headscale/hscontrol/mapper/tail.go

154 lines
3.6 KiB
Go
Raw Normal View History

package mapper
import (
"fmt"
"net/netip"
"time"
"github.com/juanfont/headscale/hscontrol/policy"
"github.com/juanfont/headscale/hscontrol/types"
"github.com/samber/lo"
"tailscale.com/tailcfg"
)
func tailNodes(
2023-09-24 07:42:05 -04:00
nodes types.Nodes,
capVer tailcfg.CapabilityVersion,
pol *policy.ACLPolicy,
cfg *types.Config,
) ([]*tailcfg.Node, error) {
2023-09-24 07:42:05 -04:00
tNodes := make([]*tailcfg.Node, len(nodes))
2023-09-24 07:42:05 -04:00
for index, node := range nodes {
node, err := tailNode(
2023-09-24 07:42:05 -04:00
node,
capVer,
pol,
cfg,
)
if err != nil {
return nil, err
}
2023-09-24 07:42:05 -04:00
tNodes[index] = node
}
2023-09-24 07:42:05 -04:00
return tNodes, nil
}
2023-09-24 07:42:05 -04:00
// tailNode converts a Node into a Tailscale Node. includeRoutes is false for shared nodes
// as per the expected behaviour in the official SaaS.
func tailNode(
2023-09-24 07:42:05 -04:00
node *types.Node,
capVer tailcfg.CapabilityVersion,
pol *policy.ACLPolicy,
cfg *types.Config,
) (*tailcfg.Node, error) {
addrs := node.Prefixes()
allowedIPs := append(
[]netip.Prefix{},
addrs...) // we append the node own IP, as it is required by the clients
primaryPrefixes := []netip.Prefix{}
2023-09-24 07:42:05 -04:00
for _, route := range node.Routes {
if route.Enabled {
if route.IsPrimary {
allowedIPs = append(allowedIPs, netip.Prefix(route.Prefix))
primaryPrefixes = append(primaryPrefixes, netip.Prefix(route.Prefix))
} else if route.IsExitRoute() {
allowedIPs = append(allowedIPs, netip.Prefix(route.Prefix))
}
}
}
var derp string
if node.Hostinfo != nil && node.Hostinfo.NetInfo != nil {
derp = fmt.Sprintf("127.3.3.40:%d", node.Hostinfo.NetInfo.PreferredDERP)
} else {
derp = "127.3.3.40:0" // Zero means disconnected or unknown.
}
var keyExpiry time.Time
2023-09-24 07:42:05 -04:00
if node.Expiry != nil {
keyExpiry = *node.Expiry
} else {
keyExpiry = time.Time{}
}
hostname, err := node.GetFQDN(cfg, cfg.BaseDomain)
if err != nil {
return nil, fmt.Errorf("tailNode, failed to create FQDN: %s", err)
}
2023-09-24 07:42:05 -04:00
tags, _ := pol.TagsOfNode(node)
tags = lo.Uniq(append(tags, node.ForcedTags...))
2023-09-24 07:42:05 -04:00
tNode := tailcfg.Node{
ID: tailcfg.NodeID(node.ID), // this is the actual ID
StableID: node.ID.StableID(),
Name: hostname,
Cap: capVer,
2023-09-24 07:42:05 -04:00
User: tailcfg.UserID(node.UserID),
Key: node.NodeKey,
KeyExpiry: keyExpiry,
Machine: node.MachineKey,
DiscoKey: node.DiscoKey,
Addresses: addrs,
AllowedIPs: allowedIPs,
Endpoints: node.Endpoints,
DERP: derp,
Hostinfo: node.Hostinfo.View(),
2023-09-24 07:42:05 -04:00
Created: node.CreatedAt,
Online: node.IsOnline,
Tags: tags,
PrimaryRoutes: primaryPrefixes,
2023-09-24 07:42:05 -04:00
MachineAuthorized: !node.IsExpired(),
Expired: node.IsExpired(),
}
// - 74: 2023-09-18: Client understands NodeCapMap
if capVer >= 74 {
tNode.CapMap = tailcfg.NodeCapMap{
tailcfg.CapabilityFileSharing: []tailcfg.RawMessage{},
tailcfg.CapabilityAdmin: []tailcfg.RawMessage{},
tailcfg.CapabilitySSH: []tailcfg.RawMessage{},
}
if cfg.RandomizeClientPort {
tNode.CapMap[tailcfg.NodeAttrRandomizeClientPort] = []tailcfg.RawMessage{}
}
} else {
tNode.Capabilities = []tailcfg.NodeCapability{
tailcfg.CapabilityFileSharing,
tailcfg.CapabilityAdmin,
tailcfg.CapabilitySSH,
}
if cfg.RandomizeClientPort {
tNode.Capabilities = append(tNode.Capabilities, tailcfg.NodeAttrRandomizeClientPort)
}
}
// - 72: 2023-08-23: TS-2023-006 UPnP issue fixed; UPnP can now be used again
if capVer < 72 {
tNode.Capabilities = append(tNode.Capabilities, tailcfg.NodeAttrDisableUPnP)
}
if node.IsOnline == nil || !*node.IsOnline {
// LastSeen is only set when node is
// not connected to the control server.
tNode.LastSeen = node.LastSeen
}
2023-09-24 07:42:05 -04:00
return &tNode, nil
}