Documentation ¶
Overview ¶
Package ipnlocal is the heart of the Tailscale node agent that controls all the other misc pieces of the Tailscale node.
Index ¶
- Constants
- Variables
- func ReadStartupPrefsForTest(logf logger.Logf, store ipn.StateStore) (ipn.PrefsView, error)
- func RegisterNewSSHServer(fn newSSHServerFunc)
- type LocalBackend
- func (b *LocalBackend) AdvertiseRoute(ipps ...netip.Prefix) error
- func (b *LocalBackend) AwaitWaitingFiles(ctx context.Context) ([]apitype.WaitingFile, error)
- func (b *LocalBackend) CanSupportNetworkLock() error
- func (b *LocalBackend) CheckIPForwarding() error
- func (b *LocalBackend) CheckIPNConnectionAllowed(actor ipnauth.Actor) error
- func (b *LocalBackend) CheckPrefs(p *ipn.Prefs) error
- func (b *LocalBackend) CheckUDPGROForwarding() error
- func (b *LocalBackend) ConfigureWebClient(lc *tailscale.LocalClient)
- func (b *LocalBackend) ControlKnobs() *controlknobs.Knobs
- func (b *LocalBackend) ControlNow(localNow time.Time) time.Time
- func (b *LocalBackend) CurrentProfile() ipn.LoginProfile
- func (b *LocalBackend) DERPMap() *tailcfg.DERPMap
- func (b *LocalBackend) DebugBreakDERPConns() error
- func (b *LocalBackend) DebugBreakTCPConns() error
- func (b *LocalBackend) DebugForceNetmapUpdate()
- func (b *LocalBackend) DebugForcePreferDERP(n int)
- func (b *LocalBackend) DebugNotify(n ipn.Notify)
- func (b *LocalBackend) DebugNotifyLastNetMap()
- func (b *LocalBackend) DebugPickNewDERP() error
- func (b *LocalBackend) DebugReSTUN() error
- func (b *LocalBackend) DebugRebind() error
- func (b *LocalBackend) DeleteFile(name string) error
- func (b *LocalBackend) DeleteForegroundSession(sessionID string) error
- func (b *LocalBackend) DeleteProfile(p ipn.ProfileID) error
- func (b *LocalBackend) Dialer() *tsdial.Dialer
- func (b *LocalBackend) DisablePortMapperForTest()
- func (b *LocalBackend) DisconnectControl()
- func (b *LocalBackend) DoNoiseRequest(req *http.Request) (*http.Response, error)
- func (b *LocalBackend) DoSelfUpdate()
- func (b *LocalBackend) Doctor(ctx context.Context, logf logger.Logf)
- func (b *LocalBackend) DriveAccessEnabled() bool
- func (b *LocalBackend) DriveGetShares() views.SliceView[*drive.Share, drive.ShareView]
- func (b *LocalBackend) DriveRemoveShare(name string) error
- func (b *LocalBackend) DriveRenameShare(oldName, newName string) error
- func (b *LocalBackend) DriveSetServerAddr(addr string) error
- func (b *LocalBackend) DriveSetShare(share *drive.Share) error
- func (b *LocalBackend) DriveSharingEnabled() bool
- func (b *LocalBackend) EditPrefs(mp *ipn.MaskedPrefs) (ipn.PrefsView, error)
- func (b *LocalBackend) FileTargets() ([]*apitype.FileTarget, error)
- func (b *LocalBackend) GetCertPEM(ctx context.Context, domain string) (*TLSCertKeyPair, error)
- func (b *LocalBackend) GetCertPEMWithValidity(ctx context.Context, domain string, minValidity time.Duration) (*TLSCertKeyPair, error)
- func (b *LocalBackend) GetComponentDebugLogging(component string) time.Time
- func (b *LocalBackend) GetDNSOSConfig() (dns.OSConfig, error)
- func (b *LocalBackend) GetPeerAPIPort(ip netip.Addr) (port uint16, ok bool)
- func (b *LocalBackend) GetPeerEndpointChanges(ctx context.Context, ip netip.Addr) ([]magicsock.EndpointChange, error)
- func (b *LocalBackend) GetPushDeviceToken() string
- func (b *LocalBackend) GetSSH_HostKeys() (keys []ssh.Signer, err error)
- func (b *LocalBackend) GetSelfUpdateProgress() []ipnstate.UpdateProgress
- func (b *LocalBackend) HandleIngressTCPConn(ingressPeer tailcfg.NodeView, target ipn.HostPort, srcAddr netip.AddrPort, ...)
- func (b *LocalBackend) HandleQuad100Port80Conn(c net.Conn) error
- func (b *LocalBackend) HealthTracker() *health.Tracker
- func (b *LocalBackend) InServerMode() bool
- func (b *LocalBackend) KeyProvingNoiseRoundTripper() http.RoundTripper
- func (b *LocalBackend) ListProfiles() []ipn.LoginProfile
- func (b *LocalBackend) Logout(ctx context.Context) error
- func (b *LocalBackend) MagicConn() *magicsock.Conn
- func (b *LocalBackend) MaybeClearAppConnector(mp *ipn.MaskedPrefs) error
- func (b *LocalBackend) NetMap() *netmap.NetworkMap
- func (b *LocalBackend) NetMon() *netmon.Monitor
- func (b *LocalBackend) NetworkLockAffectedSigs(keyID tkatype.KeyID) ([]tkatype.MarshaledSignature, error)
- func (b *LocalBackend) NetworkLockCosignRecoveryAUM(aum *tka.AUM) (*tka.AUM, error)
- func (b *LocalBackend) NetworkLockDisable(secret []byte) error
- func (b *LocalBackend) NetworkLockForceLocalDisable() error
- func (b *LocalBackend) NetworkLockGenerateRecoveryAUM(removeKeys []tkatype.KeyID, forkFrom tka.AUMHash) (*tka.AUM, error)
- func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byte, supportDisablement []byte) error
- func (b *LocalBackend) NetworkLockKeyTrustedForTest(keyID tkatype.KeyID) bool
- func (b *LocalBackend) NetworkLockLog(maxEntries int) ([]ipnstate.NetworkLockUpdate, error)
- func (b *LocalBackend) NetworkLockModify(addKeys, removeKeys []tka.Key) (err error)
- func (b *LocalBackend) NetworkLockSign(nodeKey key.NodePublic, rotationPublic []byte) error
- func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus
- func (b *LocalBackend) NetworkLockSubmitRecoveryAUM(aum *tka.AUM) error
- func (b *LocalBackend) NetworkLockVerifySignatureForTest(nks tkatype.MarshaledSignature, nodeKey key.NodePublic) error
- func (b *LocalBackend) NetworkLockVerifySigningDeeplink(url string) tka.DeeplinkValidationResult
- func (b *LocalBackend) NetworkLockWrapPreauthKey(preauthKey string, tkaKey key.NLPrivate) (string, error)
- func (b *LocalBackend) NewProfile() error
- func (b *LocalBackend) NodeKey() key.NodePublic
- func (b *LocalBackend) NodeViewByIDForTest(id tailcfg.NodeID) (_ tailcfg.NodeView, ok bool)
- func (b *LocalBackend) ObserveDNSResponse(res []byte)
