health: introduce captive-portal-detected Warnable (#12707)

Updates tailscale/tailscale#1634 This PR introduces a new `captive-portal-detected` Warnable which is set to an unhealthy state whenever a captive portal is detected on the local network, preventing Tailscale from connecting. ipn/ipnlocal: fix captive portal loop shutdown Change-Id: I7cafdbce68463a16260091bcec1741501a070c95 net/captivedetection: fix mutex misuse ipn/ipnlocal: ensure that we don't fail to start the timer Change-Id: I3e43fb19264d793e8707c5031c0898e48e3e7465 Signed-off-by: Andrew Dunham <andrew@du.nham.ca> Signed-off-by: Andrea Gottardo <andrea@gottardo.me>
2025-12-26 07:20:16 +00:00 · 2024-07-26 11:25:55 -07:00
parent cf97cff33b
commit 90be06bd5b
15 changed files with 750 additions and 154 deletions
--- a/tailcfg/tailcfg.go
+++ b/tailcfg/tailcfg.go
@@ -145,7 +145,8 @@ type CapabilityVersion int
 //   - 100: 2024-06-18: Client supports filtertype.Match.SrcCaps (issue #12542)
 //   - 101: 2024-07-01: Client supports SSH agent forwarding when handling connections with /bin/su
 //   - 102: 2024-07-12: NodeAttrDisableMagicSockCryptoRouting support
-const CurrentCapabilityVersion CapabilityVersion = 102
+//   - 103: 2024-07-24: Client supports NodeAttrDisableCaptivePortalDetection
+const CurrentCapabilityVersion CapabilityVersion = 103

 type StableID string

@@ -2327,6 +2328,10 @@ const (
 	// NodeAttrDisableMagicSockCryptoRouting disables the use of the
 	// magicsock cryptorouting hook. See tailscale/corp#20732.
 	NodeAttrDisableMagicSockCryptoRouting NodeCapability = "disable-magicsock-crypto-routing"
+
+	// NodeAttrDisableCaptivePortalDetection instructs the client to not perform captive portal detection
+	// automatically when the network state changes.
+	NodeAttrDisableCaptivePortalDetection NodeCapability = "disable-captive-portal-detection"
 )

 // SetDNSRequest is a request to add a DNS record.