func IsAccessDeniedError(errerror)bool

func IsPreconditionsFailedError(errerror)bool

func SetVersionMismatchHandler(f func(clientVer, serverVerstring))

func Status(ctxcontext.Context) (*ipnstate.Status,error)

func StatusWithoutPeers(ctxcontext.Context) (*ipnstate.Status,error)

type AccessDeniedError struct {// contains filtered or unexported fields}

func (*AccessDeniedError)Error¶

func (e *AccessDeniedError) Error()string

func (*AccessDeniedError)Unwrap¶

func (e *AccessDeniedError) Unwrap()error

type BugReportOpts struct {// Note contains an optional user-provided note to add to the logs.Notestring// Diagnose specifies whether to print additional diagnostic information to// the logs when generating this bugreport.Diagnosebool// Record specifies, if non-nil, whether to perform a bugreport// "recording"–generating an initial log marker, then waiting for// this channel to be closed before finishing the request, which// generates another log marker.Record <-chan struct{}}

type Client struct {// Dial optionally specifies an alternate func that connects to the local// machine's tailscaled or equivalent. If nil, a default is used.Dial func(ctxcontext.Context, network, addrstring) (net.Conn,error)// Transport optionally specifies an alternate [http.RoundTripper]// used to execute HTTP requests. If nil, a default [http.Transport] is used,// potentially with custom dialing logic from [Dial].// It is primarily used for testing.Transporthttp.RoundTripper// Socket specifies an alternate path to the local Tailscale socket.// If empty, a platform-specific default is used.Socketstring// UseSocketOnly, if true, tries to only connect to tailscaled via the// Unix socket and not via fallback mechanisms as done on macOS when// connecting to the GUI client variants.UseSocketOnlybool// OmitAuth, if true, omits sending the local Tailscale daemon any// authentication token that might be required by the platform.//// As of 2024-08-12, only macOS uses an authentication token. OmitAuth is// meant for when Dial is set and the LocalAPI is being proxied to a// different operating system, such as in integration tests.OmitAuthbool// contains filtered or unexported fields}

func (*Client)AwaitWaitingFiles¶

func (lc *Client) AwaitWaitingFiles(ctxcontext.Context, dtime.Duration) ([]apitype.WaitingFile,error)

AwaitWaitingFiles is likeClient.WaitingFiles but takes a duration to await for an answer.If the duration is 0, it will return immediately. The duration is respected at secondgranularity only. If no files are available, it returns (nil, nil).

func (*Client)BugReport¶

func (lc *Client) BugReport(ctxcontext.Context, notestring) (string,error)

BugReport logs and returns a log marker that can be shared by the user with support.

This is the same as callingClient.BugReportWithOpts and only specifying the Notefield.

func (*Client)BugReportWithOpts¶

func (lc *Client) BugReportWithOpts(ctxcontext.Context, optsBugReportOpts) (string,error)

BugReportWithOpts logs and returns a log marker that can be shared by theuser with support.

The opts type specifies options to pass to the Tailscale daemon whengenerating this bug report.

func (*Client)CertPair¶

func (lc *Client) CertPair(ctxcontext.Context, domainstring) (certPEM, keyPEM []byte, errerror)

CertPair returns a cert and private key for the provided DNS domain.

It returns a cached certificate from disk if it's still valid.

API maturity: this is considered a stable API.

func (*Client)CertPairWithValidity¶

func (lc *Client) CertPairWithValidity(ctxcontext.Context, domainstring, minValiditytime.Duration) (certPEM, keyPEM []byte, errerror)

CertPairWithValidity returns a cert and private key for the provided DNSdomain.

It returns a cached certificate from disk if it's still valid.When minValidity is non-zero, the returned certificate will be valid for atleast the given duration, if permitted by the CA. If the certificate isvalid, but for less than minValidity, it will be synchronously renewed.

