TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-01-08 09:07:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

net/netutil: allow 16-bit 4via6 site IDs

Browse Source 
The prefix has space for 32-bit site IDs, but the validateViaPrefix
function would previously have disallowed site IDs greater than 255.

Fixes tailscale/corp#16470

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I4cdb0711dafb577fae72d86c4014cf623fa538ef
This commit is contained in:
Andrew Dunham 2024-01-05 15:21:48 -05:00
parent 05093ea7d9
commit 20f3f706a4
3 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
cmd/tailscale/cli/cli_test.go
View File

@ -718,6 +718,24 @@ func TestPrefsFromUpArgs(t *testing.T) {
}, },
}, },
}, },
{
name: "via_route_good_16_bit",
goos: "linux",
args: upArgsT{
advertiseRoutes: "fd7a:115c:a1e0:b1a::aabb:10.0.0.0/112",
netfilterMode: "off",
},
want: &ipn.Prefs{
WantRunning: true,
NoSNAT: true,
AdvertiseRoutes: []netip.Prefix{
netip.MustParsePrefix("fd7a:115c:a1e0:b1a::aabb:10.0.0.0/112"),
},
AutoUpdate: ipn.AutoUpdatePrefs{
Check: true,
},
},
},
{ {
name: "via_route_short_prefix", name: "via_route_short_prefix",
goos: "linux", goos: "linux",
@ -734,7 +752,7 @@ func TestPrefsFromUpArgs(t *testing.T) {
advertiseRoutes: "fd7a:115c:a1e0:b1a:1234:5678::/112", advertiseRoutes: "fd7a:115c:a1e0:b1a:1234:5678::/112",
netfilterMode: "off", netfilterMode: "off",
}, },
wantErr: "route fd7a:115c:a1e0:b1a:1234:5678::/112 contains invalid site ID 12345678; must be 0xff or less", wantErr: "route fd7a:115c:a1e0:b1a:1234:5678::/112 contains invalid site ID 12345678; must be 0xffff or less",
}, },
} }
for _, tt := range tests { for _, tt := range tests {

4
cmd/tailscale/cli/debug.go
View File

@ -693,8 +693,8 @@ func runVia(ctx context.Context, args []string) error {
if err != nil { if err != nil {
return fmt.Errorf("invalid site-id %q; must be decimal or hex with 0x prefix", args[0]) return fmt.Errorf("invalid site-id %q; must be decimal or hex with 0x prefix", args[0])
} }
if siteID > 0xff { if siteID > 0xffff {
return fmt.Errorf("site-id values over 255 are currently reserved") return fmt.Errorf("site-id values over 65535 are currently reserved")
} }
ipp, err := netip.ParsePrefix(args[1]) ipp, err := netip.ParsePrefix(args[1])
if err != nil { if err != nil {

9
net/netutil/routes.go
View File

@ -29,11 +29,12 @@ func validateViaPrefix(ipp netip.Prefix) error {
// The first 64 bits of a are the via prefix. // The first 64 bits of a are the via prefix.
// The next 32 bits are the "site ID". // The next 32 bits are the "site ID".
// The last 32 bits are the IPv4. // The last 32 bits are the IPv4.
// For now, we reserve the top 3 bytes of the site ID, //
// and only allow users to use site IDs 0-255. // We used to only allow advertising site IDs from 0-255, but we have
// since relaxed this (as of 2024-01) to allow IDs from 0-65535.
siteID := binary.BigEndian.Uint32(a[8:12]) siteID := binary.BigEndian.Uint32(a[8:12])
if siteID > 0xFF { if siteID > 0xFFFF {
return fmt.Errorf("route %v contains invalid site ID %08x; must be 0xff or less", ipp, siteID) return fmt.Errorf("route %v contains invalid site ID %08x; must be 0xffff or less", ipp, siteID)
} }
return nil return nil
} }