ipnlocal

package
v0.0.0-...-9d29f1b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 4, 2023 License: BSD-3-Clause Imports: 130 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ReadStartupPrefsForTest 

func ReadStartupPrefsForTest(logf logger.Logf, store ipn.StateStore) (ipn.PrefsView, error)

ReadStartupPrefsForTest reads the startup prefs from disk. It is only used for testing.

func RegisterNewSSHServer 

func RegisterNewSSHServer(fn newSSHServerFunc)

RegisterNewSSHServer lets the conditionally linked ssh/tailssh package register itself.

Types

type LocalBackend 

type LocalBackend struct {
	// contains filtered or unexported fields
}

LocalBackend is the glue between the major pieces of the Tailscale network software: the cloud control plane (via controlclient), the network data plane (via wgengine), and the user-facing UIs and CLIs (collectively called "frontends", via LocalBackend's implementation of the Backend interface).

LocalBackend implements the overall state machine for the Tailscale application. Frontends, controlclient and wgengine can feed events into LocalBackend to advance the state machine, and advancing the state machine generates events back out to zero or more components.

func NewLocalBackend 

func NewLocalBackend(logf logger.Logf, logID logid.PublicID, sys *tsd.System, loginFlags controlclient.LoginFlags) (*LocalBackend, error)

NewLocalBackend returns a new LocalBackend that is ready to run, but is not actually running.

If dialer is nil, a new one is made.

func (*LocalBackend) AwaitWaitingFiles 

func (b *LocalBackend) AwaitWaitingFiles(ctx context.Context) ([]apitype.WaitingFile, error)

AwaitWaitingFiles is like WaitingFiles but blocks while ctx is not done, waiting for any files to be available.

On return, exactly one of the results will be non-empty or non-nil, respectively.

func (*LocalBackend) CanSupportNetworkLock 

func (b *LocalBackend) CanSupportNetworkLock() error

CanSupportNetworkLock returns nil if tailscaled is able to operate a local tailnet key authority (and hence enforce network lock).

func (*LocalBackend) CheckIPForwarding 

func (b *LocalBackend) CheckIPForwarding() error

func (*LocalBackend) CheckIPNConnectionAllowed 

func (b *LocalBackend) CheckIPNConnectionAllowed(ci *ipnauth.ConnIdentity) error

CheckIPNConnectionAllowed returns an error if the identity in ci should not be allowed to connect or make requests to the LocalAPI currently.

Currently (as of 2022-11-23), this is only used on Windows to check if we started in server mode and ci is from an identity other than the one that started the server.

func (*LocalBackend) CheckPrefs 

func (b *LocalBackend) CheckPrefs(p *ipn.Prefs) error

func (*LocalBackend) CurrentProfile 

func (b *LocalBackend) CurrentProfile() ipn.LoginProfile

CurrentProfile returns the current LoginProfile. The value may be zero if the profile is not persisted.

func (*LocalBackend) DERPMap 

func (b *LocalBackend) DERPMap() *tailcfg.DERPMap

DERPMap returns the current DERPMap in use, or nil if not connected.

func (*LocalBackend) DebugBreakDERPConns 

func (b *LocalBackend) DebugBreakDERPConns() error

func (*LocalBackend) DebugBreakTCPConns 

func (b *LocalBackend) DebugBreakTCPConns() error

func (*LocalBackend) DebugNotify 

func (b *LocalBackend) DebugNotify(n ipn.Notify)

DebugNotify injects a fake notify message to clients.

