func SortPeers(peers []*PeerStatus)

type DebugDERPRegionReport struct {Info     []stringWarnings []stringErrors   []string}

type ExitNodeStatus struct {// ID is the exit node's ID.IDtailcfg.StableNodeID// Online is whether the exit node is alive.Onlinebool// TailscaleIPs are the exit node's IP addresses assigned to the node.TailscaleIPs []netip.Prefix}

type NetworkLockStatus struct {// Enabled is true if network lock is enabled.Enabledbool// Head describes the AUM hash of the leaf AUM. Head is nil// if network lock is not enabled.Head *[32]byte// PublicKey describes the node's network-lock public key.// It may be zero if the node has not logged in.PublicKeykey.NLPublic// NodeKey describes the node's current node-key. This field is not// populated if the node is not operating (i.e. waiting for a login).NodeKey *key.NodePublic// NodeKeySigned is true if our node is authorized by network-lock.NodeKeySignedbool// NodeKeySignature is the current signature of this node's key.NodeKeySignature *tka.NodeKeySignature// TrustedKeys describes the keys currently trusted to make changes// to network-lock.TrustedKeys []TKAKey// VisiblePeers describes peers which are visible in the netmap that// have valid Tailnet Lock signatures signatures.VisiblePeers []*TKAPeer// FilteredPeers describes peers which were removed from the netmap// (i.e. no connectivity) because they failed tailnet lock// checks.FilteredPeers []*TKAPeer// StateID is a nonce associated with the network lock authority,// generated upon enablement. This field is not populated if the// network lock is disabled.StateIDuint64}

type NetworkLockUpdate struct {Hash   [32]byteChangestring// values of tka.AUMKind.String()// Raw contains the serialized AUM. The AUM is sent in serialized// form to avoid transitive dependences bloating this package.Raw []byte}

type PeerStatus struct {IDtailcfg.StableNodeIDPublicKeykey.NodePublicHostNamestring// HostInfo's Hostname (not a DNS name or necessarily unique)// DNSName is the Peer's FQDN. It ends with a dot.// It has the form "host.<MagicDNSSuffix>."DNSNamestringOSstring// HostInfo.OSUserIDtailcfg.UserID// AltSharerUserID is the user who shared this node// if it's different than UserID. Otherwise it's zero.AltSharerUserIDtailcfg.UserID `json:",omitempty"`// TailscaleIPs are the IP addresses assigned to the node.TailscaleIPs []netip.Addr// AllowedIPs are IP addresses allowed to route to this node.AllowedIPs *views.Slice[netip.Prefix] `json:",omitempty"`// Tags are the list of ACL tags applied to this node.// See tailscale.com/tailcfg#Node.Tags for more information.Tags *views.Slice[string] `json:",omitempty"`// PrimaryRoutes are the routes this node is currently the primary// subnet router for, as determined by the control plane. It does// not include the IPs in TailscaleIPs.PrimaryRoutes *views.Slice[netip.Prefix] `json:",omitempty"`// Endpoints:Addrs     []stringCurAddrstring// one of Addrs, or unique if roamingRelaystring// DERP regionPeerRelaystring// peer relay address (ip:port:vni)RxBytesint64TxBytesint64Createdtime.Time// time registered with tailcontrolLastWritetime.Time// time last packet sentLastSeentime.Time// last seen to tailcontrol; only present if offlineLastHandshaketime.Time// with local wireguardOnlinebool// whether node is connected to the control planeExitNodebool// true if this is the currently selected exit node.ExitNodeOptionbool// true if this node can be an exit node (offered && approved)// Active is whether the node was recently active. The// definition is somewhat undefined but has historically and// currently means that there was some packet sent to this// peer in the past two minutes. That definition is subject to// change.Activebool// PeerAPIURL are the URLs of the node's PeerAPI servers.PeerAPIURL []string// TaildropTargetStatus represents the node's eligibility to have files shared to it.TaildropTargetTaildropTargetStatus// Reason why this peer cannot receive files. Empty if CanReceiveFiles=trueNoFileSharingReasonstring// Capabilities are capabilities that the node has.// They're free-form strings, but should be in the form of URLs/URIs// such as://    "https://tailscale.com/cap/is-admin"//    "https://tailscale.com/cap/file-sharing"//    "funnel"//// Deprecated: use CapMap instead. Seehttps://github.com/tailscale/tailscale/issues/11508// Every value is Capabilities is also a key in CapMap, even if it// has no values in that map.Capabilities []tailcfg.NodeCapability `json:",omitempty"`// CapMap is a map of capabilities to their values.CapMaptailcfg.NodeCapMap `json:",omitempty"`// SSH_HostKeys are the node's SSH host keys, if known.SSH_HostKeys []string `json:"sshHostKeys,omitempty"`// ShareeNode indicates this node exists in the netmap because// it's owned by a shared-to user and that node might connect// to us. These nodes should be hidden by "tailscale status"// etc by default.ShareeNodebool `json:",omitempty"`// InNetworkMap means that this peer was seen in our latest network map.// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.InNetworkMapbool// InMagicSock means that this peer is being tracked by magicsock.// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.InMagicSockbool// InEngine means that this peer is tracked by the wireguard engine.// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.InEnginebool// Expired means that this peer's node key has expired, based on either// information from control or optimisically set on the client if the// expiration time has passed.Expiredbool `json:",omitempty"`// KeyExpiry, if present, is the time at which the node key expired or// will expire.KeyExpiry *time.Time `json:",omitempty"`Location *tailcfg.Location `json:",omitempty"`}

