wip

cmd/tailscale/cli/set.go

@@ -38,24 +38,25 @@ Only settings explicitly mentioned will be set. There are no default values.`,
 }
 
 type setArgsT struct {
-	acceptRoutes           bool
-	acceptDNS              bool
-	exitNodeIP             string
-	exitNodeAllowLANAccess bool
-	shieldsUp              bool
-	runSSH                 bool
-	runWebClient           bool
-	hostname               string
-	advertiseRoutes        string
-	advertiseDefaultRoute  bool
-	advertiseConnector     bool
-	opUser                 string
-	acceptedRisks          string
-	profileName            string
-	forceDaemon            bool
-	updateCheck            bool
-	updateApply            bool
-	postureChecking        bool
+	acceptRoutes            bool
+	acceptDNS               bool
+	exitNodeIP              string
+	exitNodeAllowLANAccess  bool
+	exitDestinationFlowLogs bool
+	shieldsUp               bool
+	runSSH                  bool
+	runWebClient            bool
+	hostname                string
+	advertiseRoutes         string
+	advertiseDefaultRoute   bool
+	advertiseConnector      bool
+	opUser                  string
+	acceptedRisks           string
+	profileName             string
+	forceDaemon             bool
+	updateCheck             bool
+	updateApply             bool
+	postureChecking         bool
 }
 
 func newSetFlagSet(goos string, setArgs *setArgsT) *flag.FlagSet {
@@ -66,6 +67,7 @@ func newSetFlagSet(goos string, setArgs *setArgsT) *flag.FlagSet {
 	setf.BoolVar(&setArgs.acceptDNS, "accept-dns", false, "accept DNS configuration from the admin panel")
 	setf.StringVar(&setArgs.exitNodeIP, "exit-node", "", "Tailscale exit node (IP or base name) for internet traffic, or empty string to not use an exit node")
 	setf.BoolVar(&setArgs.exitNodeAllowLANAccess, "exit-node-allow-lan-access", false, "Allow direct access to the local network when routing traffic via an exit node")
+	setf.BoolVar(&setArgs.exitDestinationFlowLogs, "exit-destination-flow-logs", false, "Enable exit node destination in network flow logs")
 	setf.BoolVar(&setArgs.shieldsUp, "shields-up", false, "don't allow incoming connections")
 	setf.BoolVar(&setArgs.runSSH, "ssh", false, "run an SSH server, permitting access per tailnet admin's declared policy")
 	setf.StringVar(&setArgs.hostname, "hostname", "", "hostname to use instead of the one provided by the OS")
@@ -106,16 +108,17 @@ func runSet(ctx context.Context, args []string) (retErr error) {
 
 	maskedPrefs := &ipn.MaskedPrefs{
 		Prefs: ipn.Prefs{
-			ProfileName:            setArgs.profileName,
-			RouteAll:               setArgs.acceptRoutes,
-			CorpDNS:                setArgs.acceptDNS,
-			ExitNodeAllowLANAccess: setArgs.exitNodeAllowLANAccess,
-			ShieldsUp:              setArgs.shieldsUp,
-			RunSSH:                 setArgs.runSSH,
-			RunWebClient:           setArgs.runWebClient,
-			Hostname:               setArgs.hostname,
-			OperatorUser:           setArgs.opUser,
-			ForceDaemon:            setArgs.forceDaemon,
+			ProfileName:             setArgs.profileName,
+			RouteAll:                setArgs.acceptRoutes,
+			CorpDNS:                 setArgs.acceptDNS,
+			ExitNodeAllowLANAccess:  setArgs.exitNodeAllowLANAccess,
+			ExitDestinationFlowLogs: setArgs.exitDestinationFlowLogs,
+			ShieldsUp:               setArgs.shieldsUp,
+			RunSSH:                  setArgs.runSSH,
+			RunWebClient:            setArgs.runWebClient,
+			Hostname:                setArgs.hostname,
+			OperatorUser:            setArgs.opUser,
+			ForceDaemon:             setArgs.forceDaemon,
 			AutoUpdate: ipn.AutoUpdatePrefs{
 				Check: setArgs.updateCheck,
 				Apply: opt.NewBool(setArgs.updateApply),

