TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2024-11-29 04:55:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

net/tstun: use /10 as subnet for TAP mode; read IP from netmap
Some checks failed
checklocks / checklocks (push) Waiting to run
Details
CodeQL / Analyze (go) (push) Waiting to run
Details
Dockerfile build / deploy (push) Waiting to run
Details
CI / privileged (push) Waiting to run
Details
CI / vm (push) Waiting to run
Details
CI / race-build (push) Waiting to run
Details
CI / race-root-integration (1/4) (push) Waiting to run
Details
CI / race-root-integration (2/4) (push) Waiting to run
Details
CI / race-root-integration (3/4) (push) Waiting to run
Details
CI / race-root-integration (4/4) (push) Waiting to run
Details
CI / test (-coverprofile=/tmp/coverage.out, amd64) (push) Waiting to run
Details
CI / windows (push) Waiting to run
Details
CI / test (-race, amd64, 1/3) (push) Waiting to run
Details
CI / test (-race, amd64, 2/3) (push) Waiting to run
Details
CI / test (-race, amd64, 3/3) (push) Waiting to run
Details
CI / test (386) (push) Waiting to run
Details
CI / cross (386, linux) (push) Waiting to run
Details
CI / cross (amd64, darwin) (push) Waiting to run
Details
CI / cross (amd64, freebsd) (push) Waiting to run
Details
CI / cross (amd64, openbsd) (push) Waiting to run
Details
CI / cross (amd64, windows) (push) Waiting to run
Details
CI / cross (arm, 5, linux) (push) Waiting to run
Details
CI / cross (arm, 7, linux) (push) Waiting to run
Details
CI / cross (arm64, darwin) (push) Waiting to run
Details
CI / cross (arm64, linux) (push) Waiting to run
Details
CI / cross (arm64, windows) (push) Waiting to run
Details
CI / cross (loong64, linux) (push) Waiting to run
Details
CI / ios (push) Waiting to run
Details
CI / crossmin (amd64, plan9) (push) Waiting to run
Details
CI / go_generate (push) Waiting to run
Details
CI / crossmin (ppc64, aix) (push) Waiting to run
Details
CI / android (push) Waiting to run
Details
CI / wasm (push) Waiting to run
Details
CI / tailscale_go (push) Waiting to run
Details
CI / fuzz (push) Waiting to run
Details
CI / depaware (push) Waiting to run
Details
CI / go_mod_tidy (push) Waiting to run
Details
CI / licenses (push) Waiting to run
Details
CI / staticcheck (386, windows) (push) Waiting to run
Details
CI / staticcheck (amd64, darwin) (push) Waiting to run
Details
CI / staticcheck (amd64, linux) (push) Waiting to run
Details
CI / staticcheck (amd64, windows) (push) Waiting to run
Details
CI / notify_slack (push) Blocked by required conditions
Details
CI / check_mergeability (push) Blocked by required conditions
Details
test installer.sh / test (curl apt-transport-https, ubuntu:16.04) (push) Has been cancelled
Details
test installer.sh / test (curl, alpine:3.14) (push) Has been cancelled
Details
test installer.sh / test (curl, alpine:edge) (push) Has been cancelled
Details
test installer.sh / test (curl, alpine:latest) (push) Has been cancelled
Details
test installer.sh / test (curl, amazonlinux:latest) (push) Has been cancelled
Details
test installer.sh / test (curl, archlinux:latest) (push) Has been cancelled
Details
test installer.sh / test (curl, debian:oldstable-slim) (push) Has been cancelled
Details
test installer.sh / test (curl, debian:sid-slim) (push) Has been cancelled
Details
test installer.sh / test (curl, debian:stable-slim) (push) Has been cancelled
Details
test installer.sh / test (curl, debian:testing-slim) (push) Has been cancelled
Details
test installer.sh / test (curl, elementary/docker:stable) (push) Has been cancelled
Details
test installer.sh / test (curl, elementary/docker:unstable) (push) Has been cancelled
Details
test installer.sh / test (curl, fedora:latest) (push) Has been cancelled
Details
test installer.sh / test (curl, kalilinux/kali-dev) (push) Has been cancelled
Details
test installer.sh / test (curl, kalilinux/kali-rolling) (push) Has been cancelled
Details
test installer.sh / test (curl, opensuse/leap:latest) (push) Has been cancelled
Details
test installer.sh / test (curl, opensuse/tumbleweed:latest) (push) Has been cancelled
Details
test installer.sh / test (curl, oraclelinux:8) (push) Has been cancelled
Details
test installer.sh / test (curl, oraclelinux:9) (push) Has been cancelled
Details
test installer.sh / test (curl, parrotsec/core:latest) (push) Has been cancelled
Details
test installer.sh / test (curl, parrotsec/core:lts-amd64) (push) Has been cancelled
Details
test installer.sh / test (curl, rockylinux:8.7) (push) Has been cancelled
Details
test installer.sh / test (curl, rockylinux:9) (push) Has been cancelled
Details
test installer.sh / test (curl, ubuntu:18.04) (push) Has been cancelled
Details
test installer.sh / test (curl, ubuntu:20.04) (push) Has been cancelled
Details
test installer.sh / test (curl, ubuntu:22.04) (push) Has been cancelled
Details
test installer.sh / test (curl, ubuntu:23.04) (push) Has been cancelled
Details
test installer.sh / test (wget apt-transport-https, ubuntu:16.04) (push) Has been cancelled
Details
test installer.sh / test (wget, debian:oldstable-slim) (push) Has been cancelled
Details
test installer.sh / test (wget, debian:sid-slim) (push) Has been cancelled
Details
test installer.sh / test (wget, ubuntu:23.04) (push) Has been cancelled
Details