API maturity: this is considered a stable API.

func (*Client)CheckIPForwarding¶

func (lc *Client) CheckIPForwarding(ctxcontext.Context)error

CheckIPForwarding asks the local Tailscale daemon whether it looks like themachine is properly configured to forward IP packets as a subnet routeror exit node.

func (*Client)CheckPrefs¶

func (lc *Client) CheckPrefs(ctxcontext.Context, p *ipn.Prefs)error

CheckPrefs validates the provided preferences, without making any changes.

The CLI uses this before a Start call to fail fast if the preferences won'twork. Currently (2022-04-18) this only checks for SSH server compatibility.Note that EditPrefs does the same validation as this, so call CheckPrefs beforeEditPrefs is not necessary.

func (*Client)CheckReversePathFiltering¶added inv1.86.0

func (lc *Client) CheckReversePathFiltering(ctxcontext.Context)error

CheckReversePathFiltering asks the local Tailscale daemon whether strictreverse path filtering is enabled, which would break exit node usage on Linux.

func (*Client)CheckSOMarkInUse¶added inv1.92.0

func (lc *Client) CheckSOMarkInUse(ctxcontext.Context) (bool,error)

CheckSOMarkInUse reports whether the socket mark option is in use. This will onlybe true if tailscale is running on Linux and tailscaled uses SO_MARK.

func (*Client)CheckUDPGROForwarding¶

func (lc *Client) CheckUDPGROForwarding(ctxcontext.Context)error

CheckUDPGROForwarding asks the local Tailscale daemon whether it looks likethe machine is optimally configured to forward UDP packets as a subnet routeror exit node.

func (*Client)CheckUpdate¶

func (lc *Client) CheckUpdate(ctxcontext.Context) (*tailcfg.ClientVersion,error)

CheckUpdate returns a*tailcfg.ClientVersion indicating whether or not an update is availableto be installed via the LocalAPI. In case the LocalAPI can't install updates, it returns aClientVersion that says that we are up to date.

func (*Client)CurrentDERPMap¶

func (lc *Client) CurrentDERPMap(ctxcontext.Context) (*tailcfg.DERPMap,error)

CurrentDERPMap returns the current DERPMap that is being used by the local tailscaled.It is intended to be used with netcheck to see availability of DERPs.

func (*Client)DaemonMetrics¶

func (lc *Client) DaemonMetrics(ctxcontext.Context) ([]byte,error)

DaemonMetrics returns the Tailscale daemon's metrics inthe Prometheus text exposition format.

func (*Client)DebugAction¶

func (lc *Client) DebugAction(ctxcontext.Context, actionstring)error

DebugAction invokes a debug action, such as "rebind" or "restun".These are development tools and subject to change or removal over time.

func (*Client)DebugActionBody¶

func (lc *Client) DebugActionBody(ctxcontext.Context, actionstring, rbodyio.Reader)error

DebugActionBody invokes a debug action with a body parameter, such as"debug-force-prefer-derp".These are development tools and subject to change or removal over time.

func (*Client)DebugDERPRegion¶

func (lc *Client) DebugDERPRegion(ctxcontext.Context, regionIDOrCodestring) (*ipnstate.DebugDERPRegionReport,error)

func (*Client)DebugPacketFilterRules¶

func (lc *Client) DebugPacketFilterRules(ctxcontext.Context) ([]tailcfg.FilterRule,error)

DebugPacketFilterRules returns the packet filter rules for the current device.

func (*Client)DebugPeerRelaySessions¶added inv1.90.0

func (lc *Client) DebugPeerRelaySessions(ctxcontext.Context) (*status.ServerStatus,error)

DebugPeerRelaySessions returns debug information about the current peerrelay sessions running through this node.

func (*Client)DebugPortmap¶

func (lc *Client) DebugPortmap(ctxcontext.Context, opts *DebugPortmapOpts) (io.ReadCloser,error)

DebugPortmap invokes the debug-portmap endpoint, and returns anio.ReadCloser that can be used to read the logs that are printed during thisprocess.

opts can be nil; if so, default values will be used.

func (*Client)DebugResultJSON¶

func (lc *Client) DebugResultJSON(ctxcontext.Context, actionstring) (any,error)

DebugResultJSON invokes a debug action and returns its result as something JSON-able.These are development tools and subject to change or removal over time.

func (*Client)DebugSetExpireIn¶

func (lc *Client) DebugSetExpireIn(ctxcontext.Context, dtime.Duration)error

DebugSetExpireIn marks the current node key to expire in d.