cmd/tailscale/cli/up.go

@@ -723,6 +723,7 @@ func init() {
 	addPrefFlagMapping("auto-update", "AutoUpdate.Apply")
 	addPrefFlagMapping("advertise-connector", "AppConnector")
 	addPrefFlagMapping("posture-checking", "PostureChecking")
+	addPrefFlagMapping("exit-destination-flow-logs", "ExitDestinationFlowLogs")
 }
 
 func addPrefFlagMapping(flagName string, prefNames ...string) {
@@ -951,6 +952,8 @@ func prefsToFlags(env upCheckEnv, prefs *ipn.Prefs) (flagVal map[string]any) {
 			set(exitNodeIPStr())
 		case "exit-node-allow-lan-access":
 			set(prefs.ExitNodeAllowLANAccess)
+		case "exit-destination-flow-logs":
+			set(prefs.ExitDestinationFlowLogs)
 		case "advertise-tags":
 			set(strings.Join(prefs.AdvertiseTags, ","))
 		case "hostname":

ipn/ipn_clone.go

@@ -37,34 +37,35 @@ func (src *Prefs) Clone() *Prefs {
 
 // A compilation failure here means this code must be regenerated, with the command at the top of this file.
 var _PrefsCloneNeedsRegeneration = Prefs(struct {
-	ControlURL             string
-	RouteAll               bool
-	AllowSingleHosts       bool
-	ExitNodeID             tailcfg.StableNodeID
-	ExitNodeIP             netip.Addr
-	ExitNodeAllowLANAccess bool
-	CorpDNS                bool
-	RunSSH                 bool
-	RunWebClient           bool
-	WantRunning            bool
-	LoggedOut              bool
-	ShieldsUp              bool
-	AdvertiseTags          []string
-	Hostname               string
-	NotepadURLs            bool
-	ForceDaemon            bool
-	Egg                    bool
-	AdvertiseRoutes        []netip.Prefix
-	NoSNAT                 bool
-	NetfilterMode          preftype.NetfilterMode
-	OperatorUser           string
-	ProfileName            string
-	AutoUpdate             AutoUpdatePrefs
-	AppConnector           AppConnectorPrefs
-	PostureChecking        bool
-	NetfilterKind          string
-	TailFSShares           []*tailfs.Share
-	Persist                *persist.Persist
+	ControlURL              string
+	RouteAll                bool
+	AllowSingleHosts        bool
+	ExitNodeID              tailcfg.StableNodeID
+	ExitNodeIP              netip.Addr
+	ExitNodeAllowLANAccess  bool
+	ExitDestinationFlowLogs bool
+	CorpDNS                 bool
+	RunSSH                  bool
+	RunWebClient            bool
+	WantRunning             bool
+	LoggedOut               bool
+	ShieldsUp               bool
+	AdvertiseTags           []string
+	Hostname                string
+	NotepadURLs             bool
+	ForceDaemon             bool
+	Egg                     bool
+	AdvertiseRoutes         []netip.Prefix
+	NoSNAT                  bool
+	NetfilterMode           preftype.NetfilterMode
+	OperatorUser            string
+	ProfileName             string
+	AutoUpdate              AutoUpdatePrefs
+	AppConnector            AppConnectorPrefs
+	PostureChecking         bool
+	NetfilterKind           string
+	TailFSShares            []*tailfs.Share
+	Persist                 *persist.Persist
 }{})
 
 // Clone makes a deep copy of ServeConfig.

