tailcfg

Oct 10, 2024

Changes in this version

+ func IsKnownServiceProto(sp ServiceProto) bool

type NodeCapability

+ const NodeAttrSSHEnvironmentVariables

type SSHRule

+ AcceptEnv []string

type SSHRuleView

+ func (v SSHRuleView) AcceptEnv() views.Slice[string]

Sep 12, 2024

Changes in this version

type NodeCapability

+ const NodeAttrSSHBehaviorV2

Aug 19, 2024

Changes in this version

type NodeCapability

+ const NodeAttrDisableCaptivePortalDetection

Jul 17, 2024

Changes in this version

+ const EndpointExplicitConf

type C2NPostureIdentityResponse

+ IfaceHardwareAddrs []string

type NodeCapability

+ const NodeAttrDisableLocalDNSOverrideViaNRPT

+ const NodeAttrDisableMagicSockCryptoRouting

Jun 12, 2024

Changes in this version

type NodeCapability

+ const NodeAttrDisableSplitDNSWhenNoCustomResolvers

+ const NodeAttrSSHBehaviorV1

type PeerCapability

+ const PeerCapabilityKubernetes

type RawMessage

+ func MarshalCapJSON[T any](capRule T) (RawMessage, error)

May 8, 2024

Changes in this version

type DERPNode

+ func (n *DERPNode) IsTestNode() bool

type Node

+ IsJailed bool

type NodeCapability

+ const NodeAttrAutoExitNode

+ const NodeAttrLogExitFlows

+ const NodeAttrStoreAppCRoutes

+ const NodeAttrSuggestExitNodeUI

+ const NodeAttrUserDialUseRoutes

type NodeView

+ func (v NodeView) IsJailed() bool

type PeerCapability

+ const PeerCapabilityTaildriveSharer

Apr 11, 2024

Changes in this version

type NodeCapability

+ const NodeAttrDisableWebClient

+ const NodeAttrOnlyTCP443

+ const NodeAttrsTaildriveAccess

+ const NodeAttrsTaildriveShare

type PeerCapability

+ const PeerCapabilityTaildrive

Mar 26, 2024

Changes in this version

+ const LBHeader

type HealthChangeRequest

+ NodeKey key.NodePublic

Mar 13, 2024

Changes in this version

+ type DERPAdmitClientRequest struct

+ NodePublic key.NodePublic

+ Source netip.Addr

+ type DERPAdmitClientResponse struct

+ Allow bool

type DERPRegion

+ Latitude float64

+ Longitude float64

type DERPRegionView

+ func (v DERPRegionView) Latitude() float64

+ func (v DERPRegionView) Longitude() float64

type Location

+ Latitude float64

+ Longitude float64

type LocationView

+ func (v LocationView) Latitude() float64

+ func (v LocationView) Longitude() float64

type NodeCapability

+ const NodeAttrSuggestExitNode

Feb 15, 2024

Changes in this version

type NodeCapability

+ const NodeAttrProbeUDPLifetime

+ const NodeAttrsTailFSAccess

+ const NodeAttrsTailFSShare

type PeerCapability

+ const PeerCapabilityTailFS

Jan 18, 2024

Changes in this version

type MapResponse

+ DefaultAutoUpdate opt.Bool

+ MaxKeyDuration time.Duration

type NodeCapability

+ const NodeAttrSeamlessKeyRenewal

type PeerCapability

+ const PeerCapabilityWebUI

Dec 13, 2023

Changes in this version

+ type C2NTLSCertInfo struct

+ Error string

+ Expired bool

+ Missing bool

+ NotAfter string

+ NotBefore string

+ Valid bool

type MapResponse

+ PacketFilters map[string][]FilterRule

type NodeCapability

+ const NodeAttrLinuxMustUseIPTables

+ const NodeAttrLinuxMustUseNfTables

Nov 15, 2023

Changes in this version

+ type C2NAppConnectorDomainRoutesResponse struct

+ Domains map[string][]netip.Addr

type Hostinfo

+ AppConnector opt.Bool

type HostinfoView

+ func (v HostinfoView) AppConnector() opt.Bool

type NodeCapability

+ const CapabilityPreviewWebClient

+ const NodeAttrSilentDisco

Oct 30, 2023

Changes in this version

+ type C2NPostureIdentityResponse struct

+ PostureDisabled bool

+ SerialNumbers []string

type ClientVersion

+ UrgentSecurityUpdate bool

type Hostinfo

+ WoLMACs []string

type HostinfoView

+ func (v HostinfoView) WoLMACs() views.Slice[string]

type NodeCapability

+ const NodeAttrDNSForwarderDisableTCPRetries

+ type ProtoPortRange struct

+ Ports PortRange

+ Proto int

+ func ParseProtoPortRanges(ips []string) ([]ProtoPortRange, error)

+ func (ppr *ProtoPortRange) MarshalText() ([]byte, error)

+ func (ppr *ProtoPortRange) UnmarshalText(text []byte) error

+ func (ppr ProtoPortRange) String() string

type RegisterRequest

+ Tailnet string

type RegisterRequestView

+ func (v RegisterRequestView) Tailnet() string

+ type WebClientAuthResponse struct

+ Complete bool

+ ID string

+ URL string

Sep 25, 2023

Changes in this version

+ func UnmarshalNodeCapJSON(cm NodeCapMap, cap NodeCapability) ([]T, error)

+ type C2NUpdateResponse struct

+ Enabled bool

+ Err string

+ Started bool

+ Supported bool

type DNSConfig

+ TempCorpIssue13969 string

type DNSConfigView

+ func (v DNSConfigView) TempCorpIssue13969() string

type MachineStatus

+ func (m MachineStatus) AppendText(b []byte) ([]byte, error)

type Node

+ CapMap NodeCapMap

+ ExitNodeDNSResolvers []*dnstype.Resolver

+ SelfNodeV6MasqAddrForThisPeer *netip.Addr

+ func (n *Node) SharerOrUser() UserID

+ func (v *Node) HasCap(cap NodeCapability) bool

+ type NodeCapMap map[NodeCapability][]RawMessage

+ func (c NodeCapMap) Contains(cap NodeCapability) bool

+ func (c NodeCapMap) Equal(c2 NodeCapMap) bool

+ type NodeCapability string

+ const NodeAttrDebugDisableDRPO

+ const NodeAttrDebugDisableWGTrim

+ const NodeAttrDebugForceBackgroundSTUN

+ const NodeAttrDisableDeltaUpdates

+ const NodeAttrDisableSubnetsIfPAC

+ const NodeAttrDisableUPnP

+ const NodeAttrOneCGNATDisable

+ const NodeAttrOneCGNATEnable

+ const NodeAttrPeerMTUEnable

+ const NodeAttrRandomizeClientPort

type NodeView

+ func (n NodeView) DisplayName(forOwner bool) string

+ func (n NodeView) IsTagged() bool

+ func (n NodeView) SharerOrUser() UserID

+ func (v NodeView) CapMap() views.MapFn[NodeCapability, []RawMessage, views.Slice[RawMessage]]

