Movatterモバイル変換

[0]ホーム
URL:

ipnlocal

package
v1.92.2Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest Published: Dec 10, 2025 License:BSD-3-ClauseImports:145Imported by:30

Details

Repository

github.com/tailscale/tailscale

Links

Documentation

Overview

Package ipnlocal is the heart of the Tailscale node agent that controlsall the other misc pieces of the Tailscale node.

Index

Constants

View Source
const (// DriveLocalPort is the port on which the Taildrive listens for location// connections on quad 100.DriveLocalPort = 8080)

Variables

View Source
var ErrDisallowedAutoRoute =errors.New("route is not allowed")

ErrDisallowedAutoRoute is returned by AdvertiseRoute when a route that is not allowed is requested.

View Source
var ErrETagMismatch =errors.New("etag mismatch")

ErrETagMismatch signals that the givenIf-Match header does not match with thecurrent etag of a resource.

View Source
var ErrNoNetMap =errors.New("no network map, try again later")
View Source
var ErrNoPreferredDERP =errors.New("no preferred DERP, try again later")

HookDoctor is an optional hook for the "doctor" problem diagnosis feature.

Functions

funcGetExtadded inv1.84.0

func GetExt[Tipnext.Extension](lb *LocalBackend) (_ T, okbool)

GetExt returns the extension of type T registered with lb.If lb is nil or the extension is not found, it returns zero, false.

funcReadStartupPrefsForTestadded inv1.34.0

func ReadStartupPrefsForTest(logflogger.Logf, storeipn.StateStore) (ipn.PrefsView,error)

ReadStartupPrefsForTest reads the startup prefs from disk. It is only used for testing.

funcRegisterC2Nadded inv1.80.0

func RegisterC2N(patternstring, h func(*LocalBackend,http.ResponseWriter, *http.Request))

RegisterC2N registers a new c2n handler for the given pattern.

A pattern is like "GET /foo" (specific to an HTTP method) or "/foo" (allmethods). It panics if the pattern is already registered.

funcRegisterNewSSHServeradded inv1.24.0

func RegisterNewSSHServer(fn newSSHServerFunc)

RegisterNewSSHServer lets the conditionally linked ssh/tailssh package register itself.

funcRegisterPeerAPIHandleradded inv1.80.0

func RegisterPeerAPIHandler(pathstring, f func(PeerAPIHandler,http.ResponseWriter, *http.Request))

RegisterPeerAPIHandler registers a PeerAPI handler.

The path should be of the form "/v0/foo".

It panics if the path is already registered.

Types

typeBackendadded inv1.84.0

type Backend interface {// SwitchToBestProfile switches to the best profile for the current state of the system.// The reason indicates why the profile is being switched.SwitchToBestProfile(reasonstring)SendNotify(ipn.Notify)NodeBackend()ipnext.NodeBackendipnext.SafeBackend}

Backend is a subset ofLocalBackend methods that are used byExtensionHost.It is primarily used for testing.

typeExtensionHostadded inv1.84.0

type ExtensionHost struct {// contains filtered or unexported fields}

ExtensionHost is a bridge between theLocalBackend and the registered [ipnext.Extension]s.It implementsipnext.Host and is safe for concurrent use.

A nil pointer toExtensionHost is a valid, no-op extension host which is primarily used in teststhat instantiateLocalBackend directly without usingNewExtensionHost.

TheLocalBackend is not required to hold its mutex when calling the host's methods,but it typically does so either to prevent changes to its state (for example, the current profile)while callbacks are executing, or because it calls the host's methods as part of a larger operationthat requires the mutex to be held.

Extensions might invoke the host's methods either from callbacks triggered by theLocalBackend,or in a response to external events. Some methods can be called by both the extensions and the backend.

As a general rule, the host cannot assume anything about the current state of theLocalBackend'sinternal mutex on entry to its methods, and therefore cannot safely callLocalBackend methods directly.

The following are typical and supported patterns:

  • LocalBackend notifies the host about an event, such as a change in the current profile.The host invokes callbacks registered by Extensions, forwarding the event arguments to them.If necessary, the host can also update its own state for future use.
  • LocalBackend requests information from the host, such as the effectiveipnauth.AuditLogFuncor theipn.LoginProfile to use when no GUI/CLI client is connected. Typically,LocalBackendprovides the required context to the host, and the host returns the result toLocalBackendafter forwarding the request to the extensions.
  • Extension invokes the host's method to perform an action, such as switching to the "best" profilein response to a change in the device's state. Since the host does not know whether theLocalBackend'sinternal mutex is held, it cannot invoke any methods on theLocalBackend directly and must insteaddo so asynchronously, such as by using [ExtensionHost.enqueueBackendOperation].
  • Extension requests information from the host, such as the effectiveipnauth.AuditLogFuncor the currentipn.LoginProfile. Since the host cannot invoke any methods on theLocalBackend directly,it should maintain its own view of the current state, updating it when theLocalBackend notifies itabout a change or event.

To safeguard against adopting incorrect or risky patterns, the host does not storeLocalBackend in its fieldsand instead provides [ExtensionHost.enqueueBackendOperation]. Additionally, to make it easier to test extensionsand to further reduce the risk of accessing unexported methods or fields ofLocalBackend, the host interactswith it via theBackend interface.

funcNewExtensionHostadded inv1.84.0

func NewExtensionHost(logflogger.Logf, bBackend) (*ExtensionHost,error)

NewExtensionHost returns a newExtensionHost which manages registered extensions for the given backend.The extensions are instantiated, but are not initialized untilExtensionHost.Init is called.It returns an error if instantiating any extension fails.

funcNewExtensionHostForTestadded inv1.84.0

func NewExtensionHostForTest(logflogger.Logf, bBackend, overrideExts ...*ipnext.Definition) (*ExtensionHost,error)

func (*ExtensionHost)AuditLoggeradded inv1.84.0

func (h *ExtensionHost) AuditLogger()ipnauth.AuditLogFunc

AuditLogger returns a function that reports an auditable actionto all registered audit loggers. It fails if any of them returns an error,indicating that the action cannot be logged and must not be performed.

It implementsipnext.Host, but is also used by theLocalBackend.

The returned function closes over the current state of the host and extensions,which typically includes the current profile and the audit loggers registered by extensions.It must not be persisted outside of the auditable action context.

func (*ExtensionHost)CurrentPrefsadded inv1.84.0

func (h *ExtensionHost) CurrentPrefs()ipn.PrefsView

CurrentPrefs implementsipnext.ProfileServices.

func (*ExtensionHost)CurrentProfileStateadded inv1.84.0

func (h *ExtensionHost) CurrentProfileState() (ipn.LoginProfileView,ipn.PrefsView)

CurrentProfileState implementsipnext.ProfileServices.

func (*ExtensionHost)DetermineBackgroundProfileadded inv1.84.0

func (h *ExtensionHost) DetermineBackgroundProfile(profilesipnext.ProfileStore)ipn.LoginProfileView

DetermineBackgroundProfile returns a read-only view of the profileused when no GUI/CLI client is connected, using background profileresolvers registered by extensions.