ipn/ipn_view.go

@@ -70,6 +70,7 @@ func (v PrefsView) AllowSingleHosts() bool             { return v.ж.AllowSingle
 func (v PrefsView) ExitNodeID() tailcfg.StableNodeID   { return v.ж.ExitNodeID }
 func (v PrefsView) ExitNodeIP() netip.Addr             { return v.ж.ExitNodeIP }
 func (v PrefsView) ExitNodeAllowLANAccess() bool       { return v.ж.ExitNodeAllowLANAccess }
+func (v PrefsView) ExitDestinationFlowLogs() bool      { return v.ж.ExitDestinationFlowLogs }
 func (v PrefsView) CorpDNS() bool                      { return v.ж.CorpDNS }
 func (v PrefsView) RunSSH() bool                       { return v.ж.RunSSH }
 func (v PrefsView) RunWebClient() bool                 { return v.ж.RunWebClient }
@@ -99,34 +100,35 @@ func (v PrefsView) Persist() persist.PersistView { return v.ж.Persist.View() }
 
 // A compilation failure here means this code must be regenerated, with the command at the top of this file.
 var _PrefsViewNeedsRegeneration = Prefs(struct {
-	ControlURL             string
-	RouteAll               bool
-	AllowSingleHosts       bool
-	ExitNodeID             tailcfg.StableNodeID
-	ExitNodeIP             netip.Addr
-	ExitNodeAllowLANAccess bool
-	CorpDNS                bool
-	RunSSH                 bool
-	RunWebClient           bool
-	WantRunning            bool
-	LoggedOut              bool
-	ShieldsUp              bool
-	AdvertiseTags          []string
-	Hostname               string
-	NotepadURLs            bool
-	ForceDaemon            bool
-	Egg                    bool
-	AdvertiseRoutes        []netip.Prefix
-	NoSNAT                 bool
-	NetfilterMode          preftype.NetfilterMode
-	OperatorUser           string
-	ProfileName            string
-	AutoUpdate             AutoUpdatePrefs
-	AppConnector           AppConnectorPrefs
-	PostureChecking        bool
-	NetfilterKind          string
-	TailFSShares           []*tailfs.Share
-	Persist                *persist.Persist
+	ControlURL              string
+	RouteAll                bool
+	AllowSingleHosts        bool
+	ExitNodeID              tailcfg.StableNodeID
+	ExitNodeIP              netip.Addr
+	ExitNodeAllowLANAccess  bool
+	ExitDestinationFlowLogs bool
+	CorpDNS                 bool
+	RunSSH                  bool
+	RunWebClient            bool
+	WantRunning             bool
+	LoggedOut               bool
+	ShieldsUp               bool
+	AdvertiseTags           []string
+	Hostname                string
+	NotepadURLs             bool
+	ForceDaemon             bool
+	Egg                     bool
+	AdvertiseRoutes         []netip.Prefix
+	NoSNAT                  bool
+	NetfilterMode           preftype.NetfilterMode
+	OperatorUser            string
+	ProfileName             string
+	AutoUpdate              AutoUpdatePrefs
+	AppConnector            AppConnectorPrefs
+	PostureChecking         bool
+	NetfilterKind           string
+	TailFSShares            []*tailfs.Share
+	Persist                 *persist.Persist
 }{})
 
 // View returns a readonly view of ServeConfig.

ipn/ipnlocal/local.go

@@ -1142,6 +1142,9 @@ func (b *LocalBackend) SetControlClientStatus(c controlclient.Client, st control
 	if setExitNodeID(prefs, st.NetMap) {
 		prefsChanged = true
 	}
+	if setExitDstFlowLogs(prefs) {
+		prefsChanged = true
+	}
 	if applySysPolicy(prefs) {
 		prefsChanged = true
 	}
@@ -1327,6 +1330,15 @@ func applySysPolicy(prefs *ipn.Prefs) (anyChange bool) {
 	return anyChange
 }
 
