tailscale.comtailscale.com/client/local Index | Files

package local

import "tailscale.com/client/local"

Package local contains a Go client for the Tailscale LocalAPI.

Index

Variables 

var ErrPeerNotFound = errors.New("peer not found")

ErrPeerNotFound is returned by Client.WhoIs, Client.WhoIsNodeKey and Client.WhoIsProto when a peer is not found.

Functions

func CertPair 

func CertPair(ctx context.Context, domain string) (certPEM, keyPEM []byte, err error)

CertPair returns a cert and private key for the provided DNS domain.

It returns a cached certificate from disk if it's still valid.

Deprecated: use Client.CertPair.

func ExpandSNIName 

func ExpandSNIName(ctx context.Context, name string) (fqdn string, ok bool)

ExpandSNIName expands bare label name into the most likely actual TLS cert name.

Deprecated: use Client.ExpandSNIName.

func GetCertificate 

func GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate fetches a TLS certificate for the TLS ClientHello in hi.

It returns a cached certificate from disk if it's still valid.

It's the right signature to use as the value of tls.Config.GetCertificate.

Deprecated: use Client.GetCertificate.

func IsAccessDeniedError 

func IsAccessDeniedError(err error) bool

IsAccessDeniedError reports whether err is or wraps an AccessDeniedError.

func IsPreconditionsFailedError 

func IsPreconditionsFailedError(err error) bool

IsPreconditionsFailedError reports whether err is or wraps an PreconditionsFailedError.

func SetVersionMismatchHandler 

func SetVersionMismatchHandler(f func(clientVer, serverVer string))

SetVersionMismatchHandler sets f as the version mismatch handler to be called when the client (the current process) has a version number that doesn't match the server's declared version.

func Status 

func Status(ctx context.Context) (*ipnstate.Status, error)

Status returns the Tailscale daemon's status.

func StatusWithoutPeers 

func StatusWithoutPeers(ctx context.Context) (*ipnstate.Status, error)

StatusWithoutPeers returns the Tailscale daemon's status, without the peer info.

func WhoIs 

func WhoIs(ctx context.Context, remoteAddr string) (*apitype.WhoIsResponse, error)

WhoIs returns the owner of the remoteAddr, which must be an IP or IP:port.

Deprecated: use Client.WhoIs.

Types

type AccessDeniedError 

type AccessDeniedError struct {
	// contains filtered or unexported fields
}

AccessDeniedError is an error due to permissions.

func (*AccessDeniedError) Error 

func (e *AccessDeniedError) Error() string

func (*AccessDeniedError) Unwrap 

func (e *AccessDeniedError) Unwrap() error

type BugReportOpts 

type BugReportOpts struct {
	// Note contains an optional user-provided note to add to the logs.
	Note string

	// Diagnose specifies whether to print additional diagnostic information to
	// the logs when generating this bugreport.
	Diagnose bool

	// Record specifies, if non-nil, whether to perform a bugreport
	// "recording"–generating an initial log marker, then waiting for
	// this channel to be closed before finishing the request, which
	// generates another log marker.
	Record <-chan struct{}
}

BugReportOpts contains options to pass to the Tailscale daemon when generating a bug report.

type Client 

type Client struct {
	// Dial optionally specifies an alternate func that connects to the local
	// machine's tailscaled or equivalent. If nil, a default is used.
	Dial func(ctx context.Context, network, addr string) (net.Conn, error)

	// Transport optionally specifies an alternate [http.RoundTripper]
	// used to execute HTTP requests. If nil, a default [http.Transport] is used,
	// potentially with custom dialing logic from [Dial].
	// It is primarily used for testing.
	Transport http.RoundTripper

	// Socket specifies an alternate path to the local Tailscale socket.
	// If empty, a platform-specific default is used.
	Socket string

	// UseSocketOnly, if true, tries to only connect to tailscaled via the
	// Unix socket and not via fallback mechanisms as done on macOS when
	// connecting to the GUI client variants.
	UseSocketOnly bool