+ func (v NodeView) ExitNodeDNSResolvers() views.SliceView[*dnstype.Resolver, dnstype.ResolverView]

+ func (v NodeView) HasCap(cap NodeCapability) bool

+ func (v NodeView) SelfNodeV6MasqAddrForThisPeer() *netip.Addr

type PeerChange

+ CapMap NodeCapMap

+ type RawMessage string

+ func (m *RawMessage) UnmarshalJSON(data []byte) error

+ func (m RawMessage) MarshalJSON() ([]byte, error)

type RegisterRequest

+ func (p *RegisterRequest) View() RegisterRequestView

+ type RegisterRequestView struct

+ func (v *RegisterRequestView) UnmarshalJSON(b []byte) error

+ func (v RegisterRequestView) AsStruct() *RegisterRequest

+ func (v RegisterRequestView) Auth() RegisterResponseAuthView

+ func (v RegisterRequestView) DeviceCert() views.ByteSlice[[]byte]

+ func (v RegisterRequestView) Ephemeral() bool

+ func (v RegisterRequestView) Expiry() time.Time

+ func (v RegisterRequestView) Followup() string

+ func (v RegisterRequestView) Hostinfo() HostinfoView

+ func (v RegisterRequestView) MarshalJSON() ([]byte, error)

+ func (v RegisterRequestView) NLKey() key.NLPublic

+ func (v RegisterRequestView) NodeKey() key.NodePublic

+ func (v RegisterRequestView) NodeKeySignature() views.ByteSlice[tkatype.MarshaledSignature]

+ func (v RegisterRequestView) OldNodeKey() key.NodePublic

+ func (v RegisterRequestView) Signature() views.ByteSlice[[]byte]

+ func (v RegisterRequestView) SignatureType() SignatureType

+ func (v RegisterRequestView) Timestamp() *time.Time

+ func (v RegisterRequestView) Valid() bool

+ func (v RegisterRequestView) Version() CapabilityVersion

+ type RegisterResponseAuth struct

+ AuthKey string

+ LoginName string

+ Oauth2Token *Oauth2Token

+ Provider string

+ func (p *RegisterResponseAuth) View() RegisterResponseAuthView

+ func (src *RegisterResponseAuth) Clone() *RegisterResponseAuth

+ type RegisterResponseAuthView struct

+ func (v *RegisterResponseAuthView) UnmarshalJSON(b []byte) error

+ func (v RegisterResponseAuthView) AsStruct() *RegisterResponseAuth

+ func (v RegisterResponseAuthView) AuthKey() string

+ func (v RegisterResponseAuthView) LoginName() string

+ func (v RegisterResponseAuthView) MarshalJSON() ([]byte, error)

+ func (v RegisterResponseAuthView) Oauth2Token() *Oauth2Token

+ func (v RegisterResponseAuthView) Provider() string

+ func (v RegisterResponseAuthView) Valid() bool

type SignatureType

+ func (st SignatureType) AppendText(b []byte) ([]byte, error)

Aug 16, 2023

Changes in this version

+ const CapabilityHTTPS

+ var DerpMagicIPAddr = netip.MustParseAddr(DerpMagicIP)

+ func UnmarshalCapJSON(cm PeerCapMap, cap PeerCapability) ([]T, error)

type CapGrant

+ CapMap PeerCapMap

type NetInfo

+ FirewallMode string

type NetInfoView

+ func (v NetInfoView) FirewallMode() string

+ type PeerCapMap map[PeerCapability][]json.RawMessage

+ func (c PeerCapMap) HasCapability(cap PeerCapability) bool

+ type PeerCapability string

+ const PeerCapabilityDebugPeer

+ const PeerCapabilityFileSharingSend

+ const PeerCapabilityFileSharingTarget

+ const PeerCapabilityIngress

+ const PeerCapabilityWakeOnLAN

+ type QueryFeatureRequest struct

+ Feature string

+ NodeKey key.NodePublic

+ type QueryFeatureResponse struct

+ Complete bool

+ ShouldWait bool

+ Text string

+ URL string

type UserProfile

+ Groups []string

+ func (p *UserProfile) Equal(p2 *UserProfile) bool

+ func (p *UserProfile) View() UserProfileView

+ func (src *UserProfile) Clone() *UserProfile

+ type UserProfileView struct

+ func (v *UserProfileView) UnmarshalJSON(b []byte) error

+ func (v UserProfileView) AsStruct() *UserProfile

+ func (v UserProfileView) DisplayName() string

+ func (v UserProfileView) Equal(v2 UserProfileView) bool

+ func (v UserProfileView) Groups() views.Slice[string]

+ func (v UserProfileView) ID() UserID

+ func (v UserProfileView) LoginName() string

+ func (v UserProfileView) MarshalJSON() ([]byte, error)

+ func (v UserProfileView) ProfilePicURL() string

+ func (v UserProfileView) Roles() emptyStructJSONSlice

+ func (v UserProfileView) Valid() bool

Jul 19, 2023

Changes in this version

+ const CapabilityTailnetLock

+ type DERPHomeParams struct

+ RegionScore map[int]float64

+ func (p *DERPHomeParams) View() DERPHomeParamsView

+ func (src *DERPHomeParams) Clone() *DERPHomeParams

+ type DERPHomeParamsView struct

+ func (v *DERPHomeParamsView) UnmarshalJSON(b []byte) error

+ func (v DERPHomeParamsView) AsStruct() *DERPHomeParams

+ func (v DERPHomeParamsView) MarshalJSON() ([]byte, error)

+ func (v DERPHomeParamsView) RegionScore() views.Map[int, float64]

+ func (v DERPHomeParamsView) Valid() bool

type DERPMap

+ HomeParams *DERPHomeParams

type DERPMapView

+ func (v DERPMapView) HomeParams() DERPHomeParamsView

type Hostinfo

+ Location *Location

type HostinfoView

+ func (v HostinfoView) Location() *Location

+ type Location struct

+ City string

+ CityCode string

+ Country string

+ CountryCode string

+ Priority int

+ func (p *Location) View() LocationView

+ func (src *Location) Clone() *Location

+ type LocationView struct

+ func (v *LocationView) UnmarshalJSON(b []byte) error

+ func (v LocationView) AsStruct() *Location

+ func (v LocationView) City() string

+ func (v LocationView) CityCode() string

+ func (v LocationView) Country() string

+ func (v LocationView) CountryCode() string

+ func (v LocationView) MarshalJSON() ([]byte, error)