This is meant primarily for debug and testing.

func (*Client)DeleteProfile¶

func (lc *Client) DeleteProfile(ctxcontext.Context, profileipn.ProfileID)error

DeleteProfile removes the profile with the given ID.If the profile is the current profile, an empty profilewill be selected as ifClient.SwitchToEmptyProfile was called.

func (*Client)DeleteWaitingFile¶

func (lc *Client) DeleteWaitingFile(ctxcontext.Context, baseNamestring)error

func (*Client)DialTCP¶

func (lc *Client) DialTCP(ctxcontext.Context, hoststring, portuint16) (net.Conn,error)

DialTCP connects to the host's port via Tailscale.

The host may be a base DNS name (resolved from the netmap insidetailscaled), a FQDN, or an IP address.

The ctx is only used for the duration of the call, not the lifetime of thenet.Conn.

func (*Client)DisconnectControl¶

func (lc *Client) DisconnectControl(ctxcontext.Context)error

DisconnectControl shuts down all connections to control, thus making control consider this node inactive. This can berun on HA subnet router or app connector replicas before shutting them down to ensure peers get told to switch overto another replica whilst there is still some grace period for the existing connections to terminate.

func (*Client)DoLocalRequest¶

func (lc *Client) DoLocalRequest(req *http.Request) (*http.Response,error)

DoLocalRequest makes an HTTP request to the local machine's Tailscale daemon.

URLs are of the formhttp://local-tailscaled.sock/localapi/v0/whois?ip=1.2.3.4.

The hostname must be "local-tailscaled.sock", even though itdoesn't actually do any DNS lookup. The actual means of connecting to andauthenticating to the local Tailscale daemon vary by platform.

DoLocalRequest may mutate the request to add Authorization headers.

func (*Client)DriveSetServerAddr¶

func (lc *Client) DriveSetServerAddr(ctxcontext.Context, addrstring)error

DriveSetServerAddr instructs Taildrive to use the server at addr to accessthe filesystem. This is used on platforms like Windows and MacOS to letTaildrive know to use the file server running in the GUI app.

func (*Client)DriveShareList¶

func (lc *Client) DriveShareList(ctxcontext.Context) ([]*drive.Share,error)

DriveShareList returns the list of shares that drive is currently servingto remote nodes.

func (*Client)DriveShareRemove¶

func (lc *Client) DriveShareRemove(ctxcontext.Context, namestring)error

DriveShareRemove removes the share with the given name from the list ofshares that Taildrive will serve to remote nodes.

func (*Client)DriveShareRename¶

func (lc *Client) DriveShareRename(ctxcontext.Context, oldName, newNamestring)error

DriveShareRename renames the share from old to new name.

func (*Client)DriveShareSet¶

func (lc *Client) DriveShareSet(ctxcontext.Context, share *drive.Share)error

DriveShareSet adds or updates the given share in the list of shares thatTaildrive will serve to remote nodes. If a share with the same name alreadyexists, the existing share is replaced/updated.

func (*Client)EditPrefs¶

func (lc *Client) EditPrefs(ctxcontext.Context, mp *ipn.MaskedPrefs) (*ipn.Prefs,error)

EditPrefs updates theipn.Prefs of the current Tailscale profile, applying the changes in mp.It returns an error if the changes cannot be applied, such as due to the caller's access rightsor a policy restriction. An optional reason or justification for the request can beprovided as a context value usingapitype.RequestReasonKey. If permitted by policy,access may be granted, and the reason will be logged for auditing purposes.

