From 91d28e71555bfffc90a21074493b79fcf2477346 Mon Sep 17 00:00:00 2001 From: Andrew Dunham Date: Mon, 19 Sep 2022 10:57:36 -0400 Subject: [PATCH] wgengine/router: handle DisableIPv4 in Linux router --- wgengine/router/router_linux.go | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/wgengine/router/router_linux.go b/wgengine/router/router_linux.go index b67d4ddc1..4a81d6461 100644 --- a/wgengine/router/router_linux.go +++ b/wgengine/router/router_linux.go @@ -112,6 +112,7 @@ type linuxRouter struct { v6Available bool v6NATAvailable bool fwmaskWorks bool // whether we can use 'ip rule...fwmark /' + hasV4Prefix bool // false when 'DisableIPv4' is set on the tailnet // ipPolicyPrefBase is the base priority at which ip rules are installed. ipPolicyPrefBase int @@ -418,6 +419,26 @@ func (r *linuxRouter) Set(cfg *Config) error { cfg = &shutdownConfig } + // Because the tailnet may have IPv4 disabled, check if we have any v4 + // prefixes from addresses, routes, or local routes. + r.hasV4Prefix = false + findV4 := func(arr []netip.Prefix) { + // Skip useless loop if we've already found a v4 prefix + if r.hasV4Prefix { + return + } + for _, pref := range arr { + if pref.Addr().Is4() { + r.hasV4Prefix = true + return + } + } + } + findV4(cfg.LocalAddrs) + findV4(cfg.Routes) + findV4(cfg.LocalRoutes) + findV4(cfg.SubnetRoutes) + if err := r.setNetfilterMode(cfg.NetfilterMode); err != nil { errs = append(errs, err) }