+func setExitDstFlowLogs(prefs *ipn.Prefs) (anyChange bool) {
+	fmt.Printf("set exit dst flow pref")
+	if enable, err := syspolicy.GetBoolean(syspolicy.ExitDestinationFlowLogs, prefs.ExitDestinationFlowLogs); err == nil && prefs.ExitDestinationFlowLogs != enable {
+		prefs.ExitDestinationFlowLogs = enable
+		anyChange = true
+	}
+	return anyChange
+}
+
 var _ controlclient.NetmapDeltaUpdater = (*LocalBackend)(nil)
 
 // UpdateNetmapDelta implements controlclient.NetmapDeltaUpdater.
@@ -3239,6 +3251,7 @@ func (b *LocalBackend) setPrefsLockedOnEntry(caller string, newp *ipn.Prefs) ipn
 	// everything in this function treats b.prefs as completely new
 	// anyway. No-op if no exit node resolution is needed.
 	setExitNodeID(newp, netMap)
+	setExitDstFlowLogs(newp)
 	// applySysPolicy does likewise so we can also ignore its return value.
 	applySysPolicy(newp)
 	// We do this to avoid holding the lock while doing everything else.
@@ -3620,6 +3633,8 @@ func (b *LocalBackend) authReconfig() {
 		return
 	}
 
+	cfg.NetworkLogging.ExitDestinationFlowLogs = prefs.ExitDestinationFlowLogs()
+
 	oneCGNATRoute := shouldUseOneCGNATRoute(b.logf, b.sys.ControlKnobs(), version.OS())
 	rcfg := b.routerConfig(cfg, prefs, oneCGNATRoute)
 

ipn/prefs.go

@@ -109,6 +109,9 @@ type Prefs struct {
 	// routed directly or via the exit node.
 	ExitNodeAllowLANAccess bool
 
+	// ExitDestinationFlowLogs indicates whether exit node destination is recorded in network flow logs.
+	ExitDestinationFlowLogs bool
+
 	// CorpDNS specifies whether to install the Tailscale network's
 	// DNS configuration, if it exists.
 	CorpDNS bool
@@ -274,33 +277,34 @@ type AppConnectorPrefs struct {
 type MaskedPrefs struct {
 	Prefs
 
-	ControlURLSet             bool                `json:",omitempty"`
-	RouteAllSet               bool                `json:",omitempty"`
-	AllowSingleHostsSet       bool                `json:",omitempty"`
-	ExitNodeIDSet             bool                `json:",omitempty"`
-	ExitNodeIPSet             bool                `json:",omitempty"`
-	ExitNodeAllowLANAccessSet bool                `json:",omitempty"`
-	CorpDNSSet                bool                `json:",omitempty"`
-	RunSSHSet                 bool                `json:",omitempty"`
-	RunWebClientSet           bool                `json:",omitempty"`
-	WantRunningSet            bool                `json:",omitempty"`
-	LoggedOutSet              bool                `json:",omitempty"`
-	ShieldsUpSet              bool                `json:",omitempty"`
-	AdvertiseTagsSet          bool                `json:",omitempty"`
-	HostnameSet               bool                `json:",omitempty"`
-	NotepadURLsSet            bool                `json:",omitempty"`
-	ForceDaemonSet            bool                `json:",omitempty"`
-	EggSet                    bool                `json:",omitempty"`
-	AdvertiseRoutesSet        bool                `json:",omitempty"`
-	NoSNATSet                 bool                `json:",omitempty"`
-	NetfilterModeSet          bool                `json:",omitempty"`
-	OperatorUserSet           bool                `json:",omitempty"`
-	ProfileNameSet            bool                `json:",omitempty"`
-	AutoUpdateSet             AutoUpdatePrefsMask `json:",omitempty"`
-	AppConnectorSet           bool                `json:",omitempty"`
-	PostureCheckingSet        bool                `json:",omitempty"`
-	NetfilterKindSet          bool                `json:",omitempty"`
-	TailFSSharesSet           bool                `json:",omitempty"`
+	ControlURLSet              bool                `json:",omitempty"`
+	RouteAllSet                bool                `json:",omitempty"`
+	AllowSingleHostsSet        bool                `json:",omitempty"`
+	ExitNodeIDSet              bool                `json:",omitempty"`
+	ExitNodeIPSet              bool                `json:",omitempty"`
+	ExitNodeAllowLANAccessSet  bool                `json:",omitempty"`
+	ExitDestinationFlowLogsSet bool                `json:",omitempty"`
+	CorpDNSSet                 bool                `json:",omitempty"`
+	RunSSHSet                  bool                `json:",omitempty"`
+	RunWebClientSet            bool                `json:",omitempty"`
+	WantRunningSet             bool                `json:",omitempty"`
+	LoggedOutSet               bool                `json:",omitempty"`
+	ShieldsUpSet               bool                `json:",omitempty"`
+	AdvertiseTagsSet           bool                `json:",omitempty"`
+	HostnameSet                bool                `json:",omitempty"`
+	NotepadURLsSet             bool                `json:",omitempty"`
+	ForceDaemonSet             bool                `json:",omitempty"`
+	EggSet                     bool                `json:",omitempty"`
+	AdvertiseRoutesSet         bool                `json:",omitempty"`
+	NoSNATSet                  bool                `json:",omitempty"`
+	NetfilterModeSet           bool                `json:",omitempty"`
+	OperatorUserSet            bool                `json:",omitempty"`
+	ProfileNameSet             bool                `json:",omitempty"`
+	AutoUpdateSet              AutoUpdatePrefsMask `json:",omitempty"`
+	AppConnectorSet            bool                `json:",omitempty"`
+	PostureCheckingSet         bool                `json:",omitempty"`
+	NetfilterKindSet           bool                `json:",omitempty"`
+	TailFSSharesSet            bool                `json:",omitempty"`
 }
 