Browse Source 
Few changes to resolve TODOs in the code:
- Instead of using a hardcoded IP, get it from the netmap.
- Use 100.100.100.100 as the gateway IP
- Use the /10 CGNAT range instead of a random /24

Updates #2589

Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
Maisem Ali 2024-10-21 17:00:41 -07:00 committed by Maisem Ali
parent d4d21a0bbf
commit 85241f8408
2 changed files with 54 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
net/tstun/tap_linux.go
View File

@ -25,6 +25,7 @@
"gvisor.dev/gvisor/pkg/tcpip/transport/udp" "gvisor.dev/gvisor/pkg/tcpip/transport/udp"
"tailscale.com/net/netaddr" "tailscale.com/net/netaddr"
"tailscale.com/net/packet" "tailscale.com/net/packet"
"tailscale.com/net/tsaddr"
"tailscale.com/syncs" "tailscale.com/syncs"
"tailscale.com/types/ipproto" "tailscale.com/types/ipproto"
"tailscale.com/types/logger" "tailscale.com/types/logger"
@ -158,7 +159,7 @@ func (t *tapDevice) handleTAPFrame(ethBuf []byte) bool {
// If the client's asking about their own IP, tell them it's // If the client's asking about their own IP, tell them it's
// their own MAC. TODO(bradfitz): remove String allocs. // their own MAC. TODO(bradfitz): remove String allocs.
if net.IP(req.ProtocolAddressTarget()).String() == theClientIP { if net.IP(req.ProtocolAddressTarget()).String() == t.clientIPv4.Load() {
copy(res.HardwareAddressSender(), ethSrcMAC) copy(res.HardwareAddressSender(), ethSrcMAC)
} else { } else {
copy(res.HardwareAddressSender(), ourMAC[:]) copy(res.HardwareAddressSender(), ourMAC[:])
@ -178,9 +179,12 @@ func (t *tapDevice) handleTAPFrame(ethBuf []byte) bool {
} }
} }
// TODO(bradfitz): remove these hard-coded values and move from a /24 to a /10 CGNAT as the range. var (
const theClientIP = "100.70.145.3" // TODO: make dynamic from netmap // routerIP is the IP address of the DHCP server.
const routerIP = "100.70.145.1" // must be in same netmask (currently hack at /24) as theClientIP routerIP = net.ParseIP(tsaddr.TailscaleServiceIPString)
// cgnatNetMask is the netmask of the 100.64.0.0/10 CGNAT range.
cgnatNetMask = net.IPMask(net.ParseIP("255.192.0.0").To4())
)
// handleDHCPRequest handles receiving a raw TAP ethernet frame and reports whether // handleDHCPRequest handles receiving a raw TAP ethernet frame and reports whether
// it's been handled as a DHCP request. That is, it reports whether the frame should // it's been handled as a DHCP request. That is, it reports whether the frame should
@ -228,17 +232,22 @@ func (t *tapDevice) handleDHCPRequest(ethBuf []byte) bool {
} }
switch dp.MessageType() { switch dp.MessageType() {
case dhcpv4.MessageTypeDiscover: case dhcpv4.MessageTypeDiscover:
ips := t.clientIPv4.Load()
if ips == "" {
t.logf("tap: DHCP no client IP")
return consumePacket
}
offer, err := dhcpv4.New( offer, err := dhcpv4.New(
dhcpv4.WithReply(dp), dhcpv4.WithReply(dp),
dhcpv4.WithMessageType(dhcpv4.MessageTypeOffer), dhcpv4.WithMessageType(dhcpv4.MessageTypeOffer),
dhcpv4.WithRouter(net.ParseIP(routerIP)), // the default route dhcpv4.WithRouter(routerIP), // the default route
dhcpv4.WithDNS(net.ParseIP("100.100.100.100")), dhcpv4.WithDNS(routerIP),
dhcpv4.WithServerIP(net.ParseIP("100.100.100.100")), // TODO: what is this? dhcpv4.WithServerIP(routerIP), // TODO: what is this?
dhcpv4.WithOption(dhcpv4.OptServerIdentifier(net.ParseIP("100.100.100.100"))), dhcpv4.WithOption(dhcpv4.OptServerIdentifier(routerIP)),
