ipnstate

type DebugDERPRegionReport struct {
	Info     []string
	Warnings []string
	Errors   []string
}

type ExitNodeStatus struct {
	// ID is the exit node's ID.
	ID tailcfg.StableNodeID

	// Online is whether the exit node is alive.
	Online bool

	// TailscaleIPs are the exit node's IP addresses assigned to the node.
	TailscaleIPs []netip.Prefix
}

type NetworkLockStatus struct {
	// Enabled is true if network lock is enabled.
	Enabled bool

	// Head describes the AUM hash of the leaf AUM. Head is nil
	// if network lock is not enabled.
	Head *[32]byte

	// PublicKey describes the node's network-lock public key.
	// It may be zero if the node has not logged in.
	PublicKey key.NLPublic

	// NodeKey describes the node's current node-key. This field is not
	// populated if the node is not operating (i.e. waiting for a login).
	NodeKey *key.NodePublic

	// NodeKeySigned is true if our node is authorized by network-lock.
	NodeKeySigned bool

	// TrustedKeys describes the keys currently trusted to make changes
	// to network-lock.
	TrustedKeys []TKAKey

	// FilteredPeers describes peers which were removed from the netmap
	// (i.e. no connectivity) because they failed tailnet lock
	// checks.
	FilteredPeers []*TKAFilteredPeer

	// StateID is a nonce associated with the network lock authority,
	// generated upon enablement. This field is not populated if the
	// network lock is disabled.
	StateID uint64
}

type NetworkLockUpdate struct {
	Hash   [32]byte
	Change string // values of tka.AUMKind.String()

	// Raw contains the serialized AUM. The AUM is sent in serialized
	// form to avoid transitive dependences bloating this package.
	Raw []byte
}

type PeerStatus struct {
	ID        tailcfg.StableNodeID
	PublicKey key.NodePublic
	HostName  string // HostInfo's Hostname (not a DNS name or necessarily unique)

	// DNSName is the Peer's FQDN. It ends with a dot.
	// It has the form "host.<MagicDNSSuffix>."
	DNSName string
	OS      string // HostInfo.OS
	UserID  tailcfg.UserID

	// AltSharerUserID is the user who shared this node
	// if it's different than UserID. Otherwise it's zero.
	AltSharerUserID tailcfg.UserID `json:",omitempty"`

	// TailscaleIPs are the IP addresses assigned to the node.
	TailscaleIPs []netip.Addr
	// AllowedIPs are IP addresses allowed to route to this node.
	AllowedIPs *views.Slice[netip.Prefix] `json:",omitempty"`

	// Tags are the list of ACL tags applied to this node.
	// See tailscale.com/tailcfg#Node.Tags for more information.
	Tags *views.Slice[string] `json:",omitempty"`

	// PrimaryRoutes are the routes this node is currently the primary
	// subnet router for, as determined by the control plane. It does
	// not include the IPs in TailscaleIPs.
	PrimaryRoutes *views.Slice[netip.Prefix] `json:",omitempty"`

	// Endpoints:
	Addrs   []string
	CurAddr string // one of Addrs, or unique if roaming
	Relay   string // DERP region

	RxBytes        int64
	TxBytes        int64
	Created        time.Time // time registered with tailcontrol
	LastWrite      time.Time // time last packet sent
	LastSeen       time.Time // last seen to tailcontrol; only present if offline
	LastHandshake  time.Time // with local wireguard
	Online         bool      // whether node is connected to the control plane
	ExitNode       bool      // true if this is the currently selected exit node.
	ExitNodeOption bool      // true if this node can be an exit node (offered && approved)

	// Active is whether the node was recently active. The
	// definition is somewhat undefined but has historically and
	// currently means that there was some packet sent to this
	// peer in the past two minutes. That definition is subject to
	// change.
	Active bool

	// PeerAPIURL are the URLs of the node's PeerAPI servers.
	PeerAPIURL []string

	// Capabilities are capabilities that the node has.
	// They're free-form strings, but should be in the form of URLs/URIs
	// such as:
	//    "https://tailscale.com/cap/is-admin"
	//    "https://tailscale.com/cap/file-sharing"
	//    "funnel"
	Capabilities []tailcfg.NodeCapability `json:",omitempty"`

	// CapMap is a map of capabilities to their values.
	CapMap tailcfg.NodeCapMap `json:",omitempty"`

	// SSH_HostKeys are the node's SSH host keys, if known.
	SSH_HostKeys []string `json:"sshHostKeys,omitempty"`

	// ShareeNode indicates this node exists in the netmap because
	// it's owned by a shared-to user and that node might connect
	// to us. These nodes should be hidden by "tailscale status"
	// etc by default.
	ShareeNode bool `json:",omitempty"`

	// InNetworkMap means that this peer was seen in our latest network map.
	// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.
	InNetworkMap bool

	// InMagicSock means that this peer is being tracked by magicsock.
	// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.
	InMagicSock bool

	// InEngine means that this peer is tracked by the wireguard engine.
	// In theory, all of InNetworkMap and InMagicSock and InEngine should all be true.
	InEngine bool

	// Expired means that this peer's node key has expired, based on either
	// information from control or optimisically set on the client if the
	// expiration time has passed.
	Expired bool `json:",omitempty"`

	// KeyExpiry, if present, is the time at which the node key expired or
	// will expire.
	KeyExpiry *time.Time `json:",omitempty"`

	Location *tailcfg.Location `json:",omitempty"`
}

type PeerStatusLite struct {
	// TxBytes/RxBytes is the total number of bytes transmitted to/received from this peer.
	TxBytes, RxBytes int64
	// LastHandshake is the last time a handshake succeeded with this peer.
	// (Or we got key confirmation via the first data message,
	// which is approximately the same thing.)
	LastHandshake time.Time
	// NodeKey is this peer's public node key.
	NodeKey key.NodePublic
}

type PingResult struct {
	IP       string // ping destination
	NodeIP   string // Tailscale IP of node handling IP (different for subnet routers)
	NodeName string // DNS name base or (possibly not unique) hostname

	Err            string
	LatencySeconds float64

	// Endpoint is the ip:port if direct UDP was used.
	// It is not currently set for TSMP pings.
	Endpoint string

	// DERPRegionID is non-zero DERP region ID if DERP was used.
	// It is not currently set for TSMP pings.
	DERPRegionID int

	// DERPRegionCode is the three-letter region code
	// corresponding to DERPRegionID.
	// It is not currently set for TSMP pings.
	DERPRegionCode string

	// PeerAPIPort is set by TSMP ping responses for peers that
	// are running a peerapi server. This is the port they're
	// running the server on.
	PeerAPIPort uint16 `json:",omitempty"`

	// PeerAPIURL is the URL that was hit for pings of type "peerapi" (tailcfg.PingPeerAPI).
	// It's of the form "http://ip:port" (or [ip]:port for IPv6).
	PeerAPIURL string `json:",omitempty"`

	// IsLocalIP is whether the ping request error is due to it being
	// a ping to the local node.
	IsLocalIP bool `json:",omitempty"`
}

type SelfUpdateStatus string

type Status struct {
	// Version is the daemon's long version (see version.Long).
	Version string

	// TUN is whether /dev/net/tun (or equivalent kernel interface) is being
	// used. If false, it's running in userspace mode.
	TUN bool

	// BackendState is an ipn.State string value:
	//  "NoState", "NeedsLogin", "NeedsMachineAuth", "Stopped",
	//  "Starting", "Running".
	BackendState string

	AuthURL      string       // current URL provided by control to authorize client
	TailscaleIPs []netip.Addr // Tailscale IP(s) assigned to this node
	Self         *PeerStatus

	// ExitNodeStatus describes the current exit node.
	// If nil, an exit node is not in use.
	ExitNodeStatus *ExitNodeStatus `json:"ExitNodeStatus,omitempty"`

	// Health contains health check problems.
	// Empty means everything is good. (or at least that no known
	// problems are detected)
	Health []string

	// This field is the legacy name of CurrentTailnet.MagicDNSSuffix.
	//
	// Deprecated: use CurrentTailnet.MagicDNSSuffix instead.
	MagicDNSSuffix string

	// CurrentTailnet is information about the tailnet that the node
	// is currently connected to. When not connected, this field is nil.
	CurrentTailnet *TailnetStatus

	// CertDomains are the set of DNS names for which the control
	// plane server will assist with provisioning TLS
	// certificates. See SetDNSRequest for dns-01 ACME challenges
	// for e.g. LetsEncrypt. These names are FQDNs without
	// trailing periods, and without any "_acme-challenge." prefix.
	CertDomains []string

	// Peer is the state of each peer, keyed by each peer's current public key.
	Peer map[key.NodePublic]*PeerStatus

	// User contains profile information about UserIDs referenced by
	// PeerStatus.UserID, PeerStatus.AltSharerUserID, etc.
	User map[tailcfg.UserID]tailcfg.UserProfile

	// ClientVersion, when non-nil, contains information about the latest
	// version of the Tailscale client that's available. Depending on
	// the platform and client settings, it may not be available.
	ClientVersion *tailcfg.ClientVersion
}

type StatusBuilder struct {
	WantPeers bool // whether caller wants peers
	// contains filtered or unexported fields
}

type StatusUpdater interface {
	UpdateStatus(*StatusBuilder)
}

type TKAFilteredPeer struct {
	Name         string // DNS
	ID           tailcfg.NodeID
	StableID     tailcfg.StableNodeID
	TailscaleIPs []netip.Addr // Tailscale IP(s) assigned to this node
	NodeKey      key.NodePublic
}

type TKAKey struct {
	Key      key.NLPublic
	Metadata map[string]string
	Votes    uint
}

type TailnetStatus struct {
	// Name is the name of the network that's currently in use.
	Name string

	// MagicDNSSuffix is the network's MagicDNS suffix for nodes
	// in the network such as "userfoo.tailscale.net".
	// There are no surrounding dots.
	// MagicDNSSuffix should be populated regardless of whether a domain
	// has MagicDNS enabled.
	MagicDNSSuffix string

	// MagicDNSEnabled is whether or not the network has MagicDNS enabled.
	// Note that the current device may still not support MagicDNS if
	// `--accept-dns=false` was used.
	MagicDNSEnabled bool
}

type UpdateProgress struct {
	Status  SelfUpdateStatus `json:"status,omitempty"`
	Message string           `json:"message,omitempty"`
	Version string           `json:"version,omitempty"`
}