starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-04-11 03:27:20 +02:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity
Files
a3c4ad2ca3159318bf2f9a1fbd829c7f97a8cf0b
headscale/hscontrol/types/registration.go
Kristoffer Dalby 0d4f2293ff state: replace zcache with bounded LRU for auth cache 
Replace zcache with golang-lru/v2/expirable for both the state auth
cache and the OIDC state cache. Add tuning.register_cache_max_entries
(default 1024) to cap the number of pending registration entries.

Introduce types.RegistrationData to replace caching a full *Node;
only the fields the registration callback path reads are retained.
Remove the dead HSDatabase.regCache field. Drop zgo.at/zcache/v2
from go.mod.
2026-04-10 14:09:57 +01:00

56 lines
1.9 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package types
import (
"net/netip"
"time"
"tailscale.com/tailcfg"
"tailscale.com/types/key"
)
// RegistrationData is the payload cached for a pending node registration.
// It replaces the previous practice of caching a full *Node and carries
// only the fields the registration callback path actually consumes when
// promoting a pending registration to a real node.
//
// Combined with the bounded-LRU cache that holds these entries, this caps
// the worst-case memory footprint of unauthenticated cache-fill attempts
// at (max_entries × per_entry_size). The cache is sized so that the
// product is bounded to a few MiB even with attacker-supplied 1 MiB
// Hostinfos (the Noise body limit).
type RegistrationData struct {
// MachineKey is the cryptographic identity of the machine being
// registered. Required.
MachineKey key.MachinePublic
// NodeKey is the cryptographic identity of the node session.
// Required.
NodeKey key.NodePublic
// DiscoKey is the disco public key for peer-to-peer connections.
DiscoKey key.DiscoPublic
// Hostname is the resolved hostname for the registering node.
// Already validated/normalised by EnsureHostname at producer time.
Hostname string
// Hostinfo is the original Hostinfo from the RegisterRequest,
// stored so that the auth callback can populate the new node's
// initial Hostinfo (and so that observability/CLI consumers see
// fields like OS, OSVersion, and IPNVersion before the first
// MapRequest restores the live set).
//
// May be nil if the client did not send Hostinfo in the original
// RegisterRequest.
Hostinfo *tailcfg.Hostinfo
// Endpoints is the initial set of WireGuard endpoints the node
// reported. The first MapRequest after registration overwrites
// this with the live set.
Endpoints []netip.AddrPort
// Expiry is the optional client-requested expiry for this node.
// May be nil if the client did not request a specific expiry.
Expiry *time.Time
}
Reference in New Issue View Git Blame Copy Permalink