| 
									
										
										
										
											2023-01-27 13:37:20 -08:00
										 |  |  | // Copyright (c) Tailscale Inc & AUTHORS | 
					
						
							|  |  |  | // SPDX-License-Identifier: BSD-3-Clause | 
					
						
							| 
									
										
										
										
											2020-04-30 13:20:09 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | // Package router presents an interface to manipulate the host network | 
					
						
							|  |  |  | // stack's state. | 
					
						
							|  |  |  | package router | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							| 
									
										
										
											
												all: convert more code to use net/netip directly
    perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
    perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
    goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
											
										 
											2022-07-25 21:14:09 -07:00
										 |  |  | 	"net/netip" | 
					
						
							| 
									
										
										
										
											2022-06-28 15:32:09 -07:00
										 |  |  | 	"reflect" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-12-09 15:12:20 -08:00
										 |  |  | 	"github.com/tailscale/wireguard-go/tun" | 
					
						
							| 
									
										
										
										
											2024-04-26 10:12:46 -07:00
										 |  |  | 	"tailscale.com/health" | 
					
						
							| 
									
										
										
										
											2023-04-18 14:26:58 -07:00
										 |  |  | 	"tailscale.com/net/netmon" | 
					
						
							| 
									
										
										
										
											2020-04-30 13:20:09 -07:00
										 |  |  | 	"tailscale.com/types/logger" | 
					
						
							| 
									
										
										
										
											2021-02-04 13:12:42 -08:00
										 |  |  | 	"tailscale.com/types/preftype" | 
					
						
							| 
									
										
										
										
											2020-04-30 13:20:09 -07:00
										 |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // Router is responsible for managing the system network stack. | 
					
						
							|  |  |  | // | 
					
						
							|  |  |  | // There is typically only one instance of this interface per process. | 
					
						
							|  |  |  | type Router interface { | 
					
						
							|  |  |  | 	// Up brings the router up. | 
					
						
							|  |  |  | 	Up() error | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-12 07:08:52 +00:00
										 |  |  | 	// Set updates the OS network stack with a new Config. It may be | 
					
						
							|  |  |  | 	// called multiple times with identical Configs, which the | 
					
						
							| 
									
										
										
										
											2020-05-08 01:07:13 +00:00
										 |  |  | 	// implementation should handle gracefully. | 
					
						
							| 
									
										
										
										
											2020-05-12 07:08:52 +00:00
										 |  |  | 	Set(*Config) error | 
					
						
							| 
									
										
										
										
											2020-04-30 13:20:09 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-12-05 18:12:02 -05:00
										 |  |  | 	// UpdateMagicsockPort tells the OS network stack what port magicsock | 
					
						
							|  |  |  | 	// is currently listening on, so it can be threaded through firewalls | 
					
						
							|  |  |  | 	// and such. This is distinct from Set() since magicsock may rebind | 
					
						
							|  |  |  | 	// ports independently from the Config changing. | 
					
						
							|  |  |  | 	// | 
					
						
							|  |  |  | 	// network should be either "udp4" or "udp6". | 
					
						
							|  |  |  | 	UpdateMagicsockPort(port uint16, network string) error | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-04-30 13:20:09 -07:00
										 |  |  | 	// Close closes the router. | 
					
						
							|  |  |  | 	Close() error | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-04-30 13:37:30 -07:00
										 |  |  | // New returns a new Router for the current platform, using the | 
					
						
							|  |  |  | // provided tun device. | 
					
						
							| 
									
										
										
										
											2021-07-20 13:28:06 -07:00
										 |  |  | // | 
					
						
							| 
									
										
										
										
											2023-04-18 14:26:58 -07:00
										 |  |  | // If netMon is nil, it's not used. It's currently (2021-07-20) only | 
					
						
							| 
									
										
										
										
											2021-07-20 13:28:06 -07:00
										 |  |  | // used on Linux in some situations. | 
					
						
							| 
									
										
										
										
											2024-04-26 10:12:46 -07:00
										 |  |  | func New(logf logger.Logf, tundev tun.Device, netMon *netmon.Monitor, health *health.Tracker) (Router, error) { | 
					
						
							| 
									
										
										
										
											2020-07-14 09:12:00 -04:00
										 |  |  | 	logf = logger.WithPrefix(logf, "router: ") | 
					
						
							| 
									
										
										
										
											2024-04-26 10:12:46 -07:00
										 |  |  | 	return newUserspaceRouter(logf, tundev, netMon, health) | 
					
						
							| 
									
										
										
										
											2020-04-30 13:20:09 -07:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2024-04-02 19:52:19 -07:00
										 |  |  | // CleanUp restores the system network configuration to its original state | 
					
						
							| 
									
										
										
										
											2020-07-13 06:17:58 -04:00
										 |  |  | // in case the Tailscale daemon terminated without closing the router. | 
					
						
							|  |  |  | // No other state needs to be instantiated before this runs. | 
					
						
							| 
									
										
										
										
											2024-04-26 22:06:20 -07:00
										 |  |  | func CleanUp(logf logger.Logf, netMon *netmon.Monitor, interfaceName string) { | 
					
						
							| 
									
										
										
										
											2024-04-02 19:52:19 -07:00
										 |  |  | 	cleanUp(logf, interfaceName) | 
					
						
							| 
									
										
										
										
											2020-07-13 06:17:58 -04:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-12 07:08:52 +00:00
										 |  |  | // Config is the subset of Tailscale configuration that is relevant to | 
					
						
							|  |  |  | // the OS's network stack. | 
					
						
							|  |  |  | type Config struct { | 
					
						
							| 
									
										
										
										
											2021-04-01 07:50:50 -07:00
										 |  |  | 	// LocalAddrs are the address(es) for this node. This is | 
					
						
							|  |  |  | 	// typically one IPv4/32 (the 100.x.y.z CGNAT) and one | 
					
						
							|  |  |  | 	// IPv6/128 (Tailscale ULA). | 
					
						
							| 
									
										
										
											
												all: convert more code to use net/netip directly
    perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
    perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
    goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
											
										 
											2022-07-25 21:14:09 -07:00
										 |  |  | 	LocalAddrs []netip.Prefix | 
					
						
							| 
									
										
										
										
											2021-04-01 07:50:50 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-08 15:56:51 -07:00
										 |  |  | 	// Routes are the routes that point into the Tailscale | 
					
						
							| 
									
										
										
										
											2021-04-01 07:50:50 -07:00
										 |  |  | 	// interface.  These are the /32 and /128 routes to peers, as | 
					
						
							|  |  |  | 	// well as any other subnets that peers are advertising and | 
					
						
							|  |  |  | 	// this node has chosen to use. | 
					
						
							| 
									
										
										
											
												all: convert more code to use net/netip directly
    perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
    perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
    goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
											
										 
											2022-07-25 21:14:09 -07:00
										 |  |  | 	Routes []netip.Prefix | 
					
						
							| 
									
										
										
										
											2020-05-13 22:35:22 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-04-08 15:56:51 -07:00
										 |  |  | 	// LocalRoutes are the routes that should not be routed through Tailscale. | 
					
						
							|  |  |  | 	// There are no priorities set in how these routes are added, normal | 
					
						
							|  |  |  | 	// routing rules apply. | 
					
						
							| 
									
										
										
											
												all: convert more code to use net/netip directly
    perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
    perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
    perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
    goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
											
										 
											2022-07-25 21:14:09 -07:00
										 |  |  | 	LocalRoutes []netip.Prefix | 
					
						
							| 
									
										
										
										
											2021-04-08 15:56:51 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-07-18 23:51:32 +02:00
										 |  |  | 	// NewMTU is currently only used by the MacOS network extension | 
					
						
							|  |  |  | 	// app to set the MTU of the tun in the router configuration | 
					
						
							|  |  |  | 	// callback. If zero, the MTU is unchanged. | 
					
						
							|  |  |  | 	NewMTU int | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-10-11 17:49:01 +00:00
										 |  |  | 	// SubnetRoutes is the list of subnets that this node is | 
					
						
							|  |  |  | 	// advertising to other Tailscale nodes. | 
					
						
							|  |  |  | 	// As of 2023-10-11, this field is only used for network | 
					
						
							|  |  |  | 	// flow logging and is otherwise ignored. | 
					
						
							|  |  |  | 	SubnetRoutes []netip.Prefix | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-13 22:35:22 +00:00
										 |  |  | 	// Linux-only things below, ignored on other platforms. | 
					
						
							| 
									
										
										
										
											2024-05-06 15:22:17 -07:00
										 |  |  | 	SNATSubnetRoutes  bool                   // SNAT traffic to local subnets | 
					
						
							|  |  |  | 	StatefulFiltering bool                   // Apply stateful filtering to inbound connections | 
					
						
							|  |  |  | 	NetfilterMode     preftype.NetfilterMode // how much to manage netfilter rules | 
					
						
							|  |  |  | 	NetfilterKind     string                 // what kind of netfilter to use (nftables, iptables) | 
					
						
							| 
									
										
										
										
											2020-04-30 13:20:09 -07:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2020-05-12 07:08:52 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-06-28 15:32:09 -07:00
										 |  |  | func (a *Config) Equal(b *Config) bool { | 
					
						
							|  |  |  | 	if a == nil && b == nil { | 
					
						
							|  |  |  | 		return true | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	if (a == nil) != (b == nil) { | 
					
						
							|  |  |  | 		return false | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return reflect.DeepEqual(a, b) | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-12 07:08:52 +00:00
										 |  |  | // shutdownConfig is a routing configuration that removes all router | 
					
						
							|  |  |  | // state from the OS. It's the config used when callers pass in a nil | 
					
						
							|  |  |  | // Config. | 
					
						
							| 
									
										
										
										
											2020-05-13 22:35:22 +00:00
										 |  |  | var shutdownConfig = Config{} |