ipnstate

package
v1.69.0-pre Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 12, 2024 License: BSD-3-Clause Imports: 16 Imported by: 69

Documentation

Overview

Package ipnstate captures the entire state of the Tailscale network.

It's a leaf package so ipn, wgengine, and magicsock can all depend on it.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SortPeers added in v1.4.0

func SortPeers(peers []*PeerStatus)

SortPeers sorts peers by either their DNS name, hostname, Tailscale IP, or ultimately their current public key.

Types

type DebugDERPRegionReport added in v1.34.0

type DebugDERPRegionReport struct {
	Info     []string
	Warnings []string
	Errors   []string
}

DebugDERPRegionReport is the result of a "tailscale debug derp" command, to let people debug a custom DERP setup.

type ExitNodeStatus added in v1.28.0

type ExitNodeStatus struct {
	// ID is the exit node's ID.
	ID tailcfg.StableNodeID

	// Online is whether the exit node is alive.
	Online bool

	// TailscaleIPs are the exit node's IP addresses assigned to the node.
	TailscaleIPs []netip.Prefix
}

ExitNodeStatus describes the current exit node.

type NetworkLockStatus added in v1.30.0

type NetworkLockStatus struct {
	// Enabled is true if network lock is enabled.
	Enabled bool

	// Head describes the AUM hash of the leaf AUM. Head is nil
	// if network lock is not enabled.
	Head *[32]byte

	// PublicKey describes the node's network-lock public key.
	// It may be zero if the node has not logged in.
	PublicKey key.NLPublic

	// NodeKey describes the node's current node-key. This field is not
	// populated if the node is not operating (i.e. waiting for a login).
	NodeKey *key.NodePublic

	// NodeKeySigned is true if our node is authorized by network-lock.
	NodeKeySigned bool

	// NodeKeySignature is the current signature of this node's key.
	NodeKeySignature *tka.NodeKeySignature

	// TrustedKeys describes the keys currently trusted to make changes
	// to network-lock.
	TrustedKeys []TKAKey

	// FilteredPeers describes peers which were removed from the netmap
	// (i.e. no connectivity) because they failed tailnet lock
	// checks.
	FilteredPeers []*TKAFilteredPeer

	// StateID is a nonce associated with the network lock authority,
	// generated upon enablement. This field is not populated if the
	// network lock is disabled.
	StateID uint64
}

NetworkLockStatus represents whether network-lock is enabled, along with details about the locally-known state of the tailnet key authority.

type NetworkLockUpdate added in v1.34.0

type NetworkLockUpdate struct {
	Hash   [32]byte
	Change string // values of tka.AUMKind.String()

	// Raw contains the serialized AUM. The AUM is sent in serialized
	// form to avoid transitive dependences bloating this package.
	Raw []byte
}

NetworkLockUpdate describes a change to network-lock state.

type PeerStatus

type PeerStatus struct {
	ID        tailcfg.StableNodeID
	PublicKey key.NodePublic
	HostName  string // HostInfo's Hostname (not a DNS name or necessarily unique)

	// DNSName is the Peer's FQDN. It ends with a dot.
	// It has the form "host.<MagicDNSSuffix>."
	DNSName string
	OS      string // HostInfo.OS
	UserID  tailcfg.UserID

	// AltSharerUserID is the user who shared this node
	// if it's different than UserID. Otherwise it's zero.
	AltSharerUserID tailcfg.UserID `json:",omitempty"`

	// TailscaleIPs are the IP addresses assigned to the node.
	TailscaleIPs []netip.Addr
	// AllowedIPs are IP addresses allowed to route to this node.
	AllowedIPs *views.Slice[netip.Prefix] `json:",omitempty"`

	// Tags are the list of ACL tags applied to this node.
	// See tailscale.com/tailcfg#Node.Tags for more information.
	Tags *views.Slice[string] `json:",omitempty"`

	// PrimaryRoutes are the routes this node is currently the primary
	// subnet router for, as determined by the control plane. It does
	// not include the IPs in TailscaleIPs.
	PrimaryRoutes *views.Slice[netip.Prefix] `json:",omitempty"`