It returns an invalid view if Tailscale should not run in the backgroundand instead disconnect until a GUI/CLI client connects.

As of 2025-02-07, this is only used on Windows.

func (*ExtensionHost)Extensionsadded inv1.84.0

func (h *ExtensionHost) Extensions()ipnext.ExtensionServices

Extensions implementsipnext.Host.

func (*ExtensionHost)FindExtensionByNameadded inv1.84.0

func (h *ExtensionHost) FindExtensionByName(namestring)any

FindExtensionByName implementsipnext.ExtensionServicesand is also used by theLocalBackend.It returns nil if the extension is not found.

func (*ExtensionHost)FindMatchingExtensionadded inv1.84.0

func (h *ExtensionHost) FindMatchingExtension(targetany)bool

FindMatchingExtension implementsipnext.ExtensionServicesand is also used by theLocalBackend.

func (*ExtensionHost)Hooksadded inv1.84.0

func (h *ExtensionHost) Hooks() *ipnext.Hooks

func (*ExtensionHost)Initadded inv1.84.0

func (h *ExtensionHost) Init()

Init initializes the host and the extensions it manages.

func (*ExtensionHost)NodeBackendadded inv1.84.0

func (h *ExtensionHost) NodeBackend()ipnext.NodeBackend

func (*ExtensionHost)NotifyNewControlClientadded inv1.84.0

func (h *ExtensionHost) NotifyNewControlClient(cccontrolclient.Client, profileipn.LoginProfileView) (ccShutdownCbs []func())

NotifyNewControlClient invokes all registered control client callbacks.It returns callbacks to be executed when the control client shuts down.

func (*ExtensionHost)NotifyProfileChangeadded inv1.84.0

func (h *ExtensionHost) NotifyProfileChange(profileipn.LoginProfileView, prefsipn.PrefsView, sameNodebool)

NotifyProfileChange invokes registered profile state change callbacksand updates the current profile and prefs in the host.It strips private keys from theipn.Prefs before preservingor passing them to the callbacks.

func (*ExtensionHost)NotifyProfilePrefsChangedadded inv1.84.0

func (h *ExtensionHost) NotifyProfilePrefsChanged(profileipn.LoginProfileView, oldPrefs, newPrefsipn.PrefsView)

NotifyProfilePrefsChanged invokes registered profile state change callbacks,and updates the current profile and prefs in the host.It strips private keys from theipn.Prefs before preserving or using them.

func (*ExtensionHost)Profilesadded inv1.84.0

Profiles implementsipnext.Host.

func (*ExtensionHost)SendNotifyAsyncadded inv1.84.0

func (h *ExtensionHost) SendNotifyAsync(nipn.Notify)

SendNotifyAsync implementsipnext.Host.

func (*ExtensionHost)Shutdownadded inv1.84.0

func (h *ExtensionHost) Shutdown()

Shutdown shuts down the extension host and all initialized extensions.

func (*ExtensionHost)SwitchToBestProfileAsyncadded inv1.84.0

func (h *ExtensionHost) SwitchToBestProfileAsync(reasonstring)

SwitchToBestProfileAsync implementsipnext.ProfileServices.

typeLocalBackend

type LocalBackend struct {// contains filtered or unexported fields}

LocalBackend is the glue between the major pieces of the Tailscalenetwork software: the cloud control plane (via controlclient), thenetwork data plane (via wgengine), and the user-facing UIs and CLIs(collectively called "frontends", via LocalBackend's implementationof the Backend interface).

LocalBackend implements the overall state machine for the Tailscaleapplication. Frontends, controlclient and wgengine can feed eventsinto LocalBackend to advance the state machine, and advancing thestate machine generates events back out to zero or more components.

funcNewLocalBackend

func NewLocalBackend(logflogger.Logf, logIDlogid.PublicID, sys *tsd.System, loginFlagscontrolclient.LoginFlags) (_ *LocalBackend, errerror)

NewLocalBackend returns a new LocalBackend that is ready to run,but is not actually running.

If dialer is nil, a new one is made.

The logID may be the zero value if logging is not in use.

func (*LocalBackend)ActiveSSHConnsadded inv1.90.0

func (b *LocalBackend) ActiveSSHConns()int

ActiveSSHConns returns the number of active SSH connections,or 0 if SSH is not linked into the binary or available on the platform.

func (*LocalBackend)AdvertiseRouteadded inv1.54.0

func (b *LocalBackend) AdvertiseRoute(ipps ...netip.Prefix)error

AdvertiseRoute implements the appctype.RouteAdvertiser interface. It sets anew route advertisement if one is not already present in the existingroutes. If the route is disallowed, ErrDisallowedAutoRoute is returned.

func (*LocalBackend)AppConnectoradded inv1.86.0

func (b *LocalBackend) AppConnector() *appc.AppConnector

AppConnector returns the current AppConnector, or nil if not configured.

TODO(nickkhyl): move app connectors to [nodeBackend], or perhaps a feature package?

func (*LocalBackend)CheckIPForwardingadded inv1.8.0

func (b *LocalBackend) CheckIPForwarding()error

func (*LocalBackend)CheckIPNConnectionAllowedadded inv1.34.0

func (b *LocalBackend) CheckIPNConnectionAllowed(actoripnauth.Actor)error

CheckIPNConnectionAllowed returns an error if the specified actor should notbe allowed to connect or make requests to the LocalAPI currently.

Currently (as of 2024-08-26), this is only used on Windows.We plan to remove it as part of the multi-user and unattended mode improvementsas we progress on tailscale/corp#18342.

func (*LocalBackend)CheckPrefsadded inv1.24.0

func (b *LocalBackend) CheckPrefs(p *ipn.Prefs)error

func (*LocalBackend)CheckUDPGROForwardingadded inv1.54.0

func (b *LocalBackend) CheckUDPGROForwarding()error

CheckUDPGROForwarding checks if the machine is optimally configured toforward UDP packets between the default route and Tailscale TUN interfaces.It returns an error if the check fails or if suboptimal configuration isdetected. No error is returned if we are unable to gather the interfacenames from the relevant subsystems.

func (*LocalBackend)ClearCaptureSinkadded inv1.80.0

func (b *LocalBackend) ClearCaptureSink()

func (*LocalBackend)Clockadded inv1.84.0

func (b *LocalBackend) Clock()tstime.Clock

func (*LocalBackend)ConfigureWebClientadded inv1.56.0

func (b *LocalBackend) ConfigureWebClient(lc *local.Client)

ConfigureWebClient configures b.web prior to use.Specifially, it sets b.web.lc to the provided local.Client.If provided as nil, b.web.lc is cleared out.

func (*LocalBackend)ControlKnobsadded inv1.50.0

func (b *LocalBackend) ControlKnobs() *controlknobs.Knobs

ControlKnobs returns the node's control knobs.