 type AutoUpdatePrefsMask struct {
@@ -475,6 +479,9 @@ func (p *Prefs) pretty(goos string) string {
 	if p.ShieldsUp {
 		sb.WriteString("shields=true ")
 	}
+	if p.ExitDestinationFlowLogs {
+		sb.WriteString("exitdestinationflowlogs=true ")
+	}
 	if p.ExitNodeIP.IsValid() {
 		fmt.Fprintf(&sb, "exit=%v lan=%t ", p.ExitNodeIP, p.ExitNodeAllowLANAccess)
 	} else if !p.ExitNodeID.IsZero() {
@@ -545,6 +552,7 @@ func (p *Prefs) Equals(p2 *Prefs) bool {
 		p.ExitNodeID == p2.ExitNodeID &&
 		p.ExitNodeIP == p2.ExitNodeIP &&
 		p.ExitNodeAllowLANAccess == p2.ExitNodeAllowLANAccess &&
+		p.ExitDestinationFlowLogs == p2.ExitDestinationFlowLogs &&
 		p.CorpDNS == p2.CorpDNS &&
 		p.RunSSH == p2.RunSSH &&
 		p.RunWebClient == p2.RunWebClient &&

util/syspolicy/policy_keys.go

@@ -67,7 +67,7 @@ const (
 	// The default is 0 unless otherwise stated.
 	LogSCMInteractions      Key = "LogSCMInteractions"
 	FlushDNSOnSessionUnlock Key = "FlushDNSOnSessionUnlock"
-
+	ExitDestinationFlowLogs Key = "ExitDestinationFlowLogs"
 	// PostureChecking indicates if posture checking is enabled and the client shall gather
 	// posture data.
 	// Key is a string value that specifies an option: "always", "never", "user-decides".

