TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-04-22 08:51:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

net/tstun: redo tstun as drop only

Browse Source 
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
This commit is contained in:
Kristoffer Dalby 2024-08-15 13:50:19 +02:00
parent 3e9eaa293a
commit 92567a7bfa
No known key found for this signature in database
1 changed files with 26 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
net/tstun/wrap.go
View File

@ -863,6 +863,9 @@ func (t *Wrapper) filterPacketOutboundToWireGuard(p *packet.Parsed, pc *peerConf
if filt.RunOut(p, t.filterFlags) != filter.Accept { if filt.RunOut(p, t.filterFlags) != filter.Accept {
metricPacketOutDropFilter.Add(1) metricPacketOutDropFilter.Add(1)
metricOutboundDroppedPacketsTotal.Add(dropPacketLabel{
Reason: DropReasonACL,
}, 1)
return filter.Drop return filter.Drop
} }
@ -924,8 +927,8 @@ func (t *Wrapper) Read(buffs [][]byte, sizes []int, offset int) (int, error) {
if !t.disableFilter { if !t.disableFilter {
response := t.filterPacketOutboundToWireGuard(p, pc) response := t.filterPacketOutboundToWireGuard(p, pc)
if response != filter.Accept { if response != filter.Accept {
metricOutboundPacketsTotal.Add(trafficLabel{ metricOutboundDroppedPacketsTotal.Add(dropPacketLabel{
Action: TrafficActionDropACL, Reason: DropReasonError,
}, 1) }, 1)
metricPacketOutDrop.Add(1) metricPacketOutDrop.Add(1)
continue continue
@ -954,10 +957,6 @@ func (t *Wrapper) Read(buffs [][]byte, sizes []int, offset int) (int, error) {
t.sendBufferConsumed() t.sendBufferConsumed()
} }
metricOutboundPacketsTotal.Add(trafficLabel{
Action: TrafficActionAccept,
}, int64(len(res.data)))
t.noteActivity() t.noteActivity()
return buffsPos, res.err return buffsPos, res.err
} }
@ -1134,6 +1133,9 @@ func (t *Wrapper) filterPacketInboundFromWireGuard(p *packet.Parsed, captHook ca
if outcome != filter.Accept { if outcome != filter.Accept {
metricPacketInDropFilter.Add(1) metricPacketInDropFilter.Add(1)
metricInboundDroppedPacketsTotal.Add(dropPacketLabel{
Reason: DropReasonACL,
}, 1)
// Tell them, via TSMP, we're dropping them due to the ACL. // Tell them, via TSMP, we're dropping them due to the ACL.
// Their host networking stack can translate this into ICMP // Their host networking stack can translate this into ICMP
@ -1184,8 +1186,8 @@ func (t *Wrapper) Write(buffs [][]byte, offset int) (int, error) {
if !t.disableFilter { if !t.disableFilter {
if t.filterPacketInboundFromWireGuard(p, captHook, pc) != filter.Accept { if t.filterPacketInboundFromWireGuard(p, captHook, pc) != filter.Accept {
metricPacketInDrop.Add(1) metricPacketInDrop.Add(1)
metricInboundPacketsTotal.Add(trafficLabel{ metricInboundDroppedPacketsTotal.Add(dropPacketLabel{
Action: TrafficActionDropACL, Reason: DropReasonError,
}, 1) }, 1)
} else { } else {
buffs[i] = buff buffs[i] = buff
@ -1205,12 +1207,8 @@ func (t *Wrapper) Write(buffs [][]byte, offset int) (int, error) {
t.noteActivity() t.noteActivity()
_, err := t.tdevWrite(buffs, offset) _, err := t.tdevWrite(buffs, offset)
if err != nil { if err != nil {
metricInboundPacketsTotal.Add(trafficLabel{ metricInboundDroppedPacketsTotal.Add(dropPacketLabel{
Action: TrafficActionDropError, Reason: DropReasonError,
}, int64(len(buffs)))
} else {
metricInboundPacketsTotal.Add(trafficLabel{
Action: TrafficActionAccept,
}, int64(len(buffs))) }, int64(len(buffs)))
} }
return len(buffs), err return len(buffs), err
@ -1415,34 +1413,30 @@ var (
metricPacketOutDropSelfDisco = clientmetric.NewCounter("tstun_out_to_wg_drop_self_disco") metricPacketOutDropSelfDisco = clientmetric.NewCounter("tstun_out_to_wg_drop_self_disco")
) )
type TrafficAction string type DropReason string
const ( const (
TrafficActionAccept TrafficAction = "accept" DropReasonACL DropReason = "acl"
TrafficActionDropACL TrafficAction = "drop_acl" DropReasonError DropReason = "error"
TrafficActionDropError TrafficAction = "drop_error"
TrafficActionDropDst TrafficAction = "drop_dst_unknown"
) )
type trafficLabel struct { type dropPacketLabel struct {
// Action indicates what we have done with the packet, and has the following wvalues: // Reason indicates what we have done with the packet, and has the following values:
// - accept // - acl (rejected packets because of ACL)
// - drop_acl (rejected packets because of ACL) // - error (rejected packets because of an error)
// - drop_error (rejected packets because of an error) Reason DropReason
// - drop_dst_unknown
Action TrafficAction
} }
var ( var (
metricInboundPacketsTotal = usermetric.NewMultiLabelMap[trafficLabel]( metricInboundDroppedPacketsTotal = usermetric.NewMultiLabelMap[dropPacketLabel](
"tailscaled_inbound_packets_total", "tailscaled_inbound_dropped_packets_total",
"counter", "counter",
"Counts the number of packets received by the node from other peers", "Counts the number of dropped packets received by the node from other peers",
) )
metricOutboundPacketsTotal = usermetric.NewMultiLabelMap[trafficLabel]( metricOutboundDroppedPacketsTotal = usermetric.NewMultiLabelMap[dropPacketLabel](
"tailscaled_outbound_packets_total", "tailscaled_outbound_dropped_packets_total",
"counter", "counter",
"Counts the number of packets sent by the node to other peers", "Counts the number of dropped packets sent by the node to other peers",
) )
) )