pub struct StateUpdate {Show 17 fields
pub session_handle: Option<String>,
pub seq: i64,
pub derp: Option<DerpMap>,
pub node: Option<Node>,
pub peer_update: Option<PeerUpdate>,
pub peer_patches: Vec<PeerChange>,
pub user_profiles: Vec<UserProfile>,
pub ping: Option<PingRequest>,
pub packetfilter: Option<FilterUpdate>,
pub cap_grants: Option<Vec<CapGrant>>,
pub pop_browser_url: Option<Url>,
pub dial_plan: Option<DialPlan>,
pub dns_config: Option<DnsConfig>,
pub ssh_policy: Option<SshPolicy>,
pub tka: Option<TkaStatus>,
pub online_change: BTreeMap<NodeId, bool>,
pub peer_seen_change: BTreeMap<NodeId, bool>,
}Expand description
An update to the netmap state produced from a mapresponse.
Fields§
§session_handle: Option<String>The opaque map-session handle, set only when control assigns one (the first
MapResponse of a session). Carried so a reconnect can request stream resumption via
MapRequestBuilder::map_session. None on
responses that don’t (re)establish a session.
seq: i64The sequence number of this MapResponse within its session, or 0 when control omits
it (e.g. keep-alives). The last non-zero value is what a reconnect resumes after.
derp: Option<DerpMap>New derp map is available.
node: Option<Node>New self-node.
peer_update: Option<PeerUpdate>Updates to the set of peers in the netmap (a full re-sync or a whole-node delta).
peer_patches: Vec<PeerChange>Field-level patches to peers already in the netmap (MapResponse.PeersChangedPatch). Each
PeerChange sets only the fields it carries on the matching node,
leaving the rest untouched; a patch whose node id is unknown to the current netmap is
ignored (the wire contract — a patch never creates a node). Control uses these for
mid-session reachability changes — chiefly a peer’s UDP endpoints / home DERP when it
re-establishes connectivity — so they MUST be applied or the netmap keeps stale endpoints and
the peer can’t re-handshake. A separate channel from peer_update:
Go’s controlclient applies the Peers* set first and then PeersChangedPatch, so when a
response carries both they are both applied in that order (the consumer applies
peer_update then peer_patches). Empty when this response carried no patches.
user_profiles: Vec<UserProfile>User profiles (MapResponse.UserProfiles) carried by this response: the owner identity for
nodes, keyed by user id. Control sends these incrementally — only new or changed profiles
per response — so the consumer (the runtime’s peer tracker) must accumulate them across
updates, not replace. Empty when this response carried none.
ping: Option<PingRequest>Send a ping request.
packetfilter: Option<FilterUpdate>Update to the packet filter.
cap_grants: Option<Vec<CapGrant>>The peer-capability grants retained from this response’s packet-filter application rules
(Go tailcfg.FilterRule cap-grants), which the network-rule compile in packetfilter drops.
Some exactly when packetfilter is Some (the same source rules); the consumer keeps
these for flow-scoped WhoIs (apitype.WhoIsResponse.CapMap). Empty Vec when the response’s
rules carried no application/cap-grant rule.
pop_browser_url: Option<Url>This URL should be displayed to the user or opened in their browser automatically.
dial_plan: Option<DialPlan>New dial plan sent by control.
dns_config: Option<DnsConfig>New DNS configuration for the MagicDNS responder. None means no change.
ssh_policy: Option<SshPolicy>New Tailscale SSH policy pushed by control. None means no change in this response;
Some replaces the active policy (an empty rule set means “deny all”, fail-closed).
tka: Option<TkaStatus>New Tailnet Lock (TKA) status from control (MapResponse.TKAInfo). None means no change in
this response; Some carries the current authority head + disablement signal.
online_change: BTreeMap<NodeId, bool>Per-peer online-status flips (MapResponse.OnlineChange), keyed by control node NodeId.
The dominant standalone channel for online transitions (control sends these far more often
than a full PeerChange). Each entry sets Node::online to the given
value; empty when this response carried none.
peer_seen_change: BTreeMap<NodeId, bool>Per-peer last-seen flips (MapResponse.PeerSeenChange), keyed by control node NodeId.
true ⇒ the peer was just seen (update last-seen to now); false ⇒ the peer is gone
(mark offline). Empty when this response carried none.