It should only be used via the LocalAPI's debug handler.

func (*LocalBackend) DebugReSTUN 

func (b *LocalBackend) DebugReSTUN() error

func (*LocalBackend) DebugRebind 

func (b *LocalBackend) DebugRebind() error

func (*LocalBackend) DeleteFile 

func (b *LocalBackend) DeleteFile(name string) error

func (*LocalBackend) DeleteProfile 

func (b *LocalBackend) DeleteProfile(p ipn.ProfileID) error

DeleteProfile deletes a profile with the given ID. If the profile is not known, it is a no-op.

func (*LocalBackend) Dialer 

func (b *LocalBackend) Dialer() *tsdial.Dialer

Dialer returns the backend's dialer. It is always non-nil.

func (*LocalBackend) DoNoiseRequest 

func (b *LocalBackend) DoNoiseRequest(req *http.Request) (*http.Response, error)

DoNoiseRequest sends a request to URL over the control plane Noise connection.

func (*LocalBackend) Doctor 

func (b *LocalBackend) Doctor(ctx context.Context, logf logger.Logf)

func (*LocalBackend) EditPrefs 

func (b *LocalBackend) EditPrefs(mp *ipn.MaskedPrefs) (ipn.PrefsView, error)

func (*LocalBackend) FileTargets 

func (b *LocalBackend) FileTargets() ([]*apitype.FileTarget, error)

FileTargets lists nodes that the current node can send files to.

func (*LocalBackend) GetCertPEM 

func (b *LocalBackend) GetCertPEM(ctx context.Context, domain string, syncRenewal bool) (*TLSCertKeyPair, error)

GetCertPEM gets the TLSCertKeyPair for domain, either from cache or via the ACME process. ACME process is used for new domain certs, existing expired certs or existing certs that should get renewed due to upcoming expiry.

syncRenewal changes renewal behavior for existing certs that are still valid but need renewal. When syncRenewal is set, the method blocks until a new cert is issued. When syncRenewal is not set, existing cert is returned right away and renewal is kicked off in a background goroutine.

func (*LocalBackend) GetComponentDebugLogging 

func (b *LocalBackend) GetComponentDebugLogging(component string) time.Time

GetComponentDebugLogging gets the time that component's debug logging is enabled until, or the zero time if component's time is not currently enabled.

func (*LocalBackend) GetPeerAPIPort 

func (b *LocalBackend) GetPeerAPIPort(ip netip.Addr) (port uint16, ok bool)

GetPeerAPIPort returns the port number for the peerapi server running on the provided IP.

func (*LocalBackend) GetPeerEndpointChanges 

func (b *LocalBackend) GetPeerEndpointChanges(ctx context.Context, ip netip.Addr) ([]magicsock.EndpointChange, error)

func (*LocalBackend) GetSSH_HostKeys 

func (b *LocalBackend) GetSSH_HostKeys() (keys []ssh.Signer, err error)

func (*LocalBackend) HandleIngressTCPConn 

func (b *LocalBackend) HandleIngressTCPConn(ingressPeer tailcfg.NodeView, target ipn.HostPort, srcAddr netip.AddrPort, getConnOrReset func() (net.Conn, bool), sendRST func())

func (*LocalBackend) HandleQuad100Port80Conn 

func (b *LocalBackend) HandleQuad100Port80Conn(c net.Conn) error

HandleQuad100Port80Conn serves http://100.100.100.100/ on port 80 (and the equivalent tsaddr.TailscaleServiceIPv6 address).

func (*LocalBackend) InServerMode 

func (b *LocalBackend) InServerMode() bool

InServerMode reports whether the Tailscale backend is explicitly running in "server mode" where it continues to run despite whatever the platform's default is. In practice, this is only used on Windows, where the default tailscaled behavior is to shut down whenever the GUI disconnects.

On non-Windows platforms, this usually returns false (because people don't set unattended mode on other platforms) and also isn't checked on other platforms.

