net/packet, wgengine{,/filter}: remove net/packet IPProto forwarding consts

Only use the ones in types/ipproto now.

Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

net/packet/icmp4.go

@@ -4,7 +4,11 @@
 
 package packet
 
-import "encoding/binary"
+import (
+	"encoding/binary"
+
+	"tailscale.com/types/ipproto"
+)
 
 // icmp4HeaderLength is the size of the ICMPv4 packet header, not
 // including the outer IP layer or the variable "response data"
@@ -66,7 +70,7 @@ func (h ICMP4Header) Marshal(buf []byte) error {
 		return errLargePacket
 	}
 	// The caller does not need to set this.
-	h.IPProto = ICMPv4
+	h.IPProto = ipproto.ICMPv4
 
 	buf[20] = uint8(h.Type)
 	buf[21] = uint8(h.Code)

net/packet/packet.go

@@ -15,17 +15,7 @@ import (
 	"tailscale.com/types/strbuilder"
 )
 
-const (
-	Unknown  = ipproto.Unknown
-	TCP      = ipproto.TCP
-	UDP      = ipproto.UDP
-	SCTP     = ipproto.SCTP
-	IGMP     = ipproto.IGMP
-	ICMPv4   = ipproto.ICMPv4
-	ICMPv6   = ipproto.ICMPv6
-	TSMP     = ipproto.TSMP
-	Fragment = ipproto.Fragment
-)
+const unknown = ipproto.Unknown
 
 // RFC1858: prevent overlapping fragment attacks.
 const minFrag = 60 + 20 // max IPv4 header + basic TCP header
@@ -113,7 +103,7 @@ func (q *Parsed) Decode(b []byte) {
 
 	if len(b) < 1 {
 		q.IPVersion = 0
-		q.IPProto = Unknown
+		q.IPProto = unknown
 		return
 	}
 
@@ -125,7 +115,7 @@ func (q *Parsed) Decode(b []byte) {
 		q.decode6(b)
 	default:
 		q.IPVersion = 0
-		q.IPProto = Unknown
+		q.IPProto = unknown
 	}
 }
 
@@ -138,7 +128,7 @@ func (q *Parsed) StuffForTesting(len int) {
 func (q *Parsed) decode4(b []byte) {
 	if len(b) < ip4HeaderLength {
 		q.IPVersion = 0
-		q.IPProto = Unknown
+		q.IPProto = unknown
 		return
 	}
 
@@ -147,7 +137,7 @@ func (q *Parsed) decode4(b []byte) {
 	q.length = int(binary.BigEndian.Uint16(b[2:4]))
 	if len(b) < q.length {
 		// Packet was cut off before full IPv4 length.
-		q.IPProto = Unknown
+		q.IPProto = unknown
 		return
 	}
 
@@ -158,7 +148,7 @@ func (q *Parsed) decode4(b []byte) {
 	q.subofs = int((b[0] & 0x0F) << 2)
 	if q.subofs > q.length {
 		// next-proto starts beyond end of packet.
-		q.IPProto = Unknown
+		q.IPProto = unknown
 		return
 	}
 	sub := b[q.subofs:]
@@ -183,29 +173,29 @@ func (q *Parsed) decode4(b []byte) {
 		// This is the first fragment
 		if moreFrags && len(sub) < minFrag {
 			// Suspiciously short first fragment, dump it.
-			q.IPProto = Unknown
+			q.IPProto = unknown
 			return
 		}
 		// otherwise, this is either non-fragmented (the usual case)
 		// or a big enough initial fragment that we can read the
 		// whole subprotocol header.
 		switch q.IPProto {
-		case ICMPv4:
+		case ipproto.ICMPv4:
 			if len(sub) < icmp4HeaderLength {
-				q.IPProto = Unknown
+				q.IPProto = unknown
 				return
 			}
 			q.Src.Port = 0
 			q.Dst.Port = 0
 			q.dataofs = q.subofs + icmp4HeaderLength
 			return
-		case IGMP:
+		case ipproto.IGMP:
 			// Keep IPProto, but don't parse anything else
 			// out.
 			return
-		case TCP:
+		case ipproto.TCP:
 			if len(sub) < tcpHeaderLength {
-				q.IPProto = Unknown
+				q.IPProto = unknown
 				return
 			}
 			q.Src.Port = binary.BigEndian.Uint16(sub[0:2])
@@ -214,29 +204,29 @@ func (q *Parsed) decode4(b []byte) {
 			headerLength := (sub[12] & 0xF0) >> 2
 			q.dataofs = q.subofs + int(headerLength)
 			return
-		case UDP:
+		case ipproto.UDP:
 			if len(sub) < udpHeaderLength {
-				q.IPProto = Unknown
+				q.IPProto = unknown
 				return
 			}
 			q.Src.Port = binary.BigEndian.Uint16(sub[0:2])
 			q.Dst.Port = binary.BigEndian.Uint16(sub[2:4])
 			q.dataofs = q.subofs + udpHeaderLength
 			return
-		case SCTP:
+		case ipproto.SCTP:
 			if len(sub) < sctpHeaderLength {
-				q.IPProto = Unknown
+				q.IPProto = unknown
 				return
 			}
 			q.Src.Port = binary.BigEndian.Uint16(sub[0:2])
 			q.Dst.Port = binary.BigEndian.Uint16(sub[2:4])
 			return
-		case TSMP:
+		case ipproto.TSMP:
 			// Inter-tailscale messages.
 			q.dataofs = q.subofs
 			return
 		default:
-			q.IPProto = Unknown
+			q.IPProto = unknown
 			return
 		}
 	} else {
@@ -244,7 +234,7 @@ func (q *Parsed) decode4(b []byte) {
 		if fragOfs < minFrag {
 			// First frag was suspiciously short, so we can't
 			// trust the followup either.
-			q.IPProto = Unknown
+			q.IPProto = unknown
 			return
 		}
 		// otherwise, we have to permit the fragment to slide through.
@@ -253,7 +243,7 @@ func (q *Parsed) decode4(b []byte) {
 		// but that would require statefulness. Anyway, receivers'
 		// kernels know to drop fragments where the initial fragment
 		// doesn't arrive.
-		q.IPProto = Fragment
+		q.IPProto = ipproto.Fragment
 		return
 	}
 }
@@ -261,7 +251,7 @@ func (q *Parsed) decode4(b []byte) {
 func (q *Parsed) decode6(b []byte) {
 	if len(b) < ip6HeaderLength {
 		q.IPVersion = 0
-		q.IPProto = Unknown
+		q.IPProto = unknown
 		return
 	}
 
