fix: typo spelling grammar

Signed-off-by: slowy07 <slowy.arfy@gmail.com>

api.md

@@ -474,7 +474,7 @@ Determines what rules match for a user on an ACL without saving the ACL to the s
 ###### Query Parameters
 `type` - can be 'user' or 'ipport'
 `previewFor` - if type=user, a user's email. If type=ipport, a IP address + port like "10.0.0.1:80".
-The provided ACL is queried with this paramater to determine which rules match.
+The provided ACL is queried with this parameter to determine which rules match.
 
 ###### POST Body
 ACL JSON or HuJSON (see https://tailscale.com/kb/1018/acls)

control/controlclient/direct.go

@@ -823,7 +823,7 @@ func (c *Direct) sendMapRequest(ctx context.Context, maxPolls int, cb func(*netm
 		}
 
 		// Get latest localPort. This might've changed if
-		// a lite map update occured meanwhile. This only affects
+		// a lite map update occurred meanwhile. This only affects
 		// the end-to-end test.
 		// TODO(bradfitz): remove the NetworkMap.LocalPort field entirely.
 		c.mu.Lock()

derp/derp_server.go

@@ -150,7 +150,7 @@ type Server struct {
 
 // PacketForwarder is something that can forward packets.
 //
-// It's mostly an inteface for circular dependency reasons; the
+// It's mostly an interface for circular dependency reasons; the
 // typical implementation is derphttp.Client. The other implementation
 // is a multiForwarder, which this package creates as needed if a
 // public key gets more than one PacketForwarder registered for it.

net/dns/resolver/tsdns.go

@@ -334,7 +334,7 @@ func (r *Resolver) resolveLocal(domain dnsname.FQDN, typ dns.Type) (netaddr.IP,
 	case dns.TypeNS, dns.TypeSOA, dns.TypeAXFR, dns.TypeHINFO:
 		return netaddr.IP{}, dns.RCodeNotImplemented
 
-	// For everything except for the few types above that are explictly not implemented, return no records.
+	// For everything except for the few types above that are explicitly not implemented, return no records.
 	// This is what other DNS systems do: always return NOERROR
 	// without any records whenever the requested record type is unknown.
 	// You can try this with:

net/flowtrack/flowtrack.go

@@ -49,7 +49,7 @@ type entry struct {
 	value interface{}
 }
 
-// Add adds a value to the cache, set or updating its assoicated
+// Add adds a value to the cache, set or updating its associated
 // value.
 //
 // If MaxEntries is non-zero and the length of the cache is greater

net/netcheck/netcheck.go

@@ -362,7 +362,7 @@ func makeProbePlan(dm *tailcfg.DERPMap, ifState *interfaces.State, last *Report)
 			tries = 2
 		} else if hadBoth {
 			// For dual stack machines, make the 3rd & slower nodes alternate
-			// beetween.
+			// between.
 			if ri%2 == 0 {
 				do4, do6 = true, false
 			} else {

safesocket/unixsocket.go

@@ -113,7 +113,7 @@ func socketPermissionsForOS() os.FileMode {
 // connectMacOSAppSandbox connects to the Tailscale Network Extension,
 // which is necessarily running within the macOS App Sandbox.  Our
 // little dance to connect a regular user binary to the sandboxed
-// nework extension is:
+// network extension is:
 //
 //   * the sandboxed IPNExtension picks a random localhost:0 TCP port
 //     to listen on

tstest/natlab/natlab.go

@@ -34,7 +34,7 @@ type Packet struct {
 	Payload  []byte
 
 	// Prefix set by various internal methods of natlab, to locate
-	// where in the network a trace occured.
+	// where in the network a trace occurred.
 	locator string
 }
 

tsweb/tsweb.go

@@ -87,7 +87,7 @@ func AllowDebugAccess(r *http.Request) bool {
 }
 
 // Protected wraps a provided debug handler, h, returning a Handler
-// that enforces AllowDebugAccess and returns forbiden replies for
+// that enforces AllowDebugAccess and returns forbidden replies for
 // unauthorized requests.
 func Protected(h http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

util/deephash/deephash.go

@@ -34,7 +34,7 @@
 )
 
 // There is much overlap between the theory of serialization and hashing.
-// A hash (useful for determing equality) can be produced by printing a value
+// A hash (useful for determining equality) can be produced by printing a value
 // and hashing the output. The format must:
 //	* be deterministic such that the same value hashes to the same output, and
 //	* be parsable such that the same value can be reproduced by the output.

util/groupmember/groupmember.go

@@ -15,7 +15,7 @@
 
 // IsMemberOfGroup verifies if the provided user is member of the provided
 // system group.
-// If verfication fails, an error is returned.
+// If verification fails, an error is returned.
 func IsMemberOfGroup(group, userName string) (bool, error) {
 	return isMemberOfGroup(group, userName)
 }

wgengine/magicsock/magicsock.go

@@ -2777,7 +2777,7 @@ func (c *Conn) ParseEndpoint(endpointStr string) (conn.Endpoint, error) {
 	de := &discoEndpoint{
 		c:             c,
 		publicKey:     tailcfg.NodeKey(pk),        // peer public key (for WireGuard + DERP)
-		discoKey:      tailcfg.DiscoKey(discoKey), // for discovery mesages
+		discoKey:      tailcfg.DiscoKey(discoKey), // for discovery messages
 		discoShort:    tailcfg.DiscoKey(discoKey).ShortString(),
 		wgEndpoint:    endpointStr,
 		sentPing:      map[stun.TxID]sentPing{},
@@ -3128,7 +3128,7 @@ type discoEndpoint struct {
 	// These fields are initialized once and never modified.
 	c          *Conn
 	publicKey  tailcfg.NodeKey  // peer public key (for WireGuard + DERP)
-	discoKey   tailcfg.DiscoKey // for discovery mesages
+	discoKey   tailcfg.DiscoKey // for discovery messages
 	discoShort string           // ShortString of discoKey
 	fakeWGAddr netaddr.IPPort   // the UDP address we tell wireguard-go we're using
 	wgEndpoint string           // string from ParseEndpoint, holds a JSON-serialized wgcfg.Endpoints
@@ -3285,7 +3285,7 @@ func (de *discoEndpoint) initFakeUDPAddr() {
 	de.fakeWGAddr = netaddr.IPPortFrom(netaddr.IPFrom16(addr), 12345)
 }
 
-// isFirstRecvActivityInAwhile notes that receive activity has occured for this
+// isFirstRecvActivityInAwhile notes that receive activity has occurred for this
 // endpoint and reports whether it's been at least 10 seconds since the last
 // receive activity (including having never received from this peer before).
 func (de *discoEndpoint) isFirstRecvActivityInAwhile() bool {