tailscale/wgengine/filter/match.go

85 lines
1.8 KiB
Go
Raw Normal View History

// Copyright (c) 2020 Tailscale Inc & AUTHORS All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package filter
import (
"fmt"
"strings"
controlclinet: clone filter.MatchAllowAll This avoids a non-obvious data race, where the JSON decoder ends up creating do-nothing writes into global variables. ================== WARNING: DATA RACE Write at 0x0000011e1860 by goroutine 201: tailscale.com/wgengine/packet.(*IP).UnmarshalJSON() /home/crawshaw/repo/corp/oss/wgengine/packet/packet.go:83 +0x2d9 encoding/json.(*decodeState).literalStore() /home/crawshaw/go/go/src/encoding/json/decode.go:877 +0x445e ... encoding/json.Unmarshal() /home/crawshaw/go/go/src/encoding/json/decode.go:107 +0x1de tailscale.com/control/controlclient.(*Direct).decodeMsg() /home/crawshaw/repo/corp/oss/control/controlclient/direct.go:615 +0x1ab tailscale.com/control/controlclient.(*Direct).PollNetMap() /home/crawshaw/repo/corp/oss/control/controlclient/direct.go:525 +0x1053 tailscale.com/control/controlclient.(*Client).mapRoutine() /home/crawshaw/repo/corp/oss/control/controlclient/auto.go:428 +0x3a6 Previous read at 0x0000011e1860 by goroutine 86: tailscale.com/wgengine/filter.matchIPWithoutPorts() /home/crawshaw/repo/corp/oss/wgengine/filter/match.go:108 +0x91 tailscale.com/wgengine/filter.(*Filter).runIn() /home/crawshaw/repo/corp/oss/wgengine/filter/filter.go:147 +0x3c6 tailscale.com/wgengine/filter.(*Filter).RunIn() /home/crawshaw/repo/corp/oss/wgengine/filter/filter.go:127 +0xb0 tailscale.com/wgengine.(*userspaceEngine).SetFilter.func1() /home/crawshaw/repo/corp/oss/wgengine/userspace.go:390 +0xfc github.com/tailscale/wireguard-go/device.(*Device).RoutineDecryption() /home/crawshaw/repo/corp/wireguard-go/device/receive.go:295 +0xa1f For #112 Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
2020-02-29 03:27:17 +00:00
"inet.af/netaddr"
)
// PortRange is a range of TCP and UDP ports.
type PortRange struct {
First, Last uint16 // inclusive
}
// PortRangeAny represents all TCP and UDP ports.
var PortRangeAny = PortRange{0, 65535}
func (pr PortRange) String() string {
if pr.First == 0 && pr.Last == 65535 {
return "*"
} else if pr.First == pr.Last {
return fmt.Sprintf("%d", pr.First)
} else {
return fmt.Sprintf("%d-%d", pr.First, pr.Last)
}
}
func (pr PortRange) contains(port uint16) bool {
return port >= pr.First && port <= pr.Last
}
// NetAny matches all IP addresses.
// TODO: add ipv6.
var NetAny = []netaddr.IPPrefix{{IP: netaddr.IPv4(0, 0, 0, 0), Bits: 0}}
// NetPortRange combines an IP address prefix and PortRange.
type NetPortRange struct {
Net netaddr.IPPrefix
Ports PortRange
}
func (npr NetPortRange) String() string {
return fmt.Sprintf("%v:%v", npr.Net, npr.Ports)
}
var NetPortRangeAny = []NetPortRange{{Net: NetAny[0], Ports: PortRangeAny}}
// Match matches packets from any IP address in Srcs to any ip:port in
// Dsts.
type Match struct {
Dsts []NetPortRange
Srcs []netaddr.IPPrefix
}
func (m Match) String() string {
srcs := []string{}
for _, src := range m.Srcs {
srcs = append(srcs, src.String())
}
dsts := []string{}
for _, dst := range m.Dsts {
dsts = append(dsts, dst.String())
}
var ss, ds string
if len(srcs) == 1 {
ss = srcs[0]
} else {
ss = "[" + strings.Join(srcs, ",") + "]"
}
if len(dsts) == 1 {
ds = dsts[0]
} else {
ds = "[" + strings.Join(dsts, ",") + "]"
}
return fmt.Sprintf("%v=>%v", ss, ds)
}
// Matches is a list of packet matchers.
type Matches []Match