exit node dst wipenable-exit-node-dst-logs

author: Claire Wang <claire@tailscale.com> 2024-03-27 15:45:02 -0400
committer: Claire Wang <claire@tailscale.com> 2024-04-03 15:24:58 -0400
commit: 78c36f53fee9f03eff7ef09ada79662424db8a15 (patch)
tree: 8dba65a6f67d4d8ef1b29d6845ed70ac02def2e3 /cmd
parent: 92d3f64e95dc7b33fb19f03223d5ba4aa3331d8c (diff)
download: tailscale-enable-exit-node-dst-logs.tar.xz
tailscale-enable-exit-node-dst-logs.zip
2 files changed, 34 insertions, 28 deletions
diff --git a/cmd/tailscale/cli/set.go b/cmd/tailscale/cli/set.go
index 4049eb12e..80d93c695 100644
--- a/cmd/tailscale/cli/set.go
+++ b/cmd/tailscale/cli/set.go
@@ -38,24 +38,25 @@ Only settings explicitly mentioned will be set. There are no default values.`,
 }
 
 type setArgsT struct {
-	acceptRoutes           bool
-	acceptDNS              bool
-	exitNodeIP             string
-	exitNodeAllowLANAccess bool
-	shieldsUp              bool
-	runSSH                 bool
-	runWebClient           bool
-	hostname               string
-	advertiseRoutes        string
-	advertiseDefaultRoute  bool
-	advertiseConnector     bool
-	opUser                 string
-	acceptedRisks          string
-	profileName            string
-	forceDaemon            bool
-	updateCheck            bool
-	updateApply            bool
-	postureChecking        bool
+	acceptRoutes            bool
+	acceptDNS               bool
+	exitNodeIP              string
+	exitNodeAllowLANAccess  bool
+	exitDestinationFlowLogs bool
+	shieldsUp               bool
+	runSSH                  bool
+	runWebClient            bool
+	hostname                string
+	advertiseRoutes         string
+	advertiseDefaultRoute   bool
+	advertiseConnector      bool
+	opUser                  string
+	acceptedRisks           string
+	profileName             string
+	forceDaemon             bool
+	updateCheck             bool
+	updateApply             bool
+	postureChecking         bool
 }
 
 func newSetFlagSet(goos string, setArgs *setArgsT) *flag.FlagSet {
@@ -66,6 +67,7 @@ func newSetFlagSet(goos string, setArgs *setArgsT) *flag.FlagSet {
 	setf.BoolVar(&setArgs.acceptDNS, "accept-dns", false, "accept DNS configuration from the admin panel")
 	setf.StringVar(&setArgs.exitNodeIP, "exit-node", "", "Tailscale exit node (IP or base name) for internet traffic, or empty string to not use an exit node")
 	setf.BoolVar(&setArgs.exitNodeAllowLANAccess, "exit-node-allow-lan-access", false, "Allow direct access to the local network when routing traffic via an exit node")
+	setf.BoolVar(&setArgs.exitDestinationFlowLogs, "exit-destination-flow-logs", false, "Enable exit node destination in network flow logs")
 	setf.BoolVar(&setArgs.shieldsUp, "shields-up", false, "don't allow incoming connections")
 	setf.BoolVar(&setArgs.runSSH, "ssh", false, "run an SSH server, permitting access per tailnet admin's declared policy")
 	setf.StringVar(&setArgs.hostname, "hostname", "", "hostname to use instead of the one provided by the OS")
@@ -106,16 +108,17 @@ func runSet(ctx context.Context, args []string) (retErr error) {
 
 	maskedPrefs := &ipn.MaskedPrefs{
 		Prefs: ipn.Prefs{
-			ProfileName:            setArgs.profileName,
-			RouteAll:               setArgs.acceptRoutes,
-			CorpDNS:                setArgs.acceptDNS,
-			ExitNodeAllowLANAccess: setArgs.exitNodeAllowLANAccess,
-			ShieldsUp:              setArgs.shieldsUp,
-			RunSSH:                 setArgs.runSSH,
-			RunWebClient:           setArgs.runWebClient,
-			Hostname:               setArgs.hostname,
-			OperatorUser:           setArgs.opUser,
-			ForceDaemon:            setArgs.forceDaemon,
+			ProfileName:             setArgs.profileName,
+			RouteAll:                setArgs.acceptRoutes,
+			CorpDNS:                 setArgs.acceptDNS,
+			ExitNodeAllowLANAccess:  setArgs.exitNodeAllowLANAccess,
+			ExitDestinationFlowLogs: setArgs.exitDestinationFlowLogs,
+			ShieldsUp:               setArgs.shieldsUp,
+			RunSSH:                  setArgs.runSSH,
+			RunWebClient:            setArgs.runWebClient,
+			Hostname:                setArgs.hostname,
+			OperatorUser:            setArgs.opUser,
+			ForceDaemon:             setArgs.forceDaemon,
 			AutoUpdate: ipn.AutoUpdatePrefs{
 				Check: setArgs.updateCheck,
 				Apply: opt.NewBool(setArgs.updateApply),
diff --git a/cmd/tailscale/cli/up.go b/cmd/tailscale/cli/up.go
index 43f36f819..f3c11d695 100644
--- a/cmd/tailscale/cli/up.go
+++ b/cmd/tailscale/cli/up.go
@@ -723,6 +723,7 @@ func init() {
 	addPrefFlagMapping("auto-update", "AutoUpdate.Apply")
 	addPrefFlagMapping("advertise-connector", "AppConnector")
 	addPrefFlagMapping("posture-checking", "PostureChecking")
+	addPrefFlagMapping("exit-destination-flow-logs", "ExitDestinationFlowLogs")
 }
 
 func addPrefFlagMapping(flagName string, prefNames ...string) {
@@ -951,6 +952,8 @@ func prefsToFlags(env upCheckEnv, prefs *ipn.Prefs) (flagVal map[string]any) {
 			set(exitNodeIPStr())
 		case "exit-node-allow-lan-access":
 			set(prefs.ExitNodeAllowLANAccess)
+		case "exit-destination-flow-logs":
+			set(prefs.ExitDestinationFlowLogs)
 		case "advertise-tags":
 			set(strings.Join(prefs.AdvertiseTags, ","))
 		case "hostname":
author	Claire Wang <claire@tailscale.com>	2024-03-27 15:45:02 -0400
committer	Claire Wang <claire@tailscale.com>	2024-04-03 15:24:58 -0400
commit	78c36f53fee9f03eff7ef09ada79662424db8a15 (patch)
tree	8dba65a6f67d4d8ef1b29d6845ed70ac02def2e3 /cmd
parent	92d3f64e95dc7b33fb19f03223d5ba4aa3331d8c (diff)
download	tailscale-enable-exit-node-dst-logs.tar.xz tailscale-enable-exit-node-dst-logs.zip