TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-11 21:27:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

tsnet,wgengine: fix src to primary Tailscale IP for TCP dials

Browse Source 
Ensure that the src address for a connection is one of the primary
addresses assigned by Tailscale. Not, for example, a virtual IP address.

Updates #14667

Signed-off-by: Fran Bull <fran@tailscale.com>
This commit is contained in:
Fran Bull
2025-03-05 10:25:30 -08:00
committed by franbull
parent 8f0080c7a4
commit 5ebc135397
3 changed files with 51 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
wgengine/netstack/netstack.go
View File

@@ -843,6 +843,27 @@ func (ns *Impl) DialContextTCP(ctx context.Context, ipp netip.AddrPort) (*gonet.
return gonet.DialContextTCP(ctx, ns.ipstack, remoteAddress, ipType)
}
// DialContextTCPWithBind creates a new gonet.TCPConn connected to the specified
// remoteAddress with its local address bound to localAddr on an available port.
func (ns *Impl) DialContextTCPWithBind(ctx context.Context, localAddr netip.Addr, remoteAddr netip.AddrPort) (*gonet.TCPConn, error) {
remoteAddress := tcpip.FullAddress{
NIC: nicID,
Addr: tcpip.AddrFromSlice(remoteAddr.Addr().AsSlice()),
Port: remoteAddr.Port(),
}
localAddress := tcpip.FullAddress{
NIC: nicID,
Addr: tcpip.AddrFromSlice(localAddr.AsSlice()),
}
var ipType tcpip.NetworkProtocolNumber
if remoteAddr.Addr().Is4() {
ipType = ipv4.ProtocolNumber
} else {
ipType = ipv6.ProtocolNumber
}
return gonet.DialTCPWithBind(ctx, ns.ipstack, localAddress, remoteAddress, ipType)
}
func (ns *Impl) DialContextUDP(ctx context.Context, ipp netip.AddrPort) (*gonet.UDPConn, error) {
remoteAddress := &tcpip.FullAddress{
NIC: nicID,
@@ -859,6 +880,28 @@ func (ns *Impl) DialContextUDP(ctx context.Context, ipp netip.AddrPort) (*gonet.
return gonet.DialUDP(ns.ipstack, nil, remoteAddress, ipType)
}
// DialContextUDPWithBind creates a new gonet.UDPConn. Connected to remoteAddr.
// With its local address bound to localAddr on an available port.
func (ns *Impl) DialContextUDPWithBind(ctx context.Context, localAddr netip.Addr, remoteAddr netip.AddrPort) (*gonet.UDPConn, error) {
remoteAddress := &tcpip.FullAddress{
NIC: nicID,
Addr: tcpip.AddrFromSlice(remoteAddr.Addr().AsSlice()),
Port: remoteAddr.Port(),
}
localAddress := &tcpip.FullAddress{
NIC: nicID,
Addr: tcpip.AddrFromSlice(localAddr.AsSlice()),
}
var ipType tcpip.NetworkProtocolNumber
if remoteAddr.Addr().Is4() {
ipType = ipv4.ProtocolNumber
} else {
ipType = ipv6.ProtocolNumber
}
return gonet.DialUDP(ns.ipstack, localAddress, remoteAddress, ipType)
}
// getInjectInboundBuffsSizes returns packet memory and a sizes slice for usage
// when calling tstun.Wrapper.InjectInboundPacketBuffer(). These are sized with
// consideration for MTU and GSO support on ns.linkEP. They should be recycled