TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-10-23 17:18:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

net/packet, wgengine/filter: support SCTP

Browse Source 
Add proto to flowtrack.Tuple.

Add types/ipproto leaf package to break a cycle.

Server-side ACL work remains.

Updates #1516

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2021-03-19 21:05:51 -07:00
committed by Brad Fitzpatrick
parent 90a6fb7ffe
commit 01b90df2fa
17 changed files with 154 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
wgengine/filter/filter.go
View File

@@ -14,6 +14,7 @@ import (
"inet.af/netaddr"
"tailscale.com/net/flowtrack"
"tailscale.com/net/packet"
"tailscale.com/types/ipproto"
"tailscale.com/types/logger"
)
@@ -352,18 +353,18 @@ func (f *Filter) runIn4(q *packet.Parsed) (r Response, why string) {
if f.matches4.match(q) {
return Accept, "tcp ok"
}
case packet.UDP:
t := flowtrack.Tuple{Src: q.Src, Dst: q.Dst}
case packet.UDP, packet.SCTP:
t := flowtrack.Tuple{Proto: q.IPProto, Src: q.Src, Dst: q.Dst}
f.state.mu.Lock()
_, ok := f.state.lru.Get(t)
f.state.mu.Unlock()
if ok {
return Accept, "udp cached"
return Accept, "cached"
}
if f.matches4.match(q) {
return Accept, "udp ok"
return Accept, "ok"
}
case packet.TSMP:
return Accept, "tsmp ok"
@@ -409,18 +410,18 @@ func (f *Filter) runIn6(q *packet.Parsed) (r Response, why string) {
if f.matches6.match(q) {
return Accept, "tcp ok"
}
case packet.UDP:
t := flowtrack.Tuple{Src: q.Src, Dst: q.Dst}
case packet.UDP, packet.SCTP:
t := flowtrack.Tuple{Proto: q.IPProto, Src: q.Src, Dst: q.Dst}
f.state.mu.Lock()
_, ok := f.state.lru.Get(t)
f.state.mu.Unlock()
if ok {
return Accept, "udp cached"
return Accept, "cached"
}
if f.matches6.match(q) {
return Accept, "udp ok"
return Accept, "ok"
}
default:
return Drop, "Unknown proto"
@@ -430,15 +431,16 @@ func (f *Filter) runIn6(q *packet.Parsed) (r Response, why string) {
// runIn runs the output-specific part of the filter logic.
func (f *Filter) runOut(q *packet.Parsed) (r Response, why string) {
if q.IPProto != packet.UDP {
return Accept, "ok out"
switch q.IPProto {
case ipproto.UDP, ipproto.SCTP:
tuple := flowtrack.Tuple{
Proto: q.IPProto,
Src: q.Dst, Dst: q.Src, // src/dst reversed
}
f.state.mu.Lock()
f.state.lru.Add(tuple, nil)
f.state.mu.Unlock()
}
tuple := flowtrack.Tuple{Src: q.Dst, Dst: q.Src} // src/dst reversed
f.state.mu.Lock()
f.state.lru.Add(tuple, nil)
f.state.mu.Unlock()
return Accept, "ok out"
}