- func (b *LocalBackend) OfferingAppConnector() bool
- func (b *LocalBackend) OfferingExitNode() bool
- func (b *LocalBackend) OpenFile(name string) (rc io.ReadCloser, size int64, err error)
- func (b *LocalBackend) OperatorUserID() string
- func (b *LocalBackend) PeerCaps(src netip.Addr) tailcfg.PeerCapMap
- func (b *LocalBackend) PeersForTest() []tailcfg.NodeView
- func (b *LocalBackend) Ping(ctx context.Context, ip netip.Addr, pingType tailcfg.PingType, size int) (*ipnstate.PingResult, error)
- func (b *LocalBackend) Prefs() ipn.PrefsView
- func (b *LocalBackend) QueryDNS(name string, queryType dnsmessage.Type) (res []byte, resolvers []*dnstype.Resolver, err error)
- func (b *LocalBackend) ReloadConfig() (ok bool, err error)
- func (b *LocalBackend) ResetAuth() error
- func (b *LocalBackend) ResetForClientDisconnect()
- func (b *LocalBackend) ServeConfig() ipn.ServeConfigView
- func (b *LocalBackend) SetComponentDebugLogging(component string, until time.Time) error
- func (b *LocalBackend) SetControlClientGetterForTesting(newControlClient func(controlclient.Options) (controlclient.Client, error))
- func (b *LocalBackend) SetControlClientStatus(c controlclient.Client, st controlclient.Status)
- func (b *LocalBackend) SetCurrentUser(actor ipnauth.Actor) (ipn.WindowsUserID, error)
- func (b *LocalBackend) SetDNS(ctx context.Context, name, value string) error
- func (b *LocalBackend) SetDevStateStore(key, value string) error
- func (b *LocalBackend) SetDirectFileRoot(dir string)
- func (b *LocalBackend) SetExpirySooner(ctx context.Context, expiry time.Time) error
- func (b *LocalBackend) SetHTTPTestClient(c *http.Client)
- func (b *LocalBackend) SetLogFlusher(flushFunc func())
- func (b *LocalBackend) SetNotifyCallback(notify func(ipn.Notify))
- func (b *LocalBackend) SetPushDeviceToken(tk string)
- func (b *LocalBackend) SetServeConfig(config *ipn.ServeConfig, etag string) error
- func (b *LocalBackend) SetTCPHandlerForFunnelFlow(h func(src netip.AddrPort, dstPort uint16) (handler func(net.Conn)))
- func (b *LocalBackend) SetUDPGROForwarding() error
- func (b *LocalBackend) SetUseExitNodeEnabled(v bool) (ipn.PrefsView, error)
- func (b *LocalBackend) SetVarRoot(dir string)
- func (b *LocalBackend) ShouldExposeRemoteWebClient() bool
- func (b *LocalBackend) ShouldHandleViaIP(ip netip.Addr) bool
- func (b *LocalBackend) ShouldInterceptTCPPort(port uint16) bool
- func (b *LocalBackend) ShouldRunSSH() bool
- func (b *LocalBackend) ShouldRunWebClient() bool
- func (b *LocalBackend) Shutdown()
- func (b *LocalBackend) Start(opts ipn.Options) error
- func (b *LocalBackend) StartLoginInteractive(ctx context.Context) error
- func (b *LocalBackend) StartLoginInteractiveAs(ctx context.Context, user ipnauth.Actor) error
- func (b *LocalBackend) State() ipn.State
- func (b *LocalBackend) Status() *ipnstate.Status
- func (b *LocalBackend) StatusWithoutPeers() *ipnstate.Status
- func (b *LocalBackend) StreamDebugCapture(ctx context.Context, w io.Writer) error
- func (b *LocalBackend) SuggestExitNode() (response apitype.ExitNodeSuggestionResponse, err error)
- func (b *LocalBackend) SwitchProfile(profile ipn.ProfileID) error
- func (b *LocalBackend) TCPHandlerForDst(src, dst netip.AddrPort) (handler func(c net.Conn) error, opts []tcpip.SettableSocketOption)
- func (b *LocalBackend) TailscaleVarRoot() string
- func (b *LocalBackend) TestOnlyPublicKeys() (machineKey key.MachinePublic, nodeKey key.NodePublic)
- func (b *LocalBackend) TryFlushLogs() bool
- func (b *LocalBackend) UnadvertiseRoute(toRemove ...netip.Prefix) error
- func (b *LocalBackend) UpdateNetmapDelta(muts []netmap.NodeMutation) (handled bool)
- func (b *LocalBackend) UpdateOutgoingFiles(updates map[string]*ipn.OutgoingFile)
- func (b *LocalBackend) UpdateStatus(sb *ipnstate.StatusBuilder)
- func (b *LocalBackend) UserMetricsRegistry() *usermetric.Registry
- func (b *LocalBackend) VIPServices() []*tailcfg.VIPService
- func (b *LocalBackend) WaitingFiles() ([]apitype.WaitingFile, error)
- func (b *LocalBackend) WatchNotifications(ctx context.Context, mask ipn.NotifyWatchOpt, onWatchAdded func(), ...)
- func (b *LocalBackend) WatchNotificationsAs(ctx context.Context, actor ipnauth.Actor, mask ipn.NotifyWatchOpt, ...)
- func (b *LocalBackend) WhoIs(proto string, ipp netip.AddrPort) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool)
- func (b *LocalBackend) WhoIsNodeKey(k key.NodePublic) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool)
- type SSHServer
- type TLSCertKeyPair
Constants ¶
const ( // DriveLocalPort is the port on which the Taildrive listens for location // connections on quad 100. DriveLocalPort = 8080 )
Variables ¶
var ErrDisallowedAutoRoute = errors.New("route is not allowed")
ErrDisallowedAutoRoute is returned by AdvertiseRoute when a route that is not allowed is requested.
var ErrETagMismatch = errors.New("etag mismatch")
ErrETagMismatch signals that the given If-Match header does not match with the current etag of a resource.
var ErrNoPreferredDERP = errors.New("no preferred DERP, try again later")
Functions ¶
func ReadStartupPrefsForTest ¶ added in v1.34.0
ReadStartupPrefsForTest reads the startup prefs from disk. It is only used for testing.
func RegisterNewSSHServer ¶ added in v1.24.0
func RegisterNewSSHServer(fn newSSHServerFunc)
RegisterNewSSHServer lets the conditionally linked ssh/tailssh package register itself.
Types ¶
type LocalBackend ¶
type LocalBackend struct {
// contains filtered or unexported fields
}
LocalBackend is the glue between the major pieces of the Tailscale network software: the cloud control plane (via controlclient), the network data plane (via wgengine), and the user-facing UIs and CLIs (collectively called "frontends", via LocalBackend's implementation of the Backend interface).