TODO(bradfitz): rename to InWindowsUnattendedMode or something? Or make this return true on Linux etc and always be called? It's kinda messy now.

func (*LocalBackend) KeyProvingNoiseRoundTripper 

func (b *LocalBackend) KeyProvingNoiseRoundTripper() http.RoundTripper

KeyProvingNoiseRoundTripper returns an http.RoundTripper that uses the LocalBackend's DoNoiseRequest method and mutates the request to add an authorization header to prove the client's nodekey.

func (*LocalBackend) ListProfiles 

func (b *LocalBackend) ListProfiles() []ipn.LoginProfile

ListProfiles returns a list of all LoginProfiles.

func (*LocalBackend) Login 

func (b *LocalBackend) Login(token *tailcfg.Oauth2Token)

Login implements Backend. As of 2022-11-15, this is only exists for Android.

func (*LocalBackend) Logout 

func (b *LocalBackend) Logout(ctx context.Context) error

Logout logs out the current profile, if any, and waits for the logout to complete.

func (*LocalBackend) NetMap 

func (b *LocalBackend) NetMap() *netmap.NetworkMap

NetMap returns the latest cached network map received from controlclient, or nil if no network map was received yet.

func (*LocalBackend) NetworkLockAffectedSigs 

func (b *LocalBackend) NetworkLockAffectedSigs(keyID tkatype.KeyID) ([]tkatype.MarshaledSignature, error)

NetworkLockAffectedSigs returns the signatures which would be invalidated by removing trust in the specified KeyID.

func (*LocalBackend) NetworkLockCosignRecoveryAUM 

func (b *LocalBackend) NetworkLockCosignRecoveryAUM(aum *tka.AUM) (*tka.AUM, error)

NetworkLockCosignRecoveryAUM co-signs the provided recovery AUM and returns the updated structure.

The recovery AUM provided should be the output from a previous call to NetworkLockGenerateRecoveryAUM or NetworkLockCosignRecoveryAUM.

func (*LocalBackend) NetworkLockDisable 

func (b *LocalBackend) NetworkLockDisable(secret []byte) error

NetworkLockDisable disables network-lock using the provided disablement secret.

func (*LocalBackend) NetworkLockForceLocalDisable 

func (b *LocalBackend) NetworkLockForceLocalDisable() error

NetworkLockForceLocalDisable shuts down TKA locally, and denylists the current TKA from being initialized locally in future.

func (*LocalBackend) NetworkLockGenerateRecoveryAUM 

func (b *LocalBackend) NetworkLockGenerateRecoveryAUM(removeKeys []tkatype.KeyID, forkFrom tka.AUMHash) (*tka.AUM, error)

NetworkLockGenerateRecoveryAUM generates an AUM which retroactively removes trust in the specified keys. This AUM is signed by the current node and returned.

If forkFrom is specified, it is used as the parent AUM to fork from. If the zero value, the parent AUM is determined automatically.

func (*LocalBackend) NetworkLockInit 

func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byte, supportDisablement []byte) error

NetworkLockInit enables network-lock for the tailnet, with the tailnets' key authority initialized to trust the provided keys.

Initialization involves two RPCs with control, termed 'begin' and 'finish'. The Begin RPC transmits the genesis Authority Update Message, which encodes the initial state of the authority, and the list of all nodes needing signatures is returned as a response. The Finish RPC submits signatures for all these nodes, at which point Control has everything it needs to atomically enable network lock.

func (*LocalBackend) NetworkLockKeyTrustedForTest 

func (b *LocalBackend) NetworkLockKeyTrustedForTest(keyID tkatype.KeyID) bool

Only use is in tests.

func (*LocalBackend) NetworkLockLog 

func (b *LocalBackend) NetworkLockLog(maxEntries int) ([]ipnstate.NetworkLockUpdate, error)

NetworkLockLog returns the changelog of TKA state up to maxEntries in size.

func (*LocalBackend) NetworkLockModify 

func (b *LocalBackend) NetworkLockModify(addKeys, removeKeys []tka.Key) (err error)

NetworkLockModify adds and/or removes keys in the tailnet's key authority.

func (*LocalBackend) NetworkLockSign 

func (b *LocalBackend) NetworkLockSign(nodeKey key.NodePublic, rotationPublic []byte) error

