tailscale/wgengine/netstack/netstack.go, branch debug-testwrapperThe easiest, most secure way to use WireGuard and 2FAhttp://git.waynecole.info/tailscale/atom?h=debug-testwrapper2026-01-23T23:49:45Zall: remove AUTHORS file and references to it2026-01-23T23:49:45ZWill Norriswill@tailscale.com2026-01-23T21:21:57Zurn:sha1:3ec5be3f510f74738179c1023468343a62a7e00f
This file was never truly necessary and has never actually been used in
the history of Tailscale's open source releases.
A Brief History of AUTHORS files
---
The AUTHORS file was a pattern developed at Google, originally for
Chromium, then adopted by Go and a bunch of other projects. The problem
was that Chromium originally had a copyright line only recognizing
Google as the copyright holder. Because Google (and most open source
projects) do not require copyright assignemnt for contributions, each
contributor maintains their copyright. Some large corporate contributors
then tried to add their own name to the copyright line in the LICENSE
file or in file headers. This quickly becomes unwieldy, and puts a
tremendous burden on anyone building on top of Chromium, since the
license requires that they keep all copyright lines intact.
The compromise was to create an AUTHORS file that would list all of the
copyright holders. The LICENSE file and source file headers would then
include that list by reference, listing the copyright holder as "The
Chromium Authors".
This also become cumbersome to simply keep the file up to date with a
high rate of new contributors. Plus it's not always obvious who the
copyright holder is. Sometimes it is the individual making the
contribution, but many times it may be their employer. There is no way
for the proejct maintainer to know.
Eventually, Google changed their policy to no longer recommend trying to
keep the AUTHORS file up to date proactively, and instead to only add to
it when requested: https://opensource.google/docs/releasing/authors.
They are also clear that:
> Adding contributors to the AUTHORS file is entirely within the
> project's discretion and has no implications for copyright ownership.
It was primarily added to appease a small number of large contributors
that insisted that they be recognized as copyright holders (which was
entirely their right to do). But it's not truly necessary, and not even
the most accurate way of identifying contributors and/or copyright
holders.
In practice, we've never added anyone to our AUTHORS file. It only lists
Tailscale, so it's not really serving any purpose. It also causes
confusion because Tailscalars put the "Tailscale Inc & AUTHORS" header
in other open source repos which don't actually have an AUTHORS file, so
it's ambiguous what that means.
Instead, we just acknowledge that the contributors to Tailscale (whoever
they are) are copyright holders for their individual contributions. We
also have the benefit of using the DCO (developercertificate.org) which
provides some additional certification of their right to make the
contribution.
The source file changes were purely mechanical with:
git ls-files | xargs sed -i -e 's/\(Tailscale Inc &\) AUTHORS/\1 contributors/g'
Updates #cleanup
Change-Id: Ia101a4a3005adb9118051b3416f5a64a4a45987d
Signed-off-by: Will Norris <will@tailscale.com>
tsnet: add support for a user-supplied tun.Device2026-01-23T01:29:55ZJames Tuckerjames@tailscale.com2026-01-16T04:35:41Zurn:sha1:63d563e7340b4712b9f2933f663057ce2dcfa4a4
tsnet users can now provide a tun.Device, including any custom
implementation that conforms to the interface.
netstack has a new option CheckLocalTransportEndpoints that when used
alongside a TUN enables netstack listens and dials to correctly capture
traffic associated with those sockets. tsnet with a TUN sets this
option, while all other builds leave this at false to preserve existing
performance.
Updates #18423
Signed-off-by: James Tucker <james@tailscale.com>
cmd/tailscaled: start implementing ts_omit_netstack2025-09-26T16:46:55ZBrad Fitzpatrickbradfitz@tailscale.com2025-09-26T01:48:14Zurn:sha1:f715ee2be97db4cbb976aaae5d8d9ea530be531b
Baby steps. This permits building without much of gvisor, but not all of it.
