From 2d271f3bd10eff96124388c0636428d35782f8c1 Mon Sep 17 00:00:00 2001 From: salman Date: Fri, 18 Nov 2022 13:07:55 +0000 Subject: [PATCH] ipn/ipnlocal: disallow exit nodes from using exit nodes Nodes which have both -advertise-exit-node and -exit-node in prefs should continue have them until the next invocation of `tailscale up`. Updates #3569. Signed-off-by: salman --- ipn/ipnlocal/local.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ipn/ipnlocal/local.go b/ipn/ipnlocal/local.go index 07c7aeaa1..27095a85c 100644 --- a/ipn/ipnlocal/local.go +++ b/ipn/ipnlocal/local.go @@ -2362,6 +2362,9 @@ func (b *LocalBackend) checkPrefsLocked(p *ipn.Prefs) error { if err := b.checkSSHPrefsLocked(p); err != nil { errs = append(errs, err) } + if err := b.checkExitNodePrefsLocked(p); err != nil { + errs = append(errs, err) + } return multierr.New(errs...) } @@ -2441,6 +2444,13 @@ func (b *LocalBackend) isDefaultServerLocked() bool { return prefs.ControlURLOrDefault() == ipn.DefaultControlURL } +func (b *LocalBackend) checkExitNodePrefsLocked(p *ipn.Prefs) error { + if (p.ExitNodeIP.IsValid() || p.ExitNodeID != "") && p.AdvertisesExitNode() { + return errors.New("Cannot advertise an exit node and use an exit node at the same time.") + } + return nil +} + func (b *LocalBackend) EditPrefs(mp *ipn.MaskedPrefs) (ipn.PrefsView, error) { b.mu.Lock() if mp.EggSet {