TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-01 17:49:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

tailcfg, wgengine/filter: remove most FilterRule.SrcBits code

Browse Source 
The control plane hasn't sent it to clients in ages.

Updates tailscale/corp#20965

Change-Id: I1d71a4b6dd3f75010a05c544ee39827837c30772
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2024-06-18 14:37:30 -07:00
committed by Brad Fitzpatrick
parent 162d593514
commit 21460a5b14
4 changed files with 35 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tailcfg/tailcfg.go
View File

@@ -1333,7 +1333,7 @@ var PortRangeAny = PortRange{0, 65535}
type NetPortRange struct {
_ structs.Incomparable
IP string // IP, CIDR, Range, or "*" (same formats as FilterRule.SrcIPs)
Bits *int // deprecated; the old way to turn IP into a CIDR
Bits *int // deprecated; the 2020 way to turn IP into a CIDR. See FilterRule.SrcBits.
Ports PortRange
}
@@ -1470,7 +1470,7 @@ func (c PeerCapMap) HasCapability(cap PeerCapability) bool {
// FilterRule represents one rule in a packet filter.
//
// A rule is logically a set of source CIDRs to match (described by
// SrcIPs and SrcBits), and a set of destination targets that are then
// SrcIPs), and a set of destination targets that are then
// allowed if a source IP is matches of those CIDRs.
type FilterRule struct {
// SrcIPs are the source IPs/networks to match.
@@ -1482,7 +1482,7 @@ type FilterRule struct {
// * a range of two IPs, inclusive, separated by hyphen ("2eff::1-2eff::0800")
SrcIPs []string
// SrcBits is deprecated; it's the old way to specify a CIDR
// SrcBits is deprecated; it was the old way to specify a CIDR
// prior to CapabilityVersion 7. Its values correspond to the
// SrcIPs above.
//
@@ -1493,10 +1493,14 @@ type FilterRule struct {
// position is 32, as if the SrcIPs above were a /32 mask. For
// a "*" SrcIPs value, the corresponding SrcBits value is
// ignored.
//
// This is still present in this file because the Tailscale control plane
// code still uses this type, for 118 clients that are still connected as of
// 2024-06-18, 3.5 years after the last release that used this type.
SrcBits []int `json:",omitempty"`
// DstPorts are the port ranges to allow once a source IP
// matches (is in the CIDR described by SrcIPs & SrcBits).
// matches (is in the CIDR described by SrcIPs).
//
// CapGrant and DstPorts are mutually exclusive: at most one can be non-nil.
DstPorts []NetPortRange `json:",omitempty"`
@@ -1527,11 +1531,9 @@ type FilterRule struct {
var FilterAllowAll = []FilterRule{
{
SrcIPs: []string{"*"},
SrcBits: nil,
SrcIPs: []string{"*"},
DstPorts: []NetPortRange{{
IP: "*",
Bits: nil,
Ports: PortRange{0, 65535},
}},
},