TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-11 13:18:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

tailcfg, ipn/ipnlocal, wgengine/magicsock: add only-tcp-443 node attr

Browse Source 
Updates tailscale/corp#17879

Change-Id: I0dc305d147b76c409cf729b599a94fa723aef0e0
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick
2024-03-22 14:18:04 -07:00
committed by Brad Fitzpatrick
parent 7b34154df2
commit a36cfb4d3d
5 changed files with 42 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
wgengine/magicsock/derp.go
View File

@@ -729,6 +729,13 @@ func (c *Conn) processDERPReadResult(dm derpReadResult, b []byte) (n int, ep *en
return n, ep
}
// SetOnlyTCP443 set whether the magicsock connection is restricted
// to only using TCP port 443 outbound. If true, no UDP is allowed,
// no STUN checks are performend, etc.
func (c *Conn) SetOnlyTCP443(v bool) {
c.onlyTCP443.Store(v)
}
// SetDERPMap controls which (if any) DERP servers are used.
// A nil value means to disable DERP; it's disabled by default.
func (c *Conn) SetDERPMap(dm *tailcfg.DERPMap) {

10
wgengine/magicsock/magicsock.go
View File

@@ -198,6 +198,8 @@ type Conn struct {
mu sync.Mutex
muCond *sync.Cond
onlyTCP443 atomic.Bool
closed bool // Close was called
closing atomic.Bool // Close is in progress (or done)
@@ -444,7 +446,10 @@ func NewConn(opts Options) (*Conn, error) {
c.idleFunc = opts.IdleFunc
c.testOnlyPacketListener = opts.TestOnlyPacketListener
c.noteRecvActivity = opts.NoteRecvActivity
c.portMapper = portmapper.NewClient(logger.WithPrefix(c.logf, "portmapper: "), opts.NetMon, nil, opts.ControlKnobs, c.onPortMapChanged)
portMapOpts := &portmapper.DebugKnobs{
DisableAll: func() bool { return c.onlyTCP443.Load() },
}
c.portMapper = portmapper.NewClient(logger.WithPrefix(c.logf, "portmapper: "), opts.NetMon, portMapOpts, opts.ControlKnobs, c.onPortMapChanged)
if opts.NetMon != nil {
c.portMapper.SetGatewayLookupFunc(opts.NetMon.GatewayAndSelfIP)
}
@@ -1067,6 +1072,9 @@ func (c *Conn) sendUDP(ipp netip.AddrPort, b []byte) (sent bool, err error) {
// sendUDP sends UDP packet b to addr.
// See sendAddr's docs on the return value meanings.
func (c *Conn) sendUDPStd(addr netip.AddrPort, b []byte) (sent bool, err error) {
if c.onlyTCP443.Load() {
return false, nil
}
switch {
case addr.Addr().Is4():
_, err = c.pconn4.WriteToUDPAddrPort(b, addr)