@@ -269,7 +259,7 @@ func (q *Parsed) decode6(b []byte) {
 	q.length = int(binary.BigEndian.Uint16(b[4:6])) + ip6HeaderLength
 	if len(b) < q.length {
 		// Packet was cut off before the full IPv6 length.
-		q.IPProto = Unknown
+		q.IPProto = unknown
 		return
 	}
 
@@ -295,17 +285,17 @@ func (q *Parsed) decode6(b []byte) {
 	sub = sub[:len(sub):len(sub)] // help the compiler do bounds check elimination
 
 	switch q.IPProto {
-	case ICMPv6:
+	case ipproto.ICMPv6:
 		if len(sub) < icmp6HeaderLength {
-			q.IPProto = Unknown
+			q.IPProto = unknown
 			return
 		}
 		q.Src.Port = 0
 		q.Dst.Port = 0
 		q.dataofs = q.subofs + icmp6HeaderLength
-	case TCP:
+	case ipproto.TCP:
 		if len(sub) < tcpHeaderLength {
-			q.IPProto = Unknown
+			q.IPProto = unknown
 			return
 		}
 		q.Src.Port = binary.BigEndian.Uint16(sub[0:2])
@@ -314,28 +304,28 @@ func (q *Parsed) decode6(b []byte) {
 		headerLength := (sub[12] & 0xF0) >> 2
 		q.dataofs = q.subofs + int(headerLength)
 		return
-	case UDP:
+	case ipproto.UDP:
 		if len(sub) < udpHeaderLength {
-			q.IPProto = Unknown
+			q.IPProto = unknown
 			return
 		}
 		q.Src.Port = binary.BigEndian.Uint16(sub[0:2])
 		q.Dst.Port = binary.BigEndian.Uint16(sub[2:4])
 		q.dataofs = q.subofs + udpHeaderLength
-	case SCTP:
+	case ipproto.SCTP:
 		if len(sub) < sctpHeaderLength {
-			q.IPProto = Unknown
+			q.IPProto = unknown
 			return
 		}
 		q.Src.Port = binary.BigEndian.Uint16(sub[0:2])
 		q.Dst.Port = binary.BigEndian.Uint16(sub[2:4])
 		return
-	case TSMP:
+	case ipproto.TSMP:
 		// Inter-tailscale messages.
 		q.dataofs = q.subofs
 		return
 	default:
-		q.IPProto = Unknown
+		q.IPProto = unknown
 		return
 	}
 }
@@ -396,13 +386,13 @@ func (q *Parsed) IsTCPSyn() bool {
 // IsError reports whether q is an ICMP "Error" packet.
 func (q *Parsed) IsError() bool {
 	switch q.IPProto {
-	case ICMPv4:
+	case ipproto.ICMPv4:
 		if len(q.b) < q.subofs+8 {
 			return false
 		}
 		t := ICMP4Type(q.b[q.subofs])
 		return t == ICMP4Unreachable || t == ICMP4TimeExceeded
-	case ICMPv6:
+	case ipproto.ICMPv6:
 		if len(q.b) < q.subofs+8 {
 			return false
 		}
@@ -416,9 +406,9 @@ func (q *Parsed) IsError() bool {
 // IsEchoRequest reports whether q is an ICMP Echo Request.
 func (q *Parsed) IsEchoRequest() bool {
 	switch q.IPProto {
-	case ICMPv4:
+	case ipproto.ICMPv4:
 		return len(q.b) >= q.subofs+8 && ICMP4Type(q.b[q.subofs]) == ICMP4EchoRequest && ICMP4Code(q.b[q.subofs+1]) == ICMP4NoCode
-	case ICMPv6:
+	case ipproto.ICMPv6:
 		return len(q.b) >= q.subofs+8 && ICMP6Type(q.b[q.subofs]) == ICMP6EchoRequest && ICMP6Code(q.b[q.subofs+1]) == ICMP6NoCode
 	default:
 		return false
@@ -428,9 +418,9 @@ func (q *Parsed) IsEchoRequest() bool {
 // IsEchoRequest reports whether q is an IPv4 ICMP Echo Response.
 func (q *Parsed) IsEchoResponse() bool {
 	switch q.IPProto {
-	case ICMPv4:
+	case ipproto.ICMPv4:
 		return len(q.b) >= q.subofs+8 && ICMP4Type(q.b[q.subofs]) == ICMP4EchoReply && ICMP4Code(q.b[q.subofs+1]) == ICMP4NoCode
-	case ICMPv6:
+	case ipproto.ICMPv6:
 		return len(q.b) >= q.subofs+8 && ICMP6Type(q.b[q.subofs]) == ICMP6EchoReply && ICMP6Code(q.b[q.subofs+1]) == ICMP6NoCode
 	default:
 		return false

