Documentation
¶
Overview ¶
Package ipnstate captures the entire state of the Tailscale network.
It's a leaf package so ipn, wgengine, and magicsock can all depend on it.
Index ¶
- func SortPeers(peers []*PeerStatus)
- type DebugDERPRegionReport
- type ExitNodeStatus
- type NetworkLockStatus
- type NetworkLockUpdate
- type PeerStatus
- type PeerStatusLite
- type PingResult
- type SelfUpdateStatus
- type Status
- type StatusBuilder
- func (sb *StatusBuilder) AddPeer(peer key.NodePublic, st *PeerStatus)
- func (sb *StatusBuilder) AddTailscaleIP(ip netip.Addr)
- func (sb *StatusBuilder) AddUser(id tailcfg.UserID, up tailcfg.UserProfile)
- func (sb *StatusBuilder) MutateSelfStatus(f func(*PeerStatus))
- func (sb *StatusBuilder) MutateStatus(f func(*Status))
- func (sb *StatusBuilder) Status() *Status
- type StatusUpdater
- type TKAFilteredPeer
- type TKAKey
- type TailnetStatus
- type UpdateProgress
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SortPeers ¶
func SortPeers(peers []*PeerStatus)
SortPeers sorts peers by either their DNS name, hostname, Tailscale IP, or ultimately their current public key.
Types ¶
type DebugDERPRegionReport ¶
DebugDERPRegionReport is the result of a "tailscale debug derp" command, to let people debug a custom DERP setup.
type ExitNodeStatus ¶
type ExitNodeStatus struct {
// ID is the exit node's ID.
ID tailcfg.StableNodeID
// Online is whether the exit node is alive.
Online bool
// TailscaleIPs are the exit node's IP addresses assigned to the node.
TailscaleIPs []netip.Prefix
}
ExitNodeStatus describes the current exit node.
type NetworkLockStatus ¶
type NetworkLockStatus struct {
// Enabled is true if network lock is enabled.
Enabled bool
// Head describes the AUM hash of the leaf AUM. Head is nil
// if network lock is not enabled.
Head *[32]byte
// PublicKey describes the node's network-lock public key.
// It may be zero if the node has not logged in.
PublicKey key.NLPublic
// NodeKey describes the node's current node-key. This field is not
// populated if the node is not operating (i.e. waiting for a login).
NodeKey *key.NodePublic
// NodeKeySigned is true if our node is authorized by network-lock.
NodeKeySigned bool
// TrustedKeys describes the keys currently trusted to make changes
// to network-lock.
TrustedKeys []TKAKey
// FilteredPeers describes peers which were removed from the netmap
// (i.e. no connectivity) because they failed tailnet lock
// checks.
FilteredPeers []*TKAFilteredPeer
// StateID is a nonce associated with the network lock authority,
// generated upon enablement. This field is not populated if the
// network lock is disabled.
StateID uint64
}
NetworkLockStatus represents whether network-lock is enabled, along with details about the locally-known state of the tailnet key authority.
type NetworkLockUpdate ¶
type NetworkLockUpdate struct {
Hash [32]byte
Change string // values of tka.AUMKind.String()
// Raw contains the serialized AUM. The AUM is sent in serialized
// form to avoid transitive dependences bloating this package.
Raw []byte
}
NetworkLockUpdate describes a change to network-lock state.
type PeerStatus ¶
type PeerStatus struct {
ID tailcfg.StableNodeID
PublicKey key.NodePublic
HostName string // HostInfo's Hostname (not a DNS name or necessarily unique)
// DNSName is the Peer's FQDN. It ends with a dot.
// It has the form "host.<MagicDNSSuffix>."
DNSName string
OS string // HostInfo.OS
UserID tailcfg.UserID
// if it's different than UserID. Otherwise it's zero.
AltSharerUserID tailcfg.UserID `json:",omitempty"`
// TailscaleIPs are the IP addresses assigned to the node.
TailscaleIPs []netip.Addr
// AllowedIPs are IP addresses allowed to route to this node.
AllowedIPs *views.Slice[netip.Prefix] `json:",omitempty"`
// Tags are the list of ACL tags applied to this node.
// See tailscale.com/tailcfg#Node.Tags for more information.
Tags *views.Slice[string] `json:",omitempty"`
// PrimaryRoutes are the routes this node is currently the primary
// subnet router for, as determined by the control plane. It does
// not include the IPs in TailscaleIPs.
PrimaryRoutes *views.Slice[netip.Prefix] `json:",omitempty"`
// Endpoints:
Addrs []string
CurAddr string // one of Addrs, or unique if roaming
Relay string // DERP region
RxBytes int64
TxBytes int64
Created time.Time // time registered with tailcontrol
LastWrite time.Time // time last packet sent
LastSeen time.Time // last seen to tailcontrol; only present if offline
LastHandshake time.Time // with local wireguard
Online bool // whether node is connected to the control plane
ExitNode bool // true if this is the currently selected exit node.
