TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-01-07 16:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/containerboot: warn when an ingress proxy with an IPv4 tailnet address is being created for an IPv6 backend(s) (#12159)

Browse Source 
Updates tailscale/tailscale#12156

Signed-off-by: Irbe Krumina <irbe@tailscale.com>
This commit is contained in:
Irbe Krumina 2024-05-16 13:11:30 -04:00 committed by GitHub
parent 8feb4ff5d2
commit 76c30e014d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/containerboot/main.go
View File

@ -961,16 +961,23 @@ func installIngressForwardingRule(ctx context.Context, dstStr string, tsIPs []ne
return err return err
} }
var local netip.Addr var local netip.Addr
proxyHasIPv4Address := false
for _, pfx := range tsIPs { for _, pfx := range tsIPs {
if !pfx.IsSingleIP() { if !pfx.IsSingleIP() {
continue continue
} }
if pfx.Addr().Is4() {
proxyHasIPv4Address = true
}
if pfx.Addr().Is4() != dst.Is4() { if pfx.Addr().Is4() != dst.Is4() {
continue continue
} }
local = pfx.Addr() local = pfx.Addr()
break break
} }
if proxyHasIPv4Address && dst.Is6() {
log.Printf("Warning: proxy backend ClusterIP is an IPv6 address and the proxy has a IPv4 tailnet address. You might need to disable IPv4 address allocation for the proxy for forwarding to work. See https://github.com/tailscale/tailscale/issues/12156")
}
if !local.IsValid() { if !local.IsValid() {
return fmt.Errorf("no tailscale IP matching family of %s found in %v", dstStr, tsIPs) return fmt.Errorf("no tailscale IP matching family of %s found in %v", dstStr, tsIPs)
} }