Kristoffer Dalby
735b185e7f
use IPSet in acls instead of string slice
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
ecd62fb785
remove terrible filter code
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
889d5a1b29
testing without that horrible filtercode
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
6de53e2f8d
simplify expandAlias function, move seperate logic out
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Philipp Krivanec
d0113732fe
optimize generateACLPeerCacheMap ( #1377 )
2023-04-26 06:02:54 +02:00
Kristoffer Dalby
5e74ca9414
Fix IPv6 in ACLs ( #1339 )
2023-04-16 12:26:35 +02:00
Kristoffer Dalby
ceeef40cdf
Add tests to verify "Hosts" aliases in ACL ( #1304 )
2023-04-03 10:08:48 +02:00
Kristoffer Dalby
c7b459b615
Fix issue where ACL * would filter out returning connections ( #1279 )
2023-03-27 19:19:32 +02:00
Kristoffer Dalby
a5562850a7
MapResponse optimalisations, peer list integration tests ( #1254 )
...
Co-authored-by: Allen <979347228@qq.com>
2023-03-06 17:50:26 +01:00
Juan Font
ea82035222
Allow to delete routes ( #1244 )
2023-03-06 09:05:40 +01:00
Kristoffer Dalby
feeb5d334b
Populate the tags field on node
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby
a840a2e6ee
Sort tailcfg.Node creation as upstream
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Juan Font
3ac2e0b253
Enable both exit node routes (IPv4 and IPv6) at the same time.
...
As indicated by bradfitz in https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002 ,
both routes for the exit node must be enabled at the same time. If a user tries to enable one of the exit node routes,
the other gets activated too.
This commit also reduces the API surface, making private a method that didnt need to be exposed.
2023-01-29 12:25:37 +01:00
caelansar
9c2e580ab5
put Where before Find
2023-01-20 10:50:29 +01:00
Kristoffer Dalby
90287a6735
gofumpt
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby
e3a2593344
Rename [Nn]amespace -> [Uu]ser in go code
...
Use gopls, ag and perl to rename all occurances of Namespace
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Even Holthe
dd173ecc1f
Refresh machines with correct new expiry
2023-01-12 13:43:21 +01:00
Allen
a6c8718a97
ToStringSlice will lead to high CPU usage, early conversion can reduce cpu usage
2023-01-11 08:45:54 +01:00
Juan Font
66ebbf3ecb
Preload AuthKey in machine getters
2023-01-05 14:59:02 +01:00
Juan Font
4de49f5f49
Add isEphemeral() method to Machine
2023-01-05 14:59:02 +01:00
Even Holthe
7157e14aff
add expiration from OIDC token to machine
2023-01-04 09:23:52 +01:00
Allen
4e2c4f92d3
reflect.DeepEqual is a value copy that causes golang to continuously allocate memory
2023-01-03 18:09:18 +01:00
Juan Font
9b98c3b79f
Send in AllowedIPs both primary routes AND enabled exit routes
2023-01-03 13:34:55 +01:00
Juan Font
593040b73d
Run the Noise handlers under a new struct so we can access the noiseConn from the handlers
...
In TS2021 the MachineKey can be obtained from noiseConn.Peer() - contrary to what I thought before,
where I assumed MachineKey was dropped in TS2021.
By having a ts2021App and hanging from there the TS2021 handlers, we can fetch again the MachineKey.
2022-12-21 20:52:08 +01:00
Juan Font
6e890afc5f
Minor linting fixes
2022-12-21 08:28:53 +01:00
Fatih Acar
2afba0233b
fix(routes): ensure routes are correctly propagated
...
When using Tailscale v1.34.1, enabling or disabling a route does not
effectively add or remove the route from the node's routing table.
We must restart tailscale on the node to have a netmap update.
Fix this by refreshing last state change so that a netmap diff is sent.
Also do not include secondary routes in allowedIPs, otherwise secondary
routes might be used by nodes instead of the primary route.
