TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-04-20 05:31:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

control/controlclient: send warning flag in map request when IP forwarding off

Browse Source 
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2020-11-04 13:48:50 -08:00 committed by Dave Anderson
parent 4f4e84236a
commit 782e07c0ae
2 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
control/controlclient/direct.go
View File

@ -21,6 +21,7 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"os" "os"
"os/exec"
"reflect" "reflect"
"runtime" "runtime"
"sort" "sort"
@ -544,6 +545,10 @@ func (c *Direct) PollNetMap(ctx context.Context, maxPolls int, cb func(*NetworkM
Hostinfo: hostinfo, Hostinfo: hostinfo,
DebugFlags: c.debugFlags, DebugFlags: c.debugFlags,
} }
if hostinfo != nil && ipForwardingBroken(hostinfo.RoutableIPs) {
old := request.DebugFlags
request.DebugFlags = append(old[:len(old):len(old)], "warn-ip-forwarding-off")
}
if c.newDecompressor != nil { if c.newDecompressor != nil {
request.Compress = "zstd" request.Compress = "zstd"
} }
@ -1056,3 +1061,34 @@ func TrimWGConfig() opt.Bool {
v, _ := controlTrimWGConfig.Load().(opt.Bool) v, _ := controlTrimWGConfig.Load().(opt.Bool)
return v return v
} }
// ipForwardingBroken reports whether the system's IP forwarding is disabled
// and will definitely not work for the routes provided.
//
// It should not return false positives.
func ipForwardingBroken(routes []wgcfg.CIDR) bool {
if len(routes) == 0 {
// Nothing to route, so no need to warn.
return false
}
if runtime.GOOS != "linux" {
// We only do subnet routing on Linux for now.
// It might work on darwin/macOS when building from source, so
// don't return true for other OSes. We can OS-based warnings
// already in the admin panel.
return false
}
out, err := ioutil.ReadFile("/proc/sys/net/ipv4/ip_forward")
if err != nil {
// Try another way.
out, err = exec.Command("sysctl", "-n", "net.ipv4.ip_forward").Output()
}
if err != nil {
// Oh well, we tried. This is just for debugging.
// We don't want false positives.
// TODO: maybe we want a different warning for inability to check?
return false
}
return strings.TrimSpace(string(out)) == "0"
// TODO: also check IPv6 if 'routes' contains any IPv6 routes
}

6
tailcfg/tailcfg.go
View File

@ -522,6 +522,12 @@ type MapRequest struct {
// added and removed all the time during development, and offer no // added and removed all the time during development, and offer no
// compatibility promise. To roll out semantic changes, bump // compatibility promise. To roll out semantic changes, bump
// Version instead. // Version instead.
//
// Current DebugFlags values are:
// * "warn-ip-forwarding-off": client is trying to be a subnet
// router but their IP forwarding is broken.
// * "v6-overlay": IPv6 development flag to have control send
// v6 node addrs
DebugFlags []string `json:",omitempty"` DebugFlags []string `json:",omitempty"`
} }