func (*Client)EventBusGraph¶added inv1.86.0

func (lc *Client) EventBusGraph(ctxcontext.Context) ([]byte,error)

EventBusGraph returns a graph of active publishers and subscribers in the eventbusas aeventbus.DebugTopics

func (*Client)ExpandSNIName¶

func (lc *Client) ExpandSNIName(ctxcontext.Context, namestring) (fqdnstring, okbool)

ExpandSNIName expands bare label name into the most likely actual TLS cert name.

func (*Client)FileTargets¶

func (lc *Client) FileTargets(ctxcontext.Context) ([]apitype.FileTarget,error)

func (*Client)GetAppConnectorRouteInfo¶added inv1.90.0

func (lc *Client) GetAppConnectorRouteInfo(ctxcontext.Context) (appctype.RouteInfo,error)

func (*Client)GetCertificate¶

func (lc *Client) GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate,error)

GetCertificate fetches a TLS certificate for the TLS ClientHello in hi.

It returns a cached certificate from disk if it's still valid.

It's the right signature to use as the value oftls.Config.GetCertificate.

API maturity: this is considered a stable API.

func (*Client)GetDNSOSConfig¶

func (lc *Client) GetDNSOSConfig(ctxcontext.Context) (*apitype.DNSOSConfig,error)

GetDNSOSConfig returns the system DNS configuration for the current device.That is, it returns the DNS configuration that the system would use if Tailscale weren't being used.

func (*Client)GetEffectivePolicy¶

func (lc *Client) GetEffectivePolicy(ctxcontext.Context, scopesetting.PolicyScope) (*setting.Snapshot,error)

GetEffectivePolicy returns the effective policy for the specified scope.

func (*Client)GetPrefs¶

func (lc *Client) GetPrefs(ctxcontext.Context) (*ipn.Prefs,error)

func (*Client)GetServeConfig¶

func (lc *Client) GetServeConfig(ctxcontext.Context) (*ipn.ServeConfig,error)

GetServeConfig return the current serve config.

If the serve config is empty, it returns (nil, nil).

func (*Client)GetWaitingFile¶

func (lc *Client) GetWaitingFile(ctxcontext.Context, baseNamestring) (rcio.ReadCloser, sizeint64, errerror)

func (*Client)Goroutines¶

func (lc *Client) Goroutines(ctxcontext.Context) ([]byte,error)

Goroutines returns a dump of the Tailscale daemon's current goroutines.

func (*Client)IDToken¶

func (lc *Client) IDToken(ctxcontext.Context, audstring) (*tailcfg.TokenResponse,error)

IDToken is a request to get an OIDC ID token for an audience.The token can be presented to any resource provider which offers OIDCFederation.

func (*Client)IncrementCounter¶

func (lc *Client) IncrementCounter(ctxcontext.Context, namestring, deltaint)error

IncrementCounter increments the value of a Tailscale daemon's countermetric by the given delta. If the metric has yet to exist, a new countermetric is created and initialized to delta.

IncrementCounter does not support gauge metrics or negative delta values.

func (*Client)IncrementGauge¶added inv1.86.0

func (lc *Client) IncrementGauge(ctxcontext.Context, namestring, deltaint)error

IncrementGauge increments the value of a Tailscale daemon's gaugemetric by the given delta. If the metric has yet to exist, a new gaugemetric is created and initialized to delta. The delta value can be negative.

func (*Client)Logout¶

func (lc *Client) Logout(ctxcontext.Context)error

Logout logs out the current node.

func (*Client)NetworkLockAffectedSigs¶

func (lc *Client) NetworkLockAffectedSigs(ctxcontext.Context, keyIDtkatype.KeyID) ([]tkatype.MarshaledSignature,error)

NetworkLockAffectedSigs returns all signatures signed by the specified keyID.

