tailcfg: Add FirewallMode to NetInfo to record wether host using iptables or nftables

To record wether user is using iptables or nftables after we add support to nftables on linux, we are adding a field FirewallMode to NetInfo in HostInfo to reflect what firewall mode the host is running, and form metrics. The information is gained from a global constant in hostinfo.go. We set it when selection heuristic made the decision, and magicsock reports this to control. Updates: tailscale/corp#13943 Signed-off-by: KevinLiang10 <kevinliang@tailscale.com>
2025-08-11 13:18:53 +00:00 · 2023-08-15 21:52:04 +00:00
parent 95d776bd8c
commit 7ed3681cbe
7 changed files with 33 additions and 3 deletions
--- a/hostinfo/hostinfo.go
+++ b/hostinfo/hostinfo.go
@@ -171,6 +171,7 @@ var (
 	desktopAtomic         atomic.Value // of opt.Bool
 	packagingType         atomic.Value // of string
 	appType               atomic.Value // of string
+	firewallMode          atomic.Value // of string
 )

 // SetPushDeviceToken sets the device token for use in Hostinfo updates.
@@ -182,6 +183,9 @@ func SetDeviceModel(model string) { deviceModelAtomic.Store(model) }
 // SetOSVersion sets the OS version.
 func SetOSVersion(v string) { osVersionAtomic.Store(v) }

+// SetFirewallMode sets the firewall mode for the app.
+func SetFirewallMode(v string) { firewallMode.Store(v) }
+
 // SetPackage sets the packaging type for the app.
 //
 // As of 2022-03-25, this is used by Android ("nogoogle" for the
@@ -203,6 +207,13 @@ func pushDeviceToken() string {
 	return s
 }

+// FirewallMode returns the firewall mode for the app.
+// It is empty if unset.
+func FirewallMode() string {
+	s, _ := firewallMode.Load().(string)
+	return s
+}
+
 func desktop() (ret opt.Bool) {
 	if runtime.GOOS != "linux" {
 		return opt.Bool("")