MyFavMirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2025-11-09 21:49:39 -05:00
Code Issues Packages Projects Releases Wiki Activity

poll: use nodeview everywhere

Browse Source 
There was a bug in HA subnet router handover where we used stale node data
from the longpoll session that we handed to Connect. This meant that we got
some odd behaviour where routes would not be deactivated correctly.

This commit changes to the nodeview is used through out, and we load the
current node to be updated in the write path and then handle it all there
to be consistent.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby
2025-07-08 09:49:05 +02:00
committed by Kristoffer Dalby
parent 4a8d2d9ed3
commit b904276f2b
4 changed files with 176 additions and 117 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
hscontrol/noise.go
View File

@@ -213,15 +213,15 @@ func (ns *noiseServer) NoisePollNetMapHandler(
return
}
node, err := ns.getAndValidateNode(mapRequest)
nv, err := ns.getAndValidateNode(mapRequest)
if err != nil {
httpError(writer, err)
return
}
ns.nodeKey = node.NodeKey
ns.nodeKey = nv.NodeKey()
sess := ns.headscale.newMapSession(req.Context(), mapRequest, writer, node)
sess := ns.headscale.newMapSession(req.Context(), mapRequest, writer, nv)
sess.tracef("a node sending a MapRequest with Noise protocol")
if !sess.isStreaming() {
sess.serve()
@@ -292,19 +292,19 @@ func (ns *noiseServer) NoiseRegistrationHandler(
// getAndValidateNode retrieves the node from the database using the NodeKey
// and validates that it matches the MachineKey from the Noise session.
func (ns *noiseServer) getAndValidateNode(mapRequest tailcfg.MapRequest) (*types.Node, error) {
node, err := ns.headscale.state.GetNodeByNodeKey(mapRequest.NodeKey)
func (ns *noiseServer) getAndValidateNode(mapRequest tailcfg.MapRequest) (types.NodeView, error) {
nv, err := ns.headscale.state.GetNodeViewByNodeKey(mapRequest.NodeKey)
if err != nil {
if errors.Is(err, gorm.ErrRecordNotFound) {
return nil, NewHTTPError(http.StatusNotFound, "node not found", nil)
return types.NodeView{}, NewHTTPError(http.StatusNotFound, "node not found", nil)
}
return nil, err
return types.NodeView{}, err
}
// Validate that the MachineKey in the Noise session matches the one associated with the NodeKey.
if ns.machineKey != node.MachineKey {
return nil, NewHTTPError(http.StatusNotFound, "node key in request does not match the one associated with this machine key", nil)
if ns.machineKey != nv.MachineKey() {
return types.NodeView{}, NewHTTPError(http.StatusNotFound, "node key in request does not match the one associated with this machine key", nil)
}
return node, nil
return nv, nil
}