LocalBackend implements the overall state machine for the Tailscale application. Frontends, controlclient and wgengine can feed events into LocalBackend to advance the state machine, and advancing the state machine generates events back out to zero or more components.
func NewLocalBackend ¶
func NewLocalBackend(logf logger.Logf, logID logid.PublicID, sys *tsd.System, loginFlags controlclient.LoginFlags) (_ *LocalBackend, err error)
NewLocalBackend returns a new LocalBackend that is ready to run, but is not actually running.
If dialer is nil, a new one is made.
func (*LocalBackend) AdvertiseRoute ¶ added in v1.54.0
func (b *LocalBackend) AdvertiseRoute(ipps ...netip.Prefix) error
AdvertiseRoute implements the appc.RouteAdvertiser interface. It sets a new route advertisement if one is not already present in the existing routes. If the route is disallowed, ErrDisallowedAutoRoute is returned.
func (*LocalBackend) AwaitWaitingFiles ¶ added in v1.34.0
func (b *LocalBackend) AwaitWaitingFiles(ctx context.Context) ([]apitype.WaitingFile, error)
AwaitWaitingFiles is like WaitingFiles but blocks while ctx is not done, waiting for any files to be available.
On return, exactly one of the results will be non-empty or non-nil, respectively.
func (*LocalBackend) CanSupportNetworkLock ¶ added in v1.30.0
func (b *LocalBackend) CanSupportNetworkLock() error
CanSupportNetworkLock returns nil if tailscaled is able to operate a local tailnet key authority (and hence enforce network lock).
func (*LocalBackend) CheckIPForwarding ¶ added in v1.8.0
func (b *LocalBackend) CheckIPForwarding() error
func (*LocalBackend) CheckIPNConnectionAllowed ¶ added in v1.34.0
func (b *LocalBackend) CheckIPNConnectionAllowed(actor ipnauth.Actor) error
CheckIPNConnectionAllowed returns an error if the specified actor should not be allowed to connect or make requests to the LocalAPI currently.
Currently (as of 2024-08-26), this is only used on Windows. We plan to remove it as part of the multi-user and unattended mode improvements as we progress on tailscale/corp#18342.
func (*LocalBackend) CheckPrefs ¶ added in v1.24.0
func (b *LocalBackend) CheckPrefs(p *ipn.Prefs) error
func (*LocalBackend) CheckUDPGROForwarding ¶ added in v1.54.0
func (b *LocalBackend) CheckUDPGROForwarding() error
CheckUDPGROForwarding checks if the machine is optimally configured to forward UDP packets between the default route and Tailscale TUN interfaces. It returns an error if the check fails or if suboptimal configuration is detected. No error is returned if we are unable to gather the interface names from the relevant subsystems.
func (*LocalBackend) ConfigureWebClient ¶ added in v1.56.0
func (b *LocalBackend) ConfigureWebClient(lc *tailscale.LocalClient)
ConfigureWebClient configures b.web prior to use. Specifially, it sets b.web.lc to the provided LocalClient. If provided as nil, b.web.lc is cleared out.
func (*LocalBackend) ControlKnobs ¶ added in v1.50.0
func (b *LocalBackend) ControlKnobs() *controlknobs.Knobs
ControlKnobs returns the node's control knobs.
func (*LocalBackend) ControlNow ¶ added in v1.56.0
func (b *LocalBackend) ControlNow(localNow time.Time) time.Time
ControlNow estimates the current time on the control server, calculated as localNow + the delta between local and control server clocks as recorded when the LocalBackend last received a time message from the control server.
func (*LocalBackend) CurrentProfile ¶ added in v1.34.0
func (b *LocalBackend) CurrentProfile() ipn.LoginProfile
CurrentProfile returns the current LoginProfile. The value may be zero if the profile is not persisted.
func (*LocalBackend) DERPMap ¶ added in v1.12.0
func (b *LocalBackend) DERPMap() *tailcfg.DERPMap
DERPMap returns the current DERPMap in use, or nil if not connected.
func (*LocalBackend) DebugBreakDERPConns ¶ added in v1.48.0
func (b *LocalBackend) DebugBreakDERPConns() error
func (*LocalBackend) DebugBreakTCPConns ¶ added in v1.48.0
func (b *LocalBackend) DebugBreakTCPConns() error
func (*LocalBackend) DebugForceNetmapUpdate ¶ added in v1.50.0
func (b *LocalBackend) DebugForceNetmapUpdate()
DebugForceNetmapUpdate forces a full no-op netmap update of the current netmap in all the various subsystems (wireguard, magicsock, LocalBackend).
It exists for load testing reasons (for issue 1909), doing what would happen if a new MapResponse came in from the control server that couldn't be handled incrementally.
func (*LocalBackend) DebugForcePreferDERP ¶ added in v1.78.0
func (b *LocalBackend) DebugForcePreferDERP(n int)
DebugForcePreferDERP forwards to netcheck.DebugForcePreferDERP. See its docs.
func (*LocalBackend) DebugNotify ¶ added in v1.34.0
func (b *LocalBackend) DebugNotify(n ipn.Notify)
DebugNotify injects a fake notify message to clients.
It should only be used via the LocalAPI's debug handler.
func (*LocalBackend) DebugNotifyLastNetMap ¶ added in v1.62.0
func (b *LocalBackend) DebugNotifyLastNetMap()
DebugNotifyLastNetMap injects a fake notify message to clients, repeating whatever the last netmap was.
It should only be used via the LocalAPI's debug handler.
func (*LocalBackend) DebugPickNewDERP ¶ added in v1.52.0
func (b *LocalBackend) DebugPickNewDERP() error
DebugPickNewDERP forwards to magicsock.Conn.DebugPickNewDERP. See its docs.
func (*LocalBackend) DebugReSTUN ¶ added in v1.20.0
func (b *LocalBackend) DebugReSTUN() error
func (*LocalBackend) DebugRebind ¶ added in v1.20.0
func (b *LocalBackend) DebugRebind() error
func (*LocalBackend) DeleteFile ¶ added in v1.8.0
func (b *LocalBackend) DeleteFile(name string) error
func (*LocalBackend) DeleteForegroundSession ¶ added in v1.50.0
func (b *LocalBackend) DeleteForegroundSession(sessionID string) error
DeleteForegroundSession deletes a ServeConfig's foreground session in the LocalBackend if it exists. It also ensures check, delete, and set operations happen within the same mutex lock to avoid any races.
func (*LocalBackend) DeleteProfile ¶ added in v1.34.0
func (b *LocalBackend) DeleteProfile(p ipn.ProfileID) error
DeleteProfile deletes a profile with the given ID. If the profile is not known, it is a no-op.