	// OmitAuth, if true, omits sending the local Tailscale daemon any
	// authentication token that might be required by the platform.
	//
	// As of 2024-08-12, only macOS uses an authentication token. OmitAuth is
	// meant for when Dial is set and the LocalAPI is being proxied to a
	// different operating system, such as in integration tests.
	OmitAuth bool
	// contains filtered or unexported fields
}

Client is a client to Tailscale's "LocalAPI", communicating with the Tailscale daemon on the local machine. Its API is not necessarily stable and subject to changes between releases. Some API calls have stricter compatibility guarantees, once they've been widely adopted. See method docs for details.

Its zero value is valid to use.

Any exported fields should be set before using methods on the type and not changed thereafter.

func (*Client) AwaitWaitingFiles 

func (lc *Client) AwaitWaitingFiles(ctx context.Context, d time.Duration) ([]apitype.WaitingFile, error)

AwaitWaitingFiles is like Client.WaitingFiles but takes a duration to await for an answer. If the duration is 0, it will return immediately. The duration is respected at second granularity only. If no files are available, it returns (nil, nil).

func (*Client) BugReport 

func (lc *Client) BugReport(ctx context.Context, note string) (string, error)

BugReport logs and returns a log marker that can be shared by the user with support.

This is the same as calling Client.BugReportWithOpts and only specifying the Note field.

func (*Client) BugReportWithOpts 

func (lc *Client) BugReportWithOpts(ctx context.Context, opts BugReportOpts) (string, error)

BugReportWithOpts logs and returns a log marker that can be shared by the user with support.

The opts type specifies options to pass to the Tailscale daemon when generating this bug report.

func (*Client) CertPair 

func (lc *Client) CertPair(ctx context.Context, domain string) (certPEM, keyPEM []byte, err error)

CertPair returns a cert and private key for the provided DNS domain.

It returns a cached certificate from disk if it's still valid.

API maturity: this is considered a stable API.

func (*Client) CertPairWithValidity 

func (lc *Client) CertPairWithValidity(ctx context.Context, domain string, minValidity time.Duration) (certPEM, keyPEM []byte, err error)

CertPairWithValidity returns a cert and private key for the provided DNS domain.

It returns a cached certificate from disk if it's still valid. When minValidity is non-zero, the returned certificate will be valid for at least the given duration, if permitted by the CA. If the certificate is valid, but for less than minValidity, it will be synchronously renewed.

API maturity: this is considered a stable API.

func (*Client) CheckIPForwarding 

func (lc *Client) CheckIPForwarding(ctx context.Context) error

CheckIPForwarding asks the local Tailscale daemon whether it looks like the machine is properly configured to forward IP packets as a subnet router or exit node.

func (*Client) CheckPrefs 

func (lc *Client) CheckPrefs(ctx context.Context, p *ipn.Prefs) error

CheckPrefs validates the provided preferences, without making any changes.

The CLI uses this before a Start call to fail fast if the preferences won't work. Currently (2022-04-18) this only checks for SSH server compatibility. Note that EditPrefs does the same validation as this, so call CheckPrefs before EditPrefs is not necessary.

func (*Client) CheckUDPGROForwarding 

func (lc *Client) CheckUDPGROForwarding(ctx context.Context) error

CheckUDPGROForwarding asks the local Tailscale daemon whether it looks like the machine is optimally configured to forward UDP packets as a subnet router or exit node.

func (*Client) CheckUpdate 

func (lc *Client) CheckUpdate(ctx context.Context) (*tailcfg.ClientVersion, error)

CheckUpdate returns a *tailcfg.ClientVersion indicating whether or not an update is available to be installed via the LocalAPI. In case the LocalAPI can't install updates, it returns a ClientVersion that says that we are up to date.

