78 Commits

Author SHA1 Message Date
Kristoffer Dalby
735b185e7f use IPSet in acls instead of string slice
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
644be822d5 move matcher to separate file
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
56b63c6e10 use netipx.IPSet for matcher
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
10320a5f1f lint and nolint tailscale borrowed func
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
ecd62fb785 remove terrible filter code
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
889d5a1b29 testing without that horrible filtercode
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
1700a747f6 outline tests for full filter generate
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
200e3b88cc make generateFilterRule a pol struct func
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
5bbbe437df clear up the acl function naming
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Kristoffer Dalby
6de53e2f8d simplify expandAlias function, move seperate logic out
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
Philipp Krivanec
d0113732fe
optimize generateACLPeerCacheMap (#1377) 2023-04-26 06:02:54 +02:00
Kristoffer Dalby
5e74ca9414
Fix IPv6 in ACLs (#1339) 2023-04-16 12:26:35 +02:00
Juan Font
dfc5d861c7 Fix CIDR calculation in expandACLPeerAddr 2023-04-05 09:44:46 +02:00
Kristoffer Dalby
ceeef40cdf
Add tests to verify "Hosts" aliases in ACL (#1304) 2023-04-03 10:08:48 +02:00
Kristoffer Dalby
c7b459b615
Fix issue where ACL * would filter out returning connections (#1279) 2023-03-27 19:19:32 +02:00
Kristoffer Dalby
a5562850a7
MapResponse optimalisations, peer list integration tests (#1254)
Co-authored-by: Allen <979347228@qq.com>
2023-03-06 17:50:26 +01:00
Kristoffer Dalby
83a538cc95 Rename IP specific function, add missing test case
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 15:56:38 +01:00
Kristoffer Dalby
e3a2593344 Rename [Nn]amespace -> [Uu]ser in go code
Use gopls, ag and perl to rename all occurances of Namespace

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Juan Font
6c2d6fa302 Do not explicitly set the protocols when ommited in ACL 2022-12-05 21:45:18 +01:00
Juan Font
54f701ff92 generateACLPolicy() no longer a Headscale method 2022-12-03 15:43:40 +01:00
Kristoffer Dalby
c02e105065 Mark the flag properly experimental
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby
c6d31747f7 Add feature flag for SSH, and warning
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Even Holthe
52a323b90d Add SSH capability advertisement
Advertises the SSH capability, and parses the SSH ACLs to pass to the
tailscale client. Doesn’t support ‘autogroup’ ACL functionality.

Co-authored-by: Daniel Brooks <db48x@headline.com>
2022-11-26 11:53:31 +01:00
Juan Font Alonso
198e92c08f Remove dependency on netaddr 2022-09-03 23:46:14 +02:00
Juan Font Alonso
1e7b57e513 Minor fix to linting issue introduced in #707 2022-08-11 14:12:45 +02:00
Adrien Raffin-Caboisse
79688e6187
chore(all): apply formater 2022-08-04 10:47:00 +02:00
Adrien Raffin-Caboisse
babf9470c2
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes
This commit fix issue #563
2022-08-04 10:42:47 +02:00
Juan Font Alonso
10cd87e5a2 Lint fixes 1/n 2022-06-26 11:43:17 +02:00
Juan Font Alonso
735a6aaa39 Use const for IANA protcol numbers 2022-06-11 14:09:08 +02:00
Juan Font Alonso
8287ba24b9 Do not lint the protocol magic numbers
I happily use https://pkg.go.dev/golang.org/x/net/internal/iana, but it is internal
2022-06-08 17:55:32 +02:00
Juan Font Alonso
ab1aac9f3e Improve ACLs by adding protocol parsing support 2022-06-08 17:43:59 +02:00
Juan Font Alonso
3e353004b8 Migrate ACLs syntax to new Tailscale format
Implements #617.

Tailscale has changed the format of their ACLs to use a more firewall-y terms ("users" & "ports" -> "src" & "dst"). They have also started using all-lowercase tags. This PR applies these changes.
2022-06-08 13:40:15 +02:00
Anton Schubert
6dccfee862 Fix forced Tags with legitimate tagOwners
Also replace loops contains
2022-06-01 15:43:32 +02:00
Adrien Raffin-Caboisse
4435a4f19d
chore: apply lint recommendations 2022-05-16 14:59:46 +02:00
Adrien Raffin-Caboisse
8061abe279 refact: use generics for contains functions 2022-04-25 22:17:23 +02:00
Adrien Raffin-Caboisse
b9fee36f6e
fix: linting 2022-04-21 23:56:58 +02:00
Adrien Raffin-Caboisse
98f54c9f7f
chore: apply format and lint 2022-04-15 18:27:57 +02:00
Adrien Raffin-Caboisse
cd1d10761f
feat(acls): add support for forced tags 2022-04-15 18:01:13 +02:00
Adrien Raffin-Caboisse
41efe98953
fix: apply fmt and fix missing name changes 2022-03-07 23:20:30 +01:00
Adrien Raffin-Caboisse
1114449601
change: update name of method to check and normalize Domain name 2022-03-06 20:46:17 +01:00
Adrien Raffin-Caboisse
6f172a6e4c
fix(acls): remove dead error code 2022-03-03 23:53:08 +01:00
Adrien Raffin-Caboisse
4a4952899b
feat(acls): add some logs and skip error
logs looks like the following
```
2022-03-02T20:43:08Z DBG Expanding alias=app-test
2022-03-02T20:43:08Z DBG Expanding alias=kube-test
2022-03-02T20:43:08Z DBG Expanding alias=test
2022-03-02T20:43:08Z WRN No IPs found with the alias test
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
```
2022-03-02 21:54:43 +01:00
Kristoffer Dalby
c80e364f02 Remove always nil error 2022-03-02 08:15:14 +00:00
Kristoffer Dalby
5b169010be Resolve merge conflict 2022-03-02 08:11:50 +00:00
Adrien Raffin-Caboisse
a455a874ad
feat(acls): normalize the group name 2022-03-01 21:10:52 +01:00
Kristoffer Dalby
6477e6a583 Use new machine types 2022-03-01 16:34:24 +00:00
Kristoffer Dalby
8a3a0b6403 Add YAML support to ACLs 2022-02-27 09:04:48 +01:00
Kristoffer Dalby
e03b3d558f Remove boundries between namespaces 2022-02-25 10:26:34 +01:00
Adrien Raffin-Caboisse
50af44bc2f fix: add error checking in acl and poll
If aclPolicy is not defined, in updateAclPolicy, return an error.
2022-02-21 20:06:31 +01:00
Adrien Raffin-Caboisse
d00251c63e fix(acls,machines): apply code review suggestions 2022-02-20 21:26:20 +01:00