func (*LocalBackend) Dialer ¶ added in v1.20.0
func (b *LocalBackend) Dialer() *tsdial.Dialer
Dialer returns the backend's dialer. It is always non-nil.
func (*LocalBackend) DisablePortMapperForTest ¶ added in v1.66.0
func (b *LocalBackend) DisablePortMapperForTest()
DisablePortMapperForTest disables the portmapper for tests. It must be called before Start.
func (*LocalBackend) DisconnectControl ¶ added in v1.78.0
func (b *LocalBackend) DisconnectControl()
DisconnectControl shuts down control client. This can be run before node shutdown to force control to consider this ndoe inactive. This can be used to ensure that nodes that are HA subnet router or app connector replicas are shutting down, clients switch over to other replicas whilst the existing connections are kept alive for some period of time.
func (*LocalBackend) DoNoiseRequest ¶ added in v1.24.0
DoNoiseRequest sends a request to URL over the control plane Noise connection.
func (*LocalBackend) DoSelfUpdate ¶ added in v1.54.0
func (b *LocalBackend) DoSelfUpdate()
func (*LocalBackend) Doctor ¶ added in v1.32.0
func (b *LocalBackend) Doctor(ctx context.Context, logf logger.Logf)
func (*LocalBackend) DriveAccessEnabled ¶ added in v1.64.0
func (b *LocalBackend) DriveAccessEnabled() bool
DriveAccessEnabled reports whether accessing Taildrive shares on remote nodes is enabled. This is currently based on checking for the drive:access node attribute.
func (*LocalBackend) DriveGetShares ¶ added in v1.64.0
DriveGetShares gets the current list of Taildrive shares, sorted by name.
func (*LocalBackend) DriveRemoveShare ¶ added in v1.64.0
func (b *LocalBackend) DriveRemoveShare(name string) error
DriveRemoveShare removes the named share. Share names are forced to lowercase.
func (*LocalBackend) DriveRenameShare ¶ added in v1.64.0
func (b *LocalBackend) DriveRenameShare(oldName, newName string) error
DriveRenameShare renames the share at old name to new name. To avoid potential incompatibilities across file systems, the new share name is limited to alphanumeric characters and the underscore _. Any of the following will result in an error. - no share found under old name - new share name contains disallowed characters - share already exists under new name
func (*LocalBackend) DriveSetServerAddr ¶ added in v1.64.0
func (b *LocalBackend) DriveSetServerAddr(addr string) error
DriveSetServerAddr tells Taildrive to use the given address for connecting to the drive.FileServer that's exposing local files as an unprivileged user.
func (*LocalBackend) DriveSetShare ¶ added in v1.64.0
func (b *LocalBackend) DriveSetShare(share *drive.Share) error
DriveSetShare adds the given share if no share with that name exists, or replaces the existing share if one with the same name already exists. To avoid potential incompatibilities across file systems, share names are limited to alphanumeric characters and the underscore _.
func (*LocalBackend) DriveSharingEnabled ¶ added in v1.64.0
func (b *LocalBackend) DriveSharingEnabled() bool
DriveSharingEnabled reports whether sharing to remote nodes via Taildrive is enabled. This is currently based on checking for the drive:share node attribute.
func (*LocalBackend) EditPrefs ¶ added in v1.8.0
func (b *LocalBackend) EditPrefs(mp *ipn.MaskedPrefs) (ipn.PrefsView, error)
func (*LocalBackend) FileTargets ¶ added in v1.8.0
func (b *LocalBackend) FileTargets() ([]*apitype.FileTarget, error)
FileTargets lists nodes that the current node can send files to.
func (*LocalBackend) GetCertPEM ¶ added in v1.34.0
func (b *LocalBackend) GetCertPEM(ctx context.Context, domain string) (*TLSCertKeyPair, error)
GetCertPEM gets the TLSCertKeyPair for domain, either from cache or via the ACME process. ACME process is used for new domain certs, existing expired certs or existing certs that should get renewed due to upcoming expiry.
If a cert is expired, it will be renewed synchronously otherwise it will be renewed asynchronously.
func (*LocalBackend) GetCertPEMWithValidity ¶ added in v1.72.0
func (b *LocalBackend) GetCertPEMWithValidity(ctx context.Context, domain string, minValidity time.Duration) (*TLSCertKeyPair, error)
GetCertPEMWithValidity gets the TLSCertKeyPair for domain, either from cache or via the ACME process. ACME process is used for new domain certs, existing expired certs or existing certs that should get renewed sooner than minValidity.
If a cert is expired, or expires sooner than minValidity, it will be renewed synchronously. Otherwise it will be renewed asynchronously.
func (*LocalBackend) GetComponentDebugLogging ¶ added in v1.32.1
func (b *LocalBackend) GetComponentDebugLogging(component string) time.Time
GetComponentDebugLogging gets the time that component's debug logging is enabled until, or the zero time if component's time is not currently enabled.
func (*LocalBackend) GetDNSOSConfig ¶ added in v1.74.0
func (b *LocalBackend) GetDNSOSConfig() (dns.OSConfig, error)
GetDNSOSConfig returns the base OS DNS configuration, as seen by the DNS manager.
func (*LocalBackend) GetPeerAPIPort ¶ added in v1.20.4
func (b *LocalBackend) GetPeerAPIPort(ip netip.Addr) (port uint16, ok bool)
GetPeerAPIPort returns the port number for the peerapi server running on the provided IP.
func (*LocalBackend) GetPeerEndpointChanges ¶ added in v1.38.0
func (b *LocalBackend) GetPeerEndpointChanges(ctx context.Context, ip netip.Addr) ([]magicsock.EndpointChange, error)
func (*LocalBackend) GetPushDeviceToken ¶ added in v1.52.0
func (b *LocalBackend) GetPushDeviceToken() string
GetPushDeviceToken returns the push notification device token.
func (*LocalBackend) GetSSH_HostKeys ¶ added in v1.22.0
func (b *LocalBackend) GetSSH_HostKeys() (keys []ssh.Signer, err error)
func (*LocalBackend) GetSelfUpdateProgress ¶ added in v1.54.0
func (b *LocalBackend) GetSelfUpdateProgress() []ipnstate.UpdateProgress
func (*LocalBackend) HandleIngressTCPConn ¶ added in v1.34.0
func (b *LocalBackend) HandleIngressTCPConn(ingressPeer tailcfg.NodeView, target ipn.HostPort, srcAddr netip.AddrPort, getConnOrReset func() (net.Conn, bool), sendRST func())
HandleIngressTCPConn handles a TCP connection initiated by the ingressPeer proxied to the local node over the PeerAPI. Target represents the destination HostPort of the conn. srcAddr represents the source AddrPort and not that of the ingressPeer. getConnOrReset is a callback to get the connection, or reset if the connection is no longer available. sendRST is a callback to send a TCP RST to the ingressPeer indicating that the connection was not accepted.
func (*LocalBackend) HandleQuad100Port80Conn ¶ added in v1.26.0
func (b *LocalBackend) HandleQuad100Port80Conn(c net.Conn) error
HandleQuad100Port80Conn serves http://100.100.100.100/ on port 80 (and the equivalent tsaddr.TailscaleServiceIPv6 address).
func (*LocalBackend) HealthTracker ¶ added in v1.66.0
func (b *LocalBackend) HealthTracker() *health.Tracker
HealthTracker returns the health tracker for the backend.
func (*LocalBackend) InServerMode ¶
func (b *LocalBackend) InServerMode() bool
InServerMode reports whether the Tailscale backend is explicitly running in "server mode" where it continues to run despite whatever the platform's default is. In practice, this is only used on Windows, where the default tailscaled behavior is to shut down whenever the GUI disconnects.