func (*Client) CurrentDERPMap 

func (lc *Client) CurrentDERPMap(ctx context.Context) (*tailcfg.DERPMap, error)

CurrentDERPMap returns the current DERPMap that is being used by the local tailscaled. It is intended to be used with netcheck to see availability of DERPs.

func (*Client) DaemonMetrics 

func (lc *Client) DaemonMetrics(ctx context.Context) ([]byte, error)

DaemonMetrics returns the Tailscale daemon's metrics in the Prometheus text exposition format.

func (*Client) DebugAction 

func (lc *Client) DebugAction(ctx context.Context, action string) error

DebugAction invokes a debug action, such as "rebind" or "restun". These are development tools and subject to change or removal over time.

func (*Client) DebugActionBody 

func (lc *Client) DebugActionBody(ctx context.Context, action string, rbody io.Reader) error

DebugActionBody invokes a debug action with a body parameter, such as "debug-force-prefer-derp". These are development tools and subject to change or removal over time.

func (*Client) DebugDERPRegion 

func (lc *Client) DebugDERPRegion(ctx context.Context, regionIDOrCode string) (*ipnstate.DebugDERPRegionReport, error)

func (*Client) DebugPacketFilterRules 

func (lc *Client) DebugPacketFilterRules(ctx context.Context) ([]tailcfg.FilterRule, error)

DebugPacketFilterRules returns the packet filter rules for the current device.

func (*Client) DebugPortmap 

func (lc *Client) DebugPortmap(ctx context.Context, opts *DebugPortmapOpts) (io.ReadCloser, error)

DebugPortmap invokes the debug-portmap endpoint, and returns an io.ReadCloser that can be used to read the logs that are printed during this process.

opts can be nil; if so, default values will be used.

func (*Client) DebugResultJSON 

func (lc *Client) DebugResultJSON(ctx context.Context, action string) (any, error)

DebugResultJSON invokes a debug action and returns its result as something JSON-able. These are development tools and subject to change or removal over time.

func (*Client) DebugSetExpireIn 

func (lc *Client) DebugSetExpireIn(ctx context.Context, d time.Duration) error

DebugSetExpireIn marks the current node key to expire in d.

This is meant primarily for debug and testing.

func (*Client) DeleteProfile 

func (lc *Client) DeleteProfile(ctx context.Context, profile ipn.ProfileID) error

DeleteProfile removes the profile with the given ID. If the profile is the current profile, an empty profile will be selected as if Client.SwitchToEmptyProfile was called.

func (*Client) DeleteWaitingFile 

func (lc *Client) DeleteWaitingFile(ctx context.Context, baseName string) error

func (*Client) DialTCP 

func (lc *Client) DialTCP(ctx context.Context, host string, port uint16) (net.Conn, error)

DialTCP connects to the host's port via Tailscale.

The host may be a base DNS name (resolved from the netmap inside tailscaled), a FQDN, or an IP address.

The ctx is only used for the duration of the call, not the lifetime of the net.Conn.

func (*Client) DisconnectControl 

func (lc *Client) DisconnectControl(ctx context.Context) error

DisconnectControl shuts down all connections to control, thus making control consider this node inactive. This can be run on HA subnet router or app connector replicas before shutting them down to ensure peers get told to switch over to another replica whilst there is still some grace period for the existing connections to terminate.

func (*Client) DoLocalRequest 

func (lc *Client) DoLocalRequest(req *http.Request) (*http.Response, error)

DoLocalRequest makes an HTTP request to the local machine's Tailscale daemon.

URLs are of the form http://local-tailscaled.sock/localapi/v0/whois?ip=1.2.3.4.

The hostname must be "local-tailscaled.sock", even though it doesn't actually do any DNS lookup. The actual means of connecting to and authenticating to the local Tailscale daemon vary by platform.