wgengine/netlog/logger.go

@@ -92,7 +92,7 @@ var testClient *http.Client
 // The IP protocol and source port are always zero.
 // The sock is used to populated the PhysicalTraffic field in Message.
 // The netMon parameter is optional; if non-nil it's used to do faster interface lookups.
-func (nl *Logger) Startup(nodeID tailcfg.StableNodeID, nodeLogID, domainLogID logid.PrivateID, tun, sock Device, netMon *netmon.Monitor) error {
+func (nl *Logger) Startup(nodeID tailcfg.StableNodeID, nodeLogID, domainLogID logid.PrivateID, tun, sock Device, netMon *netmon.Monitor, enableExitDstFlowLogs bool) error {
 	nl.mu.Lock()
 	defer nl.mu.Unlock()
 	if nl.logger != nil {
@@ -130,7 +130,7 @@ func (nl *Logger) Startup(nodeID tailcfg.StableNodeID, nodeLogID, domainLogID lo
 		addrs := nl.addrs
 		prefixes := nl.prefixes
 		nl.mu.Unlock()
-		recordStatistics(nl.logger, nodeID, start, end, virtual, physical, addrs, prefixes)
+		recordStatistics(nl.logger, nodeID, start, end, virtual, physical, addrs, prefixes, enableExitDstFlowLogs)
 	})
 
 	// Register the connection tracker into the TUN device.
@@ -150,7 +150,7 @@ func (nl *Logger) Startup(nodeID tailcfg.StableNodeID, nodeLogID, domainLogID lo
 	return nil
 }
 
-func recordStatistics(logger *logtail.Logger, nodeID tailcfg.StableNodeID, start, end time.Time, connstats, sockStats map[netlogtype.Connection]netlogtype.Counts, addrs map[netip.Addr]bool, prefixes map[netip.Prefix]bool) {
+func recordStatistics(logger *logtail.Logger, nodeID tailcfg.StableNodeID, start, end time.Time, connstats, sockStats map[netlogtype.Connection]netlogtype.Counts, addrs map[netip.Addr]bool, prefixes map[netip.Prefix]bool, enableExitDstFlowLogs bool) {
 	m := netlogtype.Message{NodeID: nodeID, Start: start.UTC(), End: end.UTC()}
 
 	classifyAddr := func(a netip.Addr) (isTailscale, withinRoute bool) {
@@ -179,7 +179,7 @@ func recordStatistics(logger *logtail.Logger, nodeID tailcfg.StableNodeID, start
 			m.SubnetTraffic = append(m.SubnetTraffic, netlogtype.ConnectionCounts{Connection: conn, Counts: cnts})
 		default:
 			const anonymize = true
-			if anonymize {
+			if anonymize && !enableExitDstFlowLogs {
 				// Only preserve the address if it is a Tailscale IP address.
 				srcOrig, dstOrig := conn.Src, conn.Dst
 				conn = netlogtype.Connection{} // scrub everything by default

wgengine/userspace.go

@@ -932,8 +932,9 @@ func (e *userspaceEngine) Reconfig(cfg *wgcfg.Config, routerCfg *router.Config,
 	if netLogRunning && !e.networkLogger.Running() {
 		nid := cfg.NetworkLogging.NodeID
 		tid := cfg.NetworkLogging.DomainID
+		enableExitDstFlowLogs := cfg.NetworkLogging.ExitDestinationFlowLogs
 		e.logf("wgengine: Reconfig: starting up network logger (node:%s tailnet:%s)", nid.Public(), tid.Public())
-		if err := e.networkLogger.Startup(cfg.NodeID, nid, tid, e.tundev, e.magicConn, e.netMon); err != nil {
+		if err := e.networkLogger.Startup(cfg.NodeID, nid, tid, e.tundev, e.magicConn, e.netMon, enableExitDstFlowLogs); err != nil {
 			e.logf("wgengine: Reconfig: error starting up network logger: %v", err)
 		}
 		e.networkLogger.ReconfigRoutes(routerCfg)

wgengine/wgcfg/config.go

@@ -28,8 +28,9 @@ type Config struct {
 	// NetworkLogging enables network logging.
 	// It is disabled if either ID is the zero value.
 	NetworkLogging struct {
-		NodeID   logid.PrivateID
-		DomainID logid.PrivateID
+		NodeID                  logid.PrivateID
+		DomainID                logid.PrivateID
+		ExitDestinationFlowLogs bool
 	}
 }
 

