TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-12 00:52:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

linuxfw,wgengine/route,ipn: add c2n and nodeattrs to control linux netfilter

Browse Source 
Updates tailscale/corp#14029.

Signed-off-by: Naman Sood <mail@nsood.in>
This commit is contained in:
Naman Sood
2023-12-04 12:08:56 -05:00
parent 215f657a5e
commit 0a59754eda
15 changed files with 171 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
util/linuxfw/nftables_runner.go
View File

@@ -511,10 +511,13 @@ type NetfilterRunner interface {
ClampMSSToPMTU(tun string, addr netip.Addr) error
}
// New creates a NetfilterRunner using either nftables or iptables.
// As nftables is still experimental, iptables will be used unless TS_DEBUG_USE_NETLINK_NFTABLES is set.
func New(logf logger.Logf) (NetfilterRunner, error) {
mode := detectFirewallMode(logf)
// New creates a NetfilterRunner, auto-detecting whether to use
// nftables or iptables.
// As nftables is still experimental, iptables will be used unless
// either the TS_DEBUG_FIREWALL_MODE environment variable, or the prefHint
// parameter, is set to one of "nftables" or "auto".
func New(logf logger.Logf, prefHint string) (NetfilterRunner, error) {
mode := detectFirewallMode(logf, prefHint)
switch mode {
case FirewallModeIPTables:
return newIPTablesRunner(logf)