+ func (v LocationView) Priority() int

+ func (v LocationView) Valid() bool

Jun 21, 2023

Changes in this version

type SSHAction

+ AllowRemotePortForwarding bool

type SSHActionView

+ func (v SSHActionView) AllowRemotePortForwarding() bool

May 24, 2023

Changes in this version

+ type SSHEventNotifyRequest struct

+ CapVersion CapabilityVersion

+ ConnectionID string

+ EventType SSHEventType

+ LocalUser string

+ NodeKey key.NodePublic

+ RecordingAttempts []*SSHRecordingAttempt

+ SSHUser string

+ SrcNode NodeID

+ type SSHEventType int

+ const SSHSessionRecordingFailed

+ const SSHSessionRecordingRejected

+ const SSHSessionRecordingTerminated

+ const UnspecifiedSSHEventType

Apr 26, 2023

Changes in this version

type DERPNode

+ CanPort80 bool

type DERPNodeView

+ func (v DERPNodeView) CanPort80() bool

type Node

+ IsWireGuardOnly bool

+ SelfNodeV4MasqAddrForThisPeer *netip.Addr

type NodeView

+ func (v NodeView) IsWireGuardOnly() bool

+ func (v NodeView) SelfNodeV4MasqAddrForThisPeer() *netip.Addr

type SSHAction

+ OnRecordingFailure *SSHRecorderFailureAction

type SSHActionView

+ func (v SSHActionView) OnRecordingFailure() *SSHRecorderFailureAction

+ type SSHRecorderFailureAction struct

+ NotifyURL string

+ RejectSessionWithMessage string

+ TerminateSessionWithMessage string

+ type SSHRecordingAttempt struct

+ FailureMessage string

+ Recorder netip.AddrPort

+ type SSHRecordingFailureNotifyRequest struct

+ Attempts []SSHRecordingAttempt

+ CapVersion CapabilityVersion

+ LocalUser string

+ NodeKey key.NodePublic

+ SSHUser string

+ SrcNode NodeID

Apr 5, 2023

Changes in this version

type SSHAction

+ Recorders []netip.AddrPort

+ func (p *SSHAction) View() SSHActionView

+ func (src *SSHAction) Clone() *SSHAction

+ type SSHActionView struct

+ func (v *SSHActionView) UnmarshalJSON(b []byte) error

+ func (v SSHActionView) Accept() bool

+ func (v SSHActionView) AllowAgentForwarding() bool

+ func (v SSHActionView) AllowLocalPortForwarding() bool

+ func (v SSHActionView) AsStruct() *SSHAction

+ func (v SSHActionView) HoldAndDelegate() string

+ func (v SSHActionView) MarshalJSON() ([]byte, error)

+ func (v SSHActionView) Message() string

+ func (v SSHActionView) Recorders() views.Slice[netip.AddrPort]

+ func (v SSHActionView) Reject() bool

+ func (v SSHActionView) SessionDuration() time.Duration

+ func (v SSHActionView) Valid() bool

Mar 14, 2023 GO-2023-1671

  GO-2023-1671: Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com

Mar 14, 2023 GO-2023-1671

  GO-2023-1671: Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com

Changes in this version

+ const CapabilityFunnelPorts

+ const CapabilitySSHSessionHaul

+ const NodeAttrSSHAggregator

type Hostinfo

+ App string

+ PushDeviceToken string

type HostinfoView

+ func (v HostinfoView) App() string

+ func (v HostinfoView) PushDeviceToken() string

type MapRequest

+ MapSessionHandle string

+ MapSessionSeq int64

type MapResponse

+ MapSessionHandle string

+ Seq int64

type Node

+ func (n *Node) IsTagged() bool

type PortRange

+ func (pr PortRange) Contains(port uint16) bool

type SSHAction

+ SessionHaulTargetNode StableNodeID

+ type TKASignaturesUsingKeyRequest struct

+ KeyID tkatype.KeyID

+ NodeKey key.NodePublic

+ Version CapabilityVersion

+ type TKASignaturesUsingKeyResponse struct

+ Signatures []tkatype.MarshaledSignature

Feb 22, 2023 GO-2023-1671

  GO-2023-1671: Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com

Feb 8, 2023 GO-2023-1671

  GO-2023-1671: Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com

Changes in this version

+ const CapabilityBindToInterfaceByRoute

+ const CapabilityDebugDisableAlternateDefaultRouteInterface

+ const CapabilityDebugDisableBindConnToInterface

Jan 24, 2023 GO-2023-1671

  GO-2023-1671: Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com

Changes in this version

+ const CapabilityDebugTSDNSResolution

type Hostinfo

+ AllowsUpdate bool

+ GoArchVar string

+ Machine string

type HostinfoView

+ func (v HostinfoView) AllowsUpdate() bool

+ func (v HostinfoView) GoArchVar() string

+ func (v HostinfoView) Machine() string

type Node

+ Cap CapabilityVersion

+ Expired bool

type NodeView

+ func (v NodeView) Cap() CapabilityVersion

+ func (v NodeView) Expired() bool

type PeerChange

+ Cap CapabilityVersion

Jan 4, 2023 GO-2023-1671

  GO-2023-1671: Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com

Dec 13, 2022 GO-2023-1671

  GO-2023-1671: Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com

Dec 5, 2022 GO-2023-1671

  GO-2023-1671: Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process in tailscale.com

Changes in this version

+ const CapabilityIngress

+ const CapabilityTailnetLockAlpha

+ const CapabilityWarnFunnelNoHTTPS

+ const CapabilityWarnFunnelNoInvite

+ const NodeAttrFunnel

+ type ClientVersion struct

+ LatestVersion string

+ Notify bool

+ NotifyText string

+ NotifyURL string

+ RunningLatest bool

+ type EarlyNoise struct

+ NodeKeyChallenge key.ChallengePublic

type Hostinfo

+ WireIngress bool

+ func (hi *Hostinfo) TailscaleFunnelEnabled() bool

type HostinfoView

+ func (v HostinfoView) TailscaleFunnelEnabled() bool

+ func (v HostinfoView) WireIngress() bool

type MapRequest

+ TKAHead string

type MapResponse

+ ClientVersion *ClientVersion

type Node

+ UnsignedPeerAPIOnly bool

type NodeView

+ func (v NodeView) UnsignedPeerAPIOnly() bool

type RegisterRequest

+ NodeKeySignature tkatype.MarshaledSignature

type RegisterResponse

+ NodeKeySignature tkatype.MarshaledSignature

type RegisterResponseView

+ func (v RegisterResponseView) NodeKeySignature() mem.RO

+ type TKADisableRequest struct

+ DisablementSecret []byte

+ Head string

+ NodeKey key.NodePublic

+ Version CapabilityVersion

+ type TKADisableResponse struct

type TKAInitFinishRequest

+ SupportDisablement []byte

+ type TKASubmitSignatureRequest struct

+ NodeKey key.NodePublic

+ Signature tkatype.MarshaledSignature

+ Version CapabilityVersion

+ type TKASubmitSignatureResponse struct

type TKASyncSendRequest

+ Head string

Nov 21, 2022

Changes in this version

+ const CapabilityDebug

+ const DotInvalid

Oct 26, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Oct 21, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Oct 12, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ type C2NSSHUsernamesRequest struct