func (*Client)NetworkLockCosignRecoveryAUM¶

func (lc *Client) NetworkLockCosignRecoveryAUM(ctxcontext.Context, aumtka.AUM) ([]byte,error)

NetworkLockCosignRecoveryAUM co-signs a recovery AUM using the node's tailnet lock key.

func (*Client)NetworkLockDisable¶

func (lc *Client) NetworkLockDisable(ctxcontext.Context, secret []byte)error

NetworkLockDisable shuts down network-lock across the tailnet.

func (*Client)NetworkLockForceLocalDisable¶

func (lc *Client) NetworkLockForceLocalDisable(ctxcontext.Context)error

NetworkLockForceLocalDisable forcibly shuts down network lock on this node.

func (*Client)NetworkLockGenRecoveryAUM¶

func (lc *Client) NetworkLockGenRecoveryAUM(ctxcontext.Context, removeKeys []tkatype.KeyID, forkFromtka.AUMHash) ([]byte,error)

NetworkLockGenRecoveryAUM generates an AUM for recovering from a tailnet-lock key compromise.

func (*Client)NetworkLockInit¶

func (lc *Client) NetworkLockInit(ctxcontext.Context, keys []tka.Key, disablementValues [][]byte, supportDisablement []byte) (*ipnstate.NetworkLockStatus,error)

NetworkLockInit initializes the tailnet key authority.

TODO(tom): Plumb through disablement secrets.

func (*Client)NetworkLockLog¶

func (lc *Client) NetworkLockLog(ctxcontext.Context, maxEntriesint) ([]ipnstate.NetworkLockUpdate,error)

NetworkLockLog returns up to maxEntries number of changes to network-lock state.

func (*Client)NetworkLockModify¶

func (lc *Client) NetworkLockModify(ctxcontext.Context, addKeys, removeKeys []tka.Key)error

NetworkLockModify adds and/or removes key(s) to the tailnet key authority.

func (*Client)NetworkLockSign¶

func (lc *Client) NetworkLockSign(ctxcontext.Context, nodeKeykey.NodePublic, rotationPublic []byte)error

NetworkLockSign signs the specified node-key and transmits that signature to the control plane.rotationPublic, if specified, must be an ed25519 public key.

func (*Client)NetworkLockStatus¶

func (lc *Client) NetworkLockStatus(ctxcontext.Context) (*ipnstate.NetworkLockStatus,error)

NetworkLockStatus fetches information about the tailnet key authority, if one is configured.

func (*Client)NetworkLockSubmitRecoveryAUM¶

func (lc *Client) NetworkLockSubmitRecoveryAUM(ctxcontext.Context, aumtka.AUM)error

NetworkLockSubmitRecoveryAUM submits a recovery AUM to the control plane.

func (*Client)NetworkLockVerifySigningDeeplink¶

func (lc *Client) NetworkLockVerifySigningDeeplink(ctxcontext.Context, urlstring) (*tka.DeeplinkValidationResult,error)

NetworkLockVerifySigningDeeplink verifies the network lock deeplink containedin url and returns information extracted from it.

func (*Client)NetworkLockWrapPreauthKey¶

func (lc *Client) NetworkLockWrapPreauthKey(ctxcontext.Context, preauthKeystring, tkaKeykey.NLPrivate) (string,error)

NetworkLockWrapPreauthKey wraps a pre-auth key with information toenable unattended bringup in the locked tailnet.

func (*Client)Ping¶

func (lc *Client) Ping(ctxcontext.Context, ipnetip.Addr, pingtypetailcfg.PingType) (*ipnstate.PingResult,error)

Ping sends a ping of the provided type to the provided IP and waitsfor its response.

func (*Client)PingWithOpts¶

func (lc *Client) PingWithOpts(ctxcontext.Context, ipnetip.Addr, pingtypetailcfg.PingType, optsPingOpts) (*ipnstate.PingResult,error)