	// Endpoints:
	Addrs   []string
	CurAddr string // one of Addrs, or unique if roaming
	Relay   string // DERP region

	RxBytes        int64
	TxBytes        int64
	Created        time.Time // time registered with tailcontrol
	LastWrite      time.Time // time last packet sent
	LastSeen       time.Time // last seen to tailcontrol; only present if offline
	LastHandshake  time.Time // with local wireguard
	Online         bool      // whether node is connected to the control plane
	ExitNode       bool      // true if this is the currently selected exit node.
	ExitNodeOption bool      // true if this node can be an exit node (offered && approved)

	// Active is whether the node was recently active. The
	// definition is somewhat undefined but has historically and
	// currently means that there was some packet sent to this
	// peer in the past two minutes. That definition is subject to
	// change.
	Active bool

	// PeerAPIURL are the URLs of the node's PeerAPI servers.
	PeerAPIURL []string

	// Capabilities are capabilities that the node has.
	// They're free-form strings, but should be in the form of URLs/URIs
	// such as:
	//    "https://tailscale.com/cap/is-admin"
	//    "https://tailscale.com/cap/file-sharing"
	//    "funnel"
	//
	// Deprecated: use CapMap instead. See https://github.com/tailscale/tailscale/issues/11508
	// Every value is Capabilities is also a key in CapMap, even if it
	// has no values in that map.
	Capabilities []tailcfg.NodeCapability `json:",omitempty"`

	// CapMap is a map of capabilities to their values.
	CapMap tailcfg.NodeCapMap `json:",omitempty"`

	// SSH_HostKeys are the node's SSH host keys, if known.
	SSH_HostKeys []string `json:"sshHostKeys,omitempty"`

	// ShareeNode indicates this node exists in the netmap because
	// it's owned by a shared-to user and that node might connect
	// to us. These nodes should be hidden by "tailscale status"
	// etc by default.
	ShareeNode bool `json:",omitempty"`

	// InNetworkMap means that this peer was seen in our latest network map.
	// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.
	InNetworkMap bool

	// InMagicSock means that this peer is being tracked by magicsock.
	// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.
	InMagicSock bool

	// InEngine means that this peer is tracked by the wireguard engine.
	// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.
	InEngine bool

	// Expired means that this peer's node key has expired, based on either
	// information from control or optimisically set on the client if the
	// expiration time has passed.
	Expired bool `json:",omitempty"`

	// KeyExpiry, if present, is the time at which the node key expired or
	// will expire.
	KeyExpiry *time.Time `json:",omitempty"`

	Location *tailcfg.Location `json:",omitempty"`
}

PeerStatus describes a peer node and its current state.

func (*PeerStatus) HasCap added in v1.50.0

func (ps *PeerStatus) HasCap(cap tailcfg.NodeCapability) bool

HasCap reports whether ps has the given capability.

func (*PeerStatus) IsTagged added in v1.52.0

func (ps *PeerStatus) IsTagged() bool

IsTagged reports whether ps is tagged.

type PeerStatusLite added in v1.6.0

type PeerStatusLite struct {
	// NodeKey is this peer's public node key.
	NodeKey key.NodePublic

	// TxBytes/RxBytes are the total number of bytes transmitted to/received
	// from this peer.
	TxBytes, RxBytes int64

	// LastHandshake is the last time a handshake succeeded with this peer. (Or
	// we got key confirmation via the first data message, which is
	// approximately the same thing.)
	//
	// The time.Time zero value means that no handshake has succeeded, at least
	// since this peer was last known to WireGuard. (Tailscale removes peers
	// from the wireguard peer that are idle.)
	LastHandshake time.Time
}

type PingResult added in v1.2.0

type PingResult struct {
	IP       string // ping destination
	NodeIP   string // Tailscale IP of node handling IP (different for subnet routers)
	NodeName string // DNS name base or (possibly not unique) hostname