ExitNodeOption bool // true if this node can be an exit node (offered && approved)
// Active is whether the node was recently active. The
// definition is somewhat undefined but has historically and
// currently means that there was some packet sent to this
// peer in the past two minutes. That definition is subject to
// change.
Active bool
// PeerAPIURL are the URLs of the node's PeerAPI servers.
PeerAPIURL []string
// Capabilities are capabilities that the node has.
// They're free-form strings, but should be in the form of URLs/URIs
// such as:
// "https://tailscale.com/cap/is-admin"
// "https://tailscale.com/cap/file-sharing"
// "funnel"
Capabilities []tailcfg.NodeCapability `json:",omitempty"`
// CapMap is a map of capabilities to their values.
CapMap tailcfg.NodeCapMap `json:",omitempty"`
// SSH_HostKeys are the node's SSH host keys, if known.
SSH_HostKeys []string `json:"sshHostKeys,omitempty"`
// it's owned by a shared-to user and that node might connect
// to us. These nodes should be hidden by "tailscale status"
// etc by default.
ShareeNode bool `json:",omitempty"`
// InNetworkMap means that this peer was seen in our latest network map.
// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.
InNetworkMap bool
// InMagicSock means that this peer is being tracked by magicsock.
// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.
InMagicSock bool
// InEngine means that this peer is tracked by the wireguard engine.
// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.
InEngine bool
// Expired means that this peer's node key has expired, based on either
// information from control or optimisically set on the client if the
// expiration time has passed.
Expired bool `json:",omitempty"`
// KeyExpiry, if present, is the time at which the node key expired or
// will expire.
KeyExpiry *time.Time `json:",omitempty"`
Location *tailcfg.Location `json:",omitempty"`
}
PeerStatus describes a peer node and its current state.
func (*PeerStatus) HasCap ¶
func (ps *PeerStatus) HasCap(cap tailcfg.NodeCapability) bool
HasCap reports whether ps has the given capability.
func (*PeerStatus) IsTagged ¶
func (ps *PeerStatus) IsTagged() bool
IsTagged reports whether ps is tagged.
type PeerStatusLite ¶
type PeerStatusLite struct {
// TxBytes/RxBytes is the total number of bytes transmitted to/received from this peer.
TxBytes, RxBytes int64
// LastHandshake is the last time a handshake succeeded with this peer.
// (Or we got key confirmation via the first data message,
// which is approximately the same thing.)
LastHandshake time.Time
// NodeKey is this peer's public node key.
NodeKey key.NodePublic
}
type PingResult ¶
type PingResult struct {
IP string // ping destination
NodeIP string // Tailscale IP of node handling IP (different for subnet routers)
NodeName string // DNS name base or (possibly not unique) hostname
Err string
LatencySeconds float64
// Endpoint is the ip:port if direct UDP was used.
// It is not currently set for TSMP pings.
Endpoint string
// DERPRegionID is non-zero DERP region ID if DERP was used.
// It is not currently set for TSMP pings.
DERPRegionID int
// DERPRegionCode is the three-letter region code
// corresponding to DERPRegionID.
// It is not currently set for TSMP pings.
DERPRegionCode string
// PeerAPIPort is set by TSMP ping responses for peers that
// are running a peerapi server. This is the port they're
// running the server on.
PeerAPIPort uint16 `json:",omitempty"`
// PeerAPIURL is the URL that was hit for pings of type "peerapi" (tailcfg.PingPeerAPI).
// It's of the form "http://ip:port" (or [ip]:port for IPv6).
PeerAPIURL string `json:",omitempty"`
// IsLocalIP is whether the ping request error is due to it being
// a ping to the local node.
IsLocalIP bool `json:",omitempty"`
}
PingResult contains response information for the "tailscale ping" subcommand, saying how Tailscale can reach a Tailscale IP or subnet-routed IP. See tailcfg.PingResponse for a related response that is sent back to control for remote diagnostic pings.
func (*PingResult) ToPingResponse ¶
func (pr *PingResult) ToPingResponse(pingType tailcfg.PingType) *tailcfg.PingResponse
type SelfUpdateStatus ¶
type SelfUpdateStatus string
const ( UpdateFinished SelfUpdateStatus = "UpdateFinished" UpdateInProgress SelfUpdateStatus = "UpdateInProgress" UpdateFailed SelfUpdateStatus = "UpdateFailed" )
type Status ¶
type Status struct {
// Version is the daemon's long version (see version.Long).
Version string
// TUN is whether /dev/net/tun (or equivalent kernel interface) is being
// used. If false, it's running in userspace mode.
TUN bool
// BackendState is an ipn.State string value:
// "NoState", "NeedsLogin", "NeedsMachineAuth", "Stopped",
// "Starting", "Running".
BackendState string
AuthURL string // current URL provided by control to authorize client
TailscaleIPs []netip.Addr // Tailscale IP(s) assigned to this node
Self *PeerStatus
// ExitNodeStatus describes the current exit node.
// If nil, an exit node is not in use.