DoLocalRequest may mutate the request to add Authorization headers.

func (*Client) DriveSetServerAddr 

func (lc *Client) DriveSetServerAddr(ctx context.Context, addr string) error

DriveSetServerAddr instructs Taildrive to use the server at addr to access the filesystem. This is used on platforms like Windows and MacOS to let Taildrive know to use the file server running in the GUI app.

func (*Client) DriveShareList 

func (lc *Client) DriveShareList(ctx context.Context) ([]*drive.Share, error)

DriveShareList returns the list of shares that drive is currently serving to remote nodes.

func (*Client) DriveShareRemove 

func (lc *Client) DriveShareRemove(ctx context.Context, name string) error

DriveShareRemove removes the share with the given name from the list of shares that Taildrive will serve to remote nodes.

func (*Client) DriveShareRename 

func (lc *Client) DriveShareRename(ctx context.Context, oldName, newName string) error

DriveShareRename renames the share from old to new name.

func (*Client) DriveShareSet 

func (lc *Client) DriveShareSet(ctx context.Context, share *drive.Share) error

DriveShareSet adds or updates the given share in the list of shares that Taildrive will serve to remote nodes. If a share with the same name already exists, the existing share is replaced/updated.

func (*Client) EditPrefs 

func (lc *Client) EditPrefs(ctx context.Context, mp *ipn.MaskedPrefs) (*ipn.Prefs, error)

EditPrefs updates the ipn.Prefs of the current Tailscale profile, applying the changes in mp. It returns an error if the changes cannot be applied, such as due to the caller's access rights or a policy restriction. An optional reason or justification for the request can be provided as a context value using apitype.RequestReasonKey. If permitted by policy, access may be granted, and the reason will be logged for auditing purposes.

func (*Client) ExpandSNIName 

func (lc *Client) ExpandSNIName(ctx context.Context, name string) (fqdn string, ok bool)

ExpandSNIName expands bare label name into the most likely actual TLS cert name.

func (*Client) FileTargets 

func (lc *Client) FileTargets(ctx context.Context) ([]apitype.FileTarget, error)

func (*Client) GetCertificate 

func (lc *Client) GetCertificate(hi *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate fetches a TLS certificate for the TLS ClientHello in hi.

It returns a cached certificate from disk if it's still valid.

It's the right signature to use as the value of tls.Config.GetCertificate.

API maturity: this is considered a stable API.

func (*Client) GetDNSOSConfig 

func (lc *Client) GetDNSOSConfig(ctx context.Context) (*apitype.DNSOSConfig, error)

GetDNSOSConfig returns the system DNS configuration for the current device. That is, it returns the DNS configuration that the system would use if Tailscale weren't being used.

func (*Client) GetEffectivePolicy 

func (lc *Client) GetEffectivePolicy(ctx context.Context, scope setting.PolicyScope) (*setting.Snapshot, error)

GetEffectivePolicy returns the effective policy for the specified scope.

func (*Client) GetPrefs 

func (lc *Client) GetPrefs(ctx context.Context) (*ipn.Prefs, error)

func (*Client) GetServeConfig 

func (lc *Client) GetServeConfig(ctx context.Context) (*ipn.ServeConfig, error)

GetServeConfig return the current serve config.

If the serve config is empty, it returns (nil, nil).

func (*Client) GetWaitingFile 

func (lc *Client) GetWaitingFile(ctx context.Context, baseName string) (rc io.ReadCloser, size int64, err error)

func (*Client) Goroutines 

func (lc *Client) Goroutines(ctx context.Context) ([]byte, error)

Goroutines returns a dump of the Tailscale daemon's current goroutines.

func (*Client) IDToken 

func (lc *Client) IDToken(ctx context.Context, aud string) (*tailcfg.TokenResponse, error)

IDToken is a request to get an OIDC ID token for an audience. The token can be presented to any resource provider which offers OIDC Federation.

func (*Client) IncrementCounter 

func (lc *Client) IncrementCounter(ctx context.Context, name string, delta int) error

IncrementCounter increments the value of a Tailscale daemon's counter metric by the given delta. If the metric has yet to exist, a new counter metric is created and initialized to delta.