	Err            string
	LatencySeconds float64

	// Endpoint is the ip:port if direct UDP was used.
	// It is not currently set for TSMP pings.
	Endpoint string

	// DERPRegionID is non-zero DERP region ID if DERP was used.
	// It is not currently set for TSMP pings.
	DERPRegionID int

	// DERPRegionCode is the three-letter region code
	// corresponding to DERPRegionID.
	// It is not currently set for TSMP pings.
	DERPRegionCode string

	// PeerAPIPort is set by TSMP ping responses for peers that
	// are running a peerapi server. This is the port they're
	// running the server on.
	PeerAPIPort uint16 `json:",omitempty"`

	// PeerAPIURL is the URL that was hit for pings of type "peerapi" (tailcfg.PingPeerAPI).
	// It's of the form "http://ip:port" (or [ip]:port for IPv6).
	PeerAPIURL string `json:",omitempty"`

	// IsLocalIP is whether the ping request error is due to it being
	// a ping to the local node.
	IsLocalIP bool `json:",omitempty"`
}

PingResult contains response information for the "tailscale ping" subcommand, saying how Tailscale can reach a Tailscale IP or subnet-routed IP. See tailcfg.PingResponse for a related response that is sent back to control for remote diagnostic pings.

func (*PingResult) ToPingResponse added in v1.24.0

func (pr *PingResult) ToPingResponse(pingType tailcfg.PingType) *tailcfg.PingResponse

type SelfUpdateStatus added in v1.54.0

type SelfUpdateStatus string
const (
	UpdateFinished   SelfUpdateStatus = "UpdateFinished"
	UpdateInProgress SelfUpdateStatus = "UpdateInProgress"
	UpdateFailed     SelfUpdateStatus = "UpdateFailed"
)

type Status

type Status struct {
	// Version is the daemon's long version (see version.Long).
	Version string

	// TUN is whether /dev/net/tun (or equivalent kernel interface) is being
	// used. If false, it's running in userspace mode.
	TUN bool

	// BackendState is an ipn.State string value:
	//  "NoState", "NeedsLogin", "NeedsMachineAuth", "Stopped",
	//  "Starting", "Running".
	BackendState string

	// HaveNodeKey is whether the current profile has a node key configured.
	HaveNodeKey bool `json:",omitempty"`

	AuthURL      string       // current URL provided by control to authorize client
	TailscaleIPs []netip.Addr // Tailscale IP(s) assigned to this node
	Self         *PeerStatus

	// ExitNodeStatus describes the current exit node.
	// If nil, an exit node is not in use.
	ExitNodeStatus *ExitNodeStatus `json:"ExitNodeStatus,omitempty"`

	// Health contains health check problems.
	// Empty means everything is good. (or at least that no known
	// problems are detected)
	Health []string

	// This field is the legacy name of CurrentTailnet.MagicDNSSuffix.
	//
	// Deprecated: use CurrentTailnet.MagicDNSSuffix instead.
	MagicDNSSuffix string

	// CurrentTailnet is information about the tailnet that the node
	// is currently connected to. When not connected, this field is nil.
	CurrentTailnet *TailnetStatus

	// CertDomains are the set of DNS names for which the control
	// plane server will assist with provisioning TLS
	// certificates. See SetDNSRequest for dns-01 ACME challenges
	// for e.g. LetsEncrypt. These names are FQDNs without
	// trailing periods, and without any "_acme-challenge." prefix.
	CertDomains []string

	// Peer is the state of each peer, keyed by each peer's current public key.
	Peer map[key.NodePublic]*PeerStatus

	// User contains profile information about UserIDs referenced by
	// PeerStatus.UserID, PeerStatus.AltSharerUserID, etc.
	User map[tailcfg.UserID]tailcfg.UserProfile

	// ClientVersion, when non-nil, contains information about the latest
	// version of the Tailscale client that's available. Depending on
	// the platform and client settings, it may not be available.
	ClientVersion *tailcfg.ClientVersion
}

Status represents the entire state of the IPN network.

