In tailnet connections, we currently get debug logs from the wireguard layer, but do not get logs from the protocols running over wireguard.

All built-in applications and a good many end-user applications run over TCP. It would be very useful to log the lifecycle of TCP sockets opened over the tailnet: when they start, when they end, and why they terminated (e.g. FIN, RST, timeout). TCP is implemented in userspace using gVisor, so in principle we have access to all networking state. We'll need to investigate what can be accomplished without, like, hard-forking gVisor.