dhcpv4.WithYourIP(net.ParseIP(theClientIP)), dhcpv4.WithYourIP(net.ParseIP(ips)),
dhcpv4.WithLeaseTime(3600), // hour works dhcpv4.WithLeaseTime(3600), // hour works
//dhcpv4.WithHwAddr(ethSrcMAC), //dhcpv4.WithHwAddr(ethSrcMAC),
dhcpv4.WithNetmask(net.IPMask(net.ParseIP("255.255.255.0").To4())), // TODO: wrong dhcpv4.WithNetmask(cgnatNetMask),
//dhcpv4.WithTransactionID(dp.TransactionID), //dhcpv4.WithTransactionID(dp.TransactionID),
) )
if err != nil { if err != nil {
@ -258,16 +267,21 @@ func (t *tapDevice) handleDHCPRequest(ethBuf []byte) bool {
t.logf("tap: wrote DHCP OFFER %v, %v", n, err) t.logf("tap: wrote DHCP OFFER %v, %v", n, err)
} }
case dhcpv4.MessageTypeRequest: case dhcpv4.MessageTypeRequest:
ips := t.clientIPv4.Load()
if ips == "" {
t.logf("tap: DHCP no client IP")
return consumePacket
}
ack, err := dhcpv4.New( ack, err := dhcpv4.New(
dhcpv4.WithReply(dp), dhcpv4.WithReply(dp),
dhcpv4.WithMessageType(dhcpv4.MessageTypeAck), dhcpv4.WithMessageType(dhcpv4.MessageTypeAck),
dhcpv4.WithDNS(net.ParseIP("100.100.100.100")), dhcpv4.WithDNS(routerIP),
dhcpv4.WithRouter(net.ParseIP(routerIP)), // the default route dhcpv4.WithRouter(routerIP), // the default route
dhcpv4.WithServerIP(net.ParseIP("100.100.100.100")), // TODO: what is this? dhcpv4.WithServerIP(routerIP), // TODO: what is this?
dhcpv4.WithOption(dhcpv4.OptServerIdentifier(net.ParseIP("100.100.100.100"))), dhcpv4.WithOption(dhcpv4.OptServerIdentifier(routerIP)),
dhcpv4.WithYourIP(net.ParseIP(theClientIP)), // Hello world dhcpv4.WithYourIP(net.ParseIP(ips)), // Hello world
dhcpv4.WithLeaseTime(3600), // hour works dhcpv4.WithLeaseTime(3600), // hour works
dhcpv4.WithNetmask(net.IPMask(net.ParseIP("255.255.255.0").To4())), dhcpv4.WithNetmask(cgnatNetMask),
) )
if err != nil { if err != nil {
t.logf("error building DHCP ack: %v", err) t.logf("error building DHCP ack: %v", err)
@ -373,10 +387,18 @@ type tapDevice struct {
events chan tun.Event events chan tun.Event
name string name string
closeOnce sync.Once closeOnce sync.Once
clientIPv4 syncs.AtomicValue[string]
destMACAtomic syncs.AtomicValue[[6]byte] destMACAtomic syncs.AtomicValue[[6]byte]
} }
var _ setIPer = (*tapDevice)(nil)
func (t *tapDevice) SetIP(ipV4, ipV6TODO netip.Addr) error {
t.clientIPv4.Store(ipV4.String())
return nil
}
func (t *tapDevice) File() *os.File { func (t *tapDevice) File() *os.File {
return t.file return t.file
} }

11
net/tstun/wrap.go
View File

@ -802,10 +802,19 @@ func (pc *peerConfigTable) outboundPacketIsJailed(p *packet.Parsed) bool {
return c.jailed return c.jailed
} }
type setIPer interface {
// SetIP sets the IP addresses of the TAP device.
SetIP(ipV4, ipV6 netip.Addr) error
}
// SetWGConfig is called when a new NetworkMap is received. // SetWGConfig is called when a new NetworkMap is received.
func (t *Wrapper) SetWGConfig(wcfg *wgcfg.Config) { func (t *Wrapper) SetWGConfig(wcfg *wgcfg.Config) {
if t.isTAP {
if sip, ok := t.tdev.(setIPer); ok {
sip.SetIP(findV4(wcfg.Addresses), findV6(wcfg.Addresses))
}
}
cfg := peerConfigTableFromWGConfig(wcfg) cfg := peerConfigTableFromWGConfig(wcfg)
old := t.peerConfig.Swap(cfg) old := t.peerConfig.Swap(cfg)
if !reflect.DeepEqual(old, cfg) { if !reflect.DeepEqual(old, cfg) {
t.logf("peer config: %v", cfg) t.logf("peer config: %v", cfg)