2023-01-27 13:37:20 -08:00
|
|
|
// Copyright (c) Tailscale Inc & AUTHORS
|
|
|
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
2020-06-14 14:18:38 +02:00
|
|
|
|
2021-08-05 15:42:39 -07:00
|
|
|
//go:build darwin || freebsd
|
2020-06-14 14:18:38 +02:00
|
|
|
|
|
|
|
|
package router
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"log"
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 21:14:09 -07:00
|
|
|
"net/netip"
|
2020-06-14 14:18:38 +02:00
|
|
|
"os/exec"
|
2021-03-04 16:36:28 -08:00
|
|
|
"runtime"
|
2020-06-14 14:18:38 +02:00
|
|
|
|
2022-12-09 15:12:20 -08:00
|
|
|
"github.com/tailscale/wireguard-go/tun"
|
2022-07-24 20:08:42 -07:00
|
|
|
"go4.org/netipx"
|
2024-04-26 10:12:46 -07:00
|
|
|
"tailscale.com/health"
|
2023-04-18 14:26:58 -07:00
|
|
|
"tailscale.com/net/netmon"
|
2021-04-10 19:36:26 -07:00
|
|
|
"tailscale.com/net/tsaddr"
|
2020-06-14 14:18:38 +02:00
|
|
|
"tailscale.com/types/logger"
|
2020-08-11 11:04:07 -06:00
|
|
|
"tailscale.com/version"
|
2020-06-14 14:18:38 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type userspaceBSDRouter struct {
|
|
|
|
|
logf logger.Logf
|
2023-04-18 14:26:58 -07:00
|
|
|
netMon *netmon.Monitor
|
2024-04-26 10:12:46 -07:00
|
|
|
health *health.Tracker
|
2020-06-14 14:18:38 +02:00
|
|
|
tunname string
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 21:14:09 -07:00
|
|
|
local []netip.Prefix
|
2022-11-11 14:06:38 +05:00
|
|
|
routes map[netip.Prefix]bool
|
2020-06-14 14:18:38 +02:00
|
|
|
}
|
|
|
|
|
|
2024-04-26 10:12:46 -07:00
|
|
|
func newUserspaceBSDRouter(logf logger.Logf, tundev tun.Device, netMon *netmon.Monitor, health *health.Tracker) (Router, error) {
|
2020-06-14 14:18:38 +02:00
|
|
|
tunname, err := tundev.Name()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-07-31 16:27:09 -04:00
|
|
|
|
2020-06-14 14:18:38 +02:00
|
|
|
return &userspaceBSDRouter{
|
|
|
|
|
logf: logf,
|
2023-04-18 14:26:58 -07:00
|
|
|
netMon: netMon,
|
2024-04-26 10:12:46 -07:00
|
|
|
health: health,
|
2020-06-14 14:18:38 +02:00
|
|
|
tunname: tunname,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 21:14:09 -07:00
|
|
|
func (r *userspaceBSDRouter) addrsToRemove(newLocalAddrs []netip.Prefix) (remove []netip.Prefix) {
|
2021-02-11 19:13:03 -08:00
|
|
|
for _, cur := range r.local {
|
|
|
|
|
found := false
|
|
|
|
|
for _, v := range newLocalAddrs {
|
|
|
|
|
found = (v == cur)
|
|
|
|
|
if found {
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if !found {
|
|
|
|
|
remove = append(remove, cur)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 21:14:09 -07:00
|
|
|
func (r *userspaceBSDRouter) addrsToAdd(newLocalAddrs []netip.Prefix) (add []netip.Prefix) {
|
2021-02-11 19:13:03 -08:00
|
|
|
for _, cur := range newLocalAddrs {
|
|
|
|
|
found := false
|
|
|
|
|
for _, v := range r.local {
|
|
|
|
|
found = (v == cur)
|
|
|
|
|
if found {
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if !found {
|
|
|
|
|
add = append(add, cur)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-14 09:12:00 -04:00
|
|
|
func cmd(args ...string) *exec.Cmd {
|
2020-06-14 14:18:38 +02:00
|
|
|
if len(args) == 0 {
|
2020-09-01 13:27:42 -07:00
|
|
|
log.Fatalf("exec.Cmd(%#v) invalid; need argv[0]", args)
|
2020-06-14 14:18:38 +02:00
|
|
|
}
|
|
|
|
|
return exec.Command(args[0], args[1:]...)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (r *userspaceBSDRouter) Up() error {
|
|
|
|
|
ifup := []string{"ifconfig", r.tunname, "up"}
|
2020-07-14 09:12:00 -04:00
|
|
|
if out, err := cmd(ifup...).CombinedOutput(); err != nil {
|
2020-06-14 14:18:38 +02:00
|
|
|
r.logf("running ifconfig failed: %v\n%s", err, out)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 21:14:09 -07:00
|
|
|
func inet(p netip.Prefix) string {
|
2022-07-24 20:08:42 -07:00
|
|
|
if p.Addr().Is6() {
|
2021-02-11 19:13:03 -08:00
|
|
|
return "inet6"
|
|
|
|
|
}
|
|
|
|
|
return "inet"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (r *userspaceBSDRouter) Set(cfg *Config) (reterr error) {
|
2020-06-14 14:18:38 +02:00
|
|
|
if cfg == nil {
|
|
|
|
|
cfg = &shutdownConfig
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-11 19:13:03 -08:00
|
|
|
setErr := func(err error) {
|
2022-11-11 14:06:38 +05:00
|
|
|
if reterr == nil {
|
|
|
|
|
reterr = err
|
2020-06-14 14:18:38 +02:00
|
|
|
}
|
2021-02-11 19:13:03 -08:00
|
|
|
}
|
2022-11-11 14:06:38 +05:00
|
|
|
addrsToRemove := r.addrsToRemove(cfg.LocalAddrs)
|
|
|
|
|
|
|
|
|
|
// If we're removing all addresses, we need to remove and re-add all
|
|
|
|
|
// routes.
