Documentation ¶
Overview ¶
Package ipnstate captures the entire state of the Tailscale network.
It's a leaf package so ipn, wgengine, and magicsock can all depend on it.
Index ¶
- func SortPeers(peers []*PeerStatus)
- type DebugDERPRegionReport
- type ExitNodeStatus
- type NetworkLockStatus
- type NetworkLockUpdate
- type PeerStatus
- type PeerStatusLite
- type PingResult
- type SelfUpdateStatus
- type Status
- type StatusBuilder
- func (sb *StatusBuilder) AddPeer(peer key.NodePublic, st *PeerStatus)
- func (sb *StatusBuilder) AddTailscaleIP(ip netip.Addr)
- func (sb *StatusBuilder) AddUser(id tailcfg.UserID, up tailcfg.UserProfile)
- func (sb *StatusBuilder) MutateSelfStatus(f func(*PeerStatus))
- func (sb *StatusBuilder) MutateStatus(f func(*Status))
- func (sb *StatusBuilder) Status() *Status
- type StatusUpdater
- type TKAFilteredPeer
- type TKAKey
- type TailnetStatus
- type UpdateProgress
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SortPeers ¶ added in v1.4.0
func SortPeers(peers []*PeerStatus)
SortPeers sorts peers by either their DNS name, hostname, Tailscale IP, or ultimately their current public key.
Types ¶
type DebugDERPRegionReport ¶ added in v1.34.0
DebugDERPRegionReport is the result of a "tailscale debug derp" command, to let people debug a custom DERP setup.
type ExitNodeStatus ¶ added in v1.28.0
type ExitNodeStatus struct { // ID is the exit node's ID. ID tailcfg.StableNodeID // Online is whether the exit node is alive. Online bool // TailscaleIPs are the exit node's IP addresses assigned to the node. TailscaleIPs []netip.Prefix }
ExitNodeStatus describes the current exit node.
type NetworkLockStatus ¶ added in v1.30.0
type NetworkLockStatus struct { // Enabled is true if network lock is enabled. Enabled bool // Head describes the AUM hash of the leaf AUM. Head is nil // if network lock is not enabled. Head *[32]byte // PublicKey describes the node's network-lock public key. // It may be zero if the node has not logged in. PublicKey key.NLPublic // NodeKey describes the node's current node-key. This field is not // populated if the node is not operating (i.e. waiting for a login). NodeKey *key.NodePublic // NodeKeySigned is true if our node is authorized by network-lock. NodeKeySigned bool // NodeKeySignature is the current signature of this node's key. NodeKeySignature *tka.NodeKeySignature // TrustedKeys describes the keys currently trusted to make changes // to network-lock. TrustedKeys []TKAKey // FilteredPeers describes peers which were removed from the netmap // (i.e. no connectivity) because they failed tailnet lock // checks. FilteredPeers []*TKAFilteredPeer // StateID is a nonce associated with the network lock authority, // generated upon enablement. This field is not populated if the // network lock is disabled. StateID uint64 }
NetworkLockStatus represents whether network-lock is enabled, along with details about the locally-known state of the tailnet key authority.
type NetworkLockUpdate ¶ added in v1.34.0
type NetworkLockUpdate struct { Hash [32]byte Change string // values of tka.AUMKind.String() // Raw contains the serialized AUM. The AUM is sent in serialized // form to avoid transitive dependences bloating this package. Raw []byte }
NetworkLockUpdate describes a change to network-lock state.