IncrementCounter does not support gauge metrics or negative delta values.

func (*Client) Logout 

func (lc *Client) Logout(ctx context.Context) error

Logout logs out the current node.

func (*Client) NetworkLockAffectedSigs 

func (lc *Client) NetworkLockAffectedSigs(ctx context.Context, keyID tkatype.KeyID) ([]tkatype.MarshaledSignature, error)

NetworkLockAffectedSigs returns all signatures signed by the specified keyID.

func (*Client) NetworkLockCosignRecoveryAUM 

func (lc *Client) NetworkLockCosignRecoveryAUM(ctx context.Context, aum tka.AUM) ([]byte, error)

NetworkLockCosignRecoveryAUM co-signs a recovery AUM using the node's tailnet lock key.

func (*Client) NetworkLockDisable 

func (lc *Client) NetworkLockDisable(ctx context.Context, secret []byte) error

NetworkLockDisable shuts down network-lock across the tailnet.

func (*Client) NetworkLockForceLocalDisable 

func (lc *Client) NetworkLockForceLocalDisable(ctx context.Context) error

NetworkLockForceLocalDisable forcibly shuts down network lock on this node.

func (*Client) NetworkLockGenRecoveryAUM 

func (lc *Client) NetworkLockGenRecoveryAUM(ctx context.Context, removeKeys []tkatype.KeyID, forkFrom tka.AUMHash) ([]byte, error)

NetworkLockGenRecoveryAUM generates an AUM for recovering from a tailnet-lock key compromise.

func (*Client) NetworkLockInit 

func (lc *Client) NetworkLockInit(ctx context.Context, keys []tka.Key, disablementValues [][]byte, supportDisablement []byte) (*ipnstate.NetworkLockStatus, error)

NetworkLockInit initializes the tailnet key authority.

TODO(tom): Plumb through disablement secrets.

func (*Client) NetworkLockLog 

func (lc *Client) NetworkLockLog(ctx context.Context, maxEntries int) ([]ipnstate.NetworkLockUpdate, error)

NetworkLockLog returns up to maxEntries number of changes to network-lock state.

func (*Client) NetworkLockModify 

func (lc *Client) NetworkLockModify(ctx context.Context, addKeys, removeKeys []tka.Key) error

NetworkLockModify adds and/or removes key(s) to the tailnet key authority.

func (*Client) NetworkLockSign 

func (lc *Client) NetworkLockSign(ctx context.Context, nodeKey key.NodePublic, rotationPublic []byte) error

NetworkLockSign signs the specified node-key and transmits that signature to the control plane. rotationPublic, if specified, must be an ed25519 public key.

func (*Client) NetworkLockStatus 

func (lc *Client) NetworkLockStatus(ctx context.Context) (*ipnstate.NetworkLockStatus, error)

NetworkLockStatus fetches information about the tailnet key authority, if one is configured.

func (*Client) NetworkLockSubmitRecoveryAUM 

func (lc *Client) NetworkLockSubmitRecoveryAUM(ctx context.Context, aum tka.AUM) error

NetworkLockSubmitRecoveryAUM submits a recovery AUM to the control plane. 

func (lc *Client) NetworkLockVerifySigningDeeplink(ctx context.Context, url string) (*tka.DeeplinkValidationResult, error)

NetworkLockVerifySigningDeeplink verifies the network lock deeplink contained in url and returns information extracted from it.

func (*Client) NetworkLockWrapPreauthKey 

func (lc *Client) NetworkLockWrapPreauthKey(ctx context.Context, preauthKey string, tkaKey key.NLPrivate) (string, error)

NetworkLockWrapPreauthKey wraps a pre-auth key with information to enable unattended bringup in the locked tailnet.

func (*Client) Ping 

func (lc *Client) Ping(ctx context.Context, ip netip.Addr, pingtype tailcfg.PingType) (*ipnstate.PingResult, error)