NetworkLockSign signs the given node-key and submits it to the control plane. rotationPublic, if specified, must be an ed25519 public key.

func (*LocalBackend) NetworkLockStatus 

func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus

NetworkLockStatus returns a structure describing the state of the tailnet key authority, if any.

func (*LocalBackend) NetworkLockSubmitRecoveryAUM 

func (b *LocalBackend) NetworkLockSubmitRecoveryAUM(aum *tka.AUM) error

func (*LocalBackend) NetworkLockVerifySignatureForTest 

func (b *LocalBackend) NetworkLockVerifySignatureForTest(nks tkatype.MarshaledSignature, nodeKey key.NodePublic) error

Only use is in tests. 

func (b *LocalBackend) NetworkLockVerifySigningDeeplink(url string) tka.DeeplinkValidationResult

NetworkLockVerifySigningDeeplink asks the authority to verify the given deeplink URL. See the comment for ValidateDeeplink for details.

func (*LocalBackend) NetworkLockWrapPreauthKey 

func (b *LocalBackend) NetworkLockWrapPreauthKey(preauthKey string, tkaKey key.NLPrivate) (string, error)

NetworkLockWrapPreauthKey wraps a pre-auth key with information to enable unattended bringup in the locked tailnet.

The provided trusted tailnet-lock key is used to sign a SigCredential structure, which is encoded along with the private key and appended to the pre-auth key.

func (*LocalBackend) NewProfile 

func (b *LocalBackend) NewProfile() error

NewProfile creates and switches to the new profile.

func (*LocalBackend) NodeKey 

func (b *LocalBackend) NodeKey() key.NodePublic

NodeKey returns the public node key.

func (*LocalBackend) OfferingExitNode 

func (b *LocalBackend) OfferingExitNode() bool

OfferingExitNode reports whether b is currently offering exit node access.

func (*LocalBackend) OpenFile 

func (b *LocalBackend) OpenFile(name string) (rc io.ReadCloser, size int64, err error)

func (*LocalBackend) OperatorUserID 

func (b *LocalBackend) OperatorUserID() string

OperatorUserID returns the current pref's OperatorUser's ID (in os/user.User.Uid string form), or the empty string if none.

func (*LocalBackend) PeerCaps 

func (b *LocalBackend) PeerCaps(src netip.Addr) tailcfg.PeerCapMap

PeerCaps returns the capabilities that remote src IP has to ths current node.

func (*LocalBackend) Ping 

func (b *LocalBackend) Ping(ctx context.Context, ip netip.Addr, pingType tailcfg.PingType, size int) (*ipnstate.PingResult, error)

func (*LocalBackend) Prefs 

func (b *LocalBackend) Prefs() ipn.PrefsView

Prefs returns a copy of b's current prefs, with any private keys removed.

func (*LocalBackend) RequestEngineStatus 

func (b *LocalBackend) RequestEngineStatus()

RequestEngineStatus implements Backend.

func (*LocalBackend) ResendHostinfoIfNeeded 

func (b *LocalBackend) ResendHostinfoIfNeeded()

ResendHostinfoIfNeeded is called to recompute the Hostinfo and send the new version to the control server.

func (*LocalBackend) ResetAuth 

func (b *LocalBackend) ResetAuth() error

ResetAuth resets the authentication state, including persisted keys. Also has the side effect of removing all profiles and reseting preferences. The backend is left with a new profile, ready for StartLoginInterative to be called to register it as new node.

func (*LocalBackend) ResetForClientDisconnect 

func (b *LocalBackend) ResetForClientDisconnect()

ResetForClientDisconnect resets the backend for GUI clients running in interactive (non-headless) mode. This is currently used only by Windows. This causes all state to be cleared, lest an unrelated user connect to tailscaled next. But it does not trigger a logout; we don't want to the user to have to reauthenticate in the future when they restart the GUI.

func (*LocalBackend) ServeConfig 

func (b *LocalBackend) ServeConfig() ipn.ServeConfigView

ServeConfig provides a view of the current serve mappings. If serving is not configured, the returned view is not Valid.

func (*LocalBackend) SetComponentDebugLogging 

func (b *LocalBackend) SetComponentDebugLogging(component string, until time.Time) error

SetComponentDebugLogging sets component's debug logging enabled until the until time. If until is in the past, the component's debug logging is disabled.

