2020-02-05 14:16:58 -08:00
// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package tailcfg
2021-04-08 01:35:14 -07:00
//go:generate go run tailscale.com/cmd/cloner --type=User,Node,Hostinfo,NetInfo,Login,DNSConfig,DNSResolver,RegisterResponse --clonefunc=true --output=tailcfg_clone.go
2020-07-27 10:40:34 -07:00
2020-02-05 14:16:58 -08:00
import (
"bytes"
"errors"
"fmt"
2020-02-15 22:23:58 -08:00
"reflect"
2020-02-05 14:16:58 -08:00
"strings"
"time"
2020-06-18 19:32:55 -07:00
"go4.org/mem"
2020-07-31 16:27:09 -04:00
"inet.af/netaddr"
2020-06-18 19:32:55 -07:00
"tailscale.com/types/key"
2020-02-25 14:05:17 -08:00
"tailscale.com/types/opt"
2020-05-03 13:58:39 -07:00
"tailscale.com/types/structs"
2021-01-25 17:41:39 -05:00
"tailscale.com/util/dnsname"
2020-02-05 14:16:58 -08:00
)
2021-01-05 10:37:15 -08:00
// CurrentMapRequestVersion is the current MapRequest.Version value.
//
// History of versions:
// 3: implicit compression, keep-alives
// 4: opt-in keep-alives via KeepAlive field, opt-in compression via Compress
// 5: 2020-10-19, implies IncludeIPv6, delta Peers/UserProfiles, supports MagicDNS
// 6: 2020-12-07: means MapResponse.PacketFilter nil means unchanged
// 7: 2020-12-15: FilterRule.SrcIPs accepts CIDRs+ranges, doesn't warn about 0.0.0.0/::
2021-03-03 12:01:15 -08:00
// 8: 2020-12-19: client can buggily receive IPv6 addresses and routes if beta enabled server-side
2021-01-05 10:37:15 -08:00
// 9: 2020-12-30: client doesn't auto-add implicit search domains from peers; only DNSConfig.Domains
2021-01-17 12:00:56 -08:00
// 10: 2021-01-17: client understands MapResponse.PeerSeenChange
2021-03-03 15:06:35 -08:00
// 11: 2021-03-03: client understands IPv6, multiple default routes, and goroutine dumping
2021-03-04 20:54:44 -08:00
// 12: 2021-03-04: client understands PingRequest
2021-03-17 14:24:32 -07:00
// 13: 2021-03-19: client understands FilterRule.IPProto
2021-04-08 01:35:14 -07:00
// 14: 2021-04-07: client understands DNSConfig.Routes and DNSConfig.Resolvers
const CurrentMapRequestVersion = 14
2021-01-05 10:37:15 -08:00
2021-01-20 18:34:50 -08:00
type StableID string
2020-02-05 14:16:58 -08:00
type ID int64
type UserID ID
2020-09-29 17:38:56 -07:00
func ( u UserID ) IsZero ( ) bool {
return u == 0
}
2020-02-05 14:16:58 -08:00
type LoginID ID
2020-09-30 17:55:12 -07:00
func ( u LoginID ) IsZero ( ) bool {
return u == 0
}
2020-02-05 14:16:58 -08:00
type NodeID ID
2020-09-29 17:38:56 -07:00
func ( u NodeID ) IsZero ( ) bool {
return u == 0
}
2021-01-20 18:34:50 -08:00
type StableNodeID StableID
func ( u StableNodeID ) IsZero ( ) bool {
return u == ""
}
2020-02-17 13:17:40 -08:00
// MachineKey is the curve25519 public key for a machine.
2020-02-05 14:16:58 -08:00
type MachineKey [ 32 ] byte
2020-05-15 14:13:44 -06:00
// NodeKey is the curve25519 public key for a node.
2020-02-05 14:16:58 -08:00
type NodeKey [ 32 ] byte
2020-06-18 19:32:55 -07:00
// DiscoKey is the curve25519 public key for path discovery key.
// It's never written to disk or reused between network start-ups.
type DiscoKey [ 32 ] byte
2020-02-05 14:16:58 -08:00
// User is an IPN user.
//
// A user can have multiple logins associated with it (e.g. gmail and github oauth).
// (Note: none of our UIs support this yet.)
//
// Some properties are inhereted from the logins and can be overridden, such as
// display name and profile picture.
//
// Other properties must be the same for all logins associated with a user.
// In particular: domain. If a user has a "tailscale.io" domain login, they cannot
// have a general gmail address login associated with the user.
type User struct {
ID UserID
LoginName string ` json:"-" ` // not stored, filled from Login // TODO REMOVE
DisplayName string // if non-empty overrides Login field
ProfilePicURL string // if non-empty overrides Login field
Domain string
Logins [ ] LoginID
Created time . Time
2020-02-27 12:20:29 -08:00
}
2020-02-05 14:16:58 -08:00
type Login struct {
2020-05-03 13:58:39 -07:00
_ structs . Incomparable
2020-02-05 14:16:58 -08:00
ID LoginID
Provider string
LoginName string
DisplayName string
ProfilePicURL string
Domain string
}
// A UserProfile is display-friendly data for a user.
// It includes the LoginName for display purposes but *not* the Provider.
// It also includes derived data from one of the user's logins.
type UserProfile struct {
ID UserID
2020-06-12 08:17:03 -07:00
LoginName string // "alice@smith.com"; for display purposes only (provider is not listed)
DisplayName string // "Alice Smith"
2020-02-05 14:16:58 -08:00
ProfilePicURL string
2021-04-01 14:44:40 -07:00
// Roles exists for legacy reasons, to keep old macOS clients
// happy. It JSON marshals as [].
Roles emptyStructJSONSlice
}
type emptyStructJSONSlice struct { }
var emptyJSONSliceBytes = [ ] byte ( "[]" )
func ( emptyStructJSONSlice ) MarshalJSON ( ) ( [ ] byte , error ) {
return emptyJSONSliceBytes , nil
2020-02-05 14:16:58 -08:00
}
2021-04-01 14:44:40 -07:00
func ( emptyStructJSONSlice ) UnmarshalJSON ( [ ] byte ) error { return nil }
2020-02-05 14:16:58 -08:00
type Node struct {
2021-01-20 18:34:50 -08:00
ID NodeID
StableID StableNodeID
Name string // DNS
2021-01-05 13:52:33 -08:00
// User is the user who created the node. If ACL tags are in
// use for the node then it doesn't reflect the ACL identity
// that the node is running as.
User UserID
// Sharer, if non-zero, is the user who shared this node, if different than User.