+ Exclude map[string]bool

+ Max int

+ type C2NSSHUsernamesResponse struct

+ Usernames []string

+ type ControlDialPlan struct

+ Candidates []ControlIPCandidate

+ func (p *ControlDialPlan) View() ControlDialPlanView

+ func (src *ControlDialPlan) Clone() *ControlDialPlan

+ type ControlDialPlanView struct

+ func (v *ControlDialPlanView) UnmarshalJSON(b []byte) error

+ func (v ControlDialPlanView) AsStruct() *ControlDialPlan

+ func (v ControlDialPlanView) Candidates() views.Slice[ControlIPCandidate]

+ func (v ControlDialPlanView) MarshalJSON() ([]byte, error)

+ func (v ControlDialPlanView) Valid() bool

+ type ControlIPCandidate struct

+ DialStartDelaySec float64

+ DialTimeoutSec float64

+ IP netip.Addr

+ Priority int

type Debug

+ EnableSilentDisco bool

+ type HealthChangeRequest struct

+ Error string

+ Subsys string

type Hostinfo

+ Container opt.Bool

+ Distro string

+ DistroCodeName string

+ DistroVersion string

+ Env string

+ NoLogsNoSupport bool

type HostinfoView

+ func (v HostinfoView) Container() opt.Bool

+ func (v HostinfoView) Distro() string

+ func (v HostinfoView) DistroCodeName() string

+ func (v HostinfoView) DistroVersion() string

+ func (v HostinfoView) Env() string

+ func (v HostinfoView) NoLogsNoSupport() bool

type MapResponse

+ ControlDialPlan *ControlDialPlan

+ DomainDataPlaneAuditLogID string

+ TKAInfo *TKAInfo

type Node

+ DataPlaneAuditLogID string

type NodeView

+ func (v NodeView) DataPlaneAuditLogID() string

+ type TKABootstrapRequest struct

+ Head string

+ NodeKey key.NodePublic

+ Version CapabilityVersion

+ type TKABootstrapResponse struct

+ DisablementSecret []byte

+ GenesisAUM tkatype.MarshaledAUM

+ type TKAInfo struct

+ Disabled bool

+ Head string

type TKAInitBeginRequest

+ NodeKey key.NodePublic

+ Version CapabilityVersion

type TKAInitFinishRequest

+ NodeKey key.NodePublic

+ Version CapabilityVersion

+ type TKASyncOfferRequest struct

+ Ancestors []string

+ Head string

+ NodeKey key.NodePublic

+ Version CapabilityVersion

+ type TKASyncOfferResponse struct

+ Ancestors []string

+ Head string

+ MissingAUMs []tkatype.MarshaledAUM

+ type TKASyncSendRequest struct

+ Interactive bool

+ MissingAUMs []tkatype.MarshaledAUM

+ NodeKey key.NodePublic

+ Version CapabilityVersion

+ type TKASyncSendResponse struct

+ Head string

Sep 15, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Sep 8, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Aug 31, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ const CapabilityDataPlaneAuditLogs

+ const CapabilityFileSharingTarget

+ const DerpMagicIP

type Debug

+ SetForceBackgroundSTUN opt.Bool

+ SetRandomizeClientPort opt.Bool

type Hostinfo

+ GoVersion string

+ Userspace opt.Bool

+ UserspaceRouter opt.Bool

type HostinfoView

+ func (v HostinfoView) GoVersion() string

+ func (v HostinfoView) Userspace() opt.Bool

+ func (v HostinfoView) UserspaceRouter() opt.Bool

type MapRequest

+ TKA *TKAMapRequest

type MapResponse

+ PeersChangedPatch []*PeerChange

+ TKA *TKAMapResponse

type NetInfo

+ OSHasIPv6 opt.Bool

+ WorkingICMPv4 opt.Bool

type NetInfoView

+ func (v NetInfoView) OSHasIPv6() opt.Bool

+ func (v NetInfoView) WorkingICMPv4() opt.Bool

type Node

+ KeySignature tkatype.MarshaledSignature

type NodeView

+ func (v NodeView) KeySignature() mem.RO

+ type PeerChange struct

+ Capabilities *[]string

+ DERPRegion int

+ DiscoKey *key.DiscoPublic

+ Endpoints []string

+ Key *key.NodePublic

+ KeyExpiry *time.Time

+ KeySignature tkatype.MarshaledSignature

+ LastSeen *time.Time

+ NodeID NodeID

+ Online *bool

type PingRequest

+ Payload []byte

+ URLIsNoise bool

type RegisterRequest

+ NLKey key.NLPublic

type SSHPrincipal

+ func (p *SSHPrincipal) View() SSHPrincipalView

+ func (src *SSHPrincipal) Clone() *SSHPrincipal

+ type SSHPrincipalView struct

+ func (v *SSHPrincipalView) UnmarshalJSON(b []byte) error

+ func (v SSHPrincipalView) Any() bool

+ func (v SSHPrincipalView) AsStruct() *SSHPrincipal

+ func (v SSHPrincipalView) MarshalJSON() ([]byte, error)

+ func (v SSHPrincipalView) Node() StableNodeID

+ func (v SSHPrincipalView) NodeIP() string

+ func (v SSHPrincipalView) PubKeys() views.Slice[string]

+ func (v SSHPrincipalView) UserLogin() string

+ func (v SSHPrincipalView) Valid() bool

type SSHRule

+ func (p *SSHRule) View() SSHRuleView

+ func (src *SSHRule) Clone() *SSHRule

+ type SSHRuleView struct

+ func (v *SSHRuleView) UnmarshalJSON(b []byte) error

+ func (v SSHRuleView) Action() *SSHAction

+ func (v SSHRuleView) AsStruct() *SSHRule

+ func (v SSHRuleView) MarshalJSON() ([]byte, error)

+ func (v SSHRuleView) Principals() views.SliceView[*SSHPrincipal, SSHPrincipalView]