func (*LocalBackend)ControlNowadded inv1.56.0

func (b *LocalBackend) ControlNow(localNowtime.Time)time.Time

ControlNow estimates the current time on the control server, calculated aslocalNow + the delta between local and control server clocks as recordedwhen the LocalBackend last received a time message from the control server.

func (*LocalBackend)CurrentProfileadded inv1.34.0

func (b *LocalBackend) CurrentProfile()ipn.LoginProfileView

CurrentProfile returns the current LoginProfile.The value may be zero if the profile is not persisted.

func (*LocalBackend)CurrentUserForTestadded inv1.80.0

func (b *LocalBackend) CurrentUserForTest() (ipn.WindowsUserID,ipnauth.Actor)

CurrentUserForTest returns the current user and the associated WindowsUserID.It is used for testing only, and will be removed along with the rest of the"current user" functionality as we progress on the multi-user improvements (tailscale/corp#18342).

func (*LocalBackend)DERPMapadded inv1.12.0

func (b *LocalBackend) DERPMap() *tailcfg.DERPMap

DERPMap returns the current DERPMap in use, or nil if not connected.

func (*LocalBackend)DebugBreakDERPConnsadded inv1.48.0

func (b *LocalBackend) DebugBreakDERPConns()error

func (*LocalBackend)DebugBreakTCPConnsadded inv1.48.0

func (b *LocalBackend) DebugBreakTCPConns()error

func (*LocalBackend)DebugForceNetmapUpdateadded inv1.50.0

func (b *LocalBackend) DebugForceNetmapUpdate()

DebugForceNetmapUpdate forces a full no-op netmap update of the currentnetmap in all the various subsystems (wireguard, magicsock, LocalBackend).

It exists for load testing reasons (for issue 1909), doing what would happenif a new MapResponse came in from the control server that couldn't be handledincrementally.

func (*LocalBackend)DebugForcePreferDERPadded inv1.78.0

func (b *LocalBackend) DebugForcePreferDERP(nint)

DebugForcePreferDERP forwards to netcheck.DebugForcePreferDERP.See its docs.

func (*LocalBackend)DebugNotifyadded inv1.34.0

func (b *LocalBackend) DebugNotify(nipn.Notify)

DebugNotify injects a fake notify message to clients.

It should only be used via the LocalAPI's debug handler.

func (*LocalBackend)DebugNotifyLastNetMapadded inv1.62.0

func (b *LocalBackend) DebugNotifyLastNetMap()

DebugNotifyLastNetMap injects a fake notify message to clients,repeating whatever the last netmap was.

It should only be used via the LocalAPI's debug handler.

func (*LocalBackend)DebugPeerRelayServersadded inv1.86.0

func (b *LocalBackend) DebugPeerRelayServers()set.Set[netip.Addr]

func (*LocalBackend)DebugPickNewDERPadded inv1.52.0

func (b *LocalBackend) DebugPickNewDERP()error

DebugPickNewDERP forwards to magicsock.Conn.DebugPickNewDERP.See its docs.

func (*LocalBackend)DebugReSTUNadded inv1.20.0

func (b *LocalBackend) DebugReSTUN()error

func (*LocalBackend)DebugRebindadded inv1.20.0

func (b *LocalBackend) DebugRebind()error

func (*LocalBackend)DebugRotateDiscoKeyadded inv1.92.0

func (b *LocalBackend) DebugRotateDiscoKey()error

func (*LocalBackend)DeleteForegroundSessionadded inv1.50.0

func (b *LocalBackend) DeleteForegroundSession(sessionIDstring)error

DeleteForegroundSession deletes a ServeConfig's foreground sessionin the LocalBackend if it exists. It also ensures check, delete, andset operations happen within the same mutex lock to avoid any races.

func (*LocalBackend)DeleteProfileadded inv1.34.0

func (b *LocalBackend) DeleteProfile(pipn.ProfileID)error

DeleteProfile deletes a profile with the given ID.If the profile is not known, it is a no-op.

func (*LocalBackend)Dialeradded inv1.20.0

func (b *LocalBackend) Dialer() *tsdial.Dialer

Dialer returns the backend's dialer.It is always non-nil.

func (*LocalBackend)DisconnectControladded inv1.78.0

func (b *LocalBackend) DisconnectControl()

DisconnectControl shuts down control client. This can be run before node shutdown to force control to consider this ndoeinactive. This can be used to ensure that nodes that are HA subnet router or app connector replicas are shuttingdown, clients switch over to other replicas whilst the existing connections are kept alive for some period of time.

func (*LocalBackend)DoNoiseRequestadded inv1.24.0

func (b *LocalBackend) DoNoiseRequest(req *http.Request) (*http.Response,error)

DoNoiseRequest sends a request to URL over the control planeNoise connection.

func (*LocalBackend)DriveAccessEnabledadded inv1.64.0

func (b *LocalBackend) DriveAccessEnabled()bool

DriveAccessEnabled reports whether accessing Taildrive shares on remote nodesis enabled. This is currently based on checking for the drive:access nodeattribute.

func (*LocalBackend)DriveGetSharesadded inv1.64.0

func (b *LocalBackend) DriveGetShares()views.SliceView[*drive.Share,drive.ShareView]

DriveGetShares gets the current list of Taildrive shares, sorted by name.

func (*LocalBackend)DriveRemoveShareadded inv1.64.0

func (b *LocalBackend) DriveRemoveShare(namestring)error

DriveRemoveShare removes the named share. Share names are forced tolowercase.

func (*LocalBackend)DriveRenameShareadded inv1.64.0

func (b *LocalBackend) DriveRenameShare(oldName, newNamestring)error

DriveRenameShare renames the share at old name to new name. To avoidpotential incompatibilities across file systems, the new share name islimited to alphanumeric characters and the underscore _.Any of the following will result in an error.- no share found under old name- new share name contains disallowed characters- share already exists under new name

func (*LocalBackend)DriveSetServerAddradded inv1.64.0

func (b *LocalBackend) DriveSetServerAddr(addrstring)error

DriveSetServerAddr tells Taildrive to use the given address for connectingto the drive.FileServer that's exposing local files as an unprivilegeduser.

func (*LocalBackend)DriveSetShareadded inv1.64.0

func (b *LocalBackend) DriveSetShare(share *drive.Share)error

DriveSetShare adds the given share if no share with that name exists, orreplaces the existing share if one with the same name already exists. Toavoid potential incompatibilities across file systems, share names arelimited to alphanumeric characters and the underscore _.

func (*LocalBackend)DriveSharingEnabledadded inv1.64.0

func (b *LocalBackend) DriveSharingEnabled()bool

DriveSharingEnabled reports whether sharing to remote nodes via Taildrive isenabled. This is currently based on checking for the drive:share nodeattribute.

func (*LocalBackend)EditPrefsadded inv1.8.0

func (b *LocalBackend) EditPrefs(mp *ipn.MaskedPrefs) (ipn.PrefsView,error)

EditPrefs applies the changes in mp to the current prefs,acting as the tailscaled itself rather than a specific user.

func (*LocalBackend)EditPrefsAsadded inv1.82.0

func (b *LocalBackend) EditPrefsAs(mp *ipn.MaskedPrefs, actoripnauth.Actor) (ipn.PrefsView,error)

EditPrefsAs is like EditPrefs, but makes the change as the specified actor.It returns an error if the actor is not allowed to make the change.

func (*LocalBackend)EventBusadded inv1.90.0

func (b *LocalBackend) EventBus() *eventbus.Bus

EventBus returns the node's event bus.

func (*LocalBackend)FindExtensionByNameadded inv1.84.0

func (b *LocalBackend) FindExtensionByName(namestring)any

FindExtensionByName returns an active extension with the given name,or nil if no such extension exists.

func (*LocalBackend)FindMatchingExtensionadded inv1.84.0

func (b *LocalBackend) FindMatchingExtension(targetany)bool

FindMatchingExtension finds the first active extension that matches target,and if one is found, sets target to that extension and returns true.Otherwise, it returns false.