Ping sends a ping of the provided type to the provided IP and waits for its response.

func (*Client) PingWithOpts 

func (lc *Client) PingWithOpts(ctx context.Context, ip netip.Addr, pingtype tailcfg.PingType, opts PingOpts) (*ipnstate.PingResult, error)

Ping sends a ping of the provided type to the provided IP and waits for its response. The opts type specifies additional options.

func (*Client) Pprof 

func (lc *Client) Pprof(ctx context.Context, pprofType string, sec int) ([]byte, error)

Pprof returns a pprof profile of the Tailscale daemon.

func (*Client) ProfileStatus 

func (lc *Client) ProfileStatus(ctx context.Context) (current ipn.LoginProfile, all []ipn.LoginProfile, err error)

ProfileStatus returns the current profile and the list of all profiles.

func (*Client) PushFile 

func (lc *Client) PushFile(ctx context.Context, target tailcfg.StableNodeID, size int64, name string, r io.Reader) error

PushFile sends Taildrop file r to target.

A size of -1 means unknown. The name parameter is the original filename, not escaped.

func (*Client) QueryDNS 

func (lc *Client) QueryDNS(ctx context.Context, name string, queryType string) (bytes []byte, resolvers []*dnstype.Resolver, err error)

QueryDNS executes a DNS query for a name (`google.com.`) and query type (`CNAME`). It returns the raw DNS response bytes and the resolvers that were used to answer the query (often just one, but can be more if we raced multiple resolvers).

func (*Client) QueryFeature 

func (lc *Client) QueryFeature(ctx context.Context, feature string) (*tailcfg.QueryFeatureResponse, error)

QueryFeature makes a request for instructions on how to enable a feature, such as Funnel, for the node's tailnet. If relevant, this includes a control server URL the user can visit to enable the feature.

If you are looking to use QueryFeature, you'll likely want to use cli.enableFeatureInteractive instead, which handles the logic of wraping QueryFeature and translating its response into an interactive flow for the user, including using the IPN notify bus to block until the feature has been enabled.

2023-08-09: Valid feature values are "serve" and "funnel".

func (*Client) ReloadConfig 

func (lc *Client) ReloadConfig(ctx context.Context) (ok bool, err error)

ReloadConfig reloads the config file, if possible.

func (*Client) ReloadEffectivePolicy 

func (lc *Client) ReloadEffectivePolicy(ctx context.Context, scope setting.PolicyScope) (*setting.Snapshot, error)

ReloadEffectivePolicy reloads the effective policy for the specified scope by reading and merging policy settings from all applicable policy sources.

func (*Client) SetComponentDebugLogging 

func (lc *Client) SetComponentDebugLogging(ctx context.Context, component string, d time.Duration) error

SetComponentDebugLogging sets component's debug logging enabled for the provided duration. If the duration is in the past, the debug logging is disabled.

func (*Client) SetDNS 

func (lc *Client) SetDNS(ctx context.Context, name, value string) error

SetDNS adds a DNS TXT record for the given domain name, containing the provided TXT value. The intended use case is answering LetsEncrypt/ACME dns-01 challenges.

The control plane will only permit SetDNS requests with very specific names and values. The name should be "_acme-challenge." + your node's MagicDNS name. It's expected that clients cache the certs from LetsEncrypt (or whichever CA is providing them) and only request new ones as needed; the control plane rate limits SetDNS requests.