ExitNodeStatus *ExitNodeStatus `json:"ExitNodeStatus,omitempty"`
// Health contains health check problems.
// Empty means everything is good. (or at least that no known
// problems are detected)
Health []string
// This field is the legacy name of CurrentTailnet.MagicDNSSuffix.
//
// Deprecated: use CurrentTailnet.MagicDNSSuffix instead.
MagicDNSSuffix string
// CurrentTailnet is information about the tailnet that the node
// is currently connected to. When not connected, this field is nil.
CurrentTailnet *TailnetStatus
// CertDomains are the set of DNS names for which the control
// plane server will assist with provisioning TLS
// certificates. See SetDNSRequest for dns-01 ACME challenges
// for e.g. LetsEncrypt. These names are FQDNs without
// trailing periods, and without any "_acme-challenge." prefix.
CertDomains []string
// Peer is the state of each peer, keyed by each peer's current public key.
Peer map[key.NodePublic]*PeerStatus
// User contains profile information about UserIDs referenced by
// PeerStatus.UserID, PeerStatus.AltSharerUserID, etc.
User map[tailcfg.UserID]tailcfg.UserProfile
// ClientVersion, when non-nil, contains information about the latest
// version of the Tailscale client that's available. Depending on
// the platform and client settings, it may not be available.
ClientVersion *tailcfg.ClientVersion
}
Status represents the entire state of the IPN network.
func (*Status) Peers ¶
func (s *Status) Peers() []key.NodePublic
type StatusBuilder ¶
type StatusBuilder struct {
WantPeers bool // whether caller wants peers
// contains filtered or unexported fields
}
StatusBuilder is a request to construct a Status. A new StatusBuilder is passed to various subsystems which then call methods on it to populate state. Call its Status method to return the final constructed Status.
func (*StatusBuilder) AddPeer ¶
func (sb *StatusBuilder) AddPeer(peer key.NodePublic, st *PeerStatus)
AddPeer adds a peer node to the status.
Its PeerStatus is mixed with any previous status already added.
func (*StatusBuilder) AddTailscaleIP ¶
func (sb *StatusBuilder) AddTailscaleIP(ip netip.Addr)
AddIP adds a Tailscale IP address to the status.
func (*StatusBuilder) AddUser ¶
func (sb *StatusBuilder) AddUser(id tailcfg.UserID, up tailcfg.UserProfile)
AddUser adds a user profile to the status.
func (*StatusBuilder) MutateSelfStatus ¶
func (sb *StatusBuilder) MutateSelfStatus(f func(*PeerStatus))
MutateSelfStatus calls f with the PeerStatus of our own node to mutate.
It may not assume other fields of status are already populated, and may not retain or write to the Status after f returns.
MutateStatus acquires a lock so f must not call back into sb.
func (*StatusBuilder) MutateStatus ¶
func (sb *StatusBuilder) MutateStatus(f func(*Status))
MutateStatus calls f with the status to mutate.
It may not assume other fields of status are already populated, and may not retain or write to the Status after f returns.
func (*StatusBuilder) Status ¶
func (sb *StatusBuilder) Status() *Status
Status returns the status that has been built up so far from previous calls to MutateStatus, MutateSelfStatus, AddPeer, etc.
type StatusUpdater ¶
type StatusUpdater interface {
UpdateStatus(*StatusBuilder)
}
type TKAFilteredPeer ¶
type TKAFilteredPeer struct {
Name string // DNS
ID tailcfg.NodeID
StableID tailcfg.StableNodeID
TailscaleIPs []netip.Addr // Tailscale IP(s) assigned to this node
NodeKey key.NodePublic
}
TKAFilteredPeer describes a peer which was removed from the netmap (i.e. no connectivity) because it failed tailnet lock checks.
func (*TKAFilteredPeer) Clone ¶
func (src *TKAFilteredPeer) Clone() *TKAFilteredPeer
Clone makes a deep copy of TKAFilteredPeer. The result aliases no memory with the original.
type TailnetStatus ¶
type TailnetStatus struct {
// Name is the name of the network that's currently in use.
Name string
// MagicDNSSuffix is the network's MagicDNS suffix for nodes
// in the network such as "userfoo.tailscale.net".
// There are no surrounding dots.
// MagicDNSSuffix should be populated regardless of whether a domain
// has MagicDNS enabled.
MagicDNSSuffix string
// MagicDNSEnabled is whether or not the network has MagicDNS enabled.
// Note that the current device may still not support MagicDNS if
// `--accept-dns=false` was used.
MagicDNSEnabled bool
}
TailnetStatus is information about a Tailscale network ("tailnet").
type UpdateProgress ¶
type UpdateProgress struct {
Status SelfUpdateStatus `json:"status,omitempty"`
Message string `json:"message,omitempty"`
Version string `json:"version,omitempty"`
}
func NewUpdateProgress ¶
func NewUpdateProgress(ps SelfUpdateStatus, msg string) UpdateProgress
Source Files
Click to show internal directories.
Click to hide internal directories.