It panics if target is not a non-nil pointer to either a typethat implementsipnext.Extension, or to any interface type.

func (*LocalBackend)GetCertPEMadded inv1.34.0

func (b *LocalBackend) GetCertPEM(ctxcontext.Context, domainstring) (*TLSCertKeyPair,error)

GetCertPEM gets the TLSCertKeyPair for domain, either from cache or via theACME process. ACME process is used for new domain certs, existing expiredcerts or existing certs that should get renewed due to upcoming expiry.

If a cert is expired, it will be renewed synchronously otherwise it will berenewed asynchronously.

func (*LocalBackend)GetCertPEMWithValidityadded inv1.72.0

func (b *LocalBackend) GetCertPEMWithValidity(ctxcontext.Context, domainstring, minValiditytime.Duration) (*TLSCertKeyPair,error)

GetCertPEMWithValidity gets the TLSCertKeyPair for domain, either from cacheor via the ACME process. ACME process is used for new domain certs, existingexpired certs or existing certs that should get renewed sooner thanminValidity.

If a cert is expired, or expires sooner than minValidity, it will be renewedsynchronously. Otherwise it will be renewed asynchronously.

func (*LocalBackend)GetComponentDebugLoggingadded inv1.32.1

func (b *LocalBackend) GetComponentDebugLogging(componentstring)time.Time

GetComponentDebugLogging gets the time that component's debug logging isenabled until, or the zero time if component's time is not currentlyenabled.

func (*LocalBackend)GetDNSOSConfigadded inv1.74.0

func (b *LocalBackend) GetDNSOSConfig() (dns.OSConfig,error)

GetDNSOSConfig returns the base OS DNS configuration, as seen by the DNS manager.

func (*LocalBackend)GetFilterForTestadded inv1.82.0

func (b *LocalBackend) GetFilterForTest() *filter.Filter

func (*LocalBackend)GetOrSetCaptureSinkadded inv1.80.0

func (b *LocalBackend) GetOrSetCaptureSink(newSink func()packet.CaptureSink)packet.CaptureSink

GetOrSetCaptureSink returns the current packet capture sink, creating itwith the provided newSink function if it does not already exist.

func (*LocalBackend)GetPeerAPIPortadded inv1.20.4

func (b *LocalBackend) GetPeerAPIPort(ipnetip.Addr) (portuint16, okbool)

GetPeerAPIPort returns the port number for the peerapi serverrunning on the provided IP.

func (*LocalBackend)GetPeerEndpointChangesadded inv1.38.0

func (b *LocalBackend) GetPeerEndpointChanges(ctxcontext.Context, ipnetip.Addr) ([]magicsock.EndpointChange,error)

func (*LocalBackend)GetPushDeviceTokenadded inv1.52.0

func (b *LocalBackend) GetPushDeviceToken()string

GetPushDeviceToken returns the push notification device token.

func (*LocalBackend)GetSSH_HostKeysadded inv1.22.0

func (b *LocalBackend) GetSSH_HostKeys() (keys []ssh.Signer, errerror)

func (*LocalBackend)HandleIngressTCPConnadded inv1.34.0

func (b *LocalBackend) HandleIngressTCPConn(ingressPeertailcfg.NodeView, targetipn.HostPort, srcAddrnetip.AddrPort, getConnOrReset func() (net.Conn,bool), sendRST func())

HandleIngressTCPConn handles a TCP connection initiated by the ingressPeerproxied to the local node over the PeerAPI.Target represents the destination HostPort of the conn.srcAddr represents the source AddrPort and not that of the ingressPeer.getConnOrReset is a callback to get the connection, or reset if the connectionis no longer available.sendRST is a callback to send a TCP RST to the ingressPeer indicating thatthe connection was not accepted.

func (*LocalBackend)HandleQuad100Port80Connadded inv1.26.0

func (b *LocalBackend) HandleQuad100Port80Conn(cnet.Conn)error

HandleQuad100Port80Conn serveshttp://100.100.100.100/ on port 80 (andthe equivalent tsaddr.TailscaleServiceIPv6 address).

func (*LocalBackend)HardwareAttestedadded inv1.90.0

func (b *LocalBackend) HardwareAttested()bool

HardwareAttested reports whether hardware-backed attestation keys should beused to bind the node's identity to this device.

func (*LocalBackend)HealthTrackeradded inv1.66.0

func (b *LocalBackend) HealthTracker() *health.Tracker

HealthTracker returns the health tracker for the backend.

func (*LocalBackend)ListProfilesadded inv1.34.0

func (b *LocalBackend) ListProfiles() []ipn.LoginProfileView

ListProfiles returns a list of all LoginProfiles.

func (*LocalBackend)Loggeradded inv1.90.0

func (b *LocalBackend) Logger()logger.Logf

Logger returns the logger for the backend.

func (*LocalBackend)Logout

func (b *LocalBackend) Logout(ctxcontext.Context, actoripnauth.Actor)error

Logout logs out the current profile, if any, and waits for the logout tocomplete.

func (*LocalBackend)MagicConnadded inv1.56.0

func (b *LocalBackend) MagicConn() *magicsock.Conn

MagicConn returns the backend's *magicsock.Conn.

func (*LocalBackend)MaybeClearAppConnectoradded inv1.66.0

func (b *LocalBackend) MaybeClearAppConnector(mp *ipn.MaskedPrefs)error

MaybeClearAppConnector clears the routes from any AppConnector ifAdvertiseRoutes has been set in the MaskedPrefs.

func (*LocalBackend)NetMap

func (b *LocalBackend) NetMap() *netmap.NetworkMap

NetMap returns the latest cached network map received fromcontrolclient, or nil if no network map was received yet.

func (*LocalBackend)NetMonadded inv1.66.0

func (b *LocalBackend) NetMon() *netmon.Monitor

NetMon returns the network monitor for the backend.

func (*LocalBackend)NetworkLockAffectedSigsadded inv1.38.0

func (b *LocalBackend) NetworkLockAffectedSigs(keyIDtkatype.KeyID) ([]tkatype.MarshaledSignature,error)

NetworkLockAffectedSigs returns the signatures which would be invalidatedby removing trust in the specified KeyID.

func (*LocalBackend)NetworkLockAllowedadded inv1.86.0

func (b *LocalBackend) NetworkLockAllowed()bool

NetworkLockAllowed reports whether the node is allowed to use Tailnet Lock.

func (*LocalBackend)NetworkLockCosignRecoveryAUMadded inv1.48.0

func (b *LocalBackend) NetworkLockCosignRecoveryAUM(aum *tka.AUM) (*tka.AUM,error)

NetworkLockCosignRecoveryAUM co-signs the provided recovery AUM and returnsthe updated structure.