type PeerStatus ¶
type PeerStatus struct { ID tailcfg.StableNodeID PublicKey key.NodePublic HostName string // HostInfo's Hostname (not a DNS name or necessarily unique) // DNSName is the Peer's FQDN. It ends with a dot. // It has the form "host.<MagicDNSSuffix>." DNSName string OS string // HostInfo.OS UserID tailcfg.UserID // if it's different than UserID. Otherwise it's zero. AltSharerUserID tailcfg.UserID `json:",omitempty"` // TailscaleIPs are the IP addresses assigned to the node. TailscaleIPs []netip.Addr // AllowedIPs are IP addresses allowed to route to this node. AllowedIPs *views.Slice[netip.Prefix] `json:",omitempty"` // Tags are the list of ACL tags applied to this node. // See tailscale.com/tailcfg#Node.Tags for more information. Tags *views.Slice[string] `json:",omitempty"` // PrimaryRoutes are the routes this node is currently the primary // subnet router for, as determined by the control plane. It does // not include the IPs in TailscaleIPs. PrimaryRoutes *views.Slice[netip.Prefix] `json:",omitempty"` // Endpoints: Addrs []string CurAddr string // one of Addrs, or unique if roaming Relay string // DERP region RxBytes int64 TxBytes int64 Created time.Time // time registered with tailcontrol LastWrite time.Time // time last packet sent LastSeen time.Time // last seen to tailcontrol; only present if offline LastHandshake time.Time // with local wireguard Online bool // whether node is connected to the control plane ExitNode bool // true if this is the currently selected exit node. ExitNodeOption bool // true if this node can be an exit node (offered && approved) // Active is whether the node was recently active. The // definition is somewhat undefined but has historically and // currently means that there was some packet sent to this // peer in the past two minutes. That definition is subject to // change. Active bool // PeerAPIURL are the URLs of the node's PeerAPI servers. PeerAPIURL []string // Capabilities are capabilities that the node has. // They're free-form strings, but should be in the form of URLs/URIs // such as: // "https://tailscale.com/cap/is-admin" // "https://tailscale.com/cap/file-sharing" // "funnel" // // Deprecated: use CapMap instead. See https://github.com/tailscale/tailscale/issues/11508 // Every value is Capabilities is also a key in CapMap, even if it // has no values in that map. Capabilities []tailcfg.NodeCapability `json:",omitempty"` // CapMap is a map of capabilities to their values. CapMap tailcfg.NodeCapMap `json:",omitempty"` // SSH_HostKeys are the node's SSH host keys, if known. SSH_HostKeys []string `json:"sshHostKeys,omitempty"` // it's owned by a shared-to user and that node might connect // to us. These nodes should be hidden by "tailscale status" // etc by default. ShareeNode bool `json:",omitempty"` // InNetworkMap means that this peer was seen in our latest network map. // In theory, all of InNetworkMap and InMagicSock and InEngine should all be true. InNetworkMap bool // InMagicSock means that this peer is being tracked by magicsock. // In theory, all of InNetworkMap and InMagicSock and InEngine should all be true. InMagicSock bool // InEngine means that this peer is tracked by the wireguard engine. // In theory, all of InNetworkMap and InMagicSock and InEngine should all be true. InEngine bool // Expired means that this peer's node key has expired, based on either // information from control or optimisically set on the client if the // expiration time has passed. Expired bool `json:",omitempty"` // KeyExpiry, if present, is the time at which the node key expired or // will expire. KeyExpiry *time.Time `json:",omitempty"` Location *tailcfg.Location `json:",omitempty"` }
PeerStatus describes a peer node and its current state.
func (*PeerStatus) HasCap ¶ added in v1.50.0
func (ps *PeerStatus) HasCap(cap tailcfg.NodeCapability) bool
HasCap reports whether ps has the given capability.
func (*PeerStatus) IsTagged ¶ added in v1.52.0
func (ps *PeerStatus) IsTagged() bool
IsTagged reports whether ps is tagged.
