types: add option to disable taildrop, improve tests (#2955)

2026-01-11 20:00:28 +01:00 · 2025-12-12 11:35:16 +01:00
parent 87bd67318b
commit 642073f4b8
6 changed files with 365 additions and 94 deletions
--- a/hscontrol/mapper/tail_test.go
+++ b/hscontrol/mapper/tail_test.go
@@ -205,6 +205,7 @@ func TestTailNode(t *testing.T) {
 				BaseDomain:          tt.baseDomain,
 				TailcfgDNSConfig:    tt.dnsConfig,
 				RandomizeClientPort: false,
+				Taildrop:            types.TaildropConfig{Enabled: true},
 			}
 			_ = primary.SetRoutes(tt.node.ID, tt.node.SubnetRoutes()...)

@@ -272,7 +273,7 @@ func TestNodeExpiry(t *testing.T) {
 				func(id types.NodeID) []netip.Prefix {
 					return []netip.Prefix{}
 				},
-				&types.Config{},
+				&types.Config{Taildrop: types.TaildropConfig{Enabled: true}},
 			)
 			if err != nil {
 				t.Fatalf("nodeExpiry() error = %v", err)
--- a/hscontrol/types/config.go
+++ b/hscontrol/types/config.go
@@ -94,6 +94,7 @@ type Config struct {

 	LogTail             LogTailConfig
 	RandomizeClientPort bool
+	Taildrop            TaildropConfig

 	CLI CLIConfig

@@ -211,6 +212,10 @@ type LogTailConfig struct {
 	Enabled bool
 }

+type TaildropConfig struct {
+	Enabled bool
+}
+
 type CLIConfig struct {
 	Address  string
 	APIKey   string
@@ -382,6 +387,7 @@ func LoadConfig(path string, isFile bool) error {

 	viper.SetDefault("logtail.enabled", false)
 	viper.SetDefault("randomize_client_port", false)
+	viper.SetDefault("taildrop.enabled", true)

 	viper.SetDefault("ephemeral_node_inactivity_timeout", "120s")

@@ -1048,6 +1054,9 @@ func LoadServerConfig() (*Config, error) {

 		LogTail:             logTailConfig,
 		RandomizeClientPort: randomizeClientPort,
+		Taildrop: TaildropConfig{
+			Enabled: viper.GetBool("taildrop.enabled"),
+		},

 		Policy: policyConfig(),

--- a/hscontrol/types/node.go
+++ b/hscontrol/types/node.go
@@ -1028,14 +1028,17 @@ func (nv NodeView) TailNode(
 	tsaddr.SortPrefixes(allowedIPs)

 	capMap := tailcfg.NodeCapMap{
-		tailcfg.CapabilityFileSharing: []tailcfg.RawMessage{},
-		tailcfg.CapabilityAdmin:       []tailcfg.RawMessage{},
-		tailcfg.CapabilitySSH:         []tailcfg.RawMessage{},
+		tailcfg.CapabilityAdmin: []tailcfg.RawMessage{},
+		tailcfg.CapabilitySSH:   []tailcfg.RawMessage{},
 	}
 	if cfg.RandomizeClientPort {
 		capMap[tailcfg.NodeAttrRandomizeClientPort] = []tailcfg.RawMessage{}
 	}

+	if cfg.Taildrop.Enabled {
+		capMap[tailcfg.CapabilityFileSharing] = []tailcfg.RawMessage{}
+	}
+
 	tNode := tailcfg.Node{
 		//nolint:gosec // G115: NodeID values are within int64 range
 		ID:       tailcfg.NodeID(nv.ID()),