The recovery AUM provided should be the output from a previous call toNetworkLockGenerateRecoveryAUM or NetworkLockCosignRecoveryAUM.

func (*LocalBackend)NetworkLockDisableadded inv1.34.0

func (b *LocalBackend) NetworkLockDisable(secret []byte)error

NetworkLockDisable disables network-lock using the provided disablement secret.

func (*LocalBackend)NetworkLockForceLocalDisableadded inv1.34.0

func (b *LocalBackend) NetworkLockForceLocalDisable()error

NetworkLockForceLocalDisable shuts down TKA locally, and denylists the currentTKA from being initialized locally in future.

func (*LocalBackend)NetworkLockGenerateRecoveryAUMadded inv1.48.0

func (b *LocalBackend) NetworkLockGenerateRecoveryAUM(removeKeys []tkatype.KeyID, forkFromtka.AUMHash) (*tka.AUM,error)

NetworkLockGenerateRecoveryAUM generates an AUM which retroactively removes trust in thespecified keys. This AUM is signed by the current node and returned.

If forkFrom is specified, it is used as the parent AUM to fork from. If the zero value,the parent AUM is determined automatically.

func (*LocalBackend)NetworkLockInitadded inv1.30.0

func (b *LocalBackend) NetworkLockInit(keys []tka.Key, disablementValues [][]byte, supportDisablement []byte)error

NetworkLockInit enables network-lock for the tailnet, with the tailnets'key authority initialized to trust the provided keys.

Initialization involves two RPCs with control, termed 'begin' and 'finish'.The Begin RPC transmits the genesis Authority Update Message, whichencodes the initial state of the authority, and the list of all nodesneeding signatures is returned as a response.The Finish RPC submits signatures for all these nodes, at which pointControl has everything it needs to atomically enable network lock.

func (*LocalBackend)NetworkLockKeyTrustedForTestadded inv1.32.0

func (b *LocalBackend) NetworkLockKeyTrustedForTest(keyIDtkatype.KeyID)bool

Only use is in tests.

func (*LocalBackend)NetworkLockLogadded inv1.34.0

func (b *LocalBackend) NetworkLockLog(maxEntriesint) ([]ipnstate.NetworkLockUpdate,error)

NetworkLockLog returns the changelog of TKA state up to maxEntries in size.

func (*LocalBackend)NetworkLockModifyadded inv1.32.0

func (b *LocalBackend) NetworkLockModify(addKeys, removeKeys []tka.Key) (errerror)

NetworkLockModify adds and/or removes keys in the tailnet's key authority.

func (*LocalBackend)NetworkLockSignadded inv1.34.0

func (b *LocalBackend) NetworkLockSign(nodeKeykey.NodePublic, rotationPublic []byte)error

NetworkLockSign signs the given node-key and submits it to the control plane.rotationPublic, if specified, must be an ed25519 public key.

func (*LocalBackend)NetworkLockStatusadded inv1.30.0

func (b *LocalBackend) NetworkLockStatus() *ipnstate.NetworkLockStatus

NetworkLockStatus returns a structure describing the state of thetailnet key authority, if any.

func (*LocalBackend)NetworkLockSubmitRecoveryAUMadded inv1.48.0

func (b *LocalBackend) NetworkLockSubmitRecoveryAUM(aum *tka.AUM)error

func (*LocalBackend)NetworkLockVerifySignatureForTestadded inv1.32.0

func (b *LocalBackend) NetworkLockVerifySignatureForTest(nkstkatype.MarshaledSignature, nodeKeykey.NodePublic)error

Only use is in tests.

func (*LocalBackend)NetworkLockVerifySigningDeeplinkadded inv1.44.0

func (b *LocalBackend) NetworkLockVerifySigningDeeplink(urlstring)tka.DeeplinkValidationResult

NetworkLockVerifySigningDeeplink asks the authority to verify the given deeplinkURL. See the comment for ValidateDeeplink for details.

func (*LocalBackend)NetworkLockWrapPreauthKeyadded inv1.38.0

func (b *LocalBackend) NetworkLockWrapPreauthKey(preauthKeystring, tkaKeykey.NLPrivate) (string,error)

NetworkLockWrapPreauthKey wraps a pre-auth key with information toenable unattended bringup in the locked tailnet.

The provided trusted tailnet-lock key is used to signa SigCredential structure, which is encoded along with theprivate key and appended to the pre-auth key.

func (*LocalBackend)NewProfileadded inv1.34.0

func (b *LocalBackend) NewProfile()error

NewProfile creates and switches to the new profile.

func (*LocalBackend)NodeBackendadded inv1.84.0

func (b *LocalBackend) NodeBackend()ipnext.NodeBackend

NodeBackend returns the current node's NodeBackend interface.

func (*LocalBackend)NodeKeyadded inv1.42.0

func (b *LocalBackend) NodeKey()key.NodePublic

NodeKey returns the public node key.

func (*LocalBackend)ObserveDNSResponseadded inv1.54.0

func (b *LocalBackend) ObserveDNSResponse(res []byte)error

ObserveDNSResponse passes a DNS response from the PeerAPI DNS server to theApp Connector to enable route discovery.

func (*LocalBackend)OfferingAppConnectoradded inv1.54.0

func (b *LocalBackend) OfferingAppConnector()bool

OfferingAppConnector reports whether b is currently offering appconnector services.

func (*LocalBackend)OfferingExitNodeadded inv1.20.0

func (b *LocalBackend) OfferingExitNode()bool

OfferingExitNode reports whether b is currently offering exit nodeaccess.

func (*LocalBackend)OperatorUserIDadded inv1.8.0

func (b *LocalBackend) OperatorUserID()string

OperatorUserID returns the current pref's OperatorUser's ID (inos/user.User.Uid string form), or the empty string if none.

func (*LocalBackend)PeerCapsadded inv1.24.0

func (b *LocalBackend) PeerCaps(srcnetip.Addr)tailcfg.PeerCapMap

PeerCaps returns the capabilities that remote src IP has toths current node.

func (*LocalBackend)PeersForTestadded inv1.50.0

func (b *LocalBackend) PeersForTest() []tailcfg.NodeView

PeersForTest returns all the current peers, sorted by Node.ID,for integration tests in another repo.