wgengine/wgcfg/wgcfg_clone.go

@@ -43,8 +43,9 @@ var _ConfigCloneNeedsRegeneration = Config(struct {
 	DNS            []netip.Addr
 	Peers          []Peer
 	NetworkLogging struct {
-		NodeID   logid.PrivateID
-		DomainID logid.PrivateID
+		NodeID                  logid.PrivateID
+		DomainID                logid.PrivateID
+		ExitDestinationFlowLogs bool
 	}
 }{})
 
@@ -76,3 +77,30 @@ var _PeerCloneNeedsRegeneration = Peer(struct {
 	PersistentKeepalive uint16
 	WGEndpoint          key.NodePublic
 }{})
+
+// Clone duplicates src into dst and reports whether it succeeded.
+// To succeed, <src, dst> must be of types <*T, *T> or <*T, **T>,
+// where T is one of Config,Peer.
+func Clone(dst, src any) bool {
+	switch src := src.(type) {
+	case *Config:
+		switch dst := dst.(type) {
+		case *Config:
+			*dst = *src.Clone()
+			return true
+		case **Config:
+			*dst = src.Clone()
+			return true
+		}
+	case *Peer:
+		switch dst := dst.(type) {
+		case *Peer:
+			*dst = *src.Clone()
+			return true
+		case **Peer:
+			*dst = src.Clone()
+			return true
+		}
+	}
+	return false
+}