+ func (v SSHRuleView) RuleExpires() *time.Time

+ func (v SSHRuleView) SSHUsers() views.Map[string, string]

+ func (v SSHRuleView) Valid() bool

+ type TKAInitBeginRequest struct

+ GenesisAUM tkatype.MarshaledAUM

+ NodeID NodeID

+ type TKAInitBeginResponse struct

+ NeedSignatures []TKASignInfo

+ type TKAInitFinishRequest struct

+ NodeID NodeID

+ Signatures map[NodeID]tkatype.MarshaledSignature

+ type TKAInitFinishResponse struct

+ type TKAMapRequest struct

+ Head string

+ type TKAMapResponse struct

+ Updates []tkatype.MarshaledAUM

+ WantSync bool

+ type TKASignInfo struct

+ NodeID NodeID

+ NodePublic key.NodePublic

+ RotationPubkey []byte

Jul 18, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type Hostinfo

+ Cloud string

+ func (hi *Hostinfo) TailscaleSSHEnabled() bool

type HostinfoView

+ func (v HostinfoView) Cloud() string

+ func (v HostinfoView) TailscaleSSHEnabled() bool

Jul 5, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jun 18, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ const CapabilitySSH

+ const CapabilitySSHRuleIn

Jun 6, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ const CapabilityWakeOnLAN

type DERPMap

+ func (p *DERPMap) View() DERPMapView

+ type DERPMapView struct

+ func (v *DERPMapView) UnmarshalJSON(b []byte) error

+ func (v DERPMapView) AsStruct() *DERPMap

+ func (v DERPMapView) MarshalJSON() ([]byte, error)

+ func (v DERPMapView) OmitDefaultRegions() bool

+ func (v DERPMapView) Regions() views.MapFn[int, *DERPRegion, DERPRegionView]

+ func (v DERPMapView) Valid() bool

type DERPNode

+ func (p *DERPNode) View() DERPNodeView

+ type DERPNodeView struct

+ func (v *DERPNodeView) UnmarshalJSON(b []byte) error

+ func (v DERPNodeView) AsStruct() *DERPNode

+ func (v DERPNodeView) CertName() string

+ func (v DERPNodeView) DERPPort() int

+ func (v DERPNodeView) HostName() string

+ func (v DERPNodeView) IPv4() string

+ func (v DERPNodeView) IPv6() string

+ func (v DERPNodeView) InsecureForTests() bool

+ func (v DERPNodeView) MarshalJSON() ([]byte, error)

+ func (v DERPNodeView) Name() string

+ func (v DERPNodeView) RegionID() int

+ func (v DERPNodeView) STUNOnly() bool

+ func (v DERPNodeView) STUNPort() int

+ func (v DERPNodeView) STUNTestIP() string

+ func (v DERPNodeView) Valid() bool

type DERPRegion

+ func (p *DERPRegion) View() DERPRegionView

+ type DERPRegionView struct

+ func (v *DERPRegionView) UnmarshalJSON(b []byte) error

+ func (v DERPRegionView) AsStruct() *DERPRegion

+ func (v DERPRegionView) Avoid() bool

+ func (v DERPRegionView) MarshalJSON() ([]byte, error)

+ func (v DERPRegionView) Nodes() views.SliceView[*DERPNode, DERPNodeView]

+ func (v DERPRegionView) RegionCode() string

+ func (v DERPRegionView) RegionID() int

+ func (v DERPRegionView) RegionName() string

+ func (v DERPRegionView) Valid() bool

type DNSConfig

+ func (p *DNSConfig) View() DNSConfigView

+ type DNSConfigView struct

+ func (v *DNSConfigView) UnmarshalJSON(b []byte) error

+ func (v DNSConfigView) AsStruct() *DNSConfig

+ func (v DNSConfigView) CertDomains() views.Slice[string]

+ func (v DNSConfigView) Domains() views.Slice[string]

+ func (v DNSConfigView) ExitNodeFilteredSet() views.Slice[string]

+ func (v DNSConfigView) ExtraRecords() views.Slice[DNSRecord]

+ func (v DNSConfigView) FallbackResolvers() views.SliceView[*dnstype.Resolver, dnstype.ResolverView]

+ func (v DNSConfigView) MarshalJSON() ([]byte, error)

+ func (v DNSConfigView) Nameservers() views.Slice[netaddr.IP]

+ func (v DNSConfigView) PerDomain() bool

+ func (v DNSConfigView) Proxied() bool

+ func (v DNSConfigView) Resolvers() views.SliceView[*dnstype.Resolver, dnstype.ResolverView]

+ func (v DNSConfigView) Routes() ...

+ func (v DNSConfigView) Valid() bool

type HostinfoView

+ func (v HostinfoView) Desktop() opt.Bool

type Login

+ func (p *Login) View() LoginView

+ type LoginView struct

+ func (v *LoginView) UnmarshalJSON(b []byte) error

+ func (v LoginView) AsStruct() *Login

+ func (v LoginView) DisplayName() string

+ func (v LoginView) Domain() string

+ func (v LoginView) ID() LoginID

+ func (v LoginView) LoginName() string

+ func (v LoginView) MarshalJSON() ([]byte, error)

+ func (v LoginView) ProfilePicURL() string

+ func (v LoginView) Provider() string

+ func (v LoginView) Valid() bool

type NetInfoView

+ func (v *NetInfoView) UnmarshalJSON(b []byte) error

+ func (v NetInfoView) DERPLatency() views.Map[string, float64]

+ func (v NetInfoView) MarshalJSON() ([]byte, error)

type Node

+ func (p *Node) View() NodeView

+ type NodeView struct

+ func (v *NodeView) UnmarshalJSON(b []byte) error

+ func (v NodeView) Addresses() views.IPPrefixSlice

+ func (v NodeView) AllowedIPs() views.IPPrefixSlice

+ func (v NodeView) AsStruct() *Node

+ func (v NodeView) Capabilities() views.Slice[string]

+ func (v NodeView) ComputedName() string

+ func (v NodeView) ComputedNameWithHost() string

+ func (v NodeView) Created() time.Time

+ func (v NodeView) DERP() string

+ func (v NodeView) DiscoKey() key.DiscoPublic

+ func (v NodeView) Endpoints() views.Slice[string]

+ func (v NodeView) Equal(v2 NodeView) bool

+ func (v NodeView) Hostinfo() HostinfoView

+ func (v NodeView) ID() NodeID

+ func (v NodeView) KeepAlive() bool

+ func (v NodeView) Key() key.NodePublic

+ func (v NodeView) KeyExpiry() time.Time

+ func (v NodeView) LastSeen() *time.Time

+ func (v NodeView) Machine() key.MachinePublic

+ func (v NodeView) MachineAuthorized() bool

+ func (v NodeView) MarshalJSON() ([]byte, error)