func (*Status) Peers

func (s *Status) Peers() []key.NodePublic

func (*Status) WriteHTML

func (st *Status) WriteHTML(w io.Writer)

type StatusBuilder

type StatusBuilder struct {
	WantPeers bool // whether caller wants peers
	// contains filtered or unexported fields
}

StatusBuilder is a request to construct a Status. A new StatusBuilder is passed to various subsystems which then call methods on it to populate state. Call its Status method to return the final constructed Status.

func (*StatusBuilder) AddPeer

func (sb *StatusBuilder) AddPeer(peer key.NodePublic, st *PeerStatus)

AddPeer adds a peer node to the status.

Its PeerStatus is mixed with any previous status already added.

func (*StatusBuilder) AddTailscaleIP added in v1.0.0

func (sb *StatusBuilder) AddTailscaleIP(ip netip.Addr)

AddIP adds a Tailscale IP address to the status.

func (*StatusBuilder) AddUser

func (sb *StatusBuilder) AddUser(id tailcfg.UserID, up tailcfg.UserProfile)

AddUser adds a user profile to the status.

func (*StatusBuilder) MutateSelfStatus added in v1.8.0

func (sb *StatusBuilder) MutateSelfStatus(f func(*PeerStatus))

MutateSelfStatus calls f with the PeerStatus of our own node to mutate.

It may not assume other fields of status are already populated, and may not retain or write to the Status after f returns.

MutateStatus acquires a lock so f must not call back into sb.

func (*StatusBuilder) MutateStatus added in v1.8.0

func (sb *StatusBuilder) MutateStatus(f func(*Status))

MutateStatus calls f with the status to mutate.

It may not assume other fields of status are already populated, and may not retain or write to the Status after f returns.

func (*StatusBuilder) Status

func (sb *StatusBuilder) Status() *Status

Status returns the status that has been built up so far from previous calls to MutateStatus, MutateSelfStatus, AddPeer, etc.

type StatusUpdater

type StatusUpdater interface {
	UpdateStatus(*StatusBuilder)
}

type TKAFilteredPeer added in v1.34.0

type TKAFilteredPeer struct {
	Name         string // DNS
	ID           tailcfg.NodeID
	StableID     tailcfg.StableNodeID
	TailscaleIPs []netip.Addr // Tailscale IP(s) assigned to this node
	NodeKey      key.NodePublic
}

TKAFilteredPeer describes a peer which was removed from the netmap (i.e. no connectivity) because it failed tailnet lock checks.

func (*TKAFilteredPeer) Clone added in v1.34.0

func (src *TKAFilteredPeer) Clone() *TKAFilteredPeer

Clone makes a deep copy of TKAFilteredPeer. The result aliases no memory with the original.

type TKAKey added in v1.34.0

type TKAKey struct {
	Key      key.NLPublic
	Metadata map[string]string
	Votes    uint
}

TKAKey describes a key trusted by network lock.

type TailnetStatus added in v1.22.0

type TailnetStatus struct {
	// Name is the name of the network that's currently in use.
	Name string

	// MagicDNSSuffix is the network's MagicDNS suffix for nodes
	// in the network such as "userfoo.tailscale.net".
	// There are no surrounding dots.
	// MagicDNSSuffix should be populated regardless of whether a domain
	// has MagicDNS enabled.
	MagicDNSSuffix string

	// MagicDNSEnabled is whether or not the network has MagicDNS enabled.
	// Note that the current device may still not support MagicDNS if
	// `--accept-dns=false` was used.
	MagicDNSEnabled bool
}

TailnetStatus is information about a Tailscale network ("tailnet").

type UpdateProgress added in v1.54.0

type UpdateProgress struct {
	Status  SelfUpdateStatus `json:"status,omitempty"`
	Message string           `json:"message,omitempty"`
	Version string           `json:"version,omitempty"`
}

func NewUpdateProgress added in v1.54.0

func NewUpdateProgress(ps SelfUpdateStatus, msg string) UpdateProgress

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL