2021-10-02 10:13:05 +00:00
|
|
|
package headscale
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2021-10-09 10:22:13 +00:00
|
|
|
"strings"
|
2021-10-02 10:13:05 +00:00
|
|
|
|
2021-10-17 09:57:53 +00:00
|
|
|
"github.com/fatih/set"
|
2021-10-09 10:22:13 +00:00
|
|
|
"inet.af/netaddr"
|
2021-10-17 09:57:53 +00:00
|
|
|
"tailscale.com/tailcfg"
|
2021-10-02 10:13:05 +00:00
|
|
|
"tailscale.com/util/dnsname"
|
|
|
|
)
|
|
|
|
|
2021-11-14 17:31:51 +00:00
|
|
|
const (
|
2021-11-15 17:24:24 +00:00
|
|
|
ByteSize = 8
|
2021-11-14 17:31:51 +00:00
|
|
|
)
|
|
|
|
|
2021-10-10 10:34:55 +00:00
|
|
|
// generateMagicDNSRootDomains generates a list of DNS entries to be included in `Routes` in `MapResponse`.
|
|
|
|
// This list of reverse DNS entries instructs the OS on what subnets and domains the Tailscale embedded DNS
|
|
|
|
// server (listening in 100.100.100.100 udp/53) should be used for.
|
|
|
|
//
|
|
|
|
// Tailscale.com includes in the list:
|
|
|
|
// - the `BaseDomain` of the user
|
|
|
|
// - the reverse DNS entry for IPv6 (0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa., see below more on IPv6)
|
|
|
|
// - the reverse DNS entries for the IPv4 subnets covered by the user's `IPPrefix`.
|
|
|
|
// In the public SaaS this is [64-127].100.in-addr.arpa.
|
|
|
|
//
|
|
|
|
// The main purpose of this function is then generating the list of IPv4 entries. For the 100.64.0.0/10, this
|
|
|
|
// is clear, and could be hardcoded. But we are allowing any range as `IPPrefix`, so we need to find out the
|
|
|
|
// subnets when we have 172.16.0.0/16 (i.e., [0-255].16.172.in-addr.arpa.), or any other subnet.
|
|
|
|
//
|
|
|
|
// How IN-ADDR.ARPA domains work is defined in RFC1035 (section 3.5). Tailscale.com seems to adhere to this,
|
|
|
|
// and do not make use of RFC2317 ("Classless IN-ADDR.ARPA delegation") - hence generating the entries for the next
|
|
|
|
// class block only.
|
|
|
|
|
|
|
|
// From the netmask we can find out the wildcard bits (the bits that are not set in the netmask).
|
|
|
|
// This allows us to then calculate the subnets included in the subsequent class block and generate the entries.
|
2022-01-16 13:16:59 +00:00
|
|
|
func generateMagicDNSRootDomains(ipPrefixes []netaddr.IPPrefix) []dnsname.FQDN {
|
|
|
|
fqdns := make([]dnsname.FQDN, 0, len(ipPrefixes))
|
|
|
|
for _, ipPrefix := range ipPrefixes {
|
|
|
|
var generateDnsRoot func(netaddr.IPPrefix) []dnsname.FQDN
|
|
|
|
switch ipPrefix.IP().BitLen() {
|
|
|
|
case 32:
|
|
|
|
generateDnsRoot = generateIPv4DNSRootDomain
|
2021-10-02 10:13:05 +00:00
|
|
|
|
2022-01-16 13:16:59 +00:00
|
|
|
default:
|
|
|
|
panic(fmt.Sprintf("unsupported IP version with address length %d", ipPrefix.IP().BitLen()))
|
|
|
|
}
|
|
|
|
|
|
|
|
fqdns = append(fqdns, generateDnsRoot(ipPrefix)...)
|
|
|
|
}
|
|
|
|
|
|
|
|
return fqdns
|
|
|
|
}
|
|
|
|
|
|
|
|
func generateIPv4DNSRootDomain(ipPrefix netaddr.IPPrefix) (fqdns []dnsname.FQDN) {
|
2021-10-09 22:40:25 +00:00
|
|
|
// Conversion to the std lib net.IPnet, a bit easier to operate
|
2021-10-09 10:22:13 +00:00
|
|
|
netRange := ipPrefix.IPNet()
|
|
|
|
maskBits, _ := netRange.Mask.Size()
|
|
|
|
|
2021-10-10 10:34:55 +00:00
|
|
|
// lastOctet is the last IP byte covered by the mask
|
2021-11-15 17:24:24 +00:00
|
|
|
lastOctet := maskBits / ByteSize
|
2021-10-09 22:40:25 +00:00
|
|
|
|
2021-10-10 10:34:55 +00:00
|
|
|
// wildcardBits is the number of bits not under the mask in the lastOctet
|
2021-11-15 17:24:24 +00:00
|
|
|
wildcardBits := ByteSize - maskBits%ByteSize
|
2021-10-09 22:40:25 +00:00
|
|
|
|
2021-10-10 10:34:55 +00:00
|
|
|
// min is the value in the lastOctet byte of the IP
|
|
|
|
// max is basically 2^wildcardBits - i.e., the value when all the wildcardBits are set to 1
|
|
|
|
min := uint(netRange.IP[lastOctet])
|
2021-11-14 16:49:54 +00:00
|
|
|
max := (min + 1<<uint(wildcardBits)) - 1
|
2021-10-09 10:22:13 +00:00
|
|
|
|
2021-10-09 22:40:25 +00:00
|
|
|
// here we generate the base domain (e.g., 100.in-addr.arpa., 16.172.in-addr.arpa., etc.)