Sharer UserID ` json:",omitempty" `
2020-02-05 14:16:58 -08:00
Key NodeKey
KeyExpiry time . Time
Machine MachineKey
2020-06-18 19:32:55 -07:00
DiscoKey DiscoKey
2020-12-24 12:33:55 -08:00
Addresses [ ] netaddr . IPPrefix // IP addresses of this Node directly
AllowedIPs [ ] netaddr . IPPrefix // range of IP addresses to route to this node
Endpoints [ ] string ` json:",omitempty" ` // IP+port (public via STUN, and local LANs)
DERP string ` json:",omitempty" ` // DERP-in-IP:port ("127.3.3.40:N") endpoint
2020-02-05 14:16:58 -08:00
Hostinfo Hostinfo
Created time . Time
LastSeen * time . Time ` json:",omitempty" `
2020-11-25 10:27:01 -08:00
KeepAlive bool ` json:",omitempty" ` // open and keep open a connection to this peer
2020-03-14 10:56:52 -05:00
2020-11-25 10:27:01 -08:00
MachineAuthorized bool ` json:",omitempty" ` // TODO(crawshaw): replace with MachineStatus
2021-01-27 11:50:31 -05:00
2021-04-01 14:03:34 -07:00
// Capabilities are capabilities that the node has.
// They're free-form strings, but should be in the form of URLs/URIs
// such as:
// "https://tailscale.com/cap/is-admin"
// "https://tailscale.com/cap/recv-file"
Capabilities [ ] string ` json:",omitempty" `
2021-01-27 11:50:31 -05:00
// The following three computed fields hold the various names that can
// be used for this node in UIs. They are populated from controlclient
// (not from control) by calling node.InitDisplayNames. These can be
// used directly or accessed via node.DisplayName or node.DisplayNames.
ComputedName string ` json:",omitempty" ` // MagicDNS base name (for normal non-shared-in nodes), FQDN (without trailing dot, for shared-in nodes), or Hostname (if no MagicDNS)
computedHostIfDifferent string // hostname, if different than ComputedName, otherwise empty
ComputedNameWithHost string ` json:",omitempty" ` // either "ComputedName" or "ComputedName (computedHostIfDifferent)", if computedHostIfDifferent is set
2020-02-05 14:16:58 -08:00
}
2021-01-27 11:50:31 -05:00
// DisplayName returns the user-facing name for a node which should
// be shown in client UIs.
//
// Parameter forOwner specifies whether the name is requested by
// the owner of the node. When forOwner is false, the hostname is
// never included in the return value.
//
// Return value is either either "Name" or "Name (Hostname)", where
// Name is the node's MagicDNS base name (for normal non-shared-in
// nodes), FQDN (without trailing dot, for shared-in nodes), or
// Hostname (if no MagicDNS). Hostname is only included in the
// return value if it varies from Name and forOwner is provided true.
//
// DisplayName is only valid if InitDisplayNames has been called.
func ( n * Node ) DisplayName ( forOwner bool ) string {
if forOwner {
return n . ComputedNameWithHost
2021-01-25 17:41:39 -05:00
}
2021-01-27 11:50:31 -05:00
return n . ComputedName
}
// DisplayName returns the decomposed user-facing name for a node.
//
// Parameter forOwner specifies whether the name is requested by
// the owner of the node. When forOwner is false, hostIfDifferent
// is always returned empty.
//
// Return value name is the node's primary name, populated with the
// node's MagicDNS base name (for normal non-shared-in nodes), FQDN
// (without trailing dot, for shared-in nodes), or Hostname (if no
// MagicDNS).
//
// Return value hostIfDifferent, when non-empty, is the node's
// hostname. hostIfDifferent is only populated when the hostname
// varies from name and forOwner is provided as true.
//
// DisplayNames is only valid if InitDisplayNames has been called.
func ( n * Node ) DisplayNames ( forOwner bool ) ( name , hostIfDifferent string ) {
if forOwner {
return n . ComputedName , n . computedHostIfDifferent
2021-01-25 17:41:39 -05:00
}
2021-01-27 11:50:31 -05:00
return n . ComputedName , ""
}
// InitDisplayNames computes and populates n's display name
// fields: n.ComputedName, n.computedHostIfDifferent, and
// n.ComputedNameWithHost.
func ( n * Node ) InitDisplayNames ( networkMagicDNSSuffix string ) {
2021-02-18 17:15:38 -05:00
name := dnsname . TrimSuffix ( n . Name , networkMagicDNSSuffix )
hostIfDifferent := dnsname . SanitizeHostname ( n . Hostinfo . Hostname )
2021-01-27 11:50:31 -05:00
if strings . EqualFold ( name , hostIfDifferent ) {
hostIfDifferent = ""
}
if name == "" {
if hostIfDifferent != "" {
name = hostIfDifferent
hostIfDifferent = ""
} else {
name = n . Key . String ( )
}
}
var nameWithHost string
if hostIfDifferent != "" {
nameWithHost = fmt . Sprintf ( "%s (%s)" , name , hostIfDifferent )
} else {
nameWithHost = name
}
n . ComputedName = name
n . computedHostIfDifferent = hostIfDifferent
n . ComputedNameWithHost = nameWithHost
2021-01-25 17:41:39 -05:00
}
2020-02-05 14:16:58 -08:00
type MachineStatus int
const (
MachineUnknown = MachineStatus ( iota )
MachineUnauthorized // server has yet to approve
MachineAuthorized // server has approved
MachineInvalid // server has explicitly rejected this machine key
)
func ( m MachineStatus ) MarshalText ( ) ( [ ] byte , error ) {
return [ ] byte ( m . String ( ) ) , nil
}
func ( m * MachineStatus ) UnmarshalText ( b [ ] byte ) error {
switch string ( b ) {
case "machine-unknown" :
* m = MachineUnknown
case "machine-unauthorized" :
* m = MachineUnauthorized
case "machine-authorized" :
* m = MachineAuthorized
case "machine-invalid" :
* m = MachineInvalid
default :
var val int
if _ , err := fmt . Sscanf ( string ( b ) , "machine-unknown(%d)" , & val ) ; err != nil {
* m = MachineStatus ( val )
} else {
* m = MachineUnknown
}
}
return nil
}
func ( m MachineStatus ) String ( ) string {
switch m {
case MachineUnknown :
return "machine-unknown"
case MachineUnauthorized :
return "machine-unauthorized"
case MachineAuthorized :
return "machine-authorized"
case MachineInvalid :
return "machine-invalid"
default :
return fmt . Sprintf ( "machine-unknown(%d)" , int ( m ) )
}
}
2020-11-10 22:26:23 -05:00
func isNum ( b byte ) bool {
return b >= '0' && b <= '9'
}
func isAlpha ( b byte ) bool {
return ( b >= 'A' && b <= 'Z' ) || ( b >= 'a' && b <= 'z' )
}
2020-05-01 01:01:27 -04:00
2020-11-03 16:10:23 -08:00
// CheckTag validates tag for use as an ACL tag.
