TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 13:05:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

wgengine/filter: remove helper vars, mark NewAllowAll test-only.

Browse Source 
Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson 2020-11-09 22:02:03 -08:00
parent 76d99cf01a
commit 7a54910990
5 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
wgengine/filter/filter.go
View File

@ -89,10 +89,25 @@ func (r Response) String() string {
HexdumpAccepts // print packet hexdump when logging accepts
)
// NewAllowAll returns a packet filter that accepts everything to and
// from localNets.
func NewAllowAll(localNets []netaddr.IPPrefix, logf logger.Logf) *Filter {
return New([]Match{Match{NetPortRangeAny, NetAny}}, localNets, nil, logf)
// NewAllowAllForTest returns a packet filter that accepts
// everything. Use in tests only, as it permits some kinds of spoofing
// attacks to reach the OS network stack.
func NewAllowAllForTest(logf logger.Logf) *Filter {
any4 := netaddr.IPPrefix{IP: netaddr.IPv4(0, 0, 0, 0), Bits: 0} // TODO: IPv6
m := Match{
Srcs: []netaddr.IPPrefix{any4},
Dsts: []NetPortRange{
{
Net: any4,
Ports: PortRange{
First: 0,
Last: 65535,
},
},
},
}
return New([]Match{m}, []netaddr.IPPrefix{any4}, nil, logf)
}
// NewAllowNone returns a packet filter that rejects everything.

2
wgengine/filter/filter_test.go
View File

@ -58,7 +58,7 @@ func nets(nets ...string) (ret []netaddr.IPPrefix) {
func ports(s string) PortRange {
if s == "*" {
return PortRangeAny
return PortRange{First: 0, Last: 65535}
}
var fs, ls string

10
wgengine/filter/match.go
View File

@ -16,9 +16,6 @@ type PortRange struct {
First, Last uint16 // inclusive
}
// PortRangeAny represents all TCP and UDP ports.
var PortRangeAny = PortRange{0, 65535}
func (pr PortRange) String() string {
if pr.First == 0 && pr.Last == 65535 {
return "*"
@ -34,10 +31,6 @@ func (pr PortRange) contains(port uint16) bool {
return port >= pr.First && port <= pr.Last
}
// NetAny matches all IP addresses.
// TODO: add ipv6.
var NetAny = []netaddr.IPPrefix{{IP: netaddr.IPv4(0, 0, 0, 0), Bits: 0}}
// NetPortRange combines an IP address prefix and PortRange.
type NetPortRange struct {
Net netaddr.IPPrefix
@ -48,9 +41,6 @@ func (npr NetPortRange) String() string {
return fmt.Sprintf("%v:%v", npr.Net, npr.Ports)
}
// NetPortRangeAny matches any IP and port.
var NetPortRangeAny = []NetPortRange{{Net: NetAny[0], Ports: PortRangeAny}}
// Match matches packets from any IP address in Srcs to any ip:port in
// Dsts.
type Match struct {

2
wgengine/magicsock/magicsock_test.go
View File

@ -158,7 +158,7 @@ func newMagicStack(t *testing.T, logf logger.Logf, l nettype.PacketListener, der
tun := tuntest.NewChannelTUN()
tsTun := tstun.WrapTUN(logf, tun.TUN())
tsTun.SetFilter(filter.NewAllowAll(filter.NetAny, logf))
tsTun.SetFilter(filter.NewAllowAllForTest(logf))
dev := device.NewDevice(tsTun, &device.DeviceOptions{
Logger: &device.Logger{

2
wgengine/tstun/tun_test.go
View File

@ -58,7 +58,7 @@ func nets(nets ...string) (ret []netaddr.IPPrefix) {
func ports(s string) filter.PortRange {
if s == "*" {
return filter.PortRangeAny
return filter.PortRange{First: 0, Last: 65535}
}
var fs, ls string