TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-01-09 09:33:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

wgengine/router: don't attempt route cleanup on Synology

Browse Source 
Trying to run iptables/nftables on Synology pauses for minutes with
lots of errors and ultimately does nothing as it's not used and we
lack permissions.

This fixes a regression from db760d0bacd351a77f4 (#11601) that landed
between Synology testing on unstable 1.63.110 and 1.64.0 being cut.

Fixes #11737

Change-Id: Iaf9563363b8e45319a9b6fe94c8d5ffaecc9ccef
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
(cherry picked from commit 952e06aa46b66ec02274a2dc3c3b4d5f1ec988a9)
This commit is contained in:
Brad Fitzpatrick 2024-04-15 08:55:17 -07:00
parent 78dc8622d7
commit ab4f9d2514
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
wgengine/router/router_linux.go
View File

@ -469,7 +469,7 @@ func (r *linuxRouter) UpdateMagicsockPort(port uint16, network string) error {
// reflect the new mode, and r.snatSubnetRoutes is updated to reflect // reflect the new mode, and r.snatSubnetRoutes is updated to reflect
// the current state of subnet SNATing. // the current state of subnet SNATing.
func (r *linuxRouter) setNetfilterMode(mode preftype.NetfilterMode) error { func (r *linuxRouter) setNetfilterMode(mode preftype.NetfilterMode) error {
if distro.Get() == distro.Synology { if !platformCanNetfilter() {
mode = netfilterOff mode = netfilterOff
} }
@ -1396,11 +1396,26 @@ func normalizeCIDR(cidr netip.Prefix) string {
return cidr.Masked().String() return cidr.Masked().String()
} }
// platformCanNetfilter reports whether the current distro/environment supports
// running iptables/nftables commands.
func platformCanNetfilter() bool {
switch distro.Get() {
case distro.Synology:
// Synology doesn't support iptables or nftables. Attempting to run it
// just blocks for a long time while it logs about failures.
//
// See https://github.com/tailscale/tailscale/issues/11737 for one such
// prior regression where we tried to run iptables on Synology.
return false
}
return true
}
// cleanUp removes all the rules and routes that were added by the linux router. // cleanUp removes all the rules and routes that were added by the linux router.
// The function calls cleanUp for both iptables and nftables since which ever // The function calls cleanUp for both iptables and nftables since which ever
// netfilter runner is used, the cleanUp function for the other one doesn't do anything. // netfilter runner is used, the cleanUp function for the other one doesn't do anything.
func cleanUp(logf logger.Logf, interfaceName string) { func cleanUp(logf logger.Logf, interfaceName string) {
if interfaceName != "userspace-networking" { if interfaceName != "userspace-networking" && platformCanNetfilter() {
linuxfw.IPTablesCleanUp(logf) linuxfw.IPTablesCleanUp(logf)
linuxfw.NfTablesCleanUp(logf) linuxfw.NfTablesCleanUp(logf)
} }