Skip to content

v0.6.10 — peer-patch idle re-handshake + macOS route fix

Choose a tag to compare

View all tags
@GeiserX GeiserX released this 09 Jun 16:54
· 12 commits to main since this release
v0.6.10
f027739

Fixed

Incremental peer patches (MapResponse.peers_changed_patch) are now applied, not dropped.
The map-stream decoder logged and discarded these patches, so the per-peer updates control sends mid-session — chiefly a peer's UDP endpoints and home DERP region when an idle peer re-establishes connectivity — never reached the netmap. magicsock kept stale endpoints and couldn't re-handshake the moved peer, wedging idle sessions (observed as a ~3-minute idle failure in the exit-node egress path). Patches now surface as a new PeerUpdate::Patch and are merged in the peer tracker:

  • looked up by node id (an unknown id is ignored — a patch never creates a node),
  • only the fields the patch carries are merged onto the existing node,
  • the tailnet-lock (TKA) gate is re-run before upsert, so a key-rotation patch can't bypass trust enforcement — a patch whose new signature fails verification evicts the peer (fail-closed).

A full/delta resync in the same response still takes precedence.

macOS TUN bring-up no longer fails with "No such file or directory (os error 2)".
The host-networking layer invoked route(8) at /usr/sbin/route, which is the Linux/iproute2 location and does not exist on macOS (macOS ships route(8) in /sbin). The missing binary made every route install fail with ENOENT, which the TUN actor treats as fatal and fail-closes — so the interface never came up. Corrected to /sbin/route. (scutil(8) was already correct.)

This project is not associated with Tailscale Inc.

Assets 4
Loading