On non-Windows platforms, this usually returns false (because people don't set unattended mode on other platforms) and also isn't checked on other platforms.
TODO(bradfitz): rename to InWindowsUnattendedMode or something? Or make this return true on Linux etc and always be called? It's kinda messy now.
func (*LocalBackend) KeyProvingNoiseRoundTripper ¶ added in v1.34.0
func (b *LocalBackend) KeyProvingNoiseRoundTripper() http.RoundTripper
KeyProvingNoiseRoundTripper returns an http.RoundTripper that uses the LocalBackend's DoNoiseRequest method and mutates the request to add an authorization header to prove the client's nodekey.
func (*LocalBackend) ListProfiles ¶ added in v1.34.0
func (b *LocalBackend) ListProfiles() []ipn.LoginProfile
ListProfiles returns a list of all LoginProfiles.
func (*LocalBackend) Logout ¶
func (b *LocalBackend) Logout(ctx context.Context) error
Logout logs out the current profile, if any, and waits for the logout to complete.
func (*LocalBackend) MagicConn ¶ added in v1.56.0
func (b *LocalBackend) MagicConn() *magicsock.Conn
MagicConn returns the backend's *magicsock.Conn.
func (*LocalBackend) MaybeClearAppConnector ¶ added in v1.66.0
func (b *LocalBackend) MaybeClearAppConnector(mp *ipn.MaskedPrefs) error
MaybeClearAppConnector clears the routes from any AppConnector if AdvertiseRoutes has been set in the MaskedPrefs.
func (*LocalBackend) NetMap ¶
func (b *LocalBackend) NetMap() *netmap.NetworkMap
NetMap returns the latest cached network map received from controlclient, or nil if no network map was received yet.
func (*LocalBackend) NetMon ¶ added in v1.66.0
func (b *LocalBackend) NetMon() *netmon.Monitor
NetMon returns the network monitor for the backend.
func (*LocalBackend) NetworkLockAffectedSigs ¶ added in v1.38.0
func (b *LocalBackend) NetworkLockAffectedSigs(keyID tkatype.KeyID) ([]tkatype.MarshaledSignature, error)
NetworkLockAffectedSigs returns the signatures which would be invalidated by removing trust in the specified KeyID.
func (*LocalBackend) NetworkLockCosignRecoveryAUM ¶ added in v1.48.0
NetworkLockCosignRecoveryAUM co-signs the provided recovery AUM and returns the updated structure.
The recovery AUM provided should be the output from a previous call to NetworkLockGenerateRecoveryAUM or NetworkLockCosignRecoveryAUM.
func (*LocalBackend) NetworkLockDisable ¶ added in v1.34.0
func (b *LocalBackend) NetworkLockDisable(secret []byte) error
NetworkLockDisable disables network-lock using the provided disablement secret.
func (*LocalBackend) NetworkLockForceLocalDisable ¶ added in v1.34.0
func (b *LocalBackend) NetworkLockForceLocalDisable() error
NetworkLockForceLocalDisable shuts down TKA locally, and denylists the current TKA from being initialized locally in future.
func (*LocalBackend) NetworkLockGenerateRecoveryAUM ¶ added in v1.48.0
func (b *LocalBackend) NetworkLockGenerateRecoveryAUM(removeKeys []tkatype.KeyID, forkFrom tka.AUMHash) (*tka.AUM, error)
NetworkLockGenerateRecoveryAUM generates an AUM which retroactively removes trust in the specified keys. This AUM is signed by the current node and returned.
If forkFrom is specified, it is used as the parent AUM to fork from. If the zero value, the parent AUM is determined automatically.
func (*LocalBackend) NetworkLockInit ¶ added in v1.30.0
func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byte, supportDisablement []byte) error
NetworkLockInit enables network-lock for the tailnet, with the tailnets' key authority initialized to trust the provided keys.
Initialization involves two RPCs with control, termed 'begin' and 'finish'. The Begin RPC transmits the genesis Authority Update Message, which encodes the initial state of the authority, and the list of all nodes needing signatures is returned as a response. The Finish RPC submits signatures for all these nodes, at which point Control has everything it needs to atomically enable network lock.
func (*LocalBackend) NetworkLockKeyTrustedForTest ¶ added in v1.32.0
func (b *LocalBackend) NetworkLockKeyTrustedForTest(keyID tkatype.KeyID) bool
Only use is in tests.
func (*LocalBackend) NetworkLockLog ¶ added in v1.34.0
func (b *LocalBackend) NetworkLockLog(maxEntries int) ([]ipnstate.NetworkLockUpdate, error)
NetworkLockLog returns the changelog of TKA state up to maxEntries in size.
func (*LocalBackend) NetworkLockModify ¶ added in v1.32.0
func (b *LocalBackend) NetworkLockModify(addKeys, removeKeys []tka.Key) (err error)
NetworkLockModify adds and/or removes keys in the tailnet's key authority.
func (*LocalBackend) NetworkLockSign ¶ added in v1.34.0
func (b *LocalBackend) NetworkLockSign(nodeKey key.NodePublic, rotationPublic []byte) error
NetworkLockSign signs the given node-key and submits it to the control plane. rotationPublic, if specified, must be an ed25519 public key.
func (*LocalBackend) NetworkLockStatus ¶ added in v1.30.0
func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus
NetworkLockStatus returns a structure describing the state of the tailnet key authority, if any.
func (*LocalBackend) NetworkLockSubmitRecoveryAUM ¶ added in v1.48.0
func (b *LocalBackend) NetworkLockSubmitRecoveryAUM(aum *tka.AUM) error
func (*LocalBackend) NetworkLockVerifySignatureForTest ¶ added in v1.32.0
func (b *LocalBackend) NetworkLockVerifySignatureForTest(nks tkatype.MarshaledSignature, nodeKey key.NodePublic) error
Only use is in tests.
func (*LocalBackend) NetworkLockVerifySigningDeeplink ¶ added in v1.44.0
func (b *LocalBackend) NetworkLockVerifySigningDeeplink(url string) tka.DeeplinkValidationResult
NetworkLockVerifySigningDeeplink asks the authority to verify the given deeplink URL. See the comment for ValidateDeeplink for details.
func (*LocalBackend) NetworkLockWrapPreauthKey ¶ added in v1.38.0
func (b *LocalBackend) NetworkLockWrapPreauthKey(preauthKey string, tkaKey key.NLPrivate) (string, error)
NetworkLockWrapPreauthKey wraps a pre-auth key with information to enable unattended bringup in the locked tailnet.
