73280595a8
A public key should only have max one connection to a given DERP node (or really: one connection to a node in a region). But if people clone their machine keys (e.g. clone their VM, Raspbery Pi SD card, etc), then we can get into a situation where a public key is connected multiple times. Originally, the DERP server handled this by just kicking out a prior connections whenever a new one came. But this led to reconnect fights where 2+ nodes were in hard loops trying to reconnect and kicking out their peer. Then a909d37a59f6e36f47209db4e6b16497715f8de9 tried to add rate limiting to how often that dup-kicking can happen, but empirically it just doesn't work and ~leaks a bunch of goroutines and TCP connections, tying them up for hour+ while more and more accumulate and waste memory. Mostly because we were doing a time.Sleep forever while not reading from their TCP connections. Instead, just accept multiple connections per public key but track which is the most recent. And if two both are writing back & forth, then optionally disable them both. That last part is only enabled in tests for now. The current default policy is just last-sender-wins while we gather the next round of stats. Updates #2751 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Tailscale
Private WireGuard® networks made easy
Overview
This repository contains all the open source Tailscale client code and
the tailscaled daemon and tailscale CLI tool. The tailscaled
daemon runs primarily on Linux; it also works to varying degrees on
FreeBSD, OpenBSD, Darwin, and Windows.
The Android app is at https://github.com/tailscale/tailscale-android
Using
We serve packages for a variety of distros at https://pkgs.tailscale.com .
Other clients
The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers that are not open source.
Building
go install tailscale.com/cmd/tailscale{,d}
If you're packaging Tailscale for distribution, use build_dist.sh
instead, to burn commit IDs and version info into the binaries:
./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled
If your distro has conventions that preclude the use of
build_dist.sh, please do the equivalent of what it does in your
distro's way, so that bug reports contain useful version information.
We only guarantee to support the latest Go release and any Go beta or release candidate builds (currently Go 1.16) in module mode. It might work in earlier Go versions or in GOPATH mode, but we're making no effort to keep those working.
Bugs
Please file any issues about this code or the hosted service on the issue tracker.
Contributing
PRs welcome! But please file bugs. Commit messages should reference bugs.
We require Developer Certificate of
Origin
Signed-off-by lines in commits.
About Us
Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:
- https://github.com/tailscale/tailscale/graphs/contributors
- https://github.com/tailscale/tailscale-android/graphs/contributors
Legal
WireGuard is a registered trademark of Jason A. Donenfeld.