This is a low-level interface; it's expected that most Tailscale users use a higher level interface to getting/using TLS certificates.

func (*Client) SetDevStoreKeyValue 

func (lc *Client) SetDevStoreKeyValue(ctx context.Context, key, value string) error

SetDevStoreKeyValue set a statestore key/value. It's only meant for development. The schema (including when keys are re-read) is not a stable interface.

func (*Client) SetServeConfig 

func (lc *Client) SetServeConfig(ctx context.Context, config *ipn.ServeConfig) error

SetServeConfig sets or replaces the serving settings. If config is nil, settings are cleared and serving is disabled.

func (*Client) SetUDPGROForwarding 

func (lc *Client) SetUDPGROForwarding(ctx context.Context) error

SetUDPGROForwarding enables UDP GRO forwarding for the main interface of this node. This can be done to improve performance of tailnet nodes acting as exit nodes or subnet routers. See https://tailscale.com/kb/1320/performance-best-practices#linux-optimizations-for-subnet-routers-and-exit-nodes

func (*Client) SetUseExitNode 

func (lc *Client) SetUseExitNode(ctx context.Context, on bool) error

SetUseExitNode toggles the use of an exit node on or off. To turn it on, there must have been a previously used exit node. The most previously used one is reused. This is a convenience method for GUIs. To select an actual one, update the prefs.

func (*Client) Start 

func (lc *Client) Start(ctx context.Context, opts ipn.Options) error

Start applies the configuration specified in opts, and starts the state machine.

func (*Client) StartLoginInteractive 

func (lc *Client) StartLoginInteractive(ctx context.Context) error

StartLoginInteractive starts an interactive login.

func (*Client) Status 

func (lc *Client) Status(ctx context.Context) (*ipnstate.Status, error)

Status returns the Tailscale daemon's status.

func (*Client) StatusWithoutPeers 

func (lc *Client) StatusWithoutPeers(ctx context.Context) (*ipnstate.Status, error)

StatusWithoutPeers returns the Tailscale daemon's status, without the peer info.

func (*Client) StreamDebugCapture 

func (lc *Client) StreamDebugCapture(ctx context.Context) (io.ReadCloser, error)

StreamDebugCapture streams a pcap-formatted packet capture.

The provided context does not determine the lifetime of the returned io.ReadCloser.

func (*Client) SuggestExitNode 

func (lc *Client) SuggestExitNode(ctx context.Context) (apitype.ExitNodeSuggestionResponse, error)

SuggestExitNode requests an exit node suggestion and returns the exit node's details.

func (*Client) SwitchProfile 

func (lc *Client) SwitchProfile(ctx context.Context, profile ipn.ProfileID) error

SwitchProfile switches to the given profile.

func (*Client) SwitchToEmptyProfile 

func (lc *Client) SwitchToEmptyProfile(ctx context.Context) error

SwitchToEmptyProfile creates and switches to a new unnamed profile. The new profile is not assigned an ID until it is persisted after a successful login. In order to login to the new profile, the user must call LoginInteractive.

func (*Client) TailDaemonLogs 

func (lc *Client) TailDaemonLogs(ctx context.Context) (io.Reader, error)

TailDaemonLogs returns a stream the Tailscale daemon's logs as they arrive. Close the context to stop the stream.

func (*Client) UserDial 

func (lc *Client) UserDial(ctx context.Context, network, host string, port uint16) (net.Conn, error)

UserDial connects to the host's port via Tailscale for the given network.

The host may be a base DNS name (resolved from the netmap inside tailscaled), a FQDN, or an IP address.

The ctx is only used for the duration of the call, not the lifetime of the net.Conn.

func (*Client) UserMetrics 

func (lc *Client) UserMetrics(ctx context.Context) ([]byte, error)

UserMetrics returns the user metrics in the Prometheus text exposition format.

func (*Client) WaitingFiles 

func (lc *Client) WaitingFiles(ctx context.Context) ([]apitype.WaitingFile, error)

WaitingFiles returns the list of received Taildrop files that have been received by the Tailscale daemon in its staging/cache directory but not yet transferred by the user's CLI or GUI client and written to a user's home directory somewhere.

func (*Client) WatchIPNBus 

func (lc *Client) WatchIPNBus(ctx context.Context, mask ipn.NotifyWatchOpt) (*IPNBusWatcher, error)

WatchIPNBus subscribes to the IPN notification bus. It returns a watcher once the bus is connected successfully.

