posture: add network hardware addresses to posture identity

If an optional `hwaddrs` URL parameter is present, add network interface hardware addresses to the posture identity response. Just like with serial numbers, this requires client opt-in via MDM or `tailscale set --posture-checking=true` (https://tailscale.com/kb/1326/device-identity) Updates tailscale/corp#21371 Signed-off-by: Anton Tolchanov <anton@tailscale.com>
2025-08-22 02:50:42 +00:00 · 2024-07-03 16:30:48 +01:00
parent b546a6e758
commit 874972b683
3 changed files with 44 additions and 5 deletions
--- a/posture/hwaddr.go
+++ b/posture/hwaddr.go
@@ -0,0 +1,26 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+package posture
+
+import (
+	"net/netip"
+	"slices"
+
+	"tailscale.com/net/netmon"
+)
+
+// GetHardwareAddrs returns the hardware addresses of all non-loopback
+// network interfaces.
+func GetHardwareAddrs() (hwaddrs []string, err error) {
+	err = netmon.ForeachInterface(func(i netmon.Interface, _ []netip.Prefix) {
+		if i.IsLoopback() {
+			return
+		}
+		if a := i.HardwareAddr.String(); a != "" {
+			hwaddrs = append(hwaddrs, a)
+		}
+	})
+	slices.Sort(hwaddrs)
+	return
+}