+ func (v NodeView) Name() string

+ func (v NodeView) Online() *bool

+ func (v NodeView) PrimaryRoutes() views.IPPrefixSlice

+ func (v NodeView) Sharer() UserID

+ func (v NodeView) StableID() StableNodeID

+ func (v NodeView) Tags() views.Slice[string]

+ func (v NodeView) User() UserID

+ func (v NodeView) Valid() bool

+ type PingType string

+ const PingDisco

+ const PingICMP

+ const PingPeerAPI

+ const PingTSMP

type RegisterResponse

+ func (p *RegisterResponse) View() RegisterResponseView

+ type RegisterResponseView struct

+ func (v *RegisterResponseView) UnmarshalJSON(b []byte) error

+ func (v RegisterResponseView) AsStruct() *RegisterResponse

+ func (v RegisterResponseView) AuthURL() string

+ func (v RegisterResponseView) Error() string

+ func (v RegisterResponseView) Login() Login

+ func (v RegisterResponseView) MachineAuthorized() bool

+ func (v RegisterResponseView) MarshalJSON() ([]byte, error)

+ func (v RegisterResponseView) NodeKeyExpired() bool

+ func (v RegisterResponseView) User() UserView

+ func (v RegisterResponseView) Valid() bool

type User

+ func (p *User) View() UserView

+ type UserView struct

+ func (v *UserView) UnmarshalJSON(b []byte) error

+ func (v UserView) AsStruct() *User

+ func (v UserView) Created() time.Time

+ func (v UserView) DisplayName() string

+ func (v UserView) Domain() string

+ func (v UserView) ID() UserID

+ func (v UserView) LoginName() string

+ func (v UserView) Logins() views.Slice[LoginID]

+ func (v UserView) MarshalJSON() ([]byte, error)

+ func (v UserView) ProfilePicURL() string

+ func (v UserView) Valid() bool

Apr 28, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Apr 27, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Apr 22, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ const CapabilityDebugPeer

+ const CapabilityFileSharingSend

+ type CapGrant struct

+ Caps []string

+ Dsts []netaddr.IPPrefix

+ type CapabilityVersion int

+ const CurrentCapabilityVersion

type Debug

+ DisableLogTail bool

+ OneCGNATRoute opt.Bool

type FilterRule

+ CapGrant []CapGrant

type Hostinfo

+ Desktop opt.Bool

type MapResponse

+ PopBrowserURL string

+ type OverTLSPublicKeyResponse struct

+ LegacyPublicKey key.MachinePublic

+ PublicKey key.MachinePublic

+ type PingResponse struct

+ DERPRegionCode string

+ DERPRegionID int

+ Endpoint string

+ Err string

+ IP string

+ IsLocalIP bool

+ LatencySeconds float64

+ NodeIP string

+ NodeName string

+ PeerAPIPort uint16

+ Type string

type SSHAction

+ AllowAgentForwarding bool

+ AllowLocalPortForwarding bool

+ SessionDuration time.Duration

type SSHPrincipal

+ PubKeys []string

+ type SetDNSResponse struct

+ type TokenRequest struct

+ Audience string

+ CapVersion CapabilityVersion

+ NodeKey key.NodePublic

+ type TokenResponse struct

+ IDToken string

Mar 18, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Mar 9, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Feb 23, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type Hostinfo

+ SSH_HostKeys []string

+ func (hi *Hostinfo) View() HostinfoView

+ type HostinfoView struct

+ func (v *HostinfoView) UnmarshalJSON(b []byte) error

+ func (v HostinfoView) AsStruct() *Hostinfo

+ func (v HostinfoView) BackendLogID() string

+ func (v HostinfoView) DeviceModel() string

+ func (v HostinfoView) Equal(v2 HostinfoView) bool

+ func (v HostinfoView) FrontendLogID() string

+ func (v HostinfoView) GoArch() string

+ func (v HostinfoView) Hostname() string

+ func (v HostinfoView) IPNVersion() string

+ func (v HostinfoView) MarshalJSON() ([]byte, error)

+ func (v HostinfoView) NetInfo() NetInfoView

+ func (v HostinfoView) OS() string

+ func (v HostinfoView) OSVersion() string

+ func (v HostinfoView) Package() string

+ func (v HostinfoView) RequestTags() views.StringSlice

+ func (v HostinfoView) RoutableIPs() views.IPPrefixSlice

+ func (v HostinfoView) SSH_HostKeys() views.StringSlice

+ func (v HostinfoView) Services() ServiceSlice

+ func (v HostinfoView) ShareeNode() bool

+ func (v HostinfoView) ShieldsUp() bool

+ func (v HostinfoView) Valid() bool

type MapResponse

+ ControlTime *time.Time

+ SSHPolicy *SSHPolicy

type NetInfo

+ func (ni *NetInfo) View() NetInfoView

+ type NetInfoView struct

+ func (v NetInfoView) AsStruct() *NetInfo

+ func (v NetInfoView) DERPLatencyForEach(fn func(k string, v float64))

+ func (v NetInfoView) HairPinning() opt.Bool

+ func (v NetInfoView) HavePortMap() bool

+ func (v NetInfoView) LinkType() string

+ func (v NetInfoView) MappingVariesByDestIP() opt.Bool

+ func (v NetInfoView) PCP() opt.Bool

+ func (v NetInfoView) PMP() opt.Bool

+ func (v NetInfoView) PreferredDERP() int

+ func (v NetInfoView) String() string

+ func (v NetInfoView) UPnP() opt.Bool

+ func (v NetInfoView) Valid() bool

+ func (v NetInfoView) WorkingIPv6() opt.Bool

+ func (v NetInfoView) WorkingUDP() opt.Bool

+ type SSHAction struct

+ Accept bool

+ HoldAndDelegate string

+ Message string

+ Reject bool

+ SesssionDuration time.Duration

+ type SSHPolicy struct

+ Rules []*SSHRule

+ type SSHPrincipal struct

+ Any bool

+ Node StableNodeID

+ NodeIP string

+ UserLogin string

+ type SSHRule struct

+ Action *SSHAction

+ Principals []*SSHPrincipal

+ RuleExpires *time.Time

+ SSHUsers map[string]string

+ type ServiceSlice struct

+ func ServiceSliceOf(x []Service) ServiceSlice

+ func (v ServiceSlice) Append(dst []Service) []Service

+ func (v ServiceSlice) AsSlice() []Service

+ func (v ServiceSlice) At(i int) Service

+ func (v ServiceSlice) Len() int

Feb 8, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jan 26, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jan 20, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jan 14, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jan 13, 2022 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ const PeerAPI4