|
2021-10-09 10:22:13 +00:00
|
|
|
rdnsSlice := []string{}
|
2021-10-10 10:34:55 +00:00
|
|
|
for i := lastOctet - 1; i >= 0; i-- {
|
2021-10-09 10:22:13 +00:00
|
|
|
rdnsSlice = append(rdnsSlice, fmt.Sprintf("%d", netRange.IP[i]))
|
|
|
|
}
|
|
|
|
rdnsSlice = append(rdnsSlice, "in-addr.arpa.")
|
|
|
|
rdnsBase := strings.Join(rdnsSlice, ".")
|
|
|
|
|
|
|
|
for i := min; i <= max; i++ {
|
|
|
|
fqdn, err := dnsname.ToFQDN(fmt.Sprintf("%d.%s", i, rdnsBase))
|
2021-10-02 10:13:05 +00:00
|
|
|
if err != nil {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
fqdns = append(fqdns, fqdn)
|
|
|
|
}
|
2021-11-14 15:46:09 +00:00
|
|
|
|
2022-01-16 13:16:59 +00:00
|
|
|
return
|
2021-10-02 10:13:05 +00:00
|
|
|
}
|
2021-10-17 09:57:53 +00:00
|
|
|
|
2021-11-13 08:36:45 +00:00
|
|
|
func getMapResponseDNSConfig(
|
|
|
|
dnsConfigOrig *tailcfg.DNSConfig,
|
|
|
|
baseDomain string,
|
2021-11-14 19:32:03 +00:00
|
|
|
machine Machine,
|
2021-11-13 08:36:45 +00:00
|
|
|
peers Machines,
|
2021-11-14 17:03:21 +00:00
|
|
|
) *tailcfg.DNSConfig {
|
2021-10-17 09:57:53 +00:00
|
|
|
var dnsConfig *tailcfg.DNSConfig
|
2021-10-17 10:10:03 +00:00
|
|
|
if dnsConfigOrig != nil && dnsConfigOrig.Proxied { // if MagicDNS is enabled
|
2021-10-17 09:57:53 +00:00
|
|
|
// Only inject the Search Domain of the current namespace - shared nodes should use their full FQDN
|
2021-10-17 10:10:03 +00:00
|
|
|
dnsConfig = dnsConfigOrig.Clone()
|
2021-11-13 08:36:45 +00:00
|
|
|
dnsConfig.Domains = append(
|
|
|
|
dnsConfig.Domains,
|
2021-11-14 19:32:03 +00:00
|
|
|
fmt.Sprintf("%s.%s", machine.Namespace.Name, baseDomain),
|
2021-11-13 08:36:45 +00:00
|
|
|
)
|
2021-10-17 09:57:53 +00:00
|
|
|
|
|
|
|
namespaceSet := set.New(set.ThreadSafe)
|
2021-11-14 19:32:03 +00:00
|
|
|
namespaceSet.Add(machine.Namespace)
|
2021-10-17 09:57:53 +00:00
|
|
|
for _, p := range peers {
|
|
|
|
namespaceSet.Add(p.Namespace)
|
|
|
|
}
|
|
|
|
for _, namespace := range namespaceSet.List() {
|
2021-10-17 21:58:09 +00:00
|
|
|
dnsRoute := fmt.Sprintf("%s.%s", namespace.(Namespace).Name, baseDomain)
|
|
|
|
dnsConfig.Routes[dnsRoute] = nil
|
2021-10-17 09:57:53 +00:00
|
|
|
}
|
|
|
|
} else {
|
2021-10-17 10:10:03 +00:00
|
|
|
dnsConfig = dnsConfigOrig
|
2021-10-17 09:57:53 +00:00
|
|
|
}
|
2021-11-14 15:46:09 +00:00
|
|
|
|
2021-11-14 17:03:21 +00:00
|
|
|
return dnsConfig
|
2021-10-17 09:57:53 +00:00
|
|
|
}
|