CodeCow/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2026-06-03 21:01:54 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
The easiest, most secure way to use WireGuard and 2FA.
10,361 Commits 1,116 Branches 228 Tags 150 MiB
Go 95.5%
C 1.6%
TypeScript 1%
Shell 0.6%
Swift 0.4%
Other 0.6%
bf467727fc
Go to file
Claus Lensbøl bf467727fc
control/controlclient,ipn/ipnlocal,wgengine: avoid restarting wireguard when key is learned via tsmp (#19142) 
When disco keys are learned on a node that is connected to control and
has a mapSession, wgengine will see the key as having changed, and
assume that any existing connections will need to be reset.

For keys learned via TSMP, the connection should not be reset as that
key is learned via an active wireguard connection. If wgengine resets
that connetion, a 15s timeout will occur.

This change adds a map to track new keys coming in via TSMP, and removes
them from the list of keys that needs to trigger wireguard resets. This
is done with an interface chain from controlclient down via localBackend
to userspaceEngine via the watchdog.

Once a key has been actively used for preventing a wireguard reset, the
key is removed from the map.

If mapSession becomes a long lived process instead of being dependent on
having a connection to control. This interface chain can be removed, and
the event sequence from wrap->controlClient->userspaceEngine, can be
changed to wrap->userspaceEngine->controlClient as we know the map will
not be gunked up with stale TSMP entries.