|
|
|
|
|
resetRoutes := len(r.local) > 0 && len(addrsToRemove) == len(r.local)
|
2020-06-14 14:18:38 +02:00
|
|
|
|
2021-02-11 19:13:03 -08:00
|
|
|
// Update the addresses.
|
2022-11-11 14:06:38 +05:00
|
|
|
for _, addr := range addrsToRemove {
|
2021-02-11 19:13:03 -08:00
|
|
|
arg := []string{"ifconfig", r.tunname, inet(addr), addr.String(), "-alias"}
|
|
|
|
|
out, err := cmd(arg...).CombinedOutput()
|
2020-06-14 14:18:38 +02:00
|
|
|
if err != nil {
|
2021-02-11 19:13:03 -08:00
|
|
|
r.logf("addr del failed: %v => %v\n%s", arg, err, out)
|
|
|
|
|
setErr(err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
for _, addr := range r.addrsToAdd(cfg.LocalAddrs) {
|
2021-03-04 16:36:28 -08:00
|
|
|
var arg []string
|
2022-07-24 20:08:42 -07:00
|
|
|
if runtime.GOOS == "freebsd" && addr.Addr().Is6() && addr.Bits() == 128 {
|
2021-03-04 16:36:28 -08:00
|
|
|
// FreeBSD rejects tun addresses of the form fc00::1/128 -> fc00::1,
|
|
|
|
|
// https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218508
|
|
|
|
|
// Instead add our whole /48, which works because we use a /48 route.
|
|
|
|
|
// Full history: https://github.com/tailscale/tailscale/issues/1307
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 21:14:09 -07:00
|
|
|
tmp := netip.PrefixFrom(addr.Addr(), 48)
|
2021-03-04 16:36:28 -08:00
|
|
|
arg = []string{"ifconfig", r.tunname, inet(tmp), tmp.String()}
|
|
|
|
|
} else {
|
2022-07-24 20:08:42 -07:00
|
|
|
arg = []string{"ifconfig", r.tunname, inet(addr), addr.String(), addr.Addr().String()}
|
2021-03-04 16:36:28 -08:00
|
|
|
}
|
2021-02-11 19:13:03 -08:00
|
|
|
out, err := cmd(arg...).CombinedOutput()
|
|
|
|
|
if err != nil {
|
|
|
|
|
r.logf("addr add failed: %v => %v\n%s", arg, err, out)
|
|
|
|
|
setErr(err)
|
2020-06-14 14:18:38 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-11 14:06:38 +05:00
|
|
|
newRoutes := make(map[netip.Prefix]bool)
|
2020-06-14 14:18:38 +02:00
|
|
|
for _, route := range cfg.Routes {
|
2021-04-15 16:37:46 -07:00
|
|
|
if runtime.GOOS != "darwin" && route == tsaddr.TailscaleULARange() {
|
2021-04-10 19:36:26 -07:00
|
|
|
// Because we added the interface address as a /48 above,
|
|
|
|
|
// the kernel already created the Tailscale ULA route
|
|
|
|
|
// implicitly. We mustn't try to add/delete it ourselves.
|
|
|
|
|
continue
|
|
|
|
|
}
|
2022-11-11 14:06:38 +05:00
|
|
|
newRoutes[route] = true
|
2020-06-14 14:18:38 +02:00
|
|
|
}
|
2022-09-25 14:29:55 -04:00
|
|
|
// Delete any preexisting routes.