net/packet/packet_test.go

@@ -10,6 +10,19 @@ import (
 	"testing"
 
 	"inet.af/netaddr"
+	"tailscale.com/types/ipproto"
+)
+
+const (
+	Unknown  = ipproto.Unknown
+	TCP      = ipproto.TCP
+	UDP      = ipproto.UDP
+	SCTP     = ipproto.SCTP
+	IGMP     = ipproto.IGMP
+	ICMPv4   = ipproto.ICMPv4
+	ICMPv6   = ipproto.ICMPv6
+	TSMP     = ipproto.TSMP
+	Fragment = ipproto.Fragment
 )
 
 func mustIPPort(s string) netaddr.IPPort {

net/packet/tsmp.go

@@ -139,7 +139,7 @@ func (h TailscaleRejectedHeader) Marshal(buf []byte) error {
 	}
 	if h.Src.IP.Is4() {
 		iph := IP4Header{
-			IPProto: TSMP,
+			IPProto: ipproto.TSMP,
 			Src:     h.IPSrc,
 			Dst:     h.IPDst,
 		}
@@ -147,7 +147,7 @@ func (h TailscaleRejectedHeader) Marshal(buf []byte) error {
 		buf = buf[ip4HeaderLength:]
 	} else if h.Src.IP.Is6() {
 		iph := IP6Header{
-			IPProto: TSMP,
+			IPProto: ipproto.TSMP,
 			Src:     h.IPSrc,
 			Dst:     h.IPDst,
 		}

net/packet/udp4.go

@@ -4,7 +4,11 @@
 
 package packet
 
-import "encoding/binary"
+import (
+	"encoding/binary"
+
+	"tailscale.com/types/ipproto"
+)
 
 // udpHeaderLength is the size of the UDP packet header, not including
 // the outer IP header.
@@ -31,7 +35,7 @@ func (h UDP4Header) Marshal(buf []byte) error {
 		return errLargePacket
 	}
 	// The caller does not need to set this.
-	h.IPProto = UDP
+	h.IPProto = ipproto.UDP
 
 	length := len(buf) - h.IP4Header.Len()
 	binary.BigEndian.PutUint16(buf[20:22], h.SrcPort)

net/packet/udp6.go

@@ -4,7 +4,11 @@
 
 package packet
 
-import "encoding/binary"
+import (
+	"encoding/binary"
+
+	"tailscale.com/types/ipproto"
+)
 
 // UDP6Header is an IPv6+UDP header.
 type UDP6Header struct {
@@ -27,7 +31,7 @@ func (h UDP6Header) Marshal(buf []byte) error {
 		return errLargePacket
 	}
 	// The caller does not need to set this.
-	h.IPProto = UDP
+	h.IPProto = ipproto.UDP
 
 	length := len(buf) - h.IP6Header.Len()
 	binary.BigEndian.PutUint16(buf[40:42], h.SrcPort)