The following components are recognized:

  • magicsock
  • sockstats

func (*LocalBackend) SetControlClientGetterForTesting 

func (b *LocalBackend) SetControlClientGetterForTesting(newControlClient func(controlclient.Options) (controlclient.Client, error))

SetControlClientGetterForTesting sets the func that creates a control plane client. It can be called at most once, before Start.

func (*LocalBackend) SetControlClientStatus 

func (b *LocalBackend) SetControlClientStatus(c controlclient.Client, st controlclient.Status)

SetControlClientStatus is the callback invoked by the control client whenever it posts a new status. Among other things, this is where we update the netmap, packet filters, DNS and DERP maps.

func (*LocalBackend) SetCurrentUserID 

func (b *LocalBackend) SetCurrentUserID(uid ipn.WindowsUserID)

SetCurrentUserID is used to implement support for multi-user systems (only Windows 2022-11-25). On such systems, the uid is used to determine which user's state should be used. The current user is maintained by active connections open to the backend.

When the backend initially starts it will typically start with no user. Then, the first connection to the backend from the GUI frontend will set the current user. Once set, the current user cannot be changed until all previous connections are closed. The user is also used to determine which LoginProfiles are accessible.

In unattended mode, the backend will start with the user which enabled unattended mode. The user must disable unattended mode before the user can be changed.

On non-multi-user systems, the uid should be set to empty string.

func (*LocalBackend) SetDNS 

func (b *LocalBackend) SetDNS(ctx context.Context, name, value string) error

SetDNS adds a DNS record for the given domain name & TXT record value.

It's meant for use with dns-01 ACME (LetsEncrypt) challenges.

This is the low-level interface. Other layers will provide more friendly options to get HTTPS certs.

func (*LocalBackend) SetDecompressor 

func (b *LocalBackend) SetDecompressor(fn func() (controlclient.Decompressor, error))

SetDecompressor sets a decompression function, which must be a zstd reader.

This exists because the iOS/Mac NetworkExtension is very resource constrained, and the zstd package is too heavy to fit in the constrained RSS limit.

func (*LocalBackend) SetDevStateStore 

func (b *LocalBackend) SetDevStateStore(key, value string) error

SetDevStateStore updates the LocalBackend's state storage to the provided values.

It's meant only for development.

func (*LocalBackend) SetDirectFileDoFinalRename 

func (b *LocalBackend) SetDirectFileDoFinalRename(v bool)

SetDirectFileDoFinalRename sets whether the peerapi file server should rename a received "name.partial" file to "name" when the download is complete.

This only applies when SetDirectFileRoot is non-empty. The default is false.

func (*LocalBackend) SetDirectFileRoot 

func (b *LocalBackend) SetDirectFileRoot(dir string)

SetDirectFileRoot sets the directory to download files to directly, without buffering them through an intermediate daemon-owned tailcfg.UserID-specific directory.

This must be called before the LocalBackend starts being used.

func (*LocalBackend) SetExpirySooner 

func (b *LocalBackend) SetExpirySooner(ctx context.Context, expiry time.Time) error

SetExpiry updates the expiry of the current node key to t, as long as it's only sooner than the old expiry.

If t is in the past, the key is expired immediately. If t is after the current expiry, an error is returned.

func (*LocalBackend) SetHTTPTestClient 

func (b *LocalBackend) SetHTTPTestClient(c *http.Client)

SetHTTPTestClient sets an alternate HTTP client to use with connections to the coordination server. It exists for testing. Using nil means to use the default.

func (*LocalBackend) SetLogFlusher 

func (b *LocalBackend) SetLogFlusher(flushFunc func())

SetLogFlusher sets a func to be called to flush log uploads.