func (*PeerStatus)HasCap¶added inv1.50.0

func (ps *PeerStatus) HasCap(captailcfg.NodeCapability)bool

HasCap reports whether ps has the given capability.

func (*PeerStatus)IsTagged¶added inv1.52.0

func (ps *PeerStatus) IsTagged()bool

IsTagged reports whether ps is tagged.

type PeerStatusLite struct {// NodeKey is this peer's public node key.NodeKeykey.NodePublic// TxBytes/RxBytes are the total number of bytes transmitted to/received// from this peer.TxBytes, RxBytesint64// LastHandshake is the last time a handshake succeeded with this peer. (Or// we got key confirmation via the first data message, which is// approximately the same thing.)//// The time.Time zero value means that no handshake has succeeded, at least// since this peer was last known to WireGuard. (Tailscale removes peers// from the wireguard peer that are idle.)LastHandshaketime.Time}

type PingResult struct {IPstring// ping destinationNodeIPstring// Tailscale IP of node handling IP (different for subnet routers)NodeNamestring// DNS name base or (possibly not unique) hostnameErrstringLatencySecondsfloat64// Endpoint is a string of the form "{ip}:{port}" if direct UDP was used. It// is not currently set for TSMP.Endpointstring// PeerRelay is a string of the form "{ip}:{port}:vni:{vni}" if a peer// relay was used. It is not currently set for TSMP. Note that this field// is not omitted during JSON encoding if it contains a zero value. This is// done for consistency with the Endpoint field; this structure is exposed// externally via localAPI, so we want to maintain the existing convention.PeerRelaystring// DERPRegionID is non-zero DERP region ID if DERP was used.// It is not currently set for TSMP pings.DERPRegionIDint// DERPRegionCode is the three-letter region code// corresponding to DERPRegionID.// It is not currently set for TSMP pings.DERPRegionCodestring// PeerAPIPort is set by TSMP ping responses for peers that// are running a peerapi server. This is the port they're// running the server on.PeerAPIPortuint16 `json:",omitempty"`// PeerAPIURL is the URL that was hit for pings of type "peerapi" (tailcfg.PingPeerAPI).// It's of the form "http://ip:port" (or [ip]:port for IPv6).PeerAPIURLstring `json:",omitempty"`// IsLocalIP is whether the ping request error is due to it being// a ping to the local node.IsLocalIPbool `json:",omitempty"`}

func (*PingResult)ToPingResponse¶added inv1.24.0

func (pr *PingResult) ToPingResponse(pingTypetailcfg.PingType) *tailcfg.PingResponse

