CheckTag validates tag for use as an ACL tag.

Clone duplicates src into dst and reports whether it succeeded.

feature enabled.

CapabilityDebugPeer grants the ability for a peer to read this node's goroutines, metrics, magicsock internal state, etc.

CapabilityFileSharingSend grants the ability to receive files from a node that's owned by a different user.

CapabilityFileSharingTarget grants the current node the ability to send files to the peer which has this capability.

CapabilityIngress grants the ability for a peer to send ingress traffic.

feature enabled/available.

some SSH rule reach this node.

CapabilityWakeOnLAN grants the ability to send a Wake-On-LAN packet.

CurrentCapabilityVersion is the current capability version of the codebase.

DerpMagicIP is a fake WireGuard endpoint IP address that means to use DERP.

DotInvalid is a fake DNS TLD used in tests for an invalid hostname.

hard NAT: STUN'ed IPv4 address + local fixed port.

server has approved.

server has explicitly rejected this machine key.

server has yet to approve.

PingDisco performs a ping, without involving IP at either end.

PingICMP performs a ping between two tailscale nodes using ICMP that is received by the target systems IP stack.

PingPeerAPI performs a ping between two tailscale nodes using ICMP that is received by the target systems IP stack.

PingTSMP performs a ping, using the IP layer, but avoiding the OS IP stack.

SignatureNone indicates that there is no signature, no Timestamp is required (but may be specified if desired), and both DeviceCert and Signature should be empty.

SignatureUnknown represents an unknown signature scheme, which should be considered an error if seen.

SignatureV1 is computed as RSA-PSS-Sign(privateKeyForDeviceCert, SHA256(Timestamp || ServerIdentity || DeviceCert || ServerShortPubKey || MachineShortPubKey)).

SignatureV2 is computed as RSA-PSS-Sign(privateKeyForDeviceCert, SHA256(Timestamp || ServerIdentity || DeviceCert || ServerPubKey || MachinePubKey)).

C2NSSHUsernamesRequest is the request for the /ssh/usernames.

C2NSSHUsernamesResponse is the response (from node to control) from the /ssh/usernames handler.

CapGrant grants capabilities in a FilterRule.

ControlDialPlan is instructions from the control server to the client on how to connect to the control server; this is useful for maintaining connection if the client's network state changes after the initial connection, or due to the configuration that the control server pushes.

ControlDialPlanView provides a read-only view over ControlDialPlan.

ControlIPCandidate represents a single candidate address to use when connecting to the control server.

Debug are instructions from the control server to the client to adjust debug settings.

DERPMap describes the set of DERP packet relay servers that are available.

DERPMapView provides a read-only view over DERPMap.

DERPNode describes a DERP packet relay node running within a DERPRegion.

DERPNodeView provides a read-only view over DERPNode.

DERPRegion is a geographic region running DERP relay node(s).

DERPRegionView provides a read-only view over DERPRegion.

DNSConfig is the DNS configuration.

DNSConfigView provides a read-only view over DNSConfig.

DNSRecord is an extra DNS record to add to MagicDNS.

EarlyNoise is the early payload that's sent over Noise but before the HTTP/2 handshake when connecting to the coordination server.

Endpoint is an endpoint IPPort and an associated type.

FilterRule represents one rule in a packet filter.

HealthChangeRequest is the JSON request body type used to report node health changes to https://<control>/machine/<mkey hex>/update-health.

Hostinfo contains a summary of a Tailscale host.

HostinfoView provides a read-only view over Hostinfo.

LoginView provides a read-only view over Login.

MapRequest is sent by a client to start a long-poll network map updates.

NetInfo contains information about the host's network state.

NetInfoView provides a read-only view over NetInfo.

NetPortRange represents a range of ports that's allowed for one or more IPs.

NodeView provides a read-only view over Node.

Oauth2Token is a copy of golang.org/x/oauth2.Token, to avoid the go.mod dependency on App Engine and grpc, which was causing problems.

OverTLSPublicKeyResponse is the JSON response to /key?v=<n> over HTTPS (regular TLS) to the Tailscale control plane server, where the 'v' argument is the client's current capability version (previously known as the "MapRequest version").

PeerChange is an update to a node.

PingRequest with no IP and Types is a request to send an HTTP request to prove the long-polling client is still connected.

PingResponse provides result information for a TSMP or Disco PingRequest.

PortRange represents a range of UDP or TCP port numbers.

RegisterRequest is sent by a client to register the key for a node.

RegisterResponse is returned by the server in response to a RegisterRequest.

RegisterResponseView provides a read-only view over RegisterResponse.

Service represents a service running on a node.

SetDNSRequest is a request to add a DNS record.

SetDNSResponse is the response to a SetDNSRequest.

SSHAction is how to handle an incoming connection.

SSHPolicy is the policy for how to handle incoming SSH connections over Tailscale.

SSHPrincipal is either a particular node or a user on any node.

SSHPrincipalView provides a read-only view over SSHPrincipal.

An SSH rule is a match predicate and associated action for an incoming SSH connection.

SSHRuleView provides a read-only view over SSHRule.

TKABootstrapRequest is sent by a node to get information necessary for enabling or disabling the tailnet key authority.

TKABootstrapResponse encodes values necessary to enable or disable the tailnet key authority (TKA).

TKADisableRequest disables network-lock across the tailnet using the provided disablement secret.

TKADisableResponse is the JSON response from a /tka/disable RPC.

TKAInfo encodes the control plane's view of tailnet key authority (TKA) state.

TKAInitBeginRequest submits a genesis AUM to seed the creation of the tailnet's key authority.

TKAInitBeginResponse is the JSON response from a /tka/init/begin RPC.

TKAInitFinishRequest is the JSON request of a /tka/init/finish RPC.

TKAInitFinishResponse is the JSON response from a /tka/init/finish RPC.

TKASignInfo describes information about an existing node that needs to be signed into a node-key signature.

TKASubmitSignatureRequest transmits a node-key signature to the control plane.

TKASubmitSignatureResponse is the JSON response from a /tka/sign RPC.

TKASyncOfferRequest encodes a request to synchronize tailnet key authority state (TKA).

TKASyncOfferResponse encodes a response in synchronizing a node's tailnet key authority state.

TKASyncSendRequest encodes AUMs that a node believes the control plane is missing, and notifies control of its local TKA state (specifically the head hash).

TKASyncSendResponse encodes the control plane's response to a node submitting AUMs during AUM synchronization.

TokenRequest is a request to get an OIDC ID token for an audience.

TokenResponse is the response to a TokenRequest.

User is an IPN user.

A UserProfile is display-friendly data for a user.

UserView provides a read-only view over User.

CapabilityVersion represents the client's capability level.

EndpointType distinguishes different sources of MapRequest.Endpoint values.

PingType is a string representing the kind of ping to perform.

ServiceProto is a service type.

SignatureType specifies a scheme for signing RegisterRequest messages.