derpserver

package

v1.90.7 Latest Latest Go to latest Published: Nov 18, 2025 License: BSD-3-Clause Imports: 49 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/tailscale/tailscale

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package derpserver implements a DERP server.

Index ¶

Constants
Variables
func Handler(s *Server) http.Handler
func ProbeHandler(w http.ResponseWriter, r *http.Request)
func ServeNoContent(w http.ResponseWriter, r *http.Request)
type BytesSentRecv
type PacketForwarder
type Server
- func New(privateKey key.NodePrivate, logf logger.Logf) *Server
type ServerInfo

Constants ¶

View Source

const (
	NoContentChallengeHeader = "X-Tailscale-Challenge"
	NoContentResponseHeader  = "X-Tailscale-Response"
)

View Source

const (
	DefaultTCPWiteTimeout = 2 * time.Second
)

Variables ¶

View Source

var IdealNodeContextKey = ctxkey.New("ideal-node", "")

IdealNodeContextKey is the context key used to pass the IdealNodeHeader value from the HTTP handler to the DERP server's Accept method.

Functions ¶

func Handler ¶

func Handler(s *Server) http.Handler

Handler returns an http.Handler to be mounted at /derp, serving s.

func ProbeHandler ¶

func ProbeHandler(w http.ResponseWriter, r *http.Request)

ProbeHandler is the endpoint that clients without UDP access (including js/wasm) hit to measure DERP latency, as a replacement for UDP STUN queries.

func ServeNoContent ¶

func ServeNoContent(w http.ResponseWriter, r *http.Request)

ServeNoContent generates the /generate_204 response used by Tailscale's captive portal detection.

Types ¶

type BytesSentRecv ¶

type BytesSentRecv struct {
	Sent uint64
	Recv uint64
	// Key is the public key of the client which sent/received these bytes.
	Key key.NodePublic
}

BytesSentRecv records the number of bytes that have been sent since the last traffic check for a given process, as well as the public key of the process sending those bytes.

type PacketForwarder ¶

type PacketForwarder interface {
	ForwardPacket(src, dst key.NodePublic, payload []byte) error
	String() string
}

PacketForwarder is something that can forward packets.

It's mostly an interface for circular dependency reasons; the typical implementation is derphttp.Client. The other implementation is a multiForwarder, which this package creates as needed if a public key gets more than one PacketForwarder registered for it.

type Server ¶

type Server struct {
	// WriteTimeout, if non-zero, specifies how long to wait
	// before failing when writing to a client.
	WriteTimeout time.Duration
	// contains filtered or unexported fields
}

Server is a DERP server.

func New ¶

func New(privateKey key.NodePrivate, logf logger.Logf) *Server

New returns a new DERP server. It doesn't listen on its own. Connections are given to it via Server.Accept.

func (*Server) Accept ¶

func (s *Server) Accept(ctx context.Context, nc derp.Conn, brw *bufio.ReadWriter, remoteAddr string)

Accept adds a new connection to the server and serves it.

The provided bufio ReadWriter must be already connected to nc. Accept blocks until the Server is closed or the connection closes on its own.

Accept closes nc.

func (*Server) AddPacketForwarder ¶

func (s *Server) AddPacketForwarder(dst key.NodePublic, fwd PacketForwarder)

AddPacketForwarder registers fwd as a packet forwarder for dst. fwd must be comparable.

func (*Server) Close ¶

func (s *Server) Close() error

Close closes the server and waits for the connections to disconnect.

func (*Server) ConsistencyCheck ¶

func (s *Server) ConsistencyCheck() error

func (*Server) ExpVar ¶

func (s *Server) ExpVar() expvar.Var

ExpVar returns an expvar variable suitable for registering with expvar.Publish.

func (*Server) HasMeshKey ¶

func (s *Server) HasMeshKey() bool

HasMeshKey reports whether the server is configured with a mesh key.

func (*Server) IsClientConnectedForTest ¶

func (s *Server) IsClientConnectedForTest(k key.NodePublic) bool

IsClientConnectedForTest reports whether the client with specified key is connected. This is used in tests to verify that nodes are connected.

func (*Server) MeshKey ¶

func (s *Server) MeshKey() key.DERPMesh

MeshKey returns the configured mesh key, if any.

func (*Server) MetaCert ¶

func (s *Server) MetaCert() []byte

MetaCert returns the server metadata cert that can be sent by the TLS server to let the client skip a round trip during start-up.

func (*Server) ModifyTLSConfigToAddMetaCert ¶

func (s *Server) ModifyTLSConfigToAddMetaCert(c *tls.Config)

ModifyTLSConfigToAddMetaCert modifies c.GetCertificate to make it append s.MetaCert to the returned certificates.

It panics if c or c.GetCertificate is nil.

func (*Server) PrivateKey ¶

func (s *Server) PrivateKey() key.NodePrivate

PrivateKey returns the server's private key.

func (*Server) PublicKey ¶

func (s *Server) PublicKey() key.NodePublic

PublicKey returns the server's public key.

func (*Server) RemovePacketForwarder ¶

func (s *Server) RemovePacketForwarder(dst key.NodePublic, fwd PacketForwarder)

RemovePacketForwarder removes fwd as a packet forwarder for dst. fwd must be comparable.

func (*Server) ServeDebugTraffic ¶

func (s *Server) ServeDebugTraffic(w http.ResponseWriter, r *http.Request)

func (*Server) SetMeshKey ¶

func (s *Server) SetMeshKey(v string) error

SetMesh sets the pre-shared key that regional DERP servers used to mesh amongst themselves.

It must be called before serving begins.

func (*Server) SetTCPWriteTimeout ¶

func (s *Server) SetTCPWriteTimeout(d time.Duration)

SetTCPWriteTimeout sets the timeout for writing to connected clients. This timeout does not apply to mesh connections. Defaults to 2 seconds.

func (*Server) SetTailscaledSocketPath ¶

func (s *Server) SetTailscaledSocketPath(path string)

SetTailscaledSocketPath sets the unix socket path to use to talk to tailscaled if client verification is enabled.

If unset or set to the empty string, the default path for the operating system is used.

func (*Server) SetVerifyClient ¶

func (s *Server) SetVerifyClient(v bool)

SetVerifyClients sets whether this DERP server verifies clients through tailscaled.

It must be called before serving begins.

func (*Server) SetVerifyClientURL ¶

func (s *Server) SetVerifyClientURL(v string)

SetVerifyClientURL sets the admission controller URL to use for verifying clients. If empty, all clients are accepted (unless restricted by SetVerifyClient checking against tailscaled).

func (*Server) SetVerifyClientURLFailOpen ¶

func (s *Server) SetVerifyClientURLFailOpen(v bool)

SetVerifyClientURLFailOpen sets whether to allow clients to connect if the admission controller URL is unreachable.

type ServerInfo ¶

type ServerInfo = derp.ServerInfo

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL