Documentation
¶
Overview ¶
Package appc implements App Connectors. An AppConnector provides DNS domain oriented routing of traffic. An App Connector becomes a DNS server for a peer, authoritative for the set of configured domains. DNS resolution of the target domain triggers dynamic publication of routes to ensure that traffic to the domain is routed through the App Connector.
Index ¶
- type AppConnector
- func (e *AppConnector) ClearRoutes() error
- func (e *AppConnector) Close()
- func (e *AppConnector) DomainRoutes() map[string][]netip.Addr
- func (e *AppConnector) Domains() views.Slice[string]
- func (e *AppConnector) ObserveDNSResponse(res []byte) error
- func (e *AppConnector) ShouldStoreRoutes() bool
- func (e *AppConnector) UpdateDomains(domains []string)
- func (e *AppConnector) UpdateDomainsAndRoutes(domains []string, routes []netip.Prefix)
- func (e *AppConnector) Wait(ctx context.Context)
- type Config
- type Conn25
- type ConnectorTransitIPRequest
- type ConnectorTransitIPResponse
- type RouteAdvertiser
- type TransitIPRequest
- type TransitIPResponse
- type TransitIPResponseCode
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AppConnector ¶
type AppConnector struct {
// contains filtered or unexported fields
}
AppConnector is an implementation of an AppConnector that performs its function as a subsystem inside of a tailscale node. At the control plane side App Connector routing is configured in terms of domains rather than IP addresses. The AppConnectors responsibility inside tailscaled is to apply the routing and domain configuration as supplied in the map response. DNS requests for configured domains are observed. If the domains resolve to routes not yet served by the AppConnector the local node configuration is updated to advertise the new route.
func NewAppConnector ¶
func NewAppConnector(c Config) *AppConnector
NewAppConnector creates a new AppConnector.
func (*AppConnector) ClearRoutes ¶
func (e *AppConnector) ClearRoutes() error
ClearRoutes removes all route state from the AppConnector.
func (*AppConnector) Close ¶
func (e *AppConnector) Close()
Close closes the connector and cleans up resources associated with it. It is safe (and a noop) to call Close on nil.
func (*AppConnector) DomainRoutes ¶
func (e *AppConnector) DomainRoutes() map[string][]netip.Addr
DomainRoutes returns a map of domains to resolved IP addresses.
func (*AppConnector) Domains ¶
func (e *AppConnector) Domains() views.Slice[string]
Domains returns the currently configured domain list.
func (*AppConnector) ObserveDNSResponse ¶
func (e *AppConnector) ObserveDNSResponse(res []byte) error
ObserveDNSResponse is a callback invoked by the DNS resolver when a DNS response is being returned over the PeerAPI. The response is parsed and matched against the configured domains, if matched the routeAdvertiser is advised to advertise the discovered route.
func (*AppConnector) ShouldStoreRoutes ¶
func (e *AppConnector) ShouldStoreRoutes() bool
ShouldStoreRoutes returns true if the appconnector was created with the controlknob on and is storing its discovered routes persistently.
func (*AppConnector) UpdateDomains ¶
func (e *AppConnector) UpdateDomains(domains []string)
UpdateDomains asynchronously replaces the current set of configured domains with the supplied set of domains. Domains must not contain a trailing dot, and should be lower case. If the domain contains a leading '*' label it matches all subdomains of a domain.
func (*AppConnector) UpdateDomainsAndRoutes ¶
func (e *AppConnector) UpdateDomainsAndRoutes(domains []string, routes []netip.Prefix)
UpdateDomainsAndRoutes starts an asynchronous update of the configuration given the new domains and routes.
func (*AppConnector) Wait ¶
func (e *AppConnector) Wait(ctx context.Context)
Wait waits for the currently scheduled asynchronous configuration changes to complete.
type Config ¶
type Config struct {
// Logf is the logger to which debug logs from the connector will be sent.
// It must be non-nil.
Logf logger.Logf
// EventBus receives events when the collection of routes maintained by the
// connector is updated. It must be non-nil.
EventBus *eventbus.Bus
// RouteAdvertiser allows the connector to update the set of advertised routes.
RouteAdvertiser RouteAdvertiser
// RouteInfo, if non-nil, use used as the initial set of routes for the
// connector. If nil, the connector starts empty.
RouteInfo *appctype.RouteInfo
// HasStoredRoutes indicates that the connector should assume stored routes.
HasStoredRoutes bool
}
Config carries the settings for an AppConnector.
type Conn25 ¶
type Conn25 struct {
// contains filtered or unexported fields
}
Conn25 holds the developing state for the as yet nascent next generation app connector. There is currently (2025-12-08) no actual app connecting functionality.
func (*Conn25) HandleConnectorTransitIPRequest ¶
func (c *Conn25) HandleConnectorTransitIPRequest(nid tailcfg.NodeID, ctipr ConnectorTransitIPRequest) ConnectorTransitIPResponse
HandleConnectorTransitIPRequest creates a ConnectorTransitIPResponse in response to a ConnectorTransitIPRequest. It updates the connectors mapping of TransitIP->DestinationIP per peer (tailcfg.NodeID). If a peer has stored this mapping in the connector Conn25 will route traffic to TransitIPs to DestinationIPs for that peer.
type ConnectorTransitIPRequest ¶
type ConnectorTransitIPRequest struct {
// TransitIPs is the list of requested mappings.
TransitIPs []TransitIPRequest `json:"transitIPs,omitempty"`
}
ConnectorTransitIPRequest is the request body for a PeerAPI request to /connector/transit-ip and can include zero or more TransitIP allocation requests.
type ConnectorTransitIPResponse ¶
type ConnectorTransitIPResponse struct {
// TransitIPs is the list of outcomes for each requested mapping. Elements
// correspond to the order of [ConnectorTransitIPRequest.TransitIPs].
TransitIPs []TransitIPResponse `json:"transitIPs,omitempty"`
}
ConnectorTransitIPResponse is the response to a ConnectorTransitIPRequest
type RouteAdvertiser ¶
type RouteAdvertiser interface {
// AdvertiseRoute adds one or more route advertisements skipping any that
// are already advertised.
AdvertiseRoute(...netip.Prefix) error
// UnadvertiseRoute removes any matching route advertisements.
UnadvertiseRoute(...netip.Prefix) error
}
RouteAdvertiser is an interface that allows the AppConnector to advertise newly discovered routes that need to be served through the AppConnector.
type TransitIPRequest ¶
type TransitIPRequest struct {
// TransitIP is the intermediate destination IP that will be received at this
// connector and will be replaced by DestinationIP when performing DNAT.
TransitIP netip.Addr `json:"transitIP,omitzero"`
// DestinationIP is the final destination IP that connections to the TransitIP
// should be mapped to when performing DNAT.
DestinationIP netip.Addr `json:"destinationIP,omitzero"`
}
TransitIPRequest details a single TransitIP allocation request from a client to a connector.
type TransitIPResponse ¶
type TransitIPResponse struct {
// Code is an error code indicating success or failure of the [TransitIPRequest].
Code TransitIPResponseCode `json:"code,omitzero"`
// Message is an error message explaining what happened, suitable for logging but
// not necessarily suitable for displaying in a UI to non-technical users. It
// should be empty when [Code] is [OK].
Message string `json:"message,omitzero"`
}
TransitIPResponse is the response to a TransitIPRequest
type TransitIPResponseCode ¶
type TransitIPResponseCode int
TransitIPResponseCode appears in TransitIPResponse and signifies success or failure status.
const ( // OK indicates that the mapping was created as requested. OK TransitIPResponseCode = 0 // OtherFailure indicates that the mapping failed for a reason that does not have // another relevant [TransitIPResponsecode]. OtherFailure TransitIPResponseCode = 1 )
Source Files
Directories