Ping sends a ping of the provided type to the provided IP and waitsfor its response. The opts type specifies additional options.

func (*Client)Pprof¶

func (lc *Client) Pprof(ctxcontext.Context, pprofTypestring, secint) ([]byte,error)

Pprof returns a pprof profile of the Tailscale daemon.

func (*Client)ProfileStatus¶

func (lc *Client) ProfileStatus(ctxcontext.Context) (currentipn.LoginProfile, all []ipn.LoginProfile, errerror)

ProfileStatus returns the current profile and the list of all profiles.

func (*Client)PushFile¶

func (lc *Client) PushFile(ctxcontext.Context, targettailcfg.StableNodeID, sizeint64, namestring, rio.Reader)error

PushFile sends Taildrop file r to target.

A size of -1 means unknown.The name parameter is the original filename, not escaped.

func (*Client)QueryDNS¶

func (lc *Client) QueryDNS(ctxcontext.Context, namestring, queryTypestring) (bytes []byte, resolvers []*dnstype.Resolver, errerror)

QueryDNS executes a DNS query for a name (`google.com.`) and query type (`CNAME`).It returns the raw DNS response bytes and the resolvers that were used to answer the query(often just one, but can be more if we raced multiple resolvers).

func (*Client)QueryFeature¶

func (lc *Client) QueryFeature(ctxcontext.Context, featurestring) (*tailcfg.QueryFeatureResponse,error)

QueryFeature makes a request for instructions on how to enablea feature, such as Funnel, for the node's tailnet. If relevant,this includes a control server URL the user can visit to enablethe feature.

If you are looking to use QueryFeature, you'll likely want touse cli.enableFeatureInteractive instead, which handles the logicof wraping QueryFeature and translating its response into aninteractive flow for the user, including using the IPN notify busto block until the feature has been enabled.

2023-08-09: Valid feature values are "serve" and "funnel".

func (*Client)QueryOptionalFeatures¶added inv1.90.4

func (lc *Client) QueryOptionalFeatures(ctxcontext.Context) (*apitype.OptionalFeatures,error)

QueryOptionalFeatures queries the optional features supported by the Tailscale daemon.

func (*Client)ReloadConfig¶

func (lc *Client) ReloadConfig(ctxcontext.Context) (okbool, errerror)

ReloadConfig reloads the config file, if possible.

func (*Client)ReloadEffectivePolicy¶

func (lc *Client) ReloadEffectivePolicy(ctxcontext.Context, scopesetting.PolicyScope) (*setting.Snapshot,error)

ReloadEffectivePolicy reloads the effective policy for the specified scopeby reading and merging policy settings from all applicable policy sources.

func (*Client)SetComponentDebugLogging¶

func (lc *Client) SetComponentDebugLogging(ctxcontext.Context, componentstring, dtime.Duration)error

SetComponentDebugLogging sets component's debug logging enabled forthe provided duration. If the duration is in the past, the debug loggingis disabled.

func (*Client)SetDNS¶

func (lc *Client) SetDNS(ctxcontext.Context, name, valuestring)error

SetDNS adds a DNS TXT record for the given domain name, containingthe provided TXT value. The intended use case is answeringLetsEncrypt/ACME dns-01 challenges.

The control plane will only permit SetDNS requests with veryspecific names and values. The name should be"_acme-challenge." + your node's MagicDNS name. It's expected thatclients cache the certs from LetsEncrypt (or whichever CA isproviding them) and only request new ones as needed; the control planerate limits SetDNS requests.

