cmd/tailscale/cli, ipn/localapi: add funnel status to status command (#6402)

Fixes #6400 open up GETs for localapi serve-config to allow read-only access to ServeConfig `tailscale status` will include "Funnel on" status when Funnel is configured. Prints nothing if Funnel is not running. Example: $ tailscale status <nodes redacted> # Funnel on: # - https://node-name.corp.ts.net # - https://node-name.corp.ts.net:8443 # - tcp://node-name.corp.ts.net:10000 Signed-off-by: Shayne Sweeney <shayne@tailscale.com>
2025-08-22 11:01:54 +00:00 · 2022-12-07 22:17:40 -05:00
parent 1b65630e83
commit 98114bf608
4 changed files with 75 additions and 34 deletions
--- a/cmd/tailscale/cli/serve.go
+++ b/cmd/tailscale/cli/serve.go
@@ -517,7 +517,7 @@ func printTCPStatusTree(ctx context.Context, sc *ipn.ServeConfig, st *ipnstate.S
 			tlsStatus = "TLS terminated"
 		}
 		fStatus := "tailnet only"
-		if sc.IsFunnelOn(hp) {
+		if sc.AllowFunnel[hp] {
 			fStatus = "Funnel on"
 		}
 		printf("|-- tcp://%s (%s, %s)\n", hp, tlsStatus, fStatus)
@@ -535,7 +535,7 @@ func printWebStatusTree(sc *ipn.ServeConfig, hp ipn.HostPort) {
 		return
 	}
 	fStatus := "tailnet only"
-	if sc.IsFunnelOn(hp) {
+	if sc.AllowFunnel[hp] {
 		fStatus = "Funnel on"
 	}
 	host, portStr, _ := net.SplitHostPort(string(hp))
@@ -690,8 +690,7 @@ func (e *serveEnv) runServeFunnel(ctx context.Context, args []string) error {
 	}
 	dnsName := strings.TrimSuffix(st.Self.DNSName, ".")
 	hp := ipn.HostPort(dnsName + ":" + srvPortStr)
-	isFun := sc.IsFunnelOn(hp)
-	if on && isFun || !on && !isFun {
+	if on == sc.AllowFunnel[hp] {
 		// Nothing to do.
 		return nil
 	}
--- a/cmd/tailscale/cli/status.go
+++ b/cmd/tailscale/cli/status.go
@@ -15,6 +15,7 @@ import (
 	"net/http"
 	"net/netip"
 	"os"
+	"strconv"
 	"strings"

 	"github.com/peterbourgon/ff/v3/ffcli"
@@ -222,9 +223,44 @@ func runStatus(ctx context.Context, args []string) error {
 		outln()
 		printHealth()
 	}
+	printFunnelStatus(ctx)
 	return nil
 }

+// printFunnelStatus prints the status of the funnel, if it's running.
+// It prints nothing if the funnel is not running.
+func printFunnelStatus(ctx context.Context) {
+	sc, err := localClient.GetServeConfig(ctx)
+	if err != nil {
+		outln()
+		printf("# Funnel:\n")
+		printf("#     - Unable to get Funnel status: %v\n", err)
+		return
+	}
+	if !sc.IsFunnelOn() {
+		return
+	}
+	outln()
+	printf("# Funnel on:\n")
+	for hp, on := range sc.AllowFunnel {
+		if !on { // if present, should be on
+			continue
+		}
+		sni, portStr, _ := net.SplitHostPort(string(hp))
+		p, _ := strconv.ParseUint(portStr, 10, 16)
+		isTCP := sc.IsTCPForwardingOnPort(uint16(p))
+		url := "https://"
+		if isTCP {
+			url = "tcp://"
+		}
+		url += sni
+		if isTCP || p != 443 {
+			url += ":" + portStr
+		}
+		printf("#     - %s\n", url)
+	}
+}
+
 // isRunningOrStarting reports whether st is in state Running or Starting.
 // It also returns a description of the status suitable to display to a user.
 func isRunningOrStarting(st *ipnstate.Status) (description string, ok bool) {