func (*LocalBackend)Ping

func (*LocalBackend)PolicyClientadded inv1.90.0

func (b *LocalBackend) PolicyClient()policyclient.Client

PolicyClient returns the policy client for the backend.

func (*LocalBackend)Prefsadded inv1.8.0

func (b *LocalBackend) Prefs()ipn.PrefsView

Prefs returns a copy of b's current prefs, with any private keys removed.

func (*LocalBackend)QueryDNSadded inv1.76.0

func (b *LocalBackend) QueryDNS(namestring, queryTypednsmessage.Type) (res []byte, resolvers []*dnstype.Resolver, errerror)

QueryDNS performs a DNS query for name and queryType using the built-in DNS resolver, and returnsthe raw DNS response and the resolvers that are were able to handle the query (the internal forwardermay race multiple resolvers).

func (*LocalBackend)ReadRouteInfoadded inv1.90.0

func (b *LocalBackend) ReadRouteInfo() (*appctype.RouteInfo,error)

ReadRouteInfo returns the app connector route information that isstored in prefs to be consistent across restarts. It should be upto date with the RouteInfo in memory being used by appc.

func (*LocalBackend)RefreshExitNodeadded inv1.86.0

func (b *LocalBackend) RefreshExitNode()

RefreshExitNode determines which exit node to use based on the currentprefs and netmap and switches to it if needed.

func (*LocalBackend)ReloadConfigadded inv1.52.0

func (b *LocalBackend) ReloadConfig() (okbool, errerror)

ReloadConfig reloads the backend's config from disk.

It returns (false, nil) if not running in declarative mode, (true, nil) onsuccess, or (false, error) on failure.

func (*LocalBackend)ResetAuthadded inv1.38.0

func (b *LocalBackend) ResetAuth()error

ResetAuth resets the authentication state, including persisted keys. Alsohas the side effect of removing all profiles and reseting preferences. Thebackend is left with a new profile, ready for StartLoginInterative to becalled to register it as new node.

func (*LocalBackend)SendNotifyadded inv1.84.0

func (b *LocalBackend) SendNotify(nipn.Notify)

SendNotify sends a notification to the IPN bus,typically to the GUI client.

func (*LocalBackend)ServeConfigadded inv1.34.0

func (b *LocalBackend) ServeConfig()ipn.ServeConfigView

ServeConfig provides a view of the current serve mappings.If serving is not configured, the returned view is not Valid.

func (*LocalBackend)SetComponentDebugLoggingadded inv1.32.0

func (b *LocalBackend) SetComponentDebugLogging(componentstring, untiltime.Time)error

SetComponentDebugLogging sets component's debug logging enabled until the until time.If until is in the past, the component's debug logging is disabled.

The following components are recognized:

  • magicsock
  • sockstats

func (*LocalBackend)SetControlClientGetterForTestingadded inv1.8.0

func (b *LocalBackend) SetControlClientGetterForTesting(newControlClient func(controlclient.Options) (controlclient.Client,error))

SetControlClientGetterForTesting sets the func that creates acontrol plane client. It can be called at most once, before Start.

func (*LocalBackend)SetControlClientStatusadded inv1.50.0

func (b *LocalBackend) SetControlClientStatus(ccontrolclient.Client, stcontrolclient.Status)

SetControlClientStatus is the callback invoked by the control client whenever it posts a new status.Among other things, this is where we update the netmap, packet filters, DNS and DERP maps.

func (*LocalBackend)SetCurrentUseradded inv1.44.3

func (b *LocalBackend) SetCurrentUser(actoripnauth.Actor)

SetCurrentUser is used to implement support for multi-user systems (onlyWindows 2022-11-25). On such systems, the actor is used to determine whichuser's state should be used. The current user is maintained by activeconnections open to the backend.

When the backend initially starts it will typically start with no user. Then,the first connection to the backend from the GUI frontend will set thecurrent user. Once set, the current user cannot be changed until all previousconnections are closed. The user is also used to determine whichLoginProfiles are accessible.

In unattended mode, the backend will start with the user which enabledunattended mode. The user must disable unattended mode before the user can bechanged.

On non-multi-user systems, the actor should be set to nil.

func (*LocalBackend)SetDNSadded inv1.10.0

func (b *LocalBackend) SetDNS(ctxcontext.Context, name, valuestring)error

SetDNS adds a DNS record for the given domain name & TXT recordvalue.

It's meant for use with dns-01 ACME (LetsEncrypt) challenges.

This is the low-level interface. Other layers will provide morefriendly options to get HTTPS certs.

func (*LocalBackend)SetDevStateStoreadded inv1.34.0

func (b *LocalBackend) SetDevStateStore(key, valuestring)error

SetDevStateStore updates the LocalBackend's state storage to the provided values.

It's meant only for development.

func (*LocalBackend)SetDeviceAttrsadded inv1.80.0

func (b *LocalBackend) SetDeviceAttrs(ctxcontext.Context, attrstailcfg.AttrUpdate)error

SetDeviceAttrs does a synchronous call to the control plane to updatethe node's attributes.

See docs ontailcfg.SetDeviceAttributesRequest for background.

func (*LocalBackend)SetExpirySooneradded inv1.24.0

func (b *LocalBackend) SetExpirySooner(ctxcontext.Context, expirytime.Time)error

SetExpiry updates the expiry of the current node key to t, as long as it'sonly sooner than the old expiry.

If t is in the past, the key is expired immediately.If t is after the current expiry, an error is returned.

func (*LocalBackend)SetHTTPTestClientadded inv1.8.0

func (b *LocalBackend) SetHTTPTestClient(c *http.Client)

SetHTTPTestClient sets an alternate HTTP client to use withconnections to the coordination server. It exists fortesting. Using nil means to use the default.

func (*LocalBackend)SetHardwareAttestedadded inv1.90.0

func (b *LocalBackend) SetHardwareAttested()

SetHardwareAttested enables hardware attestation key signatures in maprequests, if supported on this platform. SetHardwareAttested should be calledbefore Start.

func (*LocalBackend)SetLogFlusheradded inv1.36.0

func (b *LocalBackend) SetLogFlusher(flushFunc func())

SetLogFlusher sets a func to be called to flush log uploads.

It should only be called before the LocalBackend is used.

func (*LocalBackend)SetNotifyCallbackadded inv1.8.0

func (b *LocalBackend) SetNotifyCallback(notify func(ipn.Notify))

SetNotifyCallback sets the function to call when the backend has something tonotify the frontend about. Only one callback can be set at a time, so callingthis function will replace the previous callback.

func (*LocalBackend)SetPushDeviceTokenadded inv1.52.0

func (b *LocalBackend) SetPushDeviceToken(tkstring)

SetPushDeviceToken sets the push notification device token and informs thecontrolclient of the new value.

func (*LocalBackend)SetServeConfigadded inv1.34.0

func (b *LocalBackend) SetServeConfig(config *ipn.ServeConfig, etagstring)error

SetServeConfig establishes or replaces the current serve config.ETag is an optional parameter to enforce Optimistic Concurrency Control.If it is an empty string, then the config will be overwritten.

