Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement TS2021 protocol in headscale #738

Merged
merged 77 commits into from
Aug 21, 2022
Merged

Implement TS2021 protocol in headscale #738

merged 77 commits into from
Aug 21, 2022

Conversation

juanfont
Copy link
Owner

This PR adds full support for TS2021, the new control protocol of Tailscale. For reference, see #526.

T2021 prefers to run over http, to avoid double encryption. Currently, any port is supported for http. However, for https only tcp/443 works. tailscale/tailscale#4323 is open in upstream to change that.

juanfont added 30 commits August 13, 2022 11:14
@juanfont
Generate and read the Noise private key
6e8e2bf
@juanfont
Added support for Noise clients in /key handler
3e8f0e9
@juanfont
Make private key errors constants
014e7ab
@juanfont
Added Noise upgrade handler and Noise mux
b261d19
@juanfont
Add noise mux and Noise path to base router
be24bac
@juanfont
Added helper method to fetch machines by any nodekey + tests
fdd0c50
@juanfont
Add registration handler over Noise protocol
1880035
@juanfont
updated paths
c7cea9e
@juanfont
Merge branch 'main' into hs2021-v2
7a91c82
@juanfont
Move getMapResponse into reusable function by TS2019 and TS2021
39b85b0
@juanfont
Fixed some linting errors
9994fce
@juanfont
Update integration tests to work with Noise protocol
281ae59
@juanfont
Output an error when a user runs headscale without noise_private_key_…
ade1b73 
…path defined
@juanfont
Some linting fixes
3bea208
@juanfont
And more linting stuff
eb8d8f1
@juanfont
Check json encoder errors
20d2615
@juanfont
Merge branch 'main' into hs2021-v2
b67cff5
@juanfont
Move reusable method to common api file
ff46f3f
@juanfont
Fixed unit tests to load config
cab828c
@juanfont
Minor update in docs
78a179c
@juanfont
Added zstd constant for linting
0d0042b
@juanfont
Added noise poll handler
c10142f
@juanfont
Merge branch 'main' into hs2021-v2
1f3032a
@juanfont
Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale int…
b301405 
…o hs2021-v2
@juanfont
Updated go.mod checksum
0f09e19
@juanfont
Minor change in router
aaa33cf
@juanfont
Support for Noise machines in getPeers
ab18c72
@juanfont
Fixes in Noise poll (clients should work now)
e640c6d
@juanfont
Move common parts of the protocol to dedicated file
d0898ec
@juanfont
Added file for legacy protocol
db89fde
@juanfont juanfont marked this pull request as ready for review August 18, 2022 18:01
@juanfont juanfont requested a review from kradalby as a code owner August 18, 2022 18:01
kradalby
kradalby reviewed Aug 18, 2022
View reviewed changes
Copy link
Collaborator

@kradalby kradalby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This the first round, need to look more careful another few times.

Some comments might have already been outdated as I went through the code, but there are so many that I lost my overview.

app.go Show resolved Hide resolved
config-example.yaml Outdated Show resolved Hide resolved
api.go Outdated Show resolved Hide resolved
noise.go Outdated Show resolved Hide resolved
noise.go Outdated Show resolved Hide resolved
cmd/headscale/headscale_test.go Outdated Show resolved Hide resolved
utils.go
@@ -59,6 +59,8 @@ const (
privateHexPrefix = "privkey:"

PermissionFallback = 0o700

ZstdCompression = "zstd"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would this be more appropriate as "Compression"? as in, it is the compression used.

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But this can change, as the compression the node requests comes in MapRequest

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, exactly, if it changes, we dont have to rename the variable and the value, only the value?

noise_poll.go Outdated Show resolved Hide resolved
machine.go Outdated Show resolved Hide resolved
noise.go Outdated Show resolved Hide resolved
juanfont and others added 20 commits August 18, 2022 21:33
@juanfont @kradalby
Update noise.go
9d430d3 
Co-authored-by: Kristoffer Dalby <[email protected]>
@juanfont
Expanded response marshal methods to support legacy and Noise
a87a963
@juanfont
Make legacy protocol use common methods for client registration
e2bffd4
@juanfont
Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale int…
a33b5a5 
…o hs2021-v2
@juanfont
Removed unused method
43ad0d4
@juanfont
Fixed minor linting things
b6e3cd8
@juanfont
Merge branch 'main' into hs2021-v2
e43713a
@juanfont
Use common core for noise registration
c894db3
@juanfont
Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale int…
922b8b5 
…o hs2021-v2
@juanfont @kradalby
Move comment up
2f55413 
Co-authored-by: Kristoffer Dalby <[email protected]>
@juanfont
Use upstream AcceptHTTP for the Noise upgrade
e9906b5
@juanfont
Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale int…
6aec520 
…o hs2021-v2
@juanfont
Updated dependencies
04e4fa7
@juanfont
Update flake.nix sum
175dfa1
@juanfont
Clarified why we have a different key
f0a8a28
@juanfont
Integrate expiration fixes (#754) in TS2021 branch
e20e818
@juanfont
Noise private key now a nested field in config
4424a9a
@juanfont
Added missing files
71d22dc
@juanfont
Merge branch 'main' into hs2021-v2
3ab1487
@juanfont
Added line in CHANGELOG
4aafe6c
kradalby
kradalby approved these changes Aug 21, 2022
View reviewed changes
protocol_common.go
// It is used both by the legacy and the new Noise protocol.
// When using Noise, the machineKey is Zero.
//
// TODO: check if any locks are needed around IP allocation.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this TODO is outdated

@juanfont juanfont merged commit 84a5edf into main Aug 21, 2022
@juanfont juanfont deleted the hs2021-v2 branch August 21, 2022 14:02
Misterio77 added a commit to Misterio77/nixpkgs that referenced this pull request Nov 30, 2022
@Misterio77
nixos/headscale: update options for 0.17.0
4c1954c 
- logLevel was removed in favor of settings.log.level (juanfont/headscale#768)
- a noisePrivateKey option was added as it is now a required setting for
  headscale to run. The legacy privateKey should be deprecated in the
  future. (juanfont/headscale#738)
@Misterio77 Misterio77 mentioned this pull request Nov 30, 2022
Closed
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@restanrm restanrm restanrm left review comments

@kradalby kradalby kradalby approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@juanfont @kradalby @restanrm