|
2020-06-14 14:18:38 +02:00
|
|
|
for route := range r.routes {
|
2022-11-11 14:06:38 +05:00
|
|
|
if resetRoutes || !newRoutes[route] {
|
2022-07-24 20:08:42 -07:00
|
|
|
net := netipx.PrefixIPNet(route)
|
2020-06-14 14:18:38 +02:00
|
|
|
nip := net.IP.Mask(net.Mask)
|
2021-05-14 18:07:28 -07:00
|
|
|
nstr := fmt.Sprintf("%v/%d", nip, route.Bits())
|
2020-08-11 11:04:07 -06:00
|
|
|
del := "del"
|
|
|
|
|
if version.OS() == "macOS" {
|
|
|
|
|
del = "delete"
|
|
|
|
|
}
|
2020-06-14 14:18:38 +02:00
|
|
|
routedel := []string{"route", "-q", "-n",
|
2021-02-11 19:13:03 -08:00
|
|
|
del, "-" + inet(route), nstr,
|
2020-06-14 14:18:38 +02:00
|
|
|
"-iface", r.tunname}
|
2020-07-14 09:12:00 -04:00
|
|
|
out, err := cmd(routedel...).CombinedOutput()
|
2020-06-14 14:18:38 +02:00
|
|
|
if err != nil {
|
|
|
|
|
r.logf("route del failed: %v: %v\n%s", routedel, err, out)
|
2021-02-11 19:13:03 -08:00
|
|
|
setErr(err)
|
2020-06-14 14:18:38 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
// Add the routes.
|
|
|
|
|
for route := range newRoutes {
|
2022-11-11 14:06:38 +05:00
|
|
|
if resetRoutes || !r.routes[route] {
|
2022-07-24 20:08:42 -07:00
|
|
|
net := netipx.PrefixIPNet(route)
|
2020-06-14 14:18:38 +02:00
|
|
|
nip := net.IP.Mask(net.Mask)
|
2021-05-14 18:07:28 -07:00
|
|
|
nstr := fmt.Sprintf("%v/%d", nip, route.Bits())
|
2020-06-14 14:18:38 +02:00
|
|
|
routeadd := []string{"route", "-q", "-n",
|
2021-02-11 19:13:03 -08:00
|
|
|
"add", "-" + inet(route), nstr,
|
2020-06-14 14:18:38 +02:00
|
|
|
"-iface", r.tunname}
|
2020-07-14 09:12:00 -04:00
|
|
|
out, err := cmd(routeadd...).CombinedOutput()
|
2020-06-14 14:18:38 +02:00
|
|
|
if err != nil {
|
|
|
|
|
r.logf("addr add failed: %v: %v\n%s", routeadd, err, out)
|
2021-02-11 19:13:03 -08:00
|
|
|
setErr(err)
|
2020-06-14 14:18:38 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Store the interface and routes so we know what to change on an update.
|
2022-11-11 14:06:38 +05:00
|
|
|
if reterr == nil {
|
all: convert more code to use net/netip directly
perl -i -npe 's,netaddr.IPPrefixFrom,netip.PrefixFrom,' $(git grep -l -F netaddr.)
perl -i -npe 's,netaddr.IPPortFrom,netip.AddrPortFrom,' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPrefix,netip.Prefix,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPPort,netip.AddrPort,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IP\b,netip.Addr,g' $(git grep -l -F netaddr. )
perl -i -npe 's,netaddr.IPv6Raw\b,netip.AddrFrom16,g' $(git grep -l -F netaddr. )
goimports -w .
Then delete some stuff from the net/netaddr shim package which is no
longer neeed.
Updates #5162
Change-Id: Ia7a86893fe21c7e3ee1ec823e8aba288d4566cd8
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2022-07-25 21:14:09 -07:00
|
|
|
r.local = append([]netip.Prefix{}, cfg.LocalAddrs...)
|
2021-02-11 19:13:03 -08:00
|
|
|
}
|
2020-06-14 14:18:38 +02:00
|
|
|
r.routes = newRoutes
|
|
|
|
|
|
2022-11-11 14:06:38 +05:00
|
|
|
return reterr
|
2020-06-14 14:18:38 +02:00
|
|
|
}
|
|
|
|
|
|
2023-12-05 18:12:02 -05:00
|
|
|
// UpdateMagicsockPort implements the Router interface. This implementation
|
|
|
|
|
// does nothing and returns nil because this router does not currently need
|
|
|
|
|
// to know what the magicsock UDP port is.
|
|
|
|
|
func (r *userspaceBSDRouter) UpdateMagicsockPort(_ uint16, _ string) error {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-14 14:18:38 +02:00
|
|
|
func (r *userspaceBSDRouter) Close() error {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