New foreground config cannot override existing listeners--neither existingforeground listeners nor existing background listeners. Background config canchange as long as the serve type (e.g. HTTP, TCP, etc.) remains the same.

func (*LocalBackend)SetTCPHandlerForFunnelFlowadded inv1.38.0

func (b *LocalBackend) SetTCPHandlerForFunnelFlow(h func(srcnetip.AddrPort, dstPortuint16) (handler func(net.Conn)))

SetTCPHandlerForFunnelFlow sets the TCP handler for Funnel flows.It should only be called before the LocalBackend is used.

func (*LocalBackend)SetUDPGROForwardingadded inv1.68.0

func (b *LocalBackend) SetUDPGROForwarding()error

SetUDPGROForwarding enables UDP GRO forwarding for the default networkinterface of this machine. It can be done to improve performance for nodesacting as Tailscale subnet routers or exit nodes. Currently (9/5/2024) thisfunctionality is considered experimental and only safe to use via explicituser opt-in for ephemeral devices, such as containers.https://tailscale.com/kb/1320/performance-best-practices#linux-optimizations-for-subnet-routers-and-exit-nodes

func (*LocalBackend)SetUseExitNodeEnabledadded inv1.64.0

func (b *LocalBackend) SetUseExitNodeEnabled(actoripnauth.Actor, vbool) (ipn.PrefsView,error)

SetUseExitNodeEnabled turns on or off the most recently selected exit node.

On success, it returns the resulting prefs (or current prefs, in the case of no change).Setting the value to false when use of an exit node is already false is not an error,nor is true when the exit node is already in use.

func (*LocalBackend)SetVarRootadded inv1.18.0

func (b *LocalBackend) SetVarRoot(dirstring)

SetVarRoot sets the root directory of Tailscale's writablestorage area . (e.g. "/var/lib/tailscale")

It should only be called before the LocalBackend is used.

func (*LocalBackend)ShouldExposeRemoteWebClientadded inv1.64.0

func (b *LocalBackend) ShouldExposeRemoteWebClient()bool

ShouldExposeRemoteWebClient reports whether the web client shouldaccept connections via [tailscale IP]:5252 in addition to the defaultbehaviour of accepting local connections over 100.100.100.100.

This function checks both the web client user pref viaexposeRemoteWebClientAtomicBool and the disable-web-client node attrvia ShouldRunWebClient to determine whether the web client should beexposed.

func (*LocalBackend)ShouldHandleViaIPadded inv1.24.0

func (b *LocalBackend) ShouldHandleViaIP(ipnetip.Addr)bool

ShouldHandleViaIP reports whether ip is an IPv6 address in theTailscale ULA's v6 "via" range embedding an IPv4 address to be forwarded toby Tailscale.

func (*LocalBackend)ShouldInterceptTCPPortadded inv1.34.0

func (b *LocalBackend) ShouldInterceptTCPPort(portuint16)bool

ShouldInterceptTCPPort reports whether the given TCP port number to aTailscale IP (not a subnet router, service IP, etc) should be intercepted byTailscaled and handled in-process.

func (*LocalBackend)ShouldInterceptVIPServiceTCPPortadded inv1.80.0

func (b *LocalBackend) ShouldInterceptVIPServiceTCPPort(apnetip.AddrPort)bool

ShouldInterceptVIPServiceTCPPort reports whether the given TCP port numberto a VIP service should be intercepted by Tailscaled and handled in-process.

func (*LocalBackend)ShouldRunSSHadded inv1.22.0

func (b *LocalBackend) ShouldRunSSH()bool

func (*LocalBackend)ShouldRunWebClientadded inv1.54.0

func (b *LocalBackend) ShouldRunWebClient()bool

ShouldRunWebClient reports whether the web client is being runwithin this tailscaled instance. ShouldRunWebClient is safe tocall regardless of whether b.mu is held or not.

func (*LocalBackend)Shutdown

func (b *LocalBackend) Shutdown()

Shutdown halts the backend and all its sub-components. The backendcan no longer be used after Shutdown returns.

func (*LocalBackend)Start

func (b *LocalBackend) Start(optsipn.Options)error

Start applies the configuration specified in opts, and starts thestate machine.

TODO(danderson): this function is trying to do too many things atonce: it loads state, or imports it, or updates prefs sometimes,contains some settings that are one-shot things done by `tailscaleup` because we had nowhere else to put them, and there's no clearguarantee that switching from one user's state to another isactually a supported operation (it should be, but it's very unclearfrom the following whether or not that is a safe transition).

func (*LocalBackend)StartLoginInteractive

func (b *LocalBackend) StartLoginInteractive(ctxcontext.Context)error

StartLoginInteractive requests a new interactive login from controlclient,unless such a flow is already in progress, in which caseStartLoginInteractive attempts to pick up the in-progress flow where it leftoff.

func (*LocalBackend)StartLoginInteractiveAsadded inv1.78.0

func (b *LocalBackend) StartLoginInteractiveAs(ctxcontext.Context, useripnauth.Actor)error

StartLoginInteractiveAs is like StartLoginInteractive but takes anipnauth.Actoras an additional parameter. If non-nil, the specified user is expected to completethe interactive login, and therefore will receive the BrowseToURL notification oncethe control plane sends us one. Otherwise, the notification will be delivered to allactive [watchSession]s.

func (*LocalBackend)State

func (b *LocalBackend) State()ipn.State

State returns the backend state machine's current state.

func (*LocalBackend)Status

func (b *LocalBackend) Status() *ipnstate.Status

Status returns the latest status of the backend and itssub-components.

func (*LocalBackend)StatusWithoutPeersadded inv1.8.0

func (b *LocalBackend) StatusWithoutPeers() *ipnstate.Status

StatusWithoutPeers is like Status but omits any detailsof peers.

func (*LocalBackend)SuggestExitNodeadded inv1.66.0

func (b *LocalBackend) SuggestExitNode() (responseapitype.ExitNodeSuggestionResponse, errerror)

func (*LocalBackend)SwitchProfileadded inv1.34.0

func (b *LocalBackend) SwitchProfile(profileipn.ProfileID)error

SwitchProfile switches to the profile with the given id.It will restart the backend on success.If the profile is not known, it returns an errProfileNotFound.

func (*LocalBackend)SwitchToBestProfileadded inv1.82.0

func (b *LocalBackend) SwitchToBestProfile(reasonstring)

SwitchToBestProfile selects the best profile to use,as reported by [LocalBackend.resolveBestProfileLocked], and switchesto it, unless it's already the current profile. The reason indicateswhy the profile is being switched, such as due to a client connectingor disconnecting, or a change in the desktop session state, and is usedfor logging.

