735b185e7f
use IPSet in acls instead of string slice
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
644be822d5
move matcher to separate file
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
56b63c6e10
use netipx.IPSet for matcher
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
10320a5f1f
lint and nolint tailscale borrowed func
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
ecd62fb785
remove terrible filter code
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
889d5a1b29
testing without that horrible filtercode
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
1700a747f6
outline tests for full filter generate
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
200e3b88cc
make generateFilterRule a pol struct func
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
5bbbe437df
clear up the acl function naming
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
6de53e2f8d
simplify expandAlias function, move seperate logic out
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-05-03 18:43:57 +02:00
d0113732fe
optimize generateACLPeerCacheMap ( #1377 )
2023-04-26 06:02:54 +02:00
5e74ca9414
Fix IPv6 in ACLs ( #1339 )
2023-04-16 12:26:35 +02:00
dfc5d861c7
Fix CIDR calculation in expandACLPeerAddr
2023-04-05 09:44:46 +02:00
ceeef40cdf
Add tests to verify "Hosts" aliases in ACL ( #1304 )
2023-04-03 10:08:48 +02:00
c7b459b615
Fix issue where ACL * would filter out returning connections ( #1279 )
2023-03-27 19:19:32 +02:00
a5562850a7
MapResponse optimalisations, peer list integration tests ( #1254 )
...
Co-authored-by: Allen <979347228@qq.com>
2023-03-06 17:50:26 +01:00
83a538cc95
Rename IP specific function, add missing test case
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 15:56:38 +01:00
e3a2593344
Rename [Nn]amespace -> [Uu]ser in go code
...
Use gopls, ag and perl to rename all occurances of Namespace
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
6c2d6fa302
Do not explicitly set the protocols when ommited in ACL
2022-12-05 21:45:18 +01:00
54f701ff92
generateACLPolicy() no longer a Headscale method
2022-12-03 15:43:40 +01:00
c02e105065
Mark the flag properly experimental
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
c6d31747f7
Add feature flag for SSH, and warning
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
52a323b90d
Add SSH capability advertisement
...
Advertises the SSH capability, and parses the SSH ACLs to pass to the
tailscale client. Doesn’t support ‘autogroup’ ACL functionality.
Co-authored-by: Daniel Brooks <db48x@headline.com>
2022-11-26 11:53:31 +01:00
198e92c08f
Remove dependency on netaddr
2022-09-03 23:46:14 +02:00
1e7b57e513
Minor fix to linting issue introduced in #707
2022-08-11 14:12:45 +02:00
79688e6187
chore(all): apply formater
2022-08-04 10:47:00 +02:00
babf9470c2
fix(acl): fix issue with groups in excludeCorretlyTaggedNodes
...
This commit fix issue #563
2022-08-04 10:42:47 +02:00
10cd87e5a2
Lint fixes 1/n
2022-06-26 11:43:17 +02:00
735a6aaa39
Use const for IANA protcol numbers
2022-06-11 14:09:08 +02:00
8287ba24b9
Do not lint the protocol magic numbers
...
I happily use https://pkg.go.dev/golang.org/x/net/internal/iana , but it is internal
2022-06-08 17:55:32 +02:00
ab1aac9f3e
Improve ACLs by adding protocol parsing support
2022-06-08 17:43:59 +02:00
3e353004b8
Migrate ACLs syntax to new Tailscale format
...
Implements #617 .
Tailscale has changed the format of their ACLs to use a more firewall-y terms ("users" & "ports" -> "src" & "dst"). They have also started using all-lowercase tags. This PR applies these changes.
2022-06-08 13:40:15 +02:00
6dccfee862
Fix forced Tags with legitimate tagOwners
...
Also replace loops contains
2022-06-01 15:43:32 +02:00
4435a4f19d
chore: apply lint recommendations
2022-05-16 14:59:46 +02:00
8061abe279
refact: use generics for contains functions
2022-04-25 22:17:23 +02:00
b9fee36f6e
fix: linting
2022-04-21 23:56:58 +02:00
98f54c9f7f
chore: apply format and lint
2022-04-15 18:27:57 +02:00
cd1d10761f
feat(acls): add support for forced tags
2022-04-15 18:01:13 +02:00
41efe98953
fix: apply fmt and fix missing name changes
2022-03-07 23:20:30 +01:00
1114449601
change: update name of method to check and normalize Domain name
2022-03-06 20:46:17 +01:00
6f172a6e4c
fix(acls): remove dead error code
2022-03-03 23:53:08 +01:00
4a4952899b
feat(acls): add some logs and skip error
...
logs looks like the following
```
2022-03-02T20:43:08Z DBG Expanding alias=app-test
2022-03-02T20:43:08Z DBG Expanding alias=kube-test
2022-03-02T20:43:08Z DBG Expanding alias=test
2022-03-02T20:43:08Z WRN No IPs found with the alias test
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
```
2022-03-02 21:54:43 +01:00
c80e364f02
Remove always nil error
2022-03-02 08:15:14 +00:00
5b169010be
Resolve merge conflict
2022-03-02 08:11:50 +00:00
a455a874ad
feat(acls): normalize the group name
2022-03-01 21:10:52 +01:00
6477e6a583
Use new machine types
2022-03-01 16:34:24 +00:00
8a3a0b6403
Add YAML support to ACLs
2022-02-27 09:04:48 +01:00
e03b3d558f
Remove boundries between namespaces
2022-02-25 10:26:34 +01:00
50af44bc2f
fix: add error checking in acl and poll
...
If aclPolicy is not defined, in updateAclPolicy, return an error.
2022-02-21 20:06:31 +01:00
d00251c63e
fix(acls,machines): apply code review suggestions
2022-02-20 21:26:20 +01:00
Kristoffer Dalby
Philipp Krivanec
Kristoffer Dalby
Juan Font
Even Holthe
Adrien Raffin-Caboisse
Anton Schubert
Kristoffer Dalby