client/web: use Tailscale IP known by peer node #10603
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
soniaappasamy
commented
Dec 14, 2023
| if ip.Is6() && r.Host == fmt.Sprintf("[%s]:%d", ip, ListenPort) { | ||
| return false | ||
| } | ||
| ipv4, ipv6 := s.selfNodeAddresses(r, st) |
There was a problem hiding this comment.
Considered caching the "known IPs" for this node, but because it changes based on peer, opted to do the safer thing and look them up each time. It's a little more expensive than what we had before: now calling , and calling Status instead of StatusWithoutPeersWhoIs and extra time on the request.
soniaappasamy
force-pushed
the
soniaappasamy/shared-ip-fix
branch
from
424bfeb
to
529924d
Compare
maisem
reviewed
Dec 14, 2023
maisem
reviewed
Dec 14, 2023
soniaappasamy
force-pushed
the
soniaappasamy/shared-ip-fix
branch
from
529924d
to
6ce540a
Compare
maisem
approved these changes
Dec 14, 2023
willnorris
approved these changes
Dec 14, 2023
Throughout the web UI, we present the tailscale addresses for the self node. In the case of the node being shared out with a user from another tailnet, the peer viewer may actually know the node by a different IP than the node knows itself as (Tailscale IPs can be configured as desired on a tailnet level). This change includes two fixes: 1. Present the self node's addresses in the frontend as the addresses the viewing node knows it as (i.e. the addresses the viewing node uses to access the web client). 2. We currently redirect the viewer to the Tailscale IPv4 address if viewing it by MagicDNS name, or any other name that maps to the Tailscale node. When doing this redirect, which is primarily added for DNS rebinding protection, we now check the address the peer knows this node as, and redirect to specifically that IP. Fixes tailscale/corp#16402 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>
soniaappasamy
force-pushed
the
soniaappasamy/shared-ip-fix
branch
from
6ce540a
to
ee8460d
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Throughout the web UI, we present the tailscale addresses for the self node. In the case of the node being shared out with a user from another tailnet, the peer viewer may actually know the node by a different IP than the node knows itself as (Tailscale IPs can be configured as desired on a tailnet level). This change includes two fixes:
Present the self node's addresses in the frontend as the addresses the viewing node knows it as (i.e. the addresses the viewing node uses to access the web client).
We currently redirect the viewer to the Tailscale IPv4 address if viewing it by MagicDNS name, or any other name that maps to the Tailscale node. When doing this redirect, which is primarily added for DNS rebinding protection, we now check the address the peer knows this node as, and redirect to specifically that IP.
Fixes tailscale/corp#16402