Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipn: get rid of Prefs.AllowSingleHosts? #12058

Closed
bradfitz opened this issue May 8, 2024 · 3 comments · Fixed by #12171
Closed

ipn: get rid of Prefs.AllowSingleHosts? #12058

bradfitz opened this issue May 8, 2024 · 3 comments · Fixed by #12171
Assignees
@bradfitz

Comments

@bradfitz
Copy link
Member

bradfitz commented May 8, 2024

Nobody sets Prefs.AllowSingleHosts to false. We use its default true value and only notice that the pref exists when there's a mistake and we accidentally use a ipn.Prefs zero value rather than use ipn.NewPrefs.

Maybe we should just ditch the field.

If they really really want to disallow single hosts, we can add a new pref (or envknob?) later that's named in the negative.

Thoughts?

/cc @maisem @oxtoacart @andrew-d @danderson @sailorfrag
@oxtoacart
Copy link
Contributor

Interesting thought. In theory, the same thing could apply to several things that we initialize in NewPrefs().

  • CorpDNS -> DisableCorpDNS
  • AutoUpdate.Check -> AutoUpdate.DisableCheck
  • AutoUpdate.Apply -> AutoUpdate.DisableApply
RouteAll:         true,
		AllowSingleHosts: true,
		CorpDNS:          true,
		WantRunning:      false,
		NetfilterMode:    preftype.NetfilterOn,
		AutoUpdate: AutoUpdatePrefs{
			Check: true,
			Apply: opt.Bool("unset"),
		},

I also noticed that AcceptRoutes is a little strange - the CLI up command defaults it to a platform-dependent value. I'm not sure what (if anything) our other clients do with it.

@bradfitz
Copy link
Member Author

bradfitz commented May 8, 2024

I'm explicitly not proposing doing this for CorpDNS and Auto-update. Those can very reasonably be off. They're much more subjective. I wouldn't want to invert those checks every time opinions change.

I'm not proposing this as a fix for the Start woes.

I just remembered AllowSingleHosts and how useless it was.

@danderson
Copy link
Member

The field exists purely because the first customer, in the earliest days, wanted pure subnet routing with no client<>client connectivity, and ACLs didn't exist yet. This was the big hammer to ensure clients could only use subnet routes.

It's been vestigial the entire time I've been here. It can be removed.

bradfitz added a commit that referenced this issue May 17, 2024
@bradfitz
ipn,wgengine: remove vestigial Prefs.AllowSingleHosts
e4e70b5 
It was requested by the first customer 4-5 years ago and only used
for a brief moment of time. We later added netmap visibility trimming
which removes the need for this.

It's been hidden by the CLI for quite some time and never documented
anywhere else.

This keeps the CLI flag, though, out of caution. It just returns an
error if it's set to anything but true (its default).

Fixes #12058

Change-Id: I7514ba572e7b82519b04ed603ff9f3bdbaecfda7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
@bradfitz bradfitz mentioned this issue May 17, 2024
Merged
@bradfitz bradfitz self-assigned this May 17, 2024
bradfitz added a commit that referenced this issue May 18, 2024
@bradfitz
ipn,wgengine: remove vestigial Prefs.AllowSingleHosts
bdd6de8 
It was requested by the first customer 4-5 years ago and only used
for a brief moment of time. We later added netmap visibility trimming
which removes the need for this.

It's been hidden by the CLI for quite some time and never documented
anywhere else.

This keeps the CLI flag, though, out of caution. It just returns an
error if it's set to anything but true (its default).

Fixes #12058

Change-Id: I7514ba572e7b82519b04ed603ff9f3bdbaecfda7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
bradfitz added a commit that referenced this issue May 18, 2024
@bradfitz
ipn,wgengine: remove vestigial Prefs.AllowSingleHosts
964282d 
It was requested by the first customer 4-5 years ago and only used
for a brief moment of time. We later added netmap visibility trimming
which removes the need for this.

It's been hidden by the CLI for quite some time and never documented
anywhere else.

This keeps the CLI flag, though, out of caution. It just returns an
error if it's set to anything but true (its default).

Fixes #12058

Change-Id: I7514ba572e7b82519b04ed603ff9f3bdbaecfda7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Mmx233 pushed a commit to MultiMx/tailscale that referenced this issue May 20, 2024
@bradfitz @Mmx233
ipn,wgengine: remove vestigial Prefs.AllowSingleHosts
14e9dc5 
It was requested by the first customer 4-5 years ago and only used
for a brief moment of time. We later added netmap visibility trimming
which removes the need for this.

It's been hidden by the CLI for quite some time and never documented
anywhere else.

This keeps the CLI flag, though, out of caution. It just returns an
error if it's set to anything but true (its default).

Fixes tailscale#12058

Change-Id: I7514ba572e7b82519b04ed603ff9f3bdbaecfda7
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bradfitz bradfitz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ipn,wgengine: remove vestigial Prefs.AllowSingleHosts tailscale/tailscale
3 participants
@danderson @bradfitz @oxtoacart