![David Anderson](/assets/img/avatar_default.png)
The effect is subtle: when we're not spraying packets, and have not yet figured out a curAddr, and we're not spraying, we end up sending to whatever the first IP is in the iteration order. In English, that means "when we have no idea where to send packets, and we've given up on sending to everyone, just send to the first addr we see in the list." This is, in general, what we want, because the addrs are in sorted preference order, low to high, and DERP is the least preferred destination. So, when we have no idea where to send, send to DERP, right? ... Except for very historical reasons, appendDests iterated through addresses in _reverse_ order, most preferred to least preferred. crawshaw@ believes this was part of the earliest handshaking algorithm magicsock had, where it slowly iterated through possible destinations and poked handshakes to them one at a time. Anyway, because of this historical reverse iteration, in the case described above of "we have no idea where to send", the code would end up sending to the _most_ preferred candidate address, rather than the _least_ preferred. So when in doubt, we'd end up firing packets into the blackhole of some LAN address that doesn't work, and connectivity would not work. This case only comes up if all your non-DERP connectivity options have failed, so we more or less failed to detect it because we didn't have a pathological test box deployed. Worse, codependent bug 2839854994f204a9e95e4d8d410490bb4f25e1fe made DERP accidentally work sometimes anyway by incorrectly exploiting roamAddr behavior, albeit at the cost of making DERP traffic symmetric. In fixing DERP to once again be asymmetric, we effectively removed the bandaid that was concealing this bug. Signed-Off-By: David Anderson <danderson@tailscale.com>
Tailscale
Private WireGuard® networks made easy
Overview
This repository contains all the open source Tailscale code. It currently includes the Linux client.
The Linux client is currently cmd/relaynode
, but will
soon be replaced by cmd/tailscaled
.
Using
We serve packages for a variety of distros at https://pkgs.tailscale.com .
Building
go install tailscale.com/cmd/tailscale{,d}
We only support the latest Go release and any Go beta or release candidate builds (currently Go 1.13.x or Go 1.14) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.
Bugs
Please file any issues about this code or the hosted service on the issue tracker.
Contributing
under_construction.gif
PRs welcome, but we are still working out our contribution process and tooling.
We require Developer Certificate of
Origin
Signed-off-by
lines in commits.
About Us
We are apenwarr, bradfitz, crawshaw, danderson, dfcarney, from Tailscale Inc. You can learn more about us from our website.
WireGuard is a registered trademark of Jason A. Donenfeld.