon/tsd/store/ipnauth/ipn/hostinfo imports.
Daemon size: 1160 -> 925 lines (-20%).
Mental surface in the daemon shrinks much more than the line count
because the heavy subsystems are no longer reached at all.
The integration test (TestTsnet2EndToEnd) still passes in ~8s; race
detector is clean. tsnet2/ (the client shim) is unchanged and still
imports zero of wgengine / magicsock / ipnlocal / netstack / localapi
/ controlclient (verified via go list -deps), so Goal 2 of the design
(WireGuard out of the app process) is preserved.
Minor behavior change: state file is now <state-dir>/tailscaled.state
instead of <state-dir>/tsnet2.state, because tsnet.Server picks the
filename. No v1 consumer depends on this.
Deferred: forwarding tsnet.Server.UserLogf (auth URLs etc.) over the
control channel to the app's UserLogf. tsnet logs them to its own
log.Printf for now.
|
||
|---|---|---|
| .bencher | ||
| .github | ||
| appc | ||
| atomicfile | ||
| chirp | ||
| client | ||
| clientupdate | ||
| cmd | ||
| control | ||
| derp | ||
| disco | ||
| docs | ||
| doctor | ||
| drive | ||
| envknob | ||
| feature | ||
| gokrazy | ||
| health | ||
| hostinfo | ||
| internal | ||
| ipn | ||
| jsondb | ||
| k8s-operator | ||
| kube | ||
| licenses | ||
| log | ||
| logpolicy | ||
| logtail | ||
| metrics | ||
| misc | ||
| net | ||
| omit | ||
| packages/deb | ||
| paths | ||
| portlist | ||
| posture | ||
| prober | ||
| proxymap | ||
| release | ||
| safesocket | ||
| safeweb | ||
| scripts | ||
| sessionrecording | ||
| ssh/tailssh | ||
| syncs | ||
| tailcfg | ||
| tempfork | ||
| tka | ||
| tool | ||
| tsconsensus | ||
| tsconst | ||
| tsd | ||
| tsnet | ||
| tsnet2 | ||
| tstest | ||
| tstime | ||
| tsweb | ||
| types | ||
| util | ||
| version | ||
| wf | ||
| wgengine | ||
| wif | ||
| words | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| .stignore | ||
| ALPINE.txt | ||
| api.md | ||
| assert_ts_toolchain_match.go | ||
| build_dist.sh | ||
| build_docker.sh | ||
| cache_key_test.go | ||
| CODE_OF_CONDUCT.md | ||
| CODEOWNERS | ||
| Dockerfile | ||
| Dockerfile.base | ||
| flake.lock | ||
| flake.nix | ||
| flakehashes.json | ||
| go.mod | ||
| go.sum | ||
| go.toolchain.branch | ||
| go.toolchain.next.branch | ||
| go.toolchain.next.rev | ||
| go.toolchain.rev | ||
| go.toolchain.version | ||
| gomod_test.go | ||
| header.txt | ||
| LICENSE | ||
| license_test.go | ||
| Makefile | ||
| PATENTS | ||
| pkgdoc_test.go | ||
| PLAN.tsnet2.md | ||
| pull-toolchain.sh | ||
| README.md | ||
| SECURITY.md | ||
| shell.nix | ||
| staticcheck.conf | ||
| version_tailscale_test.go | ||
| version_test.go | ||
| version-embed.go | ||
| VERSION.txt | ||
Tailscale
Private WireGuard® networks made easy
Overview
This repository contains the majority of Tailscale's open source code.
Notably, it includes the tailscaled daemon and
the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows,
macOS, and to varying degrees
on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's
code, but this repo doesn't contain the mobile GUI code.
Other Tailscale repos of note:
- the Android app is at https://github.com/tailscale/tailscale-android
- the Synology package is at https://github.com/tailscale/tailscale-synology
- the QNAP package is at https://github.com/tailscale/tailscale-qpkg
- the Chocolatey packaging is at https://github.com/tailscale/tailscale-chocolatey
For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.
Using
We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.
Other clients
The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.
Building
We always require the latest Go release, currently Go 1.26. (While we build releases with our Go fork, its use is not required.)
go install tailscale.com/cmd/tailscale{,d}
If you're packaging Tailscale for distribution, use build_dist.sh
instead, to burn commit IDs and version info into the binaries:
./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled
If your distro has conventions that preclude the use of
build_dist.sh, please do the equivalent of what it does in your
distro's way, so that bug reports contain useful version information.
Bugs
Please file any issues about this code or the hosted service on the issue tracker.
Contributing
PRs welcome! But please file bugs. Commit messages should reference bugs.
We require Developer Certificate of
Origin
Signed-off-by lines in commits.
See commit-messages.md (or skim git log) for our commit message style.
About Us
Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:
- https://github.com/tailscale/tailscale/graphs/contributors
- https://github.com/tailscale/tailscale-android/graphs/contributors
Legal
WireGuard is a registered trademark of Jason A. Donenfeld.