It should only be called before the LocalBackend is used.

func (*LocalBackend) SetNotifyCallback 

func (b *LocalBackend) SetNotifyCallback(notify func(ipn.Notify))

func (*LocalBackend) SetPrefs 

func (b *LocalBackend) SetPrefs(newp *ipn.Prefs)

SetPrefs saves new user preferences and propagates them throughout the system. Implements Backend.

func (*LocalBackend) SetServeConfig 

func (b *LocalBackend) SetServeConfig(config *ipn.ServeConfig) error

SetServeConfig establishes or replaces the current serve config.

func (*LocalBackend) SetTCPHandlerForFunnelFlow 

func (b *LocalBackend) SetTCPHandlerForFunnelFlow(h func(src netip.AddrPort, dstPort uint16) (handler func(net.Conn)))

SetTCPHandlerForFunnelFlow sets the TCP handler for Funnel flows. It should only be called before the LocalBackend is used.

func (*LocalBackend) SetVarRoot 

func (b *LocalBackend) SetVarRoot(dir string)

SetVarRoot sets the root directory of Tailscale's writable storage area . (e.g. "/var/lib/tailscale")

It should only be called before the LocalBackend is used.

func (*LocalBackend) ShouldHandleViaIP 

func (b *LocalBackend) ShouldHandleViaIP(ip netip.Addr) bool

ShouldHandleViaIP reports whether ip is an IPv6 address in the Tailscale ULA's v6 "via" range embedding an IPv4 address to be forwarded to by Tailscale.

func (*LocalBackend) ShouldInterceptTCPPort 

func (b *LocalBackend) ShouldInterceptTCPPort(port uint16) bool

ShouldInterceptTCPPort reports whether the given TCP port number to a Tailscale IP (not a subnet router, service IP, etc) should be intercepted by Tailscaled and handled in-process.

func (*LocalBackend) ShouldRunSSH 

func (b *LocalBackend) ShouldRunSSH() bool

func (*LocalBackend) Shutdown 

func (b *LocalBackend) Shutdown()

Shutdown halts the backend and all its sub-components. The backend can no longer be used after Shutdown returns.

func (*LocalBackend) Start 

func (b *LocalBackend) Start(opts ipn.Options) error

Start applies the configuration specified in opts, and starts the state machine.

TODO(danderson): this function is trying to do too many things at once: it loads state, or imports it, or updates prefs sometimes, contains some settings that are one-shot things done by `tailscale up` because we had nowhere else to put them, and there's no clear guarantee that switching from one user's state to another is actually a supported operation (it should be, but it's very unclear from the following whether or not that is a safe transition).

func (*LocalBackend) StartLoginInteractive 

func (b *LocalBackend) StartLoginInteractive()

StartLoginInteractive implements Backend. It requests a new interactive login from controlclient, unless such a flow is already in progress, in which case StartLoginInteractive attempts to pick up the in-progress flow where it left off.

func (*LocalBackend) State 

func (b *LocalBackend) State() ipn.State

State returns the backend state machine's current state.

func (*LocalBackend) Status 

func (b *LocalBackend) Status() *ipnstate.Status

Status returns the latest status of the backend and its sub-components.

func (*LocalBackend) StatusWithoutPeers 

func (b *LocalBackend) StatusWithoutPeers() *ipnstate.Status

StatusWithoutPeers is like Status but omits any details of peers.

func (*LocalBackend) StreamDebugCapture 

func (b *LocalBackend) StreamDebugCapture(ctx context.Context, w io.Writer) error

StreamDebugCapture writes a pcap stream of packets traversing tailscaled to the provided response writer.

func (*LocalBackend) StreamServe 

func (b *LocalBackend) StreamServe(ctx context.Context, w io.Writer, req ipn.ServeStreamRequest) (err error)

StreamServe opens a stream to write any incoming connections made to the given HostPort out to the listening io.Writer.