This is a low-level interface; it's expected that most Tailscaleusers use a higher level interface to getting/using TLScertificates.

func (*Client)SetDevStoreKeyValue¶

func (lc *Client) SetDevStoreKeyValue(ctxcontext.Context, key, valuestring)error

SetDevStoreKeyValue set a statestore key/value. It's only meant for development.The schema (including when keys are re-read) is not a stable interface.

func (*Client)SetServeConfig¶

func (lc *Client) SetServeConfig(ctxcontext.Context, config *ipn.ServeConfig)error

SetServeConfig sets or replaces the serving settings.If config is nil, settings are cleared and serving is disabled.

func (*Client)SetUDPGROForwarding¶

func (lc *Client) SetUDPGROForwarding(ctxcontext.Context)error

SetUDPGROForwarding enables UDP GRO forwarding for the main interface of thisnode. This can be done to improve performance of tailnet nodes acting as exitnodes or subnet routers.Seehttps://tailscale.com/kb/1320/performance-best-practices#linux-optimizations-for-subnet-routers-and-exit-nodes

func (*Client)SetUseExitNode¶

func (lc *Client) SetUseExitNode(ctxcontext.Context, onbool)error

SetUseExitNode toggles the use of an exit node on or off.To turn it on, there must have been a previously used exit node.The most previously used one is reused.This is a convenience method for GUIs. To select an actual one, update the prefs.

func (*Client)ShutdownTailscaled¶added inv1.90.0

func (lc *Client) ShutdownTailscaled(ctxcontext.Context)error

ShutdownTailscaled requests a graceful shutdown of tailscaled.

func (*Client)Start¶

func (lc *Client) Start(ctxcontext.Context, optsipn.Options)error

Start applies the configuration specified in opts, and starts thestate machine.

func (*Client)StartLoginInteractive¶

func (lc *Client) StartLoginInteractive(ctxcontext.Context)error

StartLoginInteractive starts an interactive login.

func (*Client)Status¶

func (lc *Client) Status(ctxcontext.Context) (*ipnstate.Status,error)

Status returns the Tailscale daemon's status.

func (*Client)StatusWithoutPeers¶

func (lc *Client) StatusWithoutPeers(ctxcontext.Context) (*ipnstate.Status,error)

StatusWithoutPeers returns the Tailscale daemon's status, without the peer info.

func (*Client)StreamBusEvents¶added inv1.86.0

func (lc *Client) StreamBusEvents(ctxcontext.Context)iter.Seq2[eventbus.DebugEvent,error]

StreamBusEvents returns an iterator of Tailscale bus events as they arrive.Each pair is a valid event and a nil error, or a zero event a non-nil error.In case of error, the iterator ends after the pair reporting the error.Iteration stops if ctx ends.

func (*Client)StreamDebugCapture¶

func (lc *Client) StreamDebugCapture(ctxcontext.Context) (io.ReadCloser,error)

StreamDebugCapture streams a pcap-formatted packet capture.

The provided context does not determine the lifetime of thereturnedio.ReadCloser.

func (*Client)SuggestExitNode¶

func (lc *Client) SuggestExitNode(ctxcontext.Context) (apitype.ExitNodeSuggestionResponse,error)

SuggestExitNode requests an exit node suggestion and returns the exit node's details.

func (*Client)SwitchProfile¶

func (lc *Client) SwitchProfile(ctxcontext.Context, profileipn.ProfileID)error

SwitchProfile switches to the given profile.

func (*Client)SwitchToEmptyProfile¶

func (lc *Client) SwitchToEmptyProfile(ctxcontext.Context)error

SwitchToEmptyProfile creates and switches to a new unnamed profile. The newprofile is not assigned an ID until it is persisted after a successful login.In order to login to the new profile, the user must call LoginInteractive.

func (*Client)TailDaemonLogs¶

func (lc *Client) TailDaemonLogs(ctxcontext.Context) (io.Reader,error)

TailDaemonLogs returns a stream the Tailscale daemon's logs as they arrive.Close the context to stop the stream.

func (*Client)UserDial¶

func (lc *Client) UserDial(ctxcontext.Context, network, hoststring, portuint16) (net.Conn,error)

UserDial connects to the host's port via Tailscale for the given network.

The host may be a base DNS name (resolved from the netmap inside tailscaled),a FQDN, or an IP address.