+ const PeerAPI6

+ const PeerAPIDNS

type DNSConfig

+ ExitNodeFilteredSet []string

type Hostinfo

+ func (h *Hostinfo) HowUnequal(h2 *Hostinfo) (path []string)

Dec 16, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Nov 22, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Nov 18, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type Debug

+ Exit *int

type Node

+ Tags []string

type RegisterRequest

+ Ephemeral bool

type RegisterResponse

+ Error string

Oct 29, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Oct 20, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Oct 7, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ const SignatureV2

type MapResponse

+ Health []string

Oct 1, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Sep 30, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Sep 24, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Sep 16, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Sep 10, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Sep 10, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Aug 23, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type Node

+ PrimaryRoutes []netaddr.IPPrefix

type PingRequest

+ IP netaddr.IP

+ Types string

Aug 20, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Aug 4, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Aug 3, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jul 28, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jul 27, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type DERPNode

+ DERPPort int

+ InsecureForTests bool

type Debug

+ DisableUPnP opt.Bool

Jul 16, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jul 2, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jun 24, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type DERPMap

+ OmitDefaultRegions bool

+ func (src *DERPMap) Clone() *DERPMap

type DERPNode

+ func (src *DERPNode) Clone() *DERPNode

type DERPRegion

+ func (src *DERPRegion) Clone() *DERPRegion

type DNSConfig

+ CertDomains []string

+ ExtraRecords []DNSRecord

+ type DNSRecord struct

+ Name string

+ Type string

+ Value string

type Debug

+ RandomizeClientPort bool

type DiscoKey

+ func (k DiscoKey) AppendTo(b []byte) []byte

+ type SetDNSRequest struct

+ Name string

+ NodeKey NodeKey

+ Type string

+ Value string

+ Version int

Jun 22, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jun 7, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

May 27, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

May 21, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

May 20, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

May 10, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

May 10, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

May 6, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

May 6, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ const CapabilityAdmin

+ const CapabilityFileSharing

+ const EndpointLocal

+ const EndpointPortmapped

+ const EndpointSTUN

+ const EndpointSTUN4LocalPort

+ const EndpointUnknownType

+ const SignatureNone

+ const SignatureUnknown

+ const SignatureV1

type DNSConfig

+ FallbackResolvers []DNSResolver

+ Resolvers []DNSResolver

+ Routes map[string][]DNSResolver

+ type DNSResolver struct

+ Addr string

+ BootstrapResolution []netaddr.IP

+ func (src *DNSResolver) Clone() *DNSResolver

type Debug

+ SleepSeconds float64

+ type Endpoint struct

+ Addr netaddr.IPPort

+ Type EndpointType

+ type EndpointType int

+ func (et EndpointType) String() string

type FilterRule

+ IPProto []int

type MapRequest

+ EndpointTypes []EndpointType

type MapResponse

+ OnlineChange map[NodeID]bool

type Node

+ Capabilities []string

+ Online *bool

+ type Oauth2Token struct

+ AccessToken string

+ Expiry time.Time

+ RefreshToken string

+ TokenType string

type RegisterRequest

+ DeviceCert []byte

+ Signature []byte

+ SignatureType SignatureType

+ Timestamp *time.Time

+ type SignatureType int

+ func (st *SignatureType) UnmarshalText(b []byte) error

+ func (st SignatureType) MarshalText() ([]byte, error)

+ func (st SignatureType) String() string

Mar 16, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type DERPRegion

+ Avoid bool

type Debug

+ GoroutineDumpURL string

type MapResponse

+ PingRequest *PingRequest

type NetInfo

+ HavePortMap bool

+ type PingRequest struct

+ Log bool

+ URL string

+ type WhoIsResponse struct

+ Node *Node

+ UserProfile *UserProfile

Mar 13, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Feb 23, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type Hostinfo

+ Package string

Feb 10, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Feb 9, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Feb 2, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jan 28, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jan 27, 2021 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ const CurrentMapRequestVersion

type Hostinfo

+ ShieldsUp bool

+ func (h *Hostinfo) CheckRequestTags() error

type MapResponse

+ CollectServices opt.Bool

+ PeerSeenChange map[NodeID]bool

type Node

+ ComputedName string

+ ComputedNameWithHost string

+ Sharer UserID

+ StableID StableNodeID

+ func (n *Node) DisplayName(forOwner bool) string

+ func (n *Node) DisplayNames(forOwner bool) (name, hostIfDifferent string)

+ func (n *Node) InitDisplayNames(networkMagicDNSSuffix string)

+ type StableID string

+ type StableNodeID StableID

+ func (u StableNodeID) IsZero() bool

Dec 9, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type Hostinfo

+ ShareeNode bool

Nov 19, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Nov 16, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Nov 16, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Nov 13, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Nov 11, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type Debug

+ DisableSubnetsIfPAC opt.Bool

Nov 8, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Nov 5, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Nov 3, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Oct 30, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ func CheckTagSuffix(tag string) error

+ func Clone(dst, src interface{}) bool

type Capability

+ func (src *Capability) Clone() *Capability

type DERPRegion

+ RegionName string

type DNSConfig

+ func (src *DNSConfig) Clone() *DNSConfig

type Debug

+ DERPRoute opt.Bool

+ TrimWGConfig opt.Bool

type Group

+ func (src *Group) Clone() *Group

type GroupID

+ func (u GroupID) IsZero() bool

type Login

+ func (src *Login) Clone() *Login

type LoginID

+ func (u LoginID) IsZero() bool

type MachineKey

+ func (k MachineKey) HexString() string

+ func (k MachineKey) IsZero() bool

type MapRequest

+ DebugFlags []string

+ OmitPeers bool

+ ReadOnly bool

type MapResponse

+ PeersChanged []*Node

+ PeersRemoved []NodeID

type NodeID

+ func (u NodeID) IsZero() bool

type RegisterResponse

+ func (src *RegisterResponse) Clone() *RegisterResponse

type Role

+ func (src *Role) Clone() *Role

type RoleID

+ func (u RoleID) IsZero() bool

type UserID

+ func (u UserID) IsZero() bool

Jul 30, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Aug 11, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Aug 7, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Aug 3, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Aug 1, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Aug 1, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ type DNSConfig struct

+ Domains []string

+ Nameservers []netaddr.IP

+ PerDomain bool

+ Proxied bool

type MapResponse

+ DNSConfig DNSConfig

Jul 30, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type DERPNode

+ STUNTestIP string

type Hostinfo

+ DeviceModel string

+ GoArch string

+ OSVersion string

type NetInfo

+ PCP opt.Bool

+ PMP opt.Bool

+ UPnP opt.Bool

Jul 3, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type Debug

+ ForceBackgroundSTUN bool

+ LogHeapURL string

+ type DiscoKey [32]byte

+ func (k *DiscoKey) UnmarshalText(text []byte) error

+ func (k DiscoKey) IsZero() bool

+ func (k DiscoKey) MarshalText() ([]byte, error)