The provided trusted tailnet-lock key is used to sign a SigCredential structure, which is encoded along with the private key and appended to the pre-auth key.
func (*LocalBackend) NewProfile ¶ added in v1.34.0
func (b *LocalBackend) NewProfile() error
NewProfile creates and switches to the new profile.
func (*LocalBackend) NodeKey ¶ added in v1.42.0
func (b *LocalBackend) NodeKey() key.NodePublic
NodeKey returns the public node key.
func (*LocalBackend) NodeViewByIDForTest ¶ added in v1.50.0
NodeViewByIDForTest returns the state of the node with the given ID for integration tests in another repo.
func (*LocalBackend) ObserveDNSResponse ¶ added in v1.54.0
func (b *LocalBackend) ObserveDNSResponse(res []byte)
ObserveDNSResponse passes a DNS response from the PeerAPI DNS server to the App Connector to enable route discovery.
func (*LocalBackend) OfferingAppConnector ¶ added in v1.54.0
func (b *LocalBackend) OfferingAppConnector() bool
OfferingAppConnector reports whether b is currently offering app connector services.
func (*LocalBackend) OfferingExitNode ¶ added in v1.20.0
func (b *LocalBackend) OfferingExitNode() bool
OfferingExitNode reports whether b is currently offering exit node access.
func (*LocalBackend) OpenFile ¶ added in v1.8.0
func (b *LocalBackend) OpenFile(name string) (rc io.ReadCloser, size int64, err error)
func (*LocalBackend) OperatorUserID ¶ added in v1.8.0
func (b *LocalBackend) OperatorUserID() string
OperatorUserID returns the current pref's OperatorUser's ID (in os/user.User.Uid string form), or the empty string if none.
func (*LocalBackend) PeerCaps ¶ added in v1.24.0
func (b *LocalBackend) PeerCaps(src netip.Addr) tailcfg.PeerCapMap
PeerCaps returns the capabilities that remote src IP has to ths current node.
func (*LocalBackend) PeersForTest ¶ added in v1.50.0
func (b *LocalBackend) PeersForTest() []tailcfg.NodeView
PeersForTest returns all the current peers, sorted by Node.ID, for integration tests in another repo.
func (*LocalBackend) Prefs ¶ added in v1.8.0
func (b *LocalBackend) Prefs() ipn.PrefsView
Prefs returns a copy of b's current prefs, with any private keys removed.
func (*LocalBackend) QueryDNS ¶ added in v1.76.0
func (b *LocalBackend) QueryDNS(name string, queryType dnsmessage.Type) (res []byte, resolvers []*dnstype.Resolver, err error)
QueryDNS performs a DNS query for name and queryType using the built-in DNS resolver, and returns the raw DNS response and the resolvers that are were able to handle the query (the internal forwarder may race multiple resolvers).
func (*LocalBackend) ReloadConfig ¶ added in v1.52.0
func (b *LocalBackend) ReloadConfig() (ok bool, err error)
ReloadConfig reloads the backend's config from disk.
It returns (false, nil) if not running in declarative mode, (true, nil) on success, or (false, error) on failure.
func (*LocalBackend) ResetAuth ¶ added in v1.38.0
func (b *LocalBackend) ResetAuth() error
ResetAuth resets the authentication state, including persisted keys. Also has the side effect of removing all profiles and reseting preferences. The backend is left with a new profile, ready for StartLoginInterative to be called to register it as new node.
func (*LocalBackend) ResetForClientDisconnect ¶ added in v1.8.0
func (b *LocalBackend) ResetForClientDisconnect()
ResetForClientDisconnect resets the backend for GUI clients running in interactive (non-headless) mode. This is currently used only by Windows. This causes all state to be cleared, lest an unrelated user connect to tailscaled next. But it does not trigger a logout; we don't want to the user to have to reauthenticate in the future when they restart the GUI.
func (*LocalBackend) ServeConfig ¶ added in v1.34.0
func (b *LocalBackend) ServeConfig() ipn.ServeConfigView
ServeConfig provides a view of the current serve mappings. If serving is not configured, the returned view is not Valid.
func (*LocalBackend) SetComponentDebugLogging ¶ added in v1.32.0
func (b *LocalBackend) SetComponentDebugLogging(component string, until time.Time) error
SetComponentDebugLogging sets component's debug logging enabled until the until time. If until is in the past, the component's debug logging is disabled.
The following components are recognized:
- magicsock
- sockstats
func (*LocalBackend) SetControlClientGetterForTesting ¶ added in v1.8.0
func (b *LocalBackend) SetControlClientGetterForTesting(newControlClient func(controlclient.Options) (controlclient.Client, error))
SetControlClientGetterForTesting sets the func that creates a control plane client. It can be called at most once, before Start.
func (*LocalBackend) SetControlClientStatus ¶ added in v1.50.0
func (b *LocalBackend) SetControlClientStatus(c controlclient.Client, st controlclient.Status)
SetControlClientStatus is the callback invoked by the control client whenever it posts a new status. Among other things, this is where we update the netmap, packet filters, DNS and DERP maps.
func (*LocalBackend) SetCurrentUser ¶ added in v1.44.3
func (b *LocalBackend) SetCurrentUser(actor ipnauth.Actor) (ipn.WindowsUserID, error)
SetCurrentUser is used to implement support for multi-user systems (only Windows 2022-11-25). On such systems, the uid is used to determine which user's state should be used. The current user is maintained by active connections open to the backend.
When the backend initially starts it will typically start with no user. Then, the first connection to the backend from the GUI frontend will set the current user. Once set, the current user cannot be changed until all previous connections are closed. The user is also used to determine which LoginProfiles are accessible.
In unattended mode, the backend will start with the user which enabled unattended mode. The user must disable unattended mode before the user can be changed.
On non-multi-user systems, the user should be set to nil.
SetCurrentUser returns the ipn.WindowsUserID associated with the user when successful.
func (*LocalBackend) SetDNS ¶ added in v1.10.0
func (b *LocalBackend) SetDNS(ctx context.Context, name, value string) error
SetDNS adds a DNS record for the given domain name & TXT record value.
It's meant for use with dns-01 ACME (LetsEncrypt) challenges.
This is the low-level interface. Other layers will provide more friendly options to get HTTPS certs.
func (*LocalBackend) SetDevStateStore ¶ added in v1.34.0
func (b *LocalBackend) SetDevStateStore(key, value string) error
SetDevStateStore updates the LocalBackend's state storage to the provided values.