The ctx is only used for the duration of the call, not the lifetime of thenet.Conn.

func (*Client)UserMetrics¶

func (lc *Client) UserMetrics(ctxcontext.Context) ([]byte,error)

UserMetrics returns the user metrics inthe Prometheus text exposition format.

func (*Client)WaitingFiles¶

func (lc *Client) WaitingFiles(ctxcontext.Context) ([]apitype.WaitingFile,error)

WaitingFiles returns the list of received Taildrop files that have beenreceived by the Tailscale daemon in its staging/cache directory but not yettransferred by the user's CLI or GUI client and written to a user's homedirectory somewhere.

func (*Client)WatchIPNBus¶

func (lc *Client) WatchIPNBus(ctxcontext.Context, maskipn.NotifyWatchOpt) (*IPNBusWatcher,error)

WatchIPNBus subscribes to the IPN notification bus. It returns a watcheronce the bus is connected successfully.

The context is used for the life of the watch, not just the call toWatchIPNBus.

The returnedIPNBusWatcher's Close method must be called when done to releaseresources.

A default set of ipn.Notify messages are returned but the set can be modified by mask.

func (*Client)WhoIs¶

func (lc *Client) WhoIs(ctxcontext.Context, remoteAddrstring) (*apitype.WhoIsResponse,error)

WhoIs returns the owner of the remoteAddr, which must be an IP or IP:port.

If not found, the error isErrPeerNotFound.

For connections proxied by tailscaled, this looks up the owner of the givenaddress as TCP first, falling back to UDP; if you want to only check aspecific address family, use WhoIsProto.

func (*Client)WhoIsNodeKey¶

func (lc *Client) WhoIsNodeKey(ctxcontext.Context, keykey.NodePublic) (*apitype.WhoIsResponse,error)

WhoIsNodeKey returns the owner of the given wireguard public key.

If not found, the error is ErrPeerNotFound.

func (*Client)WhoIsProto¶

func (lc *Client) WhoIsProto(ctxcontext.Context, proto, remoteAddrstring) (*apitype.WhoIsResponse,error)

WhoIsProto returns the owner of the remoteAddr, which must be an IP orIP:port, for the given protocol (tcp or udp).

If not found, the error isErrPeerNotFound.

type DebugPortmapOpts struct {// Duration is how long the mapping should be created for. It defaults// to 5 seconds if not set.Durationtime.Duration// Type is the kind of portmap to debug. The empty string instructs the// portmap client to perform all known types. Other valid options are// "pmp", "pcp", and "upnp".Typestring// GatewayAddr specifies the gateway address used during portmapping.// If set, SelfAddr must also be set. If unset, it will be// autodetected.GatewayAddrnetip.Addr// SelfAddr specifies the gateway address used during portmapping. If// set, GatewayAddr must also be set. If unset, it will be// autodetected.SelfAddrnetip.Addr// LogHTTP instructs the debug-portmap endpoint to print all HTTP// requests and responses made to the logs.LogHTTPbool}

type IPNBusWatcher struct {// contains filtered or unexported fields}

func (*IPNBusWatcher)Close¶

func (w *IPNBusWatcher) Close()error

Close stops the watcher and releases its resources.

func (*IPNBusWatcher)Next¶

func (w *IPNBusWatcher) Next() (ipn.Notify,error)

Next returns the next ipn.Notify from the stream.If the context from Client.WatchIPNBus is done, that error is returned.

type PingOpts struct {// Size is the length of the ping message in bytes. It's ignored if it's// smaller than the minimum message size.//// For disco pings, it specifies the length of the packet's payload. That// is, it includes the disco headers and message, but not the IP and UDP// headers.Sizeint}

type PreconditionsFailedError struct {// contains filtered or unexported fields}

func (*PreconditionsFailedError)Error¶

func (e *PreconditionsFailedError) Error()string

func (*PreconditionsFailedError)Unwrap¶

func (e *PreconditionsFailedError) Unwrap()error