Updates #12639

Signed-off-by: Claus Lensbøl <claus@tailscale.com>
2026-03-30 14:26:08 -04:00
.bencher bencher: add config to suppress failures on benchmark regressions. 2021-10-01 16:16:02 -07:00
.github .github: Bump actions/download-artifact from 8.0.0 to 8.0.1 2026-03-27 14:55:59 +00:00
appc appc,feature/conn25: conn25: send address assignments to connector 2026-03-09 14:10:38 -07:00
atomicfile all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
chirp all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
client client/web: signal need to wait for auth across tabs 2026-03-11 08:15:21 +00:00
clientupdate all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
cmd cmd/tailscale: improve tailscale lock error message if no keys 2026-03-29 09:28:52 +01:00
control control/controlclient,ipn/ipnlocal,wgengine: avoid restarting wireguard when key is learned via tsmp (#19142) 2026-03-30 14:26:08 -04:00
derp derp: use AvailableBuffer for WriteFrameHeader, consolidate tests (#19101) 2026-03-24 18:08:01 -04:00
disco disco: remove experimental label from BindUDPRelayHandshakeState 2026-03-24 11:04:11 -07:00
docs docs: add commit message example (#19134) 2026-03-26 10:35:13 -07:00
doctor all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
drive all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
envknob all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
feature feature/conn25: install all the hooks 2026-03-27 11:52:34 -04:00
gokrazy gokrazy: fix busybox breakglass support, add test 2026-03-12 11:25:31 -07:00
health control,health,ipn: move IP forwarding check to health tracker (#19007) 2026-03-18 16:24:12 -04:00
hostinfo all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
internal cmd/tailscale/cli: allow fetching keys from AWS Parameter Store 2026-01-29 18:09:56 -05:00
ipn control/controlclient,ipn/ipnlocal,wgengine: avoid restarting wireguard when key is learned via tsmp (#19142) 2026-03-30 14:26:08 -04:00
jsondb all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
k8s-operator all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
kube kube/certs: discover TLS domains from TCP TerminateTLS handlers (#19020) 2026-03-17 18:35:39 +01:00
licenses licenses: update license notices 2026-03-24 11:40:14 -07:00
log all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
logpolicy all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
logtail all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
maths all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
metrics all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
net net,tsnet: fix the capitalisation of "Wireshark" 2026-03-26 19:39:29 +00:00
omit all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
packages/deb all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
paths all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
portlist portlist: also tb.Skip benchmarks (not just tests) on bad Linux kernels 2026-02-12 13:19:09 -08:00
posture all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
prober all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
proxymap all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
release release/dist/unixpkgs: include tailscale-online.target in packages 2026-03-26 13:42:58 -07:00
safesocket safesocket, ipn/ipnserver: use PeerCreds on solaris and illumos 2026-03-23 07:45:35 -07:00
safeweb all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
scripts scripts/installer.sh: handle KDE Linux (#18861) 2026-03-02 18:29:49 +00:00
sessionrecording all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
ssh/tailssh ipn/ipnlocal, feature/ssh: move SSH code out of LocalBackend to feature 2026-03-10 17:27:17 -07:00
syncs all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
tailcfg netns: add Android callback to bind socket to network (#18915) 2026-03-11 12:28:28 -07:00
tempfork feature/c2n: move answerC2N code + deps out of control/controlclient 2025-10-04 13:16:49 -07:00
tka tka: use constant-time comparison of disablement secret (#19064) 2026-03-20 11:30:26 -07:00
tool all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
tsconsensus all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
tsconst all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
tsd all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
tsnet tsnet: fix advertiseService dropping existing services 2026-03-29 15:50:39 -06:00
tstest cmd/tailscale: improve tailscale lock error message if no keys 2026-03-29 09:28:52 +01:00
tstime all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
tsweb all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
types types/key: use AvailableBuffer for WriteRawWithoutAllocating (#19102) 2026-03-24 18:08:08 -04:00
util derp,types,util: use bufio Peek+Discard for allocation-free fast reads (#19067) 2026-03-24 10:52:20 -04:00
version all: use Go 1.26 things, run most gofix modernizers 2026-03-06 13:32:03 -08:00
wf wf: allow limited broadcast to/from permitted interfaces when using an exit node on Windows 2026-01-23 18:30:38 -06:00
wgengine control/controlclient,ipn/ipnlocal,wgengine: avoid restarting wireguard when key is learned via tsmp (#19142) 2026-03-30 14:26:08 -04:00
wif wif: add AWS ecs for autogenerated OIDC tokens 2026-03-25 14:41:41 -06:00
words Add 'fish' to the list of scales 2026-03-27 08:41:33 +00:00
.gitattributes .: add .gitattributes entry to use Go hunk-header driver 2021-12-03 17:56:02 -08:00
.gitignore Add .stignore for syncthing (#18540) 2026-01-27 16:15:17 -08:00
.golangci.yml .github: Bump golangci/golangci-lint-action from 6.5.0 to 7.0.0 (#15476) 2025-04-14 16:04:36 -06:00
.stignore Add .stignore for syncthing (#18540) 2026-01-27 16:15:17 -08:00
ALPINE.txt docker: bump alpine v3.19 -> 3.22 (#17155) 2025-09-17 20:22:24 +01:00
api.md {api.md,publicapi}: remove old API docs (#13468) 2024-09-13 14:10:33 -06:00
assert_ts_toolchain_match.go .: permit running binary built with TS_GO_NEXT=1 2026-02-23 09:37:04 -08:00
build_dist.sh build_dist.sh: keep --extra-small making a usable build, add --min 2025-10-06 21:15:25 -07:00
build_docker.sh docker: add riscv64 to container image architectures 2026-03-29 07:47:39 -07:00
CODE_OF_CONDUCT.md CODE_OF_CONDUCT.md: update code of conduct 2025-10-28 08:58:00 -07:00
CODEOWNERS CODEOWNERS: add the start of an owners file 2023-08-16 15:57:29 -07:00
Dockerfile go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
Dockerfile.base all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
flake.lock nix: update flakes to get a nixpkgs version with go 1.26 2026-03-06 04:06:57 -08:00
flake.nix go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
go.mod go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
go.mod.sri go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
go.sum go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
go.toolchain.branch go.toolchain.branch: switch to Go 1.26 2026-03-04 21:57:05 -08:00
go.toolchain.next.branch tool/gocross, pull-toolchain.sh: support a "next" Go toolchain 2026-01-27 14:07:35 -08:00
go.toolchain.next.rev go.toolchain.*: bump for mips and synology segmentation violation fixes 2026-03-25 13:43:16 -05:00
go.toolchain.rev go.toolchain.*: bump for mips and synology segmentation violation fixes 2026-03-25 13:43:16 -05:00
go.toolchain.rev.sri go.toolchain.*: bump for mips and synology segmentation violation fixes 2026-03-25 13:43:16 -05:00
go.toolchain.version go.mod: bump to Go 1.26.1 2026-03-06 11:27:29 -08:00
gomod_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
header.txt all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
LICENSE all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
license_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
Makefile Makefile, cmd/*/depaware.txt: split out vendor packages explicitly 2025-10-01 13:02:06 -07:00
PATENTS Move Linux client & common packages into a public repo. 2020-02-09 09:32:57 -08:00
pkgdoc_test.go gokrazy: use monorepo for gokrazy appliance builds (monogok) 2026-02-13 16:19:14 -08:00
pull-toolchain.sh pull-toolchain.sh: advance the next hash if it's behind 2026-03-10 06:58:53 -07:00
README.md README: update the version of Go in the README (#19168) 2026-03-28 22:21:41 -03:00
SECURITY.md Add a SECURITY.md for vulnerability reports. 2020-02-11 10:26:41 -08:00
shell.nix go.mod: bump tailscale/wireguard-go 2026-03-16 13:51:04 -07:00
staticcheck.conf all: cleanup unused code, part 2 (#10670) 2023-12-21 17:40:03 -08:00
update-flake.sh flake.nix: update Nix to use tailscale/go 1.25.2 (#17500) 2025-10-08 14:37:47 -04:00
version_tailscale_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
version_test.go all: remove AUTHORS file and references to it 2026-01-23 15:49:45 -08:00
version-embed.go cmd/printdep: add --next flag to use rc Go build hash instead 2026-01-27 14:49:56 -08:00
VERSION.txt VERSION.txt: this is v1.97.0 (#18898) 2026-03-05 15:24:48 -05:00

README.md

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains the majority of Tailscale's open source code. Notably, it includes the tailscaled daemon and the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows, macOS, and to varying degrees on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.

Other Tailscale repos of note:

For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.

Using

We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.

Building

We always require the latest Go release, currently Go 1.26. (While we build releases with our Go fork, its use is not required.)

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See commit-messages.md (or skim git log) for our commit message style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

Legal

WireGuard is a registered trademark of Jason A. Donenfeld.