It's meant only for development.
func (*LocalBackend) SetDirectFileRoot ¶ added in v1.8.0
func (b *LocalBackend) SetDirectFileRoot(dir string)
SetDirectFileRoot sets the directory to download files to directly, without buffering them through an intermediate daemon-owned tailcfg.UserID-specific directory.
This must be called before the LocalBackend starts being used.
func (*LocalBackend) SetExpirySooner ¶ added in v1.24.0
SetExpiry updates the expiry of the current node key to t, as long as it's only sooner than the old expiry.
If t is in the past, the key is expired immediately. If t is after the current expiry, an error is returned.
func (*LocalBackend) SetHTTPTestClient ¶ added in v1.8.0
func (b *LocalBackend) SetHTTPTestClient(c *http.Client)
SetHTTPTestClient sets an alternate HTTP client to use with connections to the coordination server. It exists for testing. Using nil means to use the default.
func (*LocalBackend) SetLogFlusher ¶ added in v1.36.0
func (b *LocalBackend) SetLogFlusher(flushFunc func())
SetLogFlusher sets a func to be called to flush log uploads.
It should only be called before the LocalBackend is used.
func (*LocalBackend) SetNotifyCallback ¶ added in v1.8.0
func (b *LocalBackend) SetNotifyCallback(notify func(ipn.Notify))
SetNotifyCallback sets the function to call when the backend has something to notify the frontend about. Only one callback can be set at a time, so calling this function will replace the previous callback.
func (*LocalBackend) SetPushDeviceToken ¶ added in v1.52.0
func (b *LocalBackend) SetPushDeviceToken(tk string)
SetPushDeviceToken sets the push notification device token and informs the controlclient of the new value.
func (*LocalBackend) SetServeConfig ¶ added in v1.34.0
func (b *LocalBackend) SetServeConfig(config *ipn.ServeConfig, etag string) error
SetServeConfig establishes or replaces the current serve config. ETag is an optional parameter to enforce Optimistic Concurrency Control. If it is an empty string, then the config will be overwritten.
func (*LocalBackend) SetTCPHandlerForFunnelFlow ¶ added in v1.38.0
func (b *LocalBackend) SetTCPHandlerForFunnelFlow(h func(src netip.AddrPort, dstPort uint16) (handler func(net.Conn)))
SetTCPHandlerForFunnelFlow sets the TCP handler for Funnel flows. It should only be called before the LocalBackend is used.
func (*LocalBackend) SetUDPGROForwarding ¶ added in v1.68.0
func (b *LocalBackend) SetUDPGROForwarding() error
SetUDPGROForwarding enables UDP GRO forwarding for the default network interface of this machine. It can be done to improve performance for nodes acting as Tailscale subnet routers or exit nodes. Currently (9/5/2024) this functionality is considered experimental and only safe to use via explicit user opt-in for ephemeral devices, such as containers. https://tailscale.com/kb/1320/performance-best-practices#linux-optimizations-for-subnet-routers-and-exit-nodes
func (*LocalBackend) SetUseExitNodeEnabled ¶ added in v1.64.0
func (b *LocalBackend) SetUseExitNodeEnabled(v bool) (ipn.PrefsView, error)
SetUseExitNodeEnabled turns on or off the most recently selected exit node.
On success, it returns the resulting prefs (or current prefs, in the case of no change). Setting the value to false when use of an exit node is already false is not an error, nor is true when the exit node is already in use.
func (*LocalBackend) SetVarRoot ¶ added in v1.18.0
func (b *LocalBackend) SetVarRoot(dir string)
SetVarRoot sets the root directory of Tailscale's writable storage area . (e.g. "/var/lib/tailscale")
It should only be called before the LocalBackend is used.
func (*LocalBackend) ShouldExposeRemoteWebClient ¶ added in v1.64.0
func (b *LocalBackend) ShouldExposeRemoteWebClient() bool
ShouldExposeRemoteWebClient reports whether the web client should accept connections via [tailscale IP]:5252 in addition to the default behaviour of accepting local connections over 100.100.100.100.
This function checks both the web client user pref via exposeRemoteWebClientAtomicBool and the disable-web-client node attr via ShouldRunWebClient to determine whether the web client should be exposed.
func (*LocalBackend) ShouldHandleViaIP ¶ added in v1.24.0
func (b *LocalBackend) ShouldHandleViaIP(ip netip.Addr) bool
ShouldHandleViaIP reports whether ip is an IPv6 address in the Tailscale ULA's v6 "via" range embedding an IPv4 address to be forwarded to by Tailscale.
func (*LocalBackend) ShouldInterceptTCPPort ¶ added in v1.34.0
func (b *LocalBackend) ShouldInterceptTCPPort(port uint16) bool
ShouldInterceptTCPPort reports whether the given TCP port number to a Tailscale IP (not a subnet router, service IP, etc) should be intercepted by Tailscaled and handled in-process.
func (*LocalBackend) ShouldRunSSH ¶ added in v1.22.0
func (b *LocalBackend) ShouldRunSSH() bool
func (*LocalBackend) ShouldRunWebClient ¶ added in v1.54.0
func (b *LocalBackend) ShouldRunWebClient() bool
ShouldRunWebClient reports whether the web client is being run within this tailscaled instance. ShouldRunWebClient is safe to call regardless of whether b.mu is held or not.
func (*LocalBackend) Shutdown ¶
func (b *LocalBackend) Shutdown()
Shutdown halts the backend and all its sub-components. The backend can no longer be used after Shutdown returns.
func (*LocalBackend) Start ¶
func (b *LocalBackend) Start(opts ipn.Options) error
Start applies the configuration specified in opts, and starts the state machine.
TODO(danderson): this function is trying to do too many things at once: it loads state, or imports it, or updates prefs sometimes, contains some settings that are one-shot things done by `tailscale up` because we had nowhere else to put them, and there's no clear guarantee that switching from one user's state to another is actually a supported operation (it should be, but it's very unclear from the following whether or not that is a safe transition).
func (*LocalBackend) StartLoginInteractive ¶
func (b *LocalBackend) StartLoginInteractive(ctx context.Context) error
StartLoginInteractive requests a new interactive login from controlclient, unless such a flow is already in progress, in which case StartLoginInteractive attempts to pick up the in-progress flow where it left off.
func (*LocalBackend) StartLoginInteractiveAs ¶ added in v1.78.0
StartLoginInteractiveAs is like StartLoginInteractive but takes an ipnauth.Actor as an additional parameter. If non-nil, the specified user is expected to complete the interactive login, and therefore will receive the BrowseToURL notification once the control plane sends us one. Otherwise, the notification will be delivered to all active [watchSession]s.
func (*LocalBackend) State ¶
func (b *LocalBackend) State() ipn.State
State returns the backend state machine's current state.
func (*LocalBackend) Status ¶
func (b *LocalBackend) Status() *ipnstate.Status
Status returns the latest status of the backend and its sub-components.