type SelfUpdateStatusstring

type Status struct {// Version is the daemon's long version (see version.Long).Versionstring// TUN is whether /dev/net/tun (or equivalent kernel interface) is being// used. If false, it's running in userspace mode.TUNbool// BackendState is an ipn.State string value://  "NoState", "NeedsLogin", "NeedsMachineAuth", "Stopped",//  "Starting", "Running".BackendStatestring// HaveNodeKey is whether the current profile has a node key configured.HaveNodeKeybool `json:",omitempty"`AuthURLstring// current URL provided by control to authorize clientTailscaleIPs []netip.Addr// Tailscale IP(s) assigned to this nodeSelf         *PeerStatus// ExitNodeStatus describes the current exit node.// If nil, an exit node is not in use.ExitNodeStatus *ExitNodeStatus `json:"ExitNodeStatus,omitempty"`// Health contains health check problems.// Empty means everything is good. (or at least that no known// problems are detected)Health []string// This field is the legacy name of CurrentTailnet.MagicDNSSuffix.//// Deprecated: use CurrentTailnet.MagicDNSSuffix instead.MagicDNSSuffixstring// CurrentTailnet is information about the tailnet that the node// is currently connected to. When not connected, this field is nil.CurrentTailnet *TailnetStatus// CertDomains are the set of DNS names for which the control// plane server will assist with provisioning TLS// certificates. See SetDNSRequest for dns-01 ACME challenges// for e.g. LetsEncrypt. These names are FQDNs without// trailing periods, and without any "_acme-challenge." prefix.CertDomains []string// Peer is the state of each peer, keyed by each peer's current public key.Peer map[key.NodePublic]*PeerStatus// User contains profile information about UserIDs referenced by// PeerStatus.UserID, PeerStatus.AltSharerUserID, etc.User map[tailcfg.UserID]tailcfg.UserProfile// ClientVersion, when non-nil, contains information about the latest// version of the Tailscale client that's available. Depending on// the platform and client settings, it may not be available.ClientVersion *tailcfg.ClientVersion}

func (*Status)Peers¶

func (s *Status) Peers() []key.NodePublic

func (*Status)WriteHTML¶

func (st *Status) WriteHTML(wio.Writer)

type StatusBuilder struct {WantPeersbool// whether caller wants peers// contains filtered or unexported fields}

func (*StatusBuilder)AddPeer¶

func (sb *StatusBuilder) AddPeer(peerkey.NodePublic, st *PeerStatus)

AddPeer adds a peer node to the status.

Its PeerStatus is mixed with any previous status already added.

func (*StatusBuilder)AddTailscaleIP¶added inv1.0.0

func (sb *StatusBuilder) AddTailscaleIP(ipnetip.Addr)

AddIP adds a Tailscale IP address to the status.

func (*StatusBuilder)AddUser¶

func (sb *StatusBuilder) AddUser(idtailcfg.UserID, uptailcfg.UserProfileView)

AddUser adds a user profile to the status.

func (*StatusBuilder)MutateSelfStatus¶added inv1.8.0

func (sb *StatusBuilder) MutateSelfStatus(f func(*PeerStatus))

MutateSelfStatus calls f with the PeerStatus of our own node to mutate.

It may not assume other fields of status are already populated, andmay not retain or write to the Status after f returns.

MutateStatus acquires a lock so f must not call back into sb.

func (*StatusBuilder)MutateStatus¶added inv1.8.0

func (sb *StatusBuilder) MutateStatus(f func(*Status))

MutateStatus calls f with the status to mutate.

It may not assume other fields of status are already populated, andmay not retain or write to the Status after f returns.

func (*StatusBuilder)Status¶

func (sb *StatusBuilder) Status() *Status

Status returns the status that has been built up so far from previouscalls to MutateStatus, MutateSelfStatus, AddPeer, etc.

type StatusUpdater interface {UpdateStatus(*StatusBuilder)}

type TKAKey struct {Keykey.NLPublicMetadata map[string]stringVotesuint}

type TKAPeer struct {Namestring// DNSIDtailcfg.NodeIDStableIDtailcfg.StableNodeIDTailscaleIPs     []netip.Addr// Tailscale IP(s) assigned to this nodeNodeKeykey.NodePublicNodeKeySignaturetka.NodeKeySignature}

func (*TKAPeer)Clone¶added inv1.74.0

func (src *TKAPeer) Clone() *TKAPeer

Clone makes a deep copy of TKAPeer.The result aliases no memory with the original.

type TaildropTargetStatusint

type TailnetStatus struct {// Name is the name of the network that's currently in use.Namestring// MagicDNSSuffix is the network's MagicDNS suffix for nodes// in the network such as "userfoo.tailscale.net".// There are no surrounding dots.// MagicDNSSuffix should be populated regardless of whether a domain// has MagicDNS enabled.MagicDNSSuffixstring// MagicDNSEnabled is whether or not the network has MagicDNS enabled.// Note that the current device may still not support MagicDNS if// `--accept-dns=false` was used.MagicDNSEnabledbool}

type UpdateProgress struct {StatusSelfUpdateStatus `json:"status,omitempty"`Messagestring           `json:"message,omitempty"`Versionstring           `json:"version,omitempty"`}

funcNewUpdateProgress¶added inv1.54.0

func NewUpdateProgress(psSelfUpdateStatus, msgstring)UpdateProgress