Signed-off-by: Fatih Acar <facar@scaleway.com>
2022-12-20 15:39:59 +01:00
Juan Font
55b198a16a
Clients are offline when expired
2022-12-19 15:56:12 +01:00
Juan Font
000c02dad9
Show online in CLI & API when isOnline() reports so
2022-12-15 00:13:53 -08:00
Juan Font
8170f5e693
Removed unused code and linting fixes
...
Another bunch of gosec/golint related fixes
Remove method no longer used
2022-12-06 08:17:14 +01:00
Juan Font
6718ff71d3
Added helper methods for subnet failover + unit tests
...
Added method to perform subnet failover
Added tests for subnet failover
2022-12-06 08:17:14 +01:00
Juan Font
b62acff2e3
Refactor machine.go, and move functionality to routes.go + unit tests
...
Port routes tests to new model
Mark as primary the first instance of subnet + tests
In preparation for subnet failover, mark the initial occurrence of a subnet as the primary one.
2022-12-06 08:17:14 +01:00
Even Holthe
52a323b90d
Add SSH capability advertisement
...
Advertises the SSH capability, and parses the SSH ACLs to pass to the
tailscale client. Doesn’t support ‘autogroup’ ACL functionality.
Co-authored-by: Daniel Brooks <db48x@headline.com>
2022-11-26 11:53:31 +01:00
LiuHanCheng
07f92e647c
fix bug in #912 ( #914 )
2022-11-05 09:07:22 +01:00
Kristoffer Dalby
bc1c1f5ce8
Fix most nil pointers, actually make it check for unique across headscale
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-21 14:42:37 +02:00
=
2aebd2927d
Random suffix only on collision.
...
0.16.0 introduced random suffixes to all machine given names
(DNS hostnames) regardless of collisions within a namespace.
This commit brings Headscale more inline with Tailscale by only
adding a suffix if the hostname will collide within the namespace.
The suffix generation differs from Tailscale.
See https://tailscale.com/kb/1098/machine-names/
2022-10-03 09:13:56 +02:00
Juan Font
adb352e663
Merge branch 'main' into autoapprovers
2022-09-21 17:53:17 +02:00
Juan Font
9c58395bb3
Removed unused param after routes fix
2022-09-18 21:40:52 +00:00
Kristoffer Dalby
f2da1a1665
Add comment and update changelog
...
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-09-18 12:14:49 +02:00
Kristoffer Dalby
356b76fc56
Format
...
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-09-18 11:37:38 +02:00
Kristoffer Dalby
33ae56acfa
Add primary routes to node
...
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-09-18 11:36:35 +02:00
Benjamin George Roberts
688cba7292
fix linting mistakes
2022-09-07 21:39:56 +10:00
Benjamin George Roberts
842c28adff
replace netaddr usage with netip
2022-09-05 09:33:53 +10:00
Juan Font
9810d84e2d
Merge branch 'main' into autoapprovers
2022-09-04 22:40:08 +02:00
Juan Font Alonso
a24710a961
Migrate machine to net/netip
2022-09-02 00:04:31 +02:00
Benjamin George Roberts
60cc9ddb3b
Add test for autoApprovers feature
2022-08-25 22:15:19 +10:00
Benjamin George Roberts
7653ad40d6
Split GetRouteApprovers from EnableAutoApprovedRoutes
2022-08-25 22:12:30 +10:00
Benjamin George Roberts
004ebcaba1
initial implementation of autoApprovers support
2022-08-25 22:00:04 +10:00
Juan Font Alonso
e20e818a42
Integrate expiration fixes ( #754 ) in TS2021 branch
2022-08-20 11:46:44 +02:00
Juan Font
2f554133c5
Move comment up
...
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-08-19 23:49:06 +02:00
Laurent Marchaud
e85562268d
Switch to using nodeKey instead of machineKey for expired machines registration
...
Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
2022-08-19 15:48:35 +02:00