func (*LocalBackend) StatusWithoutPeers ¶ added in v1.8.0
func (b *LocalBackend) StatusWithoutPeers() *ipnstate.Status
StatusWithoutPeers is like Status but omits any details of peers.
func (*LocalBackend) StreamDebugCapture ¶ added in v1.38.0
StreamDebugCapture writes a pcap stream of packets traversing tailscaled to the provided response writer.
func (*LocalBackend) SuggestExitNode ¶ added in v1.66.0
func (b *LocalBackend) SuggestExitNode() (response apitype.ExitNodeSuggestionResponse, err error)
func (*LocalBackend) SwitchProfile ¶ added in v1.34.0
func (b *LocalBackend) SwitchProfile(profile ipn.ProfileID) error
SwitchProfile switches to the profile with the given id. It will restart the backend on success. If the profile is not known, it returns an errProfileNotFound.
func (*LocalBackend) TCPHandlerForDst ¶ added in v1.44.0
func (b *LocalBackend) TCPHandlerForDst(src, dst netip.AddrPort) (handler func(c net.Conn) error, opts []tcpip.SettableSocketOption)
TCPHandlerForDst returns a TCP handler for connections to dst, or nil if no handler is needed. It also returns a list of TCP socket options to apply to the socket before calling the handler. TCPHandlerForDst is called both for connections to our node's local IP as well as to the service IP (quad 100).
func (*LocalBackend) TailscaleVarRoot ¶ added in v1.14.5
func (b *LocalBackend) TailscaleVarRoot() string
TailscaleVarRoot returns the root directory of Tailscale's writable storage area. (e.g. "/var/lib/tailscale")
It returns an empty string if there's no configured or discovered location.
func (*LocalBackend) TestOnlyPublicKeys ¶
func (b *LocalBackend) TestOnlyPublicKeys() (machineKey key.MachinePublic, nodeKey key.NodePublic)
TestOnlyPublicKeys returns the current machine and node public keys. Used in tests only to facilitate automated node authorization in the test harness.
func (*LocalBackend) TryFlushLogs ¶ added in v1.36.0
func (b *LocalBackend) TryFlushLogs() bool
TryFlushLogs calls the log flush function. It returns false if a log flush function was never initialized with SetLogFlusher.
TryFlushLogs should not block.
func (*LocalBackend) UnadvertiseRoute ¶ added in v1.58.0
func (b *LocalBackend) UnadvertiseRoute(toRemove ...netip.Prefix) error
UnadvertiseRoute implements the appc.RouteAdvertiser interface. It removes a route advertisement if one is present in the existing routes.
func (*LocalBackend) UpdateNetmapDelta ¶ added in v1.50.0
func (b *LocalBackend) UpdateNetmapDelta(muts []netmap.NodeMutation) (handled bool)
UpdateNetmapDelta implements controlclient.NetmapDeltaUpdater.
func (*LocalBackend) UpdateOutgoingFiles ¶ added in v1.64.0
func (b *LocalBackend) UpdateOutgoingFiles(updates map[string]*ipn.OutgoingFile)
UpdateOutgoingFiles updates b.outgoingFiles to reflect the given updates and sends an ipn.Notify with the full list of outgoingFiles.
func (*LocalBackend) UpdateStatus ¶
func (b *LocalBackend) UpdateStatus(sb *ipnstate.StatusBuilder)
UpdateStatus implements ipnstate.StatusUpdater.
func (*LocalBackend) UserMetricsRegistry ¶ added in v1.76.0
func (b *LocalBackend) UserMetricsRegistry() *usermetric.Registry
UserMetricsRegistry returns the usermetrics registry for the backend
func (*LocalBackend) VIPServices ¶ added in v1.78.0
func (b *LocalBackend) VIPServices() []*tailcfg.VIPService
VIPServices returns the list of tailnet services that this node is serving as a destination for. The returned memory is owned by the caller.
func (*LocalBackend) WaitingFiles ¶ added in v1.8.0
func (b *LocalBackend) WaitingFiles() ([]apitype.WaitingFile, error)
func (*LocalBackend) WatchNotifications ¶ added in v1.34.0
func (b *LocalBackend) WatchNotifications(ctx context.Context, mask ipn.NotifyWatchOpt, onWatchAdded func(), fn func(roNotify *ipn.Notify) (keepGoing bool))
WatchNotifications subscribes to the ipn.Notify message bus notification messages.
WatchNotifications blocks until ctx is done.
The provided onWatchAdded, if non-nil, will be called once the watcher is installed.
The provided fn will be called for each notification. It will only be called with non-nil pointers. The caller must not modify roNotify. If fn returns false, the watch also stops.
Failure to consume many notifications in a row will result in dropped notifications. There is currently (2022-11-22) no mechanism provided to detect when a message has been dropped.
func (*LocalBackend) WatchNotificationsAs ¶ added in v1.78.0
func (b *LocalBackend) WatchNotificationsAs(ctx context.Context, actor ipnauth.Actor, mask ipn.NotifyWatchOpt, onWatchAdded func(), fn func(roNotify *ipn.Notify) (keepGoing bool))
WatchNotificationsAs is like WatchNotifications but takes an ipnauth.Actor as an additional parameter. If non-nil, the specified callback is invoked only for notifications relevant to this actor.
func (*LocalBackend) WhoIs ¶
func (b *LocalBackend) WhoIs(proto string, ipp netip.AddrPort) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool)
WhoIs reports the node and user who owns the node with the given IP:port. If the IP address is a Tailscale IP, the provided port may be 0.
The 'proto' is used when looking up the IP:port in our proxy mapper; it tracks which local IP:ports correspond to connections proxied by tailscaled, and since tailscaled proxies both TCP and UDP, the 'proto' is needed to look up the correct IP:port based on the connection's protocol. If not provided, the lookup will be done for TCP and then UDP, in that order.
If ok == true, n and u are valid.
func (*LocalBackend) WhoIsNodeKey ¶ added in v1.70.0
func (b *LocalBackend) WhoIsNodeKey(k key.NodePublic) (n tailcfg.NodeView, u tailcfg.UserProfile, ok bool)
WhoIsNodeKey returns the peer info of given public key, if it exists.
type SSHServer ¶ added in v1.24.0
type SSHServer interface { HandleSSHConn(net.Conn) error // NumActiveConns returns the number of connections passed to HandleSSHConn // that are still active. NumActiveConns() int // OnPolicyChange is called when the SSH access policy changes, // so that existing sessions can be re-evaluated for validity // and closed if they'd no longer be accepted. OnPolicyChange() // Shutdown is called when tailscaled is shutting down. Shutdown() }
SSHServer is the interface of the conditionally linked ssh/tailssh.server.
type TLSCertKeyPair ¶ added in v1.34.0
type TLSCertKeyPair struct { CertPEM []byte // public key, in PEM form KeyPEM []byte // private key, in PEM form Cached bool // whether result came from cache }
TLSCertKeyPair is a TLS public and private key, and whether they were obtained from cache or freshly obtained.