From b3cf5289f894009c2a040d31f28da144729fca4e Mon Sep 17 00:00:00 2001 From: Juan Font Alonso Date: Mon, 15 Aug 2022 23:35:06 +0200 Subject: [PATCH] Use CapVer to offer Noise only to supported clients --- api.go | 6 ------ protocol_common.go | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/api.go b/api.go index ab8c2a87..56ca3db6 100644 --- a/api.go +++ b/api.go @@ -25,12 +25,6 @@ const ( ErrRegisterMethodCLIDoesNotSupportExpire = Error( "machines registered with CLI does not support expire", ) - - // The CapabilityVersion is used by Tailscale clients to indicate - // their codebase version. Tailscale clients can communicate over TS2021 - // from CapabilityVersion 28. - // See https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go - NoiseCapabilityVersion = 28 ) func (h *Headscale) HealthHandler( diff --git a/protocol_common.go b/protocol_common.go index c8eab80e..e196c3ee 100644 --- a/protocol_common.go +++ b/protocol_common.go @@ -9,6 +9,19 @@ import ( "tailscale.com/tailcfg" ) +const ( + // The CapabilityVersion is used by Tailscale clients to indicate + // their codebase version. Tailscale clients can communicate over TS2021 + // from CapabilityVersion 28, but we only have good support for it + // since https://github.com/tailscale/tailscale/pull/4323 (Noise in any HTTPS port). + // + // Related to this change, there is https://github.com/tailscale/tailscale/pull/5379, + // where CapabilityVersion 39 is introduced to indicate #4323 was merged. + // + // See also https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go + NoiseCapabilityVersion = 39 +) + // KeyHandler provides the Headscale pub key // Listens in /key. func (h *Headscale) KeyHandler( @@ -18,6 +31,10 @@ func (h *Headscale) KeyHandler( // New Tailscale clients send a 'v' parameter to indicate the CurrentCapabilityVersion clientCapabilityStr := req.URL.Query().Get("v") if clientCapabilityStr != "" { + log.Debug(). + Str("handler", "/key"). + Str("v", clientCapabilityStr). + Msg("New noise client") clientCapabilityVersion, err := strconv.Atoi(clientCapabilityStr) if err != nil { writer.Header().Set("Content-Type", "text/plain; charset=utf-8") @@ -52,6 +69,9 @@ func (h *Headscale) KeyHandler( return } } + log.Debug(). + Str("handler", "/key"). + Msg("New legacy client") // Old clients don't send a 'v' parameter, so we send the legacy public key writer.Header().Set("Content-Type", "text/plain; charset=utf-8")