wgengine/wgcfg/wgcfg_view.go

@@ -0,0 +1,173 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by tailscale/cmd/viewer; DO NOT EDIT.
+
+package wgcfg
+
+import (
+	"encoding/json"
+	"errors"
+	"net/netip"
+
+	"tailscale.com/tailcfg"
+	"tailscale.com/types/key"
+	"tailscale.com/types/logid"
+	"tailscale.com/types/views"
+)
+
+//go:generate go run tailscale.com/cmd/cloner  -clonefunc=true -type=Config,Peer
+
+// View returns a readonly view of Config.
+func (p *Config) View() ConfigView {
+	return ConfigView{ж: p}
+}
+
+// ConfigView provides a read-only view over Config.
+//
+// Its methods should only be called if `Valid()` returns true.
+type ConfigView struct {
+	// ж is the underlying mutable value, named with a hard-to-type
+	// character that looks pointy like a pointer.
+	// It is named distinctively to make you think of how dangerous it is to escape
+	// to callers. You must not let callers be able to mutate it.
+	ж *Config
+}
+
+// Valid reports whether underlying value is non-nil.
+func (v ConfigView) Valid() bool { return v.ж != nil }
+
+// AsStruct returns a clone of the underlying value which aliases no memory with
+// the original.
+func (v ConfigView) AsStruct() *Config {
+	if v.ж == nil {
+		return nil
+	}
+	return v.ж.Clone()
+}
+
+func (v ConfigView) MarshalJSON() ([]byte, error) { return json.Marshal(v.ж) }
+
+func (v *ConfigView) UnmarshalJSON(b []byte) error {
+	if v.ж != nil {
+		return errors.New("already initialized")
+	}
+	if len(b) == 0 {
+		return nil
+	}
+	var x Config
+	if err := json.Unmarshal(b, &x); err != nil {
+		return err
+	}
+	v.ж = &x
+	return nil
+}
+
+func (v ConfigView) Name() string                         { return v.ж.Name }
+func (v ConfigView) NodeID() tailcfg.StableNodeID         { return v.ж.NodeID }
+func (v ConfigView) PrivateKey() key.NodePrivate          { return v.ж.PrivateKey }
+func (v ConfigView) Addresses() views.Slice[netip.Prefix] { return views.SliceOf(v.ж.Addresses) }
+func (v ConfigView) MTU() uint16                          { return v.ж.MTU }
+func (v ConfigView) DNS() views.Slice[netip.Addr]         { return views.SliceOf(v.ж.DNS) }
+func (v ConfigView) Peers() Peer                          { panic("unsupported") }
+func (v ConfigView) NetworkLogging() struct {
+	NodeID                  logid.PrivateID
+	DomainID                logid.PrivateID
+	ExitDestinationFlowLogs bool
+} {
+	return v.ж.NetworkLogging
+}
+
+// A compilation failure here means this code must be regenerated, with the command at the top of this file.
+var _ConfigViewNeedsRegeneration = Config(struct {
+	Name           string
+	NodeID         tailcfg.StableNodeID
+	PrivateKey     key.NodePrivate
+	Addresses      []netip.Prefix
+	MTU            uint16
+	DNS            []netip.Addr
+	Peers          []Peer
+	NetworkLogging struct {
+		NodeID                  logid.PrivateID
+		DomainID                logid.PrivateID
+		ExitDestinationFlowLogs bool
+	}
+}{})
+
+// View returns a readonly view of Peer.
+func (p *Peer) View() PeerView {
+	return PeerView{ж: p}
+}
+
+// PeerView provides a read-only view over Peer.
+//
+// Its methods should only be called if `Valid()` returns true.
+type PeerView struct {
+	// ж is the underlying mutable value, named with a hard-to-type
+	// character that looks pointy like a pointer.
+	// It is named distinctively to make you think of how dangerous it is to escape
+	// to callers. You must not let callers be able to mutate it.
+	ж *Peer
+}
+
+// Valid reports whether underlying value is non-nil.
+func (v PeerView) Valid() bool { return v.ж != nil }
+
+// AsStruct returns a clone of the underlying value which aliases no memory with
+// the original.
+func (v PeerView) AsStruct() *Peer {
+	if v.ж == nil {
+		return nil
+	}
+	return v.ж.Clone()
+}
+
+func (v PeerView) MarshalJSON() ([]byte, error) { return json.Marshal(v.ж) }
+
+func (v *PeerView) UnmarshalJSON(b []byte) error {
+	if v.ж != nil {
+		return errors.New("already initialized")
+	}
+	if len(b) == 0 {
+		return nil
+	}
+	var x Peer
+	if err := json.Unmarshal(b, &x); err != nil {
+		return err
+	}
+	v.ж = &x
+	return nil
+}
+
+func (v PeerView) PublicKey() key.NodePublic             { return v.ж.PublicKey }
+func (v PeerView) DiscoKey() key.DiscoPublic             { return v.ж.DiscoKey }
+func (v PeerView) AllowedIPs() views.Slice[netip.Prefix] { return views.SliceOf(v.ж.AllowedIPs) }
+func (v PeerView) V4MasqAddr() *netip.Addr {
+	if v.ж.V4MasqAddr == nil {
+		return nil
+	}
+	x := *v.ж.V4MasqAddr
+	return &x
+}
+
+func (v PeerView) V6MasqAddr() *netip.Addr {
+	if v.ж.V6MasqAddr == nil {
+		return nil
+	}
+	x := *v.ж.V6MasqAddr
+	return &x
+}
+
+func (v PeerView) PersistentKeepalive() uint16 { return v.ж.PersistentKeepalive }
+func (v PeerView) WGEndpoint() key.NodePublic  { return v.ж.WGEndpoint }
+
+// A compilation failure here means this code must be regenerated, with the command at the top of this file.
+var _PeerViewNeedsRegeneration = Peer(struct {
+	PublicKey           key.NodePublic
+	DiscoKey            key.DiscoPublic
+	AllowedIPs          []netip.Prefix
+	V4MasqAddr          *netip.Addr
+	V6MasqAddr          *netip.Addr
+	PersistentKeepalive uint16
+	WGEndpoint          key.NodePublic
+}{})