Updates #17283
Change-Id: I8433146e259918cc901fe86b4ea29be22075b32c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
wgengine/netstack/gro: permit building without GRO2025-09-26T16:07:48ZBrad Fitzpatrickbradfitz@tailscale.com2025-09-25T20:19:11Zurn:sha1:b3ae1cb0ccb73a0951cccdf4096e417c2739d455
This only saves ~32KB in the minimal linux/amd64 binary, but it's a
step towards permitting not depending on gvisor for small builds.
Updates #17283
Change-Id: Iae8da5e9465127de354dbcaf25e794a6832d891b
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
all: don't rebind variables in for loops2025-09-26T15:19:42ZAlex Chanalexc@tailscale.com2025-09-26T06:35:54Zurn:sha1:002ecb78d0c76d2e25bd7fb0b773f37c7c19dcb4
See https://tip.golang.org/wiki/LoopvarExperiment#does-this-mean-i-dont-have-to-write-x--x-in-my-loops-anymore
Updates https://github.com/tailscale/tailscale/issues/11058
Signed-off-by: Alex Chan <alexc@tailscale.com>
all: add ts_omit_serve, start making tailscale serve/funnel be modular2025-09-16T15:25:06ZBrad Fitzpatrickbradfitz@tailscale.com2025-09-14T03:20:08Zurn:sha1:4cca9f7c673f0a3b027b28170bd218520875ea4c
tailscaled tailscale combined (linux/amd64)
29853147 17384418 31412596 omitting everything
+ 621570 + 219277 + 554256 .. add serve
Updates #17128
Change-Id: I87c2c6c3d3fc2dc026c3de8ef7000a813b41d31c
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
wgengine/netstack: correctly proxy half-closed TCP connections2025-07-07T19:36:16ZNaman Soodmail@nsood.in2025-07-07T19:36:16Zurn:sha1:04d24cdbd4b551d95f85ca3b9b36ef147503d2b7
TCP connections are two unidirectional data streams, and if one of these
streams closes, we should not assume the other half is closed as well.
For example, if an HTTP client closes its write half of the connection
early, it may still be expecting to receive data on its read half, so we
should keep the server -> client half of the connection open, while
terminating the client -> server half.
Fixes tailscale/corp#29837.
Signed-off-by: Naman Sood <mail@nsood.in>wgengine/netstack: revert cubic cc to reno cc (#15677)2025-04-14T17:09:56ZJordan Whitedjordan@tailscale.com2025-04-14T17:09:56Zurn:sha1:62182fc37d44c0a8185b7d96f30465710dd68b66
Updates google/gvisor#11632
Updates tailscale/corp#27717
Signed-off-by: Jordan Whited <jordan@tailscale.com>net/{netx,memnet},all: add netx.DialFunc, move memnet Network impl2025-04-08T17:07:47ZBrad Fitzpatrickbradfitz@tailscale.com2025-04-08T15:32:27Zurn:sha1:fb96137d79628db5493603ac2fc67d2a92f6bc01
This adds netx.DialFunc, unifying a type we have a bazillion other
places, giving it now a nice short name that's clickable in
editors, etc.
That highlighted that my earlier move (03b47a55c7956) of stuff from
nettest into netx moved too much: it also dragged along the memnet
impl, meaning all users of netx.DialFunc who just wanted netx for the
type definition were instead also pulling in all of memnet.
So move the memnet implementation netx.Network into memnet, a package
we already had.
Then use netx.DialFunc in a bunch of places. I'm sure I missed some.
And plenty remain in other repos, to be updated later.
Updates tailscale/corp#27636
Change-Id: I7296cd4591218e8624e214f8c70dab05fb884e95
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
tsnet,wgengine: fix src to primary Tailscale IP for TCP dials2025-03-11T20:11:01ZFran Bullfran@tailscale.com2025-03-05T18:25:30Zurn:sha1:5ebc135397acbc2a217986b95f693e6a2c211fd8
Ensure that the src address for a connection is one of the primary
addresses assigned by Tailscale. Not, for example, a virtual IP address.
Updates #14667
Signed-off-by: Fran Bull <fran@tailscale.com>