The context is used for the life of the watch, not just the call to WatchIPNBus.

The returned IPNBusWatcher's Close method must be called when done to release resources.

A default set of ipn.Notify messages are returned but the set can be modified by mask.

func (*Client) WhoIs 

func (lc *Client) WhoIs(ctx context.Context, remoteAddr string) (*apitype.WhoIsResponse, error)

WhoIs returns the owner of the remoteAddr, which must be an IP or IP:port.

If not found, the error is ErrPeerNotFound.

For connections proxied by tailscaled, this looks up the owner of the given address as TCP first, falling back to UDP; if you want to only check a specific address family, use WhoIsProto.

func (*Client) WhoIsNodeKey 

func (lc *Client) WhoIsNodeKey(ctx context.Context, key key.NodePublic) (*apitype.WhoIsResponse, error)

WhoIsNodeKey returns the owner of the given wireguard public key.

If not found, the error is ErrPeerNotFound.

func (*Client) WhoIsProto 

func (lc *Client) WhoIsProto(ctx context.Context, proto, remoteAddr string) (*apitype.WhoIsResponse, error)

WhoIsProto returns the owner of the remoteAddr, which must be an IP or IP:port, for the given protocol (tcp or udp).

If not found, the error is ErrPeerNotFound.

type DebugPortmapOpts 

type DebugPortmapOpts struct {
	// Duration is how long the mapping should be created for. It defaults
	// to 5 seconds if not set.
	Duration time.Duration

	// Type is the kind of portmap to debug. The empty string instructs the
	// portmap client to perform all known types. Other valid options are
	// "pmp", "pcp", and "upnp".
	Type string

	// GatewayAddr specifies the gateway address used during portmapping.
	// If set, SelfAddr must also be set. If unset, it will be
	// autodetected.
	GatewayAddr netip.Addr

	// SelfAddr specifies the gateway address used during portmapping. If
	// set, GatewayAddr must also be set. If unset, it will be
	// autodetected.
	SelfAddr netip.Addr

	// LogHTTP instructs the debug-portmap endpoint to print all HTTP
	// requests and responses made to the logs.
	LogHTTP bool
}

DebugPortmapOpts contains options for the Client.DebugPortmap command.

type IPNBusWatcher 

type IPNBusWatcher struct {
	// contains filtered or unexported fields
}

IPNBusWatcher is an active subscription (watch) of the local tailscaled IPN bus. It's returned by Client.WatchIPNBus.

It must be closed when done.

func (*IPNBusWatcher) Close 

func (w *IPNBusWatcher) Close() error

Close stops the watcher and releases its resources.

func (*IPNBusWatcher) Next 

func (w *IPNBusWatcher) Next() (ipn.Notify, error)

Next returns the next ipn.Notify from the stream. If the context from Client.WatchIPNBus is done, that error is returned.

type PingOpts 

type PingOpts struct {
	// Size is the length of the ping message in bytes. It's ignored if it's
	// smaller than the minimum message size.
	//
	// For disco pings, it specifies the length of the packet's payload. That
	// is, it includes the disco headers and message, but not the IP and UDP
	// headers.
	Size int
}

PingOpts contains options for the ping request.

The zero value is valid, which means to use defaults.

type PreconditionsFailedError 

type PreconditionsFailedError struct {
	// contains filtered or unexported fields
}

PreconditionsFailedError is returned when the server responds with an HTTP 412 status code.

func (*PreconditionsFailedError) Error 

func (e *PreconditionsFailedError) Error() string

func (*PreconditionsFailedError) Unwrap 

func (e *PreconditionsFailedError) Unwrap() error

Source Files

local.go

Version
v1.84.0 (latest)
Published
May 21, 2025
Platform
linux/amd64
Imports
35 packages
Last checked
1 day ago

Tools for package owners.