diff options
Diffstat (limited to 'control/controlclient')
| -rw-r--r-- | control/controlclient/direct.go | 26 | ||||
| -rw-r--r-- | control/controlclient/netmap.go | 10 |
2 files changed, 28 insertions, 8 deletions
diff --git a/control/controlclient/direct.go b/control/controlclient/direct.go index a541f00bd..e5d69e373 100644 --- a/control/controlclient/direct.go +++ b/control/controlclient/direct.go @@ -30,6 +30,7 @@ import ( "github.com/tailscale/wireguard-go/wgcfg" "golang.org/x/crypto/nacl/box" "golang.org/x/oauth2" + "inet.af/netaddr" "tailscale.com/log/logheap" "tailscale.com/net/netns" "tailscale.com/net/tlsdial" @@ -638,8 +639,7 @@ func (c *Direct) PollNetMap(ctx context.Context, maxPolls int, cb func(*NetworkM UserProfiles: make(map[tailcfg.UserID]tailcfg.UserProfile), Domain: resp.Domain, Roles: resp.Roles, - DNS: resp.DNS, - DNSDomains: resp.SearchPaths, + DNS: resp.DNSConfig, Hostinfo: resp.Node.Hostinfo, PacketFilter: c.parsePacketFilter(resp.PacketFilter), DERPMap: lastDERPMap, @@ -653,6 +653,15 @@ func (c *Direct) PollNetMap(ctx context.Context, maxPolls int, cb func(*NetworkM } else { nm.MachineStatus = tailcfg.MachineUnauthorized } + if len(resp.DNS) > 0 { + nm.DNS.Nameservers = wgIPToNetaddr(resp.DNS) + } + if len(resp.SearchPaths) > 0 { + nm.DNS.Domains = resp.SearchPaths + } + if Debug.ProxyDNS { + nm.DNS.Proxied = true + } // Printing the netmap can be extremely verbose, but is very // handy for debugging. Let's limit how often we do it. @@ -792,12 +801,24 @@ func loadServerKey(ctx context.Context, httpc *http.Client, serverURL string) (w return key, nil } +func wgIPToNetaddr(ips []wgcfg.IP) (ret []netaddr.IP) { + for _, ip := range ips { + nip, ok := netaddr.FromStdIP(ip.IP()) + if !ok { + panic(fmt.Sprintf("conversion of %s from wgcfg to netaddr IP failed", ip)) + } + ret = append(ret, nip.Unmap()) + } + return ret +} + // Debug contains temporary internal-only debug knobs. // They're unexported to not draw attention to them. var Debug = initDebug() type debug struct { NetMap bool + ProxyDNS bool OnlyDisco bool Disco bool ForceDisco bool // ask control server to not filter out our disco key @@ -806,6 +827,7 @@ type debug struct { func initDebug() debug { d := debug{ NetMap: envBool("TS_DEBUG_NETMAP"), + ProxyDNS: envBool("TS_DEBUG_PROXY_DNS"), OnlyDisco: os.Getenv("TS_DEBUG_USE_DISCO") == "only", ForceDisco: os.Getenv("TS_DEBUG_USE_DISCO") == "only" || envBool("TS_DEBUG_USE_DISCO"), } diff --git a/control/controlclient/netmap.go b/control/controlclient/netmap.go index 872954030..1ef0bb12f 100644 --- a/control/controlclient/netmap.go +++ b/control/controlclient/netmap.go @@ -32,8 +32,7 @@ type NetworkMap struct { LocalPort uint16 // used for debugging MachineStatus tailcfg.MachineStatus Peers []*tailcfg.Node // sorted by Node.ID - DNS []wgcfg.IP - DNSDomains []string + DNS tailcfg.DNSConfig Hostinfo tailcfg.Hostinfo PacketFilter filter.Matches @@ -219,8 +218,8 @@ const ( // TODO(bradfitz): UAPI seems to only be used by the old confnode and // pingnode; delete this when those are deleted/rewritten? -func (nm *NetworkMap) UAPI(flags WGConfigFlags, dnsOverride []wgcfg.IP) string { - wgcfg, err := nm.WGCfg(log.Printf, flags, dnsOverride) +func (nm *NetworkMap) UAPI(flags WGConfigFlags) string { + wgcfg, err := nm.WGCfg(log.Printf, flags) if err != nil { log.Fatalf("WGCfg() failed unexpectedly: %v", err) } @@ -237,13 +236,12 @@ func (nm *NetworkMap) UAPI(flags WGConfigFlags, dnsOverride []wgcfg.IP) string { const EndpointDiscoSuffix = ".disco.tailscale:12345" // WGCfg returns the NetworkMaps's Wireguard configuration. -func (nm *NetworkMap) WGCfg(logf logger.Logf, flags WGConfigFlags, dnsOverride []wgcfg.IP) (*wgcfg.Config, error) { +func (nm *NetworkMap) WGCfg(logf logger.Logf, flags WGConfigFlags) (*wgcfg.Config, error) { cfg := &wgcfg.Config{ Name: "tailscale", PrivateKey: nm.PrivateKey, Addresses: nm.Addresses, ListenPort: nm.LocalPort, - DNS: append([]wgcfg.IP(nil), dnsOverride...), Peers: make([]wgcfg.Peer, 0, len(nm.Peers)), } |