2020-05-01 01:01:27 -04:00
// For now we allow only ascii alphanumeric tags, and they need to start
// with a letter. No unicode shenanigans allowed, and we reserve punctuation
// marks other than '-' for a possible future URI scheme.
//
// Because we're ignoring unicode entirely, we can treat utf-8 as a series of
// bytes. Anything >= 128 is disqualified anyway.
//
// We might relax these rules later.
func CheckTag ( tag string ) error {
if ! strings . HasPrefix ( tag , "tag:" ) {
return errors . New ( "tags must start with 'tag:'" )
}
2020-11-10 22:26:23 -05:00
tag = tag [ 4 : ]
2020-05-01 01:01:27 -04:00
if tag == "" {
return errors . New ( "tag names must not be empty" )
}
2020-11-10 22:26:23 -05:00
if ! isAlpha ( tag [ 0 ] ) {
return errors . New ( "tag names must start with a letter, after 'tag:'" )
2020-10-28 07:59:57 -07:00
}
2020-11-10 22:26:23 -05:00
for _ , b := range [ ] byte ( tag ) {
if ! isNum ( b ) && ! isAlpha ( b ) && b != '-' {
2020-05-01 01:01:27 -04:00
return errors . New ( "tag names can only contain numbers, letters, or dashes" )
}
}
2020-11-10 22:26:23 -05:00
2020-05-01 01:01:27 -04:00
return nil
}
2020-11-03 16:10:23 -08:00
// CheckRequestTags checks that all of h.RequestTags are valid.
func ( h * Hostinfo ) CheckRequestTags ( ) error {
if h == nil {
return nil
}
for _ , tag := range h . RequestTags {
2020-11-03 16:19:20 -08:00
if err := CheckTag ( tag ) ; err != nil {
return fmt . Errorf ( "tag(%#v): %w" , tag , err )
2020-11-03 16:10:23 -08:00
}
}
return nil
}
2020-02-05 14:16:58 -08:00
type ServiceProto string
const (
TCP = ServiceProto ( "tcp" )
UDP = ServiceProto ( "udp" )
)
type Service struct {
2020-05-03 13:58:39 -07:00
_ structs . Incomparable
2020-02-05 14:16:58 -08:00
Proto ServiceProto // TCP or UDP
Port uint16 // port number service is listening on
2020-10-19 08:30:36 -07:00
Description string ` json:",omitempty" ` // text description of service
2020-02-05 14:16:58 -08:00
// TODO(apenwarr): allow advertising services on subnet IPs?
// TODO(apenwarr): add "tags" here for each service?
}
2020-02-25 10:04:20 -08:00
// Hostinfo contains a summary of a Tailscale host.
//
// Because it contains pointers (slices), this type should not be used
// as a value type.
2020-02-05 14:16:58 -08:00
type Hostinfo struct {
// TODO(crawshaw): mark all these fields ",omitempty" when all the
// iOS apps are updated with the latest swift version of this struct.
2020-12-24 12:33:55 -08:00
IPNVersion string ` json:",omitempty" ` // version of this code
FrontendLogID string ` json:",omitempty" ` // logtail ID of frontend instance
BackendLogID string ` json:",omitempty" ` // logtail ID of backend instance
OS string // operating system the client runs on (a version.OS value)
OSVersion string ` json:",omitempty" ` // operating system version, with optional distro prefix ("Debian 10.4", "Windows 10 Pro 10.0.19041")
2021-02-15 12:58:56 -08:00
Package string ` json:",omitempty" ` // Tailscale package to disambiguate ("choco", "appstore", etc; "" for unknown)
2020-12-24 12:33:55 -08:00
DeviceModel string ` json:",omitempty" ` // mobile phone model ("Pixel 3a", "iPhone 11 Pro")
Hostname string // name of the host the client runs on
ShieldsUp bool ` json:",omitempty" ` // indicates whether the host is blocking incoming connections
ShareeNode bool ` json:",omitempty" ` // indicates this node exists in netmap because it's owned by a shared-to user
GoArch string ` json:",omitempty" ` // the host's GOARCH value (of the running binary)
RoutableIPs [ ] netaddr . IPPrefix ` json:",omitempty" ` // set of IP ranges this client can route
RequestTags [ ] string ` json:",omitempty" ` // set of ACL tags this node wants to claim
Services [ ] Service ` json:",omitempty" ` // services advertised by this machine
NetInfo * NetInfo ` json:",omitempty" `
2020-02-05 14:16:58 -08:00
// NOTE: any new fields containing pointers in this type
2020-11-23 09:28:32 -05:00
// require changes to Hostinfo.Equal.
2020-02-05 14:16:58 -08:00
}
2020-02-25 14:05:17 -08:00
// NetInfo contains information about the host's network state.
type NetInfo struct {
// MappingVariesByDestIP says whether the host's NAT mappings
// vary based on the destination IP.
MappingVariesByDestIP opt . Bool
2020-02-28 14:14:02 -08:00
// HairPinning is their router does hairpinning.
// It reports true even if there's no NAT involved.
HairPinning opt . Bool
2020-02-25 14:05:17 -08:00
// WorkingIPv6 is whether IPv6 works.
WorkingIPv6 opt . Bool
// WorkingUDP is whether UDP works.
WorkingUDP opt . Bool
2021-03-09 15:09:10 -08:00
// HavePortMap is whether we have an existing portmap open
// (UPnP, PMP, or PCP).
HavePortMap bool ` json:",omitempty" `
2020-07-06 13:51:17 -07:00
// UPnP is whether UPnP appears present on the LAN.
// Empty means not checked.
UPnP opt . Bool
// PMP is whether NAT-PMP appears present on the LAN.
// Empty means not checked.
PMP opt . Bool
// PCP is whether PCP appears present on the LAN.
// Empty means not checked.
PCP opt . Bool
2020-03-03 22:21:56 -08:00
// PreferredDERP is this node's preferred DERP server
// for incoming traffic. The node might be be temporarily
// connected to multiple DERP servers (to send to other nodes)
// but PreferredDERP is the instance number that the node
// subscribes to traffic at.
// Zero means disconnected or unknown.
PreferredDERP int
// LinkType is the current link type, if known.
2020-10-19 08:30:36 -07:00
LinkType string ` json:",omitempty" ` // "wired", "wifi", "mobile" (LTE, 4G, 3G, etc)
2020-03-03 22:21:56 -08:00
2020-02-25 14:05:17 -08:00
// DERPLatency is the fastest recent time to reach various
2020-05-17 09:51:38 -07:00
// DERP STUN servers, in seconds. The map key is the
// "regionID-v4" or "-v6"; it was previously the DERP server's
// STUN host:port.
2020-02-25 14:05:17 -08:00
//
// This should only be updated rarely, or when there's a
// material change, as any change here also gets uploaded to
// the control plane.
DERPLatency map [ string ] float64 ` json:",omitempty" `
2020-03-03 22:21:56 -08:00
2020-11-23 09:28:32 -05:00
// Update BasicallyEqual when adding fields.
2020-03-03 22:21:56 -08:00
}
2020-03-13 01:29:47 -04:00
func ( ni * NetInfo ) String ( ) string {
2020-03-23 13:34:09 +11:00
if ni == nil {
return "NetInfo(nil)"
}
2020-07-06 13:51:17 -07:00
return fmt . Sprintf ( "NetInfo{varies=%v hairpin=%v ipv6=%v udp=%v derp=#%v portmap=%v link=%q}" ,
2020-03-13 01:29:47 -04:00
ni . MappingVariesByDestIP , ni . HairPinning , ni . WorkingIPv6 ,
2020-07-06 13:51:17 -07:00
ni . WorkingUDP , ni . PreferredDERP ,
ni . portMapSummary ( ) ,
ni . LinkType )
}
func ( ni * NetInfo ) portMapSummary ( ) string {
2021-03-09 15:09:10 -08:00
if ! ni . HavePortMap && ni . UPnP == "" && ni . PMP == "" && ni . PCP == "" {
2020-07-07 18:54:41 -07:00
return "?"
2020-07-06 13:51:17 -07:00
}
2021-03-09 15:09:10 -08:00
var prefix string
if ni . HavePortMap {
prefix = "active-"
}
return prefix + conciseOptBool ( ni . UPnP , "U" ) + conciseOptBool ( ni . PMP , "M" ) + conciseOptBool ( ni . PCP , "C" )
2020-07-06 13:51:17 -07:00
}
func conciseOptBool ( b opt . Bool , trueVal string ) string {
if b == "" {
return "_"
}
v , ok := b . Get ( )
if ! ok {
return "x"
}
if v {
return trueVal
}
return ""
2020-03-13 01:29:47 -04:00
}
2020-03-03 22:21:56 -08:00
// BasicallyEqual reports whether ni and ni2 are basically equal, ignoring
2020-05-17 09:51:38 -07:00
// changes in DERP ServerLatency & RegionLatency.
2020-03-03 22:21:56 -08:00
func ( ni * NetInfo ) BasicallyEqual ( ni2 * NetInfo ) bool {
if ( ni == nil ) != ( ni2 == nil ) {
return false
}
if ni == nil {
return true
}
return ni . MappingVariesByDestIP == ni2 . MappingVariesByDestIP &&
ni . HairPinning == ni2 . HairPinning &&
ni . WorkingIPv6 == ni2 . WorkingIPv6 &&
ni . WorkingUDP == ni2 . WorkingUDP &&
2021-03-09 15:09:10 -08:00
ni . HavePortMap == ni2 . HavePortMap &&
2020-07-06 13:51:17 -07:00
ni . UPnP == ni2 . UPnP &&
ni . PMP == ni2 . PMP &&
ni . PCP == ni2 . PCP &&
2020-03-03 22:21:56 -08:00
ni . PreferredDERP == ni2 . PreferredDERP &&
ni . LinkType == ni2 . LinkType
2020-02-25 14:05:17 -08:00
}
2020-02-17 19:33:01 -08:00
// Equal reports whether h and h2 are equal.
func ( h * Hostinfo ) Equal ( h2 * Hostinfo ) bool {
2020-07-23 10:41:54 -07:00
if h == nil && h2 == nil {
return true
}
if ( h == nil ) != ( h2 == nil ) {
return false
}
2020-02-17 19:33:01 -08:00
return reflect . DeepEqual ( h , h2 )
}
2021-03-26 10:01:08 -04:00
// SignatureType specifies a scheme for signing RegisterRequest messages. It
// specifies the crypto algorithms to use, the contents of what is signed, and
// any other relevant details. Historically, requests were unsigned so the zero
// value is SignatureNone.
type SignatureType int
const (
// SignatureNone indicates that there is no signature, no Timestamp is
// required (but may be specified if desired), and both DeviceCert and
// Signature should be empty.
SignatureNone = SignatureType ( iota )
// SignatureUnknown represents an unknown signature scheme, which should
// be considered an error if seen.
SignatureUnknown
// SignatureV1 is computed as RSA-PSS-Sign(privateKeyForDeviceCert,
// SHA256(Timestamp || ServerIdentity || DeviceCert || ServerPubKey ||
// MachinePubKey)). The PSS salt length is equal to hash length
// (rsa.PSSSaltLengthEqualsHash). Device cert is required.
SignatureV1
)
func ( st SignatureType ) MarshalText ( ) ( [ ] byte , error ) {
return [ ] byte ( st . String ( ) ) , nil
}
func ( st * SignatureType ) UnmarshalText ( b [ ] byte ) error {
switch string ( b ) {
case "signature-none" :
* st = SignatureNone
case "signature-v1" :
* st = SignatureV1
default :
var val int
if _ , err := fmt . Sscanf ( string ( b ) , "signature-unknown(%d)" , & val ) ; err != nil {
* st = SignatureType ( val )
} else {
* st = SignatureUnknown
}
}
return nil
}
func ( st SignatureType ) String ( ) string {
switch st {
case SignatureNone :
return "signature-none"
case SignatureUnknown :
return "signature-unknown"
case SignatureV1 :
return "signature-v1"
default :
return fmt . Sprintf ( "signature-unknown(%d)" , int ( st ) )
}
}
2020-02-18 06:45:42 -05:00
// RegisterRequest is sent by a client to register the key for a node.
// It is encoded to JSON, encrypted with golang.org/x/crypto/nacl/box,
// using the local machine key, and sent to:
// https://login.tailscale.com/machine/<mkey hex>
2020-02-05 14:16:58 -08:00
type RegisterRequest struct {
2020-05-03 13:58:39 -07:00
_ structs . Incomparable
2020-02-18 06:45:42 -05:00
Version int // currently 1
2020-02-05 14:16:58 -08:00
NodeKey NodeKey
OldNodeKey NodeKey
Auth struct {
2020-05-03 13:58:39 -07:00
_ structs . Incomparable
2020-04-09 17:16:20 +10:00
// One of Provider/LoginName, Oauth2Token, or AuthKey is set.
Provider , LoginName string
2021-03-19 10:21:33 -07:00
Oauth2Token * Oauth2Token
2020-04-09 17:16:20 +10:00
AuthKey string
2020-02-05 14:16:58 -08:00
}
2021-04-08 22:26:27 -07:00
// Expiry optionally specifies the requested key expiry.
// The server policy may override.
// As a special case, if Expiry is in the past and NodeKey is
// the node's current key, the key is expired.
Expiry time . Time
Followup string // response waits until AuthURL is visited
2020-02-25 10:04:20 -08:00
Hostinfo * Hostinfo
2021-03-26 10:01:08 -04:00
// The following fields are not used for SignatureNone and are required for
// SignatureV1:
SignatureType SignatureType ` json:",omitempty" `
Timestamp * time . Time ` json:",omitempty" ` // creation time of request to prevent replay
DeviceCert [ ] byte ` json:",omitempty" ` // X.509 certificate for client device
Signature [ ] byte ` json:",omitempty" ` // as described by SignatureType
2020-02-05 14:16:58 -08:00
}
2020-02-27 12:20:29 -08:00
// Clone makes a deep copy of RegisterRequest.
2020-02-18 06:45:42 -05:00
// The result aliases no memory with the original.
2020-07-24 17:59:49 +10:00
//
// TODO: extend cmd/cloner to generate this method.
2020-02-27 12:20:29 -08:00
func ( req * RegisterRequest ) Clone ( ) * RegisterRequest {
2020-02-25 10:04:20 -08:00
res := new ( RegisterRequest )
* res = * req
if res . Hostinfo != nil {
2020-02-27 12:20:29 -08:00
res . Hostinfo = res . Hostinfo . Clone ( )
2020-02-25 10:04:20 -08:00
}
2020-02-18 06:45:42 -05:00
if res . Auth . Oauth2Token != nil {
tok := * res . Auth . Oauth2Token
res . Auth . Oauth2Token = & tok
}
2021-03-26 10:01:08 -04:00
res . DeviceCert = append ( res . DeviceCert [ : 0 : 0 ] , res . DeviceCert ... )
res . Signature = append ( res . Signature [ : 0 : 0 ] , res . Signature ... )
2020-02-25 10:04:20 -08:00
return res
2020-02-18 06:45:42 -05:00
}
// RegisterResponse is returned by the server in response to a RegisterRequest.
2020-02-05 14:16:58 -08:00
type RegisterResponse struct {
User User
Login Login
NodeKeyExpired bool // if true, the NodeKey needs to be replaced
MachineAuthorized bool // TODO(crawshaw): move to using MachineStatus
AuthURL string // if set, authorization pending
}
2020-02-18 06:45:42 -05:00
// MapRequest is sent by a client to start a long-poll network map updates.
// The request includes a copy of the client's current set of WireGuard
// endpoints and general host information.
//
// The request is encoded to JSON, encrypted with golang.org/x/crypto/nacl/box,
// using the local machine key, and sent to:
// https://login.tailscale.com/machine/<mkey hex>/map
2020-02-05 14:16:58 -08:00
type MapRequest struct {
2020-10-19 15:32:22 -07:00
// Version is incremented whenever the client code changes enough that
// we want to signal to the control server that we're capable of something
// different.
//
2021-01-05 10:37:15 -08:00
// For current values and history, see CurrentMapRequestVersion above.
Version int
2020-10-19 15:32:22 -07:00
Compress string // "zstd" or "" (no compression)
KeepAlive bool // whether server should send keep-alives back to us
NodeKey NodeKey
DiscoKey DiscoKey
Endpoints [ ] string // caller's endpoints (IPv4 or IPv6)
IncludeIPv6 bool ` json:",omitempty" ` // include IPv6 endpoints in returned Node Endpoints (for Version 4 clients)
Stream bool // if true, multiple MapResponse objects are returned
Hostinfo * Hostinfo
2020-07-03 13:55:33 -07:00
2020-09-17 11:28:09 -07:00
// ReadOnly is whether the client just wants to fetch the
// MapResponse, without updating their Endpoints. The
// Endpoints field will be ignored and LastSeen will not be
// updated and peers will not be notified of changes.
//
2020-09-28 14:44:34 -07:00
// The intended use is for clients to discover the DERP map at
2020-09-17 11:28:09 -07:00
// start-up before their first real endpoint update.
ReadOnly bool ` json:",omitempty" `
// OmitPeers is whether the client is okay with the Peers list
// being omitted in the response. (For example, a client on
// start up using ReadOnly to get the DERP map.)
2020-12-15 12:16:15 -08:00
//
// If OmitPeers is true, Stream is false, and ReadOnly is false,
// then the server will let clients update their endpoints without
// breaking existing long-polling (Stream == true) connections.
2020-09-17 11:28:09 -07:00
OmitPeers bool ` json:",omitempty" `
2020-10-19 22:56:59 +00:00
// DebugFlags is a list of strings specifying debugging and
// development features to enable in handling this map
// request. The values are deliberately unspecified, as they get
// added and removed all the time during development, and offer no
// compatibility promise. To roll out semantic changes, bump
// Version instead.
2020-11-04 13:48:50 -08:00
//
// Current DebugFlags values are:
// * "warn-ip-forwarding-off": client is trying to be a subnet
// router but their IP forwarding is broken.
2021-02-18 08:58:13 -08:00
// * "warn-router-unhealthy": client's Router implementation is
// having problems.
2021-02-03 16:11:46 -08:00
// * "v6-overlay": IPv6 development flag to have control send
// v6 node addrs
2020-12-01 18:16:39 -08:00
// * "minimize-netmap": have control minimize the netmap, removing
// peers that are unreachable per ACLS.
2020-10-19 22:56:59 +00:00
DebugFlags [ ] string ` json:",omitempty" `
2020-02-05 14:16:58 -08:00
}
2020-04-30 01:49:17 -04:00
// PortRange represents a range of UDP or TCP port numbers.
type PortRange struct {
First uint16
Last uint16
}
var PortRangeAny = PortRange { 0 , 65535 }
2020-12-14 08:21:41 -08:00
// NetPortRange represents a range of ports that's allowed for one or more IPs.
2020-04-30 01:49:17 -04:00
type NetPortRange struct {
2020-05-03 13:58:39 -07:00
_ structs . Incomparable
2020-12-14 08:21:41 -08:00
IP string // IP, CIDR, Range, or "*" (same formats as FilterRule.SrcIPs)
Bits * int // deprecated; the old way to turn IP into a CIDR
2020-04-30 01:49:17 -04:00
Ports PortRange
}
// FilterRule represents one rule in a packet filter.
2020-11-05 11:54:54 -08:00
//
// A rule is logically a set of source CIDRs to match (described by
// SrcIPs and SrcBits), and a set of destination targets that are then
// allowed if a source IP is mathces of those CIDRs.
2020-04-30 01:49:17 -04:00
type FilterRule struct {
2020-11-05 11:54:54 -08:00
// SrcIPs are the source IPs/networks to match.
2020-12-14 08:21:41 -08:00
//
// It may take the following forms:
// * an IP address (IPv4 or IPv6)
// * the string "*" to match everything (both IPv4 & IPv6)
// * a CIDR (e.g. "192.168.0.0/16")
// * a range of two IPs, inclusive, separated by hyphen ("2eff::1-2eff::0800")
2020-11-05 11:54:54 -08:00
SrcIPs [ ] string
2020-12-14 08:21:41 -08:00
// SrcBits is deprecated; it's the old way to specify a CIDR
// prior to MapRequest.Version 7. Its values correspond to the
// SrcIPs above.
2020-11-05 11:54:54 -08:00
//
2020-12-14 08:21:41 -08:00
// If an entry of SrcBits is present for the same index as a
// SrcIPs entry, it changes the SrcIP above to be a network
// with /n CIDR bits. If the slice is nil or insufficiently
// long, the default value (for an IPv4 address) for a
// position is 32, as if the SrcIPs above were a /32 mask. For
// a "*" SrcIPs value, the corresponding SrcBits value is
// ignored.
2021-01-05 10:54:01 -08:00
SrcBits [ ] int ` json:",omitempty" `
2020-11-05 11:54:54 -08:00
// DstPorts are the port ranges to allow once a source IP
// matches (is in the CIDR described by SrcIPs & SrcBits).
2020-04-30 01:49:17 -04:00
DstPorts [ ] NetPortRange
2021-03-17 14:24:32 -07:00
// IPProto are the IP protocol numbers to match.
//
// As a special case, nil or empty means TCP, UDP, and ICMP.
//
// Numbers outside the uint8 range (below 0 or above 255) are
// reserved for Tailscale's use. Unknown ones are ignored.
//
// Depending on the IPProto values, DstPorts may or may not be
// used.
IPProto [ ] int ` json:",omitempty" `
2020-04-30 01:49:17 -04:00
}
var FilterAllowAll = [ ] FilterRule {
2020-10-26 08:53:07 -07:00
{
2020-04-30 01:49:17 -04:00
SrcIPs : [ ] string { "*" } ,
SrcBits : nil ,
2020-10-26 08:53:07 -07:00
DstPorts : [ ] NetPortRange { {
2020-04-30 01:49:17 -04:00
IP : "*" ,
Bits : nil ,
Ports : PortRange { 0 , 65535 } ,
} } ,
} ,
}
2021-04-08 01:35:14 -07:00
// DNSResolver is the configuration for one DNS resolver.
type DNSResolver struct {
// Addr is the address of the DNS resolver, one of:
// - A plain IP address for a "classic" UDP+TCP DNS resolver
// - [TODO] "tls://resolver.com" for DNS over TCP+TLS
// - [TODO] "https://resolver.com/query-tmpl" for DNS over HTTPS
Addr string ` json:",omitempty" `
// BootstrapResolution is an optional suggested resolution for the
// DoT/DoH resolver, if the resolver URL does not reference an IP
// address directly.
// BootstrapResolution may be empty, in which case clients should
// look up the DoT/DoH server using their local "classic" DNS
// resolver.
BootstrapResolution [ ] netaddr . IP ` json:",omitempty" `
}
2020-07-31 16:27:09 -04:00
// DNSConfig is the DNS configuration.
type DNSConfig struct {
2021-04-08 01:35:14 -07:00
// Resolvers are the DNS resolvers to use, in order of preference.
Resolvers [ ] DNSResolver ` json:",omitempty" `
// Routes maps DNS name suffixes to a set of DNS resolvers to
// use. It is used to implement "split DNS" and other advanced DNS
// routing overlays.
// Map keys must be fully-qualified DNS name suffixes, with a
// trailing dot but no leading dot.
Routes map [ string ] [ ] DNSResolver ` json:",omitempty" `
2020-08-24 17:27:21 -04:00
// Domains are the search domains to use.
2021-04-08 01:35:14 -07:00
// Search domains must be FQDNs, but *without* the trailing dot.
2020-08-24 17:27:21 -04:00
Domains [ ] string ` json:",omitempty" `
2021-04-08 01:35:14 -07:00
// Proxied turns on automatic resolution of hostnames for devices
// in the network map, aka MagicDNS.
// Despite the (legacy) name, does not necessarily cause request
// proxying to be enabled.
Proxied bool ` json:",omitempty" `
// The following fields are only set and used by
// MapRequest.Version >=9 and <14.
// Nameservers are the IP addresses of the nameservers to use.
Nameservers [ ] netaddr . IP ` json:",omitempty" `
2021-04-01 22:54:40 -07:00
// PerDomain is not set by the control server, and does nothing.
// TODO(danderson): revise DNS configuration to make this useful
// again.
2021-04-08 01:35:14 -07:00
PerDomain bool ` json:",omitempty" `
2020-07-31 16:27:09 -04:00
}
2021-03-04 20:54:44 -08:00
// PingRequest is a request to send an HTTP request to prove the
// long-polling client is still connected.
type PingRequest struct {
// URL is the URL to send a HEAD request to.
// It will be a unique URL each time. No auth headers are necessary.
URL string
// Log is whether to log about this ping in the success case.
// For failure cases, the client will log regardless.
Log bool ` json:",omitempty" `
}
2020-02-05 14:16:58 -08:00
type MapResponse struct {
2021-03-04 20:54:44 -08:00
// KeepAlive, if set, represents an empty message just to keep
// the connection alive. When true, all other fields except
// PingRequestURL are ignored.
KeepAlive bool ` json:",omitempty" `
// PingRequest, if non-empty, is a request to the client to
// prove it's still there by sending an HTTP request to the
// provided URL. No auth headers are necessary.
// PingRequest may be sent on any MapResponse (ones with
// KeepAlive true or false).
PingRequest * PingRequest ` json:",omitempty" `
2020-02-05 14:16:58 -08:00
// Networking
2020-07-31 16:27:09 -04:00
Node * Node
2020-08-07 20:44:04 -07:00
DERPMap * DERPMap ` json:",omitempty" ` // if non-empty, a change in the DERP map.
// Peers, if non-empty, is the complete list of peers.
// It will be set in the first MapResponse for a long-polled request/response.
2020-12-03 12:16:10 -08:00
// Subsequent responses will be delta-encoded if MapRequest.Version >= 5 and server
// chooses, in which case Peers will be nil or zero length.
2020-08-07 20:44:04 -07:00
// If Peers is non-empty, PeersChanged and PeersRemoved should
// be ignored (and should be empty).
// Peers is always returned sorted by Node.ID.
Peers [ ] * Node ` json:",omitempty" `
// PeersChanged are the Nodes (identified by their ID) that
// have changed or been added since the past update on the
2020-12-03 12:16:10 -08:00
// HTTP response. It's not used by the server if MapRequest.Version < 5.
2020-08-07 20:44:04 -07:00
// PeersChanged is always returned sorted by Node.ID.
PeersChanged [ ] * Node ` json:",omitempty" `
// PeersRemoved are the NodeIDs that are no longer in the peer list.
PeersRemoved [ ] NodeID ` json:",omitempty" `
2020-07-31 16:27:09 -04:00
2021-01-17 12:00:56 -08:00
// PeerSeenChange contains information on how to update peers' LastSeen
// times. If the value is false, the peer is gone. If the value is true,
// the LastSeen time is now. Absent means unchanged.
PeerSeenChange map [ NodeID ] bool ` json:",omitempty" `
2020-07-31 16:27:09 -04:00
// DNS is the same as DNSConfig.Nameservers.
2021-04-08 01:35:14 -07:00
// Only populated if MapRequest.Version < 9.
2020-12-24 12:33:55 -08:00
DNS [ ] netaddr . IP ` json:",omitempty" `
2021-01-05 10:37:15 -08:00
2021-04-08 01:35:14 -07:00
// SearchPaths is the old way to specify DNS search domains.
// Only populated if MapRequest.Version < 9.
2021-01-05 10:37:15 -08:00
SearchPaths [ ] string ` json:",omitempty" `
// DNSConfig contains the DNS settings for the client to use.
2020-07-31 16:27:09 -04:00
//
2021-01-05 10:37:15 -08:00
// TODO(bradfitz): make this a pointer and conditionally sent
// only if changed, like DERPMap, PacketFilter, etc. It's
// small, though.
DNSConfig DNSConfig ` json:",omitempty" `
2020-02-05 14:16:58 -08:00
2020-12-07 09:13:26 -08:00
// Domain is the name of the network that this node is
// in. It's either of the form "example.com" (for user
// foo@example.com, for multi-user networks) or
// "foo@gmail.com" (for siloed users on shared email
// providers). Its exact form should not be depended on; new
// forms are coming later.
Domain string
2021-01-11 17:24:32 -05:00
// CollectServices reports whether this node's Tailnet has
// requested that info about services be included in HostInfo.
2021-01-12 07:54:34 -08:00
// If unset, the most recent non-empty MapResponse value in
// the HTTP response stream is used.
CollectServices opt . Bool ` json:",omitempty" `
2021-01-11 17:24:32 -05:00
2020-12-07 09:13:26 -08:00
// PacketFilter are the firewall rules.
//
// For MapRequest.Version >= 6, a nil value means the most
// previously streamed non-nil MapResponse.PacketFilter within
// the same HTTP response. A non-nil but empty list always means
// no PacketFilter (that is, to block everything).
2020-04-30 01:49:17 -04:00
PacketFilter [ ] FilterRule
2020-12-07 09:13:26 -08:00
UserProfiles [ ] UserProfile // as of 1.1.541 (mapver 5): may be new or updated user profiles only
2020-04-07 22:24:06 -07:00
// Debug is normally nil, except for when the control server
// is setting debug settings on a node.
Debug * Debug ` json:",omitempty" `
}
// Debug are instructions from the control server to the client
// to adjust debug settings.
type Debug struct {
2020-06-12 10:12:35 -07:00
// LogHeapPprof controls whether the client should log
2020-04-07 22:24:06 -07:00
// its heap pprof data. Each true value sent from the server
// means that client should do one more log.
LogHeapPprof bool ` json:",omitempty" `
2020-06-12 10:12:35 -07:00
// LogHeapURL is the URL to POST its heap pprof to.
// Empty means to not log.
LogHeapURL string ` json:",omitempty" `
2020-06-25 14:19:12 -07:00
// ForceBackgroundSTUN controls whether magicsock should
// always do its background STUN queries (see magicsock's
// periodicReSTUN), regardless of inactivity.
ForceBackgroundSTUN bool ` json:",omitempty" `
2020-08-17 12:56:17 -07:00
// DERPRoute controls whether the DERP reverse path
// optimization (see Issue 150) should be enabled or
// disabled. The environment variable in magicsock is the
// highest priority (if set), then this (if set), then the
// binary default value.
DERPRoute opt . Bool ` json:",omitempty" `
2020-08-20 13:21:25 -07:00
// TrimWGConfig controls whether Tailscale does lazy, on-demand
// wireguard configuration of peers.
TrimWGConfig opt . Bool ` json:",omitempty" `
2020-11-10 10:31:07 -08:00
// DisableSubnetsIfPAC controls whether subnet routers should be
// disabled if WPAD is present on the network.
DisableSubnetsIfPAC opt . Bool ` json:",omitempty" `
2021-03-03 10:17:05 -08:00
// GoroutineDumpURL, if non-empty, requests that the client do
// a one-time dump of its active goroutines to the given URL.
GoroutineDumpURL string ` json:",omitempty" `
2020-02-05 14:16:58 -08:00
}
2020-06-18 19:32:55 -07:00
func ( k MachineKey ) String ( ) string { return fmt . Sprintf ( "mkey:%x" , k [ : ] ) }
func ( k MachineKey ) MarshalText ( ) ( [ ] byte , error ) { return keyMarshalText ( "mkey:" , k ) , nil }
2020-09-28 15:28:26 -07:00
func ( k MachineKey ) HexString ( ) string { return fmt . Sprintf ( "%x" , k [ : ] ) }
2020-06-18 19:32:55 -07:00
func ( k * MachineKey ) UnmarshalText ( text [ ] byte ) error { return keyUnmarshalText ( k [ : ] , "mkey:" , text ) }
2020-02-05 14:16:58 -08:00
2020-06-18 19:32:55 -07:00
func keyMarshalText ( prefix string , k [ 32 ] byte ) [ ] byte {
buf := bytes . NewBuffer ( make ( [ ] byte , 0 , len ( prefix ) + 64 ) )
fmt . Fprintf ( buf , "%s%x" , prefix , k [ : ] )
return buf . Bytes ( )
2020-02-05 14:16:58 -08:00
}
2020-06-18 19:32:55 -07:00
func keyUnmarshalText ( dst [ ] byte , prefix string , text [ ] byte ) error {
if len ( text ) < len ( prefix ) || string ( text [ : len ( prefix ) ] ) != prefix {
return fmt . Errorf ( "UnmarshalText: missing %q prefix" , prefix )
2020-02-05 14:16:58 -08:00
}
2020-06-18 19:32:55 -07:00
pub , err := key . NewPublicFromHexMem ( mem . B ( text [ len ( prefix ) : ] ) )
2020-02-05 14:16:58 -08:00
if err != nil {
2020-06-18 19:32:55 -07:00
return fmt . Errorf ( "UnmarshalText: after %q: %v" , prefix , err )
2020-02-05 14:16:58 -08:00
}
2020-06-18 19:32:55 -07:00
copy ( dst [ : ] , pub [ : ] )
2020-02-05 14:16:58 -08:00
return nil
}
2020-06-18 19:32:55 -07:00
func ( k NodeKey ) ShortString ( ) string { return ( key . Public ( k ) ) . ShortString ( ) }
2020-02-05 14:16:58 -08:00
2020-06-18 19:32:55 -07:00
func ( k NodeKey ) String ( ) string { return fmt . Sprintf ( "nodekey:%x" , k [ : ] ) }
func ( k NodeKey ) MarshalText ( ) ( [ ] byte , error ) { return keyMarshalText ( "nodekey:" , k ) , nil }
func ( k * NodeKey ) UnmarshalText ( text [ ] byte ) error { return keyUnmarshalText ( k [ : ] , "nodekey:" , text ) }
2020-02-05 14:16:58 -08:00
2020-06-18 19:32:55 -07:00
// IsZero reports whether k is the zero value.