type PeerStatusLite ¶ added in v1.6.0
type PeerStatusLite struct { // NodeKey is this peer's public node key. NodeKey key.NodePublic // TxBytes/RxBytes are the total number of bytes transmitted to/received // from this peer. TxBytes, RxBytes int64 // LastHandshake is the last time a handshake succeeded with this peer. (Or // we got key confirmation via the first data message, which is // approximately the same thing.) // // The time.Time zero value means that no handshake has succeeded, at least // since this peer was last known to WireGuard. (Tailscale removes peers // from the wireguard peer that are idle.) LastHandshake time.Time }
type PingResult ¶ added in v1.2.0
type PingResult struct { IP string // ping destination NodeIP string // Tailscale IP of node handling IP (different for subnet routers) NodeName string // DNS name base or (possibly not unique) hostname Err string LatencySeconds float64 // Endpoint is the ip:port if direct UDP was used. // It is not currently set for TSMP pings. Endpoint string // DERPRegionID is non-zero DERP region ID if DERP was used. // It is not currently set for TSMP pings. DERPRegionID int // DERPRegionCode is the three-letter region code // corresponding to DERPRegionID. // It is not currently set for TSMP pings. DERPRegionCode string // PeerAPIPort is set by TSMP ping responses for peers that // are running a peerapi server. This is the port they're // running the server on. PeerAPIPort uint16 `json:",omitempty"` // PeerAPIURL is the URL that was hit for pings of type "peerapi" (tailcfg.PingPeerAPI). // It's of the form "http://ip:port" (or [ip]:port for IPv6). PeerAPIURL string `json:",omitempty"` // IsLocalIP is whether the ping request error is due to it being // a ping to the local node. IsLocalIP bool `json:",omitempty"` }
PingResult contains response information for the "tailscale ping" subcommand, saying how Tailscale can reach a Tailscale IP or subnet-routed IP. See tailcfg.PingResponse for a related response that is sent back to control for remote diagnostic pings.
func (*PingResult) ToPingResponse ¶ added in v1.24.0
func (pr *PingResult) ToPingResponse(pingType tailcfg.PingType) *tailcfg.PingResponse
type SelfUpdateStatus ¶ added in v1.54.0
type SelfUpdateStatus string
const ( UpdateFinished SelfUpdateStatus = "UpdateFinished" UpdateInProgress SelfUpdateStatus = "UpdateInProgress" UpdateFailed SelfUpdateStatus = "UpdateFailed" )
type Status ¶
type Status struct { // Version is the daemon's long version (see version.Long). Version string // TUN is whether /dev/net/tun (or equivalent kernel interface) is being // used. If false, it's running in userspace mode. TUN bool // BackendState is an ipn.State string value: // "NoState", "NeedsLogin", "NeedsMachineAuth", "Stopped", // "Starting", "Running". BackendState string // HaveNodeKey is whether the current profile has a node key configured. HaveNodeKey bool `json:",omitempty"` AuthURL string // current URL provided by control to authorize client TailscaleIPs []netip.Addr // Tailscale IP(s) assigned to this node Self *PeerStatus // ExitNodeStatus describes the current exit node. // If nil, an exit node is not in use. ExitNodeStatus *ExitNodeStatus `json:"ExitNodeStatus,omitempty"` // Health contains health check problems. // Empty means everything is good. (or at least that no known // problems are detected) Health []string // This field is the legacy name of CurrentTailnet.MagicDNSSuffix. // // Deprecated: use CurrentTailnet.MagicDNSSuffix instead. MagicDNSSuffix string // CurrentTailnet is information about the tailnet that the node // is currently connected to. When not connected, this field is nil. CurrentTailnet *TailnetStatus // CertDomains are the set of DNS names for which the control // plane server will assist with provisioning TLS // certificates. See SetDNSRequest for dns-01 ACME challenges // for e.g. LetsEncrypt. These names are FQDNs without // trailing periods, and without any "_acme-challenge." prefix. CertDomains []string // Peer is the state of each peer, keyed by each peer's current public key. Peer map[key.NodePublic]*PeerStatus // User contains profile information about UserIDs referenced by // PeerStatus.UserID, PeerStatus.AltSharerUserID, etc. User map[tailcfg.UserID]tailcfg.UserProfile // ClientVersion, when non-nil, contains information about the latest // version of the Tailscale client that's available. Depending on // the platform and client settings, it may not be available. ClientVersion *tailcfg.ClientVersion }
Status represents the entire state of the IPN network.