+ func (k DiscoKey) ShortString() string

+ func (k DiscoKey) String() string

type MapRequest

+ DebugForceDisco bool

+ DiscoKey DiscoKey

type Node

+ DiscoKey DiscoKey

Jul 18, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jul 16, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jun 4, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jun 3, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Jun 3, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ var FilterAllowAll = []FilterRule

+ var PortRangeAny = PortRange

+ func CheckTag(tag string) error

+ type DERPMap struct

+ Regions map[int]*DERPRegion

+ func (m *DERPMap) RegionIDs() []int

+ type DERPNode struct

+ CertName string

+ DERPTestPort int

+ HostName string

+ IPv4 string

+ IPv6 string

+ Name string

+ RegionID int

+ STUNOnly bool

+ STUNPort int

+ type DERPRegion struct

+ Nodes []*DERPNode

+ RegionCode string

+ RegionID int

+ type Debug struct

+ LogHeapPprof bool

+ type FilterRule struct

+ DstPorts []NetPortRange

+ SrcBits []int

+ SrcIPs []string

type Hostinfo

+ RequestTags []string

type MapResponse

+ DERPMap *DERPMap

+ Debug *Debug

+ type NetPortRange struct

+ Bits *int

+ IP string

+ Ports PortRange

+ type PortRange struct

+ First uint16

+ Last uint16

Apr 21, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

type MapRequest

+ IncludeIPv6 bool

type NodeKey

+ func (k NodeKey) ShortString() string

Mar 17, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Mar 17, 2020 GO-2022-1119 +1 more

  GO-2022-1119: Tailscale daemon is vulnerable to information disclosure via CSRF in tailscale.com

  GO-2022-1120: Tailscale Windows daemon is vulnerable to RCE via CSRF in tailscale.com

Changes in this version

+ const CapRead

+ const CapWrite

+ const MachineAuthorized

+ const MachineInvalid

+ const MachineUnauthorized

+ const MachineUnknown

+ const TCP

+ const UDP

+ type CapType string

+ type Capability struct

+ ID CapabilityID

+ Type CapType

+ Val ID

+ type CapabilityID ID

+ func (id CapabilityID) String() string

+ type Group struct

+ ID GroupID

+ Members []ID

+ Name string

+ type GroupID ID

+ func (id GroupID) String() string

+ type Hostinfo struct

+ BackendLogID string

+ FrontendLogID string

+ Hostname string

+ IPNVersion string

+ NetInfo *NetInfo

+ OS string

+ RoutableIPs []wgcfg.CIDR

+ Services []Service

+ func (h *Hostinfo) Clone() (res *Hostinfo)

+ func (h *Hostinfo) Equal(h2 *Hostinfo) bool

+ type ID int64

+ func (id ID) String() string

+ type Login struct

+ DisplayName string

+ Domain string

+ ID LoginID

+ LoginName string

+ ProfilePicURL string

+ Provider string

+ type LoginID ID

+ func (id LoginID) String() string

+ type MachineKey [32]byte

+ func (k *MachineKey) UnmarshalText(text []byte) error

+ func (k MachineKey) MarshalText() ([]byte, error)

+ func (k MachineKey) String() string

+ type MachineStatus int

+ func (m *MachineStatus) UnmarshalText(b []byte) error

+ func (m MachineStatus) MarshalText() ([]byte, error)

+ func (m MachineStatus) String() string

+ type MapRequest struct

+ Compress string

+ Endpoints []string

+ Hostinfo *Hostinfo

+ KeepAlive bool

+ NodeKey NodeKey

+ Stream bool

+ Version int

+ type MapResponse struct

+ DNS []wgcfg.IP

+ Domain string

+ KeepAlive bool

+ Node Node

+ PacketFilter filter.Matches

+ Peers []Node

+ Roles []Role

+ SearchPaths []string

+ UserProfiles []UserProfile

+ type NetInfo struct

+ DERPLatency map[string]float64

+ HairPinning opt.Bool

+ LinkType string

+ MappingVariesByDestIP opt.Bool

+ PreferredDERP int

+ WorkingIPv6 opt.Bool

+ WorkingUDP opt.Bool

+ func (ni *NetInfo) BasicallyEqual(ni2 *NetInfo) bool

+ func (ni *NetInfo) Clone() (res *NetInfo)

+ func (ni *NetInfo) String() string

+ type Node struct

+ Addresses []wgcfg.CIDR

+ AllowedIPs []wgcfg.CIDR

+ Created time.Time

+ DERP string

+ Endpoints []string

+ Hostinfo Hostinfo

+ ID NodeID

+ KeepAlive bool

+ Key NodeKey

+ KeyExpiry time.Time

+ LastSeen *time.Time

+ Machine MachineKey

+ MachineAuthorized bool

+ Name string

+ User UserID

+ func (n *Node) Clone() (res *Node)

+ func (n *Node) Equal(n2 *Node) bool

+ type NodeID ID

+ func (id NodeID) String() string

+ type NodeKey [32]byte

+ func (k *NodeKey) IsZero() bool

+ func (k *NodeKey) UnmarshalText(text []byte) error

+ func (k NodeKey) AbbrevString() string

+ func (k NodeKey) MarshalText() ([]byte, error)

+ func (k NodeKey) String() string

+ type RegisterRequest struct

+ Auth struct{ ... }

+ Expiry time.Time

+ Followup string

+ Hostinfo *Hostinfo

+ NodeKey NodeKey

+ OldNodeKey NodeKey

+ Version int

+ func (req *RegisterRequest) Clone() *RegisterRequest

+ type RegisterResponse struct

+ AuthURL string

+ Login Login

+ MachineAuthorized bool

+ NodeKeyExpired bool

+ User User

+ type Role struct

+ Capabilities []CapabilityID

+ ID RoleID

+ Name string

+ type RoleID ID

+ func (id RoleID) String() string

+ type Service struct

+ Description string

+ Port uint16

+ Proto ServiceProto

+ type ServiceProto string

+ type User struct

+ Created time.Time

+ DisplayName string

+ Domain string

+ ID UserID

+ LoginName string

+ Logins []LoginID

+ ProfilePicURL string

+ Roles []RoleID

+ func (u *User) Clone() *User

+ type UserID ID

+ func (id UserID) String() string

+ type UserProfile struct

+ DisplayName string

+ ID UserID

+ LoginName string

+ ProfilePicURL string

+ Roles []RoleID