func (*LocalBackend)Sysadded inv1.84.0

func (b *LocalBackend) Sys() *tsd.System

func (*LocalBackend)TCPHandlerForDstadded inv1.44.0

func (b *LocalBackend) TCPHandlerForDst(src, dstnetip.AddrPort) (handler func(cnet.Conn)error, opts []tcpip.SettableSocketOption)

TCPHandlerForDst returns a TCP handler for connections to dst, or nil ifno handler is needed. It also returns a list of TCP socket options toapply to the socket before calling the handler.TCPHandlerForDst is called both for connections to our node's local IPas well as to the service IP (quad 100).

func (*LocalBackend)TailscaleVarRootadded inv1.14.5

func (b *LocalBackend) TailscaleVarRoot()string

TailscaleVarRoot returns the root directory of Tailscale's writablestorage area. (e.g. "/var/lib/tailscale")

It returns an empty string if there's no configured or discoveredlocation.

func (*LocalBackend)TestOnlyPublicKeys

func (b *LocalBackend) TestOnlyPublicKeys() (machineKeykey.MachinePublic, nodeKeykey.NodePublic)

TestOnlyPublicKeys returns the current machine and node publickeys. Used in tests only to facilitate automated node authorizationin the test harness.

func (*LocalBackend)TryFlushLogsadded inv1.36.0

func (b *LocalBackend) TryFlushLogs()bool

TryFlushLogs calls the log flush function. It returns false if a log flushfunction was never initialized with SetLogFlusher.

TryFlushLogs should not block.

func (*LocalBackend)UnadvertiseRouteadded inv1.58.0

func (b *LocalBackend) UnadvertiseRoute(toRemove ...netip.Prefix)error

UnadvertiseRoute implements the appctype.RouteAdvertiser interface. Itremoves a route advertisement if one is present in the existing routes.

func (*LocalBackend)UpdateNetmapDeltaadded inv1.50.0

func (b *LocalBackend) UpdateNetmapDelta(muts []netmap.NodeMutation) (handledbool)

UpdateNetmapDelta implements controlclient.NetmapDeltaUpdater.

func (*LocalBackend)UpdateStatus

func (b *LocalBackend) UpdateStatus(sb *ipnstate.StatusBuilder)

UpdateStatus implements ipnstate.StatusUpdater.

func (*LocalBackend)UserMetricsRegistryadded inv1.76.0

func (b *LocalBackend) UserMetricsRegistry() *usermetric.Registry

UserMetricsRegistry returns the usermetrics registry for the backend

func (*LocalBackend)VIPServicesadded inv1.78.0

func (b *LocalBackend) VIPServices() []*tailcfg.VIPService

VIPServices returns the list of tailnet services that this nodeis serving as a destination for.The returned memory is owned by the caller.

func (*LocalBackend)WatchNotificationsadded inv1.34.0

func (b *LocalBackend) WatchNotifications(ctxcontext.Context, maskipn.NotifyWatchOpt, onWatchAdded func(), fn func(roNotify *ipn.Notify) (keepGoingbool))

WatchNotifications subscribes to the ipn.Notify message bus notificationmessages.

WatchNotifications blocks until ctx is done.

The provided onWatchAdded, if non-nil, will be called once the watcheris installed.

The provided fn will be called for each notification. It will only becalled with non-nil pointers. The caller must not modify roNotify. Iffn returns false, the watch also stops.

Failure to consume many notifications in a row will result in droppednotifications. There is currently (2022-11-22) no mechanism provided todetect when a message has been dropped.

func (*LocalBackend)WatchNotificationsAsadded inv1.78.0

func (b *LocalBackend) WatchNotificationsAs(ctxcontext.Context, actoripnauth.Actor, maskipn.NotifyWatchOpt, onWatchAdded func(), fn func(roNotify *ipn.Notify) (keepGoingbool))

WatchNotificationsAs is likeLocalBackend.WatchNotifications but takes anipnauth.Actoras an additional parameter. If non-nil, the specified callback is invokedonly for notifications relevant to this actor.

func (*LocalBackend)WhoIs

WhoIs reports the node and user who owns the node with the given IP:port.If the IP address is a Tailscale IP, the provided port may be 0.

The 'proto' is used when looking up the IP:port in our proxy mapper; ittracks which local IP:ports correspond to connections proxied by tailscaled,and since tailscaled proxies both TCP and UDP, the 'proto' is needed to lookup the correct IP:port based on the connection's protocol. If not provided,the lookup will be done for TCP and then UDP, in that order.

If ok == true, n and u are valid.

func (*LocalBackend)WhoIsNodeKeyadded inv1.70.0

WhoIsNodeKey returns the peer info of given public key, if it exists.

typePeerAPIHandleradded inv1.80.0

type PeerAPIHandler interface {Peer()tailcfg.NodeViewPeerCaps()tailcfg.PeerCapMapCanDebug()bool// can remote node can debug this node (internal state, etc)Self()tailcfg.NodeViewLocalBackend() *LocalBackendIsSelfUntagged()bool// whether the peer is untagged and the same as this userRemoteAddr()netip.AddrPortLogf(formatstring, a ...any)}

PeerAPIHandler is the interface implemented by [peerAPIHandler] and needed bymodule features registered via tailscale.com/feature/*.

typePortlistServicesadded inv1.90.0

type PortlistServices []tailcfg.Service

PortlistServices is an eventbus topic for the portlist extensionto advertise the running services on the host.

typeSSHServeradded inv1.24.0

type SSHServer interface {HandleSSHConn(net.Conn)error// NumActiveConns returns the number of connections passed to HandleSSHConn// that are still active.NumActiveConns()int// OnPolicyChange is called when the SSH access policy changes,// so that existing sessions can be re-evaluated for validity// and closed if they'd no longer be accepted.OnPolicyChange()// Shutdown is called when tailscaled is shutting down.Shutdown()}

SSHServer is the interface of the conditionally linked ssh/tailssh.server.

typeTLSCertKeyPairadded inv1.34.0

type TLSCertKeyPair struct {CertPEM []byte// public key, in PEM formKeyPEM  []byte// private key, in PEM formCachedbool// whether result came from cache}

TLSCertKeyPair is a TLS public and private key, and whether they were obtainedfrom cache or freshly obtained.

typeTLSCertKeyReaderadded inv1.82.0

type TLSCertKeyReader interface {ReadTLSCertAndKey(domainstring) ([]byte, []byte,error)}

TLSCertKeyReader is an interface implemented by state stores where it makessense to read the TLS cert and key in a single operation that can bedistinguished from generic state value reads. Currently this is only implementedby the kubestore.Store, which, in some cases, need to read cert and key from anon-cached TLS Secret.

typeTLSCertKeyWriteradded inv1.82.0

type TLSCertKeyWriter interface {WriteTLSCertAndKey(domainstring, cert, key []byte)error}

TLSCertKeyWriter is an interface implemented by state stores that can write the TLScert and key in a single atomic operation. Currently this is only implementedby the kubestore.StoreKube.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f orF : Jump to
y orY : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic.Learn more.
[8]ページ先頭
©2009-2025 Movatter.jp