func (*Status) Peers ¶
func (s *Status) Peers() []key.NodePublic
type StatusBuilder ¶
type StatusBuilder struct { WantPeers bool // whether caller wants peers // contains filtered or unexported fields }
StatusBuilder is a request to construct a Status. A new StatusBuilder is passed to various subsystems which then call methods on it to populate state. Call its Status method to return the final constructed Status.
func (*StatusBuilder) AddPeer ¶
func (sb *StatusBuilder) AddPeer(peer key.NodePublic, st *PeerStatus)
AddPeer adds a peer node to the status.
Its PeerStatus is mixed with any previous status already added.
func (*StatusBuilder) AddTailscaleIP ¶ added in v1.0.0
func (sb *StatusBuilder) AddTailscaleIP(ip netip.Addr)
AddIP adds a Tailscale IP address to the status.
func (*StatusBuilder) AddUser ¶
func (sb *StatusBuilder) AddUser(id tailcfg.UserID, up tailcfg.UserProfile)
AddUser adds a user profile to the status.
func (*StatusBuilder) MutateSelfStatus ¶ added in v1.8.0
func (sb *StatusBuilder) MutateSelfStatus(f func(*PeerStatus))
MutateSelfStatus calls f with the PeerStatus of our own node to mutate.
It may not assume other fields of status are already populated, and may not retain or write to the Status after f returns.
MutateStatus acquires a lock so f must not call back into sb.
func (*StatusBuilder) MutateStatus ¶ added in v1.8.0
func (sb *StatusBuilder) MutateStatus(f func(*Status))
MutateStatus calls f with the status to mutate.
It may not assume other fields of status are already populated, and may not retain or write to the Status after f returns.
func (*StatusBuilder) Status ¶
func (sb *StatusBuilder) Status() *Status
Status returns the status that has been built up so far from previous calls to MutateStatus, MutateSelfStatus, AddPeer, etc.
type StatusUpdater ¶
type StatusUpdater interface {
UpdateStatus(*StatusBuilder)
}
type TKAFilteredPeer ¶ added in v1.34.0
type TKAFilteredPeer struct { Name string // DNS ID tailcfg.NodeID StableID tailcfg.StableNodeID TailscaleIPs []netip.Addr // Tailscale IP(s) assigned to this node NodeKey key.NodePublic }
TKAFilteredPeer describes a peer which was removed from the netmap (i.e. no connectivity) because it failed tailnet lock checks.
func (*TKAFilteredPeer) Clone ¶ added in v1.34.0
func (src *TKAFilteredPeer) Clone() *TKAFilteredPeer
Clone makes a deep copy of TKAFilteredPeer. The result aliases no memory with the original.
type TailnetStatus ¶ added in v1.22.0
type TailnetStatus struct { // Name is the name of the network that's currently in use. Name string // MagicDNSSuffix is the network's MagicDNS suffix for nodes // in the network such as "userfoo.tailscale.net". // There are no surrounding dots. // MagicDNSSuffix should be populated regardless of whether a domain // has MagicDNS enabled. MagicDNSSuffix string // MagicDNSEnabled is whether or not the network has MagicDNS enabled. // Note that the current device may still not support MagicDNS if // `--accept-dns=false` was used. MagicDNSEnabled bool }
TailnetStatus is information about a Tailscale network ("tailnet").
type UpdateProgress ¶ added in v1.54.0
type UpdateProgress struct { Status SelfUpdateStatus `json:"status,omitempty"` Message string `json:"message,omitempty"` Version string `json:"version,omitempty"` }
func NewUpdateProgress ¶ added in v1.54.0
func NewUpdateProgress(ps SelfUpdateStatus, msg string) UpdateProgress