If Serve and Funnel were not already enabled for the HostPort in the ServeConfig, the backend enables it for the duration of the context's lifespan and then turns it back off once the context is closed. If either are already enabled, then they remain that way but logs are still streamed

func (*LocalBackend) SwitchProfile 

func (b *LocalBackend) SwitchProfile(profile ipn.ProfileID) error

SwitchProfile switches to the profile with the given id. It will restart the backend on success. If the profile is not known, it returns an errProfileNotFound.

func (*LocalBackend) TCPHandlerForDst 

func (b *LocalBackend) TCPHandlerForDst(src, dst netip.AddrPort) (handler func(c net.Conn) error, opts []tcpip.SettableSocketOption)

TCPHandlerForDst returns a TCP handler for connections to dst, or nil if no handler is needed. It also returns a list of TCP socket options to apply to the socket before calling the handler.

func (*LocalBackend) TailscaleVarRoot 

func (b *LocalBackend) TailscaleVarRoot() string

TailscaleVarRoot returns the root directory of Tailscale's writable storage area. (e.g. "/var/lib/tailscale")

It returns an empty string if there's no configured or discovered location.

func (*LocalBackend) TestOnlyPublicKeys 

func (b *LocalBackend) TestOnlyPublicKeys() (machineKey key.MachinePublic, nodeKey key.NodePublic)

TestOnlyPublicKeys returns the current machine and node public keys. Used in tests only to facilitate automated node authorization in the test harness.

func (*LocalBackend) TryFlushLogs 

func (b *LocalBackend) TryFlushLogs() bool

TryFlushLogs calls the log flush function. It returns false if a log flush function was never initialized with SetLogFlusher.

TryFlushLogs should not block.

func (*LocalBackend) UpdateStatus 

func (b *LocalBackend) UpdateStatus(sb *ipnstate.StatusBuilder)

UpdateStatus implements ipnstate.StatusUpdater.

func (*LocalBackend) WaitingFiles 

func (b *LocalBackend) WaitingFiles() ([]apitype.WaitingFile, error)

func (*LocalBackend) WatchNotifications 

func (b *LocalBackend) WatchNotifications(ctx context.Context, mask ipn.NotifyWatchOpt, onWatchAdded func(), fn func(roNotify *ipn.Notify) (keepGoing bool))

WatchNotifications subscribes to the ipn.Notify message bus notification messages.

WatchNotifications blocks until ctx is done.

The provided onWatchAdded, if non-nil, will be called once the watcher is installed.

The provided fn will be called for each notification. It will only be called with non-nil pointers. The caller must not modify roNotify. If fn returns false, the watch also stops.

Failure to consume many notifications in a row will result in dropped notifications. There is currently (2022-11-22) no mechanism provided to detect when a message has been dropped.

func (*LocalBackend) WhoIs 

func (b *LocalBackend) WhoIs(ipp netip.AddrPort) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool)

WhoIs reports the node and user who owns the node with the given IP:port. If the IP address is a Tailscale IP, the provided port may be 0. If ok == true, n and u are valid.

type SSHServer 

type SSHServer interface {
	HandleSSHConn(net.Conn) error

	// OnPolicyChange is called when the SSH access policy changes,
	// so that existing sessions can be re-evaluated for validity
	// and closed if they'd no longer be accepted.
	OnPolicyChange()

	// Shutdown is called when tailscaled is shutting down.
	Shutdown()
}

SSHServer is the interface of the conditionally linked ssh/tailssh.server.

type TLSCertKeyPair 

type TLSCertKeyPair struct {
	CertPEM []byte // public key, in PEM form
	KeyPEM  []byte // private key, in PEM form
	Cached  bool   // whether result came from cache
}

TLSCertKeyPair is a TLS public and private key, and whether they were obtained from cache or freshly obtained.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.