func ( k NodeKey ) IsZero ( ) bool { return k == NodeKey { } }
2020-02-05 14:16:58 -08:00
2020-09-21 12:19:24 -07:00
// IsZero reports whether k is the zero value.
func ( k MachineKey ) IsZero ( ) bool { return k == MachineKey { } }
2020-06-18 19:32:55 -07:00
func ( k DiscoKey ) String ( ) string { return fmt . Sprintf ( "discokey:%x" , k [ : ] ) }
func ( k DiscoKey ) MarshalText ( ) ( [ ] byte , error ) { return keyMarshalText ( "discokey:" , k ) , nil }
func ( k * DiscoKey ) UnmarshalText ( text [ ] byte ) error { return keyUnmarshalText ( k [ : ] , "discokey:" , text ) }
2020-07-02 10:48:13 -07:00
func ( k DiscoKey ) ShortString ( ) string { return fmt . Sprintf ( "d:%x" , k [ : 8 ] ) }
2020-02-05 14:16:58 -08:00
2020-06-18 19:32:55 -07:00
// IsZero reports whether k is the zero value.
func ( k DiscoKey ) IsZero ( ) bool { return k == DiscoKey { } }
2020-02-05 14:16:58 -08:00
2021-04-01 14:03:34 -07:00
func ( id ID ) String ( ) string { return fmt . Sprintf ( "id:%x" , int64 ( id ) ) }
func ( id UserID ) String ( ) string { return fmt . Sprintf ( "userid:%x" , int64 ( id ) ) }
func ( id LoginID ) String ( ) string { return fmt . Sprintf ( "loginid:%x" , int64 ( id ) ) }
func ( id NodeID ) String ( ) string { return fmt . Sprintf ( "nodeid:%x" , int64 ( id ) ) }
2020-02-05 14:16:58 -08:00
2020-02-15 22:23:58 -08:00
// Equal reports whether n and n2 are equal.
2020-02-05 14:16:58 -08:00
func ( n * Node ) Equal ( n2 * Node ) bool {
2020-02-15 22:23:58 -08:00
if n == nil && n2 == nil {
return true
2020-02-05 14:16:58 -08:00
}
2020-02-15 22:23:58 -08:00
return n != nil && n2 != nil &&
n . ID == n2 . ID &&
2021-01-20 18:34:50 -08:00
n . StableID == n2 . StableID &&
2020-02-15 22:23:58 -08:00
n . Name == n2 . Name &&
n . User == n2 . User &&
2021-01-05 13:52:33 -08:00
n . Sharer == n2 . Sharer &&
2020-02-15 22:23:58 -08:00
n . Key == n2 . Key &&
n . KeyExpiry . Equal ( n2 . KeyExpiry ) &&
n . Machine == n2 . Machine &&
2020-06-18 19:32:55 -07:00
n . DiscoKey == n2 . DiscoKey &&
2020-07-23 10:41:54 -07:00
eqCIDRs ( n . Addresses , n2 . Addresses ) &&
eqCIDRs ( n . AllowedIPs , n2 . AllowedIPs ) &&
eqStrings ( n . Endpoints , n2 . Endpoints ) &&
2020-08-10 19:45:20 -07:00
n . DERP == n2 . DERP &&
2020-07-23 10:41:54 -07:00
n . Hostinfo . Equal ( & n2 . Hostinfo ) &&
2020-02-15 22:23:58 -08:00
n . Created . Equal ( n2 . Created ) &&
2020-07-23 10:41:54 -07:00
eqTimePtr ( n . LastSeen , n2 . LastSeen ) &&
2021-01-27 11:50:31 -05:00
n . MachineAuthorized == n2 . MachineAuthorized &&
2021-04-01 14:03:34 -07:00
eqStrings ( n . Capabilities , n2 . Capabilities ) &&
2021-01-27 11:50:31 -05:00
n . ComputedName == n2 . ComputedName &&
n . computedHostIfDifferent == n2 . computedHostIfDifferent &&
n . ComputedNameWithHost == n2 . ComputedNameWithHost
2020-02-05 14:16:58 -08:00
}
2020-07-23 10:41:54 -07:00
func eqStrings ( a , b [ ] string ) bool {
if len ( a ) != len ( b ) || ( ( a == nil ) != ( b == nil ) ) {
return false
}
for i , v := range a {
if v != b [ i ] {
return false
}
}
return true
}
2020-12-24 12:33:55 -08:00
func eqCIDRs ( a , b [ ] netaddr . IPPrefix ) bool {
2020-07-23 10:41:54 -07:00
if len ( a ) != len ( b ) || ( ( a == nil ) != ( b == nil ) ) {
return false
}
for i , v := range a {
if v != b [ i ] {
return false
}
}
return true
}
func eqTimePtr ( a , b * time . Time ) bool {
return ( ( a == nil ) == ( b == nil ) ) && ( a == nil || a . Equal ( * b ) )
}
2021-01-28 15:29:17 -08:00
// WhoIsResponse is the JSON type returned by tailscaled debug server's /whois?ip=$IP handler.
type WhoIsResponse struct {
Node * Node
UserProfile * UserProfile
}
2021-03-19 10:21:33 -07:00
// Oauth2Token is a copy of golang.org/x/oauth2.Token, to avoid the
// go.mod dependency on App Engine and grpc, which was causing problems.
// All we actually needed was this struct on the client side.
type Oauth2Token struct {
// AccessToken is the token that authorizes and authenticates
// the requests.
AccessToken string ` json:"access_token" `
// TokenType is the type of token.
// The Type method returns either this or "Bearer", the default.
TokenType string ` json:"token_type,omitempty" `
// RefreshToken is a token that's used by the application
// (as opposed to the user) to refresh the access token
// if it expires.
RefreshToken string ` json:"refresh_token,omitempty" `
// Expiry is the optional expiration time of the access token.
//
// If zero, TokenSource implementations will reuse the same
// token forever and RefreshToken or equivalent
// mechanisms for that TokenSource will not be used.
Expiry time . Time ` json:"expiry,omitempty" `
}