TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-12-10 07:12:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

wgengine/filter: remove helper vars, mark NewAllowAll test-only.

Browse Source 
Signed-off-by: David Anderson <danderson@tailscale.com>
This commit is contained in:
David Anderson
2020-11-09 22:02:03 -08:00
parent 76d99cf01a
commit 7a54910990
5 changed files with 22 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
wgengine/filter/filter.go
View File

@@ -89,10 +89,25 @@ const (
HexdumpAccepts // print packet hexdump when logging accepts
)
// NewAllowAll returns a packet filter that accepts everything to and
// from localNets.
func NewAllowAll(localNets []netaddr.IPPrefix, logf logger.Logf) *Filter {
return New([]Match{Match{NetPortRangeAny, NetAny}}, localNets, nil, logf)
// NewAllowAllForTest returns a packet filter that accepts
// everything. Use in tests only, as it permits some kinds of spoofing
// attacks to reach the OS network stack.
func NewAllowAllForTest(logf logger.Logf) *Filter {
any4 := netaddr.IPPrefix{IP: netaddr.IPv4(0, 0, 0, 0), Bits: 0} // TODO: IPv6
m := Match{
Srcs: []netaddr.IPPrefix{any4},
Dsts: []NetPortRange{
{
Net: any4,
Ports: PortRange{
First: 0,
Last: 65535,
},
},
},
}
return New([]Match{m}, []netaddr.IPPrefix{any4}, nil, logf)
}
// NewAllowNone returns a packet filter that rejects everything.