Update packetfilter when peers change
Previously we did not update the packet filter when nodes changed, which would cause new nodes to be missing from packet filters of old nodes. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
parent
a8079a2096
commit
3b0749a320
2 changed files with 28 additions and 13 deletions
|
@ -382,28 +382,31 @@ func (m *Mapper) DERPMapResponse(
|
||||||
func (m *Mapper) PeerChangedResponse(
|
func (m *Mapper) PeerChangedResponse(
|
||||||
mapRequest tailcfg.MapRequest,
|
mapRequest tailcfg.MapRequest,
|
||||||
machine *types.Machine,
|
machine *types.Machine,
|
||||||
machineKeys []uint64,
|
machineIDs []uint64,
|
||||||
pol *policy.ACLPolicy,
|
pol *policy.ACLPolicy,
|
||||||
) ([]byte, error) {
|
) ([]byte, error) {
|
||||||
var err error
|
var err error
|
||||||
changed := make(types.Machines, len(machineKeys))
|
changed := make(types.Machines, len(machineIDs))
|
||||||
lastSeen := make(map[tailcfg.NodeID]bool)
|
lastSeen := make(map[tailcfg.NodeID]bool)
|
||||||
for idx, machineKey := range machineKeys {
|
|
||||||
peer, err := m.db.GetMachineByID(machineKey)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
changed[idx] = *peer
|
peersList, err := m.db.ListPeers(machine)
|
||||||
|
if err != nil {
|
||||||
// We have just seen the node, let the peers update their list.
|
return nil, err
|
||||||
lastSeen[tailcfg.NodeID(peer.ID)] = true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
rules, _, err := policy.GenerateFilterAndSSHRules(
|
peers := peersList.IDMap()
|
||||||
|
|
||||||
|
for idx, machineID := range machineIDs {
|
||||||
|
changed[idx] = peers[machineID]
|
||||||
|
|
||||||
|
// We have just seen the node, let the peers update their list.
|
||||||
|
lastSeen[tailcfg.NodeID(machineID)] = true
|
||||||
|
}
|
||||||
|
|
||||||
|
rules, sshPolicy, err := policy.GenerateFilterAndSSHRules(
|
||||||
pol,
|
pol,
|
||||||
machine,
|
machine,
|
||||||
changed,
|
peersList,
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -434,6 +437,8 @@ func (m *Mapper) PeerChangedResponse(
|
||||||
|
|
||||||
resp := m.baseMapResponse(machine)
|
resp := m.baseMapResponse(machine)
|
||||||
resp.PeersChanged = tailPeers
|
resp.PeersChanged = tailPeers
|
||||||
|
resp.PacketFilter = policy.ReduceFilterRules(machine, rules)
|
||||||
|
resp.SSHPolicy = sshPolicy
|
||||||
// resp.PeerSeenChange = lastSeen
|
// resp.PeerSeenChange = lastSeen
|
||||||
|
|
||||||
return m.marshalMapResponse(mapRequest, &resp, machine, mapRequest.Compress)
|
return m.marshalMapResponse(mapRequest, &resp, machine, mapRequest.Compress)
|
||||||
|
|
|
@ -353,3 +353,13 @@ func (machines MachinesP) String() string {
|
||||||
|
|
||||||
return fmt.Sprintf("[ %s ](%d)", strings.Join(temp, ", "), len(temp))
|
return fmt.Sprintf("[ %s ](%d)", strings.Join(temp, ", "), len(temp))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (machines Machines) IDMap() map[uint64]Machine {
|
||||||
|
ret := map[uint64]Machine{}
|
||||||
|
|
||||||
|
for _, machine := range machines {
|
||||||
|
ret[machine.ID] = machine
|
||||||
|
}
|
||||||
|
|
||||||
|
return ret
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue