net/netaddr: start migrating to net/netip via new netaddr adapter package

Updates #5162 Change-Id: Id7bdec303b25471f69d542f8ce43805328d56c12 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
2025-08-13 06:07:34 +00:00 · 2022-07-24 20:08:42 -07:00
parent 7b1a91dfd3
commit 7eaf5e509f
191 changed files with 1009 additions and 888 deletions
--- a/net/tstun/tap_linux.go
+++ b/net/tstun/tap_linux.go
@@ -17,7 +17,7 @@ import (
 	"gvisor.dev/gvisor/pkg/tcpip/header"
 	"gvisor.dev/gvisor/pkg/tcpip/network/ipv4"
 	"gvisor.dev/gvisor/pkg/tcpip/transport/udp"
-	"inet.af/netaddr"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/net/packet"
 	"tailscale.com/types/ipproto"
 )
@@ -292,9 +292,9 @@ func packLayer2UDP(payload []byte, srcMAC, dstMAC net.HardwareAddr, src, dst net
 	buf := make([]byte, header.EthernetMinimumSize+header.UDPMinimumSize+header.IPv4MinimumSize+len(payload))
 	payloadStart := len(buf) - len(payload)
 	copy(buf[payloadStart:], payload)
-	srcB := src.IP().As4()
+	srcB := src.Addr().As4()
 	srcIP := tcpip.Address(srcB[:])
-	dstB := dst.IP().As4()
+	dstB := dst.Addr().As4()
 	dstIP := tcpip.Address(dstB[:])
 	// Ethernet header
 	eth := header.Ethernet(buf)
--- a/net/tstun/wrap.go
+++ b/net/tstun/wrap.go
@@ -20,8 +20,8 @@ import (
 	"golang.zx2c4.com/wireguard/device"
 	"golang.zx2c4.com/wireguard/tun"
 	"gvisor.dev/gvisor/pkg/tcpip/stack"
-	"inet.af/netaddr"
 	"tailscale.com/disco"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/net/packet"
 	"tailscale.com/net/tsaddr"
 	"tailscale.com/tstime/mono"
@@ -545,7 +545,7 @@ func (t *Wrapper) Read(buf []byte, offset int) (int, error) {
 	p.Decode(buf[offset : offset+n])

 	if m, ok := t.destIPActivity.Load().(map[netaddr.IP]func()); ok {
-		if fn := m[p.Dst.IP()]; fn != nil {
+		if fn := m[p.Dst.Addr()]; fn != nil {
 			fn()
 		}
 	}
@@ -620,7 +620,7 @@ func (t *Wrapper) filterIn(buf []byte) filter.Response {
 		p.IPProto == ipproto.TCP &&
 		p.TCPFlags&packet.TCPSyn != 0 &&
 		t.PeerAPIPort != nil {
-		if port, ok := t.PeerAPIPort(p.Dst.IP()); ok && port == p.Dst.Port() {
+		if port, ok := t.PeerAPIPort(p.Dst.Addr()); ok && port == p.Dst.Port() {
 			outcome = filter.Accept
 		}
 	}
@@ -634,8 +634,8 @@ func (t *Wrapper) filterIn(buf []byte) filter.Response {
 		// can show them a rejection history with reasons.
 		if p.IPVersion == 4 && p.IPProto == ipproto.TCP && p.TCPFlags&packet.TCPSyn != 0 && !t.disableTSMPRejected {
 			rj := packet.TailscaleRejectedHeader{
-				IPSrc:  p.Dst.IP(),
-				IPDst:  p.Src.IP(),
+				IPSrc:  p.Dst.Addr(),
+				IPDst:  p.Src.Addr(),
 				Src:    p.Src,
 				Dst:    p.Dst,
 				Proto:  p.IPProto,
@@ -775,7 +775,7 @@ func (t *Wrapper) injectOutboundPong(pp *packet.Parsed, req packet.TSMPPingReque
 		Data: req.Data,
 	}
 	if t.PeerAPIPort != nil {
-		pong.PeerAPIPort, _ = t.PeerAPIPort(pp.Dst.IP())
+		pong.PeerAPIPort, _ = t.PeerAPIPort(pp.Dst.Addr())
 	}
 	switch pp.IPVersion {
 	case 4:
--- a/net/tstun/wrap_test.go
+++ b/net/tstun/wrap_test.go
@@ -14,9 +14,10 @@ import (
 	"unsafe"

 	"go4.org/mem"
+	"go4.org/netipx"
 	"golang.zx2c4.com/wireguard/tun/tuntest"
-	"inet.af/netaddr"
 	"tailscale.com/disco"
+	"tailscale.com/net/netaddr"
 	"tailscale.com/net/packet"
 	"tailscale.com/tstest"
 	"tailscale.com/tstime/mono"
@@ -148,7 +149,7 @@ func setfilter(logf logger.Logf, tun *Wrapper) {
 		{IPProto: protos, Srcs: nets("5.6.7.8"), Dsts: netports("1.2.3.4:89-90")},
 		{IPProto: protos, Srcs: nets("1.2.3.4"), Dsts: netports("5.6.7.8:98")},
 	}
-	var sb netaddr.IPSetBuilder
+	var sb netipx.IPSetBuilder
 	sb.AddPrefix(netaddr.MustParseIPPrefix("1.2.0.0/16"))
 	ipSet, _ := sb.IPSet()
 	tun.SetFilter(filter.New(matches, ipSet, ipSet, nil, logf))
@@ -454,28 +455,28 @@ func TestPeerAPIBypass(t *testing.T) {
 		{
 			name:   "reject_with_filter",
 			w:      &Wrapper{},
-			filter: filter.NewAllowNone(logger.Discard, new(netaddr.IPSet)),
+			filter: filter.NewAllowNone(logger.Discard, new(netipx.IPSet)),
 			pkt:    tcp4syn("1.2.3.4", "100.64.1.2", 1234, 60000),
 			want:   filter.Drop,
 		},
 		{
 			name:   "peerapi_bypass_filter",
 			w:      wrapperWithPeerAPI,
-			filter: filter.NewAllowNone(logger.Discard, new(netaddr.IPSet)),
+			filter: filter.NewAllowNone(logger.Discard, new(netipx.IPSet)),
 			pkt:    tcp4syn("1.2.3.4", "100.64.1.2", 1234, 60000),
 			want:   filter.Accept,
 		},
 		{
 			name:   "peerapi_dont_bypass_filter_wrong_port",
 			w:      wrapperWithPeerAPI,
-			filter: filter.NewAllowNone(logger.Discard, new(netaddr.IPSet)),
+			filter: filter.NewAllowNone(logger.Discard, new(netipx.IPSet)),
 			pkt:    tcp4syn("1.2.3.4", "100.64.1.2", 1234, 60001),
 			want:   filter.Drop,
 		},
 		{
 			name:   "peerapi_dont_bypass_filter_wrong_dst_ip",
 			w:      wrapperWithPeerAPI,
-			filter: filter.NewAllowNone(logger.Discard, new(netaddr.IPSet)),
+			filter: filter.NewAllowNone(logger.Discard, new(netipx.IPSet)),
 			pkt:    tcp4syn("1.2.3.4", "100.64.1.3", 1234, 60000),
 			want:   filter.Drop,
 		},